>> From theCUBE studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE at ETR. This is Breaking Analysis with Dave Vellante >> As we've reported extensively, the pandemic has affected cybersecurity markets perhaps more than any other. Remote work has caused CISOs, chief information security officers to shift spending priorities toward identity access management endpoint and cloud security. COVID has been a benefactor for next gen security companies that participate in these sectors. Notably, we believe tactical responses to the coronavirus have resulted in productivity improvements that will create permanent change in the way organizations defend themselves against cyber threats. Hello everyone and welcome to this week's Wikibon CUBE Insights powered by ETR. In this Breaking Analysis, we'll provide you with our quarterly update of the cybersecurity space and share fresh ETR data on the market. We also have some results from Eric Bradley's most recent Venn round table conducted with three senior chief information security officers. Let's start by looking at this notion of a single pane of glass. Now, despite the aspiration, there is no silver bullet to protect organizations from cyber attacks. The complexities of security, they're enormous and they require a layered defense approach. They range from securing internal networks to end points, to DMZ subnets, external traffic security, data in motion, data at rest, protecting from ransomware, dealing with web traffic, emails, phishing, not to mention threats from internal employees and contractors. As we mentioned at the open, there are three areas in particular that have seen significantly elevated spending momentum that is translated into the valuation increases for several companies, including CrowdStrike, Okta, Zscaler and several others. Zero trust security has gone from buzzword to reality. And spending shifts to these technologies have siphoned off demand from traditional hardware based firewalls. Although CISOs seem to be hedging their bets, at some point, they realized that people are actually going to come back to the office, so they have to remain agile. Lack of talent. Well, that remains one of the CISOs biggest challenges to securing applications and data. And automation while sometimes viewed as risky, is becoming increasingly important. Several companies have hit our radar this quarter and were highlighted in the CISO Panel, including Elastic which has seen momentum as an open source alternative to Splunk and notably multiple CIOs in the panel, they cited concerns related to Splunk's pricing and their sales tactics. They actually compared those of Splunk to those of EMC in the past, if anybody remembers how aggressive EMC salespeople could be. CloudFlare also broke into the top 10 in the ETR survey based on net score which is a measure of spending momentum. And that was for those companies with more than 50 mentions in the survey. CloudFlare is a CDN and provides security for websites. Also Netskope, a cloud security specialist cracked the top 10 in terms of net score and received high marks from the CISO panel, particularly with respect to it's vision and roadmap. Microsoft, Palo Alto Networks, Okta, CrowdStrike Cisco, CyberArk, SailPoint, Zscaler and Proofpoint remain focus vendors for us in the ETR survey as measured by spending momentum and their presence in the data set, what we call market share. And we'll talk more about those companies in a moment. Now finally, even CISOs that were skeptical about the permanence of the effects of COVID, they're seeing business benefits that suggest many of these shifts are circular, and not cyclical. Indeed, prior to the pandemic, ETR survey data showed that about 16% of organizations workers were primarily remote. CIOs expect that number to more than double post pandemic to 34%. Let's say you look at some of the cybersecurity vendors. We'll plot some, we don't have enough room to plot all of them, there are so many. But this chart shows one of our favorite XY views. On the Y axis, we measure net score. And that measures against spending velocity by looking at the net percentage of customers that are spending more versus those that are spending less within the ETR survey. The X axis measures market share or pervasiveness in the survey. Now we've included a select list of companies for this view and only include those with more than 50 responses, or 50 Ns, shared Ns, if you will, in the data set. In the upper right, you can see a table that shows the data sorted by both net score and shared Ns for each vendor. Now, as we indicated, Elastic has taken the top spot, just barely edging out Okta who took over from CrowdStrike in the last survey. And you can see the significant market presence of Palo Alto and Splunk and the most pervasive vendor here is Cisco. Note that Cisco also owns Umbrella and Duo which both have meaningful Ns in the survey. Now, if we were to combine these into one view, a single view of Cisco, all three of those, it would pull the company even further up into the right. Security is one of the bright spots in Cisco's portfolio and shows consistent year-on-year growth each quarter. Now having said that, some CISOs complained that Cisco's propensity to rely on acquisitions to fill gaps has caused them integration challenges in the past. Let's go back to Palo Alto for a moment. We'll make some comments later regarding their position relative to Fortinet, but we wanted to call them out here. Look, CISOs, they really liked Palo Alto. They trust the Palo Alto Networks. They consider Palo Alto as a trusted leader with a very strong portfolio and vision. Now let's turn our attention to the pack here, as we mentioned, Okta's momentum is notably elevated and it's meaningfully higher than the others. Its presence continues to increase up to the right, as does CrowdStrike's, or to the right, not necessarily up to the right, but to the right. But CrowdStrike has come off its net score high, so it's coming down actually in the vertical axis. And we're not super concerned about that because they're dramatically increasing their presence on the X axis each survey. But so is Okta, so that's something to watch. In other words, CrowdStrike's coming down in net score while it's increasing its presence, Okta is holding its net score while at the same time increasing its presence, which is really a strong sign. Now that they compete, they don't compete against each other directly, but it's they're still in the same sector. We've also included Carbon Black here because because of their VMware acquisition and VMware CEO, Pat Gelsinger, he's on a mission to fix security and the company has made a number of moves in cyber. VMware has a really good track record could of execution and while fixing Curity is highly aspirational. With its install base and history of success, we wanted to include them here because they're getting more attention of the CISOs in the ETR panel. So we're keeping an eye on VMware and Carbon Black. It's going to take some time, but we'll keep watching them. Now let's take a look at how the players have moved this year over the quarters. We're going to show you four tables here and we're going to compare the net scores and market share of the cyber companies for January, April, July, and October surveys. So pre-COVID and throughout the year. So let's look first at the pre-COVID positions. The left most chart is sorted by net score or spending momentum and the right most chart is the shared Ns, which is the number of mentions in the survey, which is what drives the horizontal axis that I showed you earlier. Now, when you go back to the January survey, you see CrowdStrike was already doing very well with an elevated net score of 68.3% and 123 mentions. By the way, please ignore those companies with less than 50 Ns, I didn't filter the data back then. I was kind of still learning how to use the ETR software platform. Okta was also elevated and you can see the others there as well. Now, last year, we came up with a method to assign stars to those companies that had both top net scores and large shared Ns in the survey. So spending momentum and strong market share. And you can see Microsoft, Splunk, Palo Alto Networks, Proofpoint, CrowdStrike, Zscaler and CyberArk made the cut and all received four stars. And we gave two stars to Cisco and Fortinet because they had strong net scores and very high presence in the survey. Now let's go forward and look at April when the lockdown was in full swing. Okay, so we tightened things up in April and on the presentation of the survey did and only included those companies with more than 50N. And we cut the top 10, that's the red line and we put in their Dell EMC which is RSA and IBM for context. And you can see CrowdStrike, they shot to the top with a 68% net score and increased it's shared N, and you can see the stars right. Now, let's just jump ahead to the July survey. So now we're well into the pandemic. Maybe things are calming down a little bit in the summer. People feeling a little bit more freedom, maybe not as concerned about the work-from-home peace, that's sort of settling in, and CISOs, they had a little time to respond here and that's kind of the picture in the summer. Okta jumped way up on the left, you see in spending momentum and CrowdStrike, they moderated a bit, although they remained elevated. And again, they're not direct competitors, but it's instructive to compare these two firms, 'cause they're both hot and growing. And you see the green lines, they show the direction of the momentum of the net score. CrowdStrike was a bit of a concern because its net score dropped and its presence in the dataset kind of moderated. But the company continued to report strong revenue during its earnings calls and the stock remain a darling. So some mixed signals in the data, one quarter doesn't necessarily make a trend. But Okta, Microsoft, Cisco, Palo Alto, Splunk and several others, they remained very, very strong. Now let's go into the most recent October survey. So again, we continue to fine tune our presentation analysis here. And you can see there are two red lines. The top one is the top 10 cutoff. And the second line is the top 20. As we said, Elastic hit the radar for net score but still not pervasive enough in the dataset on the right to earn some stars with the shared Ns. So Okta in our view continues to hold that top spot for momentum and made the top 10 cut for shared N, two very positive signs. It's shared N, for example, jumped from 139 to 185. So more and more mentions, people are increasingly relying on Okta for identity access management. Now for the green arrows here, the momentum lines, we've tried to take into consideration the shared N. So even though, for example CrowdStrike's net score dropped from 50 down to 43%, it's shared N, or again, the number of mentions, it jumped from 119 to 162. So that's a 36% increase and you might be thinking, well, why is that significant? Well, CIOs and IT buyers in the ETR survey, they're asked to choose the areas with which they are most familiar and then they answer questions on which vendors they use. So the fact that companies like Okta and Palo Alto and CrowdStrike and several others that we've highlighted are increasing their presence in the data set and still maintaining a very strong net score is a really good signal in our view. That's why, for example, take Zscaler, we still give them two stars, even though on a relative basis, it didn't make the top 10 cut. It's net score held relatively firm and it's shared N jumped by 39%. So we continue to like names like Zscaler, Okta, CrowdStrike, CyberArk, Proofpoint Fortinet and of course Microsoft, which consistently shines brightly. Let's look at a comment that underscores the CISOs sentiment and I think the market overall. Here's a comment from a CISO of a global travel and hospitality company. It's a name you would recognize and obviously this individual's business was hit hard by the pandemic. So there's an inherent bias toward hope anyway, toward a return to the normal. But look at the comment, I'll read it. "I was a skeptic on the permanence of the changes due to COVID, but I've seen firsthand, there are legitimate structural changes that are taking place, and that's going to fundamentally shift where companies are investing in cyber. Building leases are expiring, people, they're productive working from home. Products that enable work from home and that are cloud first, that trend will continue and be permanent." And you know what? We agree. Okay, here's a chart that we've been updating since right before the pandemic and it compares the performance of the S & P 500 and Nasdaq with specific security companies that are public. And we've been tracking the revenue multiples on a trailing 12 month revenue basis over time to get a sense of how these companies compare. And we prefer to use forward looking revenue, but find TTM to be more consistent and frankly easier to access quickly. So that's what we're using. Now note that Splunk, Octa, CrowdStrike and Zscaler, those are the guys I've highlighted in red, they have yet to report as of this publication. A couple of points here are worth noting. First, we've been talking a lot about the divergence in valuation between Palo Alto and Fortinet and we'll show some more data on that in a moment but we want to share some CISO comments about Fortinet. People sometimes refer to Fortinet as Forti knife, as in Swiss army knife. They're a Swiss army knife of cyber, Forti everything is what one CISO called it. Fortinet is more price attractive, especially for mid-sized companies who don't have the resources of larger firms that might gravitate toward Palo Alto Networks. And the companies around for awhile and has earned the trust of CISOs because of their portfolio and their track record. Now, the other notable item in this data is the rise in value for Okta, CrowdStrike and Zscaler which have seen values increase 78%, 128%, 124% respectively in the time period we show here. You can see the very highly elevated revenue multiples compared to some of the more mature companies. Splunk, they're a bit of an outlier here 'cause we're showing negative growth in that right-hand column. And that's because of its transition toward a subscription model. That really messes up the income statement. And we just wanted to cite that. Splunk's been doing a good job communicating to the street. There are some concerns in the ETR dataset, which we've talked about. They've sort of moderated lately. There's also concerns about pricing that CISOs have mentioned, but generally there's a real bifurcation in the market in terms of valuations. And we think that while there's a lot of discussion about the so-called stay-at-home stocks and a shift back away from those when the pandemic subsides, we believe that the productivity benefits of remote work are becoming more clear and these next gen security companies are going to continue to thrive. Now let's take a moment to look at the relative performance of Palo Alto and Fortinet. Back in February of this year, we noted that there was a valuation divergence occurring between these two companies. And we cited three factors at the time for this gap. First, we said the Palo Alto was trying to cloud proof its business, and as such, it was in transition. And second, it had some challenges with regard to the pace of that transition, including sales incentives, actually that's part of the first point. That was kind of one A. Secondly, we said that the shift away from appliance-based firewalls was accelerating and that was pressuring Palo Alto's valuation. They were kind of underperforming in that segment. And finally we said the Palo Alto was facing some very tough compares in 2019 relative to 2018. And that was causing investors to pause as Palo Alto began shifting to an annual recurring revenue model. Now we said at the time that CISOs really, they really liked Palo Alto and we felt it would... the company would deal with these issues in 2020. And this chart really shows that and they've begun to reverse this trend. The yellow line is Fortinet. The blue line is Palo Alto and it's showing this sort of relative performance here. And you can see that gap coming into 2020 which extended into the meat of 2020. But now it's starting to compress, thanks to a nice earnings report that beat EPS on revenue this month, as we're talking about Palo Alto. So we continue to believe that Fortinet has done a good job and a better job of moving to the cloud model. And Palo Alto has largely relied on acquisitions to accelerate this trend. And we'll see if they can continue to thrive during this transition to cloud. But there's little doubt that CISOs want to work with Palo Alto networks and they remain committed to having a strategic relationship with the company. Alright, let's wrap. The shift to the subscription model is well underway in the cybersecurity space and it's buoyed by cloud and next generation SAS-based security players. Splunk is in transition. Cisco and Palo Alto emphasize the importance of this trend and virtually all historically on-prem players are being forced to respond. Survey data and anecdotal information from theCUBE community supports what the ETR Venn CISOs are saying, that the internet is becoming the new private network and these trends toward cloud-based and remote worker support are delivering benefits that CEOs and CFOs are going to continue to push to operationalize. CISOs, they got to continue to take a multi-layered approach to defending their data, their applications and their users. And it's such a fragmented market with specialists is going to continue for quite some time. Now, despite these clear trends, CISOs face a real challenge, the timing of the return to semi normal, it's really uncertain. And we still don't have a clear picture of what that future will look like. As such incumbent firms with hardened networks, they're going to have to remain in a hybrid holding pattern to accommodate whatever happens. Why is that important? Well, this means that budgets are going to be stretched. Look, while security remains a top priority, you can't expect an open checkbook going to SecOps team. Throwing money at the problem wouldn't really solve it anyway. Rather CISOs have to take a balanced portfolio of investments, continuing with automation and data analytics and of course, good security practice practices. That's going to be the pattern. Alright, well, thanks everyone for watching this episode of theCUBE insights powered by ETR. There are many ways to get in touch. @dvellante on Twitter, david.vellante@siliconangle.com. You can comment on my LinkedIn posts. I publish weekly on wikibon.com and siliconangle.com and always appreciate the feedback from our community. These episodes, by the way, are all available as podcasts. So you can listen while you multitask and don't forget to check out etr.plus for all the survey action. This is Dave Vellante. Have a great Thanksgiving, be smart, stay safe and we'll see you next time. (light melodic music)

>> From theCUBE Studios in Palo Alto, in Boston connecting with alt leaders all around the world, This is a CUBE conversation. >> Hello everybody, this is Dave Vellante and welcome to this Breaking Analysis. I'm here with Erik Bradley, who's the managing director of ETR and runs their VEN program. Erik good to see you. >> Very nice to see you too Dave. Hope you're doing well. >> Yeah, I'm doing okay hanging in there. You know, you guys in New York are fighting the battle. Looks like we're making some progress here so, you know, all the best, you and your family and the wider community. I'm really excited to have you on today because I had the pleasure of sitting in on a CIO/ CISO panel last week. And we're going to explain sort of what that's all about, but one of the things ETR does that I really like is they go deeper with anecdotal information and it's almost like in-depth interviews in these round tables. So they compliment their quarterly surveys, and their other drill down surveys, with other anecdotal information for people in their community. So it's a tried and true survey practice that adds some color to the dataset. So guys if you bring up the agenda, I want to share with the audience what we're going to talk about today. So, we'll talk a little bit about, you know we just did intros, I want to ask Erik, what ETR VENN is and then we'll go through some of the guests, but if we go back to Erik, explain a little bit about VENN and the whole process and how you guys do that. >> Yeah sure, we should hire you for marketing. You just did a great job, actually, describing that, but about three years ago what we decided was, ETR does an amazing job collecting the data. It can tell you what's happening, who it's happening to and when it's happening. But it can't always tell you why it's happened. So leveraging a lot of my background in twenty-plus years in journalism and institutional Wall Street research, we decided to take the ETR community, the people that actually take the surveys, and start doing interviews with them and start doing events with them. And enable to doing that, we're basically just trying to compliment the survey findings and the data. So what we always say is that ETR will always give you the quantitative answer and VENN will give you the qualitative answer. >> Now guys, let's bring up the agenda slide again, let's take a look at the folks that participated in the round table. Now, for ETR's clients, they actually know the names and the titles and well the company that these guys work for. We've anonymized it for the public. But you had a CIO of a Global Auto Supplier, a CISO of a Diversified Holdings Firm, who actually had some hospitality exposure but also some government contract manufacturing exposure. Chief Architect of a Software ISV and a VP and CISO of a Global Hospitality Resort Chain. So you had three out of the for, Erik, were really in industries that are getting hit hard. Obviously the software company maybe a little bit better. But maybe you can add some color to that. >> Well actually the software company, unfortunately, was getting hit hard as well because they're a software ISV that actually plays into the manufacturing space as well. So, this particular panel of CIOs and CISOs were actually in a very hard hit industries. And are going to make sure we do two more follow-ups with different industry verticals to make sure we're getting a little bit of a wider berth and collect all of that information in a better way. But coming back to this particular call, the whole reason we did this, and as you know, you spoke to my colleague and friend, Sagar Kadakia, who is the Director of Research for ETR, and we were nimble enough to actually change our survey while it was in the field, to start collecting data on what the real-time impact was on the COVID-19 pandemic. We were able to take that information, extrapolate it, and then say okay let's start reading out to these people and dig deeper. Find out why it's happening and even more so, is it permanent? And which vendors are going to win and which vendors might lose from it. So that was the whole reason we set up the series of calls. We've only conducted on so far. We have another one this coming Tuesday as well with four entirely new panelists that are going to be from different industry verticals because, as you astutely pointed out, these verticals were very hard hit and not all of them are as hard as others. So it's important to get a wider cross-section. >> So, guys let's take a look at some of the budget impacts the anecdotal evidence that we gathered here. So let me just scan through it and then Erik, I'll ask you to comment. So, you know, like Erik said, some hard hit industries. All major projects, anything sort of next-generation, have been essentially shelved. That was the ISV. And then another one, we cut at least 70% of the big projects moving forward. He mentioned ServiceNow actually calls them out, but the ServiceNow is a SaaS company they'll probably, you know, weather the storm here. But he did say we've put that on hold. The best comment, you know, "As-a-service has Saved our SaaS." (Erik laughs) That one's great. And then we're going to get into some of the networking commentary. Some really interesting things about how to support the work from home. You know, kind of shifting from a hardened top into remote workers. And then a lot of commentary on security. So, you know, that's sort of a high level scan and there's just so much information here Erik, but maybe you could sort of summarize on some of that commentary. >> Yeah, we should definitely dig into each of those sectors a little more, but to summarize what we're seeing here was the real winners and losers are clear. Not everyone was prepared to have a work from home strategy. Not everyone was prepared to send their workers out. Their VPN wasn't, they didn't have enough bandwidth. So there was a real quick uptick in spending, but longer term we're starting to see that these changes will become more permanent. So the real winners and losers right now, we're going to see on the loser's side traditional networking. The MPLS networking is in a lot of trouble according to all the data and the commentary that we're seeing. It's expensive, it's difficult to ramp to up bandwidth as quickly as you need and it doesn't support remote. So we're seeing that lose out and the winners there are in the SD-WAN space. It's going to be impossible to ignore that going forward and some of our CIO and CISO panelists said that change will be permanent. Also, we're seeing, at the same time, what they were calling a "SaaS and Cloud". Now, we know these trends obviously were already happening but they're being exacerbated. They're happening even more quickly and more strong. And I don't see that changing any time soon. That, of course, is at the expense of network, I'm sorry, data centers. Whether it be your own or hosted. Which has huge ramifications on on-prem hardware. Even the firewall providers. So what we're seeing here is obviously we know things are going to be impacted by this situation. We didn't necessarily expect all of our community members and IT decision-makers to talk about them being possibly permanent. So that on a high level was something that was extremely interesting. And the last one that I would bring up is that as we make this shift towards working from home, towards remote access, you also have to align yourself with the security that can support that. And one of the things that we're seeing in our data side on ETR, is a widening bifurcation between the next-generation security vendors and the more traditional security or the legacy security players. That bifurcation just keeps getting wider and wider and this situation could be the last straw. >> So I want to follow up on a couple of those things. You're talking about sort of the network shift you know, towards the SD-WAN. What people have described to me is that they got a, you know, a hardened top. It's a hierarchical network. It's very well understood and it's safe, right? And now all of a sudden you got all those remote workers and so you've got to completely soft of rethink your whole network architecture. The other thing I want to drill into is your Cloud commentary. There's a comment that I saw, Erik, that really stood out. One of the folks said, "I would like to see the data centers "be completely deleted, if you will, or closed down." I think we're going to see, you know, a lot more of this obviously. Not only from the standpoint of, and you heard this a lot, the kind of paid by the drink. But just generally getting rid of all that sort of so-called non-differentiated heavy-lifting as we often hear about. >> That is a extreme comment. I don't think everyone feels that way. But, yes, the comment was made and we've heard the comment from other people. As you and I both know, the larger the enterprise the harder that is to go completely SaaS. But yeah, when a situation like this has and see the inflexibility of their on-prem infrastructure, yes it becomes something that really has to be addressed and it can become a permanent change. I was also shocked about that comment. That gentleman also stated that his executives outside of the ITs area, the CEO, the CFO, had never ever, ever wanted to discuss Cloud. They did not want to discuss work from home. They did not want to discuss remote access. He said that conversation has changed immediately and to the credit of the actual IT companies out there, the technology companies, they're doing everything they can with this opportunity to make that happen. >> Yeah, and so you're right the whole work from home conversation. To your point earlier, Erik, big chunks of COVID, the post-COVID world are going to remain permanent. Guys bring up the SaaS slide if you will. The SaaS commentary, "As-a-Service Saved our SaaS." "The wittiest quip award" going to the ETR. You know, but you had, what's very interesting to hear folks, in fact I think somebody even called out, "Hey," you know, "we expected Oracle to," you know, "be auditing us but they're actually being supportive "as is IBM." Salesforce was an interesting common, Erik. One of the folks said they would share accounts on-prem, but when they all do the work from home they had to actually buy some more. You also got Cisco with big props. Microsoft was called out. A lot of organizations actually allowing them to defer payments. So the SaaS vendors actually got very high marks didn't they? >> They really did and even I wrote that summary and it was difficult to write that about Oracle because we all know that they're infamous for auditing their own customers in 2009 right after we came out of financial crisis. They have notoriously been a-- I don't know if they found religion and they decided to be nice to their customers, but every-single person mentioned them as one of the vendors that was actually helping. That was very shocking. And we all know that when bad situations happen people become opportunistic. And right now it's really seeming that the SaaS vendors understand that they need a longterm relationship with these customers and they're being altruistic instead. Which is really nice. >> Yeah I think that anybody with a Cloud realizes that hey, we have an opportunity here that the lifetime value of that customer, whereas maybe in 2009 when Oracle didn't have a Cloud, they had to get people in a headlock to try to persevere their, you know, income statement. Let's go to the networking drill down guys, that next slide because Fortinet, some of the things we've been reporting on is the sort of divergence in evaluations between Fortinet and Palo Alto before this whole thing hit, Fortinet has done a really good job with its Cloud offerings. Palo Alto struggles a little bit with trying to figure out the sales compensation, is maybe a little bit behind. Although both companies got strong props and I've talked to a number of customers, Palo Alto is going to be in the mix. Fortinet, from a Cloud standpoint, seems to be doing quite well? Obviously networking, Cisco is the big gorilla there. But we also got call outs from guys like Trend Micro which was interesting, from some of the folks. So, your thoughts on this Erik. >> Yeah, I'll start on the networking side because this is something that I've really, I've dug into quite amount, in not only this panel, but a lot of interviews and it really seems as if as networking refresh starts to come up, and it's coming up with a lot of large enterprises, when your network refresh comes up people are going to do an RFP for SD-WAN. They are sick and tired of paying MPLS network vendors and they really want to look at something else. That was even prior to this situation. Now what we're hearing is this is a permanent change. I particularly had one person say, I wanted to find this quote real quickly if I can, but basically they basically saying that, "From a permanency perspective, the freedom from MTLS "will reduce our networks spend by over half "while more than doubling or tripling our bandwidth." You can't ignore that. You're going to save me money and triple my bandwidth, and hey by the way, my refresh is due. It's something that's coming and it's going to happen. And yes, you mentioned the few right? There's Viptela, there's Velocloud, there's some big players like Cisco. The Palo Alto just acquired CloudGenix in the midst of all of this. They just went and got an SD-WAN player themselves. And they just keep acquiring a portfolio to shift from their on-prem to next-generation. It's going to take some time, because 70% plus of their revenues is still on-prem hardware, but I do believe that their portfolio that they're creating is the way the world is moving. And that's just one comment on the traditional networking versus the next-generation SD-WAN. >> And the customers have indicated, you know it's not easy just to get off of their MPLS network. I mean it takes time, it's like slowly pulling of the bandaid. But, like many things, COVID-19 is sort of accelerating that. We haven't talked about digital transformation. That came up as a maybe more strategic initiative. But one that very clearly has legs. >> You know, David, it's very simple. You just said it. People, when things are going well and they're comfortable, they don't change. And that's the same for an enterpriser company. Hey, everything's great, our revenue's fine. Why would we do this? We'll worry about that next year. Then something like this happens and you realize wow, we've been dragging our feet. That digital transformation that we've been talking about, and we've been a little bit slow to accept, we need to accept it, we need to move now. And yes, it was another one of the major themes and it sounds silly for researchers like you and I because we know this is a theme. We know Clouded option is there, we know digital transformation is there. But, there are still a lot of people that haven't moved as quickly as they should and this is going to be that final catalyst to get them there, without a doubt. Quickly on your point of Fortinet, I was actually very impressed with the commentary that came from that because Fortinet is sometimes one of those names that you think of that maybe plays in a smaller pool or isn't as big as some of the 800 pound gorillas out there. But in other other interviews besides this I've heard the phrase coined of "Forti-everything". So through RND and through acquisition, Fortinet has really expanded the portfolio and right now is their time to shine because when you have smaller satellite, you know, offices and branches that you need to connect, they're really, really good at it. And you don't always want to call a Palo Alto and pay that price when you have smaller branch offices. And I actually, I was glad you brought up Fortinet because it's not a name that we get to herald that often and it was deserving from this panel. >> Yeah and, you know, companies that can secure gateways, secure endpoints, obviously going to have momentum. Zscaler came up, you know I think that, and I'll tell ya, looking at, I've done a couple of breaking analysis on security and Fortinet has been strong in two dimensions. You know ETR is, as our audience is I think getting to know. We really look at two key metrics. One is net score, which is a measure of spending momentum, and the other is market share, which is a measure of pervasiveness. And companies like Fortinet, in security, show up on both of those dimensions so it's notable. >> Yes, it certainly is, it is. And I'm glad you brought up Zscaler too. Very recently by client request, we did a very in-depth research on Zscaler versus Palo Alto Prisma Access and they were very interested. This was before all this happened, you know. Does Palo Alto have a chance of catching up, taking share from Zscaler. And I've had the pleasure, myself, personally hosting Jay the CEO of Zscaler at an event in New York City. And I have nothing but incredible respect for the company. But what we found out through this research is Zscaler, at the moment, their technology is still ahead, according to their answers. There's no doubt. However, there doesn't seem to be any real secret sauce that will stop Palo Alto from catching up. So we do believe the parody of feature set will shrink over time. And then it will come down to Palo Alto obviously has a wider and user base. Now, what's happening today might change that. Because if I had to make a decision right now, for my company on secure web gateway, I'm still probably going to go to Zscaler. It's the name. If I had to choose that in a year from now, Palo Alto might have had a better chance. So in this panel, as you brought up, Zscaler was mentioned numerous times as just the wave of the future. Along with CASB brokers right? Whether you're talking about a Netskoper or Forcepointer. All those people that also play in CASB space to secure your access. Zero trust is no longer a marketing-hype term. It is real and it is becoming more real by the week. >> And so, I want to kind of end on one of the other comments that really struck me because we're constantly talking about okay, do you go with a portfolio of a suite of services or do you go with best of breed? What about startups? Are startups more risky in a crisis like this? And one of your panelists, I just love this comment, he said, "One of things that I've always done," he said, "You always hear about the guy, "oh we're going to go to the gardener, we're going to "check out the magic water, we'll pick out three guys "in the upper right hand corner and test them out." He says, "One of the things I always like to do, "I'll pick two from the upper right "and I'll take one from the lower left." One of the emerging, text, "And I'll give em a shot." It won't win every time, but then he called out FireEye as one of the organizations that he found early that gave them competitive advantage. >> Right. >> Love that comment. >> It's a great comment. And honestly if you're in charge of procurement you'd be stupid not to do that. Not only just to see what the technology is, but now I can play you off the big guys because I have negotiating leverage and I can say oh, well I could always just take their contract. So it's silly not to do it from a business perspective. But from technology perspective, what we kept hearing from these people with the smaller vendors. My partner Peter Steube, my colleague and I, we did the host together, we asked this question really believing that the financial insecurity of the moment and the times would make smaller vendors not viable. We heard the exact opposite. What our panelists said was, "No, I'd be happy "to work with a smaller vendor right now "because they're going to give me pricing flexibility, "they're going to work with me right now. "I don't need to pay them upfront "because we're seeing a permanent shift from CapEx to OpEX, "and the smaller vendors are willing to work with me and I can pay them later." So we were actually surprised to hear that and glad to hear it because, to connect to your other point, the other person who was talking about security and the platform approach versus best of breed, he said "Listen, platform approaches you're already "with the vendor, you can bundle a little bit. "But the problem is, if you're just going to acquire "a new technology every time there's a new threat, "the bad guys are just going to switch the threat. "And you can't acquire indefinitely. "So therefore, best of breed with security "will always beat platform." And that's kind of a message to Palo Alto and Cisco, in my opinion, because they seem to be the ones fighting that out. Even Microsoft now, trying to say they're a platform approach in security. >> Well and this says to me the security business, as we predicted, is going to stay fragmented because you're still going to get that best of breed. You know, just like Cloud is going to be fragmented and it's, you know, multiple vendors. Ever since I've been in this business people are trying to consolidate the number of vendors, but technology moves so quickly, it gives competitive advantage. Erik, awesome! Thank you so much for joining us. I'm looking forward to next Tuesday with the next vendor and love to have you back and talk about it anytime. You're a great guest, thanks so much. >> Certainly, I'll do my best to get a better AV connection the next time guys, I apologize for that. But it was great talking to you tonight. >> Hey we're all learning, you know so, thank you everybody for watching, this is Dave Vellante for theCUBE and we'll see you next time. (upbeat music)

(intense orchestral music) >> Hello everyone and welcome to theCUBE Conversation here in Palo Alto, at theCUBE studios. I'm John Furrier, we're here with a special conversation with Fortinet's John Maddison, senior vice president of products and solutions with Fortinet. Welcome to theCUBE Conversation. >> Good to be here again. >> So you guys have some hard new today hitting, it's called the FortiNAC, Forti, like Fortinet, Forti, N-A-C, network access control. >> Right. >> Significant announcement for your guys, take a minute to explain the announcement. >> Yeah, so about two months ago we acquired a company called Bradford Networks. They compete, provide products in the network access control arena. Other companies in that space, so people like ForeScout or Cisco or HP. We think it's a very important space because it's going to be the foundations for IOT security. You probably heard a lot of buzz around IOT security. And there's different levels of IOT security. There's that for the enterprise, there's that for cloud, et cetera and so, for us, this is an important announcement because it gives us that added visibility now to IOT devices via the fabric. >> And the product, is it an appliance? Is it software? What's the product making? >> It's both. You can do a virtual machine version. It's also an appliance. It comes in different levels. The key for it though is the scalability because with IOT devices, we're not talking 100 devices anymore, we're talking millions of devices so what it's able to do is look across many different protocols and devices and provide that visibility of just about any device attaching to your network. >> Who's the target audience for FortiNAC? Is it the data center? Is it the cloud? Is it the remote? Where's the product actually sit? >> Well it's more by industry, so certain industries will have lots more of these types of devices attaching. So think of manufacturing for example. The medical industry as well. And so those are the real, education's another one, so it's more by vertical and it's really focused on campuses, large campuses or remote offices or even manufacturing plants where, again, these devices are attaching to your network. >> And they'll sit at the edge, monitoring what's coming in and out? Is that the purpose? >> Well that's the neat thing about it, it doesn't have to sit at the edge and see all the traffic. What it does is interrogate existing devices at the edge. It could be a switch, it could be a router, it could be an access point, and from that information it can make an assessment of what the device is attaching and then apply a policy. >> So this is part of a bigger holistic picture? We've have conversations with Fortinet in the past, a few conversations certainly around security, with cloud it's the top conversation, on premise it's the top conversation. You guys also have some complimentary products involved like the security fabric and the connectors. Does this fit into that? Take a minute to explain the relevance of how FortiNAC works with the security fabric and the connectors? >> Yeah, last time I was here I explained our fabric and so the fabric is basically something, is a set of Fortinet products, solutions in a way, that are very tightly integrated into the network or into the customer's ecosystem, and then once you've built that you then provide automation systems across for protection, detection and response. And the whole idea is to make sure you're covering what we call the digital attack surface. The digital attack surface now includes, obviously IOT devices, so gaining this visibility from FortiNAC, making sure the information is available to our fabric is crucial for us to make sure we can protect the digital attack surface. >> And for customer's the fabric is a holistic view, the NAC is a product that sits in the campuses or within the network that kind of communicates in the fabric? Is that right? >> Right. So the NAC can see all the IOT devices attaching and then it integrates back into the fabric. The fabric can then apply a policy, so the fabric can see everything now From IOT to the campus, to the WAN, to the data center, to the cloud and if, for example, those IOT devices are communicating with something in the cloud the fabric can see end to end and apply, for example, a segmentation policy, end to end, all the way through the infrastructure. >> You know what I love about having conversations with Fortinet is that you guys spark two types of conversations, use cases and then product technology conversation. This obviously is an IOT kind of product. It makes a lot of sense, you got a little SD-WAN in there. This is the top conversation around enterprises and people looking at cloud an/or looking at re-platforming around cloud operations, it's the cloud architect, it's the network architect. >> Yeah. >> These guys are really being asked to redo things, so how does the IOT fit into this? What is the product? What is the FortiNAC do for IOT from a use case standpoint and then product and technology? >> That's a good conversation because recently, maybe the last 18 months, instead of talking about a point solution, instead of talking about a specific use case, customers want to put all those use cases together and then produce a longer term, more holistic architecture. So now they have a cyber security architect, security architects as well as networking architects. And they want to look at their infrastructure, because that's the things that's changing the most right now. Sure, the threat landscape's out there and the cyber criminals are changing and stuff, et cetera but it's really that infrastructure that's changing the most because they've moving to flexible WAN systems or cloud and so they want it integrated, end to end, over a long time period. So what they want to be able to do is to automate, that's the key word, is automation. It's to make sure all these devices attaching are part of the security automation architecture and then they comply that security policy automatically to that device. >> You know one of the things that's a big trend in the industry is having network guys and people who are managing infrastructure, move from a command line interface, DLI, to automation. >> Mm. >> You mentioned that. How does the FortiNAC extend the security fabric? Because you guys essentially have that holistic view with the fabric. So now you have this IOT capability. How is that device extending the security fabric and what's the benefits to the buyer? >> Yeah, so the fabric has visibility obviously at the next generation firewall, we also have deployment of access points and switches. But obviously there are other companies with vast deployments of switches, I can name a few, and access points and so if they weren't our switches we couldn't necessarily see those devices attaching. And so what FortiNAC does, it comes in and provides us that now complete visibility. It doesn't matter if it's our infrastructure switches and APs, it can be somebody else's. FortiNAC can interrogate and talk to those devices and not only gain that visibility but if we decide there's a certain security posture we want to apply to some IOT device, we don't know what it is, we want it segmented, restrict it's access. Then the fabric can then tell the FortiNAC device to provide control and segmentation back to it. >> So they're working together? >> Working together and it gives us now complete visibility of the IOT devices. >> Let's talk about some the trends around segmentation. We heard, certainly recently at VMworld about micro segmentation's been one of the key things. A lot of top architects, both network and cloud and software are looking at micro segmentation or segmentation in general around the network. Why is it important and what are some of the use cases that you guys are seeing around segmentation? >> It's extremely important but it's a very complex problem in that even though our customer's have bought a lot of different security products from different vendors and different infrastructure, one of the things they don't always realize is they bought a lot of different orchestration systems, a lot of command and control systems and those are key in the future because those systems determine what the infrastructure looks like. You NAC system is kind of an orchestration system, allowing different devices to come on/off the network. SD-WAN has it's own orchestration system. You talked about micro segmentation, things like VMware and NSX and Cisco ACI, all the clouds have their own orchestration systems as well. AWS, Azure, and so what's interesting is none of them really talk to each other. They're more focused on looking after their part of the infrastructure. Now to do segmentation end to end you really need to have end to end orchestration across all those systems. If I want to orchestrate, as I said, that IOT communication with a select application in the cloud, I need to orchestrate all the way through those orchestration systems. >> You need an orchestration or the orchestration system that you have in the cloud. (laughing) >> You need a mother of all orchestrators in some way but I don't think that's ever going to happen and so what's going to happen, really, is your security architecture and segmentation will be specific to a platform or fabric as we're building and then your fabric has to connect into the orchestration systems to tell it what's going on within that section of the orchestration. Again, if it's a NAC system, I can just explain, I know these IOT devices are attaching, let me apply a policy to those. If I know the WAN links are a certain type then I apply that policy. >> And this is the benefit of a holistic fabric because that's kind of where it ties together, right? >> It is, so you build a holistic security fabric and then you let the different infrastructure orchestrators, like VMware, or an SD-WAN vendor or a NAC vendor, do their job, really focus on the infrastructure. >> And you guys help those guys out, big time, with the orchestration side of it? >> Well we can connect into the orchestration systems and we just use it to make sure the security component is doing well. They're more focused on making sure the infrastructure delivers the applications to the end user. >> They do their job, you do your job. >> Exactly. >> Take a minute to explain for the folks out there, explain segmentation and what it is and why is it important for networks? >> A very simple example of segmentation, a couple of years ago there was a bank that got hacked in one of the countries, I think it was the Philippines or something like that, and what they found out was that in that particular country they didn't have the same security infrastructure in place so they got in through that particular branch and came all the way back into the core network and so a very simple segmentation policy they put in place was that, I'm going to segment by countries. So I'm not going to let this country's network access the core data center, if I give it a certain trust level. Segmentation can mean physical countries. It can mean I'm going to segment my intellectual property off. I could be segmenting by functions. Don't let those sales people anywhere near the intellectual property. You can also segment by identity. So segmentation means many different things, you have to apply, I think different levels of segmentation depending on your applications. >> And this is proven, too? We've heard this in many conversations in theCUBE. We had one guy from the US government saying, "We have these critical infrastructure pieces in the United States, why would we let anyone outside the United States access it?" >> Yeah. >> That's a great example. >> I mean if you go to critical infrastructure, you're even more dangerous. I mean most of the infrastructure's been air gapped. It's been totally air gapped, you can't get at it but that's changing as more of those devices become IOT and you have to let some access that. >> And this is where IOT is a challenge that we're seeing. This is one of the problems? >> It's IOT. You know that category is often referred to these days as OT, operational technology. >> Talk about end points, we're hearing endpoints being discussed, like hey, you connect the endpoints, your endpoint strategy, network strategy. Kind of elusive for some, describe why networking the endpoints is an important feature or is it? When people think of the endpoint of the network what are they really talking about? >> Well I think it's become more important. It's interesting if you go back 10 years or so even 15 years, you have a lot of endpoint vendors. Semantics, MacAfees, Trend Micros, Microsoft, I think, is now the largest endpoint security vendor. Then you have a different set of networking vendors, ourselves and some other names out there I can't remember. But, they're totally separated and so to look at your network, give you visibility to policy and segment, you need to be able to see the endpoints and the network together. The security fabric makes sure that you can at least see the endpoint. You may not provide the full stack of security, you may leave that to your endpoint vendor still but your network should be able to see your endpoint and vice versa, and you should be able to see what's communicating between the two. >> I'd like to talk about SD-WAN, but before we go there, just to kind of close out IOT, talk about Fortinet's differentiation and advantages when you talk about convergence between IOT and access technology. >> So the base technology's NAC, network access control, which is in place there but our advantage really is now scale, we can see huge amounts of IOT devices which are attaching and then take action not only at the access level but all the way into the cloud. >> SD-WAN has become a really hot topic. It's a huge market. >> Yeah. >> It's in the billions in terms of spend, it connects devices, campuses and devices but cloud's had a big renaissance within the SD-WAN market. Talk about what's going on with SD-WAN and how the security fabric and the FortiNAC fit into that because it's not your grandfather's SD-WAN market anymore as the expression goes. >> No. Well it's in that class of everything's being software defined, fair enough. But I think this marketplace, if you go even three years ago, was dominated because all the, you've got two marketplaces. You've got what I call the retail, which is distribute enterprise, thousands and thousands inside which already went to a UTM infrastructure. And then you had the branch office, which was more connected, in fact, it just had a simple router in there, it was connected back to the data center which then would go into the internet. And so what's happened is these branch offices they need more and more access to the cloud, more cloud applications are running. You need to provider QOS against those applications and then also these large corporations have decided they don't want to pay, it's a lot of money to get certain, high quality EPLS circuits, when they can get faster circuits through DSL and other mechanisms and so they wanted more flexibility around the wide area network. >> So commodity network access which is, you know, cloud non and EPLS, were high priced, secure. You get now more cloud access, this is translating to more traffic or is it? Is that the driver in all this? >> Well that's what happens and then you get more traffic going through there, it's the same with the next gen firewall right now and people saying, "There's a refresh going, we don't know why." the reason for it is, when you're in your office you're more than likely communicating with the cloud versus your local databases and so the same for the branch office, there's more traffic going through there, it's more encrypted, they want flexibility, they want HA modes, if that goes down now, you've got a big productivity problem with your employees there. And so this whole market sprung from nowhere only three or four years ago and is already in, as you say, in the billions of dollars. There's a lot of acquisition's already happened, consolidation. In our mind it's very important but what's just a important as all those elements is security. If I open up my branch office now to an internet connection, I need best of breed securities on that device and so we've been building SD-WAN, what I call core functionality, for some time, inside our fabric. It's quite a natural integration now of security into that. In fact some recent tests we did with SS Labs, we got highly recommended, for not only the SD-WAN features but that core security. Today SD-WAN vendors will say, well I'll just go and get some security solution from somewhere and bolt it on or attach it on, provide it through the cloud and that's fine but longterm, again, if you come back to that coordination, that orchestration, across two different systems, it's going to become hard. >> And the other complicating factor in this, aside from the infrastructure component, is that a lot of the SAS applications that people are buying, whether it's shadow IT or just off the shelf, or there's Dropbox or any of these services that are SAS based, cloud based, that's creating less of a perimeter. >> Yeah, when it all comes back, technology called CASB is providing that interface into that world through APIs and it all comes back to making sure that all your mechanisms of protection, detection, control are available to all your systems. If I've got some SD-WAN device somewhere and I need to check where this is going, I can use my application database or if I need to check if I'm going to this cloud, I use my CASB API. And so it comes back to a platform approach, a fabric approach. >> John, what's the SD-WAN approach for Fortinet? How do you guys do it? Why should people care? What's the differentiation? Why Fortinet for SD-WAN? What's the approach? >> Integrated in one word. That is, you don't need two boxes, you don't need two VMs, you don't need a box plus a cloud, it's all integrated on the system, best of breed SD-WAN functionality, best of breed tested by third party security which allows you then to have a much more cost effective solution. I think our TCO in the test as a 10th, or a 100th of some of the leading vendors outside there because you're bringing two vendors together and it's gets very costly. >> Alright, I'm going to put you on spot, I'm going to put my cynical hat on. So you're saying integrate security with SD-WAN? I'm going to say, hey, why not just keep it separate? Why integrate? >> Because the two functions need to work together. Where's the firewall going to go? Is it going to go in the cloud or is it going to go here? Who decides on the policy? If something happens, segmentation, who's deciding on segmentation policy? Usually two different companies, they don't really talk apart from maybe, there's an API leak in the security capabilities but to our mind, again, it comes back to that end to end segmentation and that's what a lot of the, I would say, the larger infrastructure vendors are trying to do. I want infrastructure all the way to devices being added, through my campus, through my SD-WAN, data center and cloud and if you've got multiple vendors, again, all over the place, there's no way you're going to be able to coordinate that. >> Alright, so I'll put my IT practitioner hat on. Okay, so I get that, so probably less security manual risk for human error, but I really want to automate. My goal is to automate some of these IT functions, get better security end to end, does this fit that requirement? >> Yeah, so from an automation perspective, we're building in some tools of our own but what we're finding more and more is that from an IT, as you said, they've gone out and built some dev ops capability. Ansible's a good example there. So what we're doing is making sure that, in fact, a lot of our partners and our SEs have already built these scripts and put them on GitHub, well now Microsoft Hub or whatever you want to call it. So we're taking those in and we're QAing them, making sure they're a high quality and then making them available to our customers and our partners through there. So this dev ops world, especially with cloud moving so fast, has become very important and to us it's a very important area we want to make available to our partners and customers. >> One of the things that's talked about a lot is SSL inspection, is that important? What do you guys do there? >> I think it's extremely important in that, a lot of enterprises have switched it off. The reason they switched it off is because when you switch it on it almost kills your performance. There was a recent, again an SS Labs test that was doing next gen firewall testing for SSL and some vendors' performance decreased by 90% and basically it was useless, you had to turn it off. A lot of enterprises want to switch it on. To switch it on, you need a system that has the performance capabilities. I think we decreased around 15%. The law of physics say you've got to decrease in some way but 15%'s a lot better than 90%. And you've got to switch that on because otherwise it's just a giant hole in your firewall. >> John, talk about the cloud because cloud now has multiple tracks to it. Used to be straight public cloud. Obviously on premise is this hot hybrid cloud, multi cloud is the center of the controversies, it's been validated. We see Amazon Web Services announcing something with VMware validation that you're going to start to see an on premises and cloud and some cloud native, born in the cloud companies will be out there. How do you guys extend the security fabric for those two cloud use cases? How does the Fortinet products scale to the cloud? >> Yeah, two good points. Again, a few years ago, I'd ask customers about cloud and say, "Yeah we're going to takes some steps in AWS." Now it's I've got four clouds, what's the next cloud I'm going to put inside there? I've got global clouds around the world. It's kind of interesting that there is this mad rush and it's still going on into public cloud but then I still see some people trying to do hybrid cloud and put some stuff inside their data centers. Some customers don't want that data leaving, regardless. Some people can't move mainframe applications out there so there's always going to be a hybrid world for some time but the key is multi cloud security in that, more than likely, your AWS security systems are not going to work inside a Google cloud, are not going to work inside your Azure cloud, are not going to work inside some of the data center pieces. And so hybrid cloud and multi cloud security Are really important, so for us the ability to support all those clouds, and it's not just saying, well I can put my firewall VM inside AWS. There's a whole set of deep integrations you need to do, to make sure you're inside their automation systems, you can see visibility, there's a lot of practices around compliance, et cetera, so it's actually a big task for each of us to make sure that we're compliant across the set of functions for each of those clouds. >> My final question is going to be around customer impact. If we zoom out, look at the marketplace and I'm a CIO or CXO, I'm a big time, busy enterprise architect or CIO, I'm so busy, I've got all this stuff going on, why Fortinet? Explain to me why are you important in my world? What should I be thinking about? What are some of the opportunities and challenges that I might face? What should I look at? I want to go to the cloud as much as possible because there's some benefits there. I want on premises to be as seamless as possible to the public cloud. I want rock solid security. I want to have the ability to use SAS apps. >> Right. >> Have programmable networks and have a great development team building top line revenue for my business. How can you help me? >> Is that all? (laughing) I think CIOs and CXOs are happier dealing with less vendors. The trouble is with some very large vendors, they just slow down the development side. I think what we bring to the table and by the way we're not the third largest cyber security company out there, what we try and bring is a broad approach, a broad product set so you can have different things from us as well at integrate into your current set but we try to keep very agile and fast with our developments because otherwise you'll fall behind the infrastructure, you'll fall behind the cyber threats. You know, GDPR, for example, over the last year, you've got to keep up with that. What we bring to the table is now a reasonably large company, we're five and a half thousand employees. A very large R and D budget, we try and move very fast. A large product set, all integrated through our fabric but again, we try and stay as agile and as fast moving as possible. Where we can't do it organically, we try and do it organically so our system integrate very well, where we can't do it, then we'll go and make smaller acquisitions, Bradford Networks was an example of that for IOT but I think we're building now a much better relationship with the CIO and CXO level and becoming one of their strategic partners going forward. >> Talk about the community that you guys have built because I've noticed, and I've seen you guys, certainly over the past couple years, that RSA I think a year and half, two years ago, you're working with a lot of industry partners. It's not just Fortinet by themselves, you work within the industry itself. >> Yeah, because people are building their ecosystem and they've made some decisions and hey want you to integrate inside those so we have about 50 partners now where they use our API to provide integration so they built our API and although we've mentioned FortiNAC today, we have APIs, for example, for ForeScout and other NAC vendors so if they've chosen that specific vendor, then we're fine, we'll integrate that inside our fabric. Will it have the level of integration that we have? Probably not, but at least you can see, have visibility, for example. I think the technology we've been building in the last year or so is something called fabric connectors which is a much, much deeper integration into the platforms so we have connectors for VMware NSX, for Cisco ACI, for AWS, and this provides a two way communication and that two way communication is important for one word, and that's automation. So once you can see things, once you direct policy backwards then you can start stitching together these objects and provide that end to end automation. >> Final question for you, a lot of the leading enterprises and businesses out there that are using technology to build digital business, whether it's from developers all the way down under the hood into the network, are all betting on multi cloud. Clearly that's obvious to us and that's pretty much being picked up by mainstream now. So early adopters that are leading the charge are multi cloud. If I'm betting on multi cloud, why Fortinet? Why should I be working with you guys? >> Because we're committed to supporting all those clouds. And as I said, it's no easy task to support, I think we support six clouds now, to go through all the different items and integrations across that, we're committed to that. We've got probably the most expansive integration across the most security products inside the industry and we'll continue to do that going forward. >> John, thanks for spending the time. John Maddison, senior vice president products and solutions at Fortinet here inside the special CUBE Conversation with the big news today, the FortiNAC new product integrating with the security fabric, IOT, SD-WAN, cloud solutions for multi cloud and IT. As automation comes down the road really fast, we're here in theCUBE bringing it to you. I'm John Furrier, thanks for watching. (intense orchestral music)

(upbeat techno music) >> Narrator: Live from Las Vegas, it's The Cube, covering Fortinet Accelerate '18, brought to you by Fortinet. >> Welcome back to The Cube's continuing coverage live from Fortinet Accelerate 2018. I'm Lisa Martin with The Cube, along with my co-host Peter Burris, and we're very excited to welcome a Cube alumni back to The Cube, Derek Manky, the global security strategist from Fortinet - welcome back! >> Derek: Thank you, it's always good to be here. We have great conversations. >> Lisa: We do. We're happy that you think that. So, lots of news coming out today. But, I want to kind of start with, maybe a top-down approach, the theme of the event: strength in numbers. >> Derek: Yes. >> Lisa: As a marketer I'm like, "What are they going to share?" And of course, Ken and a lot of your peers shared a lot of interesting statistics. From your standpoint - what you're doing with FortiGuard Labs, strength in numbers, help us understand that from the technology standpoint. What does that mean to you? >> Derek: Sure, sure. So, there's a couple aspects to that. First of all, I've always been a firm advocate that we can never win the war on cybercrime alone. We have to be able to collaborate; collaboration is a key aspect. The attack surface today now, just from if you look at the complexity of attacks, the attack surface is massive today. And it's going to continue to expand. I mean, 15 years ago, we're just dealing with you know, threats that would operate on IRC channels or something, you know, some websites, and just some spam attacks. Now, we have to deal with that in addition to this growing attack surface, right? Specifically, with IOMT - the Internet of Medical Things, OT, as well. You have within that OT umbrella, obviously, things like the connected vehicles and all of these different things, which I know you've seen here, also, at Accelerate. So, when we look at that attack surface, you need security in all aspects - end-to-end, right? And so, from a security architecture perspective, strength in numbers is important to have that whole coverage of the attack surface, right? That's not complex and easy to manage. At the same time, being able to inter-operate: that's another strength. You know, the more a structure is bonded or glued together, the more resilient it's going to become. That's the exact concept of the fabric, right? The more that we can inter-weave the fabric and connect the different nodes together and share intelligence, that becomes a much, much stronger structure. So, to me, the strength in numbers means collaboration, information flow, and also end-to-end coverage between the security solutions. >> Peter: But it also means, you know, the growing ecosystem; the need for additional expertise, greater specialization in people. Talk a little bit about how, from a strategy standpoint, Fortinet is helping prepare people for different types of inclusion, different types of participation; what it means to be great, in a security way. >> Derek: Yeah, absolutely. I think there's very (mumbles) We're taking a multi-pronged approach to that. If you look at things like our NSC training program - it's the largest in the industry - so, training other experts through our partners. Growing, doing that knowledge transfer in expertise onto new features, like we're doing here at Accelerate, is critically important. So, that's one aspect when you look at the ecosystem. When you look at something for FortiGuard, as an example, what we're doing. We have, traditionally, you know, we've trained up a very large team; we have 215 security experts at FortiGuard, which is, for a network security organization one of the largest in the world, if not the largest. >> Peter: And FortiGuard is a practical and active think tank, right? >> Derek: Absolutely, yeah. It's many things, it's reactive protection, it's proactive protection, it's - now we've just launched the FortiGuard AI, as well; artificial intelligence, machine learning, that's all the threat intelligence aspect. So, it's threat detection and response. Again, if you look at technology, when we started just with antivirus and intrusion prevention and things like this, it was very signature-based and reactive. We went from signature-based detections to anomaly-based detections. Now, the third generation of this is machine learning and deep learning And going back to your question: we don't ever want to replace humans - because humans are very important in this ecosystem - rather, repurpose them, right? So, what we're doing, as an example, is when we, you know, train our analysts. Instead of having them do day to day tasks like some signature creation or something like this, we can actually have AI systems replace that to identify a threat, respond to it, and then repurpose those humans for something more strategic, you know, looking at the context, "How bad is this threat?" "Why is it a threat?" "How do we respond to it?" "How do we work with partners and customers?" We've launched our threat intelligence service, as well. This is a good example of something we've used internally within FortiGuard to protect customers. Now, we're offering this as a service to customers for security operation centers. We also have our Forti analyzer product and incident response framework. These are all key components that we're empowering organizations to be able to respond those threats. But, again, strength in numbers, it's this ecosystem working together. So, fabric-ready partners is another good example of that strength in numbers, I think, too. >> Peter: Well, I remember the first time I walked into a knock and found the security person and their eyes were literally bleeding. (Derek chuckles) And it's nice to have AI be able to take that kind of a load off, to be looking at some of these challenges, some of these anomalies, things previously we expected people to be able to uncover. >> Derek: Yeah, and (mumbles) when we talk about AI, to me, it's a trust exercise, as well. When you talk about machine learning, it's an accuracy problem, right? "How accurate can the machines really be?" When we pass the torch, as I say, to the machines to be able to take on those day to day jobs, we have to be able to trust it, saying, "You're doing a good job and you're accurate." So, we're using supervised learning, right, where we have our human experts actually training the machines - that's a good use for them, instead of just doing the same cycles day to day, you know, as an example. That's another way that we're scaling out that way. I think it's absolutely required in today's day and age. If you look at the numbers, it's an exponential curve right now. Last year, one year ago today, on average we're seeing about a million hacking attempts in just a minute across the entire globe, right? Now, we're seeing that number up over four million. So, it's increased four-fold in just a year, and that's just going to continue to rise. So, having that automated defense and AI machine learning; machine learning's just a learning aspect; the AI is the actionable part - how we can take that intelligence and put that into the fabric so that the customer doesn't have to do that themselves. I mean, the customer doesn't always have to be involved in the security aspect of that, and that's how we start reducing on the complexity, too. >> Lisa: You mentioned a couple terms that I wanted to pivot on: proactive/reactive. One of the biggest challenges that we hear from the C-suite in this perspective is visibility, complexity, but also high TCO reactivity. Where is Fortinet enabling, when you talk to customers, that shift, that successful shift from reactive to proactive? >> Derek: Right, yeah. Good question, very good question. I think - just parallels - I mean, they're both always going to have to exist, that's just their nature. I mean, if you keep walking across, you know, it's like Frogger - if you keep walking across a busy highway, you're going to get hit eventually, 'cause there's that much traffic, that much attacks coming, right? So, again, the incident response angle - using detection systems and, you know, threat reporting, and this intelligence service to be able to, you know, alert on what sort of attacks are happening and how to prioritize that is one way on the reactive end. On the proactive end: consulting. We have a team of consulting engineers and specifically, ones on FortiGuard, so threat experts that are able to actually analyze. So, we have programs, like CTAP, as a cyberthreat assessment program that is able to able to go into these new networks as a free service and do assessments. So, audits and assessments on the state of security on that network - end-to-end, right? So, we're talking even up to the distributed enterprise level. It's very, very important because we're in a day and age of information overload, especially if you talk to, you know, most CSOs (chief security officer) I talk to, they say "Derek, I got so much traffic being thrown at me; I have all these security logs that are letting up - how do I prioritize and respond to that?" So, if you can understand who your enemy is - what they're up to, then you can start building an appropriate security strategy around that, as opposed to just building checkboxes and, you know, building a fort and thinking you're protected against everything. That's a very important part. And, of course, there's proactive security technologies: anomaly-based, you know, things like sandbox detection that we've already integrated into the fabric ecosystem. But, visibility is key first; know your enemy, understand it, then build up a stack around that. >> Peter: So you're a strategist? >> Derek: Yes. >> Peter: What's the difference between a security strategist and a strategist - a business strategist? And, specifically, how is security strategy starting to find its way into business strategy? >> Derek: Really good question. So, it's becoming blended, right, because security is a vital part of business today. So, if you look at some attacks that even happened last year, there's targeted attacks that are starting to go after big businesses; critical revenue streams and services, because these are high payouts, right? And so, you know, if you look at building a business, you have to identify what are your digital assets: that can include services, intellectual property, and what would happen if that service was, you know, if there was a denial-of-service attack on that? How much lead or revenue loss are you going to have versus the cost of implementing, you know, an adequate security structure around that? So, you know, security's a board-level discussion right now, right? And so, when I think you look at building up these businesses, security should be, by design, from the top down - let's start it there. >> Peter: But, is it finding its way, and we've asked this question a couple times - at least I have - is it finding its way into "Hey, my balance sheet is a source of competitive advantage; my sales force is a source of competitive advantage." Is your security capabilities a source of competitive advantage in a digital business? >> Derek: I would say absolutely, yeah. It's starting to find its way in there. If you look at regions like Australia, you know, they just implemented a mandatory breach disclosure, right, so then, any business that is earning, I think it's like over two million dollars in revenue, needs to, you know, have a certain security posture in place and be able to respond to that. And that's trust and brand recognition. So, because, having, you know, cases like this, building trust with your provider, especially if we talk about, you know, cloud services; I'm putting my data into your hands and trust. How well do you trust that? Of course, if there's good reputation and a powerful security solution, you know customers are going to feel safer doing that. It's like, are you going to, you know, put your gold in Fort Knox or are you going to put it, you know, bury it in your backyard? There's a definite relationship happening there. >> Lisa: I read (hesitates) I didn't read this report, but I saw it the other day that in 2017, a kind of cybercrime report that said by 2021, which isn't that far away, that the global impact will be six trillion dollars in cybercrime. >> Derek: Yeah. >> How do you see the public sector, the private sector working together to help mitigate that, where that cybercrime is concerned and the costs that are so varied and large. >> Derek: Yeah, it's not just cybercrime, either. It's cyberterrorism, these other aspects, especially if you're talking about public sector, if you're talking about critical infrastructure and also with, you know, energy sector and operational technology and all of these things, too. So, you know, it becomes very important for doing a collaboration in alliances - that's something that's actually close to my heart. You know, at FortiNet and FortiGuard, we've formed several strategic partnerships in alliance with public sector, mostly, you know, national computer emergency response, because we feel that we have a lot of intelligence. We're very good at what we do, you know, we can protect customers; detecting threats. But, if there's an attack happening on a national level, you know, we should be able to empower - to be able to work together to combat the threat. It's the same thing even with cybercrime, right? So, as an example, we work with law enforcement, as well with cybercrime, trying to find threat actors in the adversary; cybercriminals are running their own business, and the more expensive you can make it for them to operate, it slows down their operations. >> Peter: A COGS approach to competition. >> Derek: Yeah. (chuckles) Yeah, yeah. And, you know, they're always going to find the path of least resistance, right? That's the whole idea of security, strategy too, is, we call it the "attack chain," right, this layered security - that's the strength in numbers theme again, right; end-to-end security that makes the whole security chain stronger 'cause of that bond and that makes it more expensive for the cybercriminals to operate, too. So, as an example, like I said, national CERT, law enforcement; we're even teaming up in the private sector - a cyberthreat alliance, as well, that's been a very successful project; Fortinet's a founding member, I'm on the steering committee of the cyberthreat alliance. >> Peter: It was Ken's brainchild, wasn't it? >> Derek: Yeah, yep, yeah. And so, you know, we're competitors in the industry but we're actually - it's a friendly environment when we meet and it's actionable intelligence that's being shared. Again, it comes down to how well you can implement that technology, or that (hesitates) information in your technology - that's an important part. >> Lisa: So, here we are at Accelerate 2018 the - I think Ken was saying the 16th year of this event. What are you looking forward to in 2018 for Fortinet, looking at the strength of the partners - those behind us. What's exciting you about the opportunities that Fortinet has in 2018? >> Derek: It's never a boring day. (laughs) There's a lot of interesting opportunities to work with. I think it's - what's exciting to me is the vibe. People are very keen on this, right? If you look at our fabric-ready program, it's growing quite significantly and I think it's fantastic, there's a lot of people, you know, that are energized and willing to work in these programs. There's a lot of programs we can build at, specifically, FortiGuard, as well. Like I said, these threat intelligence services that we're offering to our partners now, which include, you know, proactive alerts, early warning systems. That empowerment and, you know, working together definitely excites me - there's a lot of opportunities there. And there's going to be a lot of, you know, challenges to overcome. If we look at the threat landscape right now, you know, one thing I'm talking about is swarm bots. It's this swarm intelligence - there's parallels here again; we talk about strength in numbers and what we're doing on our side. The bad guys are also teaming up and doing strength in numbers on their side, too. So, we're looking at on the horizon threats like this that are using, leveraging, their own learning mechanisms, being able to self-adapt to be much quicker to attack systems, right, because that's on the horizon - we're already seeing indications of that; we have to get this right. I think for the first time in the industry, you know, we're doing this right. You know, if you look at years past, cybercriminals, they can do a million things wrong and they don't care, right? So, we need to be able to overcome more hurdles. If we work together, which we're doing right now; I think for the first time, we have the opportunity to have an advantage over the cybercriminals, too. So, that's also exciting. >> Lisa: Definitely. We've heard a lot of, I think, conversation today along the spirit of collaboration, compatibility. So, that sentiment, I think, was well represented from your peers that we've spoken with today. >> Derek: Yeah. Everybody has a part to play, I think, right? And that's the thing - you mentioned the word "ecosystem" and that's exactly what it is, right? And that's another brilliant thing we're finding is that everybody brings some strength to the table, so that's another aspect, and I think people, you know, are realizing that organizations are realizing that they can actually play in these collaborations. >> Peter: It's not a zero sum game. >> Derek: No. >> Peter: It's not. I mean, there's so much diversity and so much opportunity and this digital transformation going to have touched so many different corners in so many different ways. >> Derek: Yeah. >> At this point in time, it's "How fast can we all work together to take advantage of the opportunities?" and not "Eh, I want that piece and I want that piece." because then the whole thing won't grow as fast. >> Derek: Yeah, and, you know, the other challenges - the technology challenge, and that's something we are addressing as well. Like, we're actually creating a solution to this - a framework, as we did with the cyberthreat alliance, but also with the fabric program, as well, so having those tools is very important, I think, as well, to help grow that ecosystem, right? >> Lisa: Exciting stuff, Derek. Thanks so much for joining us on The Cube and sharing some of the things that you're working on, and, it sounds, like you said earlier, never a dull moment; every day is a busy day. >> Derek: Absolutely not. Yeah, there's a long road ahead and I think there always will be. But, like I said, it's a lot of exciting times and it's good to see progress in the industry. >> Lisa: Absolutely. Well, thanks for your time. We look forward to our chat next year and to see what happens then. >> Derek: Okay, thank you so much! >> Lisa: Absolutely. We want to thank you for watching The Cube's continuing coverage of Fortinet Accelerate 2018. For Peter Burris, I'm Lisa Martin, and we'll be right back after a short break. (subtle electronic song)

>> Announcer: Live from Las Vegas. It's theCUBE. Covering Fortinet Accelerate 18. Brought to you by Fortinet. (upbeat music) >> Welcome back to theCUBE. Our continuing coverage of Fortinet Accelerate 2018. We're excited to be here. I'm Lisa Martin with Peter Burris, and we're excited to talk to one of the Keynotes the big cheese from the main stage session this morning, John Maddison. >> I say, small cheese I would say. >> SVP of Products and Solutions at Fortinet. Welcome back to theCUBE. >> It's great to be here again. >> So two things I learned about you when you started off your Keynote. One you're a Man City Fan, Manchester City. >> Manchester City Blue. >> Okay. >> Through and through, for many years. >> Premier League all the way. And you have the best job at Fortinet. >> I do indeed. >> Wow. >> That is to announce the new products of course. >> So let's talk about that. So you talked about some exciting announcements today. Tell us about, start with a Security Fabric. What's new there, what's going on, what's exciting? >> Well the core of the Security Fabric is FortiOS 6.0, that's our network operating system. That's the core of he Fabric and when we do a big release like this, many different features, new functionalities. Also we have tighter integration now between all our products in the Fabric. Bus, as I said, new features as well. Things like SD-WAN has been improved, we now have probably estimate of breed SD-WAN security. The Fabric integration itself is going on. We built out some new connectors with cloud. Now we have connectors for all the public clouds. All the public clouds. We have a new CASB connector, acronym city, of course, as usual, CASB is cloud access security broker, API access the SaaS clouds. And so we've got that not only in it's standalone form but also very much integrated inside the Fabric. We've also introducing some new FortiGuard service as part of FortiOS 6.0, a new security rating which is based on a bunch of new practices or best practices that all our customers have said this is great best practices, can you put this together and apply these to our network overall. That's just skimming the surface as I say, I think I said there's 200 plus new services I could have stood up there for like six hours or whatever. But great new services are 6.0 big announcement for us. >> We just chatted with your America's Channel Chief Jon Bove, talk to us about. >> Who's an Arsenal fan by the way. >> What. >> And we beat him Sunday three nil in the Cup final. >> Excellent. >> Just to make sure you get this. >> I'm sure. >> Write that down. >> Jot that down. >> So what excitement are you hearing in, from your perspective, in the channel with respect to all of the new announcements that you made today? >> Great feedback, so this obviously is a big channel partner event here. You know what a lot of channel partners are saying is that I need to make sure I provide more of a solution to the customers. In the past, you know maybe they sell a point product, it's hard to kind of keep that relationship going with that customer. But if they sell a solution with one or two products that's part of that solution or managed and some services as part of that, it's much stickier for the partners and gives them a bit more of an architectural approach to their customers network. They really like the Fabric as I said. The Fabric doesn't have to be everything inside the Fabric, they can be components. It's what we've seen far from a Fabric components. Our partners really latched on to the network plus the advanced threat protection, plus the management or plus the access points. But they definitely prefer to sell a complete solution. It's hard for them to manage 40 different security vendors, the skill sets, the training and everything else. Now they're not saying there needs to be one security vendor, much as we would like it to be Fortinet, but they need to be reduced to maybe a set of 10 or 12 and really, our Fabric allows them to do that. >> That's a key differentiator. >> Absolutely key differentiator and as I said, you know it's very hard to build a Fabric. It's a mesh network, all these products talk to each other. You can only really do that if you build those products organically, step-by-step, alongside the network operating system. It's no good acquiring lots of bits and pieces and trying to bolt it together, it's not going to work. We spent a long time, 10 years, building out this Fabric organically to make sure it integrates but also putting the best of breed features and things like SD-WAN and CASB. >> What is the product? In this digital world what is a product? >> A security product? >> Any kind of product. As a guy who runs product management, what's a product, can we talk about what is a security product? >> I think in the past you know product management used to be very focused on I've got a box that comes out, or I've got a piece of software that comes out, these days it could be virtual machine or cloud, but it's doing a single instance, there's a single thing that it's doing inside, inside the network from a security perspective. What we believe in is that multifunction, now consolidation, multiple threat vectors I refer to this that like the digital attack surface. The digital transformation, security transformation. The biggest issue though, is that digital attack surface. That's just expanded enormously, it's very dynamic. Things are coming on on off the network was spinning up virtual machines and applications here and there. A point product these days just can't cope, can't cope. You need solutions against specific threat vectors that are applied in a dynamic way using the Fabric. >> But arguably it's even beyond solutions. You need to be able to demonstrate to the customer that there is an outcome that's consistent and that you will help achieve that outcome, You'll take some responsibility for it. In many respects, we move from a product to a solution, to an outcome orientation. Does that resonate with you and if so, how does that influence the way you think and the way that you're guiding Fortinet and partners? >> Yes, definitely. You know one of the first things they're very worried about is you know can they see that digital attack surface. It's very large now and it's moving around. Their outcome, first outcomes to say, do I know my risk on my attack surface? That's the very first out. Is it visible, can I see it, or can I protect it or can I apply the right threat protection against that. That outcome to them is they can see everything, protect everything, but as I said also, now they're moving into this more detection environment. Where you've got machine learning, artificial intelligence because you need to apply that. The bad guys these days are very smart in that they know they can morph things very quickly and provide you know targeted attacks, zero-day attacks, we probably haven't seen it before. I hate this analogy where we say somebody else got to get infected before everyone else gets protected. It shouldn't be that way. With, you know, with technologies like artificial intelligence, machine learning, we should be able to protect everybody from day one. >> Kind of pivoting on, you brought up the word outcome, and I want to go off that for a second. When you're talking with customers and you mentioned, I think, before we went live that you visited, talked to over 300 customers last year. Who is at the table, at a customer, in terms of determining the outcome we need to have? Are we talking about the CSO's team, what about folks in other organizations, operational technology departments. Who are you now seeing is in this conversation of determining this outcome. >> A new job role which I think been coming for a while, it's the security architect. Two years ago, I'll go into a room and there would be the networking team on one side of the table, this InfoSec team security side, on this side of the table, the CIO over here and the CSO over here and they be debating. I would be almost invisible in the room. They'll be debating what's going to happen because you know the CIO wants to build out more agile business applications, wants to move faster. The security team has got to answer to the Board these days, and they got to make sure everything's secure. What's their risk factor? And what I see is a new job function called the security architect, that kind of straddles a bit the networking team, understands what they're building out from an SDN, architecture, cloud perspective, but also understands the risks when you open up the network. The security architect provides more holistic, long-term architecture view for the customer, versus, I've got to fix this problem right now I've got a hold of a bucket, I've got to fix it, then we move on to the next. They're building a system on architecture long term. We have something called a Network Security Expert, it's our training education capability. We have an NSC eight, we have around 100 thousand people certified in the last two years on NSC between one and eight. And about 100 people on eight, because eight's a very high level architect level across all the security technologies. But we definitely see a lot of partners who want to get their people trained to NCE level eight because they would like to provide that security architect that's in the customer now, that advice on what should be that holistic security architecture. The big change to me is that the networking team and the security team have realized they can't just keep fixing things day to day, they need a more holistic long-term architecture. >> Let's talk about that holistic approach. At Wikibon we talk a lot about SiliconANGLE Wikibon, we talk a lot about how the difference between business and digital business is the role that data assets play in the digital business. I think it's a relatively interesting, powerful concept, but there's not a lot of expertise out there about thinking how is a data asset formed. I think security has a major role to play in defining how a data assets structured because security in many respects is the process of privatizing data so that it can be appropriated only as you want it to. What does the security architect do? Because I could take what you just said and say the security architect is in part responsible for defining and sustaining the data asset portfolio. >> Yes and you know, if you go back a few years, there's data leakage prevention was a big area, big marketplace, DLP is the best thing. Their biggest problem that they did was they couldn't tag the assets. They didn't know what assets were so then when it came to providing data protection they go well, what is it, I don't know where it's from, I don't know what it is. And so that a whole marketplace kind of just went away. We're still there a bit, but everyone's really struggling with it still. The 6.0 introduced something called tagging technology. It's inherent already inside routing systems and switching systems, SDN systems. The tagging technology allows you to look at data or devices or interfaces or firewalls from a higher level and say this is the business relationship between that device, that data and what my business objectives are. We talked about intent based network security and the ability long term is to say, hey, if I've got a user and I want to add that user to this network at security level six to that application, I say that, then it gets translated into bits and bytes and network comport and then gets translated end-to-end across the network. The tagging technology from my mind is the first step in a to be able to kind of tag interfaces and data and everything else. Once you've got that tagging done then you can apply policies as a much higher level which are data centric and business aware centric. >> I'm going to ask you a question related to that. Historically, networks in the IT world were device was the primary citizen right. Then when we went to the web the page became a primary citizen. Are we now talking about a world in which data becomes the primary citizen we're really talking about networks of data? >> I think to some extent. If you look at the users today, they have like maybe three or four devices. Because students, universities, there's something on with those lectures, they've got an iPad, their iPhone, three devices attaching there. I think the definition of one user and one device has gone away and it's multiple devices these days. And you know a lot of devices attaching that no one has any clue about. I don't think it's going to be completely data centric because I still think it's very very hard to tag and classify that data completely accurately as it's moving around. I think tends to be a part of it, I think devices going to be part of it, I think the network itself, the applications, are all going to be part of this visibility. In our 6.0 we provide this topology map where you can see devices users. You can see applications spin up, you can see the relationship between those things and the policies, the visibility is going to be extremely important going forward and then the tagging goes along with that and then you can apply the policy. >> With respect to visibility, I wanted to chat about that a little bit in the context of customers. One of the things that Ken talked about in his keynote was. >> Ken? >> Ken. >> Ken Xie. >> Yes. (laughing) >> Ken who? >> That guy? The guy that steals slides from you in keynotes. >> He did as usual. >> I know, I saw that. >> Tells me like two minutes before tells me John, I need that slide. (Peter laughing) >> That's why you have the best job. Everybody wants to copy you. In terms of what what the CEO said, that guy, that Fortinet protects 90% of the global S&P 100. There were logos of Apple, Coca-cola, Oracle, for example. In terms of visibility, as we look at either, a giant enterprise like that or maybe a smaller enterprise where they are, you mentioned this digital tax surface is expanding because they are enabling this digital business transformation, they've got cloud, multi-cloud, mobile, IoT, and they also have 20, north of 20, different security products in their environments. How did they get visibility across these disparate solutions that don't play together. How does Fortinet help them achieve that visibility, so they can continue to scale at the speed they need to? >> Well I think they use systems like SIM systems we have a Forti SIM as well where you can use standard base sys logs and SNMP to get information up there so they can see it that way. They're using orchestration systems to see parts of it, but I think long term, I think I speak to most customers they say, although there's specific, new vendors maybe for specific detection capabilities, they really want to reduce the number of vendors inside their network. You say 20, I sometimes I hear 30 and 40. It's a big investment for them. But they also realize they can't maintain it long term. Our recommendation to customers is to, if you've got some Fortinet footprint in there, look at what's the most obvious to build out from a Fortinet perspective. Sometimes we're in the data centers or sometimes we expand into the WAN and sometimes we expand into the cloud. Sometimes we'll add some advanced threat protection. We're not saying replace everything obviously with Fortinet, we're saying build what's most obvious to you and then make sure that you've got some vendors in that which are part of our Fabric alliance. We have 42 vendors now, security vendors, from end point to cloud to management that can connect in through those different APIs. And when we click them through those APIs they don't get you know the full Fabric functionality in terms of telemetry and visibility but they apply a specific functionality. A good example would be an endpoint vendor connecting through our sandbox not quite sure about files, entered our sandbox we'll give them a recommendation back. As soon as we know about that, all the Fabric knows about it instantly across the whole network because time is of the essence these days. When something gets hacked, it's inside a network. It's less than 60 seconds for something for the whole network. That's why segmentation, interim segmentation, is still a very important project for our customers to stop this lateral movement of infections once they get inside the network. >> But, very quickly, it does sound as though that notion of the security architect, this increasing complexity inside the network and I asked the question about whether data is going to be the primary decision, you get a very reasonable answer to that. But it sounds like increasingly, a security expert is going to have to ask the question how does this data integrate? How am I securing this data? And that, in many respects, becomes a central feature of how you think about security architecture and security interactions. >> Yeah but I think people used to build a network and bolt on security as an afterthought. I think what they're saying now is we need for the networking people and security people to work together to build a holistic security architecture totally integrated day one, not some afterthought that goes on there. That's why we know, we've been building the Fabric all these years to make sure it's a totally integrated Fabric end-to-end segmentation architecture where you can also then connect in different parts of the network. It has to be built day one that way. >> Last question, is sort of, I think we asked your CSO this, the balance between enabling a business to transform digitally at speed and scale. I think it was one of you this morning, that said that this is going to be the year of security transformation. Could've been that guy, that other guy, that you know, steals your slides. But how do how does a company when you're talking with customers, how do they get that balance, between we are on this digital transformation journey. We've got a ton of security products. How do they balance that? It's not chicken and egg to be able to continue transforming to grow profit, you know be profitable, with underpinning this digital business with a very secure infrastructure. >> As I said, I think most of them got that now. They kind of go, they've got this five-year plan versus a one-year plan or a six-month plan on the security side. It's integrated into the network architecture plan long term and that's the way they're building it out and that's the way they've got a plan to get, you know, you look at financial organizations who want to provide internet access or branch offices. They've got a plan to roll it out, that's safe going forward, or they want to add broadband access to their internet, like 5G or broadband interconnection, they've got a plan for it. I think people are much more aware now that when I build something out whether it be on the data side on the network side, it has to be secure from day one. It can't be something I'll do afterwards. I think that's the biggest change I've seen in my customer interactions is that they absolutely, essential is absolutely essential that they build out a secure network from day one, not an afterthought going forward. >> Well, we'll end it there, secure network from day one. John, thanks so much for stopping by theCUBE, congratulations on the announcements and we hope you have a great show. >> Great thanks. >> Thank you for watching, we are theCUBE, live from Fortinet Accelerate 2018. I'm Lisa Martin with my co-host Peter Burris. Stick around, we'll be right back.

>> Narrator: Live from Las Vegas, Nevada, it's The Cube, covering Accelerate 2017. Brought to you by Fortinet. Now, here's your host, Lisa Martin. >> Hi, welcome back to The Cube. We are Silicon Angle's flagship live streaming program, where we go out to the events and we extract the signal from the noise, and we bring it right to you. We are in beautiful Las Vegas with Fortinet. Today, or this week is their Accelerate 2017 event, and we've been excited to be chatting with a lot of their folks and technology partners. Today we are joined by two gentlemen from Fortinet. First, we have John Maddison. You are the Senior Vice President of Products and Solutions. >> Indeed. >> Lisa: Hey John. >> Hi. >> Lisa: Thanks for joining us. We've got Joe Sykora who is the Vice President of America's Channels. >> Thanks Lisa. >> So guys, a lot of exciting stuff going on today. I wanted to give the viewers here who haven't had a chance to meet you guys yet, what you're both doing. John, you have a veteran. You're a veteran of over 20 years experience at telecom >> At least. >> At least 20 in IT infrastructure, security industries, you've lived in Europe and Asia and the U.S. and worked in those. Joe, you oversee quite a big channel of over 7400 America's partners and the entire channel strategy. So you guys are kind of busy. >> A little bit. >> Joe, you're probably pretty proud of this. You were named, in 2015, by CRN as one of the 50 Most Influential Channel Chiefs. >> Yes I was. >> Did you get like a button or hat? >> No, I think it's a t-shirt. >> Oh, t-shirt. >> Absolutely. >> Outstanding, so speaking of t-shirts, I have no segue there, wanted to understand, we've been talking to a lot of your folks today, as I mentioned. We talked to your CEO who was talking about this third generation of security and kind of where we are today with that. And then we talked to Drew, the CFO, who was really talking about the criticalness of trusting data. With the announcement today, maybe John I'll throw this to you, the announcement today of the new products and technologies, how are they going to continue to facilitate or enable your customers, direct or indirect to be able to trust their data? >> Yeah, so we announced the fabric last year. Today, we announced our operating system Fi.6, which is extension of the fabric. We also announced something called intent-based network security, which is the next generation of network security that Ken Xie, our founder, talked about. And then we also announced, the third thing is our new security operations solution, which brings together several products for the infosec world. So I think all of these come together to make sure that we're continuing the effort to make sure our customers are safer, that they can integrate the fabric into their infrastructure and obviously, that's very important to their brand. >> That was going to be one of the things I was going to talk about is are you seeing that you're making a difference in the brand of a customer? We were talking, before we started today, and a lot of you are familiar with some of the the big breaches, I mean, breaches are a common, daily occurrence, but when when they start happening in brands it's the consumers know who aren't in technology becomes a suddenly, can I trust this particular brand where I normally go and buy household products. So it sounds like the announcements today are really next generation leading you guys to continue to be able to deliver, not just that comfort level that your customers need in terms of we can trust our data, but also helping them improve their brand so that their customers trust their brand. >> Exactly and so, you know, the fabric has expanded in that we've expanded it across multiple now attack vectors so what used to be really focused on the core network, we can now cover email, we can now cover the web, endpoint and also, you can see some of our partners around here, we've also expanded our fabric-ready so the fabric here has several APIs, multiple APIs that allow different partners to connect into it. And so, we haven't announced it totally yet but we've got six new partners, some big companies like Cisco and HBE, actually joining our fabric-ready program to be part of the fabric. So we can cover the entire infrastructure of any company. >> Fantastic, so speaking, we'll get to that in a minute but one of the topics that's also come out today, as we've seen the evolution of security from perimeter based security in the 90s to you know, web security, cloud security. Moving towards 2020 and the fact that it's 2017, a little scary, we're pretty close to that and we're seeing this explosion and proliferation of mobile devices, of IOT devices, lot of lack of security there. As we get to that point, one of the other themes that we're hearing a lot about here today is that there is a gap in terms of of resources. What is Fortinet doing to help bridge that gap, that your customers are facing? Where it comes to, specifically, network security programs? >> So one of the programs we launched again, a couple of years ago was the Network Security Expert program, NSE, in 2016, we had over 30,000 certificates issued on NSE. It's probably one of the largest security programs, 'cause one of the big issues for customers and our partners is just the skills gap, cybersecurity. We also, actually, use a lot of those materials and assets and give them to Universities who are starting to do their programs as well. That's really essential for our partners to be trained at the lowest level in terms of the basics, but also, we've had about 40 people take part in our Network Security Eight architecture program. You can see them, these are the pins, actually, we have, which are NSE one to seven, but the NSE eight are the red ones and there's about 40 now of what we call security solution architects, who can go into companies and look at their complete infrastructure and give them an update in terms of security. >> Excellent, so want to touch on the channel, for a moment. Ken talked about the security fabric architecture, you mentioned that it was launched last year. What has been the reaction of the channel? >> Oh, it's been absolutely great. It's about mid-year last year's when we announced that. Embraced by the channel, in fact, CRN named it the security product of the year, for 2016. >> Lisa: Oh, fantastic, congratulations. >> Very proud of that. And that's actually the feedback of the channel partners. It resonates. It's creating new opportunities for our partners. Combine that with the training that John just talked about, I mean, they're armed to really just go out there and help solve all those end user programs, problems. >> Thank you, and sorry for interrupting. What are some of the main pain points that you're hearing through the channel, that customers are experiencing as we start to see big attacks have become more and more prevalent, the Dyn attack recently, DdOS being common types of attacks. As more and more things, like critical infrastructures are becoming plugged into corporate networks, and more mobile and more IOT, what are some of the pain points that your customers are experiencing, and how are they, looking to resolve and mitigate some of the challenges that they have leveraging the security fabric architecture? >> Sure, well attacks are going to happen, right. We know they're going to happen. It's how fast can you react to those attacks. And the fabric actually enarms our partners to just have intelligence on what is actionable and what's not actionable. So we're tryin' to automate that. Some of the future stuff that we're going to be doing later in the year is going to even enable them more. But it's all about simplifying it for our partners to react to what needs to be reacted to. >> Are you seeing, from an industry perspective, we were talking with Derek Menke, excuse me, about healthcare really being at the top of the at risk from an industry perspective. But in the general session today, there was a CSO panel and there was Verizon was there, Levi's was there, as well as Lazard. We saw Telefonica throughout the event today, the Steelers. Are you seeing through the channel, and maybe this is a question for both of you, are you seeing particular industries at more risk coming to you through your customers' needs or is it fairly agnostic from a security perspective? >> Yeah, I think on the channel side, obviously, everyone's at risk, right. So I think it's the value of those of the incidences is really more highlighted. So when Derek talks about healthcare, for example, dealing with people's lives is important along with you health records. So that's much more valuable than say, at the Steelers, not being able to get on the guest wifi. So I think everyone's at risk. All of our channel partners have different verticals that they go after, and it's all the same, it really is. >> Yeah, I would say the risk is pretty broad across every vertical, I mean, yes healthcare, the healthcare records are extremely valuable, but also the financial industry. You've also got industrial controls systems, for example. You've also got retail and so, I think every vertical, every industry is taking security very, very seriously. And back to your previous question about how is the fabric helping partners, I think, previously, they had to kind of stitch together a lot of point solutions themselves. I think with the fabric, it gives them an architecture or a framework. It could be mostly Fortinet gear. It could be Fortinet plus some of their other partners. It helps them put that in place across the entire infrastructure. >> You bring up a good point, John, that that was brought up a number of times today and that is the role of the CSO now being, you know, kind of think, is that guy or girl at the lead of the digital army? But that person is inheriting, we were seeing a couple of different reports, North of 25 different security technology, really kind of a patchwork environment. In that kind of situation, where now security is a board level conversation, how is Fortinet direct, and through the channel, helping that CSO? Is that a key buyer for you that you're helping to figure out, I've got this patchwork here, how do I build it into a fabric or a fabric around it? >> What we've seen, what I've experienced in the last 10 plus years in security is, I'd often go into a room and there'll be the network security people on one side of the table, and the security people on the other side of the table with the CSO and the CIO and I think, that gradually over the last three years, I've seen more cooperation. So now, when we have briefings with customers and partners, you'll see both teams together. You'll see a new role inside customers called the Security Architect, that's looking holistically longer term over the security architecture. And one of our announcements today around the security operations center is to do, just do that, bring together the SOC and the infosec world, together with the network security world. We did a demo today on stage showing that bringing together our Forti SIM, our Forti analyzer with our fabric to bring those two worlds together, because as Joe says, you know, there's a report done by Verizon on the breach report that says, within 60 seconds, you can be compromised. You've got basically 60 seconds to stop that threat and so speed is very important. So giving our partners this ability to bring together a fabric, with Fortinet gear, with our partners' gear, that provides very fast protection is very important. >> Excellent, one of the things, too, that I found interesting today was learning about what FortiGuard Labs is doing. I read over the weekend what Derek Menke's team published, the 2017 predictions. Really quite frightening. And he was on the show earlier and saying, that they're already seeing a number of these things already in play. How much more intelligent malware is getting, and the pervasiveness of the threats there. How are some of the new technologies announced today, maybe enhancing or what FortiLabs is doing from a threat intelligence perspective, is that something that was part of? >> Yeah, that's a really important area. I think the vendor community needs to do better in sharing the threat intelligence. I think, today, it's in pockets, but I think long term, it's absolutely essential that threat intelligence get shared across the whole community because, with some of the new threats coming, the machine to machine threats, the scale and the speed's going to be even more. You saw the Dyn attack last year on Ddos. That's going to be small compared to some things coming up. So I think, longer term, the fabric across the infrastructure, and then the security vendors getting together and sharing that threat intelligence so you've got a bigger view of the attack surface is absolutely essential to stop the new type of threats. >> Exactly, and as that attack surface is growing by the day. So last question, before we wrap up here, give you guys both a chance to answer. At the beginning of your fiscal year, here we are in January, what are you most excited about for the channel in 2017, for example? >> Sure, opportunity, right. For our channel partners, we've got probably one of the strongest channel partners just the overall. We're aligning, realigning with our field teams, so just the resources that all of these partners have. I think the opportunity's great, the market's great, like you said, you open up anything now, and you see, okay, it's been infiltrated, it's been hacked. So I think we're all going to have a really good 2017. >> Fantastic, John, what about you? What are you most excited for? >> I was most excited about this interview, actually, that's what I was looking forward to. >> Wow, fantastic, we'll close there. (laughter). >> No, I think it's obviously, rolling out more of our technology, integrating more of our partners, training more of our partners and helping them with their customers. >> Fantastic, well the buzz and the momentum here and also, the passion for both yourselves and your roles and your peers and your colleagues is really palpable. So I want to thank you both for joining us on the Cube today. >> Thank you. >> And we wish you the best of luck at the rest of the event. >> Thanks Lisa. >> Alright, for John and Joe, I'm Lisa Martin. You've been watching the Cube, but stick around, we'll be right back.