(triumphant music) >> Hello and welcome to a special CUBE Conversation, exclusive content here in Palo Alto Studios, I'm John Furrier, the co-founder of SiliconANGLE Media, and cohost of theCUBE. We have exclusive news with Vectra Networks announcing new funding, new R and D facility. I'm here with the president and CEO, Hitesh Sheth, who's the president and CEO. Welcome to theCUBE Conversation, congratulations. >> Thank you John. glad to be here. >> So you've got some big news. >> Vectra Networks, you guys doing some pretty cool stuff with AI and cyber. >> Correct. >> But it's not just software, it's really kind of changing the game with IT operations, the entire Cloud movement, DevOps automations, all impacting the enterprise. >> Hitesh: Yes. >> And other companies. >> Hitesh: Yes. >> Before we dig into some of the exclusive news you guys have, take a minute to talk about, what is Vectra? What is Vectra Networks? >> Maybe it'd be useful to give you context of the way we see the security industry evolving. And if you think about the last 20 years, and if you were to speak to the security person in an enterprise, their primary concern would be around access banishment, who gets in, who gets out. The firewall industry was born to solve this problem. And you know, in many ways its been a gift that's kept on giving. You know, you've got companies with multi-billion dollar evaluations, Palo Alto, Checkpoint, Fortinet, you know, piece of Cisco, etc, right? There's roughly about 40 billion dollars on the market cap sitting in this industry today. Now, if you go back to the same enterprise today, and you look at the next 5-10 years and you ask them, "What is the number one issue that you care about?" Right? It's no longer who's getting in and out from an access policy standpoint, it's all about threat, management, and mitigation. So, the threat's signal is now the most important commodity inside the enterprise and the pervasive challenge for the customer, the enterprise customer, is, "How do I get my hands on this threat's signal in the most efficient way possible?" And we, at Vectra, are all about automating and helping our customers hunt for advanced cyber attacks using artificial intelligence. >> Where did you get the idea of AI's automation? I've always said in theCUBE, "Oh, AI's a bunch of b.s. Because real true AI is there. But again, AI is really kind of growing out of machine learning. >> Hitesh: Right >> Automating, and so this kind of loose definition but certainly is very sexy right now. People love AI. >> Hitesh: Correct. >> I mean, AI is awesome. But at a practical matter, it seems to be very important for good things, also for the enterprise, where'd you get the idea for using AI for cyber? >> Well, you know, I would go back to in my journey intersection with the notion of using AI for cyber security, Back in about 2010, there are major cyber events reported in the press. At that time, I was in the networking sector and in the networking sector, we all looked at it and said, "You know, we can do something about this," and being good networking company is, we thought we would build chips that would do DPI and do packet inspection. It was, too be blunt, old school thinking, okay? Fast forward to 2012 and I was sitting with Vinod Khosla of Khosla ventures and we were talking about the notion of security. How can you transform security dramatically >> Mhmm. >> Hitesh: And this is when we started talking about using artificial intelligence. It was very nascent and frankly, if you went up and down Sand Hill at that time, you know, most of the venture companies would have- and they did, because we were raising money at the time, they would look at us and said, "You guys are nuts. This is just not going to happen." You know, it's very experimental, it would take forever to come to pass. But that's usually the best time to go and build a new business and take a risk, right? And we said, you know what, AI has matured enough. >> By the way, at that time, they were also poo-pooing the Cloud. >> Absolutely. >> Amazon will be nothing. >> Yeah, exactly. Generally, a good time, a good time to go and do something revolutionary. But, here are the other things to know. Not only had the technology around AI and its applicability had advanced enough, but two other things have happened at the same time. The cost of compute had changed dramatically. The cost of storage had changed dramatically. And ultimately, if AI is going to be efficient, not only is the software got to be good, but the computer's got to be valid as well. Storage got to be valid as well. These three things were really coming together on their timeframe. >> Well, what's interesting, let's dig into that for a second because knowing what the scene was with networking at the time, you said, "old thinking," but the state of the art, you know, In the 90's and 2000's was, hardware got advanced, so you had wire speed capability. So, you can do some cool things like, you know, like still move through the network and do some inspection. >> Hitesh: Correct. >> And you said DPACK is recommended But that's the concept of looking at the data. >> Hitesh: That's correct. >> John: So, okay, now they might have been narrow view so now you take it back >> Hitesh: Yes. >> With AI, am I getting it right? You're thinking of zooming out saying, okay, >> Hitesh: A couple of things. >> You find that notion of inspection of data >> Right. >> With more storage, more compute >> But it comes down to also, you know, what data are you looking at, right? When you had wire spec in booties, you would apply your classic signature based approaches. So you could deal with known attacks, right? What is really happening, like 2011-2012 onwards is, the attack landscape is more stored dramatically. It changes so fast that the approach of just dealing with the known was never going to be enough. >> Yeah. >> So, how do you deal with the unknown? You need software that can learn. You need software that can adapt on the fly. And this is where machine learning comes into play. >> You got to assume everyone's a bad actor at that point. >> You got to assume everybody has been infiltrated in some way or fashion. >> Well, the Cloud, certainly, you guys were on the front end, kind of probably thought we're crazy with other VC's, you mentioned that. But at the time, I do remember when Cloud was kind of looked at as just nonsense. >> Yeah >> But if you then go look at what that impact has been, you're in the right side of history, congratulations,. What really happened? When was the C change? You mentioned 2012, was that because of the overall threat landscape change? Was that because of open source? Was that because of new state sponsored threats? >> Hitesh: Yeah. A couple things. >> What was the key flash point? >> Hitesh: A couple of things. We saw, at the time, that there was an emerging class of threats in the marketplace being sponsored by either state actors but we also saw that there was significant funding going into creating organized entities that were going to go and hack large enterprises. >> John: Not state sponsored directly, state sponsored, kind of, you know, >> On the side. >> Yeah, on the side. >> Let's call them, "For Profit Entities," okay? >> Sounds like Equifax to me. (laughter) >> That's a good point. And we saw that happening. Trend two was, there were enough public on the record, hacks are getting reported, right? Sony would be a really good example at the time. But just as fundamentally, it's not just enough that there's a market. The technology has got to be sufficiently ready to be transformative, and this is the whole point around what we saw in compute and storage and the fact that there was enough advancement in the machine learning itself that it was worth taking a risk and experimenting to see what's going to happen. And in our journey, I can tell you, it took us about 18 months, really, to kind of tune what we were doing because we tried and we failed for 18 months before we kind of came to an answer that was actually going to gel and work for the customers. >> And what's interesting is having a pattern oriented to look for the unknown >> Hitesh: Yeah >> Because it's, you know, in the old days was, "Hey, here's a bunch of threats, look for'em and be prepared to deploy." Here, you got to deal with a couple of the unknown potentially attack. But also I would say that we've observed the surface areas increased. So, you mention Checkpoint in these firewalls. >> Hitesh: Yes. Absolutely. >> Those are perimeter based security models. So you got a perimeter based environment. >> Hitesh: Correct. >> Everyday. >> Hitesh: And you got IOT. >> IOT. So it's a hacker's dream. >> It's absolutely. The way I like to think about it is you got an end by end probatational issue. You got an infinite possible, if you're a hacker, you're absolutely right, it's Nirvana. You've got endless opportunities to break into the enterprise today. It's just going to get better. It's absolutely going to get better for them. >> John: Well, let's get to the hard news. You guys have an announcement. You've got new funding >> Hitesh: Yeah. >> And an R and D facility, in your words, what is the announcement? Share the data. >> We're really excited to announced that we have raised closed a round of 36 million dollars, Series D funding, it's being led by Atlantic Bridge, they are a growth fund, and they've got significant European roots, and in addition to Atlantic Bridge, we're bringing on board two new investors, two additional investors. The Ireland's Strategic Investment Fund, number one, effectively the sovereign fund of Ireland, and then secondly, Nissho Electronics of Japan. This is going to bring our double funding to 123 millions dollars, today. What we're going to be using this funds for is to find things with. One is the classic expansion of sales and marketing. I think we've had very significance success in our business. From 2016 to 2017, our business grew 181% year end year, subscription based, all subscription revenue. So, we're going to use this, this new fuel, to drive business growth, but just as important, we're going to drive our needs growth significantly. And as part of this new funding, we are opening up a brand new R & D center in Dublin, Ireland. This is our fourth R & D center. We've got one here in San Jose, California. We've got one in Austin, Texas, Cambridge, Massachusetts, and so this is number four. >> John: So, you hired some really smart people. How many engineers do you guys have? >> So, we are about a 140% company, roughly half the company is in R and D. >> I see a lot of engineering going on and you need it, too. So let's talk about competitors. Darktrace is out there, heavily funded companies, >> Hitesh: Yes. >> Their competitor, how do you compare against the competition and why do you think you'll be winning? >> I can tell you, statistically, whether it is Darktrace or we run into barcoding with Cisco as well. We win into large enterprise. We win 90% of the time. [Overlapping Conversation] >> It's actually correct. And I'll describe to you why is it that we win. We look at people like Darktrace and there are other smaller players in the marketplace as well And I'll tell you one thing fundamentally true about the competitive landscape and that differentiates us. AI is on everybody's lips nowadays, right? As you pointed out. But what is generally true for most companies doing AI and I think this is true for our competition as well, it tends to be human augmented AI. It's not really AI, right? This is sort of like the Wizard of Oz, you know, somebody behind the curtain actually doing the work and that ultimately does not deliver the promise of AI and automation to the customer. The one thing we have been very - >> John: They're using AI to cover up essentially manual business models for all people added, is that what you're saying? >> Hitesh: That's correct. Effectively, it's still people oriented answer for the customer and if AI is really true, then automation has got to be the forefront and if automation is really going to be true, then the user experience of the software has got to be second to none >> John: So, I know Mike Lynch is on the board of that company, Darktrace, he was indicted or charged with fraud to front for HP for billions of dollars. So, is he involved? Is he a figurehead? How does he relate to that? >> I think you should talk to Mike. You should put him in this chair and have this conversation. I recommend it, that would be great. >> John: I don't think he'd come on. >> But my understanding is that he has a very heavy hand in the reign of Darktrace. Darktrace, if you go to their website, so this is all public data, if you look at their management chain, this is all Autonomy people. What that means, respect to how Autonomy was running and how Vectra is being run, is for them to speak about, what I can tell you is that, when we meet them competitively, we meet other competitors. >> John: I mean, if I'm a customer, I would have a lot of fear and certainty in doubt to work with an Autonomy led because they had such a head fake with the HP deal and how they handled that software and just software stack wasn't that great either. So, I mean, I would be concerned about that. [Overlapping Discussion] >> History may be repeating itself. >> Okay, so you won't answer the question. Okay, well, let's get back to Vectra. Some interesting, notable things I discovered was, you guys had been observing what's been reported in the press with the Olympics. >> Hitesh: Correct. >> You have information and insight on what's going on with the Olympics. Apparently, they were hacked. Obviously, it's in Korea, so it's Asia, there's no DNS that doesn't have certificates that have been hacked or whatever so, I mean, what's going on in South Korea with the Olympics? What's the impact? What's the data? >> Hitesh: Well, I'm going to think, what is really remarkable is that, despite the history of different kinds of attacks, Equifax, what have you, nation state events, political elections getting impacted and so forth, once again, a very public event. We have had a massive breach and they've been able to infiltrate their systems and the remarkable thing is they- >> John: There's proof on this? >> There's proof on this. This is in the press. There's no secret data in our part, which is, this very much out there, in the public arena, they have been sitting in the infrastructure of the Olympics, in Korea, for months and the remarkable thing is, why were they able to get in? Well, I can tell you, I'm pretty sure that the approach to security that these people took is no different than the approach of security most enterprises take. Right? The thing that should really concern us all is that they chose to attack, they chose to infiltrate, but they actually paused before really fundamentally damaging the infrastructure. It goes to show you that they are demonstrating control. I can come in. I can do what I want for as long as I want. I can stop when I want. >> John: They were undetected. >> They were undetected. Absolutely. >> John: And they realized that these attacks reflected that. >> Absolutely. And given the fact there seems to be a recent trend of going after public events, we have many other such public events coming to bear. >> How would you guys have helped? >> The way we would help them, most fundamentally is that, look, here's the fundamental reality, there are, as we've discussed just a second ago, there are infinite options as to break in, into the infrastructure, but once you're in, right? For people like you and I, who are networking people, you're on our turf and the things you can do inside the network are actually very visible. They're very visible, right? It's like somebody breaking through your door, once they get in, their footprints are everywhere, right? And if you had the ability to get your hands on those footprints, right? You can actually contain the attack at- as close to real time as possible, before any real damage is done. >> But then we're going to see where the action is, no doubt about it, you can actually roll that data up and that's where the computer- >> And then you could apply machine learning. You can extract the data, look at the network, extract the right data out of it, apply machine learning or AI and you can get your hands on the attack well before it does any real damage. >> John: And so to your point, if I get this right, if I hear ya properly, computers are much stronger now. >> Hitesh: Correct. >> And with software and AI techniques, you can move on this data quickly. >> Hitesh: Correct. But you have got to, you've got to have a fundamental mindset shift, which is, "I'm not in the business of stopping attacks anymore, I should try, but I recognize I will be breached every single time. So, then, I better have the mechanisms and the means to catch the attack once it's in my environment." And that mindset shift is not pervasive. I am 1,000% sure at the Olympics that people designed the security search have said, "We can stop this stuff, don't worry about it." You had that taught differently that would not be in this position today. >> This is the problem. In all society, whether it's a shooting at a school or Olympic hack event, the role of data is super critical. That's the focus, thanks for coming on and sharing the exclusive news at theCUBE with exclusive coverage of the breaking news of the new round of funding for Vectra Networks. I'm John Furrier. Thanks for watching. >> Hitesh: Thank you, John. (triumphant music)

(bright upbeat music) >> Hello, everyone, welcome to this special CUBE Conversation. I'm John Furrier here in the Palo Alto studio, a Cube Conversation with Mike Banic, who's the VP of Marketing at Vectra Networks. Big news coming for you guys, you just had a good year, we love security and I want to drive a good conversation with you because you're in the front lines, you're seeing all the trends. You guys have been doing very well with AI for cyber, you're also impacting IT operations because security is certainly forcing modernization in the IT world, using data, just really interesting stuff. But hacking is the number one threat problem. What's the security trends, Mike, what are you seeing and what's happening? There's a ton of stuff happening, we're seeing ransomware, a bunch of stuff going on across the board, spearfishing to you name it. It's at a rampant pace; no perimeter anymore, a whole new ballgame. You know networking, you know the perimeter, now you're in the cloud, what are the trends? >> I think one of the things that a lot of people aren't paying enough attention to is the fact that all the systems they have in place are looking for exploits. They're looking for the use of malware, and there's a lot of attacks that actually don't use malware. There may be malware that's used for a specific exploit in the beginning to start it, but the smart attacker now, they sit and they lay low. They watch how your enterprise operates. They look at the tools that you use, and they steal credentials, and then they start to use those tools against the business to steal information or to do damage. And that's something you won't catch if you're using tools that are specifically looking for malware. And that's where using AI to look for explicit attacker behaviors becomes so useful. The other thing is that attackers are on the inside for much longer than people think. We look at M-Trends data from last year that says that the average amount of time that an attacker has gone unmitigated before it's discovered is 99 days. It's actually much longer than that. Those are just the attacks that are reported and those are just the attacks that we have data on. We've seen it actually run much longer than that. And we also know that an attacker can get admin credentials in three days or less. As soon as they get those, they have the keys to the kingdom. >> Yeah, and you mention hacker groups involved. It's lucrative, it's a whole business, we've seen that. >> Mike: It's a supply chain. >> It's a really big racket. Now, networking is interesting because footprints can be left on the network. So you've got encryption, oh, it's encrypted, but you can still get around the encryption. Talk about how you guys do it. How do you guys see the patterns? With encryption out there, you guys have the network footprints, what's the secret sauce, what's the formula? >> So what we're doing to detect this is we're looking at network metadata. We're not performing deep packet inspection. Deep packet inspection is the approach that a firewall uses or traditional intrusion detection and prevention platforms use. So what we're doing, we're collecting metadata, we're collecting log information, we're collecting cloud events, and we're using all that in our mix of analytics. What we're looking for are the behavioral patterns. So, I'll give you a really tangible example. Let's say you're the attacker, John, and you've got control of my computer, and you've got fingers on the keyboard. So you're using a RAT, a Remote Access Trojan. The way that I'm going to use advanced analytics or AI to detect that is I'm going to look at, first, the fact that my machine's opened a connection to an external IP address. That's your machine. I'm going to look for random silences, those are the pauses in the conversation. If I'm just web browsing, then my machine's going to interrupt all those random pauses 'cause I'm moving from page to page, site to site. If your IP address is always interrupting them, then you're in control of the conversation. Anybody in IT should care when an internal host is being controlled by an external host. I didn't have to read any of the web browsing traffic, any of the email traffic, the app traffic, in order to do that. I did that principally by analyzing network metadata. >> So this is unspoofable, either, because the network doesn't lie. >> That's correct. >> Because the packets have to move around. >> That's correct. The attacker has to perform certain things. There's no way for them to erase them. And there's a group of companies that tried to apply analytics to logs, and here's the problem they have. If the smart attacker knows that logs are sent in batches, it's like when somebody breaks into your house. They know they have about 45 seconds to get the alarm code right. They know that they have a certain amount of time before the batch of logs is sent up. So if they have admin access, they'll erase the footprint of what they've done on your machine, and there's no logs. If there's no body, there's no murder. >> Yeah, I've done a few ventures in my day that have been first movers and usually the first movers take the arrows in the back. One of my relatives says, if this is such a great idea, why hasn't someone else done it? So, the question for you guys is it's so obvious that now that you explain it that way that it's a great way to do it. Why hasn't someone else done it? Is it the timing, is it the founding team, is it the approach? I mean a lot of people are in network; you've got Cisco, you've got a zillion networking people. Why hasn't anyone else done this? >> There's a couple of things that come to mind right away. The first is that people who are in this business already, that want to take advantage of AI, it's really difficult to add it to an existing platform. You really have to start from scratch. And then the second is what you said about the approach. The approach that we've taken is very different than others. So there are people in this business that claim they're doing AI and they fall into one end of the spectrum or the other. They either have this big group of security researchers and they've hired a couple of data science guys and they're trying to solve this problem. Or they have a big data science team and they've got a couple of security researchers. We've taken an approach that's in the middle. Whenever we develop an algorithm, we take a security researcher who has a really strong experience or background in the attacker behavior we're trying to detect. And we pair them with somebody in data science who has expertise in the techniques that are going to be best used to detect that. We pair them up; the data scientist looks at the features that they can find in the network. The features I mentioned before, internal IP to external random silences, they determine what those are, they build the algorithm, and then they run it. Then we put it into precursor mode, just like Hitesh's Tesla has precursor stuff running as he's driving up and down the freeway, we do the same thing with our customers. And then once we see that the efficacy is really high, we release that into production. >> So it's a combination of timing and the management team's unique problem space that they addressed, and combined with people and data and software. >> Yes. >> You're kind of blending them all together, so it's a new approach. >> It is very much a new approach, and one following the approach that people have taken before. They go in one of those other two directions. >> I mean if you're a hammer, everything looks like a nail. So Cisco sees everything they do their way, maybe an application developer might take a different approach. So, I buy that, so timing's good. What makes you guys different, what makes you guys think you could be successful? Because, you know, I hear this all the time. Amazon's out there, Amazon could just copy it, you always hear those arguments. How do you guys answer that question; manageability, what's the protection? >> I think first we've taken an approach that gives us a unique capability that is succeeding against others who are really explicitly trying to solve the cyber security problem. I think the other is that we've been very open-minded about not taking just one approach in a field like data science. We don't just use supervised machine learning, unsupervised. We don't just use neural networks. We use whatever tool is best to solve the problem. The other is, we're not religious about where the product gets deployed. We look at protecting cloud workloads, enterprise private cloud workloads. We look at traditional data centers, users, IoT devices, so we're looking at the threat landscape in a very holistic way. Many of the others out there have a very specific focus as they start, and I think our breadth and our approach is serving us well. >> The whole value proposition in business models tends to change in these new value utilities, if you will, like the clouds create. I mean Amazon's successful because they never look in the rear view mirror, they just continue to push forward. Sounds like you guys have that same approach, just keep moving the needle with more people, more data, more software. >> Yeah, relentless, it's day one. It's always day one, just like Jeff says. >> Alright so you guys are doing good, where do you guys do well, and specifically talk about this malware that was hacking computers and doing money on Bitcoin. Big story that's been in the news lately, a couple of weeks ago, but still it's important. Malware being used for not only hacking your cash, using your machine to generate Bitcoin. >> That's correct. So we have a set of algorithms that look for things we call botnet monetization behaviors. And Bitcoin mining is one of them. So, if somebody is mining Bitcoin on your computer they're not really stealing from you, they're just stealing compute cycles to mine Bitcoin. Finding this stuff is actually really important because the attack landscape can quickly pivot on you. I mentioned before that cyber attackers, it's a supply chain. If your machine is latched to a botnet and it's performing Bitcoin mining and the price of Bitcoin falls, the person who owns that botnet might say, screw Bitcoin mining, I'm going to sell all my bot machines to whoever the highest bidder is. Somebody finds out you work for a really interesting company and they want to steal data from you, they're going to buy that IP address, they're going to buy your machine, and they're going to start to launch a direct attack. We've actually seen that scenario in enterprises, and been able to alert the team in real time so they can stop it. And it's the AI that's doing this, it's a not a human that has to take an action. And that's the thing that's really cool in terms of helping us win. We see a lot of customers run red team exercises in parallel with an evaluation, and that red team is designed to explicitly challenge the blue team. It's not a pen test. A pen test is all about trying to see whether the hacker can break in. A red team, they actually give the attackers access to a computer on the inside and then they say, "You've got to steal this trophy." They give them a flag to steal. >> Capture the flag. >> Capture the flag! And the goal of the blue team is to defend it. What we've seen over and over again in these evals is that AI is able to detect those behaviors of the red team in real time fast enough for them to stop them, so the data isn't stolen. It becomes evidence that if we had this tool every day then we're a lot better off than we were before. >> So you guys aren't just looking for known patterns and mapping policy to some script. You guys are losing data in real time, inferring network behavior to look for anomalies. >> Exactly. I'll give you a great example. Last year when there was ransomware, the NotPetya attack. The thing that was interesting about that is it spread like a worm. We hadn't seen a worm since Confecker and that was 10 years ago. The interesting thing is we built an algorithm to detect worm-like behavior based on what we had seen 10 years ago with Confecker. It detected the spread of NotPetya. It's because we're looking for behavior and not the... >> The payload. >> The malware, not the payload, we're able to find it, even if it's a brand new attack vector like NotPetya. And that's the cool thing, 'cause the old style was, let me look for the precise definition of the malware or the exploit or the reputation list. >> And I personally believe we've reported on theCUBE that the cloud computing and distributed computing and even decentralized computing, for that matter, encourages more packet movement. More packet movement gives you more data. >> That's correct. >> So it's a great approach. Congratulations, Mike, on your success. Looking forward to seeing what you guys do this year. Keep in touch. Security, obviously, is top of mind. We care about that at theCUBE. Cyber warfare is number one problem in America. It's the number one problem for enterprises, government, and users. Spearfishing, malware, you name it, it's out there, we've all been hacked and we probably don't even know it. It's theCUBE hackin' the data here inside the studio, I'm John Furrier and thanks for watching. (bright music)