>> Live from Barcelona, Spain. It's the cue covering Sisqo. Live Europe. Brought to you by Cisco and its ecosystem partners. >> Welcome back to sunny Barcelona. Everybody watching the Cube, the leader and live tech coverage. We go out to the events, we extract the signal from the noise we hear There's our third day of coverage that Sisqo live. Barcelona David Lot. John Furrier. This here stew Minutemen all week. John, we've been covering this show. Walter Wall like a canon ae is here is a distinguished engineer and product line. CTO for Cisco Analytics. Welcome to the Cube. You see you again. Welcome back to the Cube. I should say thank you very much. So tell us about your role. You're focused right now on malware encryption. We want to get into that, but but set it up with your roll >> first. Well, I'm trying to raise the cost to the bad guy's hiding in your network. I mean, basically it's it. It it's an economics thing because one there's a lot of places for them to hide. And and they they are innovating just as much as we are. And so if I can make it more expensive for them to hide and operate. Then I'm doing my job. And and that means not only using techniques of the past but developing new techniques. You know, Like I said, it's It's really unlike a regular job. I'm not waiting for the hard drive to fail or a power supply to fail. I have an active adversary that's smart and well funded. So if I if I shipped some innovation, I forced them to innovate and vice versa. >> So you're trying to reduce their our ally and incentives. >> I want to make it too expensive for them to do business. >> So what's the strategy there? Because it's an arms race. Obviously wanted one one. You know, Whitehead over a black hat, kind of continue to do that. Is it decentralized to create more segments? What is the current strategies that you see to make it more complex or less economically viable to just throw resource at a port or whatever? >> There's sort of two dimensions that are driving change one. You know they're trying to make a buck. Okay? And and, you know, we saw the ransomware stuff we saw, you know, things that they did to extract money from a victim. Their latest thing now is they've They've realized that Ransomware wasn't a recurring revenue stream for them. Right? And so what's called crypto jacking is so they essentially have taking the cost structure out of doing crypto mining. You know, when you do crypto mining, you'll make a nickel, maybe ten cents, maybe even twenty cents a day. Just doing this. Mathematical mining, solving these puzzles. And if you had to do that on your own computer, you'd suck up all this electricity and thing. You'd have some cost structure, right and less of a margin. But if you go on, you know, breach a thousand computers, maybe ten thousand, maybe one hundred thousand. Guess what, right you? Not one you're hiding. So guess what? Today you make a nickel tomorrow, you make another nickel. So, you know, if you if you go to the threat wall here, you'd be surprised this crypto mining activity taking place here and nobody knows about it. We have it up on the threat wall because we can detect its behavior. We can't see the actual payload because all encrypted. But we have techniques now. Advanced Analytics by which we can now call out its unique behaviour very distinctly. >> Okay, so you're attacking this problem with with data and analytics. Is that right? What? One of the ingredients of your defense? >> Yeah. I mean, they're sort of Ah, three layer cake There. You first. You have? You know, I always say all telemetry is data, but not all data. Is telemetry. All right? So when you when you go about looking at an observation or domain, you know, Inhumans, we have sight. We have hearing these air just like the network or the endpoint. And there's there's telemetry coming out of that, hopefully from the network itself. Okay, because it's the most pervasive. And so you have this dilemma tree telling you something about the good guys and the bad guys and you, you perform synthesis and analytics, and then you have an analytical outcome. So that's sort of the three layer cake is telemetry, analytics, analytical outcome. And what matters to you and me is really the outcome, right? In this case, detecting malicious activity without doing decryption. >> You mentioned observation. Love this. We've been talking to Cuba in the past about observation space. Having an observation base is critical because you know, people don't write bomb on a manifest and ship it. They they hide it's it's hidden in the network, even their high, but also the meta data. You have to kind extract that out. That's kind of where you get into the analytics. How does that observation space gets set up? Happened? Someone creating observation special? They sharing the space with a public private? This becomes kind of almost Internet infrastructure. Sound familiar? Network opportunity? >> Yeah. You know, there's just three other. The other driver of change is just infrastructure is changing. Okay. You mean the past? Go back. Go back twenty years, you had to rent some real estate. You gotto put up some rocks, some air conditioning, and you were running on raw iron. Then the hyper visors came. Okay, well, I need another observation. A ll. You know, I meet eyes and ears on this hyper visor you got urbanity is now you've got hybrid Cloud. You have even serve Ellis computing, right? These are all things I need eyes and ears. Now, there that traditional methods don't don't get me there so again, being able to respect the fact that there are multiple environments that my digital business thrives on. And it's not just the traditional stuff, you know, there's there's the new stuff that we need to invent ways by which to get the dilemma tree and get the analytical >> talkabout this dynamic because we're seeing this. I think we're just both talking before we came on camera way all got our kind of CS degrees in the eighties. But if you look at the decomposition of building blocks with a P, I's and clouds, it's now a lot of moving to spare it parts for good reasons, but also now, to your point, about having eyes and ears on these components. They're all from different vendors, different clouds. Multi cloud creates Mohr opportunities. But yet more complexity. Software abstractions will help manage that. Now you have almost like an operating system concept around it. How are you guys looking at this? I'll see the intent based networking and hyper flex anywhere. You seeing that vision of data being critical, observation space, etcetera. But if you think about holistically, the network is the computer. Scott McNealy once said. Yeah, I mean, last week, when we are this is actually happening. So it's not just cloud a or cloud be anon premise and EJ, it's the totality of the system. This is what's happening >> ways. It's it's absolutely a reality. And and and the sooner you embrace that, the better. Because when the bad guys embrace it verse, You have problems, right? And and you look at even how they you know how they scale techniques. They use their cloud first, okay, that, you know their innovative buns. And when you look at a cloud, you know, we mentioned the eyes and ears right in the past. You had eyes and ears on a body you own. You're trying to put eyes in here on a body you don't own anymore. This's public cloud, right? So again, the reality is somebody you know. These businesses are somewhere on the journey, right? And the journey goes traditional hyper visor. You have then ultimately hybrid multi clouds. >> So the cost issue comes back. The play of everything sass and cloud. It's just You start a company in the cloud versus standing up here on the check, we see the start of wave from a state sponsored terrorist organization. It's easy for me to start a threat. So this lowers the cost actually threat. So that lowers the IQ you needed to be a hacker. So making it harder also helps that this is kind of where you're going. Explain this dynamic because it's easy to start threats, throw, throw some code at something. I could be in a bedroom anywhere in the world. Or I could be a group that gets free, open source tools sent to me by a state and act on behalf of China. Russia, >> Of course, of course, you know, software, software, infrastructures, infrastructure, right? It's It's the same for the bad guys, the good guys. That's sort of the good news and the bad news. And you look at the way they scale, you know, techniques. They used to stay private saying, You know, all of these things are are valid, no matter what side of the line you sit on, right? Math is still math. And again, you know, I just have Ah, maybe a fascination for how quickly they innovate, How quickly they ship code, how quickly they scale. You know, these botnets are massive, right? If you could get about that, you're looking at a very cloud infrastructure system that expands and contracts. >> So let's let's talk a little more about scale. You got way more good guys on the network than bad guys get you. First of all, most trying to do good and you need more good guys to fight the bad guys up, do things. Those things like infrastructure is code dev ops. Does that help the good guys scale? And and how so? >> You know it does. There's a air. You familiar with the concept called The Loop Joe? It was It was invented by a gentleman, Colonel John Boyd, and he was a jet fighter pilot. Need taught other jet fighter pilots tactics, and he invented this thing called Guadalupe and it's it's o d a observe orient decide. And at all right. And the quicker you can spin your doodle ooh, the more disoriented your adversary ISS. And so speed speed matters. Okay. And so if you can observe Orient, decide, act faster, then your adversary, you created almost a knowledge margin by which they're disoriented. And and the speed of Dev ops has really brought this two defenders. They can essentially push code and reorient themselves in a cycle that's frankly too small of a window for the adversary to even get their bearings right. And so speed doesn't matter. And this >> changing the conditions of the test, if you will. How far the environment, of course, on a rabbit is a strategy whether it's segmenting networks, making things harder to get at. So in a way, complexity is better for security because it's more complex. It costs more to penetrate complex to whom to the adversary of the machine, trying very central data base. Second, just hack in, get all the jewels >> leave. That's right, >> that's right. And and again. You know, I think that all of this new technology and and as you mentioned new processes around these technologies, I think it's it's really changing the game. The things that are very deterministic, very static, very slow moving those things. They're just become easy targets. Low cost targets. If you will >> talk about the innovation that you guys are doing around the encryption detecting malware over encrypted traffic. Yeah, the average person Oh, encrypted traffic is totally secure. But you guys have a method to figure out Mel, where behavior over encrypted, which means the payload can't be penetrated or it's not penetrated. So you write full. We don't know what's in there but through and network trav explain what you're working on. >> Yeah. The paradox begins with the fact that everybody's using networks now. Everything, even your thermostat. You're probably your tea kettle is crossing a network somewhere. And and in that reality, that transmission should be secure. So the good news is, I no longer have to complain as much about looking at somebody's business and saying, Why would you operate in the clear? Okay, now I say, Oh, my God, you're business is about ninety percent dot Okay, when I talked about technology working well for everyone, it works just as well for the bad guys. So I'm not going to tell this this business start operating in the clear anymore, so I can expect for malicious activity. No, we have to now in for malicious activity from behavior. Because the inspection, the direct inspection is no longer available. So that we came up with a technique called encrypted Traffic analytics. And again, we could have done it just in a product. But what we did that was clever was we went to the Enterprise networking group and said, if I could get of new telemetry, I can give you this analytical outcome. Okay? That'll allow us to detect malicious activity without doing decryption. And so the network as a sensor, the routers and switches, all of those things are sending me this. Richard, it's Tellem aji, by which I can infer this malicious activity without doing any secret. >> So payload and network are too separate things contractually because you don't need look at the payload network. >> Yeah. I mean, if you want to think about it this way, all encrypted traffic starts out unencrypted. Okay, It's a very small percentage, but everything in that start up is visible. So we have the routers and switches are sending us that metadata. Then we do something clever. I call it Instead of having direct observation, I need an observational derivative. Okay, I need to see its shape and size over time. So at minute five minute, fifteen minute thirty, I can see it's timing, and I can model on that timing. And this is where machine learning comes in because it's It's a science. That's just it's day has come for behavioral science, so I could train on all this data and say, If this malware looks like this at minute, five minute, ten minute fifteen, then if I see that exact behavior mathematically precise behaviour on your network, I can infer that's the same Mallory >> Okay, And your ability you mentioned just you don't have to decrypt that's that gives you more protection. Obviously, you're not exposed, but also presumably better performance. Is that right, or is that not affected? >> A lot? A lot better performance. The cryptographic protocols themselves are becoming more and more opaque. T L s, which is one of the protocols used to encrypt all of the Web traffic. For instance, they just went through a massive revision from one dot two two version one not three. It is faster, It is stronger. It's just better. But there's less visible fields now in the hitter. So you know things that there's a term being thrown around called Dark Data, and it's getting darker for everyone. >> So, looking at the envelope, looking at the network of fact, this is the key thing. Value. The network is now more important than ever explain why? Well, >> it connects everything right, and there's more things getting connected. And so, as you build, you know you can reach more customers. You can You can operate more efficiently, efficiently. You can. You can bring down your operational costs. There's so many so many benefit. >> FBI's also add more connection points as well. Integration. It's Metcalfe's law within a third dimension That dimension data value >> conductivity. I mean, the message itself is growing exponentially. Right? So that's just incredibly exciting. >> Super awesome topic. Looking forward to continuing this conversation. Great. Great. Come. Super important, cool and relevant and more impactful. A lot more action happening. Okay, Thanks for sharing that. Great. It's so great to have you on a keeper. Right, everybody, we'll be back to wrap Day three. Francisco live Barcelona. You're watching the Cube. Stay right there.

>> From Palo Alto, California, it's theCUBE, covering the conference boards sixth annual Innovation Master Class. >> Hey, welcome back everybody, Jeff with theCUBE, we're at the Innovation Master Class at Xerox Parc in Palo Alto. It's put on by the conference boards, a relatively small event. But a bunch of really high powered people, terrific presentations. If you ever get a chance to go, I suggest you check it out. We're happy to be here for our first time, we're here and one of the big themes on innovation is how do you innovate well as a big company. It's not easy to do, there's a lot of barriers in the way. We're excited to have an expert in the field, he's Alex Goryachev the senior director of innovation strategy and programs at Sisco. Great to see you. >> Thank you, I'm glad to be here. >> So you just gave a presentation on this topic so first off, give us a little overview of what your role is at Sisco and how it plays with innovation. >> So at Sisco, I'm lucky to lead two things. One is how do we work with the ecosystem, at our network of global innovation centers. And the second one is how do we capture best ideas from our employees. And most importantly, support them in making those ideas happen, turning them into products, or process improvements. >> Right, so Sisco's an interesting company, it's like intel and a lot of really dominant players in their field. Terrific market share, dominant for a long time. So it's really hard, that innovators dilemma is really written for companies like Sisco, so those innovation centers, how did those come about, how many of them are there, and what is the mission of the innovation centers? >> So the mission, if you think about innovation, it doesn't happen in San Jose or doesn't happen only in San Jose, it happens around the world. So when we think about the innovation centers, we've got around 12 of them around the globe. With a core mission of working with ecosystem players. Whenever that's start ups, customers, partners, academia, governments, and coming up with solutions that then we can deploy in a local market and potentially scale around the globe. >> So it's interesting, you lead with really working with the ecosystem partners, so their mission is more leveraged that greater ecosystem versus we need to come up with the great ideas inside of our four walls. >> Absolutely, because if you think about it, we have a lot of great ideas inside the four walls, but when we look at the specific problems that are you know, problems for Japan, may not necessarily be the same that they are for Australia. And what we really want to do, is be able to work on an issue of national relevancy and focus on the economic strengths and problems that are in the particular area, so that we can make a meaningful impact. >> Right, so one of the topics in one of the earlier presentations here, was how do big companies manage innovation centers, and we're here at Xerox Parc, this is probably one of the most historic innovation centers ever in computers industry. So how do you manage this kind of dichotomy between having them kind of set aside, the people at the innovation center in their own separate little location and still be innovative and kind of unbridled from some of the corporate tail winds I guess, would be head winds I should say. But also make them part of the bigger Sisco environment and still make em feel like they're included and that these things are important, not just to what they're working on and even their ecosystem, but are important to the whole Sisco. >> It's a great question, and I think that's where the corporate government comes in really well. Because at the end of the day with the innovation centers we don't want to boil the ocean right? We want to make sure that everybody wins. So when we think of creating products and solutions, we want to work with customers that have real problems and with start ups that can potentially close that gap and help us co develop a solution with them. So we're very focused on ar engineering priorities and be our specific country priorities and particular opportunities that exist in the country. For example, we have a center in Australia, right? And if you look at the Australian economy, a lot of it is with agriculture, right? So what we have in Australia is a concertia with other industry players in the region to focus on solving some problems for the agriculture. Which utilizes the internet of thinks technology. So that's one of the ways that we're connected to companies mission which is iot, one of the corporate missions. And at the same time we're solving the local problem, working with the ecosystem and creating something that can then be scaled around the world. >> Right, so the other part of your job that you mentioned is inside the four walls and trying to help foster the innovation that does come from your own internal people that are in line jobs, more regular jobs. So what are some of the initiatives that you have in place to identify and to surface and to ultimately support and maybe those grow into new products and divisions and whatever. What are some of the secrets you can share there. >> Well I think the secret is very simple. It's everyone, at the end of the day, everything in the company comes down to talent. People generally invest in talent, not necessarily in ideas. So, one is recognizing that the innovation is a mindset, and then the second thing is really focusing on empowering every single employee to innovate. And in practical terms, that means that we have to redefine innovation. It's not only about new product development, it's not only about top line grove, right? It could be about process improvements. It could be about other things that bring value to the company. Could be about corporate social responsibility, when you go in and listen and engage with employees across the entire company, you actually have far better ideas that touch all aspects of your business, and can produce a lasting impact. Not only in products but with sound process improvement as well. >> And how do you support that? How do you give people the encouragement to say listen, we're interested in your ideas or interested in your innovations across this broad swath of opportunities, like I said from product all the way to social responsibility or cleaning out the Guadalupe river, I'm sure there's all kinds of interesting things that you can point to. How do you make sure that's communicated, that this is a priority for us, the company, that we want to support you, our employee, in some of these opportunities. >> Well first of all, we're lucky to have the sponsorship of our CO Chuck Robbins, who really put this as one of his key priorities. The second one is because innovation is about talent first and product second, we're lucky to work with our chief people officer, Francine, and she's a sponsor for this as well. So we have an incredible opportunity to go and message this as a top corporate priority to our employee's year after year. But the other thing, which is the key, is for every single function in the company, we worked with them to define innovation ambition. So that when we got to employee's and say hey help us, give us your best ideas, we can go and guide them towards some of the Sisco's key priorities. So we connect them with strategy. Obviously at the end of the day, some of them will give us whatever ideas they're passionate about. And there are a lot of great things there as well. >> So Alex I'll give you the last word. We'll be at Sisco live in Barcelona, it's right around the corner, and Sisco live US, etc. This is a really small event. So for you as an attendee and also as a presenter what is this type of event here at the innovation master class mean to you, what are you hoping to get out of it, what do you get out of participating in these type of events? >> Well if I think about, the most important thing, again going back to Sisco, we believe that no single company can do this alone. The innovation program that I just talked about, they innovate everywhere, we put it for the entire world to use and I think just connecting with other fellow practitioners is very important. At the end of the day, innovation teams, they typically go against the grain. So a lot of this is group therapy, it's support. It's the human connection, but then we learn so much from each other, right? Because at the end of the day, we face the same challenges, we face the same problems together. So any industry concertia, we can make a meaningful difference for our companies and for our employee's. And by the way, if you're at Sisco live Barcelona, do stop by our booth, we have the innovation network booth, where we talk about the Sisco innovation centers, and the innovation programs that we run. >> Great, we'll do that. Well Alex thank you for taking a few minutes, and I guess we'll see you in Barcelona. >> Pleasure. >> Alright, he's Alex and I'm Jeff, and you're watching theCUBE, we're at the Innovation Master Class, put on by the conference board here at Xerox Parc in Palo Alto, thanks for watching. (upbeat techno music)