>> Live from San Francisco, it's theCUBE, covering RSA Conference 2019. Brought to you by Forescout. >> Hey, welcome back everybody, Jeff Frick here with theCUBE, we're at the RSA Conference in downtown San Francisco, it's crazy, 40,000 plus people, we'll get the number later today. We're in the Forescout booth for our first time, we're really excited to be here, and, you know, part of the whole Forescout story is the convergence of IT and OT, operations technology, and those things are coming together, which is such a critical piece of smart things, and smart cities, and smart cars. We're excited to have our next guest, Elisa Costante, on. She is the OT technology and innovation lead at Forescout. Elisa, great to see you. >> Great to see you, thank for having me. >> Absolutely. So you've got a PhD in this space, you picked a field that is pretty hot, so as you think back and look at the convergence of OT and IT, what are some of the top-level things that people are thinking about, but what are some of the top-level things that they're just missing? >> Well, when you speak about OT, typically you refer to critical infrastructure and the technology that operates things. So it's cyber-physical systems, right? And when you think of IT, you think about computer and you think about the web, and you're like, okay, when the two things meet? And then you put in the recipe, you put something like an IoT device, like an IP camera, or a sensor for the number of people in a room. Now these whole things are coming together. And they're coming together because they come with a lot of interesting use cases. You can have all the data and information to configure, for instance, your building, to be as smart as possible, and to have. >> They need smart wheels on that cart, my goodness. >> Of course. And you have a clear picture of how much energy you consume and then you can basically have the energy that is cheaper, because it just arrives in the moment that you need it. Now all of these things are IT and OT convergence. And all of these things make our cities and our world smarter today. >> Right, now one of the interesting things I saw in a talk getting ready for this is, you talked about, there's always been a lot of OT systems, they've been around for a while, >> Yeah. >> But they've always been siloed, you know, they haven't been connected to other OT systems and much less being connected to IT systems. >> Yeah >> So they weren't architected for that from the first point of view. So how does that get implemented? Are they re-architecting 'em? Are you guys overlaying a different kind of control plane? How do you take these siloed applications around, say, elevator operation, and then integrate it in with all these other things? >> So what happens is that those systems are legacy systems. That's why. There are like, 60% of the modern buildings, of the buildings today, they have, they are controlled and managed by system that are 20 years old. So what does it mean? That you make an investment and you don't want to change that investment. You are not going to renew all the backbones of your buildings, or of your manufacturing and operation factories. So what do you do on top of these legacy system that have been developed without security in mind, you put the IT systems, to monitor, to control, to have remote access and remote control. And this is where, like, things can go wrong, because if this is not done properly, and by having in mind, for instance, the threat landscape, that's where you will have the controller for your HVAC exposed to the internet, and can pull down all the air conditioning in a hospital, for instance. And that's why WannaCry can come and heat and put down tons and tons of hospitals. >> Right. It's pretty interesting, you know, I think it's a pretty common concept in security for people that you should only have access, you know, to the information you need around a particular project or particular dataset. But you talked about, in some of your other talks that I saw, about a lot of these devices come out of the box with all kinds of capabilities, right? 'Cause they're built for kind of the Nth degree, the maximum use, but there may be a whole bunch of stuff that's turned on out of the box that you probably need to turn off. >> Yeah, that's actually super interesting. If you look at IP cameras, now IP cameras, they should do one thing, record stuff that they see on the screen. But actually they come with a bunch of protocols indeed, like FTPs, Samba protocols, SSDP, that announce the camera on the network, and reveal a lot of information about those camera on the network that if RPCed by an attacker or by someone with not-good intentions, might actually be leveraged to turn the camera against the owner of the camera itself. >> Right, right. And do weird things that the camera should not. And that's really part of what the Forescout solution is, is making sure that the devices are profiled and acting in the way that they're supposed to act. And not doing stuff that they shouldn't be doing. >> Yeah, Forescout is a leader in device visibility. So what we do is we enter into a network, and we give full visibility of all the IP devices that are there, and that's most of the times is a wow effect, like, the asset owner has no ideas that they had a camera that was directly connected to the internet. Or they'd have a thermostat that communicates with the servers. So all of these things, we bring basically light on the dark sides of the network. >> Right. So excited to talk to you 'cause I think the smart cities and smart buildings is such an interesting concept and going to be so important as we get denser populations and smaller areas that connected to transportation. I wonder if you could share some examples that you see out in the field where the ROI on putting these things in, the good part, is way higher than maybe people expect. That because you're combining, you know, a one plus one equals three kind of an opportunity. >> Right, so actually, one example of a very useful and smart use case is, is happening in Amsterdam right now. The Bijlmer Arena, is basically all the walls are made of solar panels, which means it gets the energy and is able to basically self-sustain the arena. The arena is one of the biggest stadiums in the Netherlands. >> Ajax plays there probably? >> Exactly. >> Alright. >> Now what they do if they have collected more energy than they are able to consume, they provide that same energy to the neighbors. Which means that you have basically a small ecosystem that thanks to the collection of data, knowing what neighbor needs how much light and energy in a certain time, you can actually even improve sustainability and going green initiatives. >> I love the innovation that comes out of the Netherlands. We interviewed a company a long time ago, and they were basically doing segmented data centers, where you would have a piece of the data center in your house and they were selling it as free heating. And I'm like, is it free heating, or is it distributed data center? But I mean, the creativity is terrific. So as you look forward, you know, what are you excited about in 2019? What are some of your top initiatives that you're working on? >> So we are working on a lot of IT and OT convergence, and especially on the IoT part. So we are looking at all those tiny devices that you would not expect to be on your network, and what they can do, and how these old systems that have been conceived to be standalone are now starting to communicate, and what kind of threats this communication can bring, and what we can do to actually defend our customers from the threats that can be arised. >> Going to be a good year. Excited to watch the developments unfold. >> Yeah, thanks. >> All right Elisa, thanks for taking a few minutes of your day, I know you said you had early meetings, you're calling Europe, calling all over the world, so thanks for taking a few. >> Thank you for having me. >> All right, she's Elisa, I'm Jeff, you're watching theCUBE. We're at RSA Conference, RSAC is the hashtag, in the Forescout booth. I'm Jeff Frick, thanks for watching. >> Thank you. (upbeat music)

>> Live from San Francisco. It's the Cube covering artists. A conference twenty nineteen brought to you by for scout. >> Hey, welcome back already, Geoffrey here with the Cube were in downtown San Francisco at the brand new Open. I think it's finally complete. Mosconi Center for our conference. Twenty nineteen were really excited this year. For the first time ever in the four Scout booth, we've been coming to our say for a long time. We had Mike on last last year by Caesar. President Seo >> for scout. I appreciate you having me >> because we had the last year and you're so nice. You You invited us to the way we must both done something right? Absolutely it Also, before we get too far into it, Congratulations. Doing some homework. The stock is going well. You're making acquisitions, You said it's the anniversary of going out in public. So things are things are looking good for Four. Scout >> things have been good. We've been public company now for four quarters. We've beaten, raised on every metric we had out there. So we're feeling good about >> life. So I don't think the security threats are going down. I don't think you're Tamas is shrinking by any stretch of the imagination. Definitely >> does not feel like the threat landscape is getting less challenging these days, right? I mean, when you look at all the geopolitical stuff going on between the US and China and Russia, that that usually spills into the cybersecurity world and kind of makes things a little bit more tense, >> right? So the crazy talk and all confidence now is machine learning an a I and obviously one of the big themes that came up, we had a great interview. A googol is you just can't hire enough professionals regardless of the field, especially in this one to take care of everything So automation, really key. Hey, I really key. But the same time the bad guys have access to many of the same tools so that you're in the middle of this arm raise. How are you? You kind of taken a strategic view of machine learning an A I in this world. >> So what's amazing about cyber security in two thousand nineteen is the fact that the pace of innovation is exploding at an unprecedented rate, Right? I mean, we're bringing Maur devices online every quarter now, then the first ten years of the Internet combined. So the pace of adoption of new technologies is really what is driving the need for machine learning and a I a human being. Historically, in the cybersecurity world, most corporations approach was, I'm gonna have a whole bunch of different cyber products. They all have their own dashboards. I'm going to build this thing called a cyber Operations Center of Sock. That is going to be the input of all those. But a human being is going to be involved in a lot of the research and prioritization of attacks. And I think just the volume and sophistication of the breaches these days and attacks is making those same companies turn towards automation. You have to be willing to let your cyber security products take action on their own and machine learning in a I play a very large roll back. >> Yeah, it's really interesting because there's very few instances where the eye in the M L actually generate an action. Oftentimes will generate a flag, though they'll bring in a human to try to make one of the final analysis. But it's not, not often that way, actually give them the power to do something. Is that changing? Do you see that changing are people more accepting of that when you can't give it up that >> control when you when you look at for scouts kind of core value Proposition the category that were in his device. Visibility in control device visibility. What's on the network control? When I find something that shouldn't be, there are customers. Want to block that so way? Have a front row seat on watching customers that for decades have been unwilling to allow cybersecurity products to actually take action, turning our product on everyday and allowing us to do exactly that. So when we look at the way that they approached the breaches in every one of these scenarios, they're trying to figure out how they can augment the personal staff they have with products that can provide that level of intelligence >> on nothing to >> see over and over is that people are so falih. Fallible interview to Gala Grasshopper A couple of years he was one hundred percent a social engineering her way into any company that she tried. She had a kind of cool trick. She looked at Instagram photos. He would see the kind of browser that you had, and you know the company picnic. Paige won't let me in. Can you please try this? You're one hundred percent success. So you guys really act in a very different way. You're kind of after the breaches happened. You're sensing and taking action, not necessarily trying to maintain that that print Big Mo >> we're actually on the front end were before the breach takes place. So the way our product works is way plug into the network and then we turned that network ten years ago. A CEO would would would control everything on their networks. They would buy servers and load them with products and put them in their data centers. And they bite, you know, end points and they give those to their to their employees. Those same CEOs now need to allow everything to connect and try to make sense of this growing number of devices. So both the role that we play is preventative. We are on the front end. When a device first joins that network, you need to make sure that device is allowed to be there. So before we worry about what credentials that device is trying to log in with, let's make sure that's a device that the company wants to be on the network to begin with. So to your point, exactly your right. I mean, I think my CFO and I probably every week have some very sophisticated email that makes it sound like one of us asked the other to approve a check request. But it's but they're getting good and you're right. They go on the They know that I went to Villanova, where I'm a Phish fan, and they'll leverage some form of thing. All Post online has tried to make that seem a little bit more personalized, but our philosophy is a company is very basic, which is you need situational awareness of what devices are allowed to be on that network to begin with. If you get that in place, there's a lot less examples that what you described a couple of minutes >> ago and that you said to really instinct philosophy, having kind of an agent list methodology to identify and profile everything that's connected to the network, as opposed to having having you know an OS or having a little bug on there, Which would put you in good shape for this operations technology thing, which is such a critical piece of the i O. T and the I O T transfer >> there. Now there's there's no doubt, You know, that's one of the most fourth sight ful things that, for Scout has ever done is we made the decision to go Agent Lis ten years ago, Way saw that the world was moving from you, Nick and and Lenox and Windows and all of these basic operating systems that were open and only a few of them to the world that we're in today, where every TV has a different operating system, every OT manufacturer has their own operating system, right? It's example I uses that is the Google, you know, the nest thermostat where you you, you buy that, you put it on the wall of your house, you pair with your network, and it's sitting right on line next to your work laptop, right? And and there's been Brit breaches shown that attacks can come in through a device like that and get on to a more more trusted asset, right? So just having that situational awareness is a big part to begin with. But, oh, teams, let's talk about OT for a couple of seconds is almost in front of us post Wanna cry? I am seeing almost every sea, so in the world not having had but the cyber responsibilities for OT being pulled into the O. T part of the business. And it makes sense. You know that the when you watch it a cry, a breach like Wanna cry? Most companies didn't think they bought something from Windows. They thought they bought a controller from Siemens or Gear, one of the larger manufacturers. What they realized on wanna cry was that those controllers have embedded versions of an old operating system from Microsoft called X that had vulnerabilities. And that's how it was exploited so that the approach of devices being online, which changing in front of us, is not just the volume of devices. But they're not open anymore. So the Agent Lis approach of allowing devices to connect to the network and then using the network to do our thing and figure out what's on it makes us a really relevant and big player in that world of coyote and don't. So >> do you have to hold their hand when they when they break the air gap and connect the TV into the Heidi to say it'll be okay. We'll be able to keep an eye on these things before you go. You know, you talk about air gaps all the time is such a kind of fundamental security paradigm in the old way. But now the benefits of connectivity are outweighing, you know, the potential cost of very >> difficult, right? I mean, one of the examples I always uses. PG and E are local power company here. We're up until a few years ago, they'd have a human being. A band would come to your house and knock on your door, and all they wanted to do is get in your garage to read your meter, right? So they could bill you correctly. And then they put smart meters on the side of our houses. And I'm sure the roo I for them was incredible because they got rid of their entire fleet as a result, but recognized that my house is Theo T grid, now connected back to the side, which is Billy. So there's just so many examples in this connected world that we're in. Companies want to do business online, but online means interconnectivity. Interconnectivity means OT and connected so Yes, you're absolutely right. There's many companies believe they have systems air gapped off from each other. Most of those same cos once they get for Scout Live recognized they actually were not air gapped off from each other to begin with. That's part of the role that we play. >> This cure is to get your >> take. You talk to a lot of sizes about how kind of the the types of threats you know have evolved more recently. You know, we saw the stuff with presidential campaign. The targets and what they're trying to do has changed dramatically over the last several years in terms of what the bad guys actually want to do once they get in where they see the value. So how has that changed? No, it's not directly because you guys don't worry about what they're trying to do bad. You want to protect everything. But how is that kind of change from the size of perspective? >> Our customers are government's financial service companies, health care companies, manufacturing companies. Because every one of those companies, I mean, it sounds basic. But if you knew the bad thing was plugged into your network, doing something bad you would've blocked it. You didn't know it was there to begin with. So we actually have a role in all types of threats. But when you look at the threat landscape, it's shifted your right. I mean, ten years ago, it was mostly I p theft. You were hearing examples of somebody's blueprints being stolen before they got their product into the market. WeII. Then soft financial threat shifted. That's still where the bulk of it is today, right? No, they ransomware attacks. I mean, they're all money motivated. The swift breaches. They're all about trying to get a slice of money and more money moves online that becomes a good hunting ground for cybersecurity attackers. Right? But what? What is now being introduced? A CZ? Well, as all the geopolitical stuff. And I think you know with, with our commander in chief being willing to be online, tweeting that with other organism governments worldwide having a more social footprint, now that's on the table. And can you embarrass somebody? And what does that mean? And can you divide parties? But, yeah, there's there's a lot of different reasons for people to be online. What's amazing is the attacks behind them are actually fairly consistent. The mechanisms used right toe actually achieve those that you know that you know the objectives are actually quite similar. >> I'm curious from the site's perspective >> and trying to measure r A Y and, you know, kind of where they should invest in, not a vest, How the changing kind of value proposition of the things that they that are at risk really got to change the dynamic because they're not just feeling a little bit of money. You know, these air, these are much more complex and squishy kind of value propositions. If you're trying to influence our election or you're trying to embarrass somebody or you know, >> that's kind of different from anything. If it's state funded sheriff, it's believed to be state funded. It typically has a different roo. I model behind it, right, and there's different different organizations. But, you know, like on the OT side that you described a second ago, right? Why is OT so hot right now? Because it's one thing to have a bunch of employees have their laptops compromised with something you don't want to be on their right. It's embarrassing. Your emails get stolen it's embarrassing. It's a very different thing when you bring down a shipping line. When a company can't shift, you know can't ship their products. So the stakes are so high on the OT side for organizations that you know, they are obviously put a lot of energy and doing these days. >> You need talk about autonomous vehicles, you know, misreading signs and giving up control. And you know what kinds of things in this feature? Right, Mike? So if we let you go, you're busy. Guy, get thanks >> for having us in the booth. What do your superiors for twenty nineteen, you know for us at Four Scout, the priorities are continuing to execute. You know, we grow our business thirty three percent. Last year. We achieved free cash flow profitability, which is the first time in the company's history. So way of obligation to our investment community. And we intend to run a good, solid business from a product perspective. Our priorities are right in the category of device visibility and control its one of things. When you look around this conferences, you know cos cos had to be careful. They don't increase their product size too quickly. Before they have the financial means to do so. And we just see such a large market in helping answer that question. What is on my network? That's our focus, and we want to do it across the extent that enterprise at scale. >> Yeah, I've sought interesting quote from you on one of their earnings calls that I thought was was needed. A lot of people complain What, you go public. You're on the ninety day shot clock in that that becomes a focus. But your your take on it was now that everything's exposed country spending an already how much spinning a marketing I'm in shipping, it sails that it forces you to really take a deeper look and to make tougher decisions and to make sure you guys are prioritizing your resource is in the right way, knowing that a lot of other people now are making those judgments. >> You know, Listen, the process of raising money and then going public is that you have to be willing to understand that you have an investment community, but you have an obligation to share a lot of detail about the business. But from the other side of that, I get a chance to sit in front of some of the smartest people on the planet that look att my peer companies and me and then provide us input on areas that they're either excited about are concerned about. That's amazing input for me and helps me drive the business. And again, we're trying to build this into a big, organically large cybersecurity business, which is a rare thing these days. And we're quite were very how aboutthe trajectory that we're on. >> Right? Well, Mike, thank you. Like just out with smart people like, you know, I appreciate it and learned a lot. So you congrats on this very much. >> Sorry. He's Mike. I'm Jeff. You're watching The Cube were in the Fourth Scout booth at RC North America. Mosconi Center. Or in the north North Hall. Just find the Seibu. Thanks for watching. >> We'LL see you next time.

>> Announcer: From downtown San Francisco, it's theCUBE. Covering RSA North America 2018. >> Hey welcome back everybody, Jeff Frick here with theCUBE. We're at RSA North America 2018 in San Francisco. 40,000 plus people talking security, enterprise security, cloud security, a lot going on. It just continues to get more and more important. And we're really excited for our next guest who's been playing in the enterprise space for as long as I can remember, which has been a little while. Mike Decesare, he's the CEO and President of ForeScout. Mike, great to see you. >> Started my career off when I was one. (Jeff laughs) So, I've been in this for a long time. >> You have been in it a long time. So you guys now you're all about, right so there's so much stuff going on in security and security is one of these things that I have to look at it as kind of like insurance. You can't put every last nickel in security, but at the same time, you have to protect yourself. The attack surfaces are only growing with IIoT and we were at an autonomous vehicle show, and 5G is just coming around the corner, and all these connected devices and APIs. So you guys have a pretty unique approach to how you top level think about security called visibility. Explain that to us. >> So visibility is the next big thing in the world of cybersecurity and the dynamic is very basic. It's, for 20 plus years, CIOs and CSOs were substantially able to control everything that was on their network. You'd buy your servers and Windows machines and Blackberries for your employees and then there was very little tolerance for other devices being on those organization's networks. And what happened 10 years ago this year, with the birth of the iPhone was that CIOs, those same CIOs now had to deal with allowing things onto their network that don't subscribe to those same philosophies and when you can't buy it and outfit it with security before you put it into the environment. And that's the gap that ForeScout closes for organizations is we have an agentless approach which means we plug into the network infrastructure itself and we give customers visibility into everything that is connected to their network. >> So that begs a question, how do you do that without an agent? I would imagine you would put a little agent on all the various devices. So what's your technique? >> We actually don't. That's the secret sauce of the company is that >> okay >> you know over 10 years ago, we recognized this IoT trend coming because that's, that's the thing in the world of IoT is unlike the first kind o' 20 years of the internet, there was a substantially smaller number of operating systems, most of them open. The different characteristic about the current internet is that many of these use cases are coming online as closed proprietary operating systems. The example I use here is like your home. You know, you get a Nest thermostat and you put in on your network and it monitors, you know, heating and cooling but the device, the operating system, the application is all one consumer device. It doesn't run Windows. You can't install antivirus on you Nest thermostat. So our approach is we plug into the network infrastructure. We integrate to all of the network vendors, the firewall vendors, the wireless controlling vendors and we pull both active and passive techniques for gathering data off those devices and we translate that into a real-time picture of not just everything connected to the network but we know what those devices are without that client having to do anything. >> So you have what you call device cloud or yeah, ForeScout device cloud. So is that, is that a directory of all potential kind of universe of devices that you're querying off of or is that the devices within the realm of control of your of your clients directly? >> It's the second. It's the, so the way that our product works is we plug into the network infrastructure so anything that requests an IP address, whether is wired and wireless in the campus environment, whether it's data center or cloud in the data center environments or even into the OT space, anything that requests an IP address pops onto our radar the second it requests that address. And that cloud that we've built, that we've had for about nine months, we already have three million devices inside, almost three and a half million devices, is a superset of all of the different devices across our entire install base just from the clients that have been willing to share that data with us already. And that gives us optimism because what that becomes is a known set of fingerprints about all known devices so the first time that we discover a Siemens camera that might be a manufacturer, the company might have ten thousand of those in the environment, the first time that we see that device, we have to understand the pattern of traffic off that device, we label that as a security camera and any other customer world-wide that's has that same device connects, we instantaneously know it's a Siemens security camera. So we need the fingerprint of those devices once. >> Right, and so you're almost going to be like the GE Predix of connected devices down the road potentially with this cloud. >> We won't go there on that. >> He won't go there, alright. We've talked to Bill Ruh a lot of times but he does an interesting concept. The nice thing 'cause you can leverage from a single device and knowledge across the other ones which is so, so important on security so you can pick up multiple patterns, repeated patterns et cetera. >> One of the best parts about ForeScout is the fact that we deployed incredibly quickly. We have clients that have almost a million devices that got live in less than three months. And the reason we're able to do that is we plug into the infrastructure, and then our product kind o' does its own thing with very little effort from the client where we compare what we have in this repository against what they have in their environment. We typically get to an 80 or 90% auto-classification meaning that we know 80 or 90% of the time, not just what's on the network but what that device is and then the other 20% is where we have the implementation where we go through and we look at unique devices. It might be a bank has some model of ATM we've never seen before or a healthcare company has beds or machines on a hospital floor that we haven't recognized before. And the first time that we see each of those devices uniquely, we have to go through the process of fingerprinting it which means that we're looking for the unique pattern of traffic that's coming off a, you know, a router, a switch and a firewall and we're ingesting that and we're tagging that device and saying anytime we see that unique pattern of traffic, that's a certain device, a security camera or what have you. >> Right. >> The reason's that useful is then we get to put a policy in place about how those devices are allowed to behave on the network. So if you take something like the Mirai Botnet which hit about a year ago, was the thing that took down a big chunk of the Northeast, you know, utilities and you know, internet, it infected, it was a bot that infected security cameras predominantly. Nobody thought twice about having security cameras in their environment, but they're the same as they are in your house where you know, you put it online, you hit network pair and it's online. >> Right. >> But that bot was simply trying to find devices that had the default password that shipped from the security manufacturer and was able to be successful millions of time. And with our product in place, that couldn't happen because when you set us up, we would know it's a security camera, we'd put a policy in place that says security camera can speak to one server in the data center called the security camera server. And if that device tries to do anything more criminal, if it tries to dial the internet, if it tries to break into your SAP backend, any of those activities, we would give the customer the ability to automatically to take that device offline in real time. >> Right, so you're... >> And that's why our clients find us to be very useful. >> Right, so you're really segregating the devices to the places they're supposed to play, not letting 'em out of the areas they're supposed to be. Which is the >> Absolutely. >> Which is the classic kind of back door way in that the bad guys are coming in. >> Our philosophy is let everything onto the network. We take a look at that traffic. We give you a picture of all those devices and we allow each customer to put an individual policy in place that fences that in. If you take the other extreme like a Windows machine in a corporate environment, our typical policy will be you know, do you have Windows 2009 or later? 'Cause most customers have policies they don't want XP in their environments anymore. But we enforce it. So if an XP device hits the network, we can block that device or we can force a new version down. If you have Symantec, has it got a dat file update? If you've got Tenable, has it had a scan recently? If you've got, you know, any of the other products that are out there that are on those machines, our job is to enforce that the device actually matches the company's policy before that device is allowed in. >> Before you let it. Alright. >> And if at any time that it's on that network, it becomes noncompliant, we would take that device offline. >> You know, with the proliferation of devices and continuation growth of IoT and then industrial IoT, I mean, you guys are really in a good space because everything is getting an IP address and as you said, most of them have proprietary operation systems or they have some other proprietary system that's not going to allow, kind o' classic IT protections to be put into place. You've really got to have something special and it's a pretty neat approach coming at it from the connectivity. >> It's the secret sauce of the company is we recognized many years ago that the the combination of not just there being very few operating systems but they were all open. Windows, Lennox, right? I mean, you can buy a Windows machine and you can install any product you want on it. But we saw this trend coming when the next wave of devices was going to be massively heterogeneous and also in many cases, very closed. And you know, you mentioned the example of the OT space and that's one of the other, the third biggest driver for us in our business is the OT space because when you looking a WanaCry or a NotPetya and you see companies like Maersk and FedEx and others that are, that are publicly talking about the impact of these breaches on their earnings calls. What those companies are waking up and realizing is they've got 25 year old systems that have run, you know, an old version of Microsoft that's been end-of-life decades ago and the bad actors have proven very adept at trying to find any entry point into an organization, right, and the great news for ForeScout is that really lends itself very much towards our age-endless approach. I mean, many of these OT companies that we're in, devices that are in their manufacturing facilities don't even have an API. There were built so long ago so there's no concept of interacting with that machine. >> Right >> So for us, allowing that device to hit the Belden switches and then be able to interrogate the traffic coming off those switches let's us do the same thing that we do in the campus world over in the OT world as well. >> Good spot to be. So RSA 2018, what are ya looking forward to for this week? >> This is just massive in size. It's like speed dating. From a customer's perspective too, I mean, I meet so many customer's that come here and able to meet with 30 or 40 vendors in a single week and it's no different, you know, for the providers themselves so. You know, we've got some really, kind o' really high profile big wins, you know, it's very coming for us to be doing deals at this point that get up over a million devices so they're very high profile so it's a great chance to reconnect with customers. You know, one of the things I didn't mention to you is that kind o' the, the whole thing that we do of identifying devices and then understanding what they are and allowing those policies to get put in places, that's fundamentally done with our own IP, and the connections into the switch and firewall vendors. But we've built this whole other ecosystem of applications in the world of orchestration that set on top of our products. We integrate the firewall vendors, the vulnerability management vendors, the EDR vendors, the AV vendors, so it's a great chance for us to reconnect with you know, those vendors as well. In fact, we're doing a dinner tonight with CrowdStrike. They're one of our newer partners. Very excited about this week. It brings a lot of optimism. >> Well, great story Mike and excited to watch it to continue to unfold. >> We appreciate you giving us some time. >> Alright, thanks for stopping by. That's Mike Decesare. I'm Jeff Frick. You're watching theCUBE from RSA North America 2018. Thanks for watchin'. Catch you next time. (techno music)

>> Narrator: From theCUBE Studios in Palo Alto, in Boston, bringing you data-driven insights from theCUBE and ETR, this is Breaking Analysis with Dave Vellante. >> Tech spending is poised to rebound as the economy reopens in 2021. CIOs and IT buyers, they expect a 4% increase in 2021 spending based on ETR's latest surveys. And we believe that number will actually be higher, in the six to 7% range even. The big drivers are continued fine tuning of, and investment in digital strategies, for example, cloud security, AI data and automation. Application modernization initiatives continue to attract attention, and we also expect more support with work from home demand, for instance laptops, et cetera. And we're even seeing pent-up demand for data center infrastructure and other major risks to this scenario, they remain the pace of the reopening, of course, no surprise there, however, even if there are speed bumps to the vaccine rollout and achieving herd immunity, we believe tech spending will grow at least two points faster than GDP, which is currently forecast at 4.1%. Hello and welcome to this week's (indistinct) on Cube Insights powered by ETR. In this breaking analysis, we want to update you on our latest macro view of the market, and then highlight a few key sectors that we've been watching, namely cloud with a particular drill down on Microsoft and AWS, security, database, and then we'll look at Dell and VMware as a proxy for the data center. Now here's a look at what IT buyers and CIOs think. This chart shows the latest survey data from ETR and it compares the December results with the year earlier survey. Consistent with our earlier reporting, we see a kind of a swoosh-like recovery with a slower first half and accelerating in the second half. And we think that CIOs are being prudently conservative, 'cause if GDP grows at 4% plus, we fully expect tech spending to outperform. Now let's look at the factors that really drive some of our thinking on that. This is data that we've shown before it asks buyers if they're initiating any of the following strategies in the coming quarter, in the face of the pandemic and you can see there's no change in work from home, really no change in business travel, but hiring freezes, freezing new deployments, these continue to trend down. New deployments continue to be up, layoffs are trending down and hiring is also up. So these are all good signs. Now having said that, one part of our scenario assumes workers return and the current 75% of employees that work from home will moderate by the second half to around 35%. Now that's double the historical average, and that large percentage, that will necessitate continued work from home infrastructure spend, we think and drive HQ spending as well in the data center. Now the caveat of course is that lots of companies are downsizing corporate headquarters, so that could weigh on this dual investment premise that we have, but generally with the easy compare in these tailwinds, we expect solid growth in this coming year. Now, what sectors are showing growth? Well, the same big four that we've been talking about for 10 months, machine intelligence or AI/ML, RPA and broader automation agendas, these lead the pack along with containers and cloud. These four, you can see here above that red dotted line at 40%, that's a 40% net score which is a measure of spending momentum. Now cloud, it's the most impressive because what you see in this chart is spending momentum or net score in the vertical axis and market share or pervasiveness in the data center on the horizontal axis. Now cloud it stands out, as it's has a large market share and it's got spending velocity tied to it. So, I mean that is really impressive for that sector. Now, what we want to do here is do a quick update on the big three cloud revenue for 2020. And so we're looking back at 2020, and this really updates the chart that we showed last week at our CUBE on Cloud event, the only differences Azure, Microsoft reported and this chart shows IaaS estimates for the big three, we had had Microsoft Azure in Q4 at 6.8 billion, it came in at 6.9 billion based on our cloud model. Now the points we previously made on this chart, they stand out. AWS is the biggest, and it's growing more slowly but it throws off more absolute dollars, Azure grew 48% sent last quarter, we had it slightly lower and so we've adjusted that and that's incredible. And Azure continues to close that gap on AWS and we'll see how AWS and Google do when they report next week. We definitely think based on Microsoft result that AWS has upside to these numbers, especially given the Q4 push, year end, and the continued transition to cloud and even Google we think can benefit. Now what we want to do is take a closer look at Microsoft and AWS and drill down into those two cloud leaders. So take a look at this graphic, it shows ETR's survey data for net score across Microsoft's portfolio, and we've selected a couple of key areas. Virtually every sector is in the green and has forward momentum relative to the October survey. Power Automate, which is RPA, Teams is off the chart, Azure itself we've reported on that, is the linchpin of Microsoft's innovation strategy, serverless, AI analytics, containers, they all have over 60% net scores. Skype is the only dog and Microsoft is doing a fabulous job of transitioning its customers to Teams away from Skype. I think there are still people using Skype. Yes, I know it's crazy. Now let's take a look at the AWS portfolio drill down, there's a similar story here for Amazon and virtually all sectors are well into the 50% net scores or above. Yeah, it's lower than Microsoft, but still AWS, very, very large, so across the board strength for the company and it's impressive for a $45 billion cloud company. Only Chime is lagging behind AWS and maybe, maybe AWS needs a Teams-like version to migrate folks off of Chime. Although you do see it's an uptick there relative to the last survey, but still not burning the house down. Now let's take a look at security. It's a sector that we've highlighted for several quarters, and it's really undergoing massive change. This of course was accelerated by the work from home trend, and this chart ranks the CIO and CSO priorities for security, and here you see identity access management stands out. So this bodes well for the likes of Okta and SailPoint, of course endpoint security also ranks highly, and that's good news for a company like CrowdStrike or Forescout, Carbon Black, which was acquired by VMware. And you can see network security is right there as well, I mean, it's all kind of network security but Cisco, Palo Alto, Fortinet are some of the names that we follow closely there, and cloud security, Microsoft, Amazon and Zscaler also stands out. Now, what we want to do now is drill in a little bit and take a look at the vendor map for security. So this chart shows one of our favorite views, it's getting net score or spending momentum on the vertical axis and market share on the horizontal. Okta, note in the upper right of that little chart there that table, Okta remains the highest net score of all the players that we're showing here, SailPoint and CrowdStrike definitely looming large, Microsoft continues to be impressive because of its both presence, you can see that dot in the upper right there and it's momentum, and you know, for context, we've included some of the legacy names like RSA and McAfee and Symantec, you could see them in the red as is IBM, and then the rest of the pack, they're solidly in the green, we've said this before security remains a priority, it's a very strong market, CIOs and CSOs have to spend on it, they're accelerating that spending, and it's a fragmented space with lots of legitimate players, and it's undergoing a major change, and with the SolarWinds hack, it's on everyone's radar even more than we've seen with earlier high profile breaches, we have some other data that we'll share in the future, on that front, but in the interest of time, we'll press on here. Now, one of the other sectors that's undergoing significant changes, database. And so if you take a look at the latest survey data, so we're showing that same xy-view, the first thing that we call your attention to is Snowflake, and we've been reporting on this company for years now, and sharing ETR data for well over a year. The company continues to impress us with spending momentum, this last survey it increased from 75% last quarter to 83% in the latest survey. This is unbelievable because having now done this for quite some time, many, many quarters, these numbers are historically not sustainable and very rarely do you see that kind of increase from the mid-70s up into the '80s. So now AWS is the other big call out here. This is a company that has become a database powerhouse, and they've done that from a standing start and they've become a leader in the market. Google's momentum is also impressive, especially with it's technical chops, it gets very, very high marks for things like BigQuery, and so you can see it's got momentum, it does not have the presence in the market to the right, that for instance AWS and Microsoft have, and that brings me to Microsoft is also notable, because it's so large and look at the momentum, it's got very, very strong spending momentum as well, so look, this database market it's seeing dramatically different strategies. Take Amazon for example, it's all about the right tool for the right job, they get a lot of different data stores with specialized databases, for different use cases, Aurora for transaction processing, Redshift for analytics, I want a key value store, hey, some DynamoDB, graph database? You got little Neptune, document database? They've got that, they got time series database, so very, very granular portfolio. You got Oracle on the other end of the spectrum. It along with several others are converging capabilities and that's a big trend that we're seeing across the board, into, sometimes we call it a mono database instead of one database fits all. Now Microsoft's world kind of largely revolves around SQL and Azure SQL but it does offer other options. But the big difference between Microsoft and AWS is AWS' approach is really to maximize the granularity in the technical flexibility with fine-grained access to primitives and APIs, that's their philosophy, whereas Microsoft with synapse for example, they're willing to build that abstraction layer as a means of simplifying the experiences. AWS, they've been reluctant to do this, their approach favors optionality and their philosophy is as the market changes, that will give them the ability to move faster. Microsoft's philosophy favors really abstracting that complexity, now that adds overhead, but it does simplify, so these are two very interesting counter poised strategies that we're watching and we think there's room for both, they're just not necessarily one better than the other, it's just different philosophies and different approaches. Now Snowflake for its part is building a data cloud on top of AWS, Google and Azure, so it's another example of adding value by abstracting away the underlying infrastructure complexity and it obviously seems to be working well, albeit at a much smaller scale at this point. Now let's talk a little bit about some of the on-prem players, the legacy players, and we'll use Dell and VMware as proxies for these markets. So what we're showing here in this chart is Dell's net scores across select parts of its portfolio and it's a pretty nice picture for Dell, I mean everything, but Desktop is showing forward momentum relative to previous surveys, laptops continue to benefit from the remote worker trend, in fact, PCs actually grew this year if you saw our spot on Intel last week, PCs had peaked, PC volume at peaked in 2011 and it actually bumped up this year but it's not really, we don't think sustainable, but nonetheless it's been a godsend during the pandemic as data center infrastructure has been softer. Dell's cloud is up and that really comprises a bunch of infrastructure along with some services, so that's showing some strength that both, look at storage and server momentum, they seem to be picking up and this is really important because these two sectors have been lagging for Dell. But this data supports our pent-up demand premise for on-prem infrastructure, and we'll see if the ETR survey which is forward-looking translates into revenue growth for Dell and others like HPE. Now, what about Dell's favorite new toy over at VMware? Let's take a look at that picture for VMware, it's pretty solid. VMware cloud on AWS, we've been reporting on that for several quarters now, it's showing up in the ETR survey and it is well, it's somewhat moderating, it's coming down from very high spending momentum, so it's still, we think very positive. NSX momentum is coming back in the survey, I'm not sure what happened there, but it's been strong, VMware's on-prem cloud with VCF VMware Cloud Foundation, that's strong, Tanzu was a bit surprising because containers are very hot overall, so that's something we're watching, seems to be moderating, maybe the market says okay, you did great VMware, you're embracing containers, but Tanzu is maybe not the, we'll see, we'll see how that all plays out. I think it's the right strategy for VMware to embrace that container strategy, but we said remember, everybody said containers are going to kill VMware, well, VMware rightly, they've embraced cloud with VMware cloud on AWS, they're embracing containers. So we're seeing much more forward-thinking strategies and management philosophies. Carbon Black, that benefits from the security tailwind, and then the core infrastructure looks good, vSAN, vSphere and VDI. So the big thing that we're watching for VMware, is of course, who's going to be the next CEO. Is it going to be Zane Rowe, who's now the acting CEO? And of course he's been the CFO for years. Who's going to get that job? Will it be Sanjay Poonen? The choice I think is going to say much about the direction of VMware going forward in our view. Succeeding Pat Gelsinger is like, it's going to be like following Peyton Manning at QB, but this summer we expect Dell to spin out VMware or do some other kind of restructuring, and restructure both VMware and Dell's balance sheet, it wants to get both companies back to investment grade and it wants to set a new era in motion or it's going to set a new era in motion. Now that financial transaction, maybe it does call for a CFO in favor of such a move and can orchestrate such a move, but certainly Sanjay Poonen has been a loyal soldier and he's performed very well in his executive roles, not just at VMware, but previous roles, SAP and others. So my opinion there's no doubt he's ready and he's earned it, and with, of course with was no offense to Zane Rowe by the way, he's an outstanding executive too, but the big questions for Dell and VMware's what will the future of these two companies look like? They've dominated, VMware especially has dominated the data center for a decade plus, they're responding to cloud, and some of these new trends, they've made tons of acquisitions and Gelsinger has orchestrated TAM expansion. They still got to get through paying down the debt so they can really double down on an innovation agenda from an R&D perspective, that's been somewhat hamstrung and to their credit, they've done a great job of navigating through Dell's tendency to take VMware cash and restructure its business to go public, and now to restructure both companies to do the pivotal acquisition, et cetera, et cetera, et cetera and clean up it's corporate structure. So it's been a drag on VMware's ability to use its free cash flow for R&D, and again it's been very impressive what it's been able to accomplish there. On the Dell side of the house, it's R&D largely has gone to kind of new products, follow-on products and evolutionary kind of approach, and it would be nice to see Dell be able to really double down on the innovation agenda especially with the looming edge opportunity. Look R&D is the lifeblood of a tech company, and there's so many opportunities across the clouds and at The Edge we've talked this a lot, I haven't talked much about or any about IBM, we wrote a piece last year on IBM's innovation agenda, really hinges on its R&D. It seems to be continuing to favor dividends and stock buybacks, that makes it difficult for the company to really invest in its future and grow, its promised growth, Ginni Rometty promised growth, that never really happened, Arvind Krishna is now promising growth, hopefully it doesn't fall into the same pattern of missed promises, and my concern there is that R&D, you can't just flick a switch and pour money and get a fast return, it takes years to get that. (Dave chuckles) We talked about Intel last week, so similar things going on, but I digress. Look, these guys are going to require in my view, VMware, Dell, I'll put HPE in there, they're going to require organic investment to get back to growth, so we're watching these factors very, very closely. Okay, got to wrap up here, so we're seeing IT spending growth coming in as high as potentially 7% this year, and it's going to be powered by the same old culprits, cloud, AI, automation, we'll be doing an RPA update soon here, application modernization, and the new work paradigm that we think will force increased investments in digital initiatives. The doubling of the expectation of work from home is significant, and so we see this hybrid world, not just hybrid cloud but hybrid work from home and on-prem, this new digital world, and it's going to require investment in both cloud and on-prem, and we think that's going to lift both boats but cloud, clearly the big winner. And we're not by any means suggesting that their growth rates are going to somehow converge, they're not, cloud will continue to outpace on-prem by several hundred basis points, throughout the decade we think. And AWS and Microsoft are in the top division of that cloud bracket. Security markets are really shifting and we continue to like the momentum of companies in identity and endpoint and cloud security, especially the pure plays like CrowdStrike and Okta and SailPoint, and Zscaler and others that we've mentioned over the past several quarters, but CSOs tell us they want to work with the big guys too, because they trust them, especially Palo Alto networks, Cisco obviously in the mix, their security business continues to outperform the balance of Cisco's portfolio, and these companies, they have resources to withstand market shifts and we'll do a deeper drill down at the security soon and update you on other trends, on other companies in that space. Now the database world, it continues to heat up, I used to say on theCUBE all the time that decade and a half ago database was boring and now database is anything but, and thank you to cloud databases and especially Snowflake, it's data cloud vision, it's simplicity, we're seeing lots of different ways though, to skin the cat, and while there's disruption, we believe Oracle's position is solid because it owns Mission-Critical, that's its stronghold, and we really haven't seen those workloads migrate into the cloud, and frankly, I think it's going to be hard to rest those away from Oracle. Now, AWS and Microsoft, they continue to be the easy choice for a lot of their customers. Microsoft migrating its software state, AWS continues to innovate, we've got a lot of database choices, the right tool for the right job, so there's lots of innovation going on in databases beyond these names as well, and we'll continue to update you on these markets shortly. Now, lastly, it's quite notable how well some of the legacy names have navigated through COVID. Sure, they're not rocketing like many of the work-from-home stocks, but they've been able to thus far survive, and in the example of Dell and VMware, the portfolio diversity has been a blessing. The bottom line is the first half of 2021 seems to be shaping up as we expected, momentum for the strongest digital plays, low interest rates helping large established companies hang in there with strong balance sheets, and large customer bases. And what will be really interesting to see is what happens coming out of the pandemic. Will the rich get richer? Yeah, well we think so. But we see the legacy players adjusting their business models, embracing change in the market and steadily moving forward. And we see at least a dozen new players hitting the radar that could become leaders in the coming decade, and as always, we'll be highlighting many of those in our future episodes. Okay, that's it for now, listen, these episodes remember, they're all available as podcasts, all you got to do is search for Breaking Analysis Podcasts and you'll you'll get them so please listen, like them, if you like them, share them, really, I always appreciate that, I publish weekly on wikibon.com and siliconangle.com, and really would appreciate your comments and always do in my LinkedIn posts, or you can always DM me @dvellante or email me at david.vellante@siliconangle.com, and tell me what you think is happening out there. Don't forget to check out ETR+ for all the survey action, this is David Vellante, thanks for watching theCUBE Insights powered by ETR. Stay safe, we'll see you next time. (downbeat music)

>> From theCUBE studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR, this is Breaking Analysis with Dave Vellante. >> In our 2020 predictions post, we said that organizations would begin to operationalize their digital transformation experiments and POCs. We also said that based on spending data that cybersecurity companies like CrowdStrike and Okta were poised to rise above the rest in 2020, and we even said the S&P 500 would surpass 3,700 this year. Little did we know that we'd have a pandemic that would make these predictions a virtual lock, and, of course, COVID did blow us out of the water in some other areas, like our prediction that IT spending would increase plus 4% in 2020, when in reality, we have a dropping by 4%. We made a number of other calls that did pretty well, but I'll let you review last year's predictions at your leisure to see how we did. Hello, everyone. This is Dave Vellante and welcome to this week's Wikibon CUBE Insights powered by ETR. Erik Bradley of ETR is joining me again for this Breaking Analysis, and we're going to lay out our top picks for 2021. Erik, great to see you. Welcome back. Happy to have you on theCUBE, my friend. >> Always great to see you too, Dave. I'm excited about these picks this year. >> Well, let's get right into it. Let's bring up the first prediction here. Tech spending will rebound in 2021. We expect a 4% midpoint increase next year in spending. Erik, there are a number of factors that really support this prediction, which of course is based on ETR's most recent survey work, and we've listed a number of them here in this slide. I wonder if we can talk about that a little bit, the pace of the vaccine rollout. I've called this a forced march to COVID, but I can see people doubling down on things that are working. Productivity improvements are going to go back into the business. People are going to come back to the headquarters and that maybe is going to spur infrastructure on some pent-up demand, and work from home, we're going to talk about that. What are your thoughts on this prediction? >> Well, first of all, you weren't wrong last year. You were just, (laughs) you were just delayed. Just delayed a little bit, that's all. No, very much so. Early on, just three months ago, we were not seeing this optimism. The most recent survey, however, is capturing 4%. I truly believe that still might be a little bit mild. I think it can go even higher, and that's going to be driven by some of the things you've said about. This is a year where a lot of spending was paused on machine learning, on automation, on some of these projects that had to be stopped because of what we all went through. Right now, that is not a nice to have, it's a must have, and that spending is going quickly. There's a rapid pace on that spending, so I do think that's going to push it and, of course, security. We're going to get to this later on so I don't want to bury the lede, but with what's happening right now, every CISO I speak to is not panicked, but they are concerned and there will definitely be increased security spending that might push this 4% even higher. >> Yeah, and as we've reported as well, the survey data shows that there's less freezing of IT, there are fewer layoffs, there's more hiring, we're accelerating IT deployments, so that, I think, 34% last survey, 34% of organizations are accelerating IT deployments over the next three months, so that's great news. >> And also your point too about hiring. I was remiss in not bringing that up because we had layoffs and we had freezes on hiring. Both of that is stopping. As you know, as more head count comes in, whether that be from home or whether that be in your headquarters, both of those require support and require spending. >> All right, let's bring up the next prediction. Remote worker trends are going to become fossilized, settling in at an average of 34% by year-end 2021. Now, I love this chart, you guys. It's been amazingly consistent to me, Erik. We're showing data here from ETR's latest COVID survey. So it shows that prior to the pandemic, about 15 to 16% of employees on average worked remotely. That jumped to where we are today and well into the 70s, and we're going to stay close to that, according to the ETR data, in the first half of 2021, but by the end of the year, it's going to settle in at around 34%. Erik, that's double the pre-pandemic numbers and that's been consistent in your surveys over the past six month, and even within the sub-samples. >> Yeah, super surprised by the consistency, Dave. You're right about that. We were expecting the most recent data to kind of come down, right? We see the vaccines being rolled out. We kind of thought that that number would shift, but it hasn't, it has been dead consistent, and that's just from the data perspective. What we're hearing from the interviews and the feedback is that's not going to change, it really isn't, and there's a main reason for that. Productivity is up, and we'll talk about that in a second, but if you have productivity up and you have employees happy, they're not commuting, they're working more, they're working effectively, there is no reason to rush. And now imagine if you're a company that's trying to hire the best talent and attract the best talent but you're also the only company telling them where they have to live. I mean, good luck with that, right? So even if a few of them decide to make this permanent, that's something where you're going to really have to follow suit to attract talent. >> Yeah, so let's talk about that. Productivity leads us to our next prediction. We can bring that up. Number three is productivity increases are going to lead organizations to double down on the successes of 2020 and productivity apps are going to benefit. Now, of course, I'm always careful to cautious to interpret when you ask somebody by how much did productivity increase. It's a very hard thing to estimate depending on how you measure it. Is it revenue per employee? Is it profit? But nonetheless, the vast majority of people that we talk to are seeing productivity is going up. The productivity apps are really the winners here. Who do you see, Erik, as really benefiting from this trend? This year we saw Zoom, Teams, even Webex benefit, but how do you see this playing out in 2021? >> Well, first of all, the real beneficiaries are the companies themselves because they are getting more productivity, and our data is not only showing more productivity, but that's continuing to increase over time, so that's number one. But you're 100% right that the reason that's happening is because of the support of the applications and what would have been put in place. Now, what we do expect to see here, early on it was a rising tide lifted all boats, even Citrix got pulled up, but over time you realize Citrix is really just about legacy applications. Maybe that's not really the virtualization platform we need or maybe we just don't want to go that route at all. So the ones that we think are going to win longer term are part of this paradigm shift. The easiest one to put out as example is DocuSign. Nobody is going to travel and sit in an office to sign a paper ever again. It's not happening. I don't care if you go back to the office or you go back to headquarters. This is a paradigm shift that is not temporary. It is permanent. Another one that we're seeing is Smartsheet. Early on it started in. I was a little concerned about it 'cause it was a shadow IT type of a company where it was just spreading and spreading and spreading. It's turned out that this, the data on Smartsheet is continuing to be strong. It's an effective tool for project management when you're remotely working, so that's another one I don't see changing anytime. The other one I would call out would be Twilio. Slightly different, yes. It's more about the customer experience, but when you look at how many brick and mortar or how many in-person transactions have moved online and will stay there, companies like Twilio that support that customer experience, I'll throw out a Qualtrics out there as well, not a name we hear about a lot, but that customer experience software is a name that needs to be watched going forward. >> What do you think's going to happen to Zoom and Teams? Certainly Zoom just escalated this year, a huge ascendancy, and Teams I look at a little differently 'cause it's not just video conferencing, and both have done really, really well. How do you interpret the data that you're seeing there? >> There's no way around it, our data is decelerating quickly, really quickly. We were kind of bullish when Zoom first came out on the IPO prospects. It did very well. Obviously what happened in this remote shift turned them into an absolute overnight huge success. I don't see that continuing going forward, and there's a reason. What we're seeing and hearing from our feedback interviews is that now that people recognize this isn't temporary and they're not scrambling and they need to set up for permanency, they're going to consolidate their spend. They don't need to have Teams and Zoom. It's not necessary. They will consolidate where they can. There's always going to be the players that are going to choose Slack and Zoom 'cause they don't want to be on Microsoft architecture. That's fine, but you and I both know that the majority of large enterprises have Microsoft already. It's bundled in in pricing. I just don't see it happening. There's going to be M&A out there, which we can talk about again soon, so maybe Zoom, just like Slack, gets to a point where somebody thinks it's worthwhile, but there's a lot of other video conferencing out there. They're trying to push their telephony. They're trying to push their mobile solutions. There's a lot of companies out there doing it, so we'll see, but the current market cap does not seem to make sense in a permanent remote work situation. >> I think I'm inferring Teams is a little different because it's Microsoft. They've got this huge software estate they can leverage. They can bundle. Now, it's going to be interesting to see how and if Zoom can then expand its TAM, use its recent largesse to really enter potentially new markets. >> It will be, but listen, just the other day there was another headline that one of Zoom's executives out in China was actually blocking content as per directed by the Chinese government. Those are the kind of headlines that just really just get a little bit difficult when you're running a true enterprise size. Zoom is wonderful in the consumer space, but what I do is I research enterprise technology, and it's going to be really, really difficult to make inroads there with Microsoft. >> Yep. I agree. Okay, let's bring up number four, prediction number four. Permanent shifts in CISO strategies lead to measurable share shifts in network security. So the remote work sort of hyper-pivot, we'll call it, it's definitely exposed us. We've seen recent breaches that underscore the need for change. They've been well-publicized. We've talked a lot about identity access management, cloud security, endpoint security, and so as a result, we've seen the upstarts, and just a couple that we called, CrowdStrike, Okta, Zscaler has really benefited and we expect them to continue to show consistent growth, some well over 50% revenue growth. Erik, you really follow this space closely. You've been focused on microsegmentation and other, some of the big players. What are your thoughts here? >> Yeah, first of all, security, number one in spending overall when we started looking and asking people what their priority is going to be. That's not changing, and that was before the SolarWinds breach. I just had a great interview today with a CISO of a global hospitality enterprise to really talk about the implications of this. It is real. Him and his peers are not panicking but pretty close, is the way he put it, so there is spend happening. So first of all, to your point, continued on Okta, continued on identity access. See no reason why that changes. CrowdStrike, continue. What this is going to do is bring in some new areas, like we just mentioned, in network segmentation. Illumio is a pure play in that name that doesn't have a lot of citations, but I have watched over the last week their net spending score go from about 30 to 60%, so I am watching in real time, as this data comes in in the later part of our survey, that it's really happening Forescout is another one that's in there. We're seeing some of the zero trust names really picking up in the last week. Now, to talk about some of the more established names, yeah, Cisco plays in this space and we can talk about Cisco and what they're doing in security forever. They're really reinventing themselves and doing a great job. Palo Alto was in this space as well, but I do believe that network and microsegmentation is going to be something that's going to continue. The other one I'm going to throw out that I'm hearing a lot about lately is user behavior analytics. People need to be able to watch the trends, compare them to past trends, and catch something sooner. Varonis is a name in that space that we're seeing get a lot of adoptions right now. It's early trend, but based on our data, Varonis is a name to watch in that area as well. >> Yeah, and you mentioned Cisco transitioning, reinventing themselves toward a SaaS player. Their subscription, Cisco's security business is a real bright spot for them. Palo Alto, every time I sit in on a VENN, which is ETR's proprietary roundtable, the CISOs, they love Palo Alto. They want to work, many of them, anyway, want to work with Palo Alto. They see them as a thought leader. They seem to be getting their cloud act together. Fortinet has been doing a pretty good job there and especially for mid-market. So we're going to see this equilibrium, best of breed versus the big portfolio companies, and I think 2021 sets up as a really interesting battle for those guys with momentum and those guys with big portfolios. >> I completely agree and you nailed it again. Palo Alto has this perception that they're really thought leaders in the space and people want to work with them, but let's not rule Cisco out. They have a much, much bigger market cap. They are really good at acquisitions. In the past, they maybe didn't integrate them as well, but it seems like they're getting their act together on that. And they're pushing now what they call SecureX, which is sort of like their own full-on platform in the cloud, and they're starting to market that, I'm starting to hear more about it, and I do think Cisco is really changing people's perception of them. We shall see going forward because in the last year, you're 100% right, Palo Alto definitely got a little bit more of the sentiment, of positive sentiment. Now, let's also realize, and we'll talk about this again in a bit, there's a lot of players out there. There will probably be continued consolidation in the security space, that we'll see what happens, but it's an area where spending is increasing, there is a lot of vendors out there to play with, and I do believe we'll see consolidation in that space. >> Yes. No question. A highly fragmented business. A lack of skills is a real challenge. Automation is a big watch word and so I would expect, which brings us, Erik, to prediction number five. Can be hard to do prediction posts without talking about M&A. We see the trend toward increased tech spending driving more IPOs, SPACs and M&A. We've seen some pretty amazing liquidity events this year. Snowflake, obviously a big one. Airbnb, DoorDash, outside of our enterprise tech but still notable. Palantir, JFrog, number of others. UiPath just filed confidentially and their CEO said, "Over the next 12 to 18 months, I would think Automation Anywhere is going to follow suit at some point." Hashicorp was a company we called out in our 2020 predictions as one to watch along with Snowflake and some others, and, Erik, we've seen some real shifts in observability. The ELK Stack gaining prominence with Elastic, ChaosSearch just raised 40 million, and everybody's going after 5G. Lots of M&A opportunities. What are your thoughts? >> I think if we're going to make this a prediction show, I'm going to say that was a great year, but we're going to even have a better year next year. There is a lot of cash on the balance sheet. There are low interest rates. There is a lot of spending momentum in enterprise IT. The three of those set up for a perfect storm of more liquidity events, whether it be continued IPOs, whether it could be M&A, I do expect that to continue. You mentioned a lot of the names. I think you're 100% right. Another one I would throw out there in that observability space, is it's Grafana along with the ELK Stack is really making changes to some of the pure plays in that area. I've been pretty vocal about how I thought Splunk was having some problems. They've already made three acquisitions. They are trying really hard to get back up and keep that growth trajectory and be the great company they always have been, so I think the observability area is certainly one. We have a lot of names in that space that could be taken out. The other one that wasn't mentioned, however, that I'd like to mention is more in the CDN area. Akamai being the grandfather there, and we'll get into it a little bit too, but CloudFlare has a huge market cap, Fastly running a little bit behind that, and then there's Limelight, and there's a few startups in that space and the CDN is really changing. It's not about content delivery as much as it is about edge compute these days, and they would be a real easy takeout for one of these large market cap names that need to get into that spot. >> That's a great call. All right, let's bring up number six, and this is one that's near and dear to my heart. It's more of a longer-term prediction and that prediction is in the 2020s, 75% of large organizations are going to re-architect their big data platforms, and the premise here is we're seeing a rapid shift to cloud database and cross-cloud data sharing and automated governance. And the prediction is that because big data platforms are fundamentally flawed and are not going to be corrected by incremental improvements in data lakes and data warehouses and data hubs, we're going to see a shift toward a domain-centric ownership of the data pipeline where data teams are going to be organized around data product or data service builders and embedded into lines of business. And in this scenario, the technology details and complexity will become abstracted. You've got hyper-specialized data teams today. They serve multiple business owners. There's no domain context. Different data agendas. Those, we think, are going to be subsumed within the business lines, and in the future, the primary metric is going to shift from the cost and the quality of the big data platform outputs to the time it takes to go from idea to revenue generation, and this change is going to take four to five years to coalesce, but it's going to begin in earnest in 2021. Erik, anything you'd add to this? >> I'm going to let you kind of own that one 'cause I completely agree, and for all the listeners out there, that was Dave's original thought and I think it's fantastic and I want to get behind it. One of the things I will say to support that is big data analytics, which is what people are calling it because they got over the hype of machine learning, they're sick of vendors saying machine learning, and I'm hearing more and more people just talk about it as we need big data analytics, we need 'em at the edge, we need 'em faster, we need 'em in real time. That's happening, and what we're seeing more is this is happening with vendor-agnostic tools. This isn't just AWS-aligned. This isn't just GCP-aligned or Azure-aligned. The winners are the Snowflakes. The winners are the Databricks. The winners are the ones that are allowing this interoperability, the portability, which fully supports what you're saying. And then the only other comment I would make, which I really like about your prediction, is about the lines of business owning it 'cause I think this is even bigger. Right now, we track IT spending through the CIO, through the CTO, through IT in general. IT spending is actually becoming more diversified. IT spending is coming under the purview of marketing, it's coming under the purview of sales, so we're seeing more and more IT spending, but it's happening with the business user or the business lines and obviously data first, so I think you're 100% right. >> Yeah, and if you think about it, we've contextualized our operational systems, whether it's the CRM or the supply chain, the logistics, the business lines own their respective data. It's not true for the analytics systems, and we talked about Snowflake and Databricks. I actually see these two companies who were sort of birds of a feather in the early days together, applying Databricks machine learning on top of Snowflake, I actually see them going in diverging places. I see Databricks trying to improve on the data lake. I see Snowflake trying to reinvent the concept of data warehouse to this global mesh, and it's going to be really interesting to see how that shakes out. The data behind Snowflake, obviously very, very exciting. >> Yeah, it's just, real quickly to add on that if we have time, Dave. >> Yeah, sure. >> We all know the valuation of Snowflake, one of the most incredible IPOs I've seen in a long time. The data still supports it. It still supports that growth. Unfortunately for Databricks, their IPO has been a little bit more volatile. If you look at their stock chart every time they report, it's got a little bit of a roller coaster ride going on, and our most recent data for Databricks is actually decelerating, so again, I'm going to use the caveat that we only have about 950 survey responses in. We'll probably get that up to 1,300 or so, so it's not done yet, but right now we are putting Databricks into a category where we're seeing it decelerate a little bit, which is surprising for a company that's just right out of the gate. >> Well, it's interesting because I do see Databricks as more incremental on data lakes and I see Snowflake as more transformative, so at least from a vision standpoint, we'll see if they can execute on that. All right, number seven, let's bring up number seven. This is talking about the cloud, hybrid cloud, multi-cloud. The battle to define hybrid and multi-cloud is going to escalate in 2021. It's already started and it's going to create bifurcated CIO strategies. And, Erik, spending data clearly shows that cloud is continuing its steady margin share gains relative to on-prem, but the definitions of the cloud, they're shifting. Just a couple of years ago, AWS, they never talk about hybrid, just like they don't talk about multi-cloud today, yet AWS continues now to push into on-prem. They treat on-prem as just another node at the edge and they continue to win in the marketplace despite their slower growth rates. Still, they're so large now. 45 billion or so this year. The data is mixed. This ETR data shows that just under 50% of buyers are consolidating workloads, and then a similar, in the cloud workloads, and a similar percentage of customers are spreading evenly across clouds, so really interesting dynamic there. Erik, how do you see it shaking out? >> Yeah, the data is interesting here, and I would actually state that overall spend on the cloud is actually flat from last year, so we're not seeing a huge increase in spend, and coupled with that, we're seeing that the overall market share, which means the amount of responses within our survey, is increasing, certainly increasing. So cloud usage is increasing, but it's happening over an even spectrum. There's no clear winner of that market share increase. So they really, according to our data, the multi-cloud approach is happening and not one particular winner over another. That's just from the data perspective that various do point on AWS. Let's be honest, when they first started, they wanted all the data. They just want to take it from on-prem, put it in their data center. They wanted all of it. They never were interested in actually having interoperability. Then you look at an approach like Google. Google was always about the technology, but not necessarily about the enterprise customer. They come out with Anthos which is allowing you to have interoperability in more cloud. They're not nearly as big, but their growth rate is much higher. Law of numbers, of course. But it really is interesting to see how these cloud players are going to approach this because multi-cloud is happening whether they like it or not. >> Well, I'm glad you brought up multi-cloud in a context of what the data's showing 'cause I would agree we're, and particularly two areas that I would call out in ETR data, VMware Cloud on AWS as well as VM Cloud Foundation are showing real momentum and also OpenStack from Red Hat is showing real progress here and they're making moves. They're putting great solutions inside of AWS, doing some stuff on bare metal, and it's interesting to see. VMware, basically it's the VMware stack. They want to put that everywhere. Whereas Red Hat, similarly, but Red Hat has the developer angle. They're trying to infuse Red Hat in throughout everybody's stack, and so I think Red Hat is going to be really interesting to, especially to the extent that IBM keeps them, sort of lets them do their own thing and doesn't kind of pollute them. So, so far so good there. >> Yeah, I agree with that. I think you brought up the good point about it being developer-friendly. It's a real option as people start kicking a little bit more of new, different developer ways and containers are growing, growing more. They're not testing anymore, but they're real workloads. It is a stack that you could really use. Now, what I would say to caveat that though is I'm not seeing any net new business go to IBM Red Hat. If you were already aligned with that, then yes, you got to love these new tools they're giving you to play with, but I don't see anyone moving to them that wasn't already net new there and I would say the same thing with VMware. Listen, they have a great entrenched base. The longer they can kick that can down the road, that's fantastic, but I don't see net new customers coming onto VMware because of their alignment with AWS. >> Great, thank you for that. That's a good nuance. Number eight, cloud, containers, AI and ML and automation are going to lead 2021 spending velocity, so really is those are the kind of the big four, cloud, containers, AI, automation, And, Erik, this next one's a bit nuanced and it supports our first prediction of a rebound in tech spending next year. We're seeing cloud, containers, AI and automation, in the form of RPA especially, as the areas with the highest net scores or spending momentum, but we put an asterisk around the cloud because you can see in this inserted graphic, which again is preliminary 'cause the survey's still out in the field and it's just a little tidbit here, but cloud is not only above that 40% line of net score, but it has one of the higher sector market shares. Now, as you said, earlier you made a comment that you're not necessarily seeing the kind of growth that you saw before, but it's from a very, very large base. Virtually every sector in the ETR dataset with the exception of outsourcing and IT consulting is seeing meaningful upward spending momentum, and even those two, we're seeing some positive signs. So again, with what we talked about before, with the freezing of the IT projects starting to thaw, things are looking much, much better for 2021. >> I'd agree with that. I'm going to make two quick comments on that, one on the machine learning automation. Without a doubt, that's where we're seeing a lot of the increase right now, and I've had a multiple number of people reach out or in my interviews say to me, "This is very simple. These projects were slated to happen in 2020 and they got paused. It's as simple as that. The business needs to have more machine learning, big data analytics, and it needs to have more automation. This has just been paused and now it's coming back and it's coming back rapidly." Another comment, I'm actually going to post an article on LinkedIn as soon as we're done here. I did an interview with the lead technology director, automation director from Disney, and this guy obviously has a big budget and he was basically saying UiPath and Automation Anywhere dominate RPA, and that on top of it, the COVID crisis greatly accelerated automation, greatly accelerated it because it had to happen, we needed to find a way to get rid of these mundane tasks, we had to put them into real workloads. And another aspect you don't think about, a lot of times with automation, there's people, employees that really have friction. They don't want to adopt it. That went away. So COVID really pushed automation, so we're going to see that happening in machine learning and automation without a doubt. And now for a fun prediction real quick. You brought up the IT outsourcing and consulting. This might be a little bit more out there, the dark horse, but based on our data and what we're seeing and the COVID information about, you said about new projects being unwrapped, new hiring happening, we really do believe that this might be the bottom on IT outsourcing and consulting. >> Great, thank you for that, and then that brings us to number nine here. The automation mandate is accelerating and it will continue to accelerate in 2021. Now, you may say, "Okay, well, this is a lay-up," but not necessarily. UiPath and Automation Anywhere go public and Microsoft remains a threat. Look, UiPath, I've said UiPath and Automation Anywhere, if they were ready to go public, they probably would have already this year, so I think they're still trying to get their proverbial act together, so this is not necessarily a lay-up for them from an operational standpoint. They probably got some things to still clean up, but I think they're going to really try to go for it. If the markets stay positive and tech spending continues to go forward, I think we can see that. And I would say this, automation is going mainstream. The benefits of taking simple RPA tools to automate mundane tasks with software bots, it's both awakened organizations to the possibilities of automation, and combined with COVID, it's caused them to get serious about automation. And we think 2021, we're going to see organizations go beyond implementing point tools, they're going to use the pandemic to restructure their entire business. Erik, how do you see it, and what are the big players like Microsoft that have entered the market? What kind of impact do you see them having? >> Yeah, completely agree with you. This is a year where we go from small workloads into real deployment, and those two are the leader. In our data, UiPath by far the clear leader. We are seeing a lot of adoptions on Automation Anywhere, so they're getting some market sentiment. People are realizing, starting to actually adopt them. And by far, the number one is Microsoft Power Automate. Now, again, we have to be careful because we know Microsoft is entrenched everywhere. We know that they are good at bundling, so if I'm in charge of automation for my enterprise and I'm already a Microsoft customer, I'm going to use it. That doesn't mean it's the best tool to use for the right job. From what I've heard from people, each of these have a certain area where they are better. Some can get more in depth and do heavier lifting. Some are better at doing a lot of projects at once but not in depth, so we're going to see this play out. Right now, according to our data, UiPath is still number one, Automation Anywhere is number two, and Microsoft just by default of being entrenched in all of these enterprises has a lot of market share or mind share. >> And I also want to do a shout out to, or a call out, not really a shout out, but a call out to Pegasystems. We put them in the RPA category. They're covered in the ETR taxonomy. I don't consider them an RPA vendor. They're a business process vendor. They've been around for a long, long time. They've had a great year, done very, very well. The stock has done well. Their spending momentum, the early signs in the latest survey are just becoming, starting to moderate a little bit, but I like what they've done. They're not trying to take UiPath and Automation Anywhere head-on, and so I think there's some possibilities there. You've also got IBM who went to the market, SAP, Infor, and everybody's going to hop on the bandwagon here who's a software player. >> I completely agree, but I do think there's a very strong line in the sand between RPA and business process. I don't know if they're going to be able to make that transition. Now, business process also tends to be extremely costly. RPA came into this with trying to be, prove their ROI, trying to say, "Yeah, we're going to cost a little bit of money, but we're going to make it back." Business process has always been, at least the legacies, the ones you're mentioning, the Pega, the IBMs, really expensive. So again, I'm going to allude to that article I'm about to post. This particular person who's a lead tech automation for a very large company said, "Not only are UiPath and AA dominating RPA, but they're likely going to evolve to take over the business process space as well." So if they are proving what they can do, he's saying there's no real reason they can't turn around and take what Appian's doing, what IBM's doing and what Pega's doing. That's just one man's opinion. Our data is not actually tracking it in that space, so we can't back that, but I did think it was an interesting comment for and an interesting opportunity for UiPath and Automation Anywhere. >> Yeah, it's always great to hear directly from the mouths of the practitioners. All right, brings us to number 10 here. 5G rollouts are going to push new edge IoT workloads and necessitate new system architectures. AI and real-time inferencing, we think, require new thinking, particularly around processor and system design, and the focus is increasingly going to be on efficiency and at much, much lower costs versus what we've known for decades as general purpose workloads accommodating a lot of different use cases. You're seeing alternative processors like Nvidia, certainly the ARM acquisition. You've got companies hitting the market like Fungible with DPAs, and they're dominating these new workloads in the coming decade, we think, and they continue to demonstrate superior price performance metrics. And over the next five years they're going to find their way, we think, into mainstream enterprise workloads and put continued pressure on Intel general purpose microprocessors. Erik, look, we've seen cloud players. They're diversifying their processor suppliers. They're developing their own in-house silicon. This is a multi-year trend that's going to show meaningful progress next year, certainly if you measure it in terms of innovations, announcements and new use cases and funding and M&A activity. Your thoughts? >> Yeah, there's a lot there and I think you're right. It's a big trend that's going to have a wide implication, but right now, it's there's no doubt that the supply and demand is out of whack. You and I might be the only people around who still remember the great chip famine in 1999, but it seems to be happening again and some of that is due to just overwhelming demand, like you mentioned. Things like IoT. Things like 5G. Just the increased power of handheld devices. The remote from work home. All of this is creating a perfect storm, but it also has to do with some of the chip makers themselves kind of misfired, and you probably know the space better than me, so I'll leave you for that on that one. But I also want to talk a little bit, just another aspect of this 5G rollout, in my opinion, is we have to get closer to the edge, we have to get closer to the end consumer, and I do believe the CDN players have an area to play in this. And maybe we can leave that as there and we could do this some other time, but I do believe the CDN players are no longer about content delivery and they're really about edge compute. So as we see IoT and 5G roll out, it's going to have huge implications on the chip supply. No doubt. It's also could have really huge implications for the CDN network. >> All right, there you have it, folks. Erik, it's great working with you. It's been awesome this year. I hope we can do more in 2021. Really been a pleasure. >> Always. Have a great holiday, everybody. Stay safe. >> Yeah, you too. Okay, so look, that's our prediction for 2021 and the coming decade. Remember, all these episodes are available as podcasts. All you got to do is search Breaking Analysis podcast. You'll find it. We publish each week on wikibon.com and siliconangle.com, and you got to check out etr.plus. It's where all the survey action is. Definitely subscribe to their services if you haven't already. You can DM me @dvellante or email me at david.vellante@siliconangle.com. This is Dave Vellante for Erik Bradley for theCUBE Insights powered by ETR. Thanks for watching, everyone. Be well and we'll see you next time. (relaxing music)

>> Narrator: From Las Vegas, it's theCUBE, covering Qualys Security Conference 2019, brought to you by Qualys. >> Hey, welcome back, everybody. Jeff Rick here with theCUBE. We're in Las Vegas at the Bellagio at the Qualys Security Conference. They've been doing this for 19 years. They've been in this business for a long time, seen a lot of changes, so we're happy to be here. Our next guest works for Caterpillar. He is Brian Rossi, the senior security manager vulnerability management. Brian, great to see you. >> Thanks for having me. >> So I was so psyched, they had an interview, a gentleman from Caterpillar a few years ago, and it was fascinating to me how far along the autonomous vehicle route Caterpillar is. And I don't think most people understand, right? They see the Waymo cars driving around, and they read about all this stuff. But Caterpillar's been doing autonomous vehicles for a super long time. >> A really long time, a really long time, 25-plus years, pioneering a lot of the autonomous vehicle stuff that's out there. And we've actually, it's been cool, had an opportunity to do some security testing on some of the stuff that we're doing. So, even making it safer for the mines and the places that are using it today. >> Yeah, you don't want one of those big-giant dump-truck things to go rogue. (laughing) >> Off a cliff. Yeah, no, bad idea. >> Huge. Or into a bunch of people. All right, so let's jump into it. So, vulnerability management. What do you focus on, what does that mean exactly? >> So, for me, more on the traditional vulnerability management side. So I stay out of the application space, but my group is focused on identifying vulnerabilities for servers, workstations, endpoints that are out there, working with those IT operational teams to make sure they get those patched and reduce as many vulnerabilities as we can over the course of a year. >> So we've done some stuff with Forescout, and they're the kings of vulnerability sniffing-out. In fact, I think they have an integration with Qualys as well. So, is it always amazing as to how much stuff that gets attached to the network that you weren't really sure was there in the first place? >> Yes, absolutely. (laughs) And it's fun to be on the side that gets to see it all, and then tell people that it's there. I think with Qualys and with some of the other tools that we use, right? We're seeing these things before anybody else is seeing them and we're seeing the vulnerabilities that are associated with them, before anyone else sees them. So it's an interesting job, to tell people what's out there when they didn't even know. >> Right, so another really important integration is with ServiceNow, and you're giving a talk I believe tomorrow on how you use both Qualys and ServiceNow together. Give us kind of the overview of what you're going to be talking about. >> Absolutely, so the overview is really what our motto has been all year, right? Is put work where people work. So what we found was that with our vulnerability management program, we're doing scanning, we're running reports, we're trying to communicate with these IT operational teams to fix what's out there. But that's difficult when you're just sending spreadsheets around and you're trying to email people. There's organizational changes, people are moving around. They might not be responsible for those platforms anymore. And keeping track of all that is incredibly difficult in a global scale, with hundreds of thousands of assets that people are managing. And so we turned to ServiceNow and Qualys to really find a way to easily communicate, not just easily, but also timely, communicate those vulnerabilities to the teams that are responsible for doing it. >> Right, so you guys already had the ServiceNow implementation obviously, it was something that was heavily used. You're kind of implying that that was the screen that a lot of people had open on their desktop all the time. >> We lucked out that we were early in the implementation with ServiceNow. So, Caterpillar was moving from a previous IT service management solution to ServiceNow so we got in on the ground floor with the teams that were building out the configuration management database. We got in with the ground floor with the teams who were operationalizing, using ServiceNow to drive their work. We had the opportunities to just build relationships with them, take those relationships, ask them how they want that to work, and then go build it for them. >> Right, it's so funny because everyone likes to talk about single pane of glass, and to own that real estate that's on our screens that we sit and look at all day long, and it used to be emails. It's not so much email anymore, and ServiceNow is one of those types of apps that when you're in it, you're working it, that is your thing. And it's one thing to sniff out the vulnerabilities and find vulnerabilities, but you got to close the loop. >> Brian: You got to, absolutely. >> And that's really where the ServiceNow piece fits. >> And it's been great. We've seen a dramatic reduction in the number of vulnerabilities that are getting fixed over the course of a 30-day period. And I think it simply is because the visibility is finally there, and it's real-time visibility for these groups. They're not receiving data 50 days after we found it. We're getting them that data as soon as we find it, and they're able to operationalize it immediately. >> Right, and what are some of the actions that are the higher frequency that you've found, that you're triggering, that this process is helping you mitigate? >> I would say, actually, what it's really finding is some of our oldest vulnerabilities, a lot of stuff that people have just let fall off the plate. And they're isolated, right? They may have run patching for a specific vulnerability six months ago, but there was no view to tell them whether or not they got everything. Or maybe it was an asset that was off the network when they were patching, and now it's back on the network. So we're getting them the real-time visibility. Stuff that they may have missed, that they would have never seen before, without this integration. >> So I'd love to get your take on one of the top topics that came in the keynote this morning, both with Dick Clark as well as Philippe, was IoT-5G and the increasing surface-area, attack surface area, vulnerability surface area. You guys, Caterpillar's obviously well into internet of things. You've got a lot of connected devices. I'm sure you're excited about 5G, and I'm sure in a mining environment, or those types of environments are just prime 5G opportunities. Bad news is, your attack surface just grew exponentially. >> Yeah. >> So you're in charge of keeping track of vulnerabilities. How do you balance the opportunity, and what you see that's coming with 5G and connected devices and even a whole other rash of sensors, compared to the threat that you have to manage? >> Certainly in the IoT space it's unique. We can't do the things to those devices that we would do with normal laptops' assets, right? So I think figuring out unique ways to actually deal with them is going to be the hardest part. Finding vulnerabilities is always the easiest thing to do, but dealing with them is going to be the hard part. 5G is going to bring a whole new ballgame to a lot of the technology that we use. Our engineering groups are looking at those, and we're going to be partnering with them all the way through their journey on how to use 5G, how to use IoT to drive better services for our customers, and hopefully security will be with them the whole way. >> Right, the other piece that didn't get as much talk today, but it's a hot topic everywhere else we go is Edge, right? And this whole concept of, do you move the data, do you move the data to the computer or the computer to the data? I'm sure you guys are going to be leveraging Edge in a big way, when you're getting more of that horsepower closer to the sites. There's a lot of challenges with Edge. It's not a pristine data center. There are some nasty environmental conditions and you're limited in power, connectivity, and some of these other things. So when you think about Edge in your world, and maybe you're not thinking of it, but I bet you are, how are you seeing that, again, as an opportunity to bring more compute power closer to where you need it, closer to these vehicles? >> So I think, I wish I had our other security division here with me to talk about it. We're piloting a lot of those things, but that's been a big piece of our digital transformation at Caterpillar, is really leveraging data from those connected devices that are out in the field. And we actually, our Edge has to be brought closer to home. Our engineers pack so much into the little space they have on the devices that are out there, that they don't have room to actually calculate on that data that's out in the field, right? So we are actually bringing the Edge a little closer to home, in order for us to provide the best service for our customers. >> Right, so another take on digital transformation. You talked about Caterpillar's digital transformation. You've been there for five years now. Before that you were at State Farm. Checking on your LinkedIn, right? State Farm is the business of actuarial numbers, right? Caterpillar has got big heavy metal things, and yet you talk about digital transformation. How did you guys, how are you thinking about digital transformation in this heavy-equipment industry that's in construction? Probably not what most people think of as a digital enterprise, but in fact you guys are super aggressively moving in that direction. >> Yeah, and for us, from a securities perspective, it's been all about shift-left, right? We have to get embedded with these groups when they're designing these things. We have to be doing threat models. We have to be doing pen testing. We have to be doing that secure life cycle the entire way through the product. Because with our product line, unlike State Farm where we could easily just make a change to an application so that it was more secure, once we produce these vehicles, and once we roll them out and start selling them, they're out there. And we build our equipment to last, right? So there's not an expectation that a customer is going to come back and say, "I'm ready to buy a new truck two years from now," because of security vulnerability. >> Jeff: Right, right. >> So, yeah, it's a big thing for us to get as early in the development life cycle as possible and partner with those groups. >> I'm curious in terms of the role of the embedded software systems in these things now, compared to what it was five years ago, 10 years ago 'cause you do need to upgrade it. And we've seen with Teslas, right? You get patches and upgrades and all types of things. So I would imagine you're probably a lot more Tesla-like than the Caterpillar of 20 years ago. >> Moving in that direction, and that is the goal, right? We want to be able to get the best services and the most quality services to our customers as soon as possible. >> Right, very cool. Well, Brian, next time we talk, I want to do it on a big truck. >> Okay. >> A big, yellow truck. >> Let's do it. >> I don't want to do it here at the Bellagio. >> Let's do it, all right. >> Okay, excellent. Well, thanks for-- >> Thank you. >> For taking a few minutes, really appreciate it. >> Absolutely. >> All right, he's Brian, I'm Jeff, you're watching theCUBE. We're at the Bellagio in Las Vegas, not on a big yellow truck, out in the middle of nowhere digging up holes and moving big dirt around. Thanks for watching. We'll see you next time. (upbeat techno music)

(informative tune) >> From San Francisco, it's The Cube. Covering D2 iQ. Brought to you by D2 iQ. (informative tune) >> Hey, welcome back everybody! Jeff Frick here with theCUBE. We're in downtown San Francisco at D2 iQ Headquarters, a beautiful office space here, right downtown. And we're talking about customers' journey to cloud data. We talk about it all the time, you hear about cloud native, everyone's rushing in, Kubernetes is the hottest thing since sliced bread, but the at the end of the day, you actually have to do it and we're really excited to talk to the founder who's been on his own company journey as he's watching his customers' company journeys and really kind of get into it a little bit. So, excited to have Tobi Knaup, he's a co-founder and CTO of D2 iQ. Tobi, great to see you! >> Thanks for having me. >> So, before we jump into the company and where you are now, I want to go back a little bit. I mean, looking through your resume, and your LinkedIn, etc. You're doing it kind of the classic dream-way for a founder. Did the Y Combinator thing, you've been at this for six years, you've changed the company a little bit. So, I wonder if you can just share form a founder's perspective, I think you've gone through four, five rounds of funding, raised a lot of money, 200 plus million dollars. As you sit back now, if you even get a chance, and kind of reflect, what goes through your head? As you've gone through this thing, pretty cool. A lot of people would like this, they think they'd like to be sitting in your seat. (chuckles) What can you share? >> Yeah, it's definitely been, you know, an exciting journey. And it's one that changes all the time. You know, we learned so many things over the years. And when you start out, you create a company, right? A tech company, you have you idea for the product, you have the technology. You know how to do that, right? You know how to iterate that and build it out. But there's many things you don't know as a technical founder with an engineering background, like myself. And so, I always joke with the team internally, this is that, you know, I basically try to fire myself every six months. And what I mean by that, is your role really changes, right? In the very beginning I wrote code and then is tarted managing engineers, when, you know, once you built up the team, then managed engineering managers and then did product and, you know. Nowadays, I spend a lot of time with customers to talk about our vision, you know, where I see the industry going, where things are going, how we fit into the greater picture. So, it's, you know, I think that's a big part of it, it's evolving with the company and, you know, learning the skills and evolving yourself. >> Right. It's just funny cause you think about tech founders and there's some big ones, right? Some big companies out there, to pick on Zuckerberg's, just to pick on him. But you know, when you start and kind of what your vision and your dream is and what you're coding in that early passion, isn't necessarily where you end up. And as you said, your role in more of a leadership position now, more of a guidance and setting strategy in communicating with the market, communicating with customers has changed. Has that been enjoyable for you, do you, you know, kind of enjoy more the, I don't want to say the elder states when you're a young guy, but more kind of that leadership role? Or just, you know, getting into the weeds and writing some code? >> Yeah. Yeah, what always excites me, is helping customers or helping people solve problems, right? And we do that with technology, in our case, but really it's about solving the problems. And the problems are not always technical problems, right? You know, the software that is at the core of our products, that's been running in production for many years and, you know, in some sense, what we did before we founded the company, when I worked at Airbnb and my co-founders worked at, you know, Airbnb and Twitter, we're still helping companies do those same things today. And so, where we need to help the most sometimes, it's actually on education, right? So, solving those problems. How do you train up, you know, a thousand or 10 thousand internal developers at a large organization, on what are containers, what is container management, cluster management, how does cloud native work? That's often the biggest challenge for folks and, you know, how did they transform their processes internally, how did they become really a cloud native organization. And so, you know, what motivates me is helping people solve problems in, whatever, you know, shape or form. >> Right >> It's funny because it's analogous to what you guys do, in that you got an open-source core, but people, I think, are often underestimate the degree of difficulty around all the activities beyond just the core software. >> Mm-hmm. >> Whether, as you said, it's training, it's implementation it's integration, it's best practices, it's support, it's connecting all these things together and staying on top of it. So, I think, you know, you're in a great position because it's not the software. That's not the hard part, that's arguably, the easy part. So, as you've watched people, you know, deal with this crazy acceleration of change in our industry and this rapid move to cloud native, you know, spawned by the success of the public clouds, you know, how do you kind of stay grounded and not jump too fast at the next shiny object, but still stay current, but still, you know, kind of keep to your kneading in terms of your foundation of the company and delivering real value for the customers? >> Yeah. Yeah, I know, it's exactly right. A lot of times, the challenges with adopting open-sourcing enterprise are, for example, around the skills, right? How do you hire a team that can manage that deployment and manage it for many years? Cause once software's introduced in an enterprise, it typically stays for a couple of years, right? And this gets especially challenging when you're using very popular open-source project, right? Because you're competing for those skills with, literally, everybody, right? A lot of folks want to deploy these things. And then, what people forget sometimes too is, so, a lot of the leading open-source projects, in the cloud native space, came out of, you know, big software companies, right? Kubernetes came from Google, Kafka came from LinkedIn, Cassandra from Facebook. And when those companies deploy these systems internally, they have a lot of other supporting infrastructure around it, right? And a lot of that is centered around day-two operations. Right? How do you monitor these things, how do you do lock management, how do you do do change management, how do you upgrade these things, keep current? So, all of that supporting infrastructure is what an enterprise also needs to develop in order to adopt open-source software and that's a big part of what we do. >> Right. So, I'd love to get your perspective. So, you said, you were at Airbnb, your founders were at Twitter. You know, often people, I think enterprises, fall into the trap of, you know, we want to be like the hyper-scale guys, you know. We want to be like Google or we want to be like Twitter. But they're not. But I'm sure there's a lot of lessons that you learned in watching the hyper-growth of Airbnb and Twitter. What are some of those ones that you can bring and hep enterprises with? What are some of the things that they should be aware of as, not necessarily maybe their sales don't ramp like those other companies, but their operations in some of these new cloud native things do? >> Right, right. Yeah, so, it's actually, you know, when we started the company, the key or one of the drivers was that, you know, we looked at the problems that we solved at Airbnb and Twitter and we realized that those problems are not specific to those two companies or, you know, Silicon Valley tech companies. We realized that most enterprises in the future will have, will be facing those problems. And a core one is really about agility and innovation. Right? Marc Andreessen, one of our early investors, said, "Software is eating the world." he wrote that up many years ago. And so, really what that means is that most enterprises, most companies on the planet, will transform into a software company. With all of that entails, right? With he agility that software brings. And, you know, if they don't do that, their competitors will transform into a software company and disrupt them. So, they need to become software companies. And so, a lot of the existing processes that these existing companies have around IT, don't work in that kind of environment, right? You just can't have a situation where, you know, a developer wants to deploy a new application that, you know, is very, you know, brings a lot of differentiation for the business, but the first thing they need to do in order to deploy that is file a ticket with IT and then someone will get to it in three months, right? That is a lot of waste of time and that's when people surpass you. So, that was one of the key-things we saw at Airbnb and Twitter, right? They were also in that old-school IT approach, where it took many months to deploy something. And deploying some of the software we work with, got that time down to even minutes, right? So it's empowering developers, right? And giving them the tools to make them agile so they can be innovative and bring the business forward. >> Right. The other big issue that enterprises have that you probably didn't have in some of those, you know, kind of native startups, is the complexity and the legacy. >> That's right. >> Right? So you've got all this old stuff that may or may not make any sense to redeploy, you've got stuff (laughing) stuff running in data centers, stuff running on public clouds, everybody wants to get the hyper-cloud to have a single point of view. So, it's a very different challenge when you're in the enterprises. What are you seeing, how are you helping them kind of navigate through that? >> Yeah, yeah. So, one of the first thongs we did actually, so, you know, most of our products are sort of open-core products. They have a lot of open-source at the center, but then, you know, we add enterprise components around that. Typically the first thing that shows up is around security, right? Putting the right access controls in place, making sure the traffic is encrypted. So, that's one of the first things. And then often, the companies we work with, are in a regulated environment, right? Banks, healthcare companies. So, we help them meet those requirements as well and often times that means, you know, adding features around the open-source products to get them to that. >> Right. So, like you said, the world has changed even in the six or seven years you've been at this. The, you know, containers, depending who you talk to, were around, not quite so hot. Docker's hot, Kubernetes is hot. But one of the big changes that's coming now, looking forward, is IOT and EDGE. So, you know, you just mentioned security, from the security point of view, you know, now you're tax services increased dramatically, we've done some work with Forescout and their secret sauce and they just put a sniffer on your network and find the hundreds and hundreds of devices (laughs)-- >> Yeah. >> That you don't even know are on your network. So do you look forward to kind of the opportunity and the challenges of IOT supported by 5G? What's that do for your business, where do you see opportunities, how are you going to address that? >> Yeah, so, I think IOT is really one of those big mega-trends that's going to transform a lot of things and create all kinds of new business models. And, really, what IOT is for me at the core, it's all around data, right? You have all these devices producing data, whether those are, you know, sensors in a factory in a production line, or those have, you know, cars on the road that send telemetry data in real time. IOT has been, you know, a big opportunity for us. We work with multiple customers that are in the space. And, you know, one fundamental problem with it is that, with IOT, a lot of the data that organizations need to process, are now, all of a sudden generated at the EDGE of the network, right? This wasn't the case many years for enterprises, right? Most of the data was generated, you know, at HQ or in some internal system, not at the EDGE of the network. And what always happens is when, with large-volume data is, compute generally moves where the data is and not the other way around. So, for many of these deployments, it's not efficient to move all that data from those IT devices to a central-cloud location or data-center location. So, those companies need to find ways to process data at the EDGE. That's a big part of what we're helping them with, it's automating real-time data services and machine-learning services, at the EDGE, where the EDGE can be, you know, factories all around the world, it could be cruise ships, it could be other types of locations where working with customers. And so, essentially what we're doing is we're bringing the automation that people are used to from the public cloud to the EDGE. So, you know, with the click of a button or a single command you can install a database or a machine-learning system or a message queue at all those EDGE locations. And then, it's not just that stuff is being deployed at the EDGE, I think the, you know, the standard type of infrastructure-mix, for most enterprises, is a hybrid one. I think most organizations will run a mix of EDGE, their data centers and typically multiple public cloud providers. And so, they really need a platform where they can manage applications across all of those environments and well, that's big value that our products bring. >> Yeah. I was at a talk the other day with a senior exec, formerly from Intel, and they thought that it's going to level out at probably 50-50, you know, kind of cloud-based versus on-prem. And that's just going to be the way it is cause it's just some workloads you just can't move. So, exciting stuff, so, what as you... I can't believe we're coming to the end of 2019, which is amazing to me. As you look forward to 2020 and beyond, what are some of your top priorities? >> Yeah, so, one of my top priorities is really, around machine-learning. I think machine-learning is one of these things that, you know, it's really a general-purpose tool. It's like a hammer, you can solve a lot of problems with it. And, you know, besides doing infrastructure and large-scale infrastructure, machine-learning has, you know, always been sort of my second baby. Did a lot of work during grad-school and at Airbnb. And so, we're seeing more and more customers adopt machine-learning to do all kinds of interesting, you know, problems like predictive maintenance in a factory where, you know, every minute of downtime costs a lot of money. But, machine-learning is such a new space, that a lot of the best practices that we know from software engineering and from running software into production, those same things don't always exist in machine-learning. And so, what I am looking at is, you know, what can we take from what we learned running production software, what can we take and move over to machine-learning to help people run these models in production and you know, where can we deploy machine-learning in our products too, internally, to make them smarter and automate them even more. >> That's interesting because the machine-learning and AI, you know, there's kind of the tools and stuff, and then there's the application of the tools. And we're seeing a lot of activity around, you know, people using ML in a specific application to drive better performances. As you just said,-- >> Mm-hmm. >> You could do it internally. >> Do you see an open-source play in machine-learning, in AI? Do you see, you know, kind of open-source algorithms? Do you see, you know, a lot of kind of open-source ecosystem develop around some of this stuff? So, just like I don't have time to learn data science, I won't necessarily have to have my own algorithms. How do you see that,-- >> Yeah. >> You know, kind of open-source meets AI and ML, of all things? >> Yeah. It's a space I think about a lot and what's really great, I think is that we're seeing a lot of the open-source, you know, best-practice that we know from software, actually, move over to machine-learning. I think it's interesting, right? Deep-learning is all the rage right now, everybody wants to do deep-learning, deep-learning networks. The theory behind deep-networks is actually, you know, pretty old. It's from the '70s and 80's. But for a long time, we dint have that much, enough compute-power to really use deep-learning in a meaningful way. We do have that now, but it's still expensive. So, you know, to get cutting edge results on image recognition or other types of ML problems, you need to spend a lot of money on infrastructure. It's tens of thousands or hundreds of thousands of dollars to train a model. So, it's not accessible to everyone. But, the great news is that, much like in software engineering, we can use these open-source libraries and combine them together and build upon them. There is, you know, we have that same kind of composability in machine-learning, using techniques like transfer-learning. And so, you can actually already see some, you know, open-community hubs spinning up, where people publish models that you can just take, they're pre-trained. You can take them and you know, just adjust them to your particular use case. >> Right. >> So, I think a lot of that is translating over. >> And even though it's expensive today, it's not going to be expensive tomorrow, right? >> Mm-hhm. >> I mean, if you look through the world in a lens, with, you know, the price of compute-store networking asymptotically approaching zero in the not-to-distant future and think about how you attack problems that way, that's a very different approach. And sure enough, I mean, some might argue that Moore's Law's done, but kind of the relentless march of Moore's Law types of performance increase it's not done, it's not necessarily just doubling up of transistors anymore >> Right >> So, I think there's huge opportunity to apply these things a lot of different places. >> Yeah, yeah. Absolutely. >> Can be an exciting future. >> Absolutely! (laughs) >> Tobi, congrats on all your successes! A really fun success story, we continue to like watching the ride and thanks for spending the few minutes with us. >> Thank you very much! >> All right. He's Tobi, I'm Jeff, you're watching The Cube, we're at D2 iQ Headquarters downtown in San Francisco. Thanks for watching, we'll catch you next time! (electric chime)

(upbeat music) >> Live from San Francisco, it's theCUBE covering RSA Conference 2019. Brought to you by Forescout. >> Hey, welcome back everybody. Jeff Frick here with theCUBE. We're at the RSA North American conference in Moscone. They finally finished the remodel. We're excited to be here. We're in the Forescout Booth and our next guest is here. He's Scott Stevens, the SVP Global Systems Engineering for Palo Alto Networks. How're you doing? >> I'm doing well. How you doing? >> Good, so first impressions of the show. I mean, it always amazes me when we come to RSA. We go to a lot of shows but just the size and the scale and the buzz and the activity here is second to none. >> It's incredibly crowded. I've been trying to walk the halls here, is a bit of a mess, so yes. (both laughing) >> Well plus nobody can find their way through the new Moscone. Small detail. >> Well they're connected different now so it's pretty confusing. >> Right, all right, let's jump into it. As I look over your shoulder I see zero trust, I see zero trust. Everybody's about zero trust. We had Chason from Forescout last year. He was talking about zero trust. >> Yep. You guys are talking about zero trust. What is exactly is zero trust? And how should people be thinking about zero trust? >> Yeah it's kind of, it's become buzzword bingo along the way, hasn't it? >> Right, right, it has. >> Yeah, so yeah we've been working with Forescout here for about six years now looking at zero trust architectures. The way, I think the fundamental way you look at zero trust is it's an architectural approach to how do you secure your network focused on what's most important and so you focus on the data that's most, that's key to your business, and you build your security framework from the data out. And so there's all kinds of buzzword bingo we can play about what zero trust means, but what it allows us to do is to create the right segmentation strategy starting in the data center of the cloud and moving back towards those accessing the data and how do you segment and control that traffic 'cause fundamentally what we're dealing with in security is two basic problems that we have to there's many problems but two big problems we have to deal with. >> Right, right. First is credential based attacks and so do we have somebody with stolen credential in the network stealing our data? Or do we have an insider who has credentials but they're malicious, they're actually stealing content from the company. The second big problem is software based attacks. Malware, exploits, scripts right? And so how do we segment the network where we can enforce user behavior and we can watch for malicious software so we can prevent both of those occurrences through one architectural framework and I think zero trust gives us that template building block absent of the buzzword, on how we build out those networks 'cause everybody's enterprise network is a little bit different. >> Right, so it really goes back to kind of roles and access and those types of things 'cause the first one you describe a credential one if it's somebody in there they have every right to be there but they're doing behavior that's not necessarily what you expect them to do, what you want them to do is atypical, right? >> Right. >> So it's a kind of identity and rights management or is this a different approach or the most sophisticated approach? How's it been different before? >> No that's a great question. And we have to build those things together. So on the Palo Alto Networks side what we do is we do enforcement. Layer 7 enforcement based on identity. So based on who the user is and what their rights are we are able to control what they're allowed access to or what they're not allowed access to and of course if you've got a malicious insider. Or somebody that's logged in with stolen credentials we can prevent them from doing what they're not allowed to do. And working here with Forescout, we've done a lot of really good integration with them on that identity mapping constructs. So how do they help us understand all the identities and all the devices in the network so we can then map that to that user posture and control at Layer 7 what they're allowed to do or not allowed to do. >> Right, and then on the micro-segmentation, it's always a, how far you segment? You can segment to one that doesn't really do you much good right? (Scott laughing) It's just one. So what are some of the things people should think about in their segmentation strategy? >> Well again I think you need to start with what's most important and so if I take a cloud or a data center, clouds and data centers as a starting point or generally all the same. (Jeff laughing) Well and how we segment is actually the same. And so we have this, sometimes we think that clouds are more difficult to secure than data centers, they are the same basically we've got north-south traffic, or east-west traffic, how do we, how do we inspect them how do we, how do we segment that? But if you start with what's most important and work your way. If you tell somebody that you need to micro-segment their network they're going to be done in 14 years, alright? So how do we focus on what's the most important, critical data to their business? And if we stratify their datasets and their applications that access that data and then move down, we may have 50% of the applications in their cloud or data center that we don't micro-segment at all because they're not critical to the business. They're useful to the employees, but if something goes wrong there, no big deal. >> Right. No impact to the business. >> Right. And so micro-segmentation isn't just a conversation of where we have to do things, but it's a conversation contextually in terms of what's relevant, where it is important to do that. >> Right. And then where do we, where do you do a much less robust job. >> Right. You always have to have inspection and visibility but there are parts of your network where you're going to be somewhat passive about it. But there're parts of your network you're going to be very aggressive, multi-factor authentication, tight user identity mapping, all of the different aspects. How do we watch for malware? How do we watch for exploits? >> Curious on doing that segmentation on the value of the dataset 'cause there's some obvious ones that jumps to the top of the list but I'm just curious if customers get into a situation where they really haven't thought about it once you get ten steps down the list from the top ones or if you do a force priority? >> Yep. >> And then the other thing I just think is really interesting the time we live today is that a lot of the hackers are not necessarily motivated by personal information or trying to suck a little bit of money out of your bank account, but other types of data that they want to use for other types of actions like we saw in the election and some of these other >> Right. >> kind of, I want to say softer, kind of softer uses of softer data for different types of activity than the traditional ransomware or malware. And how does that map back to, oh I didn't necessarily think that was an important piece of data but that's a shifting landscape in that part of organization . >> Certainly, yeah you need to take a look at what's most important. You can stratify into a couple tiers so you're going to have the top ten applications and datasets that are critical to the business. And we know if something happens there we have to publicly announce. Okay there, that you're going to do a really nice segmentation strategy and implement a full zero trust where we're controlling user access, doing full malware inspection, everything there. You're going to have a second tier of data which kind of gets into your soft target conversation where maybe we're a little less robust with some of the user segmentation and the application controls but we're as aggressively robust on the malware and software based threats. And frankly being able to inspect and control, find malware, find commander control, find exploits in, going in or out of those parts of the network, that is very simple to do and zero trust helps us to find where are those locations on the data center cloud side but also throughout the enterprise and where should we have those sensors that are enforcing that behavior. >> Right, just traffic is exploding right? Everything's connected. Billions of billions of devices, et cetera, et cetera. We don't need to go through the numbers It's big. So clearly automation is more and more important as we go forward. Lot of buzz about machine learning artificial intelligence applying it. Both the bad guys have it and the good guys have it. A lot of interesting kind of subtopics in terms of training models and how do you train models and the other right type of data. But as you kind of sit where you're sitting and net, net is just a lot more traffic going through the network >> Yep. >> whether it's good, bad, or otherwise. How do you guys kind of look at automation? How are you kind of looking forward for using artificial intelligence and some of these newer techniques to help just basically get through, get through the mass if you will? >> So I think there's two ways to think about artificial intelligence, machine learning, big data analytics, All those, >> All those good ones. >> Now we run another buzzword bingo right? >> Right, right (laughs) >> But the first is if we're looking at how are we dealing with malware and finding undone malware in blocking it, we've been doing that for years. And so the platform we have uses big data analytics and machine learning in the cloud to process and find all of the unknown malware, make it known and be able to block it. So we find 20 to 30 thousand brand new pieces of malware every day and within five minutes of finding them, >> finding 30,000 >> every day. So analyzing millions and millions of files every day to figure out which ones are malicious. And once we know within five minutes, we're updating the security posture for all of our connected security devices globally. So whether it's endpoint software or it's our inline next gen firewalls, we're updating all of our, all of our signatures so that the unknown is now known and the known can be blocked. And so that's whether we're watching the block the malware coming in, or the command-and-control it's using via DNS and URL to communicate and start whatever it's going to do, and you mentioned crypto lockers and all kinds of things that can happen. And so that's one vector of using ML, AI and ML, to prevent the ability for these attacks to succeed. Now the other side of it I think you're alluding to a little bit more is how do we then take some of the knowledge and the lessons we've learned for what we've been doing now for many years in discovering malware and apply that same AI and ML locally to that customer so that they can detect very creative attacks. Very evasive attacks. Or that insider threat, that employee who's behaving inappropriately but quietly. And so we've announced over the last week what we call the Cortex XDR set of offerings that involves allowing the customer to build an aggregated data lake which uses the zero trust framework which tells us how to segment, also put sensors and all the places of the network both network sensors and endpoint as we look at how do you secure the endpoint as well as how do you secure the network links, and using those together we're able to stitch those logs together in the data lake. That machine learning can now be applied to on a customer by customer basis, to find maybe somebody was able to evade 'cause they're very creative, or that insider threat again, who isn't breaking security rules but they're being evasive? We can now find them through machine learning. >> Right. >> And the cool thing about zero trust is the prevention architecture that we needed for zero trust becomes the sensor architecture for this machine learning engine. You get dual purpose use out of the architecture of zero trust to solve both the inline prevention and their response architecture that you need. >> Right. >> It's a long answer, I know. >> It's a crazy space, I mean, it's just fast. I mean the numbers in the mass of just throughput in this area is just fascinating. >> Yes. >> And so we're here in the Forescout booth and they've got a unique take on all the objects and everything is connected to the networks. We've heard from people earlier today is 50, 60, 70% more things connected than they ever even, than they ever even thought. Most of them not malicious but just people plug it in at various remote offices and that and that. >> Yeah, well IoT, the next buzzword bingo >> Right, right, right, there you go. We'll hit them all. (both laughing) what are we missing? So how are you guys working with Forescout, how do the two solutions work together to get a one plus one makes three? >> Yeah, as we were talking a little bit before getting that concept of what are all these connected devices. What is the device itself and who are the users attached to those devices? Forescout has that insight. So we don't do, I always look at that is identity assertion. Device aware identity assertion so how do we define what they are and who they are. What we do then is in working with Forescout we take that knowledge that they have and that turns into identity and device enforcement. And that's how we enforce those postures so that I know employee A isn't allowed to the intellectual property datasets. Employee B is. Well in the old world of security you just have a rule for how do you get to that. In what we do now with layers with user based and application controls, I can, on a user by user basis determine what they're allowed to do, and not allowed to do. Forescout gives us that insight so that we are able to enforce. They handle making sure they know exactly who it is so we enforce it properly. >> Right, and for the devices, right? 'cause you basically assigned almost like an identity and a role to a device. >> Exactly, and then you don't end up with this weird spaghetti network topology where okay, we have to put all of our IoT devices on these 14 VLANs and we're going to extend them all across our enterprise not, all that goes away. >> All kinds of natural acts. >> Right. All right, so Scott, I'll give you the last word before you sign off. As we look forward to 2019, and I can't believe it's March already, (Scott laughing) Scary. What's some of your priorities? What are you working on? What's the rest of the year look like for you? >> I think, you're back to buzzword bingo, we're spending a lot of time right now looking at how do we help our customers with that generating that data lake so they can help figure out what's happening within their infrastructure. And as you pivot from the security posture which of course is where we're always going to pay attention and you help them think about operationalizing that. And how do we help the Sec Ops, or the SOC, figure out what's going on in their network. The data they're dealing with is massive. And so they're looking at haystacks and haystacks and haystacks. >> Right. >> And part of the goal of what we're trying to do is help them burn down those haystacks and hand them needles 'cause in the end all they care about is the needles. The hay is getting in the way. And so there's a lot of work that we're doing around machine learning, around optimizing workloads and automation so that we can reduce that complexity. We've been doing it for the last 10 years for network security. How do we take the complexity of all the things we used to do separate and simplify them and automate so we've automated the feedback loops for network security, for the next gen firewall. We've simplified what you can do on the endpoint for traps and how we protect that. We've done with the integration with Forescout we're simplifying how you map that identity back and forth. And I think for the rest of the year it's really about simplifying operations and helping quickly determine when something is wrong in the network so you can fix it fast. >> Right. >> Before you're dealing with an exfiltration problem. >> Not 150 days or whatever the >> Way too long. >> crazy average stat is. >> |How about four hours. What if we try for four hours? >> Yeah that's better. more better, more better. (laughing) All right, Scott, thanks for sharing the insight. >> Thanks for your time. >> Let's go burn some haystacks. He's Scott, I'm Jeff. You're watching theCUBE. We're at RSA 2019 in San Francisco. Thanks for watching. We'll be right back. (upbeat music)

>> Live from San Francisco, it's theCUBE, covering RSA Conference 2019. Brought to you by Forescout. >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at RSA Conference in North America. The brand new reopened Moscone Center. They finally finished the remodel, which we're excited about, in the Forescout booth, and excited to have a returning Cube alum, I think we had him on last year at RSA, Dr. Chase Cunningham, principle analyst security and risk for Forester. >> Hey. >> Chase, great to see you again. >> Thanks for having me. >> So what's happened in the last year, since we last saw you? I'm sure you've been keeping busy, and running down lots of ... >> Yeah well, >> Crazy risk. >> It's been really pushing the sort of strategy set around zero trust. I mean if you look around the show floor, you can't go 75 feet without seeing somebody that's got zero trust on a booth, or hear it from somebody, so it's been really pushing that narrative and trying to get people to understand what we're talking about with it. >> And it's really important because it's a very different way of thinking about the world. >> Yeah. >> And you guys have been talking about it for a while. >> For a decade, basically. >> Right. >> Yeah. >> And then we've got all these new complexity that's thrown in that weren't there a decade ago. You've got IOT, you got OT, and then you've got hybrid cloud, right? 'cause everyone, well there's public cloud, but most big enterprises have some in the public cloud, some on their data center. So you've got these crazy hybrid environments; so how are you kind of adjusting the zero trust game, based on some of these new complexities? So really we flip the script a little bit and said, "Okay, if we were to try and fix this from the start, "where would we start?" And we'd obviously start around taking care of the the largest swath and sort of compromise area, which would probably start with users, followed closely by devices, because if we can take care of those two pieces, we can actually gain some ground and work our way going forward. If you've heard a lot of the stuff around micro-segmentation, our sort of approach to micro-segmentation means micro-segment everything. We mean users, accounts, devices, IOT, OT, wired, unwired, whatever it is, if you can apply control to it, and you can segment it away to gain ground, segment it. >> So how do you deal with the micro-segmentation? Because ultimately you could segment down to one, and then you haven't really accomplished much, right? >> Right, a network of one is no good, yeah. >> Exactly; so when you think about micro-segmentation architectures, how are you creating buckets? What are your logical buckets that you're putting things in? >> So really it should be based on the function that you're trying to allow to occur. If you look at the way we architected networks for the last 20-something years it's been around sort of use writ-large. What we're talking about micro-segmentation is, if I'm micro-segmenting devices, those devices should live in a micro-segment where devices do device stuff, and you can keep control of that, and you can see what's coming and leaving. Users should be segmented that way, networks, all of it should be built around function, rather than inter-operability. Inter-operability is a result of good micro-segmentation, not the other way around. >> Right, and that's interesting you say that, we're obviously, we're in the Forescout Booth, >> Yeah. >> and a big piece of what they're talking about is, identifying these devices, but then basically restricting their behavior to what they should be doing. So really following along in your zero trust philosophy. >> Well I said it last year, I'll say the same thing again, a key piece of this whole thing is knowing what's supposed to be occurring and being able to control it, and then respond to it. It's not really that we've changed the evolution of this whole thing, we've just looked at it a little more pragmatically, and applying fixes where you can actually start gaining ground. >> Right, and applying the fixes at all different points in the spectrum, as opposed to just trying to create that big giant wall and a moat. >> Well yeah, moving away from the perimeter model, like the perimeter model has categorically failed. Everyone around here seems to understand that that's a reality; and we're not saying you shouldn't have your defenses up, but your defenses should be much more granular and much more focused on the realities of what enables the business. >> Right, so I'm just curious to get your perspective, you've been doing this for a while, as you walk around the show floor here, and see so many vendors, and so many products, and so many solutions, and so many bright shiny objects; how do you make sense of it? How do you help you customers make sense of it? Because it's not a simple space, and I always just think of the poor CSO's, sitting there like "How am I supposed to absorb, "even just the inbound information "about knowing what's going on," much less get to the point of doing evaluation and making purchase decision and making implementation decision. >> So one of the things that we've been really pushing forward with is using virtualization solutions to build architectures, not PowerPoints, not drawing stuff on a whiteboard, like actually using virtualization to build virtual architectures, and test and design there. It's actually very similar to the way that we write applications, you iterate; you don't write an app and release it, and think you got it right and you're done, you write pieces of code, build the app, you iterate, you move on, because of virtualization, we can do the same thing with security tooling and with networks. So one of our major initiatives is pushing that capability set to our customers to say, "This is how you get there, and you design, "and then you build, and then you deploy," rather than, "Deploy it and hope you got it right." >> And know that it's not going to be right the first time you buy it, right? You just got to write a check and the problem goes away. >> And it's much better if you screw something up virtually to just nuke it and start over, than if you try and do it with a bunch of hardware that you can't actually rip and replace. >> That's interesting, right? 'Cause the digital twin concept has been around in the OT space for a long time. We talk to GE all the time and digital twin in terms of modeling behavior, and a turbine engine is something they've been talking about forever. At a healthcare conference they're talking about digital twinning people, which I thought was pretty interesting. >> Kind of creepy, but yeah >> Kind of creepy, but then you think, "Okay, so I can, "I can test medications, I can do these things," and to your point, if I screw it up, I'm screwing up the twin, I'm not necessarily screwing up the real thing. And you talked about in your last blog post, starting to create some of these environments and architectures to help people do some of this exploration. >> Yeah we launched our first one here at RSA on Tuesday night, we actually put out our own Forester branded virtual reference architecture; and the good thing is is the way that we're approaching it, we can actually have our clients build their own semblance of this, because something everybody forgets is, this is one of the few places where there are snowflakes, right? Everyone has their own individual build, so being able to have yours that you build, maybe different from mine, even though we both line with a strategic concept like zero trust. >> Right. >> So, we're building a library of those. >> So is the go to market on that that you've got an innovations space, and people do it within there? Or are you giving them the tools to build it on PRIM, how's the execution of it? >> So really it's about, we've published a lot of research that says, "This is the way to do it;" now we've got this platform and the capability to say, "This is where you can do it;" and then allowing them to go in there and follow that research to actually design and build it and see that it's actually do-able. >> Right, right; so as you're looking forward, 2019, I can't believe the calendar's flipped already to March. Crazy ... What are your top priorities? What're you working on as you go forward this calendar year? >> It's mostly about ground truth sort of use cases on this adoption of zero trust across the industry; and really getting people to understand that this is something that can be done. So we have write-ups going on customers that have deployed zero trust solutions; and sort of how they did it, why they did it, where they got benefit from, where they're going with it, because we remind people all the time that this a journey. This is not something I wake up in the morning, build a zero trust network, and walk away. This is multi-year in some cases. >> Well it's going multi-year forever right? Because the threats keep changing; and the thing I find really fascinating is that the value of what they're attacking is changing dramatically, right? It used to be maybe I just wanted to do some, crazy little hacks, or change a grade, maybe steal some money from your bank account; but now with some of the political stuff, and the state-sponsored stuff, there's a lot more complex and softer nuance information they the want to get for much softer nuanced objectives, so you're going to have to continue to reevaluate what needs to be locked in tighter and what needs to be less locked up, because you can't lock it all up to the same degree. >> Right, and it's really something that we remind our customers a lot on, that security is being done by the majority of organizations not because they actually want to do security, it's because security makes the customers have more faith and trust in you, they buy more stuff, your revenue goes up, and everyone benefits. >> Right. >> You know, some of these large organizations, they don't have SOC's and do security operations 'cause they want to be a security company, they're a company that has to do security to get more customers. >> Right, have they figured that out yet? The trust thing is such a big deal, and the Big Tech backlash that we're seeing that's going on. >> I had thought that they would have figure it out, but it comes up all the time, and you have to really wrap people's head around that you're not doing security because you think security is cool, or you need to do it, it's to get more customers to grow the business. This is a business enabler, not a tangential business thing. >> Right, it's such a high percentage of the interaction between a company and it's customers, or a company and it's suppliers, is electronic now anyway, whether it's via web browser or an API call, It's such an important piece 'cause that is the way people interact with companies now. They're not going to the bank branch too often. >> With the growth of GDPR and privacy and things like that, companies are being mandated by their clients, by their customers to be able to say, "How do you secure me?" And the business had better be able to answer that. >> Right right, but hopefully they're not, to your point, I thought you were going to say they're doing it for the compliance, but it's a lot more than just compliance, you shouldn't be doing it just for the compliance. >> Yeah, I mean I stand on the compliance is kind of a failed approach. If you chase compliance you will just be compliant. If you actually do security with a strategy in place you will achieve compliance; and that's the difference most people have to wrap their head around, but compliance is something you do, not something you strive to be. >> Love it, well Chase thanks for stopping by and sharing your insight and a lot of good work. Love keeping track of it, keeping an eye on the blog. >> Great, thanks for having me. >> All right, he's Chase, I'm Jeff, you're watching theCUBE, we're at the RSA conference in the Forescout Booth, thanks for watching, we'll see you next time. (low techno music)

>> Live from San Francisco, its theCUBE. Covering RSA Conference 2019. Brought to you by Forescout. >> Hey welcome back everybody Jeff Frick here with theCUBE. We're at RSA Conference North America 2019. 40,000 plus people in the brand newly refinished. Moscone, they finally got it done and it looks great, we're excited to be here and the guy, one of the many people responsible for this whole event is joining us for a return visit. He's Rohit Ghai, the president of RSA. Rohit, congratulations on another incredible event. >> Thank you, it is incredible indeed and the scope of the conversation, the breadth of the conversation, amazing. >> Right, I was looking a couple of years ago I think it was Valentine's Day, thankfully you didn't do Valentine's Day this year 'cause I don't think Moscone was ready for you. >> That's right, I don't think that would have played out well, yes (laughs). >> So lets jump into it a little bit, kind of general impressions you know security is not getting any less in demand. We're seeing increased threats, we're getting dumbed down to breaches. Give me the facts, how many vendors are here displaying today, how many sponsors? What are are some of the basics? >> Yeah, so look 40,000 plus attendees you know we have 800 plus folks on the show floor. There is a total of 1,700 plus vendors in this industry so its a very fragmented industry and everybody whose anybody in cyber-security is actually here. The other stat that is interesting is in terms of shared voice and the media coverage that actually happens at the RSA conference, if you just put that together that's more than any of the social conversations throughout the year. So this one week will generate more shared voice around cyber-security than the entire year. >> It's the place to be. So let's jump into it, so one of the big issues that you've always talked about is using a really kind of business approach to assessing risk and some of the math behind making a good business decision on how much you invest and what do you protect. You've expanded that vision a little bit this year. Tell us a little more about that. >> We see our role as RSA to provide a safe passage of the world to its digital future state. As you know digital transformation is a buzz-word. Every company is trying to go digital but they don't know what they don't know. Technology is premiering things where its never been before. It's inside baby monitors, inside pace makers, inside cars. Companies that are adapting this technology don't have the competency to actually mitigate risk. The stat I use is one-trillion lines of code will be shipped over the next decade by companies that have shipped exactly zero lines of code. >> One trillion new marginal lines of code. >> So, the meta point is we face unprecedented digital risk, because of adoption of digital technology. So technology is a force for the good but you have to embrace it mindfully and pay attention to digital risk management and that's our role. The role of RSA is to help companies manage digital risk. >> Right, and how do they sort through it all? I just feel for all this between the number of threats, the number of solutions, the IOT is coming on board, 'Internet of Things'. The OT is now being connected to the IT, your head's got to be just spinning. >> It feels overwhelming doesn't it. What I say is anytime you feel overwhelmed you could do three things. You have to reduce the amount of work, you do that by designing security in, resilient infrastructure. Second is that you have to automate work. Which is basically using technology like artificial intelligence and machine learning. But as you know the bad guys have all the AI and ML we the good guys do. So the third recipe for success is business driven security. Which means you have to apply business contacts to your security posture, so you focus on the right problems. The right cyber incidents right here right now. And that's our unique advantage the good guys, the only advantage we the good guys have is our understanding of our business contacts. We call that business driven security. >> So an interesting piece of that is how the value proposition is changing. It used to be the young kid hacking the school site giving himself an A. Then it got to people getting into bank accounts and personal information. But now we're seeing with the nation's states, we're seeing political motivation. >> Exactly. >> There's a lot of different motivations so it gets into this whole evaluation of data, what is the data that they want and is it valuable? Because what they want or is valuable tomorrow might be different than what it was today. >> You're right, the clock speed of digital business is markedly enhanced. So you need solutions that can move at the pace of business. So its no longer about efficacy, its about speed, both on the risk side and security you need solutions that can process this vast ocean of data, make sense of it, to prioritize your response. To focus on the things that are most important right now. >> Yeah, its crazy. Then we have this other trend that's happening now, which is kind of Big-Tech like from Big-Oil meaning not a positive connotation in a blowback. Where people are kind of waking up to the fact that my data is important and people are using it for ways that I didn't necessarily want them to. So this trust issue is really really significant. >> It is significant because in fact the topic of my keynote yesterday. We call it the trust landscape in which we painted a story that we are at the beginning of an era which is a trust crisis. Where people are losing faith in technology as a force for good and unless we act now we will put humanity in harms way and get in the way of human progress. And I think there is some things we need to do, if you think about trust, trust is based on reputation. Trust is not perfection, I don't trust you because you're perfect. I trust you because I can count on how you're going to behave in certain circumstances. Its based on your reputation. >> Right. >> If you think about today we are inviting complete strangers into our cars and homes with platforms like Airbnb and Uber Lyft. Because there is a technology trust platform. We need that on the enterprise side and what we're doing in the cyber security world is, we are actually making withdrawals from our trust or reputation bank account because breaches and bad news is the only thing that's reported. We are not reporting good cyber incidents. So that's the place where we need to work toward, where we are able to not just take withdrawals from our reputation bank account but make deposits by reporting not just bad cyber news but good cyber news. >> Right. >> When we prevent breaches or when we mitigate business impact or cyber incidents. All of those things we need to be more transparent about that. >> But its kind of tricky right now because its the old spy dilemma, you don't want to tell them that you caught them because then you are not in a position to catch them the next time. >> Yes, I think there is solutions there though. I think the reason we have been guarded in cyber security to share good news is because again we don't want to reveal details of our security posture. And we don't want to taunt the bad guy and attract attention towards ourselves. Having said that I think there is a way to do that anonymously without compromising your security posture and having this quantified way to measure your reputation or your cyber capability. >> Right, its really interesting that you go down this trust angle because the whole fake news thing. Is protecting your reputation really of more significant value than necessarily, I don't know, make up some other kind of silly data breach but your reputation and the trust that comes from that or the relationship you have with your customer is really really important. >> Absolutely, your reputation ascertains how your company will live through any crisis incident, right? And in the past corporate reputations were based on things like corporate social responsibility. Your conduct in the physical world, environment, sustainability, corporate ethics, in terms of how you are treating your employees on a fair basis. In the digital world, just like you have corporate social responsibility, you have corporate digital responsibility. You need to demonstrate conduct in terms of how you deal with data, how you take care of consumer data and are a good custodian for it. How you participate in the ecosystem. The Facebook Cambridge analytica example, when you share data with partners you have to feel accountability to that. So in this hyper-connected economy, third-party risk is actually probably higher than first party risk. So you no longer just need to worry about your own data landscape and your own infrastructure landscape. You need to worry about your ecosystem as well. >> Right, and that's before you count in if its an API based economy and you've got stuff in the cloud, you've got stuff in your data center, you've got stuff at remote locations. So the complexity is significantly changed. >> Absolutely. The good news is there's a great recipe which is digital risk management. Risk and trust have to coexist right? If you don't take risks you can't make progress or innovate but in order to have trust you need to have predictability. And that comes through a risk management approach and that's why RSA is so excited about this idea of digital risk management. Its a great responsibility to chart the course to the digital future of the world. >> Well you've certainly got everybody's ear as you said everybody whose anybody is here and this is the place to be this week so congratulations again on a very big and successful show and we're excited that we got to sit down this time not standing in the hallway. >> Thank you, thank you. >> Alright thanks again. >> I enjoyed the conversation. >> Alrighty, he's Rohit, I'm Jeff, you're watching theCUBE. We're at RSA North American conference in Moscone. Thanks for watching we'll see you next time.

(funky music) >> Live from San Francisco, it's theCube, covering RSA Conference 2019 brought to you by Forescout. >> Hey welcome back everybody Jeff Frick here with theCUBE. We're at the RSA Conference at downtown San Francisco Moscone Center, they finally finished the remodel. We're excited to be in the Forescout booth, we've never been in the Forescout booth before, psyched that they invited us in. But we've got an old time CUBE alumni and a special company in my heart, was my very first CUBE event ever was Splunk.conf 2012. >> I did not know that Jeff. >> Yeah so we're live. We have Doug Merritt on he's a CEO of Splunk. Doug great to see you. >> Thanks Jeff, good to see you again also. >> Yeah so we've been doing Splunk.conf since 2012. >> The early days. The Cosmo Hotel and it was pouring rain that week. >> That was the third year. >> Probably the third year? >> Second year, yeah long time ago, it's grown. >> 2012 wasn't that big but this is a crazy show. You've been coming here for a while. Security is such an important part of the Splunk value proposition, just general impressions of RSA as you've been here for a couple of days. >> Yeah, it's amazing to see how the show has grown over the years, security's gone from this, kind of backwater thing that a few weird people did in the corner, that only understood the cyber landscape, to something that boards care about now. And that, obviously has helped with this show, I don't know what the attendee numbers are like, but tens of thousands of people. >> Oh yeah. >> You can't walk down a hallway without bumping into 10 brand new companies that were launched in the past year, and the security space and make the biggest challenge people that I have, and I think that other people have is, how do you tell different, where's the wheat from the chaff? What is really important in security and how do you tell different companies and different trends apart, so you can actually focus on what matters? >> Right, I just feel for the seed-sows, right, I mean, you guys have a big ecosystem at .conf, but those are all kind of complimentary things around the core Splunk solution. This is, you've got co-opetition, competition, how does somebody navigate so many options? 'Cause at the end of the day you don't have unlimited resources, you don't have unlimited people to try to figure all these pieces of the puzzle out. >> Yeah, and the CSOs have got a really tough job, the average CSO has got well over a hundred different vendors you're dealing with, and with Splunk what we're very focused on, and where I think we add value is that we become, if done right, we become the abstraction layer that creates a brain and nervous system that allows all those different products, and all of them have got unique capabilities. When you think about the complexity of all the networking, all the compute, all the storage, all the end point landscapes that's only getting worse for the cloud, because now there's more services with more varieties across more cloud vendors. How do you get visibility on that? >> Right, right. >> And you need products at those different junctures, 'cause protect and prevent and defend is still an important function for CSOs, but when we know that you can't prevent everything. >> Right. >> And things will go wrong, how do you know that, that is actually occurring? And what the splunk value prop is, we are the, we don't have as much of a point of view on any one product, we aggregate data from all the products, which is why so many people are partners, and then help companies with both raw investigations, given that if something goes wrong with our schema less data structure, but then also with effective monitoring and analytics that's correlating data across those tens, hundreds or thousands of different technologies. So you can get a better feel for what are the patterns that make sense to pay attention to. >> I think you just gave me like 10 questions to ask just in that answer, you covered it all. 'Cause the other thing, you know, there's also IoT now and OT and all these connected devices so, you know the end points, the surface area, the throughput is only going up by orders of magnitude. >> Without a doubt. >> It's crazy. >> I saw some stats the other day that, globally at this point there's, I may get these off by one digit, but lets say there's 80,000 servers that are the backbone of the entire internet. There's already over 11 billion connected devices, going back to that IoT theme. So the ramifications at the edge and what that means are so profound and companies like Forescout, as a key partner of Splunk's, help make sure that you're aware of; what are all the different elements that are ever hitting my network in a way. And what do they look like and what, what should I be doing, as different things pop on and pop off and, again, we're trying to be the interpretation and brain layer for that, so that they are more and more intelligent to the actions they're taking, given their depth of domain, their deep knowledge of what a camera should look like, or what a windows PC should look like or what a firewall should look like given the configurations that are important to that company. >> Before we turned on the cameras you made an interesting comment. We used to talk about schema on read versus schema on write, that was the big, kind of big data theme, and you guys are sitting on a huge data flow, but you had a really kind of different take, because you never really know, even with schema on read it seems you know what the schema is but in today's changing environment you're not really sure what it is you're going to be looking for next right? And that can evolve and change over time, so you guys have kind of modified that approach a little bit. >> Yeah, I think we are this year you'll see us really reemphasizing that core of Splunk. That the reason you'd have an investigative lake, and I don't think most people know what a schema is period, much less read or write so my new terminology is hey you need a very thorough investigative lake. Going back to the discussion we were having, with so much surface area, so many network devices, so many servers, so many end points, what tool do you have that's reading in data from all of those, and they all are going to have crazy formats. The logs around those are not manageable. To say you can manage logs and centralize. Centralized logs I get, manage those words don't work together. >> Right. Logs are chaotic by nature, you're not going to manage them, you're not going to force every developer and every device to adhere to a certain data structure so it can neatly fit into your structured database. >> Right. >> It is too chaotic, but more importantly, even if you could you're going to miss a point, which is, once you structure data, you're limited with the types of questions you can ask, which means you had to visualize what the questions would be in the first place. In this chaotic environment you don't know what the questions going to be. The dynamics are changing way to quickly, so the investigative lake is truly, our index is not schematized in any way, so you can ask a million questions once versus a schematized data store where it is; I ask one question >> A million times. a million times. And that's super efficient for that, but, the uniqueness of Splunk is, the investigative lake is the fabric of what we do, and where I think our customers, almost have forgotten about Splunk is, read all that data in. I know we've got a volume based licensing model that we're working on customers, were working to solve that for you, that's not the, I'm not trying to get data in so that we can charge more, I'm trying to get data in so that everybody has got the capacity to investigate, 'cause we cannot fail in answering what, why, when, where, how, and stuff'll go wrong, if you can't answer that, man you're in big trouble. And then on top of that let's make sure you've got right monitoring capability, the right predictive analytics capability; and now with tools like Phantom, and we bought a company called victorOps, which is a beautiful collaboration tool, let's make sure you've got the right automation and action frameworks so that you can actually leverage peoples skills across the investigative, monitoring and analytical data stores that at Splunk we help with all four of those. >> Right, right, again, you touch on a lot of good stuff. We could go for hours but we don't have you all day. But I want to follow up on a couple of things, because one of the things that we hear over and over and over is the time to even know that you've been breached. The time to know that you have a problem, and again, by having all that data there you can now start adjusting your questions based on that way you now know. But I think what's even more kind of intriguing to me is, as nation states have become more active, as we've seen the politicalization of a lot of things, you know, what is valuable today is a much varied, much more varied answer than just tapping into a bank account or trying to steal credit card numbers. So it really supports, kind of this notion that you're saying, which you don't have a clue what the question is that you're going to need to ask tomorrow. So how do you make sure you're in a position, when you find out what the question is, that you can ask it? >> And that's the design architecture I like about splunk as a company is that our orientation is, if you're dealing with a world of chaos, allow that chaos to exist and then find the needles in the haystack, the meaning from that chaos, and then when you find the meaning, now you know that a monitor is worthwhile, because you've validated root cause and it exists. And when your monitor is kicked a few times, and you know it's legit, build a predictive routine, because you now know it's worth trying to predict, because you've seen this thing trip a number of times, which inverts the way that most people, that all of us were taught. Which is start with the end in mind, because garbage in equals garbage out, so be really thoughtful in what you want and then you can structure everything, it's like well, that's not the way the world works. What if the question we asked 15 years ago was, what if you couldn't start with the end in mind, what would you have to do? Well you'd have to have a schema less storage vehicle and a language that allows you to ask any question you want and get structure on the question, but then you still need a structure. So you're going to structure them one way or the other, how do you make sure you've got high quality structure, and in our dynamic landscape that's always going to change. >> Right, well the good news is 2020 next year so we'll all know everything right? >> Yeah, exactly. >> We'll have the hindsight. So the last thing before I let you go is really to talk about automation, and just the quantity and volume and throughput of these systems. Again, one, escalating, just 'cause it's always escalating, but two, now adding this whole connected devices and IoT, and this whole world of operational technology devices, you just, you can't buy your way out of it, you can't hire your way out of it, you have to have an increasing level of automation. So how are you kind of seeing that future evolve over the next couple of years? >> I've been meeting with a lot of customers obviously this week, and one of them said, the interesting part about where we are now is, you can't unsee what you've seen. And where we were five years ago, as most people in security and IT; which are natively digitized, they still didn't know how to wrap there arms around the data. So they just didn't see it, they were like the ostrich. Now with tools like Splunk they can actually see the data, but now, what do I do with it? When I've got a billion potential events per day, how do I deal with that? And even if I could find enough manpower, the skills are going to be changing at such a constant basis, so I think this security, orchestration, automation, response; SOAR, area and we were fortunate enough to form a great relationship with phantom a couple of years ago and add them to the Splunk fold, exactly a year ago, as, I think, the best of the SOAR vendors, but it's a brand new category. Because companies have not yet had that unseeing moment of, holy cow, what do I do, how do I even deal with this amount of information? And adding in automation, intelligent automation, dynamic automation, with the right orchestration layer is an absolute imperative for these shops going forward, and when I look at a combination of phantom and their competitors there's still less then a thousand companies in a sea of a million plus corporate entities, globally, that have licensed these products. So we're at the very beginning of this portion of the wave. But there's no way that companies will be able to be successful without beginning to understand what that means, and wrapping their minds around how to use it. What we're so excited about with Splunk, is traversing investigate, monitor, analyze and automate up and down continuously, we think is the key to getting the best value from this really, really diverse and chaotic landscape and then having phantom as part of the fold helps a lot, because you can get signal on, did I do the right automation? Did It actually achieve the goal that my brain told me to do, or not? And if not, what do I adjust in the brain? Do I go after different data, do I structure the data a different way? But that up and down the chain of check and balance, am I doing the right stuff is something that-- >> And do it continuously. >> It's got to be continuous. >> It's got to be continuous. So we're sitting in the Forescout booth, so talk about how Forescout plays. I mean you guys have been sitting on those (mumbles), really fundamental core date, they're really kind of been opening up a whole different set of data, so how is that kind of working out? >> Yeah, so I'm really thankful for the relationship, mostly because they're a great company and I love their CEO, but mostly, if you go customer back, it's a very important relationship. Which is the proliferation of devices, developments continues to grow, and most companies aren't even aware of the number of devices that exist in their sphere, much less how they should look, and then what vulnerabilities might exist because of changes in those devices. So the information flow of, here's what's in the eco-sphere of a customer into Splunk is really helpful, and then the correlation that Splunk drives, so that Forescout gets even more intelligent on what corrective actions to what type of actions period do I take across this sea of devices is a really important and beneficial relationship for our customers. >> Excellent, so I'll give you the last word, little plug for Splunk.conf coming up in October. >> Yeah, I'm really excited about conf, excited to have you guys there again. We've been on a really intense innovation march for the past few years. This last conf we introduced 20 products at conf, which was a record. We're trying to keep the same pace for conf 2019 and I hope that everyone gets a chance to come, because we're going to both be, moving forward those products that we talked about, but, I think really surprising people, with some of the directions that were taking, the investigate, monitor, analyze and act capabilities both as a platform and for security IT and our other key buy-in centers. >> Alright, well we'll see you there Doug, thanks for stopping by. >> Thank you, Jeff. >> Great seeing you. >> He's Doug, I'm Jeff, you're watching theCUBE, we're in the Forescout booth at RSA Conference 2019, thanks for watching we'll see ya next time. >> Thank you. (electronic music)

(upbeat music) >> Live from San Francisco it's theCUBE, covering RSA Conference 2019. Brought to you by Forescout. >> Hey welcome back everybody Jeff Frick here with theCUBE, we're at the RSA Conference in Moscone in San Francisco, they finally got the conversion done it looks beautiful, it's keeping the atmospheric river out (laughs) it didn't do that last week, but that's a different story for another day. We're excited to have our very next guest he's Joe Cardamone, he's the Senior Information & Security Analyst and North America Privacy Officer for Haworth. Joe great to meet you. >> Thank you, thanks for having me. >> So for the people that don't know Haworth, give us kind of the quick overview on Haworth. >> Well Haworth is a global leader in commercial office interiors. They create seating, desks, dynamic work spaces, raise floors and movable walls. >> Okay, so really outfitting beyond the shell when people move into a space. >> That's correct. >> So what are your security, that sounds like, like mobile walls and desks and the like, what are some of the security issues that you have to deal with? >> Well obviously intellectual property is a big concern, protection of our, we call our employees members. So the protection of our employee member data is important to us, customer data, supplier data, so protection of those key data elements and our assets is a priority in my role. >> Okay, so we're in a Forescout booth, you're using their solution, you come in and Mike tells us you're connected to the network, it crawls out and tells us all the devices. How did that go? How well did it work for you guys? >> It was a fantastic experience for us to be honest with you. From the point that we deployed the ISO onto a virtual instance, about seven hours later we had gotten 97% visibility on our network. And not just data, actionable data which was really important in our use case, >> Yeah keep going, So, well I was just going to say how many surprises did you get after those hours when you got to report back? >> Oh we had quite a number. We were anticipating about 8,000 IPs we landed at about 13,000, so there was quite a bit more end points that we discovered, after implementing the product. One of the bigger pieces that we found was that our showrooms out in global sectors like Asia and Europe, had a bunch of APs that were stood up, you know some sales people thought that they wanted to plug them into a network jack and stand up their own wireless networks, we had found them and we were able to squash them pretty quickly, and that was within 24 hours of implementing the product. >> So you're expecting 8,000 you got 13,000 more than a 50% increase over what you thought? >> Quick math, correct, yes. >> I'm no quick and dirty math guy. I'm not a data scientist. >> I'm not either. >> Okay, so and then how many things did you have that were custom that needed to be added to the library? >> I'm going to say about 10 or 15 units, we have some that we produce. Haworth creates a unit called the Workwear unit which is a screen presentation casting device, and what that device does, it sits on our production network and in order for us to be able to demo that device we had to punch holes in our firewall. Very manual process, those devices move around very often and it was really hard for our IT teams to keep up with. How those devices move, how dynamic they are and you know code revisions, we're living showrooms so nothing stays in one spot at one time. The Forescout was able to very easily identify them using a couple of pieces of information that it gathered, and by using the Palo Alto Networks plugin, we were able to then dynamically punch holes through our firewall to our guest network for just those IPs, in just those services, and just those ports to enable our guests coming in who are looking to purchase the product to actually test drive it, and really have a good use with the product before purchasing it. >> So the guests that you're talking about are your customers, right? >> Our customers, correct yes. >> And when you say they wanted to test drive it, were they, do you let them go test drive it at their local office? Or are you let them drive their own content on it back at your like, executive briefing center? >> How does that mean, cause you're talking about punching a holes, right so that doesn't just happen without some thought. >> No it doesn't, exactly, and the thought was we can't sell a product if we can't demo it, and you come into Haworth, you're my guest. I want you to see the power of my product. I want you to use your laptop, your content on my screens and my space. How can we do that while protecting my digital network? And that's what the Forescout enables us to be able to do as part of our microsegmentation strategy with the Forescout. >> And then you said that that was tied to sub-functionality in a Palo Alto Networks device. >> That's correct. Like I mentioned earlier, the ability to have actionable data was one of our key points in purchasing employing the Forescout unit. We're experiencing a lot of growth, and the way we're treating our growth is, we're treating these companies like they are BYOD. We want, we're buying their brand, we're buying their ability to sell their product. They know their product, they have passion about their product. >> So these are new product lines within your guys total offering? >> Correct, yes. >> Okay. >> And what we wanted to do when we started to integrate the IT side of the world, we wanted to be able to keep them operating on their own. So, we're using the Forescout to be able to look into their network, and looking at a couple of key variables on their machines, say, do you meet this criteria? If you do then we're going to allow you to egress through our Palo Alto firewall using the Palo Alto Networks module on the Forescout, to be able to egress into our environment. If you don't meet that criteria, then you're just not getting in period. So we're able to provide a measure of control, trust but verify to the other networks that we have before their devices come into ours. >> So you're doing that you're adding all these, all these devices, you talk a lot about stuff that's actionable. What did you have before, or did you have anything before? What types of stuff that is actionable, how do you define actionable and I wonder if you could give a couple of examples. >> Sure that's actually really easy. When I say actionable data, I'm able to look at let's just say your laptop sitting here, with the Forescout, I can gather any multitude of data off of it, patch levels, OS levels, software installed, processes running, what switch port you're on, what wireless AP you're on, and off of all that information, I can make any number of decisions. I could move you to another VLAN, I could move you to another security group, I can tag your machine, I can send a trap to my SIM, and be able to record whatever data I need to record. In our use case, using the data that we're gathering from the affiliate networks and from the work wears we're able to then take action to say, yes this device meets our criteria, we can now send that data up into the Palo Alto and then tie it to a rule that exists to allow or disallow traffic. You know, with the fact that it's a single pane of glass, the fact that I can have my help desk go in and make decisions based on data that they're getting, based on actionable data, based on other pieces of data that are getting fed in through my environment, like indicators of compromise. I can enable my level one staff to be able to make level three decisions without giving them keys to the kingdom. Which I think is a big value with the Forescout. >> That's pretty impressive, cause that really helps you leverage your resources in a major major way. >> Correct, I'm a team of three. >> You're a team of three. >> Yes. >> (laughs) So more specifically I guess generally you know, talk about the role of automation because I don't know how many transactions are going through your system and how many pings are coming in but you said 13,000 devices just on the initial, on the initial ping, so how are you leveraging automation? What what's kind of the future do you see in terms of AI, machine learning and all these things we hear about because you can't hire you're way out of the problem, you've only got three people. >> Correct, correct right now we have limited staff but our skill set's fantastic. I'm blessed to have a team of really fantastic engineers that I work with. That being said, how the Forescout's helped us is being able to take some of the load off of them by automating tasks and some of that might be we have a machine that is not patched. We can identify that machine, put it into a group. Our servers are actually being patched by the Forescout right now, we're using that as a way to identify vulnerabilities, missing patches and then stage them into groups using the policies within the Forescout to be able to push down patches and you mentioned earlier one of the products that we had they gave us this visibility. We didn't really have anything. We had Forescout a number of years ago but we had some administration changes and we revamped our entire tool set. We came back and repurchased and re put in the Forescout in 2015, and that's where we've really been able to develop our current use cases and the strength behind the Forescout implementation that we have now. >> Right. And I'm just curious before we close are you, are you putting more IP connectivity on all of your kind of core SKUs? Are you seeing a potential benefit to put an IP address on a, on a wall, on a cube, on a desk, on all that stuff? How do you kind of see that evolving? >> I honestly see IoT being, you know, it's evolving very quickly obviously. We've got, we have IP addresses on our window blinds, you know. >> On your window blinds. >> Yeah, on our window blinds, so that they can control the amount of sunlight coming and we're LEED certified building. So we have all of these different IoT devices that control sunlight, control climate control in the building and obviously our production facilities have a lot of IoT devices as well and the Forescout helps us to be able to segment them into the correct VLANs, apply virtual firewalls, apply different changes to their own network. It gives us a lot of visibility and gives us a lot of control because of the granularity that it just natively collects. >> Right right. Well Joe, it's such a cool story you know. IP on shades that's my, that's my lesson of the day. (laughs) That it just shows that there's just so many opportunities to leverage this new technology in a very special way, but the complexity grows even faster right? >> It certainly does. >> Alright well thanks for taking a few minutes and I really enjoyed it. >> Awesome. >> Alright he's Joe, I'm Jeff, you're watching theCUBE. We're in the Forescout booth at RSA North America in Moscone Center thanks for watching we'll see you next time. (upbeat music)

>> Live from San Francisco, it's theCUBE! Covering the RSA Conference 2019. Brought to you by ForeScout. >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at RSA at Moscone at downtown San Francisco. We're in the ForeScout booth, our first time in the ForeScout booth, we're really excited to be here and we're talking about cyber security, I don't know what the official number is this year, probably 45 thousand professionals walkin' around, talkin' about security. And we've got our next guest on, he is Russell Jones, partner on cyber risk services for Deloitte. Russell, great to meet you! >> Same to meet you as well. >> So, I asked him before we turned on, what's getting you excited these days and he said, everything! So, this is a crazy busy space. What have you been working on lately, what's kind of your take away from the first couple days at the show? >> Yeah, it is a crazy, busy space and if you look at the cyber landscape, everything's moving at the speed of the internet, so it's this cat and mouse game in terms of attackers trying to find new ways to get into systems that is driving the industry. When you talk about health care though, the issue is these systems, like medical devices, often times are connected to people. >> Right. >> And so, the implications of a hack against, let's say, a MRI machine or a fusion pump, could be devastating to an actual person connected to it. And that's really what's driving a lot of innovation in terms of some of the technologies you see, like ForeScout, and also, a lot of what's going on from a regulatory perspective, and also the hospitals and the health care system themselves. >> Right. >> Trying to solve that problem, managing cyber risk as it relates to clinical technology. >> And a lot of that stuff wasn't connected before, right? There weren't IP addresses on every MRI machine or all these pump machines or, you know, you have a pacemaker, all these things. How are they looking at kind of the risk reward from a connected device that gives you all kinds of benefits-- >> Yeah. >> but it does open up this attack surface that previously had maybe an air gap there? >> That's a great point, bottom line is the life saving, life extending attributes of these medical technologies and medical devices far outweighs the risk of cyber, however, we got to be smart about managing that risk. So, we're going to see more connectivity, not less. Train's left the station, in terms of what's coming and in the future of the healthcare, connecting more of, not only the medical devices, but the information in them and being able to share that and then bring it together and aggregate it in ways that, you know, with analytics on top of it allows doctors and researchers in the clinical community to connect dots in ways that solve cancer, solve some different maladies that have plagued us forever. >> Right. >> So I think, on the one hand, it's great, this connectivity is extending healthcare out to people in rural locations and it's also bringing together a lot of different data from everything from your Fitbit to your pacemaker to apps that you have on your phone in a way that's going to benefit us. >> Right, right, so, one of the things about healthcare is they're way out in front of, kind of, not healthcare in terms of regulations. >> Yeah. >> You know, and HIPAA's been around for a long time, GDPR just went into place in Europe last year, so when you look at it from a regulatory environment, which people have to consider, there's not only the complexity of the machines, there's not only the complexity of the security, but you also have regulatory environment. >> Yeah. >> How is the cyber security in healthcare, with their very unique regulations, kind of impacting the way people should think about the problem, the way they should implement solutions? >> That's a good question, I think we've thought about, in the cyber community, forever. We talk about confidentiality, integrity, availability, right, the triangle. When you think about healthcare and clinical technology and medical devices, you need to flip that triangle upside down and the focus is integrity and availability, those things together equal patient safety. So, in other words, as we're connecting more of these devices to each other, to electronic health record systems, to the cloud, the integrity of the information in there, which is being used by doctors and other folks to make decisions about treatment, about surgical procedures, about medicines, it's crucial that that information and the integrity of it is maintained. And then the availability of the device is critical, right? If you're going in to get an MRI and it's down because it's been hacked, there's usually not a spare MRI and so there's a profound impact for patients that are scheduled back to back to back to back to go get that procedure, that MRI that's going to be used by a doctor to do some surgery or some other kind of a treatment plan >> Right. >> So integrity and availability are huge in the cyber world. And, if you look at the regulations, depending on which one we're talking and which part of the world, right? You mentioned HIPAA, we've got security and privacy, you've got GDPR, you've got the FDA that have guidance around what they want the manufacturers to do, building security into the devices. >> Right. >> They all have an impact on cyber and how it's going to be addressed, how we're going to manage cyber risk in the healthcare world. >> Right. >> In that environment. >> And then there's this whole new thing, I went to the Wall Street Journal Health Conference a couple weeks back, I don't know if you were there, but there was two people up where you now you can take your genetic footprint, right? >> Yeah. >> You can take your 23andMe results and after you figure out where your family's from, you can actually sell it back into a research market-- >> Yeah. >> so that doctors and clinicians and people doing trials on new drugs can now take your data in kind of a marketplace, back into a whole nother application so it's kind of outside of the core healthcare system, if you will. >> That's right. >> But I mean, it's basically, it's me, right? (laughs) In the form of my DNA footprint. >> Yup. >> It's crazy, crazy amounts of strange data that now is potentially exposed to a hack. >> That's right, and so the implications there, obviously, privacy, right? That's a huge issue, I think, that we're going to have to address and that's why you see GDPR and that's why you see the California Consumer Privacy Act. >> Right. >> There's a recognition that, again, the train's left the station, there's a lot of good things that come out of sharing data and sharing information, there's a lot benefits that can come out of it for the consumers, patients. There's a dark side as well and that has to be managed. That's why we have the privacy regulations that we have, we're probably going to see more, probably going to see more things like the California Consumer Privacy Act. >> Right. >> More states and eventually-- >> Right. >> probably a federal act for the US. >> Do you think that the healthcare industry is better equipped to deal with GDPR and the California Healthcare Act because of things like HIPAA and they kind of come from that world? Or is this just a whole new level of regulation that they now have to account for? >> I think it's probably a mixed bag. On the one hand, healthcare has been dealing with privacy for a long time, even before HIPAA, right. And then HIPAA has very specific requirements around how you have to manage that information and consent and notifying the patient of their rights. On your other hand, you look at some of the new things, like GDPR, it goes way beyond HIPAA, and I think-- >> It goes way beyond HIPAA? >> Goes way behind HIPAA, like for example, this whole notion of the right to be forgotten. >> Right. >> Right, that's a requirement on the GDPR. That means, me as a patient, if I tell my doctor, I want you to get rid of all my medical records, everything in your system everywhere about me, I want it gone. Not that it makes sense-- >> Right, right. >> but, at least in Europe, if they ask to do that, you have to be able to comply. From a technology perspective and a medical device perspective, some of these devices are very complex, ecosystem of devices, components that make up the product. >> Right >> That's a very difficult thing to do. There's no one delete button-- >> Right. >> that you hit that can delete you from all different instances, downstream from where you came into the healthcare system. >> Right. >> And so, when you think about it from a cyber perspective, it gets to be very challenging. >> The other thing, right, is health care's always under tremendous kind of price pressure from the insurers and the consumers and a bad medical event can wipe-- >> Yeah. >> people out, right? >> Yeah. >> Especially when they're later in life and they're not properly insured, when they're making kind of an ROI analysis on cyber investments versus all the other things they can spend their money on, and they can't spend it all on security, that's not possible, how are they factoring in kind of the cyber investment, it's kind of this new layer of investment that they have to make because all these things are invested versus just investing in better beds and better machines and better people? >> That's the million dollar question. (laughs) I would say, some hospitals and health systems are doing it better than others, so maybe a little bit more further along and mature about thinking about the total cost of ownership and also, the patient factor, right? What has to be balanced, obviously, is not just the costs, but at the end of the day, what's best for the patient. And you hear this term, patient centricity, a lot today. And there's a recognition from all the players in the echo system, it's all about the patient. >> I'm so glad you say that 'cause I think a lot of people probably think that the patient sometimes gets lost in this whole thing, but you're saying no. >> There is an acknowledgement over the last few years and it's called patient centricity, it's an acknowledgement that the way we're going into the future of healthcare and the kinds of medical devices and technology and cloud solutions that are becoming part of the healthcare fabric, they're all being built and geared towards the patient being the center of the equation, not the doctor, not the hospital, it's the patient. >> Right, right, right, that's good to hear. >> And so, to answer your original question, we're in early days and really trying to balance the patient and patient centricity versus we've got vulnerabilities in our environment that could impact the patient and we've only got limited people and costs. >> Right, right. >> Making decisions that kind of balance all of those things. >> Right, alright Russell, last question, we're sitting here in the ForeScout booth. >> Yes. >> Obviously you have a relationship with them, talk about kind of what their solution adds to some of the stuff that you're workin' on. >> So, ForeScout, one of the reasons that we're working closely with ForeScout, their solution, really, they've taken an approach that's holistic around these issues that we're talking about, right, managing cyber risk, complex environment, a lot of different devices that are connected to each other and to the cloud and to the internet. They have built a solution that focuses on ability to have visibility into those devices that are on your network, some of which you may not even know exists, and then being able to kind of build an asset inventory around that visibility that allows you to do things like detect, based on policy, activity that suggests that you might be hacked or there might be some internal processes or players that are doing things that are going to put patients at risk or have you in non-compliance with GDPR, HIPAA and the rest. >> Right. >> And then their solution goes beyond ability to kind of visibility and detect, but to actually do something actionable, right? Security controls and orchestration with other technologies, like Simp Solutions and SOAR Solutions. Being able to orchestrate, hey, I know that I detected some activity on this infusion pump that suggests that we may being hacked, let me send an alert out, but then let me also, maybe, quarantine that part of the network. So, it's the ability to orchestrate between different security technologies that exist in a hospital environment, that's what we like about ForeScout. >> I'm just curious, when they run their first kind of crawl, if you will-- >> Yeah. >> are people surprised at the results of what's on there, that they had no clue? >> I mean, yes and no. >> Yes and no, okay. >> I think, most of the big hospitals that we work with, they know that, what they don't know, and especially when-- >> They know what they don't know. >> you're talkin' about a health system that maybe has a 100 thousand connected medical devices across the health system, they know what they don't know. They're looking for solutions to help them better manage and understand the things that they don't know, that they don't know. >> Right. >> Versus what they do know about. >> Right. >> And I think that's what we bring to the table in terms of kind of cyber risk services Deloitte brings, and then that's what ForeScout brings with their solution to be able to kind of help solve those problems. >> Well Russell, thanks for taking a few minutes out of your day to share those stories, super-- >> Thank you. >> super important work, you know, it's one thing to steal a few bucks out of the bank account, like you said. >> Yeah. >> It's another thing to start taking down machines at the hospital, not a good thing. >> Not a good thing. >> Alright >> Thank you. >> He's Russell, I'm Jeff, you're watchin' theCUBE, we're at RSA in Moscone in the ForeScout booth, thanks for watching, we'll see you next time. (techno music)

(upbeat music) >> Live from San Francisco. It's theCUBE covering RSA Conference 2019, brought to you by Forescout. >> Hey welcome back everybody. Jeff Frick here with theCUBE. We're at RSA North America at the newly opened and finally finished Moscone Center. We're here in the Forescout booth, excited to be here. And we've got our next guest who's been coming to this show for a long, long time. He's Dan Burns, the CEO of Optiv. Dan, great to see you. >> Great to see you too, Jeff. Appreciate you having me on the show. >> So you said this is your 23rd RSA. >> Yeah, somewhere right around there. It's got to be and I don't think I've missed any in between. I've missed some Black Hats in there now and again but RSA is just one of those that that I feel like you got to go to. >> Right, right, so obviously the landscape has changed dramatically so we won't go all the way back 23 years. But in the last couple of years as things have really accelerated with the internet and IoT and OT and all these connected devices, autonomous cars. From a threat perspective and from where you sit in the captain's seat, what are you seeing? What are your, kind of your impressions? How are you helping people navigate this? >> Yeah I appreciate that question, Jeff. So it has changed dramatically. There's no doubt about it. So I got into security in 1996. And that was a long time ago so it's really in the infancy of security. And back in '96 when I remember really studying what security was, and by the way back then it was called information security. Now it's cyber security. But it was really straightforward and simple. There were probably two or three threats and vulnerabilities out there right? Some of the early on one so that's one part of the equation. The second part there were probably two or three regulations and standards out there. No more than that. And then when you went over to kind of the third part of the triad and you talk about vendors and technology there were maybe five or six right? You have McAfee, you have Check Point and you had some of the early, early stage companies that were really addressing kind of simplistic things, right? >> Right. >> Firewalling, URL filtering and things like that. And now you fast-forward to today and it's night and day, so much different. So today when we talk about threats and vulnerabilities there are hundreds of millions, if not billions, of threats and vulnerabilities. Number one, big problem. Number two, regulations standards. There's hundreds of them globally. And number three when you look at our great technology partners here and I think there's probably about 3,500 technology partners here on the floor today. Night and day >> Right. >> Nigh and day from '96 to 2019. And that's created a lot of issues, right? A lot of issues which I'm happy to talk about. >> Yeah, complexity and but you've been a great quote of one of the other things I saw doing the research for this interview. You talked about rationalization >> Yeah. >> and how does a CSO rationalize the world in which you just described because they can't hire their way out of it. They can't buy their way out of it. And at some point you're going to have to make trade-off decisions 'cause you can't use all the company's resources just for security. At the same time, you don't want to be in the cover of the Wall Street Journal tomorrow because you have a big breach that you just discovered. >> Yeah >> How do you help >> it's a balancing act >> How do you help them figure this, navigate these choppy waters? >> Yeah so we think Optiv is in a prime space to do that and place to do that. No doubt about it. So let's talk about the complexity that's out there. Now you look at the landscape. You look at the 25, 35 hundred different technology companies out there today. And when we talk to a typical client and we ask a question. How many vendors, how many OEMs do you have to deal with on an annual basis and the response, of course, depending on the size of the organization but let's just take your average small, mid-sized, enterprise client, the response is somewhere between 75 and 90 partners. And then of course we've got shot on our face. >> Just on the security side? >> Just on the security >> That's not counting all their CRM and all their >> That's not IT, that's not anything. That is just to solve >> 75? >> and build their own security programs. And the next response we get from them is we can't do it, we just can't do it. We spend about 90% of our time acting as if I'm the CSO right now, 90 plus percent of our time working with all of these wonderful, great technologies and partners just to establish those relationships and make sure we're going the right things by them and then by us. And so given this complexity in the marketplace, everything that's going on, it's just a prime scenario for what we call ourselves is a global cyber security solutions integrator, right? Being able to, for a lack of a better term, be the gatekeeper for our clients and help them navigate this complexity that's out there in the space. And so the value that we bring, I talk about it in terms of an equation, right? We're all mathematical in nature, typically people in cyber and so when I think about cyber, I think about equations. And the first equation I think abut is a very simplistic one. It's people, it's process and technology. And you need equal focus on all three of those parts of the equation to truly balance things in a matter where you're building a very effective security program. And historically CSOs have really leaned towards the technology side of that equation. >> Right. And now what we're seeing is a balance like we've got to worry about people, right? We've got to find people with that intelligence and knowledge and know-how and wherewithal, right? And we've got to find companies that have that process expertise, the processes, a means to an end. How do I get to a certain outcome? And so what we bring is the people process and technology. All sides of the equation with the ability in masses to help clients plan, build and run their entire security program or parts of it. >> So how, how is it changed with a couple things like cloud computing. >> Yeah. >> So now I'm sure the bad guys use the cloud just like the good guys use the cloud. So the type of scale and resources that they can bring to bear are significantly higher. Just the pure quantity of and variability using AI and machine learning and as we saw in the election really kind of simple Facebook targeting methods that most marketers use, that work at REI to get you to buy a sleeping bag if you looked at tents on your last way in. So how is the role of AI and machine learning now going to impact this balance? And then of course the other thing is all we see is so many open security jobs. You just can't hire enough people. They're just not there. So that's a whole kind of different level of pressure on the CSO. >> Yeah definitely no doubt about it. And there are few companies that can truly build that have enough budget to address cyber on their own. And those today are typically the large financial right? They're typically given massive budgets. >> Right. >> They have massive teams and they're able to minimize the partnerships and really handle a lot of their own stuff internally and go out for special things. But you look at the typical company, small, mid, even some of the large enterprise companies. No, they can't find the resources. They can't get the budget. They can't address everything. And to your point around digital transformation and what's going on in the world there. And that's probably what continues to support 3,500 technology companies out here. >> Right. >> Right? It's the continuous change >> Right. >> That we see in the industry every single day and of course cloud is one of the most recent transformations and obviously a real one which opens up other threat factors and other scenarios that create new vulnerabilities, and new threats and so that the problem just keeps getting bigger exponentially >> So you come in for another 20 years? Is that what you're saying? (laughing) >> How you're, come for another 20 years. I think though eventually, Jeff, I can remember I kind of poke fun at this a little bit. I can remember I think it was Palo Alto, there was a first company that said, hey we're a platform company. And I think that started happening whatever, it was roughly seven years ago. We're a platform company. And I can remember so many people kind of pooh-poohing that. Right, you're not a, nobody's a platform company. Fair enough, fair enough back then. But I'm going to say, fast-forward to today and that's what it's going to happen, have to happen in this industry, Jeff. >> Right, right. >> Eventually we will have to have some large platform companies that can address multiple things within a client's environment, right? And then there will always be the need to to fill gaps with some of the other great new emerging technologies out there so maybe we won't have 3,500 vendors in ten years. Maybe it's 2,000 so there will be consolidation. There will be the platform play >> Right. >> that happens. >> But then you have the addition of public cloud, right? So now a lot of, a lot of infrastructures, they've got some stuff in public cloud. They still have some stuff on their data center, right? So this is kind of hybrid world. Then you add the IoT thing and the OT connectivity back to the IT which is relatively new. So now if you've got this whole other threat factors that you never had to deal with before at all. It's the machines down on the factory floor. You had been pumping out widgets for a long time that are suddenly connected the infrastructure. So the environment that you're trying to apply security to is really evolving at a crazy pace. >> That is, it's a great industry to be in. (Jeff laughs) Every day I wake up, pitch myself I think all our guys do. >> Right. >> What's amazing, I don't see that slowing down, right? So I think that's why some of that balance continues to be there in the future. One of the things that we're seeing in our industry is companies really trying to take this inside-out approach as opposed to this outside-in approach. And I'll tell you the difference. The outside-in approach is it's all of this chaos, right? It's all the chaos that's behind us and we see it right here. It's everybody telling you what you need >> Right. >> and you build it, you building a security program around what's being fed to you externally as opposed to really taking a step back looking at your organization understanding what your company's initiatives and priorities are, right? And your own company's vision, mission and strategy. And I tell people all the time, I don't care if they're part of our company or any company, first thing you should do is understand the vision and the mission and the strategy of the organization you work for. And so that's part of the inside-out approach. Understanding what your company is trying to accomplish and is a security practitioner really wrapping your arms in your mind around that and supporting those initiatives and aligning your security initiatives to the business initiatives >> Right. >> And then doing it through a risk management type of program and feeding that risk management dashboard and information directly to the board >> Right. >> So. >> So I'm curious how the how you approach the kind of the changes now we have state-sponsored attackers. And how, what they're trying to get and why they're trying to get it has maybe changed and the value equation on your assets, that clearly some assets are super valuable and for some information and some things that are kind of classical but now we're seeing different motivations, political motivations, other types of motivations. So they're probably attacking different repositories of data that you maybe didn't think carry that type of value. Are you seeing >> Yeah. >> kind of a change in that both in the way the attacks are executed and what they're trying to get and the value they're trying to extract then just kind of a classic commercial ransomware or I'm just going to grab some money out of your account. >> Yeah I think, I think you are right. And it kind of goes back to the earlier part of the conversation, the number of devices that the attackers can attack are almost infinite right? >> Right. And especially with the edge right? With IoT it's created this thing we call the edge. Devices on street lights. Devices on meters. Devices here, devices there. >> Right, right. >> So the number of devices they can go for is ever increasing, right? which continues to support the need >> Right. and the cause that we all are a part of. And in the ways they're going to do that is going to change as well. There's no question about it. Yeah, so we've seen different ways of doing it. Yes there's no question about it. Back to the state-sponsored it's kind of stuff the way I look at cyber and probably one of my biggest personal concerns is I think about us, people and family right? We all have family is that cyber and ultimately cyber warfare has created this levity, or equalness in terms of countries, right? Where a country like the U.S. or Russia or somebody with massive resources around physical weapons are now no longer necessarily as powerful as they were. So brevity it's just created this field, leveling playing field. So countries like North Korea, countries like Afghanistan and others have a new opportunity to create a pretty bad situation. >> Right, right. And we haven't seen cyber warfare quote and unquote yet. We would call it something a little because they haven't really used it as a mass weapon of destruction but the threat of that being there >> Right. is creating a more of a even playing field. >> Right. >> And that's one of my biggest concerns like what's the next step there. >> Right, and the other thing is really the financial implications. If you don't do it right, it's beyond being embarrassed on the Wall Street Journal. But right GDPR regulations went into place last year. It's now the California data privacy law that's coming into place. >> Yeah. >> People are calling it kind of the GDPR of California. And that may take more of a national footprint as time moves on. It's weird on one hand we're kind of desensitized 'cause there's so many data breaches right? You can't keep track. We don't actually flip past that page on the wall. >> I can't keep track. But on the other hand there is this kind of this renewed, kind of consumer protection of my data that's now being codified into law with significant penalties. So I wonder how that plays into your kind of risk portfolio strategy of deciding how much to invest. How much you need to put into this effort because if you get in trouble, it's expensive. >> Yeah it is. So can be and it will be and it will get even more expensive. And we're still waiting for the lawmakers to levy some pretty heavy fines. We've seen a few but I think there's going to be more and I think you do have to pay more attention to regulations and compliance. But I think it is a balancing act. Back to our inside-out approach that I was talking about. A lot of companies when PCI came out, as you know, Jeff, a lot of companies were guiding their security program by PCI specifically >> Right. >> and only, and that's a very outside-in approach, right? That's not really accounting for the assets that you were talking about earlier. Not all of them. >> Right. >> Some of them. And so I think that's a great point, right? As a CSO, the first thing you've got to understand is what are your assets? What are you trying to protect? >> Right. And our friends here at Forescout do a great job of giving you the visualization of your network, understanding what your assets are. And then I think the next step is placing a dollar value on that. And not many people do that, right. They're, oh here's my assets. >> You're paying >> This one's kind of important >> This one's kind of important. But to get buy-in from the rest of your organization, you need to force the conversation with your counterparts, with your CFO, with your CMO, with anyone who's a partial owner of those assets >> Right. and make them put a dollar amount on. How much do you think that the data on the server is worth? How much do you think the data on this server, how much do you think, and inventory that is part of the asset inventory. And then I think you've got a much better argument as it relates to getting budget and getting buy-in. >> Right. >> Getting buy-in. And I see it a lot where CSOs tend to be, most tend to be a little bit introverted right? >> Right. >> They'd rather hang out there on the second floor and be there with their team. Take a look at the latest threats. Take a look at what's going on, with their (coughs) logs and their data and trying to solve really critical problems. But my recommendations to CSOs is man, build tight relationships across the entire organization and get out there, be out there, be visible. Get buy-in. Do lunch and learns on why cyber is so critical and how our employees can help us on this journey. >> Right, right. Dan you trip into a whole other category that we'll have to leave for next time which is, what is the value of that data 'cause I think that's changed quite a bit over the last little while. But thanks for taking a few minutes >> Absolutely, Jeff. and hopefully have a good 23rd RSA. >> Thank you very much. >> All right. >> I appreciate it. >> He's Dan, I'm Jeff. You're watching theCUBE. We're at RSA in North America at Moscone at the Forescout booth. Thanks for watching. See you next time. (upbeat music)

(intense orchestral music) >> Hello everyone and welcome to theCUBE Conversation here in Palo Alto, at theCUBE studios. I'm John Furrier, we're here with a special conversation with Fortinet's John Maddison, senior vice president of products and solutions with Fortinet. Welcome to theCUBE Conversation. >> Good to be here again. >> So you guys have some hard new today hitting, it's called the FortiNAC, Forti, like Fortinet, Forti, N-A-C, network access control. >> Right. >> Significant announcement for your guys, take a minute to explain the announcement. >> Yeah, so about two months ago we acquired a company called Bradford Networks. They compete, provide products in the network access control arena. Other companies in that space, so people like ForeScout or Cisco or HP. We think it's a very important space because it's going to be the foundations for IOT security. You probably heard a lot of buzz around IOT security. And there's different levels of IOT security. There's that for the enterprise, there's that for cloud, et cetera and so, for us, this is an important announcement because it gives us that added visibility now to IOT devices via the fabric. >> And the product, is it an appliance? Is it software? What's the product making? >> It's both. You can do a virtual machine version. It's also an appliance. It comes in different levels. The key for it though is the scalability because with IOT devices, we're not talking 100 devices anymore, we're talking millions of devices so what it's able to do is look across many different protocols and devices and provide that visibility of just about any device attaching to your network. >> Who's the target audience for FortiNAC? Is it the data center? Is it the cloud? Is it the remote? Where's the product actually sit? >> Well it's more by industry, so certain industries will have lots more of these types of devices attaching. So think of manufacturing for example. The medical industry as well. And so those are the real, education's another one, so it's more by vertical and it's really focused on campuses, large campuses or remote offices or even manufacturing plants where, again, these devices are attaching to your network. >> And they'll sit at the edge, monitoring what's coming in and out? Is that the purpose? >> Well that's the neat thing about it, it doesn't have to sit at the edge and see all the traffic. What it does is interrogate existing devices at the edge. It could be a switch, it could be a router, it could be an access point, and from that information it can make an assessment of what the device is attaching and then apply a policy. >> So this is part of a bigger holistic picture? We've have conversations with Fortinet in the past, a few conversations certainly around security, with cloud it's the top conversation, on premise it's the top conversation. You guys also have some complimentary products involved like the security fabric and the connectors. Does this fit into that? Take a minute to explain the relevance of how FortiNAC works with the security fabric and the connectors? >> Yeah, last time I was here I explained our fabric and so the fabric is basically something, is a set of Fortinet products, solutions in a way, that are very tightly integrated into the network or into the customer's ecosystem, and then once you've built that you then provide automation systems across for protection, detection and response. And the whole idea is to make sure you're covering what we call the digital attack surface. The digital attack surface now includes, obviously IOT devices, so gaining this visibility from FortiNAC, making sure the information is available to our fabric is crucial for us to make sure we can protect the digital attack surface. >> And for customer's the fabric is a holistic view, the NAC is a product that sits in the campuses or within the network that kind of communicates in the fabric? Is that right? >> Right. So the NAC can see all the IOT devices attaching and then it integrates back into the fabric. The fabric can then apply a policy, so the fabric can see everything now From IOT to the campus, to the WAN, to the data center, to the cloud and if, for example, those IOT devices are communicating with something in the cloud the fabric can see end to end and apply, for example, a segmentation policy, end to end, all the way through the infrastructure. >> You know what I love about having conversations with Fortinet is that you guys spark two types of conversations, use cases and then product technology conversation. This obviously is an IOT kind of product. It makes a lot of sense, you got a little SD-WAN in there. This is the top conversation around enterprises and people looking at cloud an/or looking at re-platforming around cloud operations, it's the cloud architect, it's the network architect. >> Yeah. >> These guys are really being asked to redo things, so how does the IOT fit into this? What is the product? What is the FortiNAC do for IOT from a use case standpoint and then product and technology? >> That's a good conversation because recently, maybe the last 18 months, instead of talking about a point solution, instead of talking about a specific use case, customers want to put all those use cases together and then produce a longer term, more holistic architecture. So now they have a cyber security architect, security architects as well as networking architects. And they want to look at their infrastructure, because that's the things that's changing the most right now. Sure, the threat landscape's out there and the cyber criminals are changing and stuff, et cetera but it's really that infrastructure that's changing the most because they've moving to flexible WAN systems or cloud and so they want it integrated, end to end, over a long time period. So what they want to be able to do is to automate, that's the key word, is automation. It's to make sure all these devices attaching are part of the security automation architecture and then they comply that security policy automatically to that device. >> You know one of the things that's a big trend in the industry is having network guys and people who are managing infrastructure, move from a command line interface, DLI, to automation. >> Mm. >> You mentioned that. How does the FortiNAC extend the security fabric? Because you guys essentially have that holistic view with the fabric. So now you have this IOT capability. How is that device extending the security fabric and what's the benefits to the buyer? >> Yeah, so the fabric has visibility obviously at the next generation firewall, we also have deployment of access points and switches. But obviously there are other companies with vast deployments of switches, I can name a few, and access points and so if they weren't our switches we couldn't necessarily see those devices attaching. And so what FortiNAC does, it comes in and provides us that now complete visibility. It doesn't matter if it's our infrastructure switches and APs, it can be somebody else's. FortiNAC can interrogate and talk to those devices and not only gain that visibility but if we decide there's a certain security posture we want to apply to some IOT device, we don't know what it is, we want it segmented, restrict it's access. Then the fabric can then tell the FortiNAC device to provide control and segmentation back to it. >> So they're working together? >> Working together and it gives us now complete visibility of the IOT devices. >> Let's talk about some the trends around segmentation. We heard, certainly recently at VMworld about micro segmentation's been one of the key things. A lot of top architects, both network and cloud and software are looking at micro segmentation or segmentation in general around the network. Why is it important and what are some of the use cases that you guys are seeing around segmentation? >> It's extremely important but it's a very complex problem in that even though our customer's have bought a lot of different security products from different vendors and different infrastructure, one of the things they don't always realize is they bought a lot of different orchestration systems, a lot of command and control systems and those are key in the future because those systems determine what the infrastructure looks like. You NAC system is kind of an orchestration system, allowing different devices to come on/off the network. SD-WAN has it's own orchestration system. You talked about micro segmentation, things like VMware and NSX and Cisco ACI, all the clouds have their own orchestration systems as well. AWS, Azure, and so what's interesting is none of them really talk to each other. They're more focused on looking after their part of the infrastructure. Now to do segmentation end to end you really need to have end to end orchestration across all those systems. If I want to orchestrate, as I said, that IOT communication with a select application in the cloud, I need to orchestrate all the way through those orchestration systems. >> You need an orchestration or the orchestration system that you have in the cloud. (laughing) >> You need a mother of all orchestrators in some way but I don't think that's ever going to happen and so what's going to happen, really, is your security architecture and segmentation will be specific to a platform or fabric as we're building and then your fabric has to connect into the orchestration systems to tell it what's going on within that section of the orchestration. Again, if it's a NAC system, I can just explain, I know these IOT devices are attaching, let me apply a policy to those. If I know the WAN links are a certain type then I apply that policy. >> And this is the benefit of a holistic fabric because that's kind of where it ties together, right? >> It is, so you build a holistic security fabric and then you let the different infrastructure orchestrators, like VMware, or an SD-WAN vendor or a NAC vendor, do their job, really focus on the infrastructure. >> And you guys help those guys out, big time, with the orchestration side of it? >> Well we can connect into the orchestration systems and we just use it to make sure the security component is doing well. They're more focused on making sure the infrastructure delivers the applications to the end user. >> They do their job, you do your job. >> Exactly. >> Take a minute to explain for the folks out there, explain segmentation and what it is and why is it important for networks? >> A very simple example of segmentation, a couple of years ago there was a bank that got hacked in one of the countries, I think it was the Philippines or something like that, and what they found out was that in that particular country they didn't have the same security infrastructure in place so they got in through that particular branch and came all the way back into the core network and so a very simple segmentation policy they put in place was that, I'm going to segment by countries. So I'm not going to let this country's network access the core data center, if I give it a certain trust level. Segmentation can mean physical countries. It can mean I'm going to segment my intellectual property off. I could be segmenting by functions. Don't let those sales people anywhere near the intellectual property. You can also segment by identity. So segmentation means many different things, you have to apply, I think different levels of segmentation depending on your applications. >> And this is proven, too? We've heard this in many conversations in theCUBE. We had one guy from the US government saying, "We have these critical infrastructure pieces in the United States, why would we let anyone outside the United States access it?" >> Yeah. >> That's a great example. >> I mean if you go to critical infrastructure, you're even more dangerous. I mean most of the infrastructure's been air gapped. It's been totally air gapped, you can't get at it but that's changing as more of those devices become IOT and you have to let some access that. >> And this is where IOT is a challenge that we're seeing. This is one of the problems? >> It's IOT. You know that category is often referred to these days as OT, operational technology. >> Talk about end points, we're hearing endpoints being discussed, like hey, you connect the endpoints, your endpoint strategy, network strategy. Kind of elusive for some, describe why networking the endpoints is an important feature or is it? When people think of the endpoint of the network what are they really talking about? >> Well I think it's become more important. It's interesting if you go back 10 years or so even 15 years, you have a lot of endpoint vendors. Semantics, MacAfees, Trend Micros, Microsoft, I think, is now the largest endpoint security vendor. Then you have a different set of networking vendors, ourselves and some other names out there I can't remember. But, they're totally separated and so to look at your network, give you visibility to policy and segment, you need to be able to see the endpoints and the network together. The security fabric makes sure that you can at least see the endpoint. You may not provide the full stack of security, you may leave that to your endpoint vendor still but your network should be able to see your endpoint and vice versa, and you should be able to see what's communicating between the two. >> I'd like to talk about SD-WAN, but before we go there, just to kind of close out IOT, talk about Fortinet's differentiation and advantages when you talk about convergence between IOT and access technology. >> So the base technology's NAC, network access control, which is in place there but our advantage really is now scale, we can see huge amounts of IOT devices which are attaching and then take action not only at the access level but all the way into the cloud. >> SD-WAN has become a really hot topic. It's a huge market. >> Yeah. >> It's in the billions in terms of spend, it connects devices, campuses and devices but cloud's had a big renaissance within the SD-WAN market. Talk about what's going on with SD-WAN and how the security fabric and the FortiNAC fit into that because it's not your grandfather's SD-WAN market anymore as the expression goes. >> No. Well it's in that class of everything's being software defined, fair enough. But I think this marketplace, if you go even three years ago, was dominated because all the, you've got two marketplaces. You've got what I call the retail, which is distribute enterprise, thousands and thousands inside which already went to a UTM infrastructure. And then you had the branch office, which was more connected, in fact, it just had a simple router in there, it was connected back to the data center which then would go into the internet. And so what's happened is these branch offices they need more and more access to the cloud, more cloud applications are running. You need to provider QOS against those applications and then also these large corporations have decided they don't want to pay, it's a lot of money to get certain, high quality EPLS circuits, when they can get faster circuits through DSL and other mechanisms and so they wanted more flexibility around the wide area network. >> So commodity network access which is, you know, cloud non and EPLS, were high priced, secure. You get now more cloud access, this is translating to more traffic or is it? Is that the driver in all this? >> Well that's what happens and then you get more traffic going through there, it's the same with the next gen firewall right now and people saying, "There's a refresh going, we don't know why." the reason for it is, when you're in your office you're more than likely communicating with the cloud versus your local databases and so the same for the branch office, there's more traffic going through there, it's more encrypted, they want flexibility, they want HA modes, if that goes down now, you've got a big productivity problem with your employees there. And so this whole market sprung from nowhere only three or four years ago and is already in, as you say, in the billions of dollars. There's a lot of acquisition's already happened, consolidation. In our mind it's very important but what's just a important as all those elements is security. If I open up my branch office now to an internet connection, I need best of breed securities on that device and so we've been building SD-WAN, what I call core functionality, for some time, inside our fabric. It's quite a natural integration now of security into that. In fact some recent tests we did with SS Labs, we got highly recommended, for not only the SD-WAN features but that core security. Today SD-WAN vendors will say, well I'll just go and get some security solution from somewhere and bolt it on or attach it on, provide it through the cloud and that's fine but longterm, again, if you come back to that coordination, that orchestration, across two different systems, it's going to become hard. >> And the other complicating factor in this, aside from the infrastructure component, is that a lot of the SAS applications that people are buying, whether it's shadow IT or just off the shelf, or there's Dropbox or any of these services that are SAS based, cloud based, that's creating less of a perimeter. >> Yeah, when it all comes back, technology called CASB is providing that interface into that world through APIs and it all comes back to making sure that all your mechanisms of protection, detection, control are available to all your systems. If I've got some SD-WAN device somewhere and I need to check where this is going, I can use my application database or if I need to check if I'm going to this cloud, I use my CASB API. And so it comes back to a platform approach, a fabric approach. >> John, what's the SD-WAN approach for Fortinet? How do you guys do it? Why should people care? What's the differentiation? Why Fortinet for SD-WAN? What's the approach? >> Integrated in one word. That is, you don't need two boxes, you don't need two VMs, you don't need a box plus a cloud, it's all integrated on the system, best of breed SD-WAN functionality, best of breed tested by third party security which allows you then to have a much more cost effective solution. I think our TCO in the test as a 10th, or a 100th of some of the leading vendors outside there because you're bringing two vendors together and it's gets very costly. >> Alright, I'm going to put you on spot, I'm going to put my cynical hat on. So you're saying integrate security with SD-WAN? I'm going to say, hey, why not just keep it separate? Why integrate? >> Because the two functions need to work together. Where's the firewall going to go? Is it going to go in the cloud or is it going to go here? Who decides on the policy? If something happens, segmentation, who's deciding on segmentation policy? Usually two different companies, they don't really talk apart from maybe, there's an API leak in the security capabilities but to our mind, again, it comes back to that end to end segmentation and that's what a lot of the, I would say, the larger infrastructure vendors are trying to do. I want infrastructure all the way to devices being added, through my campus, through my SD-WAN, data center and cloud and if you've got multiple vendors, again, all over the place, there's no way you're going to be able to coordinate that. >> Alright, so I'll put my IT practitioner hat on. Okay, so I get that, so probably less security manual risk for human error, but I really want to automate. My goal is to automate some of these IT functions, get better security end to end, does this fit that requirement? >> Yeah, so from an automation perspective, we're building in some tools of our own but what we're finding more and more is that from an IT, as you said, they've gone out and built some dev ops capability. Ansible's a good example there. So what we're doing is making sure that, in fact, a lot of our partners and our SEs have already built these scripts and put them on GitHub, well now Microsoft Hub or whatever you want to call it. So we're taking those in and we're QAing them, making sure they're a high quality and then making them available to our customers and our partners through there. So this dev ops world, especially with cloud moving so fast, has become very important and to us it's a very important area we want to make available to our partners and customers. >> One of the things that's talked about a lot is SSL inspection, is that important? What do you guys do there? >> I think it's extremely important in that, a lot of enterprises have switched it off. The reason they switched it off is because when you switch it on it almost kills your performance. There was a recent, again an SS Labs test that was doing next gen firewall testing for SSL and some vendors' performance decreased by 90% and basically it was useless, you had to turn it off. A lot of enterprises want to switch it on. To switch it on, you need a system that has the performance capabilities. I think we decreased around 15%. The law of physics say you've got to decrease in some way but 15%'s a lot better than 90%. And you've got to switch that on because otherwise it's just a giant hole in your firewall. >> John, talk about the cloud because cloud now has multiple tracks to it. Used to be straight public cloud. Obviously on premise is this hot hybrid cloud, multi cloud is the center of the controversies, it's been validated. We see Amazon Web Services announcing something with VMware validation that you're going to start to see an on premises and cloud and some cloud native, born in the cloud companies will be out there. How do you guys extend the security fabric for those two cloud use cases? How does the Fortinet products scale to the cloud? >> Yeah, two good points. Again, a few years ago, I'd ask customers about cloud and say, "Yeah we're going to takes some steps in AWS." Now it's I've got four clouds, what's the next cloud I'm going to put inside there? I've got global clouds around the world. It's kind of interesting that there is this mad rush and it's still going on into public cloud but then I still see some people trying to do hybrid cloud and put some stuff inside their data centers. Some customers don't want that data leaving, regardless. Some people can't move mainframe applications out there so there's always going to be a hybrid world for some time but the key is multi cloud security in that, more than likely, your AWS security systems are not going to work inside a Google cloud, are not going to work inside your Azure cloud, are not going to work inside some of the data center pieces. And so hybrid cloud and multi cloud security Are really important, so for us the ability to support all those clouds, and it's not just saying, well I can put my firewall VM inside AWS. There's a whole set of deep integrations you need to do, to make sure you're inside their automation systems, you can see visibility, there's a lot of practices around compliance, et cetera, so it's actually a big task for each of us to make sure that we're compliant across the set of functions for each of those clouds. >> My final question is going to be around customer impact. If we zoom out, look at the marketplace and I'm a CIO or CXO, I'm a big time, busy enterprise architect or CIO, I'm so busy, I've got all this stuff going on, why Fortinet? Explain to me why are you important in my world? What should I be thinking about? What are some of the opportunities and challenges that I might face? What should I look at? I want to go to the cloud as much as possible because there's some benefits there. I want on premises to be as seamless as possible to the public cloud. I want rock solid security. I want to have the ability to use SAS apps. >> Right. >> Have programmable networks and have a great development team building top line revenue for my business. How can you help me? >> Is that all? (laughing) I think CIOs and CXOs are happier dealing with less vendors. The trouble is with some very large vendors, they just slow down the development side. I think what we bring to the table and by the way we're not the third largest cyber security company out there, what we try and bring is a broad approach, a broad product set so you can have different things from us as well at integrate into your current set but we try to keep very agile and fast with our developments because otherwise you'll fall behind the infrastructure, you'll fall behind the cyber threats. You know, GDPR, for example, over the last year, you've got to keep up with that. What we bring to the table is now a reasonably large company, we're five and a half thousand employees. A very large R and D budget, we try and move very fast. A large product set, all integrated through our fabric but again, we try and stay as agile and as fast moving as possible. Where we can't do it organically, we try and do it organically so our system integrate very well, where we can't do it, then we'll go and make smaller acquisitions, Bradford Networks was an example of that for IOT but I think we're building now a much better relationship with the CIO and CXO level and becoming one of their strategic partners going forward. >> Talk about the community that you guys have built because I've noticed, and I've seen you guys, certainly over the past couple years, that RSA I think a year and half, two years ago, you're working with a lot of industry partners. It's not just Fortinet by themselves, you work within the industry itself. >> Yeah, because people are building their ecosystem and they've made some decisions and hey want you to integrate inside those so we have about 50 partners now where they use our API to provide integration so they built our API and although we've mentioned FortiNAC today, we have APIs, for example, for ForeScout and other NAC vendors so if they've chosen that specific vendor, then we're fine, we'll integrate that inside our fabric. Will it have the level of integration that we have? Probably not, but at least you can see, have visibility, for example. I think the technology we've been building in the last year or so is something called fabric connectors which is a much, much deeper integration into the platforms so we have connectors for VMware NSX, for Cisco ACI, for AWS, and this provides a two way communication and that two way communication is important for one word, and that's automation. So once you can see things, once you direct policy backwards then you can start stitching together these objects and provide that end to end automation. >> Final question for you, a lot of the leading enterprises and businesses out there that are using technology to build digital business, whether it's from developers all the way down under the hood into the network, are all betting on multi cloud. Clearly that's obvious to us and that's pretty much being picked up by mainstream now. So early adopters that are leading the charge are multi cloud. If I'm betting on multi cloud, why Fortinet? Why should I be working with you guys? >> Because we're committed to supporting all those clouds. And as I said, it's no easy task to support, I think we support six clouds now, to go through all the different items and integrations across that, we're committed to that. We've got probably the most expansive integration across the most security products inside the industry and we'll continue to do that going forward. >> John, thanks for spending the time. John Maddison, senior vice president products and solutions at Fortinet here inside the special CUBE Conversation with the big news today, the FortiNAC new product integrating with the security fabric, IOT, SD-WAN, cloud solutions for multi cloud and IT. As automation comes down the road really fast, we're here in theCUBE bringing it to you. I'm John Furrier, thanks for watching. (intense orchestral music)