(upbeat music) >> Hello everyone, welcome to this special Cube conversation. I'm John Furrier, host of theCube. We're here in Palo Alto. We've got some remote guests. Going to break down the Fortinet vulnerability, which was confirmed last week as a critical vulnerability that exposed a zero-day flaw for some of their key products, obviously, FortiOS and FortiProxy for remote attacks. So we're going to break this down. It's a real time vulnerability that happened is discovered in the industry. Horizon3.ai is one of the companies that was key in identifying this. And they have a product that helps companies detect and remediate and a bunch of other cool things you've heard on the cube here. We've got James Horseman, an exploit developer. Love the title. Got to got to say, I'm not going to lie. I like that one. And Zach Hanley, who's the chief attack engineer at Horizon3.ai. Gentlemen, first, thank you for joining the Cube conversation. >> Thank you. It's good to be here. >> Yeah, thank you so much for having us. >> So before we get into the whole Fortinet, this vulnerability that was exposed and how you guys are playing into this I just got to say I love the titles. Exploit developer, Chief Attack Engineers, you don't see that every day. Explain the titles Zach, let's start with you. Chief Attack Engineer, what do you do? >> Yeah, sure. So the gist of it is, is that there is a lot to do and the cybersecurity world. And we made up a new engineering title called Attack Engineer because there's so many different things an attacker will actually do over the course of attack. So we just named them an engineer. And I lead that team that helps develop the offensive capabilities for our product. >> Got it. James, you're the Exploit Developer, exploiting. What are you exploiting? What's going on there? >> So what I'll do in a day to day is we'll take N-days, which are vulnerabilities that have been disclosed to a vendor, but not yet publicly patched necessarily or a pocket exists for them. And I'll try to reverse engineer and find them, so we can integrate them into our product and our customers can use them to make sure that they're actually secure. And then if there's no interesting N-days to go after, we'll sometimes search for zero-days, which are vulnerabilities in products that the vendor doesn't yet know about. >> Yeah, and those are most critical. Those things can being really exploited and cause a lot of damage. Well James, thanks for coming on. We're here to talk about the vulnerability that happened with Fortinet and their products zero-day vulnerability. But first with the folks, for context, Horizon3.ai is a new startup rapidly growing. They've been on theCube. The CEOs, Snehal and team have described their product as an autonomous pen testing. But as part of that, they also have more of a different approach to testing environment. So they're constantly putting companies under pressure. Let's get into it. Let's get into this hack. So you guys are kind of like, I call it the early warning detection system. You're seeing things early because your product's constantly testing infrastructure. Okay? Over time, all the time always on. How did this come come about? How did you guys see this? What happened? Take us through. >> Yeah, sure. I'll start off. So on Friday, we saw on Twitter, which is actually a really good source of threat intelligence these days, We saw a person released details that 40 minutes sent advanced warning email that a critical vulnerability had been discovered and that an emergency patch was released. And the details that we saw, we saw that was an authentication bypass and we saw that it affected the 40 OS, 40 proxy and the 40 switch manager. And we knew right off the bat those are some of their most heavily used products. And for us to understand how this vulnerability worked and for us to actually help our clients and other people around the world understand it, we needed to get after it. So after that, James and I got on it, and then James can tell you what we did after we first heard. >> Yeah. Take us through play by play. >> Sure. So we saw it was a 9.8 CVSS, which means it's easy to exploit and low complexity and also kind of gives you the keys that take them. So we like to see those because they're easy to find, easy to go after. They're big wins. So as soon as we saw this come out we downloaded some firmware for 40 OS. And the first few hours were really about unpacking the firmware, seeing if we could even to get it run. We got it running a a VMware VMDK file. And then we started to unpack the firmware to see what we could find inside. And that was probably at least half of the time. There seemed to be maybe a little bit of obfuscation in the firmware. We were able to analyze the VDMK files and get them mounted and we saw that they were, their operating system was compressed. And when we went to decompress them we were getting some strange decompression errors, corruption errors. And we were kind of scratching our heads a little bit, like you know, "What's going on here?" "These look like they're legitimately compressed files." And after a while we noticed they had what seemed to be a different decompression tool than what we had on our systems also in that VMDK. And so we were able to get that running and decompress the firmware. And from there we were off to the races to dive deeper into the differences between the vulnerable firmware and the patch firmware. >> So the compressed files were hidden. They basically hid the compressed files. >> Yeah, we're not so sure if they were intentionally obfuscated or maybe it was just a really old version of that compression algorithm. It was the XZ compression tool. >> Got it. So what happens next? So take us through. So you discovered, you guys tested. What do you guys do next? How did this thing... I mean, I saw the news it hit heavily. You know, they updated, everyone updated their catalog for patching. So this kind of hangs out there. There's a time lag out there. What's the state of the security at that time? Say Friday, it breaks over the weekend, potentially a lot of attacks might have happened. >> Yeah, so they chose to release this emergency pre-warning on Friday, which is a terrible day because most people are probably already swamped with work or checking out for the weekend. And by Sunday, James and I had actually figured out the vulnerability. Well, to make the timeline a little shorter. But generally what we do between when we discover or hear news of the CV and when we actually pocket is there's a lot of what we call patch diffing. And that's when we take the patched version and the unpatched version and we run it through a tool that kind of shows us the differences. And those differences are really key insight into, "Hey, what was actually going on?" "How did this vulnerability happen?" So between Friday and Sunday, we were kind of scratching our heads and had some inspiration Sunday night and we actually figured it out. So Sunday night, we released news on Twitter that we had replicated the exploit. And the next day, Monday morning, finally, Fortinet actually released their PSIRT notice, where they actually announced to the world publicly that there was a vulnerability and here are the mitigation steps that you can take to mitigate the vulnerability if you cannot patch. And they also release some indicators of compromise but their indicators of compromise were very limited. And what we saw was a lot of people on social media, hey asking like, "These indicators of compromise aren't sufficient." "We can't tell if we've been compromised." "Can you please give us more information?" So because we already had the exploit, what we did was we exploited our test Fortinet devices in our lab and we collected our own indicators of compromise and we wrote those up and then released them on Tuesday, so that people would have a better indication to judge their environments if they've been already exploited in the wild by this issue. Which they also announced in their PSIRT that it was a zero-day being exploited in the wild It wasn't a security researcher that originally found the issue. >> So unpack the difference for the folks that don't know the difference between a zero-day versus a research note. >> Yeah, so a zero-day is essentially a vulnerability that is exploited and taken advantage of before it's made public. An N-day, where a security researcher may find something and report it, that and then once they announce the CVE, that's considered an N-day. So once it's known, it's an N-day and once if it's exploited before that, it's a zero-day. >> Yeah. And the difference is zero-day people can get in there and get into it. You guys saw it Friday on Twitter you move into action Fortinet goes public on Monday. The lag between those days is critical time. What was going on? Why are you guys doing this? Is this part of the autonomous pen testing product? Is this part of what you guys do? Why Horizon3.ai? Is this part of your business model? Or was this was one of those things where you guys just jumped on it? Take us through Friday to Monday. >> James, you want to take this one? >> Sure. So we want to hop on it because we want to be able to be the first to have a tool that we can use to exploit our customer system in a safe manner to prove that they're vulnerable, so then they can go and fix it. So the earlier that we have these tools to exploit the quicker our customers can patch and verify that they are no longer vulnerable. So that's the drive for us to go after these breaking exploits. So like I said, Friday we were able to get the firmware, get it decompressed. We actually got a test system up and running, familiarized ourself with the system a little bit. And we just started going through the patch. And one of the first things we noticed was in their API server, they had a a dip where they started including some extra HTTP headers when they proxied a connection to one of their backend servers. And there were, I believe, three headers. There was a HTTP forwarded header, a Vdom header, and a Cert header. And so we took those strings and we put them into our de-compiled version of the firmware to kind of start to pinpoint an area for us to look because this firmware is gigantic. There's tons of files to look at. And so having that patch is really critical to being able to quickly reverse engineer what they did to find the original exploit. So after we put those strings into our firmware, we found some interesting parts centered around authorization and authentication for these devices. And what we found was when you set a specific forwarded header, the system, for lack of better term, thought that you were on the inside. So a lot of these systems they'll have kind of, two methods of entry. One is through the front door, where if you come in you have to provide some credentials. They don't really trust you. You have to provide a cookie or some kind of session ID in order to be allowed to make requests. And the other side is kind of through the back door, where it looks like you are part of the system itself. So if you want to ask for a particular resource, if you look like you're part of the system they're not going to scrutinize you too much. They'll just let you do whatever you want to do. So really the nature of this exploit was we were able to manipulate some of those HTP headers to trick the system into thinking that we were coming in through the back door when we really coming in through the front. >> So take me through that that impact. That means remote execution. I can come in remotely and anonymous and act like I'm on the inside system. >> Yeah. >> And that's the case of the kingdom as you said earlier, right? >> Yeah. So the crux of the vulnerability is it allows you to make any kind of request you want to this system as if you were an administrator. So it lets you control the interfaces, set them up or down, lets you create packet captures, lets you add and remove users. And what we tried to do, which surprisingly the exploit didn't let us do was to create a new admin user. So there was some kind of extra code in there to stop somebody that did get that extra access to create an admin user. And so that kind of bummed us out. And so after we discovered the exploit we were kind of poking around to see what we could do with it, couldn't create an admin user. We were like, "Oh no, what are we going to do?" And eventually we came up with the idea to modify the existing administrator user. And that the exploit did allow us to do. So our initial POC, took some SSH keys adding them to an existing administrative user and then we were able to SSH in through the system. >> Awesome. Great, description. All right, so Zach, let's get to you for a second. So how does this happen? What does this... How did we get here? What was the motivation? If you're the chief attacker and you want to make this exploit happen, take me through what the other guy's thinking and what he did or she. >> Sure. So you mean from like the attacker's perspective, why are they doing this? >> Yeah. How'd this exploit happen? >> Yeah. >> And what was it motivated by? Was it a mistake? Was it intentional? >> Yeah, ultimately, like, I don't think any vendor purposefully creates vulnerabilities, but as you create a system and it builds and builds, it gets more complex and naturally logic bugs happen. And this was a logic bug. So there's no blame Fortinet for like, having this vulnerability and like, saying it's like, a back door. It just happens. You saw throughout this last year, F5 had a very similar vulnerability, VMware had a very similar vulnerability, all introducing authentication bypasses. So from the attacker's mindset, why they're actually going after this is a lot of these devices that Fortinet has, are on the edge of corporate networks and ransomware and whatever else. If you're a an APT, you want to get into organizations. You want to get from the outside to the inside. So these edge devices are super important and they're going to get a lot of eyes from attackers trying to figure out different ways to get into the system. And as you saw, this was in the wild exploited and that's how Fortinet became aware of it. So obviously there are some attackers out there doing this right now. >> Well, this highlights your guys' business model. I love what you guys do. I think it's a unique and needed approach. You take on the role of, I guess white hacker as... white hat hacker as a service. I don't know what to call it. You guys are constantly penetrating, testing, creating value for the customers to avoid in this case a product that's popular that just had the situation and needed to be resolved. And the hard part is how do you do it, right? So again, there's all these things are going on. This is the future of security where you need to have these, I won't say simulations, but constant kind of testing at scale. >> Yeah. >> I mean, you got the edge, it takes one little entry point to get into the network. It could be anywhere. >> Yeah, it definitely security, it has to be continuous these days. Because if you're only doing a pen test once a year or twice a year you have a year to six months of risk just building and building. And there's countless vulnerabilities and countless misconfigurations that can be introduced into a your network as the time goes on. >> Well, autonomous pen testing- >> Just because you're- >> ... is great. That's awesome stuff. I think it just frees up the talent in the organization to do other things and again, get on the real important stuff. >> Just because your network was secure yesterday doesn't mean it's going to be secure today. So in addition to your defense in depth and making sure that you have all the right configurations, you want to be continuously testing the security of your network to make sure that no new vulnerabilities have been introduced. >> And with the cloud native modern application environment we have now, hardware's got to keep up. More logic potential vulnerability could emerge. You just never know when that one N-vulnerability is going to be there. And so constantly looking out for is a really big deal. >> Definitely. Yeah, the switch to cloud and moving into hybrid cloud has introduced a lot more complexity in environments. And it's definitely another hole attackers going and after. >> All right. Well I got you guys here. I really appreciate the commentary on this vulnerability and this exploit opportunity that Fortinet had to move fast and you guys helped them and the customers. In general, as you guys see the security business now and the practitioners out there, there's a lot of pain points. What are the most powerful acute pain points that the security ops guys (laughing) are dealing with right now? Is it just the constant barrage of attacks? What's the real pain right now? >> I think it really matters on the organization. I think if you're looking at it from a in the news level, where you're constantly seeing all these security products being offered. The reality is, is that the majority of companies in the US actually don't have a security staff. They maybe have an IT guy, just one and he's not a security guy. So he's having to manage helping his company have the resources he needs, but also then he's overwhelmed with all the security things that are happening in the world. So I think really time and resources are the pain points right now. >> Awesome. James, any comment? >> Yeah, just to add to what Zach said, these IT guys they're put under pressure. These Fortinet devices, they could be used in a company that just recently transitioned to a lot of work from home because of COVID and whatnot. And they put these devices online and now they're under pressure to keep them up to date, keep them configured and keep them patched. But anytime you make a change to a system, there's a risk that it goes down. And if the employees can't VPN or log in from home anymore, then they can't work. The company can't make money. So it's really a balancing act for that IT guy to make sure that his environment is up to date, while also making sure it's not taken down for any reason. So it's a challenging position to be in and prioritizing what you need to fix and when is definitely a difficult problem. >> Well, this is a great example, this news article and this. Fortinet news highlights the Horizon3.ai advantage and what you guys do. I think this is going to be the table stakes for security in the industry as people have to build their own, I call it the militia. You got to have your own testing. (laughing) You got to have your own way to help protect yourself. And one of them is to know what's going on all the time every day, today and tomorrow. So congratulations and thanks for sharing the exploit here on this zero-day flaw that was exposed. Thanks for for coming on. >> Yeah, thanks for having us. >> Thank you. >> Okay. This is theCube here in Palo Alto, California. I'm John Furrier. You're watching security update, security news, breaking down the exploit, the zero-day flaw that was exploited at least one attack that was documented. Fortinet devices now identified and patched. This is theCube. Thanks for watching. (upbeat music)

(ethereal music) >> Welcome to the special Cube Conversation. I'm John Furrier, your host of "The Cube" here in Palo Alto, California. We've got two great remote guests here having a conversation around security, security convergence with platforms around networking and security with cybersecurity at an all time high, the need for understanding how to manage the breaches how to understand them, prevent them, everything in between cybersecurity and data are the number one conversation happening in the world today. We got two great guests, we've got Nirav Shah, VP of products at Fortinet and Peter Newton's senior director of products at Fortinet. The product leaders in the hottest cybersecurity company. And guys, thanks for coming on this Cube Conversation. >> Thanks for having us. >> Thank you, John. >> So last month or so I talked to John Madison about the Fortinet new release, FortiOS 7.0, as well as highlighting the convergence that's going on between the platforms around companies trying to consolidate and or manage or grow and build, converting networking and security together. Seeing that happening in real time, still doesn't change the underpinnings of how the internet works, and how these companies are structured. But the need for security is at an all time high. Talk about the impact to the customer. Do you guys have the keys to the kingdom here, product group? What is the killer product? What are customers doing? Give us the overview of why there's such a big need for the security platforms right now. >> Yeah, absolutely John. So if you see today's environment, we have seen working from anywhere it's become normal. And as part of that, we have seen so many different network edges. At the same time, they have different devices that they're using from anywhere. So what's important is as users have different devices, different users and applications that they're consuming from Cloud, we have to make sure that we provide security across the endpoint, across all network edges, and going to the Cloud compute. And for that kind of approach, you cannot have point products provide the visibility control and management. You need to have a comprehensive cybersecurity platform, which gives you security from that endpoint, to the edge, to the user, so that you have a simple but effective management and have a solid security in place to get that working from anywhere in a much more better user experience way. And that's exactly Fortinet describes as the security fabric platform. >> It's interesting not to kind of go on a tangent here, but to illustrate the point is, if you look at all the cyber security challenges that we're facing globally, especially here in the United States, the public private partnerships are increasing. We're seeing more public sector, commercial integration, the role of data. We've covered this on SiliconANGLE and many other cube interviews, especially with you guys. And there's all this kind of new approaches. Everyone's trying everything. They're buying every product that's out there, but now there's like overload. There's too much product. And that the obvious thing that's becoming clear, as cloud-scale, the evolution of this new edge environment. And so with that becomes the importance two trends that you guys are participating in. I want to get your thoughts on this because that's called SASE and SD-WAN. We know SD-WAN, but SASE stands for Secure Access Service Edge. That's I think Gartner made that term up or someone made that term up, but that's a new technology. And you've got SD-WAN, these are traditionally had been like edge for like branch offices. Now evolve now as pure network edges than a distributed computing environment. What's so important about these two topics. Nirav take us through the changes that are happening and why it's important for enterprises to get a handle on this >> Yeah John. So, as you said, SASE, Secured Access Services Edge. Really the foundation of that topic is the convergence of networking and security. And as you mentioned, Fortinet has been doing a lot of innovation in this area, right? Six years back, we pioneered the convergence of security and networking with security SD-WAN but what's happening now with the SASE is, as that working from anywhere continues to remain the dominant trend, users are looking for a Cloud-Delivered Security. And that's what Fortinet recently announced, where we can provide the most comprehensive Cloud-Delivered Security for remote users. For thin edge. You can still, anytime access from any device. To give you an example, now, our remote users, they are still at home or they can be branch of one user, but still have that always on threat protection with the consistent security given in the Cloud. So they don't have to go anymore from the branch or data center, but have a direct connectivity to the Cloud Security before they access SaaS application. That's what one of the SASE trend is. Second thing, John we are observing is users are now, as they are going back to the hybrid workforce, they are looking for a thin edge right? To your point of an edge, edge is still intelligent and a very important but there is an interesting architectural shift of, can I just use an intelligent networking there move my CapEx to OPEX and have security in Cloud? That unified security, unified policy is again becoming important. That's what SASE-- >> Okay, so I like this Cloud-Delivered Security. This is a hybrid workforce you're addressing with this marketplace, that's clear. Hybrid is a everywhere, hybrid cloud, hybrid workforce, hybrid events are coming. I mean, we love covering events physically but also now virtual. Everything's impacted by the word hybrid and Cloud. But talk about this thin edge. What do you mean by that? I mean I think thin edge, I think thin clients, the old trend. What is thin edge mean? >> Yeah, so there're different organizations are looking at the architecture in a different way. Some organizations are thinking about having a very simple branch where it is used for modern networking technologies, while security has been shifted to the Cloud deliver. What happens with this model is, now they are relying more into technologies like SD-WAN on edge to provide that intelligence steering, while everything in the security is being done in a Cloud compute way for both remote users and thin edge environment. Now the good news here is, they don't have to worry about the security patching, or any of those security capabilities. It is all done by Fortinet as they go and use the SaaS applications performance >> I want to come back and drill down on that but I want to get Peter in here in the Zero Trust equation because one of the things that comes up all the time with this edge discussion is network access. I mean, you go back to the old days of computing, you had edge log in, you'd come in, radius servers, all these things were happening, pretty simple cut paradigm. It's gotten so complicated now, Peter. So Zero Trust is a hot area. It's not only one of the things but it's a super important, what is Zero Trust these days? >> Zero Trust is indeed a very hot term because I think part of it is just it sounds great from a security standpoint, Zero Trust, you don't trust anyone, but it really comes down to a philosophical approach of how do you address the user's data applications that you want to protect? And the idea of Zero Trust and really what's driving it is the fact that as we've been talking, people are working remotely. The perimeter of the organization has dissolved. And so you no longer can afford to have a trusted internal zone and an untrusted external zone. Everything has to be "Zero Trust." So this means that you need to be authenticating and verifying users and devices on a repeat and regular basis, and you want to when you're bringing them on and giving them access to assets and applications, you want to do that with as granular of control as possible. So the users and devices have access to what they need, but no more. And that's kind of the basic tenets of Zero Trust. And that's what, it's really about prioritizing the applications and data, as opposed to just looking at, am I bringing someone into my network. >> God, the concept of Zero Trust, obviously hot. What's the difference between Zero Trust Access and Zero Trust Network Access, or as people say ZTA versus ZTNA? I mean, is there a nuance there? I mean, what's the difference between the two? >> That's actually a really good question because they both have the Zero Trust in the name. ZTNA is actually a specific term that a Gardner created or other analyst I should say, created 10 years ago. And this refers specifically to controlling application to controlling access to applications. whereas Zero Trust, overall Zero Trust access deals with both users and devices coming on to networks, how are you connecting them on? What kind of access are you giving them on the network? ZTNA is specifically how are you bringing users and connecting them to applications? Whether those applications are on premise or in the Cloud. >> So what the NA is more like the traditional old VPN model connecting users from home or whatever. Just connecting across the network with user to app. Is that right? >> That's actually a really good insight, but ironically the VPN clinical benefits of this are actually an outgrowth of the ZTNA model because ZTA doesn't differentiate between when you're on network or off network. It creates a secure tunnel automatically no matter where the user is, but VPN is all just about creating a secure tunnel when you're remote. ZTNA just does that automatically. So it's a lot easier, a lot simpler. You get a hundred percent compliance and then you also have that same secure tunnel even when you're "on a safe network" because with Zero Trust, you don't trust anything. So yes it really is leading to the evolution of VPN connectivity. >> So Nirav I want to get back to you on tie that circle back to what we were talking about around hybrid. So everyone says everything's moving to the Cloud. That's what people think. And Cloud ops is essentially what hybrid is. So connect the dots here between the zero trust, zero trust A and NA with the move to the hybrid cloud model. How does that, how does it, what's the difference between the two? Where's the connection? What's the relevance for your customers and the marketplace? >> Yeah, I think that again goes back to that SASE framework where ZTNA plays a huge role because John, we talked about when users are working from anywhere in this hybrid workforce, one of the important thing is to not give them this implicit trust right? To the applications, enabling the explicit trust is very important. And that is what ZTNA does. And the interesting thing about Fortinet is we provide all of this part of FortiOS and users can deploy anywhere. So as they are going to the Cloud-Delivered Security, they can enable ZTNA there so that we make sure this user at what time, which application they're accessing and should we give them that access or not. So great way to have ZTNA, SASE, everything in one unified policy and provide that anytime access for any device with a trusting place. >> Okay, real quick question to you is, what's the difference between SASE, Secure Access Service Edge, and SD-WAN? Real quick. >> Yeah, so SD-WAN is one of the core foundation element of SASE, right? So far we talked about the Cloud-Delivered Security, which is all important part of the security of the service. SASE is another element, which is a networking and a service where SD-WAN plays a foundation role. And John that's where I was saying earlier that the intelligent edge modern technology that SD-WAN provides is absolutely necessary for a successful SASE deployment, right? If users who are sitting anywhere, if they can't get the right application steering, before they provide the Cloud-Delivered Security, then they are not going to get the user experience. So having the right SD-WAN foundation in that edge, working in tandem with the Cloud-Delivered Security makes a win-win situation for both networking and security teams. >> So Peter, I want to talk to you. Last night I was on a chat on the Clubhouse app with some cybersecurity folks and they don't talk in terms of "I got ZTNA and I got some SASE and SD-WEN, they're talking mostly about just holistically their environment. So could you just clarify the difference 'cause this can be confusing between Zero Trust Network Access ZTNA versus SASE because it's kind of the same thing, but I know it's nuance, but, is there a difference there? People get confused by this when I hear people talking 'cause like they just throw jargon around and they say, "Oh, with Zero Trust we're good. What does that even mean? >> Yeah, we get a lot of that when talking with customers because the two technologies are so complimentary and similar, they're both dealing with security for remote workers. However sassy is really dealing with that kind of firewall in the Cloud type service, where the remote user gets the experience and protection of being behind a firewall, ZTNA is about controlling the application and giving them that secure tunnel to the application. So they're different things one's kind of that firewall and service, security and service, even networking in a service. But ZTNA is really about, how do I have the policies no matter where our user is, to give them access to specific applications and then give them a secure tunnel to that application? So very complimentary, but again, they are separate things. >> What's the landscape out there with competitive because has there products, I mean you guys are product folks. You'll get the product question. Is it all kind of in one thing, is this bundled in? Do you guys have a unique solution? Some people have it, they don't. What's the marketplace look like from a product standpoint? >> Yeah. So John, that starts back to the platform that we talked about, right? Fortinet always believes in not to develop a point product, but doing organic development which is part of a broader platform. So when we look at the thing like SASE, which required a really enterprise grade networking and security stack, Fortinet has organically developed them SD-WAN, we are a leading vendor, for the Gartner magic quadrant leader there, network firewall, including whether they deployed on Cloud, on-prem or a segmentation. We are a leader there. So when you combine both of them and ZTNA is part of it, there is only handful of vendor you will see in the industry who can provide the consistent security, networking, and security together and have that better user experience for the single management. So clearly there's a lot of buzz John, about a lot of vendors talk about it. But when you go to the details and see this kind of unified policy of networking and security, Fortinet is emerging as a leader. >> Well I always like talking the experts like you guys on this topic. And we get into the conversations around the importance under the hood. SASE, SD-WEN, we've been covering that for a long time. And now with Zero Trust becoming such a prominent architectural feature in Cloud and hybrid, super important under the hood. At the end of the day though, I got to ask the customers question, which is, "what's in it for me? "I care about breaches. "I don't want to be breached. "The government's not helping me over the top. "I got to defend myself. "I have to put resources in place, it's expensive, "and nevermind if I get breached." The criticality of that alone, is a risk management discussion. These are huge table. These are huge stakes and the stakes are high. So what I care about is are you going to stop the breaches? I need the best security in town. What do you say to that? >> Yeah this goes back to the beginning. We talked about consistent certified security, right John. So yes a SASE model is interesting. Customers are going to move to Cloud, but it's going to be a journey. Customers are not going Cloud first day one. They are going to take a hybrid approach where security is required in a segment, in an edge and on the Cloud. And that's where having a solid security in place is a number one requirement. And when you look at the history of Fortinet, over the last 20 years, how we have done, with our FortiGuard Labs, our threat intelligence and ability for us to protect over 450,000 customers, that's a big achievement. And for us to continue to provide that security but more importantly, continue to go out, and do a third-party certification with many organization to make sure no matter where customers are deploying security, it is that same enterprise grade security deployment. And that's very important that we talk to our users to make sure they validate that. >> Peter would weigh in on this. Customers don't want any breaches. How do you help them with the best security? What's your take on that? >> Well, to kind of reiterate what Nirav said earlier, we really believe that security is a team sport. And you do need best in class products at each individual element, but more importantly you need those products we talking together. So the fact that we have industry leading firewalls, the fact that we have industry-leading SD-WAN, we've got industry leading products to cover the entire gamut of the end point all the way email application, Cloud, all these products while it's important that they're, third-party validated as Nirav was mentioning, it's more important that they actually talk together. They're integrated and provide automated actions. Today's cyber security moves so fast. You need that team approach to be able to protect and stop those breaches. >> Well, you guys have a great enterprise grade solution. I got to say, I've been covering you guys for many years now and you guys have been upfront, out front on the data aspect of it with FortiGuards. And I think people are starting to realize now that data is the key, value proposition is not a secret anymore. Used to be kind of known for the people inside the ropes. So congratulations. I do know that there's a lot action happening. I want to give you guys a chance to at the end of this conversation now to just put a plug in Fortinet because there's more people coming into the workforce now. Post pandemic, young people with computer science degrees and other degrees that want to go into career with cybersecurity, could you guys share both your perspective on for the young people watching or people re-skilling, what opportunities there are from a coding standpoint, and or from say an analyst perspective. What are some of the hot openings? 'cause there are thousands and thousands of jobs give a quick plug for Fortinet and what openings you guys might have. >> Well, certainly in the cyber industry, one of the major trends we have is a work place shortage. There are not enough trained professionals who know about cybersecurity. So for those who are interested in retooling or starting their career, cybersecurity is an ongoing field. It's going to be around for a long time. I highly encourage those interested, come take a look at Fortinet. We offer free training. So you can start from knowing nothing to becoming certified up to a security architect level, and all those, all that training is now available for free. So it's a great time to star, great time to come into the industry. The industry needs you >> Any particularly areas, Peter you see that's like really jumping off the page. >> Well, it's hybrid, knowing Cloud, knowing on-prem, knowing the traffic, knowing the data on the applications, there's just so much to do. >> You're the head of product, you've got all, probably a ton of openings but seriously young people trying to figure out where to jump in, what are the hot areas? Where can people dig in and get retrained and or find their career? >> Yeah, no, I think to reiterate what Peter said, right? The program that Fortinet has built, LSE one, two, three which is free available, is a great foundation. Because that actually goes into the detail of many topics we touched upon. Even though we are talking about SD-WAN, SASE, ZTNA, fundamentally these are the networking and security technologies to make sure users are able to do the right work in the user experience. And that will be really helpful to the young people who are looking to learn more and go into this area. So highly encouraged to take those training, reach out to us. We are there to provide any mentorship, anything that is required to help them in that journey. >> Anything jump off the page in terms of areas that you think are super hot, that are in need. >> Certainly there's convergence of networking and security. There is a growing need of how and what is Zero Trust is? and how the security is applied everywhere. Definitely that's a topic of mine for a lot of our customers, and that's an area, it's a good thing to gain more knowledge and utilize it. >> Nirav and Peter, thank you for coming on. You guys are both experts and the leaders at Fortinet, the product team. The need for security platform is an all time high consolidating tools into a platform. More tools are needed and there's new tools coming. So I'm expecting to have more great conversations as the world evolves. Certainly the edge is super important. Thanks for coming on, appreciate it. >> Thanks for having us. >> Okay, Cube Conversation on security here in the Palo Alto studios. I'm John furrier. Thanks for watching. (ethereal music)

(upbeat introductory music) >> Presenter: From theCUBE Studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is theCUBE CONVERSATION. >> Hi everyone, welcome to this special CUBE CONVERSATION I'm John Furrier, Host of theCUBE here in Palo Alto, California in our studios, we have a remote guest here talking about cybersecurity and all the industry trends and the recent news and announcements around Fortinet with John Madison CMO and Executive Vice President of products at Fortinet John, great to see you, welcome back to theCUBE. Great to have you back for some commentary around what's going on in the trends and your recent news. So thanks for coming on. >> Thanks John, nice to see you again. >> So you guys had earnings, congratulations again another successful results, you guys are doing well. Cyber is super important and that's the top conversation, cloud computing, cloud native, we're living in a pandemic. New things are exposed. Clearly the environment has changed in the past four months in a major, major way. So a lot of demand, a lot of needs out there from customers. So you guys had some earnings and you also have an update on your Fortinet OS67.0 platform with major updates. Let's quickly hit the news real quick. What's the hot topic? >> Yeah, well you're right. Things have accelerated in some ways in this cybersecurity world and we had the recent solar winds incident that's also made people look really, really closely at their cyber security strategy and architecture. We announced our results yesterday for Q4. For Q4 we had over 20% product growth which is the key, of course, the future growth. We also, for the full year in 2020 past 3 billion in billings for the first time for the company. And we're really proud of that. We're proud for a lot of reasons with our people and our team, but also another company that goes and makes large acquisitions to boost revenue and billings growth. We've done it predominantly organically over the last 20 years. And so we're very proud of our achievement and obviously a big thank you to our partners, our employees, and our customers. >> We also have been covering you guys for many, many years. Congratulations, well deserved good products win the long game, as we say on theCUBE, and that's a great Testament, but now more than ever I really want to get your thoughts because everyone that I talked to is really kind of sitting back saying, "Wow, look what's happened in the past three, six months in particular, a lot of sea change in both on the technical landscape, the intersection with society obviously with cyber, you mentioned solar winds that's been kind of hanging around. More data's coming out about how pervasive that was and how native it was for many months. So what's out there, we don't even know what's next. So this is causing a lot of people to take pause and reevaluate their environment. Can you share your perspective and how Fortinet sees this playing out and how that you are advising your customers? >> Yeah, well, leaving compliance and regulatory to one side for now because that's also a driver cybersecurity and focus on the two main drivers. One is the threat landscape, and I hinted a bit around that supply chain attack which affects a lot of people in solar winds incident. They got hold or got onto a device that has privileged access across a lot of servers and applications. And that's exactly what they wanted to get to. So state-sponsored ABTs, there's still volume out there. We still see now ransomware doubling every six months but that's very scary. The threat landscape around state sponsored. Now, the other driver of cybersecurity is the infrastructure. And whether that be end point. So as you know people are working from home as I am for the last eight months. So there's a on and off network, end point kind of a zero trust architecture there that people are looking towards. On the network side, we've seen these edges develop. And so whether it be the WAN edge, LANedge, Cloud Edge, data center edge even OT edge, those need protecting. So that's a big challenge for customers. And then also on the cloud side where the applications have moved to cloud, but different types of cloud, multi-cloud I've even seen building cloud recently. So that's a very adaptive area. So challenging for the customer in the terms of the threats and weaponized threats as well as the ability to cover all the different parts of the attack surface going forward. >> It's interesting, we've been living in a generation in the technology business around, you just get a tool for that. Every hammer looks for a nail, that's the expression. Now more than ever when you have this no perimeter environment, which we've been talking about for many years, that's not new. What is new is that everyone's now thinking about architectural systems approach to this and thinking systematically around the platform of what their business is. So in your announcement that you guys just released for OS67.0, there's really some meat on the bone there. You have the secure access, edge SASE and then the endpoint protection which are defined categories by the analyst. But those are the areas that are super hot. Can you translate that into the architectural equation because you and I were talking before we came on camera around how it's not just one thing there's multiple layers to this. Could you break that out for us please? >> Yeah. If you look at historically and I'm now coming up to my 20th year in cybersecurity. Before Fortinet I worked for an end point company. If you go back a while and I can, between 2000, 2010, the Endpoint Vendors were the the big cybersecurity players because Endpoint was where the data was and everything else. And then over the last 10 years the network security vendors, the next gen firewalls have been the most important vendors out there. And it's also reflected in revenues and market cap and everything else. What we're going to see over the next 10 years is the platform. And that platform can't be just an endpoint platform. It can't be just a network security platform or just the cloud platform, because you only, you're only seeing and defending and protecting a part of the overall we call digital experience. Whether it be a device in the factory, whether it be a person dialing in from somewhere or connecting from somewhere through the network and through to the applications you've got to measure that digital experience. And so that's going to be very important to be able to provide a platform that sits across all your devices users, across your whole network including new networks like 5G and across the applications and in the cloud. So the platform to us extends across all those areas. We've been building that platform on what we call our FortiOS operating system. The latest release is 7.0, which released yesterday. It obviously upgrades and extends all parts of the platform but we did major parts of the release yesterday were around SASE, which of course is the CloudEdge. So we're adding that CloudEdge to our component. We did acquire a company Opaque Networks a few months ago that's now we've integrated that technology. And then just as importantly on the access side, a zero trust network access capability for giving access per application. In fact, again, with this, I've talked a bit about in the past about all these Gartner acronyms I don't think zero trust network access is the right wording for it. It should be application access, because that's all we are going to move to. Application specific access versus just getting on the network and getting access to everything. But something that gives you context. So those are the two big things, but there's 300 plus new features across networking end point in cloud across management, inside the resource. It's a major release for us. And it gives us our customers the capability to really protect that attack surface from the end point to the cloud. >> Yeah, there's a lot of meat in there, from that release, I've got to say. but it's basically you're saying devices and users have access. That's been around. There's been tools for that. You hire people, you get some tools. Network access, it's been around. It's getting evolving. Now apps in the cloud, cloud native is a hot area. And people that I talk to, I want to get your reaction to this comment that I hear from people and customers and CXOs and developers. "Hey, we bought a tool for that. We hired a bunch of people. They mainly left, or the environment changed. We bought another tool. And then we bought a tool for that. We bought a tool for that." And then you have this kind of tool shed mentality, where they have tools that don't even have people to run them. So you have this problem there kind of tools need to be upgraded. And then you have this hot trend of observability on the app side, where now you have new data coming in on the application side, those are new tools. You got all kinds of stuff and competing for that. How do you talk to that customer? Because this is what the customer hears all this noise, all this action. They need to have it. They got to have the staff, they got to be trained up. What's going on there? What's your reaction to that? And how do you talk to customers who have this problem? Well, it's a big problem for them. Because, and by the way when I speak to a lot of customers about cloud they don't go to cloud because it's cheaper. It's not, it's actually more expensive. But they go to cloud to give them more agility because they want flexibility in the way they deploy applications as they go forward. And again, this pandemic has made a lot of companies realize they need to be more flexible in the way they deploy IT resources and faster in the way they bring up new services and applications. And so, but there's quite a few elements I say of cybersecurity and networking, which to me and to us are just features. You shouldn't be buying 40 different networking and cybersecurity vendors. You just can't staff and maintain that. And so we do see some things consolidated and converging into a single platform. We're a leader in the magic quadrant for SD WAN or a leader for network security or a visionary in WIFI. And many of the times in each of those magic quadrants, it's a different vendor or if it's the same vendor it's a different platform. For us it's the same platform in each one. And we pride ourselves in building not only best of breed capabilities, but also it's the same platform same management system, same API. And that gives the customer some capabilities in trying to manage that. What we say to customers is not a question of going from 40 vendors down to one That's no good, but go from 40 vendors down to maybe seven or eight platforms but make sure those platforms can inter-operate. They can share policy, and they can share threat intelligence. And that's why customers are looking to more of an architectural approach to cybersecurity but also they feel cybersecurity and networking are starting to converge at the same time. >> One of the biggest stories we're covering these days in 2021 besides the pandemic and how people are going to come out with a growth strategy that's secure, trusted and scalable, is the rise of the new executive in business in the enterprise where they're more tech savvy, right? You see executives like Satya and Intel. Intel, rise with the CEO of Microsoft. Andy Jassy rise up to the CEO of Amazon and you're seeing lawmakers in DC become more techie, less lawyer-oriented. So you seeing the rise of a business techie person. And I think this speaks to this holistic fabric philosophy you guys have as you talk to customers, when they look at the business impact of cybersecurity, for instance you mentioned solar winds earlier. I mean, these are deadly company killing events. This is real. So it's not just an IT problem. It's a business problem. How do you guys talk to customers, obviously that you have the security fabric and you're stitching things together? What's the conversation when you talk to customers like that? >> One interesting thing I've noticed, and I do quite a lot of customer calls each week, executive briefings and pretty early on, I noticed that both the infrastructure networking with the CIO team and the cyber security the CSO teams run on the same video call and that's got more and more as we've gone on. And I think what companies have realized is that if they want to move fast, they can't have these silos or this layering of capabilities. Then when they build something they needed to build it securely from day one and have that as a joint team. And so I don't think the teams are not merged but they're definitely working more closely. And I think the responsibility of reporting back into the board level gain is not just, it's just an IT project. Oh, by the way, we've got a security project. It's the same project. And I think that's again, points to this convergence of networking and security. >> Yeah. The silos got to be broken down. That's been a theme that's been more highlighted more than ever the benefits and the consequences of doing it or not doing it are clear to people especially at all levels of the corporation and tech. That brings up my favorite conversation. I always ask you whenever you're back on theCUBE giving me an update on what's going on with Fortinet I got to ask you how it's going with data, because data again is the consistent theme we always talk about, how we're exposing that data, how we're protecting that data, the role of data as people continue to get more data and figure out how to use machine learning how to use AI, how to democratize it all kinds of things are happening around data. What's the latest in your opinion? >> Yeah, I think there's progress, but I always say there's progress on both sides. The cyber criminals, big AI networks and machine learning just to counter what the cyber security companies are doing. I think right now we're processing hundreds of billions of events on a weekly basis. We've got the largest install base of network security out there over 500,000 customers. And so processing that event, it's going well in that we're able to determine really quickly for specific threat vectors in specific geographies that this battle good. It's about a good file. It's about a good URL. It's a vulnerability that's associated with Stevia. So we're able to kind of do use machine learning and volume against a specific application to get a good result. The key going forward for us, and I think for the whole industry is using the AI to start to discover campaigns in the wild like the solar winds ones, which is going on without anybody knowing. And that takes a lot of compute, takes a lot of threat intelligence and the AI piece needs to understand the relationship between the different elements of threat vectors, the command and controls and everything else to get you that result. I do think a couple of things. One is the cybersecurity industry, and I've said this before on this broadcast is are not walking together as they should. And sharing this threat intelligence across the industry. As soon as they find something, I actually applaud Microsoft on the solar wind side, they got information out really quickly and did well. And so we did the same. I think the industry needs to do more of that more proactively. And then I do think that, again, that I see a lot of companies cybersecurity companies claim a lot of things without any evidence that it works whatsoever. >> The world's got to call them out the consequences of not having, things work as they're advertised and or sharing them, your point about sharing. There should be some recognition for folks that are actually being fast on the sharing side. It's not like... We need our own militia against the bad guys. That's what's kind of going on here. So great stuff. I got to get your thoughts on the edge real quick. I know we talked about it briefly. You broke it down to three categories device users, network, and then apps in the cloud. The hottest topic on our recent CUBE on cloud editorial virtual event we had was the edge. And edge being industrial edge. And also, just the edge of the network with humans and users and devices. How are you seeing the current situation out there? A lot of hype, obviously the reality of that, that we're in a distributed network, the internet and the web and the cloud cloud natives coming. What's Fortinet's thoughts? What's your thoughts on how the edge is evolving and what people should pay attention to when they look at as they're architecturally planning for building out and managing and securing the edge? >> Given this a zero trust conversation on users and devices and given that people are familiar with the cloud and how they're going to use cloud. I think the network is becoming a really important very important area. And some people say, "Oh, don't worry about the network, just go to the cloud." The network is very important in providing that digital experience, but what's happening with the network is it's being stretched. It's being extended into factories. It's opening up on the winning side. You've got people now working from home. You've got that edge that used to be just the data center edge is now CloudEdge and SAS edge. And so you have to pay close attention to those edges. Now what you can't do is say, "Oh, I know we've got all those edges there. Let me overlay some security on each edge," because it's going to be different the way you deploy that in on a wifi device versus a CloudEdge. And so what you need to look towards is convergence of a capability either of the CloudEdge or the WAN edge or the LTE edge, it's got to be converged networking, and security. Otherwise it's too operationally inefficient, too complex to do. And so I think this is a really important subject and area for customers because as I said at the beginning, it provides that digital, we acquired a company called (indistinct) a few months ago, which actually focuses on the digital experience monitoring marketplace. What are users actually going through in terms of availability and quality and performance all the way from their device, all the way back into the application? I think that's very important. And the network edges have to be secured, where you can only do it through a converged solution. >> Yeah, that's a great point Architecturally, you might have a good technology or product look on paper but the complexity is the vulnerability. That's a really, really great point. John always great to have you on. Thanks for coming on, sharing the update. Before we end, I'll give you a quick minute to plug the news you had. Quickly put a plug in for the release you guys just put out around the new FortiOS 7.0 the features. What's the most important point about that release? Share, take a minute to explain. >> Yeah. FortiOS 7.0 is our big release our operating system is big news because it allows us FortiOS to sit at any edge across the network, whether it would be the one edge CloudEdge, data center edge. We've extended it into the CloudEdge with SASE in this release. We're also bringing in zero trust network access capabilities but overall it includes 300 features across the network, Endpoint in cloud. So a very important release for us and our customers and partners. >> John, great to have you on theCUBE again and get the news. You guys doing a great job, congratulations on your earnings but more importantly, congratulations on the product success and how you guys are thinking about it as a platform. That's what customers want. And you guys are continuing to do a great job there and congratulations from the news. Thanks for coming on. >> Thanks Jim. >> Again, John Furrier here inside theCUBE for CUBE Conversation getting the update on Fortinet and cybersecurity. Look for our cybersecurity coverage on SiliconANGLE.com. And of course, theCUBE's coverage continuing to talk to the thought leaders and the people making things happen, securing our networks and our cloud and deploying cloud native applications. Thanks for watching. (upbeat music)

>>Live from Las Vegas. It's theCUBE. Covering Fortinet Accelerate 18. Brought to you by Fortinet. >> Welcome to Fortinet Accelerate 2018. I'm Lisa Martin with theCUBE and we're excited to be here doing our second year of coverage of this longstanding event. My cohost for the day is Peter Burris; excited to be co-hosting with Peter again, and we're very excited to be joined by the CEO, Founder, and Chief Chairman of Fortinet, Ken Xie, Ken welcome back to theCUBE. >> Thank you, Lisa, thank you, Peter. Happy to be here. >> It's great to be here for us as well, and the title of your Keynote was Leading the Change in Security Transformation, but something as a marketer I geeked out on before that, was the tagline of the event, Strength in Numbers. You shared some fantastic numbers that I'm sure you're quite proud of. In 2017, $1.8 in billing, huge growth in customer acquisitions 17.8 thousand new customers acquired in 2017 alone, and you also shared that Forinet protects around 90% of the Global S&P 100. Great brands and logos you shared Apple, Coca Cola, Oracle. Tell us a little bit more and kind of as an extension of your Keynote, this strength in numbers that you must be very proud of. >> Yeah, I'm an engineer background, always liked the number, and not only we become much bigger company, we actually has 25 to 30% global employment in a network security space. That give a huge customer base and last year sales grow 19% and we keeping leading the space with a new product we just announced today. The FortiGate 6000 and also the FortiOS 6.0. So all this changing the landscape and like I said last year we believe the space is in a transition now, they've got a new generation infrastructure security, so we want to lead again. We started the company 18 years ago to get into we called a UTM network firewall space. We feel infrastructure security is very important now. And that we want to lead in the transition and lead in the change. >> So growth was a big theme or is a big theme. Some of the things that we're also interesting is another theme of really this evolution, this landscape I think you and Peter will probably get into more the technology, but give our viewers a little bit of an extension of what you shared in your keynote about the evolution. These three generations of internet and network security. >> Yeah, when I first start my network security career the first company I was study at Stanford University, I was in the 20s. It was very exciting is that a space keeping changing and grow very fast, that makes me keeping have to learning everyday and that I like. And then we start a company call Net Screen when it was early 30s, that's my second company. We call the first generation network security which secured a connection into the trust company environment and the Net Screens a leader, later being sold for $4 billion. Then starting in 2000, we see the space changing. Basically you only secure the connection, no longer enough. Just like a today you only validate yourself go to travel with a ticket no longer enough, they need to see what you carry, what's the what's the luggage has, right. So that's where we call them in application and content security they call the UTM firewall, that's how Fortinet started. That's the second generation starting replacing the first generation. But compared to 18 years ago, since change it again and nowadays the data no longer stay inside company, they go to the mobile device, they go to the cloud, they call auditive application go to the IoT is everywhere. So that's where the security also need to be changed and follow the important data secure the whole infrastructure. That's why keeping talking from last year this year is really the infrastructure security that secure fabric the starting get very important and we want to lead in this space again like we did 18 years ago starting Fortinet. >> Ken, I'd like to tie that, what you just talked about, back to this notion of strength in numbers. Clearly the bad guys that would do a company harm are many and varied and sometimes they actually work together. There's danger in numbers Fortinet is trying to pull together utilizing advanced technologies, new ways of using data and AI and pattern recognition and a lot of other things to counter effect that. What does that say about the nature of the relationships that Fortinet is going to have to have with its customers going forward? How is that evolving, the idea of a deeper sharing? What do you think? >> Actually, the good guy also started working together now. We formed the they call it the Cyber Threat Alliance, the CTA, and Fortinet is one of the founding company with the five other company including Palo Alto Network, Check Point and McAfee and also feel a Cisco, there's a few other company all working together now. We also have, we call, the Fabric-Ready Program which has 42 big partners including like IBM, Microsoft, Amazon, Google, all this bigger company because to defend the latest newest Fabric threat you have to be working together and that also protect the whole infrastructure. You also need a few company working together and it's a because on average every big enterprise they deploy 20 to 30 different products from different company. Management cost is number one, the highest cost in the big enterprise security space because you have to learn so many different products from so many different vendor, most of them competitor and now even working together, now communicate together. So that's where we want to change the landscape. We want to provide how infrastructure security can work better and not only partner together but also share the data, share the information, share the intelligence. >> So fundamentally there is the relationship is changing very dramatically as a way of countering the bad actors by having the good actors work more closely together and that drives a degree of collaboration coordination and a new sense of trust. But you also mentioned that the average enterprise is 20 to 30 fraud based security products. Every time you introduce a new product, you introduce some benefits you introduce some costs, potentially some new threat surfaces. How should enterprises think about what is too many, what is not enough when they start thinking about the partnerships that needed put together to sustain that secure profile? >> In order to have the best protection today you need to secure the whole infrastructure, the whole cyberspace. Network security still the biggest and also grow very fast and then there's the endpoint and there's a like a cloud security, there's a whole different application, email, web and all the other cloud all the other IoT. You really need to make sure all these different piece working together, communicate together and the best way is really, they have to have a single panel of our management service. They can look at them, they can make it integrate together they can automate together, because today's attack can happen within seconds when they get in the company network. It's very difficult for human to react on that. That's where how to integrate, how to automate, this different piece, that is so important. That's where the Fabric approach, the infrastructure approach get very important. Otherwise, you cannot react quick enough, in fact, to defend yourself in a current environment. On the other side for your question, how many vendor do you have, I feel the less the better. At least they have to work together. If they're not working together, will make it even more difficult to defend because each part they not communicate and not react and not automate will make the job very, very difficult and that's where all this working together and the less vendor they can all responsible for all your security it's better. So that's where we see some consolidation in the space. They do still have a lot of new company come up, like you mentioned, there's close to 2,000 separate security company. A lot of them try to address the point solution. I mentioned there's a four different level engineer after engineer work there because I see 90% company they do the detection. There's a certain application you can detect the intrusion and then the next level is where they after you attack what are going to do about it. Is it really the prevention setting kick in automatic pull out the bad actor. After that, then you need to go to the integration because there's so many different products, so many different piece you need to working together, that's the integration. Eventually the performance and cost. Because security on average still cost 100 times more expensive under same traffic and also much slower compared to the routing switch in networking device. That's what the performance cost. Also starting in the highest level, that's also very difficult to handle. >> So, we're just enough to start with the idea of data integration, secure data integration amongst the security platform, so enough to do as little as possible, as few as possible to do that, but enough to cover all the infrastructure. >> Yes, because the data is all a whole different structure. You no longer does have to trust environment. Because even inside the company, there's so many different way you can access to the outside, whether it by your mobile device so there's a multiple way you can connect on the internet and today in the enterprise 90% connection goes to Wi-Fi now it's not goes to a wired network, that's also difficult to manage. So that's where we will hide it together and make it all working together it's very important. >> So, in the spirit of collaboration, collaborating with vendors. When you're talking with enterprises that have this myriad security solutions in place now, how are they helping to guide and really impact Fortinet's technologies to help them succeed. What's that kind of customer collaboration like, I know you meet with a lot of customers, how are they helping to influence the leading security technologies you deliver? >> We always want to listen the customer. They have the highest priority, they gave us the best feedback. Like the presentation they talked about there's a case from Olerica which is where they have a lot of branch office and they want to use in the latest technology and networking technology, SD-WAN. Are working together with security, that's ready the new trend and how to make sure they have all the availability, they have the flexibility software-defined networking there and also make sure to security also there to handle the customer data, that's all very important so that's what we work very closely with customer to response what they need. That's where I'm still very proud to be no longer kind of engineer anymore but will still try to build in an engineer technology company. Listen to the customer react quick because to handle security space, cyber security, internet security, you have to work to quickly react for the change, on internet, on application. So that's where follow the customer and give them the quick best solution it's very very important. >> On the customer side in Anaemia we talked about that was talked a little bit about this morning with GDPR are is around the corner, May 2018. Do you see your work coordinates work with customers in Anaemia as potentially being, kind of, leading-edge to help customers in the Americas and Asia-Pacific be more prepared for different types of compliance regulations? >> We see the GDPR as an additional opportunity, as a additional complement solution compared to all the new product technology would come up. They definitely gave us an additional business rate, additional opportunity, to really help customer protect the data, make the data stay in their own environment and the same time, internet is a very global thing, and how to make sure different country, different region, working together is also very important. I think it's a GDPR is a great opportunity to keeping expanding a security space and make it safer for the consumer for the end-user. >> So Ken as CEO Fortinet or a CEO was tough act, but as CEO you have to be worried about the security of your business and as a security company you're as much attacked, if not more attacked than a lot of other people because getting to your stuff would allow folks to get to a lot of other stuff. How do you regard the Fortinet capabilities inside Fortinet capability as providing you a source of differentiation in the technology industry? >> Yeah we keep security in mind as the highest priority within a company. That's where we develop a lot of product, we also internally use tests first. You can see from endpoint, the network side, the email, to the web, to the Wi-Fi access, to the cloud, to the IoT, it's all developing internally, it tests internally so the infrastructure security actually give you multiple layer protection. No longer just have one single firewall, you pass the fire were all open up. It's really multiple layer, like a rather the ransomware or something they had to pass multiple layer protection in order to really reach the data there. So that's where we see the infrastructure security with all different products and developed together, engineer working together is very important. And we also have were strong engineer and also we call the IT security team lead by Phil Cauld, I think you are being interview him later and he has a great team and a great experience in NSA for about 30 years, secure country. And that's where we leverage the best people, the best technology to provide the best security. Not only the portal side, also our own the internal security in this space. >> So, in the last minute or so that we have here, one of the things that Patrice Perce your global sales leader said during his keynote this morning was that security transformation, this is the year for it. So, in a minute or so, kind of what are some of the things besides fueling security transformation for your customers do you see as priorities and an exciting futures this year for Fortinet, including you talked about IoT, that's a $9 billion opportunity. You mentioned the securing the connected car to a very cool car in there, what are some of the things that are exciting to you as the leader of this company in 2018? >> We host some basic technology, not another company has. Like a built in security for a single chip. I also mentioned like some other bigger company, like a Google started building a TPU for the cloud computing and Nvidia the GPU. So we actually saw this vision 18 years ago when we start a company and the combine the best hardware and best technology with solve for all this service together. So, long term you will see the huge benefit and that's also like translate into today you can see all these technology enable us to really provide a better service to the customer to the partner and we all starting benefit for all this investment right now. >> Well Ken, thank you so much for joining us back on theCUBE. It's our pleasure to be here at the 16th year of the event, our second time here. Thanks for sharing your insight and we're looking forward to a great show. >> Thank you, great questions, it's the best platform to really promoting the technology, promoting the infrastructure security, thank you very much. >> Likewise, we like to hear that. For my co-host Peter Burris, I'm Lisa Martin, we are coming to you from Fortinet Accelerate 2018. Thanks for watching, stick around we have great content coming up.

>> Live from Las Vegas it's theCUBE covering Fortinet Acclerate 18. Brought to you by Fortinet. (upbeat techno music) >> Welcome back to theCUBE's continuing coverage of Fortinet's Accelerate 2018. I'm Lisa Martin joined by my cohost, Peter Burris. And we're excited to be joined by a Fortinet customer, Troy Miller the Director of Technical Resources from Clark County School District. Troy welcome to theCUBE. >> Thank you. >> Lisa: So, you're local. You're in the Vegas area. Tell us a little bit about Clark County, I noticed some impressive numbers of size, and about your role. >> Clark County School District we service about 320,000 students a day, 41,000 employees. It's the entire county which, last I heard, was about the size of Rhode Island. So, basically, that's geographically large as well. My role in the district as Director of Technical Resources. We bring in 80 gigs of internet each day for all those people to consume. And we're responsible for the Edge security. So, we don't get down to the desktop yet but we just make sure they have a successful and reliable internet. >> So, 320,000 students and 41,000 employees. How many devices is that connecting to the network? Or do you have any idea? >> Even ones that were just district-owned might be closer to 420,000 probably, if you count all the labs. And then another everyone brings in their own one or two or three devices with them. Their phone, their iPad, their laptop. So, there's not an exact count but I'm guessing well over 450,000 probably. >> And you've been with Clark Country for awhile and you've been in education for awhile. Talk to us about the technology evolution that you've seen take place. The opportunities that that gives educators and students we well as the opportunities that it provides on the security side that you have to combat. >> Yeah, a long time ago, I've taught for four years from, I think it was '93 to '97, and I got into the department I'm in now. But back then it was one computer that a teacher didn't know how to use and rarely turned on to now they're using, whether it be smart boards, giving out iPads, Chromebooks, and so on. Every kid's connected and it's important. We're now a Google school district. So, Google Classroom using Google sites and so on. And so, it's important. And the evolution of that is just that when you have a reliable internet, and so Fortinet has definitely increased our stature in that. Day to day instruction can take place, not interrupt them. Cause if they lose their internet for two minutes we've deprived these students for all kinds of education. It's important and now everything is reliant upon it. Even our student management system, our ERP. All that stuff is now, some hosted internationally some hosted externally. So, security is a very important part of that. >> And when you think about the role that you play, you have a specific role within the school district. How does the ability to use a Fortinet-like product inside your role impact your ability to collaborate and coordinate with others in the school district to make sure that everything is running seamlessly? >> Yeah, that's important is that for us using the Fortinets that we have, it was important to be able to get better insight. I'm excited about the stuff in the conference this year to really improve upon that. But to be able to properly secure those say VPN connections going out to outside services or to better serve the students in the schools or other business transactions that take place. So, it's important on that. And then we can see if something's starting to break down somewhat where to go. And again, our district's pretty separated. It's siloed a bit. And so, it's important we know which department to go to if we're seeing issues with certain things. >> Now, local government's are notoriously difficult to work with for some technology vendors. How has it been for Clark County working with members of the Fortinet ecosystem. Because security is obviously an increasingly important feature of, well, virtually everything, but including local municipalities. >> Right. And Fortinet's been awesome. We worked with them through our managed service proprietor, Mosaic451. So, when we moved towards Fortinet just a year and a half ago, that made it a very seamless move because they had the expertise that we didn't at the time. We were brand new to the Fortinet platform. They brought in people from all over to help out with that to either install it, to set up the policies and so on. So, yeah, working with municipalities is difficult. Working for one's even more difficult. But Fortinet has made that very easy. >> What was the catalyst for bringing on Fortinet in terms of some of the challenges that you guys have with your firewalls? Was their any sort of one event or type of events that really catalyzed, hey, we're got to transform here? >> Yeah, there was a series of events actually. About a year and a half ago, we were undergoing about daily one hour, two hour DDoS attacks, fragmented UDP attacks. And our previous firewall vendors they couldn't, one they couldn't diagnose it. And two even once they did, it couldn't handle it. We were basically firewalling our firewall with our EdgeRouter. And so, that was when I said something has got to change. And that's when I contacted Mosaic451 and said, I need help. I can't be doing this every day cause the staff, obviously, were upset. And so was I. And so, Fortinet actually back then, our first involvement with Fortinet, they sent out two chassis and said, "Here. Try them out. See if this will stop the attack. We think it will." And we got them going within a few days and sure enough, it did. And so that told me I needed to make a move. It took, obviously, some budget trapeze acts to get that done. But within six months we were then on Fortinet. And again, once we got the equipment back everyone was able to help out and get us set up. We're unique in what we had and moving our policies and so on. So, they've been integral in that. >> So, impact perspective. It sounds like you went from these daily DDoS attacks to zero? >> Troy: Yeah. >> In how short of a time period? >> They stopped on their own beginning of January of that year. But we haven't had one at all since then. Or we've had small ones but the Fortinets handled them without a problem. They barely bumped them, you know. >> So, pretty big impact there that you've been able to make? >> Yeah, we went from-- >> Lisa: Pretty quickly. >> Yeah, yeah it was six months before we finally made the Fortinet decision. And we were fortunate we didn't have to go through an RFP process on that. Because that would have taken forever, and I didn't want to do that. And so, I already said we did our RFP. This one doesn't work. We know this other one doesn't work. So, guess what's left? So, that's the way we ended up with Fortinet. And I said we're very happy with them so far. >> In terms of some of the announcements that they have made today, around utilizing AI technology. They've also talked about their Fabric-Ready Partner Program. You've talked about a partner there. What are some of the things that excite you about what you've heard from them today? Does that give you reassurance that not only did we make the right decision but this is something that's going to help us as we evolve and as security threats naturally evolve and grow as well that you feel like you have a good foundation on the security side. >> Yeah, precisely. I'm very excited from what I saw. And you know, there's things, education, especially in this state, is extremely underfunded. So, I'd love to go out and just say, "Oh, I'd like to buy this. I'd like to buy that." We're up and running with the security fabric. And I'm excited about it. But what I'm really excited is the opportunity to grow. We can really assume some progress with that. And so, while I can't take full advantage of it or even go to the FortiOS 6 probably anytime soon. But we will be able to start laying the groundwork, and I can plan out to start filling off those check boxes in that security fabric, and start providing a better more secure internet for what I'm responsible for, what I can consume. >> So, education like everything else is changing. What are the set of options that become more available to you to Clark County School District as a consequence of bringing in a new security fabric that's capable of accommodating a little more complexity, a little bit more automation? >> Well, yes, a little bit of all that. For us, what I'm excited about with the Fortinet is that one, we've got something robust that's going to last us for five to seven years. Those will last even beyond our 80 gigs we're using now if we need to go beyond that before I retire. But the exciting part of that is, like I said, by adding in those different security fabric pieces I think we'll be able to improve bit by bit. And I know while they're going to improve them even more by the time we finally get there. So, that's exciting. >> You talked about ... I'd like you to elaborate a little bit more on your organization. It sounds, I don't want to say fragmented, but there's different centers. How has, I should say, what you guys have been able to achieve by bringing Fortinet in in terms of we talked about this dramatic reduction or elimination of DDoS. Are you able to leverage that as sort of a best practice within the school district. Do you see opportunities that this Fortinet partnership can have for you in that respect? >> It gives us some validity. It shows that it did make a difference. We didn't just spend some money on it no reason. Yeah, because of its being siloed, what the Fortinets will give us now is we can know exactly which department to send certain tickets to. What we see whether it's to be malware or something pinging out that shouldn't. We can better address where it's coming from and what to do with it. And again, Mosaic is our sock. So, working with them, working with Fortinet we've been able to improve our response to minor incidents as they happen. >> Are there other natural issues that the County of Las Vegas deals with that makes Fortinet especially relevant? I mean, obviously, great distances. But you know, you've got large mountains surrounding here. It's a very dry environment. Are you finding that there's just things about the location that makes Fortinet that much better choice? >> I don't really think environmental ... Pretty much what makes this the best choice is not really where we are but just what we do. Like I said, the internet comes to us, and then we kind of spray it out from there. And so, that availability and reliability is what's important. Sort of where we are doesn't quite matter. But it is the ability to be able to service the customers. >> So, we kind of look at the security transformation that you're on. You've talked to us about some of the achievements that you've made so far in the first year. What are some of things throughout the rest of 2018 that your looking forward to enabling your environment with your Fortinet partnership? >> Some of the things I'm excited about there is, like you had mentioned before the AI part of that. That I'm really excited to hopefully implement. That just takes some ... I can use the eyes I have. I only have four security people basically for that organization. Two of them from Mosaic, two of my own people. And so, if I can have those people addressing bigger concerns than malware or stuff like that. And VAI can better handle that, so instead of digging through logs, we can just, there it is, block it or it's already blocked. That would save us. And I could use that talent for more serious items. We already completed our Edge redesign the networks. Now, we're not redundant on that. We're working on our internal network. So, if we can spend more time making those things more robust to then take advantage of the security fabric as we're able to take advantage of it then that's all the better. >> In most enterprises, there's a partnership that has to be established between security architecture, security operations, the business, and especially the employees. Employees have to take an active roll to successfully do security. Kids and schools are not necessarily well known for having consistent behaviors. How has that affected your environment? And what can enterprises learn as they think about having to serve increasingly unruly customers in their markets? >> Yeah, that's one of the things I'm just starting to dip my toe in to plan for next year is more of an education for it but then holding them accountable for that education. Yeah, I don't know which is worse, the teachers or the students. (Peter laughs) I'm guessing the teachers. (Lisa laughs) They'll click on anything they see. So, it's important to educate them first before I start rolling out some efficient testing on them and so on. But we have to start doing that because otherwise it doesn't matter if something comes in or they get it off their tablet. Now, they've infected the internal and it didn't even get to us, right? And so, it's important that education is important. We're going to start trying to hold them accountable for it. But that's a huge challenge where I'm at. That's like climbing Everest there. >> So, is Fortinet going to help? I think it will. Fortinet's going to be able to help for us to be able to have that insight on what's still working, what's not. We're still seeing these things. >> And also recognizing patterns and seeing what people tend to do wrong will probably help you pinpoint what you need to, that partnership. What the user needs to take more responsibility for. >> Right and that's the thing. It better identifies those issues. You see where they've improved or what still needs to be worked on. >> Peter: Great. >> Well, congratulation on what you've achieved so far. >> Oh, thank you. >> And thank you so much for sharing your success story with us. You're on a journey, and we wish you continuing success with that. >> Thank you. >> For my cohost, Peter Burris, I'm Lisa Martin. You've been watching theCUBE's coverage of Fortinet Accelerate 2018. We'll be right back after a short break. (upbeat techno music)

>> Announcer: Live from Las Vegas. It's theCUBE. Covering Fortinet Accelerate 18. Brought to you by Fortinet. (upbeat music) >> Welcome back to theCUBE. Our continuing coverage of Fortinet Accelerate 2018. We're excited to be here. I'm Lisa Martin with Peter Burris, and we're excited to talk to one of the Keynotes the big cheese from the main stage session this morning, John Maddison. >> I say, small cheese I would say. >> SVP of Products and Solutions at Fortinet. Welcome back to theCUBE. >> It's great to be here again. >> So two things I learned about you when you started off your Keynote. One you're a Man City Fan, Manchester City. >> Manchester City Blue. >> Okay. >> Through and through, for many years. >> Premier League all the way. And you have the best job at Fortinet. >> I do indeed. >> Wow. >> That is to announce the new products of course. >> So let's talk about that. So you talked about some exciting announcements today. Tell us about, start with a Security Fabric. What's new there, what's going on, what's exciting? >> Well the core of the Security Fabric is FortiOS 6.0, that's our network operating system. That's the core of he Fabric and when we do a big release like this, many different features, new functionalities. Also we have tighter integration now between all our products in the Fabric. Bus, as I said, new features as well. Things like SD-WAN has been improved, we now have probably estimate of breed SD-WAN security. The Fabric integration itself is going on. We built out some new connectors with cloud. Now we have connectors for all the public clouds. All the public clouds. We have a new CASB connector, acronym city, of course, as usual, CASB is cloud access security broker, API access the SaaS clouds. And so we've got that not only in it's standalone form but also very much integrated inside the Fabric. We've also introducing some new FortiGuard service as part of FortiOS 6.0, a new security rating which is based on a bunch of new practices or best practices that all our customers have said this is great best practices, can you put this together and apply these to our network overall. That's just skimming the surface as I say, I think I said there's 200 plus new services I could have stood up there for like six hours or whatever. But great new services are 6.0 big announcement for us. >> We just chatted with your America's Channel Chief Jon Bove, talk to us about. >> Who's an Arsenal fan by the way. >> What. >> And we beat him Sunday three nil in the Cup final. >> Excellent. >> Just to make sure you get this. >> I'm sure. >> Write that down. >> Jot that down. >> So what excitement are you hearing in, from your perspective, in the channel with respect to all of the new announcements that you made today? >> Great feedback, so this obviously is a big channel partner event here. You know what a lot of channel partners are saying is that I need to make sure I provide more of a solution to the customers. In the past, you know maybe they sell a point product, it's hard to kind of keep that relationship going with that customer. But if they sell a solution with one or two products that's part of that solution or managed and some services as part of that, it's much stickier for the partners and gives them a bit more of an architectural approach to their customers network. They really like the Fabric as I said. The Fabric doesn't have to be everything inside the Fabric, they can be components. It's what we've seen far from a Fabric components. Our partners really latched on to the network plus the advanced threat protection, plus the management or plus the access points. But they definitely prefer to sell a complete solution. It's hard for them to manage 40 different security vendors, the skill sets, the training and everything else. Now they're not saying there needs to be one security vendor, much as we would like it to be Fortinet, but they need to be reduced to maybe a set of 10 or 12 and really, our Fabric allows them to do that. >> That's a key differentiator. >> Absolutely key differentiator and as I said, you know it's very hard to build a Fabric. It's a mesh network, all these products talk to each other. You can only really do that if you build those products organically, step-by-step, alongside the network operating system. It's no good acquiring lots of bits and pieces and trying to bolt it together, it's not going to work. We spent a long time, 10 years, building out this Fabric organically to make sure it integrates but also putting the best of breed features and things like SD-WAN and CASB. >> What is the product? In this digital world what is a product? >> A security product? >> Any kind of product. As a guy who runs product management, what's a product, can we talk about what is a security product? >> I think in the past you know product management used to be very focused on I've got a box that comes out, or I've got a piece of software that comes out, these days it could be virtual machine or cloud, but it's doing a single instance, there's a single thing that it's doing inside, inside the network from a security perspective. What we believe in is that multifunction, now consolidation, multiple threat vectors I refer to this that like the digital attack surface. The digital transformation, security transformation. The biggest issue though, is that digital attack surface. That's just expanded enormously, it's very dynamic. Things are coming on on off the network was spinning up virtual machines and applications here and there. A point product these days just can't cope, can't cope. You need solutions against specific threat vectors that are applied in a dynamic way using the Fabric. >> But arguably it's even beyond solutions. You need to be able to demonstrate to the customer that there is an outcome that's consistent and that you will help achieve that outcome, You'll take some responsibility for it. In many respects, we move from a product to a solution, to an outcome orientation. Does that resonate with you and if so, how does that influence the way you think and the way that you're guiding Fortinet and partners? >> Yes, definitely. You know one of the first things they're very worried about is you know can they see that digital attack surface. It's very large now and it's moving around. Their outcome, first outcomes to say, do I know my risk on my attack surface? That's the very first out. Is it visible, can I see it, or can I protect it or can I apply the right threat protection against that. That outcome to them is they can see everything, protect everything, but as I said also, now they're moving into this more detection environment. Where you've got machine learning, artificial intelligence because you need to apply that. The bad guys these days are very smart in that they know they can morph things very quickly and provide you know targeted attacks, zero-day attacks, we probably haven't seen it before. I hate this analogy where we say somebody else got to get infected before everyone else gets protected. It shouldn't be that way. With, you know, with technologies like artificial intelligence, machine learning, we should be able to protect everybody from day one. >> Kind of pivoting on, you brought up the word outcome, and I want to go off that for a second. When you're talking with customers and you mentioned, I think, before we went live that you visited, talked to over 300 customers last year. Who is at the table, at a customer, in terms of determining the outcome we need to have? Are we talking about the CSO's team, what about folks in other organizations, operational technology departments. Who are you now seeing is in this conversation of determining this outcome. >> A new job role which I think been coming for a while, it's the security architect. Two years ago, I'll go into a room and there would be the networking team on one side of the table, this InfoSec team security side, on this side of the table, the CIO over here and the CSO over here and they be debating. I would be almost invisible in the room. They'll be debating what's going to happen because you know the CIO wants to build out more agile business applications, wants to move faster. The security team has got to answer to the Board these days, and they got to make sure everything's secure. What's their risk factor? And what I see is a new job function called the security architect, that kind of straddles a bit the networking team, understands what they're building out from an SDN, architecture, cloud perspective, but also understands the risks when you open up the network. The security architect provides more holistic, long-term architecture view for the customer, versus, I've got to fix this problem right now I've got a hold of a bucket, I've got to fix it, then we move on to the next. They're building a system on architecture long term. We have something called a Network Security Expert, it's our training education capability. We have an NSC eight, we have around 100 thousand people certified in the last two years on NSC between one and eight. And about 100 people on eight, because eight's a very high level architect level across all the security technologies. But we definitely see a lot of partners who want to get their people trained to NCE level eight because they would like to provide that security architect that's in the customer now, that advice on what should be that holistic security architecture. The big change to me is that the networking team and the security team have realized they can't just keep fixing things day to day, they need a more holistic long-term architecture. >> Let's talk about that holistic approach. At Wikibon we talk a lot about SiliconANGLE Wikibon, we talk a lot about how the difference between business and digital business is the role that data assets play in the digital business. I think it's a relatively interesting, powerful concept, but there's not a lot of expertise out there about thinking how is a data asset formed. I think security has a major role to play in defining how a data assets structured because security in many respects is the process of privatizing data so that it can be appropriated only as you want it to. What does the security architect do? Because I could take what you just said and say the security architect is in part responsible for defining and sustaining the data asset portfolio. >> Yes and you know, if you go back a few years, there's data leakage prevention was a big area, big marketplace, DLP is the best thing. Their biggest problem that they did was they couldn't tag the assets. They didn't know what assets were so then when it came to providing data protection they go well, what is it, I don't know where it's from, I don't know what it is. And so that a whole marketplace kind of just went away. We're still there a bit, but everyone's really struggling with it still. The 6.0 introduced something called tagging technology. It's inherent already inside routing systems and switching systems, SDN systems. The tagging technology allows you to look at data or devices or interfaces or firewalls from a higher level and say this is the business relationship between that device, that data and what my business objectives are. We talked about intent based network security and the ability long term is to say, hey, if I've got a user and I want to add that user to this network at security level six to that application, I say that, then it gets translated into bits and bytes and network comport and then gets translated end-to-end across the network. The tagging technology from my mind is the first step in a to be able to kind of tag interfaces and data and everything else. Once you've got that tagging done then you can apply policies as a much higher level which are data centric and business aware centric. >> I'm going to ask you a question related to that. Historically, networks in the IT world were device was the primary citizen right. Then when we went to the web the page became a primary citizen. Are we now talking about a world in which data becomes the primary citizen we're really talking about networks of data? >> I think to some extent. If you look at the users today, they have like maybe three or four devices. Because students, universities, there's something on with those lectures, they've got an iPad, their iPhone, three devices attaching there. I think the definition of one user and one device has gone away and it's multiple devices these days. And you know a lot of devices attaching that no one has any clue about. I don't think it's going to be completely data centric because I still think it's very very hard to tag and classify that data completely accurately as it's moving around. I think tends to be a part of it, I think devices going to be part of it, I think the network itself, the applications, are all going to be part of this visibility. In our 6.0 we provide this topology map where you can see devices users. You can see applications spin up, you can see the relationship between those things and the policies, the visibility is going to be extremely important going forward and then the tagging goes along with that and then you can apply the policy. >> With respect to visibility, I wanted to chat about that a little bit in the context of customers. One of the things that Ken talked about in his keynote was. >> Ken? >> Ken. >> Ken Xie. >> Yes. (laughing) >> Ken who? >> That guy? The guy that steals slides from you in keynotes. >> He did as usual. >> I know, I saw that. >> Tells me like two minutes before tells me John, I need that slide. (Peter laughing) >> That's why you have the best job. Everybody wants to copy you. In terms of what what the CEO said, that guy, that Fortinet protects 90% of the global S&P 100. There were logos of Apple, Coca-cola, Oracle, for example. In terms of visibility, as we look at either, a giant enterprise like that or maybe a smaller enterprise where they are, you mentioned this digital tax surface is expanding because they are enabling this digital business transformation, they've got cloud, multi-cloud, mobile, IoT, and they also have 20, north of 20, different security products in their environments. How did they get visibility across these disparate solutions that don't play together. How does Fortinet help them achieve that visibility, so they can continue to scale at the speed they need to? >> Well I think they use systems like SIM systems we have a Forti SIM as well where you can use standard base sys logs and SNMP to get information up there so they can see it that way. They're using orchestration systems to see parts of it, but I think long term, I think I speak to most customers they say, although there's specific, new vendors maybe for specific detection capabilities, they really want to reduce the number of vendors inside their network. You say 20, I sometimes I hear 30 and 40. It's a big investment for them. But they also realize they can't maintain it long term. Our recommendation to customers is to, if you've got some Fortinet footprint in there, look at what's the most obvious to build out from a Fortinet perspective. Sometimes we're in the data centers or sometimes we expand into the WAN and sometimes we expand into the cloud. Sometimes we'll add some advanced threat protection. We're not saying replace everything obviously with Fortinet, we're saying build what's most obvious to you and then make sure that you've got some vendors in that which are part of our Fabric alliance. We have 42 vendors now, security vendors, from end point to cloud to management that can connect in through those different APIs. And when we click them through those APIs they don't get you know the full Fabric functionality in terms of telemetry and visibility but they apply a specific functionality. A good example would be an endpoint vendor connecting through our sandbox not quite sure about files, entered our sandbox we'll give them a recommendation back. As soon as we know about that, all the Fabric knows about it instantly across the whole network because time is of the essence these days. When something gets hacked, it's inside a network. It's less than 60 seconds for something for the whole network. That's why segmentation, interim segmentation, is still a very important project for our customers to stop this lateral movement of infections once they get inside the network. >> But, very quickly, it does sound as though that notion of the security architect, this increasing complexity inside the network and I asked the question about whether data is going to be the primary decision, you get a very reasonable answer to that. But it sounds like increasingly, a security expert is going to have to ask the question how does this data integrate? How am I securing this data? And that, in many respects, becomes a central feature of how you think about security architecture and security interactions. >> Yeah but I think people used to build a network and bolt on security as an afterthought. I think what they're saying now is we need for the networking people and security people to work together to build a holistic security architecture totally integrated day one, not some afterthought that goes on there. That's why we know, we've been building the Fabric all these years to make sure it's a totally integrated Fabric end-to-end segmentation architecture where you can also then connect in different parts of the network. It has to be built day one that way. >> Last question, is sort of, I think we asked your CSO this, the balance between enabling a business to transform digitally at speed and scale. I think it was one of you this morning, that said that this is going to be the year of security transformation. Could've been that guy, that other guy, that you know, steals your slides. But how do how does a company when you're talking with customers, how do they get that balance, between we are on this digital transformation journey. We've got a ton of security products. How do they balance that? It's not chicken and egg to be able to continue transforming to grow profit, you know be profitable, with underpinning this digital business with a very secure infrastructure. >> As I said, I think most of them got that now. They kind of go, they've got this five-year plan versus a one-year plan or a six-month plan on the security side. It's integrated into the network architecture plan long term and that's the way they're building it out and that's the way they've got a plan to get, you know, you look at financial organizations who want to provide internet access or branch offices. They've got a plan to roll it out, that's safe going forward, or they want to add broadband access to their internet, like 5G or broadband interconnection, they've got a plan for it. I think people are much more aware now that when I build something out whether it be on the data side on the network side, it has to be secure from day one. It can't be something I'll do afterwards. I think that's the biggest change I've seen in my customer interactions is that they absolutely, essential is absolutely essential that they build out a secure network from day one, not an afterthought going forward. >> Well, we'll end it there, secure network from day one. John, thanks so much for stopping by theCUBE, congratulations on the announcements and we hope you have a great show. >> Great thanks. >> Thank you for watching, we are theCUBE, live from Fortinet Accelerate 2018. I'm Lisa Martin with my co-host Peter Burris. Stick around, we'll be right back.

>> (Narrator) Live from Las Vegas. It's theCUBE. Covering Fortinet Accelerate 18. Brought to you by Fortinet. >> Welcome to Fortinet Accelerate 2018. I'm Lisa Martin with theCUBE and we're excited to be here doing our second year of coverage of this longstanding event. My cohost for the day is Peter Burris; excited to be co-hosting with Peter again, and we're very excited to be joined by the CEO, Founder, and Chief Chairman of Fortinet, Ken Xie, Ken welcome back to theCUBE. >> Thank you, Lisa, thank you, Peter. Happy to be here. >> It's great to be here for us as well, and the title of your Keynote was Leading the Change in Security Transformation, but something as a marketer I geeked out on before that, was the tagline of the event, Strength in Numbers. You shared some fantastic numbers that I'm sure you're quite proud of. In 207, $1.8 in billing, huge growth in customer acquisitions 17.8 thousand new customers acquired in 2017 alone, and you also shared that Forinet protects around 90% of the Global S&P 100. Great brands and logos you shared Apple, Coca Cola, Oracle. Tell us a little bit more and kind of as an extension of your Keynote, this strength in numbers that you must be very proud of. >> Yeah, I'm an engineer background, always liked the number, and not only we become much bigger company, we actually has 25 to 30% global employment in a network security space. That give a huge customer base and last year sales grow 19% and we keeping leading the space with a new port out we just announced today. The FortiGate 6000 and also the FortiOS 6.0. So all this changing in the landscape and like I said last year we believe the space is in a transition now, they've got a new generation infrastructure security, so we want to lead again. We started the company 18 years ago to get into we called a UTM network firewall space. We feel infrastructure security is very important now. And that we want to lead in the transition and lead in the change. >> So growth was a big theme or is a big theme. Some of the things that we're also interesting is another theme of really this evolution, this landscape I think you and Peter will probably get into more the technology, but give our viewers a little bit of an extension of what you shared in your keynote about the evolution. These three generations of internet and network security. >> Yeah, when I first start my network security career the first company I was study at Stanford University, I was in the 20s. It was very exciting is that a space keeping changing and grow very fast, that makes me keeping have to learning everyday and that I like. And then we start a company call Net Screen when it was early 30s, that's my second company. We call the first generation network security which secured a connection into the trust company environment and the Net Screens a leader, later being sold for $4 billion. Then starting in 2000, we see the space changing. Basically you only secure the connection, no longer enough. Just like a today you only validate yourself go to travel with a ticket no longer enough, they need to see what you carry, what's the what's the luggage has, right. So that's where we call them in application and content security they call the UTM firewall, that's how Fortinet started. That's the second generation starting replacing the first generation. But compared to 18 years ago, since change it again and nowadays the data no longer stay inside company, they go to the mobile device, they go to the cloud, they call auditive application go to the IoT is everywhere. So that's where the security also need to be changed and follow the important data secure the whole infrastructure. That's why keeping talking from last year this year is really the infrastructure security that secure fabric the starting get very important and we want to lead in this space again like we did 18 years ago starting Fortinet. >> Ken, I'd like to tie that, what you just talked about, back to this notion of strength in numbers. Clearly the bad guys that would do a company harm are many and varied and sometimes they actually work together. There's danger in numbers Fortinet is trying to pull together utilizing advanced technologies, new ways of using data and AI and pattern recognition and a lot of other things to counter effect that. What does that say about the nature of the relationships that Fortinet is going to have to have with its customers going forward? How is that evolving, the idea of a deeper sharing? What do you think? >> Actually, the good guy also started working together now. We formed the they call it the Cyber Threat Alliance, the CTA, and Fortinet is one of the founding company with the five other company including Palo Alto Network, Check Point and McAfee and also feel a Cisco, there's a few other company all working together now. We also have, we call, the Fabric-Ready Program which has a 42 bigger partner including like IBM, Microsoft, Amazon, Google, all this bigger company because to defend the latest newest Fabric threat you have to be working together and that also protect the whole infrastructure. You also need a few company working together and it's a because on average every big enterprise they deploy 20 to 30 different products from different company. Management cost is number one, the highest cost in the big enterprise security space because you have to learn so many different products from so many different vendor, most of them competitor and now even working together, now communicate together. So that's where we want to change the landscape. We want to provide how infrastructure security can work better and not only partner together but also share the data, share the information, share the intelligence. >> So fundamentally there is the relationship is changing very dramatically as a way of countering the bad actors by having the good actors work more closely together and that drives a degree of collaboration coordination and a new sense of trust. But you also mentioned that the average enterprise is 20 to 30 fraud based security products. Every time you introduce a new product, you introduce some benefits you introduce some costs, potentially some new threat surfaces. How should enterprises think about what is too many, what is not enough when they start thinking about the partnerships that needed put together to sustain that secure profile? >> In order to have the best protection today you need to secure the whole infrastructure, the whole cyberspace. Network security still the biggest and also grow very fast and then there's the endpoint and there's a like a cloud security, there's a whole different application, email, web and all the other cloud all the other IoT. You really need to make sure all these different piece working together, communicate together and the best way is really, they have to have a single panel of our management service. They can look at them, they can make it integrate together they can automate together, because today's attack can happen within seconds when they get in the company network. It's very difficult for human to react on that. That's where how to integrate, how to automate, this different piece, that is so important. That's where the Fabric approach, the infrastructure approach get very important. Otherwise, you cannot react quick enough, in fact, to defend yourself in a current environment. On the other side for your question, how many vendor do you have, I feel the less the better. At least they have to work together. If they're not working together, will make it even more difficult to defend because each part they not communicate and not react and not automate will make the job very, very difficult and that's where all this working together and the less vendor they can all responsible for all your security it's better. So that's where we see some consolidation in the space. They do still have a lot of new company come up, like you mentioned, there's close to 2,000 separate security company. A lot of them try to address the point solution. I mentioned there's a four different level engineer after engineer work there because I see 90% company they do the detection. There's a certain application you can detect the intrusion and then the next level is where they after you attack what are going to do about it. Is it really the prevention setting kick in automatic pull out the bad actor. After that, then you need to go to the integration because there's so many different products, so many different piece you need to working together, that's the integration. Eventually the performance and cost. Because security on average still cost 100 times more expensive under same traffic and also much slower compared to the routing switch in networking device. That's what the performance cost. Also starting in the highest level, that's also very difficult to handle. >> So, we're just enough to start with the idea of data integration, secure data integration amongst the security platform, so enough to do as little as possible, as few as possible to do that, but enough to cover all the infrastructure. >> Yes, because the data is all a whole different structure. You no longer does have to trust environment. Because even inside the company, there's so many different way you can access to the outside, whether it by your mobile device so there's a multiple way you can connect on the internet and today in the enterprise 90% connection goes to Wi-Fi now it's not goes to a wired network, that's also difficult to manage. So that's where we will hide it together and make it all working together it's very important. >> So, in the spirit of collaboration, collaborating with vendors. When you're talking with enterprises that have this myriad security solutions in place now, how are they helping to guide and really impact Fortinet's technologies to help them succeed. What's that kind of customer collaboration like, I know you meet with a lot of customers, how are they helping to influence the leading security technologies you deliver? >> We always want to listen the customer. They have the highest priority, they gave us the best feedback. Like the presentation they talked about there's a case from Olerica which is where they have a lot of branch office and they want to use in the latest technology and networking technology. I see when I'm working together with security, that's ready the new trend and how to make sure they have all the availability, they have the flexibility software-defined networking there and also make sure to security also there to handle the customer data, that's all very important so that's what we work very closely with customer to response what they need. That's where I'm still very proud to be no longer kind of engineer anymore but will still try to build in an engineer technology company. Lesson to the customer react quick because to handle security space, cyber security, internet security, you have to be work quickly react for the change, on internet, on application. So that's where follow the customer and give them the quick best solution it's very very important. On the customer side in Anaemia we talked about that was talked a little bit about this morning with GDPR are is around the corner, May 2018. Do you see your work coordinates work with customers in Anaemia as potentially being, kind of, leading-edge to help customers in the Americas and Asia-Pacific be more prepared for different types of compliance regulations? >> We see the GDPR as an additional opportunity, as a additional complement solution compared to all the new product technology would come up. They definitely gave us an additional business rate, additional opportunity, to really help customer protect the data, make the data stay in their own environment and the same time, internet is a very global thing, and how to make sure different country, different region, working together is also very important. I think it's a GDPR is a great opportunity to keeping expanding a security space and make it safer for the consumer for the end-user. >> So Ken as CEO Fortinet or a CEO was tough act, but as CEO you have to be worried about the security of your business and as a security company you're as much attacked, if not more attacked than a lot of other people because getting to your stuff would allow folks to get to a lot of other stuff. How do you regard the Fortinet capabilities inside Fortinet capability as providing you a source of differentiation in the technology industry? >> Yeah we keep security in mind as the highest priority within a company. That's where we develop a lot of product, we also internally use tests first. You can see from endpoint, the network side, the email, to the web, to the Wi-Fi access, to the cloud, to the IoT, it's all developing internally, it tests internally so the infrastructure security actually give you multiple layer protection. No longer just have one single firewall, you pass the fire were all open up. It's really multiple layer, like a rather the ransomware or something they had to pass multiple layer protection in order to really reach the data there. So that's where we see the infrastructure security with all different products and developed together, engineer working together is very important. And we also have were strong engineer and also we call the IT security team lead by Phil Cauld, I think you are being interview him later and he has a great team and a great experience in NSA for about 30 years, secure country. And that's where we leverage the best people, the best technology to provide the best security. Not only the portal side, also our own the internal security in this space. >> So, in the last minute or so that we have here, one of the things that Patrice Perce your global sales leader said during his keynote this morning was that security transformation, this is the year for it. So, in a minute or so, kind of what are some of the things besides fueling security transformation for your customers do you see as priorities and an exciting futures this year for Fortinet, including you talked about IoT, that's a $9 billion opportunity. You mentioned the securing the connected car to a very cool car in there, what are some of the things that are exciting to you as the leader of this company in 2018? >> We host some basic technology, not another company has. Like a built in security for a single chip. I also mentioned like some other bigger company, like a Google started building a TPU for the cloud computing and Nvidia the GPU. So we actually saw this vision 18 years ago when we start a company and the combine the best hardware and best technology with solve for all this service together. So, long term you will see the huge benefit and that's also like translate into today you can see all these technology enable us to really provide a better service to the customer to the partner and we all starting benefit for all this investment right now. >> Well Ken, thank you so much for joining us back on theCUBE. It's our pleasure to be here at the 16th year of the event, our second time here. Thanks for sharing your insight and we're looking forward to a great show. >> Thank you, great questions, it's the best platform to really promoting the technology, promoting the infrastructure security, thank you very much. >> Likewise, we like to hear that. For my co-host Peter Burris, I'm Lisa Martin, we are coming to you from Fortinet Accelerate 2018. Thanks for watching, stick around we have great content coming up.

>> Narrator: Live form Las Vegas, Nevada, it's the Cube, covering Accelerate 2017, brought to you by Fortinet. Now here are your hosts, Lisa Martin and Peter Burris. >> Welcome back to the Cube, we are live in Las Vegas, at Fortinet's Accelerate 2017 event. A really exciting busy day that I have had with my cohost, Peter Burris, I'm Lisa Martin, we are very excited to be joined by Zeus Kerravala next, of ZK research. Welcome to the cube. >> Thanks Lisa, it's a-- >> We're happy to have you here. >> Yeah, it's great to be here. >> And we, as I've mentioned, Peter and I have been talking with a lot of great folks all day, from Fortinet, from Technology Alliance Partners. The buzz is here, obviously, the security as an industry of the market, there is tremendous change going on there, breaches are happening daily with, from big brands that we're all very aware of as consumers to the small mom 'n pop. So, Zeus, you founded ZK Research, you said a little over five years ago... >> Zeus: That's correct. But you've been in the industry as an analyst for quite a long time, and you actually were in IT as well as CIO. >> Yeah, I was. I was, I played a number of different roles, I started off as an engineer, I held a role as a CIO for a while, I worked for Avar, and then I got tired of doing that, and I became an industry analyst, and I've been doing that about 15 years now >> Excellent, so one of the things that we'd love to ask you about is, during the keynote this morning, the CEO of the Fortinet, Ken Xie, talked about this big impact that hyperconnectivity is having in general, this proliferation of mobile devices, of IoT devices, that are really causing a lot of challenges for security, but also talked about, that there will be tremendous growth in the security market, what's your take on where the security market is going? >> Yeah, I really liked Ken's keynote, in fact, Ken typically delivers very technical keynotes, and that's worked well for him, cause customers tend to love him, and this one is a little higher level, and I really like that, and Ken's right, we're moving into a world, where everything is connected, literally everything, our cars, our pets, the things we wear, the things in our home, everything in our business, and that has some profound implications for business. Alright, first of all, security is becoming a, an asymmetric problem for security professionals, what I mean by that is, it used to be you had one way into the network, and you had to protect it, and the bad guys had to come through that way. Now, security professionals have to protect tens, hundreds, thousands of new entry points, created from all these connections, to the Cloud, to IoT devices, but the bad guys still only have to find one way in, and once they're in, we assume that environment is secure, and they can meander around, and the bad guys can figure out what to steal. And so, I think, one of the points that was underscored in Ken's keynote is the fact that security is changing, it's evolving from something that was focused at the perimeter. >> Lisa: Right. >> To something that needs to be focused more internal. In fact, my research shows that 90 percent of security spend is still focused at the perimeter, and only 20 percent of the breaches occur there. So, you can see customers are misaligned with how they're spending they're money, and I thought a lot of the messages from Ken's keynote were, I think, well received by the audience, because it's something they need to hear. >> Yeah, he talked about the security evolution, which I also thought was quite interesting. I saw a graphic the other day that showed, by decades, security evolution, you talked about perimeter in the 1990s, it was focused on perimeter, obviously still important, but not the only thing, you talked about, there's a lot of ways in now. Then going onto Web 2.0, web security, then Cloud security in the 2010s, and now getting to this, what Ken described as the third generation of a Fabric needing automation, needing resilient energy, talked about kind of internal, so that I thought that was a really interesting way of looking at that, but also very interesting that you're saying almost that 80, 20 rule, with your clients, how are you helping them, to sort of switch that from a spend, and really show, even in some ways maybe, how the technology that they would employ from a security perspective can actually bring revenue opportunities. >> Yeah, well, I think they have to rely more on the technology, and automation, typically security has been deployed, box by box, device by device, at specific points in the network using manual processes, and frankly, that's kind of slow, right. And security already has a bit of a bad rap, that it slows the business down, users tend to turn things off in their computers, because it slows them down, and in this digital era, and I was glad Ken talked about digital transformation, because in the digital era, the new currency of business is speed. Companies need to move with unprecedented speed. Those, that can do that, will be able to stay in market leadership, and those that can't, will fall behind, and frankly, over the last five years, we've seen a bunch of big name vendors, brands that we all knew, go away, right, because they couldn't keep up. Now, when you think about what companies are trying to do in order to be a digital enterprise, you need to be agile, but you're only as agile as your least agile IT component, and today, that's the network. So, if I've got this fully automated IT stack, and I've got containers popping up, and new applications being deployed, and I'm accessing things from the Cloud, but my engineers have to run around with security appliances, and deploy them, all that does is slow the business down, and so, I think the concept of the Security Fabric is to ensure that you have the right services in the right places that you can turn on, and now, security becomes a business enabler, and not an inhibitor, so in some ways, we're flipping the model around where security, like I said, has been viewed as something that's held the company back, but it's now something that can allow us to differentiate ourselves, because we'll have the trust from the customers that we have the right security in the right places. >> I want to follow up on a point you made about the 90 percent of the investment at perimeter, and 20 percent. There might be another way of thinking about it, and I'm going to test this with you, is that it takes that 90 percent of security investment is what it takes to ensure that no more than 20 percent of the attacks occur at the perimeter, so does that mean that we need to reallocate that 100 percent sources, where that 100 percent is going to grow 3x, because it's still going to require that 90 percent to keep the perimeter secure. >> Yeah, I think it's a bit of both, but I do think, we will see the spend of security go up, because we have to secure more things. Like if you look at some of the big breaches that we've seen, in fact, almost all of them occurred from inside the network. So bad guys are smart, the hackers are clearly they're some of the most brilliant minds out there, that's why they're able to do what they do, and they know that the perimeter security today is so well-built that the amount of effort it takes to break through it is very, very high, so you're right, that amount of spend is required to keep all those threats out. >> Peter: But it's not the only answer. >> It's not the only answer. >> So we're going to need to continue to invest in an in-point, and perimeter, but as you were saying, we also have to invest in data, and have a balanced approach to the whole thing, which we adjust to this notion of Fabric. >> Yeah, and I think the automation capabilities of the Fabric can really help of certainly, because I don't want people watching this to think, "oh, my God, my security budget is going to be like triple what I had.", because frankly the people cost associated with security from my research are almost about 60 percent of the cost. I mean the equipment itself isn't all that much, right. So if I can invest more in the right technology, and I can automate a lot of the things I can do today, now I can reallocate those people cost somewhere else. So, in fact, I may wind up spending the same amount from an overall perspective, or maybe a little bit less, but I'll be far more secure, because I have the right technology in the right places. >> So where are those people going to go? >> I hear all the time, an I think this is one of the things that has held automation back from IT people that they're scared to death of automation, because they think their jobs are at stake, but if you look... All the way back to the mainframe, we've always had this transition, right, where we did things, and then new technology came in, and new skills are needed to do new things, and I think if you look at IT today, there's a crying need for data scientists, for analytic skills, I mean security itself Is less about point products, and more about data gathering, and data analytics, and there's very few of those professionals out there, so if I'm a professional, security professional today, I want to automate those traditional tasks because I need to invest in myself to make sure that my skillset is current today, and also a decade from now, and I think a lot of that's going to come in the area of data sciences. >> Yeah, and as you said, a lot of those skills in doing the models of security, and this Fabric notion are transferable to other domains. >> Oh, absolutely, because if you don't want to stay a security professional, but most security people like security, that's why they're doing it. But I do think there will always be need for skills in the next thing, the key for the security professionals is don't get stuck in the old world, you know, embrace this new world, embrace automation because it's going to free up their time to do things that are more strategic to the company, which is going to allow them to be more valuable as well. >> You touched on the Fabric term a minute ago, and that's one of the things that Fortinet announced last year was the Security Fabric approach. Can you talk to us about Fabric versus Platform, what are your thoughts there, and how are they different? >> Yeah, I think, first of all, the Fabric, and Platform, are both roughly trying to solve the same problem that... Too many vendors doesn't make you more secure, in fact, my research shows that on average, companies have 32 vendors, different security vendors, which you can't build any kind of strategy around that. So the concept of either, a Fabric, or a Platform, is that I can reduce the number of vendors, I can simplify my architecture, and I get more intelligence across the entirety of the Platform, or the Fabric. Now the difference though, is I think the Fabric, think of what a Fabric is, it's a big cloth where any point is connected to any point, and so the security intelligence is spread across that Fabric, and I can drop new components in, or take em out, and things will continue to work. So, it allows me, that if I put a new IoT device in, I can push security capabilities there, if I started using a new cloud service, I can push security capabilities there. A Platform to me, is more dependent on a centralized point of control, and I can attach things to that point of control, but if I take that point of control out, none of the things works, and so I think, the Fabric almost democratizes security capabilities across the infrastructure, because it's more dynamic, and more distributed, and we're clearly living in a world where dynamism, and distribution, are the norm, and so the security architecture needs to follow that. >> Paradoxically, doesn't that centralized security platform the become the biggest security risk in the company? >> Zeus: Yeah, well, if you breach that, you can get anywhere. >> Get anywhere. >> Zeus: Right, right. And so I think the Security Fabric is the right way to think about it, you're not trying to beef off one particular area here, you're trying to make a set of security services available across your entire infrastructure. >> Is that, that kind of, a key advice that you give to your clients that are looking for, this now requires a new approach, new architecture, is that kind of the key advice that you offer to them? >> Yeah, well that's the biggest conversation I have with security professionals today, is they don't really know where to go from here, they've invested all this money in all these tools, and the environment has gotten increasingly more complicated, right. So, they're falling behind. It's very, very slow, and it's not working. The average number of days to find a breach is a hundred days, think of what can happen in a hundred days, that's over a quarter. And so, there's a great desire to be able to find breaches faster, but also first simplify the architecture, and that's always my advice is, you can't move forward, until you take a step back, and simplify, right. And the concepts, I think of the Fabric, are really aligned with that, it's simplification, automation, and it removes a tremendous amount of the human burden from security operations, which frankly I think is holding things back. >> What are some of the things that you're most excited about? You were in the keynote this morning, we chatted about that, we talked about some of the things that were discussed there with the evolution of security, the third generation, you mentioned speed as currency, and actually kind jogged my memory about something that you were talking about with respect to data, and also that was brought up this morning as the data value, if it is not valuable to a business, you know, that business has-- >> Well one of the things we talked about this morning specifically was that security used to be the department of no, as you said earlier, and companies that can collapse the time between an idea, and execution, in a world where, at least in the digital world, where digital security is so essential, are going to provide an enormous net new set of value propositions to their customers, and I'm sure you've seen that. >> Yeah, well, no doesn't work anymore because of shadow IT, if you say no to a line of business, they're just going to go find a different way to do it, and that can have incredibly... That can be incredibly risky, because now IT has no control, in fact... Some of the interesting data points from my research is that 50 percent of companies, don't know what devices are attached to their network, and I think 96 percent of companies have IT services that have been procured not through IT, directly by the line of business, so it's become the norm, and I think, if you look across the entirety of the world today, from business processes through IT strategy, right, data and analytics has become the key differentiator, to be able to take the data, analyze it, and then be able to create some new insights. Now from a line of business perspective, their trying to understand the way you like to shop, the sports teams you like, the things you like to buy, and push more relevant content to you. From a security perspective, it's being able to find those breaches faster, and then, being able to cut that number down from 100 days to frankly, we've got to get to minutes, and I thought some of the more exciting things they showed in the keynote were the ability to take the data, and then show it visually, because I've always said you can't secure what you can't see, right, and if you're blind to what's going on in the network, you'll never ever, ever be able to truly secure it, and so I think we're-- Fortinet is entering an era now, where they're actually harnessing the power of all the date they have, but they're focused more on the UI in the new FortiOS 5.6, a big part of that is the new user interface to be able to display the data in a way that's understandable by the people using the tools. >> So that's a great point that you can't secure what you can't see. >> Zeus: You cannot secure what you can't see, yeah. >> Well, Derek Manky, was actually talking earlier, who's the global security strategist here at Fortinet, I'm sure you know Derek. >> Zeus: Yeah. >> Was actually talking about one of the things he's excited about, and want to get your take on this point, is that he thinks 2017 may be the year that the white hats get the upper hand. >> Well hopefully, I do think-- >> Peter: Because of this notion of automation, and-- >> Yeah, you know, I talked about the asymmetric problems to security where the bad guys need to find one way in, I think data, and visualization can reverse that, because once they're in the network, the bad guys need to stay hidden, and the good guys, right, the internal security department, only needs to find one instance of anomalous traffic, or something that could indicate a breach to be able to start the process of remediation, and so you're right, I think in some ways, 2017, well maybe a little, maybe next year, but hopefully, this year, the white hats start to, they'll at least gain ground this year, and I think that we'll start to see that assymetry problem flipped. >> Precisely, because you only need one instance of a bad action. >> correct, correct. And a lot of that, a lot of these bad actions come from users specifically being targeted, and sometimes, security, no matter how much training they do, you just don't know, you get an email from somebody, you click on it, somebody sends you a file, I've talked to HR people that have gotten resumes emailed to them that have viruses in them, and they don't know, but once that action starts, the data, and visualization tools can help identify those very, very quickly, and the important part about that is the faster you find it, the smaller the blast radius. So if I find it in five seconds, maybe only that HR person's computer is affected, but if it takes me a hundred days, now the whole department, or maybe a whole building has been impacted, so containing that blast radius, I think, is something that security professionals need to focus on. >> Now is a blast radius typically a function of time, or is it also a function of proximity to other business activities, or both? >> I think it's primarily a function of time, and I think it's exponential. So the longer the time goes exponentially, the greater the damage. >> Well gentlemen, tremendous conversation, there's a tremendous amount of opportunity, I think is what we've heard today, thank you very much, Zeus, for sharing your insight, your research with us. Let's hope that 2017 is the year, the white hats get the upper hand. >> Yeah, I think it's a really exciting time for security professionals, and first time in a long time, they have the opportunity to fight back, in a battle that they've been losing ground in for really the better part of a decade. >> Well Zeus, thank you so much for joining us. >> Zeus: Thank you. >> On behalf of my colleague, Peter Burris, thank you for watching, stay tuned, we'll be right back to wrap up the day. (electronic music)