>>Mhm. Hey there. Welcome to the cubes coverage of Splunk dot com. 21. I'm lisa martin. I've got a new guest joining me on the cube for the first time please welcome 20 pierce the senior manager of cybersecurity at the Y 20. Welcome to the program. >>Hi, glad to be here. >>So your linked in profile. I wanted to ask you about this. It states that you are delivering an evidence based approach to cybersecurity. What does that mean? An evidence based approach? And how are you and spunk helping to deliver this approach? >>Yeah. And I'd like to call it like the out case outcome based the price basically you start with what you're trying to accomplish and work with backwards. A lot of people say I've got a problem and then they go try to buy a tool or whatever to go fix the problem. I go in and I'm like all right, I got a problem. Let me figure out what's realistically I can use in the environment. So it's just basically working back so you have, you know, a breach. What if I what are all the different things that I knew to leverage to meet the controls for that breach. Right? And so um think of mitre in a way as a layered way of looking things um and the full defense and depth. So that's kind of my approach, I go when I figure out what the problem is and I answer the question and I used to do that because funk is able to give me a big data to everything. Got a guy so I like to be able to pull in all the different data types that I need to answer our questions, um, to do that. Right. And so whether it's a vulnerability management, patching your networking a good, a good example of this, like most common hacks in the world go after known vulnerabilities, right? And we get kind of caught up in all that. Um, one of the things we like to do here do, why is like we like to combine what's happening in the network. So the threat landscape in which is the network guys, the vulnerability guys who are scanning the data and then actually the patching, who is, who is actually, you know, mitigating the problem putting all those into one screen has really helped people with their risk rating. >>Talk to me a little bit about some of the changes, we've seen massive changes in the threat landscape in cybersecurity in the last year and a half during the pandemic. We've seen massive increase in ransomware. DDoS attacks, ransomware becoming a household word, the executive order that just came down a few months ago. What are some of the things that you've seen? Have you seen the acceleration of organizations coming to help? We know that it's not a matter of if we get attacked. It's when how are you, how are you seeing the last 18 months influence what you're doing. >>Oh man, it's been quite a crazy, right? And so um, by trade, I'm a instant responder, you know, uh high level investigator and possible solutions architect. So I, I get called in a lot for those kind of things. It has been kind of nuts. But you know, one of the things I always tell them when it started understanding what your threat landscaping is, um, and identify your key cyber terrain. Unfortunately most, you know, most companies as they grow, they get really big, they don't really do that. So they don't, they miss the consolidation point, right? I always say, hey, you know, if you're, if you're going to do this, if you say you have a ransomware attack, the first thing you can do is, you know, there's so many different controls that you can do to stop that you really need to know where it is and ejecting and then you can isolate if you need to um, what we're seeing in the companies. They, because they don't all have full coverage, right? And they expect their endpoint protections to actually do its job, you know, and sometimes that's, you know, don't get me wrong, there are some amazing endpoint protections out there, but you really need to be able to log it, you need to know what it looks like and you need to know where it is. So if you need a in case of a ransomware attack as it spreads through the network, you're able to isolate it and rewrite it to like, I like to call it a black hole the land and just reroute it so I can isolate it and then I can go after it. Um instead of trying to try to do every endpoint at a time because you'll get you'll get whacked >>definitely. So talk to me about working and partnering with Splunk and it's full security stuff. How does that, how is that a differentiator for you and your rule? >>Okay. So one of the things that we do here any why is we can find simmons sores one combined offering. Right? So we we try to bring the data in, we operationalize it and then we try to do something with it, right? We we find that. And then if you really think about that in a situation where the spunk products, it's the spunk or funky s and then phantom, right? And so that's the automation play. So we try to combine all those into one combined offering. So that when when bad things happen where we make a decision, we say all right, So, hey, um what we're seeing in the industry is like a lot of times people spend so much time hunting the known to to forget about the unknown. Think about the target. Hack a couple of years ago. Um the oil and gas attack just recently, you know, they miss those core things. So we try to say all right, well let's automate a lot of that known stuff so that the incident responders can focus on the unknown. And so when you combine all three of those products, you get a pretty good security staff >>when you say automating The known, is that at all in any way like helping companies get back to basics. I've been hearing a lot in the last 18 months that some from a data protection perspective and from a ransomware attack perspective. So it's it's when not if but are you saying that companies are are sort of skipping past the basics where security is concerned? Yeah, >>Well, it's I don't say it's skipping past the basics. Right? I think that sometimes people get caught up in the definitions of what it is. Right? So there's there's so many, there's so many fair more shop there. Right? So like I'm a big fan of your trust. Um a lot of instant responded to using minor, I use minor for that as as it retains the instant response. Some people like to use high trust and I think a lot of what happens is they get lost in the confusion of all these different frameworks. Right? I like to go back to basics. I've been doing cyber for Oh, oh my oh my gosh, about 20 plus years. Right. Um I'm an active hacker. I like this is what I do. I like to call a defense in depth. Right? So when you're when you're doing that, if you follow the defense and depth Satur, it doesn't matter what framework you have, you can actually go back and you can Fix that problem. Right? So going back in the automation of unknown to an unknown, we know, and IOC is 100% now, you can say IOC it's like a hash, right? So when a bad thing happens like an exploit, first thing we try to do is we try to grab that hash and then we try to build a roll around it to stop that hash from spreading and going anywhere else. That's a We know 100% of it's bad. Now can exploits change their hash. Absolute. And it happens all the time, but for that Moment in time that hash is 100%. And so we try to say, hey look, you know, we got an endpoint protection but also why don't we use automation to block it at the boundary or why don't we keep it from doing lateral movement? Why don't we why don't we activate it from a defense and depth. So you have your network. Um I like to say, hey look you have your egress ingress and your lateral movement. So if you understand all those three fact factors, you can automate the control so that it doesn't spread, you know, you had mentioned ransomware, it's been really huge, right? And everybody goes, oh well, you know, if we do zero try zero trust, talks about, you know, segmentation a whole lot and then a segmentation is usually important. It won't stop everything but it will do a good job being able to you'll ever swung we actually pull that in and we say hey you know from and why are we take all that network? And we try to put it in a single pane of glass so that we can see everything. And then once we're able to see it, once we get a good robust data set and understand that operations were able to go in and automate it and so if I can go in and say hey look all these hashes are bad. Yeah I'm not going to rely on my end point, I'm going to put another control in place. So at the end point misses it, I have another control that will actually layer it and prevent it from spreading. >>Which is absolutely critical. Talk to me about some of the outcomes that Ey and Splunk are delivering to the end user customers. Everyone's always talking about it's all about outcomes. What are some of those? >>Yeah so we have um we really embraced like the data to everything right? So I I kind of have this opinion of like uh you know everything's data so everything needs to be secured right? Uh the people who missed that tend to get whacked pretty quickly. Um So what I like to do is I'm like all right so you know like IOT is huge out there right now O. T. Is doing it. So some of the things that we've done is like from a health care perspective um We've done we've combined I. O. T. And I. T. Into a commonality solution leveraging like network simple things like pulling in from the wind, pulling in um understanding what those Mac addresses are so that you can actually do like a workplace analytics around um say R. F. I. D. Tagging right? So you know where your people are at? Um Here we also do like a call a sock in a box where we put that put everything together that every like a from a tiered perspective like a tier one tier two analysts. You know what is that they need to do to mitigate mitigate observe something, What is the investigator need? Right? So we try to simplify those conversations so that you know exactly around like a threat hunting as well like threat hunter an investigator, they're totally different roles, right? So they need to be separated. We also like tie in like the um what is it? I really hate uh like power point. I'm not a big power point guy right? So I really like to be able to give the says oh he needs to understand what risk is, right? So we try to automated so we can get to that too. He can pull up his phone and pull up his punk app and he knows at any given time what his risk rating of his company, right? So we try to combine all those in. Like again, you know there is um we do stuff around Blockchain supply chain. You know, it doesn't really matter if it's a data analytics tool. You know a lot of people look at Funk as a sim. I don't just like look at it that way. I look at as a data analytics tool that does sim. It's just one of the functions this does. If you start understanding data and all the different things that data can do, then you need to go in and you can use Funk to basically answer those questions so that you can start putting in a control set. >>What what's the differentiated value that Ey and Splunk bring together to customers. What really sets this partnership and what it delivers apart. >>Well I'm I'm I'm biased on that right? Because I run the North America 17 for you like for consulting. So I would say that those two things is innovation and time to value. Right? So for let's start with innovation for a minute because Funk is so customizable right? Because it pretty much can integrate with just two. Anything we're able to go very fast, take data in and do something with it and operationalize. It doesn't matter who the customer is is they're going to give us a question. We'll break it all the way down and we'll understand what you're going to answer A good example that is like we were doing stuff around P. C. I. Compliance. The checklist. You know the financial sector, they get a huge amount of audits, right? Especially around PC. I. So we took all the Pc. I checklist and we said harry, what can we, what can we answer those questions? And so we built a dashboard that actually sends out a report to internal audit and we call it compliance over time, right? It's looking at data in a different perspective to answer a question. Now the other thing is that we like, we try to do here is, you know, with the, as we do is Funk and funk helps us with this, right? We have a great relationship with them is um, basically, oh I have a, I lost my train of thought there for me. So uh, innovations time to value, right? So from time to value what we do is we used to say, hey look, we have a lot of stuff in our lab. But one of the things I don't like to do is I don't like to um, go to clients and say, hey look, we were going to build this for the first time. I like to say, hey look, here's these questions in the industry. Get ahead of the question and go build in our labs so that when we when we actually get on site, our time to value is not in months. You know, we can begin weeks because we already have a huge repository of um use cases now those every use case is actually tied into an automation play. And so when we say that we say hey look here's everything is flowing, let's do this, let's go answer that question and let's go automate it and you let's make a decision where where we want to automate and where do we want a human interaction. Mhm. >>Talk to me about what's next for the partnership in terms of the future, what what can you tell us where E Y. And Splunk are going together? >>So we've been partying around um I think our next things that we're really looking at is A I um we're really getting kind of into that as well as A R. And D. R. Technology. Right? So um especially around like I'm looking at like the energy companies in the financial banking and one of the things I would love to do is like um go into you know a bank A. T. M. Right? And right now it takes somebody actually has to plug into that and to do a diagnostic on it. I would love to be able to get to a point where you can just take your camera scan the QR code on the on the device and then pull up an A. R. And it runs all the diagnostics on the device as its there. Another one is like the infrastructure um instead of actually going out, plugging into like say a solar panel going out pulling out of the tablet just scanning the solar panels and it tells you if it's good or bad and that's kind of the next step that we're trying to do. We're trying to really take that uh and dated everything and just kind of turn it on its end um like and you've got to remember everything is data nowadays, right? It's not the old days where you know, things are moving around and everything is in the file folders, it's gone right? Everything is data. So everything is security, right? And we know the first thing is we need to know what our threat landscape is. We need to know what that is and we need to apply that. All right. So if we can simplify answering questions, that's so much better. And one of the things I like about flunked is it scales really well, right? And I've looked at some of these fetters and don't get me wrong, I mean everybody has their place. The one thing I like about spunk is it doesn't mean it literally scales really well. So the more data you can get into it, it actually does better. Right? Um and how you do it now, that's just our approach. That's the next steps that we're really looking at from a technology standpoint, >>exciting stuff, Tony thank you for joining me sharing what ey and Splunk are doing together. Some of the unique use cases that you're helping to solve for customers and some of the things that you're excited about. We appreciate your time on your information. >>No, this is fun. You know, like I said, I'm a big fan. I even wore my spunk shirt just for this meeting. >>Fantastic. You're on brand well, Tony. Thank you. Again. We appreciate your time. >>All right. Thank you. You have a wonderful day. >>Thanks you as well for Tony Pierce. I'm Lisa Martin. You're watching the cubes coverage of splunk.com 21. Thanks for watching, >>enjoy. Bye bye mm. Mm hmm.

>> Announcer: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is a CUBE conversation. >> Hi everyone. Welcome to this CUBE Conversation. I'm John Furrier host of theCUBE here in the CUBEs, Palo Alto studios during the COVID crisis. We're quarantine with our crew, but we got the remote interviews. Got two great guests here from Fortinet FortiGuard Labs, Derek Mankey, Chief Security Insights and global threat alliances at Fortinet FortiGuard Labs. And Aamir Lakhani who's the Lead Researcher for the FortiGuard Labs. You guys is great to see you. Derek, good to see you again, Aamir, good to meet you too. >> It's been a while and it happens so fast. >> It just seems was just the other day, Derek, we've done a couple of interviews in between a lot of flow coming out of Fortinet FortiGuard, a lot of action, certainly with COVID everyone's pulled back home, the bad actors taking advantage of the situation. The surface areas increased really is the perfect storm for security in terms of action, bad actors are at an all time high, new threats. Here's going on, take us through what you guys are doing. What's your team makeup look like? What are some of the roles and you guys are seeing on your team and how does that transcend to the market? >> Yeah, sure, absolutely. So you're right. I mean like I was saying earlier that is, this always happens fast and furious. We couldn't do this without a world class team at FortiGuard Labs. So we've grown our team now to over 235 globally. There's different rules within the team. If we look 20 years ago, the rules used to be just very pigeonholed into say antivirus analysis, right? Now we have to account for, when we're looking at threats, we have to look at that growing attack surface. We have to look at where are these threats coming from? How frequently are they hitting? What verticals are they hitting? What regions, what are the particular techniques, tactics, procedures? So we have threat. This is the world of threat intelligence, of course, contextualizing that information and it takes different skill sets on the backend. And a lot of people don't really realize the behind the scenes, what's happening. And there's a lot of magic happening, not only from what we talked about before in our last conversation from artificial intelligence and machine learning that we do at FortiGuard Labs and automation, but the people. And so today we want to focus on the people and talk about how on the backend we approached a particular threat, we're going to talk to the word ransom and ransomware, look at how we dissect threats, how correlate that, how we use tools in terms of threat hunting as an example, and then how we actually take that to that last mile and make it actionable so that customers are protected. I would share that information with keys, right, until sharing partners. But again, it comes down to the people. We never have enough people in the industry, there's a big shortage as we know, but it's a really key critical element. And we've been building these training programs for over a decade with them FortiGuard Labs. So, you know John, this to me is exactly why I always say, and I'm sure Aamir can share this too, that there's never a adult day in the office and all we hear that all the time. But I think today, all of you is really get an idea of why that is because it's very dynamic and on the backend, there's a lot of things that we're doing to get our hands dirty with this. >> You know the old expression startup plan Silicon Valley is if you're in the arena, that's where the action is. And it's different than sitting in the stands, watching the game. You guys are certainly in that arena and you got, we've talked and we cover your, the threat report that comes out frequently. But for the folks that aren't in the weeds on all the nuances of security, can you kind of give the 101 ransomware, what's going on? What's the state of the ransomware situation? Set the stage because that's still continues to be threat. I don't go a week, but I don't read a story about another ransomware. And then at least I hear they paid 10 million in Bitcoin or something like, I mean, this is real, that's a real ongoing threat. What is it? >> The (indistinct) quite a bit. But yeah. So I'll give sort of the 101 and then maybe we can pass it to Aamir who is on the front lines, dealing with this every day. You know if we look at the world of, I mean, first of all, the concept of ransom, obviously you have people that has gone extended way way before cybersecurity in the world of physical crime. So of course, the world's first ransom where a virus is actually called PC Cyborg. This is a 1989 around some payment that was demanded through P.O Box from the voters Panama city at the time, not too effective on floppiness, a very small audience, not a big attack surface. Didn't hear much about it for years. Really, it was around 2010 when we started to see ransomware becoming prolific. And what they did was, what cyber criminals did was shift on success from a fake antivirus software model, which was, popping up a whole bunch of, setting here, your computer's infected with 50 or 60 viruses, PaaS will give you an antivirus solution, which was of course fake. People started catching on, the giggles out people caught on to that. So they, weren't making a lot of money selling this fraudulent software, enter ransomware. And this is where ransomware, it really started to take hold because it wasn't optional to pay for this software. It was mandatory almost for a lot of people because they were losing their data. They couldn't reverse engineer that the encryption, couldn't decrypt it, but any universal tool. Ransomware today is very rigid. We just released our threat report for the first half of 2020. And we saw, we've seen things like master boot record, MVR, ransomware. This is persistent. It sits before your operating system, when you boot up your computer. So it's hard to get rid of it. Very strong public private key cryptography. So each victim is effective with the direct key, as an example, the list goes on and I'll save that for the demo today, but that's basically, it's just very, it's prolific. We're seeing shuts not only just ransomware attacks for data, we're now starting to see ransom for extortion, for targeted around some cases that are going after critical business. Essentially it's like a DoS holding revenue streams go ransom too. So the ransom demands are getting higher because of this as well. So it's complicated. >> Was mentioning Aamir, why don't you weigh in, I mean, 10 million is a lot. And we reported earlier in this month. Garmin was the company that was hacked, IT got completely locked down. They pay 10 million, Garmin makes all those devices. And as we know, this is impact and that's real numbers. I mean, it's not other little ones, but for the most part, it's nuance, it's a pain in the butt to full on business disruption and extortion. Can you explain how it all works before we go to the demo? >> You know, you're absolutely right. It is a big number and a lot of organizations are willing to pay that number, to get their data back. Essentially their organization and their business is at a complete standstill when they don't pay, all their files are inaccessible to them. Ransomware in general, what it does end up from a very basic overview is it basically makes your files not available to you. They're encrypted. They have essentially a passcode on them that you have to have the correct passcode to decode them. A lot of times that's in a form of a program or actually a physical password you have to type in, but you don't get that access to get your files back unless you pay the ransom. A lot of corporations these days, they are not only paying the ransom. They're actually negotiating with the criminals as well. They're trying to say, "Oh, you want 10 million? "How about 4 million?" Sometimes that goes on as well. But it's something that organizations know that if they didn't have the proper backups and the hackers are getting smart, they're trying to go after the backups as well. They're trying to go after your duplicated files. So sometimes you don't have a choice in organizations. Will pay the ransom. >> And it's, they're smart, there's a business. They know the probability of buy versus build or pay versus rebuild. So they kind of know where to attack. They know that the tactics and it's vulnerable. It's not like just some kitty script thing going on. This is real sophisticated stuff it's highly targeted. Can you talk about some use cases there and what goes on with that kind of a attack? >> Absolutely. The cyber criminals are doing reconnaissance and trying to find out as much as they can about their victims. And what happens is they're trying to make sure that they can motivate their victims in the fastest way possible to pay the ransom as well. So there's a lot of attacks going on. We usually, what we're finding now is ransomware is sometimes the last stage of an attack. So an attacker may go into an organization. They may already be taking data out of that organization. They may be stealing customer data, PII, which is personal identifiable information, such as social security numbers, or driver's licenses, or credit card information. Once they've done their entire tap. Once they've gone everything, they can. A lot of times their end stage, their last attack is ransomware. And they encrypt all the files on the system and try and motivate the victim to pay as fast as possible and as much as possible as well. >> I was talking to my buddy of the day. It's like casing the joint there, stay, check it out. They do their recon, reconnaissance. They go in identify what's the best move to make, how to extract the most out of the victim in this case, the target. And it really is, I mean, it's just to go on a tangent, why don't we have the right to bear our own arms? Why can't we fight back? I mean, at the end of the day, Derek, this is like, who's protecting me? I mean, what to protect my, build my own arms, or does the government help us? I mean, at some point I got a right to bear my own arms here. I mean, this is the whole security paradigm. >> Yeah. So, I mean, there's a couple of things. So first of all, this is exactly why we do a lot of, I was mentioning the skill shortage in cyber cybersecurity professionals as an example. This is why we do a lot of the heavy lifting on the backend. Obviously from a defensive standpoint, you obviously have the red team, blue team aspect. How do you first, there's what is to fight back by being defensive as well, too. And also by, in the world of threat intelligence, one of the ways that we're fighting back is not necessarily by going and hacking the bad guys because that's illegal jurisdictions. But how we can actually find out who these people are, hit them where it hurts, freeze assets, go after money laundering networks. If you follow the cash transactions where it's happening, this is where we actually work with key law enforcement partners, such as Interpol as an example, this is the world of threat intelligence. This is why we're doing a lot of that intelligence work on the backend. So there's other ways to actually go on the offense without necessarily weaponizing it per se, right? Like using, bearing your own arms as you said, there there's different forms that people may not be aware of with that. And that actually gets into the world of, if you see attacks happening on your system, how you can use the security tools and collaborate with threat intelligence. >> I think that's the key. I think the key is these new sharing technologies around collective intelligence is going to be a great way to kind of have more of an offensive collective strike. But I think fortifying, the defense is critical. I mean, that's, there's no other way to do that. >> Absolutely, I mean, we say this almost every week, but it's in simplicity. Our goal is always to make it more expensive for the cybercriminal to operate. And there's many ways to do that, right? You can be a pain to them by having a very rigid, hardened defense. That means if it's too much effort on their end, I mean, they have ROIs and in their sense, right? It's too much effort on there and they're going to go knocking somewhere else. There's also, as I said, things like disruption, so ripping infrastructure offline that cripples them, whack-a-mole, they're going to set up somewhere else. But then also going after people themselves, again, the cash networks, these sorts of things. So it's sort of a holistic approach between- >> It's an arms race, better AI, better cloud scale always helps. You know, it's a ratchet game. Aamir, I want to get into this video. It's a ransomware four minute video. I'd like you to take us through as you the Lead Researcher, take us through this video and explain what we're looking at. Let's roll the video. >> All right. Sure. So what we have here is we have the victims that's top over here. We have a couple of things on this victim's desktop. We have a batch file, which is essentially going to run the ransomware. We have the payload, which is the code behind the ransomware. And then we have files in this folder. And this is where you would typically find user files and a real world case. This would be like Microsoft or Microsoft word documents, or your PowerPoint presentations, or we're here we just have a couple of text files that we've set up. We're going to go ahead and run the ransomware. And sometimes attackers, what they do is they disguise this. Like they make it look like an important word document. They make it look like something else. But once you run the ransomware, you usually get a ransom message. And in this case, a ransom message says, your files are encrypted. Please pay this money to this Bitcoin address. That obviously is not a real Bitcoin address. I usually they look a little more complicated, but this is our fake Bitcoin address. But you'll see that the files now are encrypted. You cannot access them. They've been changed. And unless you pay the ransom, you don't get the files. Now, as researchers, we see files like this all the time. We see ransomware all the time. So we use a variety of tools, internal tools, custom tools, as well as open source tools. And what you're seeing here is an open source tool. It's called the Cuckoo Sandbox, and it shows us the behavior of the ransomware. What exactly is ransomware doing. In this case, you can see just clicking on that file, launched a couple of different things that launched basically a command executable, a power shell. They launched our windows shell. And then at, then add things on the file. It would basically, you had registry keys, it had on network connections. It changed the disk. So that's kind of gives us a behind the scenes, look at all the processes that's happening on the ransomware. And just that one file itself, like I said, does multiple different things. Now what we want to do as a researchers, we want to categorize this ransomware into families. We want to try and determine the actors behind that. So we dump everything we know in a ransomware in the central databases. And then we mine these databases. What we're doing here is we're actually using another tool called Maldito and use custom tools as well as commercial and open source tools. But this is a open source and commercial tool. But what we're doing is we're basically taking the ransomware and we're asking Maldito to look through our database and say like, do you see any like files? Or do you see any types of incidences that have similar characteristics? Because what we want to do is we want to see the relationship between this one ransomware and anything else we may have in our system, because that helps us identify maybe where the ransomware is connecting to, where it's going to other processes that I may be doing. In this case, we can see multiple IP addresses that are connected to it. So we can possibly see multiple infections. We can block different external websites that we can identify a command and control system. We can categorize this to a family, and sometimes we can even categorize this to a threat actor as claimed responsibility for it. So it's essentially visualizing all the connections and the relationship between one file and everything else we have in our database. And this example, of course, I'd put this in multiple ways. We can save these as reports, as PDF type reports or usually HTML or other searchable data that we have back in our systems. And then the cool thing about this is this is available to all our products, all our researchers, all our specialty teams. So when we're researching botnets, when we're researching file-based attacks, when we're researching IP reputation, we have a lot of different IOC or indicators of compromise that we can correlate where attacks go through and maybe even detect new types of attacks as well. >> So the bottom line is you got the tools using combination of open source and commercial products to look at the patterns of all ransomware across your observation space. Is that right? >> Exactly. I showed you like a very simple demo. It's not only open source and commercial, but a lot of it is our own custom developed products as well. And when we find something that works, that logic, that technique, we make sure it's built into our own products as well. So our own customers have the ability to detect the same type of threats that we're detecting as well. At FortiGuard Labs, the intelligence that we acquire, that product, that product of intelligence it's consumed directly by our prospects. >> So take me through what what's actually going on, what it means for the customer. So FortiGuard Labs, you're looking at all the ransomware, you seeing the patterns, are you guys proactively looking? Is it, you guys are researching, you look at something pops in the radar. I mean, take us through what goes on and then how does that translate into a customer notification or impact? >> So, yeah, John, if you look at a typical life cycle of these attacks, there's always proactive and reactive. That's just the way it is in the industry, right? So of course we try to be (indistinct) as we look for some of the solutions we talked about before, and if you look at an incoming threat, first of all, you need visibility. You can't protect or analyze anything that you can see. So you got to get your hands on visibility. We call these IOC indicators of compromise. So this is usually something like an actual executable file, like the virus or the malware itself. It could be other things that are related to it, like websites that could be hosting the malware as an example. So once we have that SEED, we call it a SEED. We can do threat hunting from there. So we can analyze that, right? If we have to, it's a piece of malware or a botnet, we can do analysis on that and discover more malicious things that this is doing. Then we go investigate those malicious things. And we really, it's similar to the world of CSI, right? These different dots that they're connecting, we're doing that at hyper-scale. And we use that through these tools that Aamir was talking about. So it's really a lifecycle of getting the malware incoming, seeing it first, analyzing it, and then doing action on that. So it's sort of a three step process. And the action comes down to what Aamir was saying, waterfall and that to our customers, so that they're protected. But then in tandem with that, we're also going further and I'm sharing it if applicable to say law enforcement partners, other threat Intel sharing partners too. And it's not just humans doing that. So the proactive piece, again, this is where it comes to artificial intelligence, machine learning. There's a lot of cases where we're automatically doing that analysis without humans. So we have AI systems that are analyzing and actually creating protection on its own too. So it's quite interesting that way. >> It say's at the end of the day, you want to protect your customers. And so this renders out, if I'm a Fortinet customer across the portfolio, the goal here is protect them from ransomware, right? That's the end game. >> Yeah. And that's a very important thing. When you start talking to these big dollar amounts that were talking earlier, it comes to the damages that are done from that- >> Yeah, I mean, not only is it good insurance, it's just good to have that fortification. So Derek, I going to ask you about the term the last mile, because, we were, before we came on camera, I'm a band with junkie always want more bandwidth. So the last mile, it used to be a term for last mile to the home where there was telephone lines. Now it's fiber and wifi, but what does that mean to you guys in security? Does that mean something specific? >> Yeah, absolutely. The easiest way to describe that is actionable. So one of the challenges in the industry is we live in a very noisy industry when it comes to cybersecurity. What I mean by that is that because of that growing attacks for FIS and you have these different attack factors, you have attacks not only coming in from email, but websites from DoS attacks, there's a lot of volume that's just going to continue to grow is the world that 5G and OT. So what ends up happening is when you look at a lot of security operations centers for customers, as an example, there are, it's very noisy. It's you can guarantee almost every day, you're going to see some sort of probe, some sort of attack activity that's happening. And so what that means is you get a lot of protection events, a lot of logs. And when you have this worldwide shortage of security professionals, you don't have enough people to process those logs and actually start to say, "Hey, this looks like an attack." I'm going to go investigate it and block it. So this is where the last mile comes in, because a lot of the times that, these logs, they light up like Christmas. And I mean, there's a lot of events that are happening. How do you prioritize that? How do you automatically add action? Because the reality is if it's just humans doing it, that last mile is often going back to your bandwidth terms. There's too much latency. So how do you reduce that latency? That's where the automation, the AI machine learning comes in to solve that last mile problem to automatically add that protection. It's especially important 'cause you have to be quicker than the attacker. It's an arms race, like you said earlier. >> I think what you guys do with FortiGuard Labs is super important, not only for the industry, but for society at large, as you have kind of all this, shadow, cloak and dagger kind of attack systems, whether it's national security international, or just for, mafias and racketeering, and the bad guys. Can you guys take a minute and explain the role of FortiGuards specifically and why you guys exist? I mean, obviously there's a commercial reason you built on the Fortinet that trickles down into the products. That's all good for the customers, I get that. But there's more at the FortiGuards. And just that, could you guys talk about this trend and the security business, because it's very clear that there's a collective sharing culture developing rapidly for societal benefit. Can you take a minute to explain that? >> Yeah, sure. I'll give you my thoughts, Aamir will add some to that too. So, from my point of view, I mean, there's various functions. So we've just talked about that last mile problem. That's the commercial aspect. We created a through FortiGuard Labs, FortiGuard services that are dynamic and updated to security products because you need intelligence products to be able to protect against intelligent attacks. That's just a defense again, going back to, how can we take that further? I mean, we're not law enforcement ourselves. We know a lot about the bad guys and the actors because of the intelligence work that we do, but we can't go in and prosecute. We can share knowledge and we can train prosecutors, right? This is a big challenge in the industry. A lot of prosecutors don't know how to take cybersecurity courses to court. And because of that, a lot of these cyber criminals reign free, and that's been a big challenge in the industry. So this has been close my heart over 10 years, I've been building a lot of these key relationships between private public sector, as an example, but also private sector, things like Cyber Threat Alliance. We're a founding member of the Cyber Threat Alliance. We have over 28 members in that Alliance, and it's about sharing intelligence to level that playing field because attackers roam freely. What I mean by that is there's no jurisdictions for them. Cyber crime has no borders. They can do a million things wrong and they don't care. We do a million things right, one thing wrong and it's a challenge. So there's this big collaboration. That's a big part of FortiGuard. Why exists too, as to make the industry better, to work on protocols and automation and really fight this together while remaining competitors. I mean, we have competitors out there, of course. And so it comes down to that last mile problems on is like, we can share intelligence within the industry, but it's only intelligence is just intelligence. How do you make it useful and actionable? That's where it comes down to technology integration. >> Aamir, what's your take on this societal benefit? Because, I would say instance, the Sony hack years ago that, when you have nation States, if they put troops on our soil, the government would respond, but yet virtually they're here and the private sector has to fend for themselves. There's no support. So I think this private public partnership thing is very relevant, I think is ground zero of the future build out of policy because we pay for freedom. Why don't we have cyber freedom if we're going to run a business, where is our help from the government? We pay taxes. So again, if a military showed up, you're not going to see companies fighting the foreign enemy, right? So again, this is a whole new changeover. What's your thought? >> It really is. You have to remember that cyber attacks puts everyone on an even playing field, right? I mean, now don't have to have a country that has invested a lot in weapons development or nuclear weapons or anything like that. Anyone can basically come up to speed on cyber weapons as long as an internet connection. So it evens the playing field, which makes it dangerous, I guess, for our enemies. But absolutely I think a lot of us, from a personal standpoint, a lot of us have seen research does I've seen organizations fail through cyber attacks. We've seen the frustration, we've seen, like besides organization, we've seen people like, just like grandma's lose their pictures of their other loved ones because they kind of, they've been attacked by ransomware. I think we take it very personally when people like innocent people get attacked and we make it our mission to make sure we can do everything we can to protect them. But I will add that at least here in the U.S. the federal government actually has a lot of partnerships and a lot of programs to help organizations with cyber attacks. The US-CERT is always continuously updating, organizations about the latest attacks and regard is another organization run by the FBI and a lot of companies like Fortinet. And even a lot of other security companies participate in these organizations. So everyone can come up to speed and everyone can share information. So we all have a fighting chance. >> It's a whole new wave of paradigm. You guys are on the cutting edge. Derek always great to see you, Aamir great to meet you remotely, looking forward to meeting in person when the world comes back to normal as usual. Thanks for the great insights. Appreciate it. >> Pleasure as always. >> Okay. Keep conversation here. I'm John Furrier, host of theCUBE. Great insightful conversation around security ransomware with a great demo. Check it out from Derek and Aamir from FortiGuard Labs. I'm John Furrier. Thanks for watching.

>>Fly from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angle media. >>Welcome to the cubes coverage here in Moscone in San Francisco for RSA copper's 2020. I'm John hosted the cube and you know, cyber security is the hottest thing. Transforming businesses and you know, old. It has to transform into not only playing defense but playing off fence and understand the threats, how to organize around it. And that's really been a big part of this new next generation architecture operations and just mindset. We've got a great guest here to share his perspective. Luke Wilson, who's the vice president, intelligence for four IQ hot startup but also former FBI counter terrorism of right other DOD state department. Uh, tons of experience on both sides. Now on the commercial side. Luke, thanks for coming on. Thanks for having me. So obviously your background gives you a unique perspective and you know, I've been in uh, in the commercial side, I haven't done any government service like you have, but I can tell you it in the enterprise it's been boring. >>Oh yeah. He has storage, provisioning, storage, business servers, cloud comes in, it gets exciting. Yeah. Startups are doing cloud native lot more robust scale and you starting to see the new applications with that, the security perimeter is gone. It's now a huge surface area. So the enterprise has to get more FBI like or more smarter around how they organize, how they hire. Yeah. This is your, this is your world. Yes, it is. What's your take on this? What's it, what's your view of the industry right now? Well, I think right now what you're seeing is this change from, uh, you know, I hate to be cliche about it, but for years we've been playing whack-a-mole against the bad guys. I've see Matt, you know, uh, at my time at the FBI and various government, different agencies there, um, we're starting to see a shift of alright, we want, they want to know, okay, how is this happening to them? >>So it's just not the, the, what's happened. It's like who's behind it. And you know, in today's, in today's, uh, arena with the, you know, with cyber security, you have to start figuring out what entity is behind these attacks, uh, what they're going after. So you can start protecting that, but then also using that information, that intelligence from there, sharing it with other business sectors and then also turn in that big backend side so you can have some kind of preventive maintenance as well. I mean, you've got a lot going on. There used to be a nice little neat little industry in a box security by some software. You've got the servers, you have firewalls, all that nice stuff. Now you're talking about elaboration. Operating models are changing. A whole new dimension and open source has given a, an ability to cloak, whether it's nation States can now be operating under stealth mode. >>Oh yeah. You have all kinds of new dynamics. What is, what does the company do? You know, how do people solve this? There, there is no one answer or that, you know, it's got, it's gonna take a community, uh, the community of protectors and, uh, groups that want to help solve these issues. Uh, you know, and law enforcement, we always say, you know, it's a, it's a cat and mouse game. We catch up to them and then they change a little, you know, maybe a little bit here and there and then we catch up to him again and, uh, we're just gonna keep playing that game. But you know, uh, businesses, commercial businesses are starting to get into that, into that mode as well of, Hey, just because I defeated something today doesn't mean it's going to be right back at my door tomorrow. You know, you and I saw each other last night at the general Alexander's, uh, talk, uh, and he's always been all about offense, defense and understanding visibility and signals. >>Um, you know, there's a lot to do there. Um, you got to know where things are coming from. There's a lot of shared responsibility, but shared work, right? It's like, yes, we want, there's a lot of redundancy going on in security now. Oh yeah. And within and without pumping. So the collaboration, you mentioned the big part, how do you see that evolving that you work with the FBI counterterrorism, you kind of see how this kind of thinking renders itself. How does that work in a commercial world? How do you see that evolving? Well, you have certain cyber centers that are built for that kind of model, uh, for, uh, helping, you know, commercial, uh, industries, uh, deal with that threat. You know, there's no, uh, one tool, one company that can protect itself from a nation state attack. Uh, we've seen that, you know, so, uh, the best thing that's happening right now is people are starting to understand in order to get the entire, um, I would say the topology of the attack, that's that that's affecting you. >>You're going to have to share this information. You're going to have to learn from other groups. Uh, law enforcement, intelligence agencies are sharing. Um, and, you know, it's quite frankly, it's, it's, we're kind of late in the game of sharing, which the criminals have been doing this now for years, you know, sharing that information and understanding who to attack them, when to attack. Yeah. And they've been been winning. So I gotta ask you, as someone who's been in the industry now, and I'm book both sides, you look at RSA this year, um, besides the headline of the coronavirus who's got a backdrop to all of this, there's still a huge show here and, and the trends are changing. It seems to be the scene game, whack a mole on steroids, but now you've got cloud. What's new out there that, that's getting you excited? What do you think people should be paying attention to? >>Why? I think what people should be paying attention to is now a lot of the, I would say the products and the tools that are coming out are actually being developed by people who are practitioners have been in that space and understand what it takes in order to defeat, uh, the, the types of criminals that you're facing every day. Um, you know, I, I see a lot of products, uh, getting into the, the hoop, you know, and for me, I think that's a very, uh, a very strong point now that you can't just keep saying, I closed this court and that court in this sport and we're good. No, they're just gonna change little thing and come right back in. Um, so I see a lot of tools or act or identification or identification time attribution, um, people are trying to get to the who in this space now in order to turn that back around for prevention as well. >>So something where normally this is, you know, an FBI, uh, uh, you know, a federal government, uh, uh, agency trying to figure out the who, a lot of the tools and, and some of the, uh, you know, the data today is helping out with that for private industry. So that are great point gradient site by the way. I love that. I love that angle on that. What about meal time? Because now real time is a big one and people are overworked. It's a pile of threat detection out there. Like, Hey, there's some stuff happening in another company. So people are buying feeds. I get it right now. You need a data processing perspective. You've got to get the data. How does that, how do you see that whole challenge become an opportunity? Well, you know, uh, we're a data driven society now, right? So everything has data connected to it. >>Um, you know, and, and you're getting that amount of data stream float into your commercial entity. You know, first of all, it needs to be automated. You're going to have, you know, a lot, a lot of data to sift and sort through to understand what's actually happening here. So I think the, the, you know, that that live feed going real time is very helpful, but also content, uh, you know, put some context context behind that and having and having that, that information fully digested so you can understand what's the threat, how's it coming at you. And then using that for prevention. Super exciting time. I want to get into your experience and how that translates into maybe your advice for people that are kinda kind of waking up from lack of multiple, kind of being more of a kind of a versatile athlete, if you will, athletes, cyber athletes. >>Um, but I gotta ask you about, um, the idea of threats that are coming in that you seen in the FBI that enterprises should be paying attention. Because I'll give you an example. I'll say, Luke, I'm good. My it department covering this for years. I don't really have anything that's valuable, right? So I'm good. I got my patches done, so I don't really need to buy anything from you or I'm good, right? Not everyone's saying that, but that can be the mentality at different spectrum of, all right, so what do, what do you say to that? Well, you know, besides, I'm an idiot, you know, we see that a lot and I think, um, you have to, that, that's a very big naive approach about it. Um, you know, you also have to start thinking about, are you good with your insider threat? Are you good with your third party risks, you know, threats. >>Um, so there's so many things going down the line. When you look at what it takes for, let's say a large financial institution to run, would it take for a large, uh, company like an Uber or Lyft to run? Um, you know, there's, there's threats there and if you're saying you don't have any threats and you're, you're, you're OK, then uh, you know, I would say that's a, that's another, it's being polite, being polite. What you're saying is, no, you're not. Okay. Well, I mean, cause if, think about it, if you're just running a main small little manufacturing operation, I don't have any IP, but your operations is your IP. You might be exposed for ransomware or some, you know what I'm saying? There's always disruption. This has been kind of an interesting, there's a mindset. It's not just what you think you have. There's a holistic view. >>What's your take on the reaction to that? Yeah. It isn't the holistic view. You have to take that approach. You've seen what's happening nowadays, especially within the ransomware. Uh, you know, it's, it may come from a third party that basically didn't secure their systems, but they knew exactly what they went with, the cyber criminal, exactly what they were doing because they solely wanted to attack you and they knew the weakest link was three steps down from you. And so that's exactly where they went to. You know, I love these conversations and not, you know, a lot. I'm a Patriot and I love to help our country. I do my best. I don't really serve in the government, but one of the things I feel strongly about and people know I rant about this all the time when I'm on the cube is that digital war is happening and I really believe that, you know, our, we're a free society. >>You can't lock every door in this country. You've got borders, physical borders, so digital borders or if we're open society, you can't really be defensive all the time. Yeah. So if someone does strike us, our answers especially been counter strike back with a vengeance. Exactly. Which is how the deterrent is. But digitally, where's that line? I mean if you drop chips in Manhattan, you know you're, we're a tapping attack. What's the digital drawing in your opinion? Because this is something that Noah's talking about, but it's kind of paper cuts is that there's a line of knowing is are we being attacked? It's the who. What's your view on this? I know it's a new emerging area. Yeah. Aye. Aye. Aye. I seem to I think a little bit on both sides here. I want to do something back, but I don't think I'm most special, especially commercial businesses. >>Understand what that means. Actually find some attribution and then say, you know, it is this entity or this country that's doing that and it's kind of a slippery slope when you start getting out of that cutting edge societal issue. Because I mean the government has a military to protect me, right? But if I'm a cyber company, I going to build my own military digital military. Now what are we talking about here? I mean, it's interesting. It's, it's again, that's why I start seeing a lot. If you look at the place, you know around here you start looking at some of these tools, they are offensive weapons. When you look at them, these are weapons to understand, well not weapons, but tools to understand who and you already know what happened. And so now you get the who and the why, right? Yeah. You can't really strike back. >>But what you could do is turn that back inward and say, okay, I'm going to start preventing this stuff. Yeah. Right. But then also, Hey, I can go to the, you know, the FBI and say, here's a nice neat packet of information on what happened to me and who we believe it to be. And that's where that conversation starts to happen. And I'm really excited by the digital twin and the simulation environments where you can start having flex, you can flex scenarios to do, use some of this scenario based planning so you can protect and plan for scenarios which is reacting to it. Yeah. Yeah. The digital training space, when he got there, you know, and it just like you stated earlier, right? You know, the, the, the United States military goes out here and trains for certain scenarios all the time. Companies have to start doing that because that's what's happening to them. >>You know, they're, you're right on the money. I love the insight. Thanks for sharing. Greetings. I love that you got to get the reps and you got to do the operations. You got to nail that. So just give a quick plug before IQ. Thanks for sharing your awesome insight. What do you guys do and what are you guys all about? What's your value proposition? Great. Yeah, we're, we're identity intelligence company. Oh, what that means is that we have tools and products that's going to allow our clients get to that who, you know, uh, and we also have tools that allow them to get to the what as well. So we're on both sides of a, of the fence there. Um, we're trying to get left of boom, what they call it. Um, but our data and our intelligence allows us clients to find the bad guy. >>A very simple, we have some AI and machine learning built into there where it's almost like a click of a button, I can expand and figure out who these individuals are and understand their TTPs. And what we want to do is make automation of these different types of tools easier and faster for the clients to use. So you want to bring intelligence into their visibility space or data space or, yes, I actionable intelligence. Yeah. So basically in their, into their digital space of understanding, you know, their attack surface, understanding what problems that they're having. And then we have, um, you know, like I said, a lot of tools and, and, and, and, and, um, it's, I would call it tell who calls you out, who's the customer, who's the buyer, the IOC show? Is it, uh, uh, off-gas? What's the, who's buying your stuff? So mainly what we're into a lot of, um, cyber fraud, fusion centers, just like that. >>Law enforcement intelligence agencies. Um, I would say, you know, I, I know for a fact that I wouldn't use this, you know, if I had this tool and the FBI. Um, and, and, and a lot of, you know, if you have a large digital footprint, uh, we have cryptocurrency companies using this as well. Um, you know, you're, you're seeing some, some, some pretty bad guys attacking your systems, trying to defraud you. Our product helps you out with that. Right. Luke, great conversation. Thanks for coming on. Appreciate RSA coverage. Taking the show. What's the hot thing at the show? What's your favorite moment here? What's, what's the big story here at RSA? I w I would say, uh, for me it's this, uh, sit in the one, uh, Ashton Martin sit now, you know, every year there's something different. You know, I go to these Bitcoin conferences and I see they usually have Lamborghinis out for it. And now I think this is happening. So yeah, I don't know if we're trending in that direction now. Get in that car and we're gonna erase away. Great. Luke Wilson, VP of intelligence before I Q a here inside the cube, the cube coverage show our say I'm John furrier. Thanks for watching.

>> live from Mountain View, California It's the queue covering definite create twenty nineteen. Brought to You by Cisco >> Welcome back to the Cube. Elisa Martin with Set Cisco Definite Create twenty nineteen at the Computer History Museum, but here all day, talking with some really great innovative folks excited to welcome to the Cube. Marty Jane, senior director of this Cisco Global Partnership and Video. Marty, It's great to have you here. >> Thank you. Good to be here. >> So I always love talking about partnerships Where what Day One of Dev. Net. Tomorrow's day to. There's been a lot of a lot of community spirit is here, so I just kind of in the spirit of partnerships, lot of collaboration that community is is really strong. Uh, before we get into kind of the details of this Cisco in video partnership first kind of thing, I wonder is all right. This is the developer community. Why the developer community within video? >> That's a great question. So if you think about way, make GP use, which is a piece of silicon graphics processing unit, and it is really only a piece of silicon until a developer comes along and develops a cool app on it. So if you think about how we go to market our large conferences called GTC, it's really developer. Focus. We have a little over a million developers in our ecosystem, and I find it very synergistic with Cisco. If you think about Suzy, we's vision. I think it's the same idea. You look at over half a million developers in their ecosystem and they want to develop collapse, and that's how your platform becomes relevant. So if you think of all the modern innovation that's coming from developers, so these are the folks that we should be talking to on a daily basis. I see a lot of commonality, a lot of synergies. In fact, we had Sisko definite come over to our conference GTC, and they they appeal to our developers. And now we're here talking to their developers and also developing some joint platforms which the the folks can use for. Like I said, the more modern *** with all the new data that's coming, whether the coyote with a machine learning automotive, smart cities, you name it, we need to be able to provide the platform to the developers >> and a number of those topics came up today, even during the keynote, Smart cities being able to utilize and accelerate work leads with a I and machine learning. They gave some great examples during the keynote of how developers can build networks. They give this cool example of I think it right off the hills of Coachella of designing a secure network for an indoor concert, designing it for an outdoor festival, Coachella and then designing it for a massive stadium like a big football game like the Super Bowl, for example. And they showed it that higher end. They showed how they're using machine, learning to zoom in on. For example, they had this little red box and you see people and what's actually in there than the machines detected was a fight and in real time, analysing this data and thence, dispatching the appropriate security to come and obviously probably take the drinks out of their hands first. But it was a really interesting, great real world example. So you guys have been partners a long time. Our you've been actually working at various companies with Cisco for a long time, but I think of Cisco and video coming together. How are you great? Something to accelerate these? Aye. Aye. And machine weren't were machine learning workloads that we're starting to see in every industry. >> You bet. Great question. So let me first comment on what you said about smart cities. I like to think of it as smart and safe cities. So actually, the first set of application will be around public safety. What the example you were giving his spot on? If you have large crowds gathering, it makes sense for us to be able to look at those clouds. Crowds? We call it intelligent video analytics or idea. In fact, we have a platform here. The Sisko i R eleven o one with a GPU added to it. So now I can wash the crowds. And if there's a fight breaking out or somebody's carrying in a weapon, you want to know somebody walks in carrying a backpack and drops it and moves on. You want to know one? Inform somebody. So what is happening is way of these millions and millions of bites of video data, >> and >> that data is not being really used today. So what we're doing is saying you know what? Let's find those pieces of intelligence and the video data and do something with it. And public safety is absolutely the highest priority. So smartest, safe city makes a lot of sense. So what we're doing is we're going to market with partners at Cisco. So what we're doing is we're saying Okay, let's design these GPS into the servers, which are connected to cameras and think about how many cameras are deployed today, probably a billion. And a lot of the video data can now be used for public safety purposes, and we basically go out and talk to large companies. We talked to governments. We talked to cities along with Sisko to go even open their eyes to what is possible today. >> Right? Because of that data is dark for so long, they don't know what they don't know. >> While most cases, what happens is you record four days of video and until something happens, nobody goes back and takes a look at it. But now we have the ability to look at the real time and cities and government's desire that very much so, >> sir example, that's such a relevant topic. I mean, they know. There's also the issue of privacy. But to your point about not just a smart city but a smart, safe city. I like that. I think it's absolutely imperative. How do you have this conversations with cities with governments about All right, this is what we want. Do we want to actually apply machine learning? So the machines are taught What that line is with privacy with those boundaries are so that a person, I'd say a lay person not in technology. Maybe is a city government official who doesn't understand the technology or need Teo will go. I get it. >> Yes. So our conversations are really about what we call you cases. So think of enterprise. A good use case would be. In fact, we work with Cisco on developing use case. You know, you always badge in into an enterprise. You have your badge, you walk in. But you also have some cases. People follow you, following you in what stops you from following me into a building. And usually people are too polite to say no, you can walk in, but we've >> all had the video training or read the manual. We know we're not >> we're not supposed to bite, but >> then you're like, I >> don't just cultural, exactly. We just can't you know that. So now we have the ability. So we trained a in a network to say, Look, if Marty's badging in, only he's allowed to walk in. And if there's a second person walks in, I want to take put Little Red Square on that face and inform security that we have had more than one person walking. So these are some of the ways. So we talk about use cases. This is one use case crowd behavior. Analytics is another use case. You know, people were walking in the backpack, dropping it. Other use case would be something like Bar to Bart loses millions of dollars year because people jumped the turnstiles and Bart didn't really have a good way of of monitoring, measuring the losses until we put a camera and captured the number of people that were jumping. The turnstiles are going in through the handicap access, okay? They were losing ten times the dollar value of what we had thought. Wow. So this is how we start the conversation with use cases, you know? And what would you like to do? Being able to count the number of cars in intersection begin with counter number of pedestrians, so you could do traffic management better. That's the language we would use with cities and governments. And then we go deeper as you go through the implementation process. >> Well, that makes perfect sense going in the use case route, because you can clearly see in that example that you mentioned with Bart a massive business outcome and an opportunity to regain a tremendous amount of resource is that they could redeploy for whether it it's new trains, new trucks, etcetera than them, not realizing we're losing how much money. I think anybody when you could put the useless in that context of this is what you can expect as an outcome. They get it >> Absolutely. That's the really the only way to start the conversation than starting from bits and bytes. And this is the This is usually the case across industries. If you think about retail, for example, you know you go to a safe way to start talking about GPS and servers. That's not the great way to start, but they do have issues with shoplifting, for example. So how do you know a person is walking in, you know, through the checkout. And they have one item. Then there's a small item right here and they walk out with this. How do you monitor that? So now you can do that with the right kind of cameras that can capture. Look there Two items, not one. How do you know where shop are stopping Which aisle is the most popular? I'Ll How do you know that? Well, now you can have cameras would say, Look, we have red zones and Green Zone so you could do those kinds of things with modern ways of doing. I >> so interesting because it's so. I mean, the examples that you gave are so disparate, but yet they make so much sense was how how you're describing it rather than going into, you know, a grocery store in talking about GPS, which they might fall over with their eyes. Doing this >> right. >> You're actually putting in the context of a real world problem they've been experiencing since the beginning of time. Don't you understand? Only goodness and this is how we can use technology. It's the safe way becomes a technology company. They don't know it. What actually started packing their bottom line. >> That's right, And so even now, you know. So I have to take that and you extend that into How do you go to market? And it's something you wanted Teo Touch on. How do you go to market with Cisco's? How does ingredients is? Could do it together, right? So think of Cisco's sales teams who are talking to all these customers every day where their retailers, financial services, federal government, health care, you name it. So what we've done is we basically sort of taking all these industries and created the top three or four use cases we know are relevant to that industry, either for safety or for saving money's. For variety of their operational reason, we have narrowed it down to three or four five use cases and each of those target industries. So what we do now with Cisco teams that we would bring them into our facility or go to them and really talkto all those use cases and train them on Hey, look, this is what we do jointly, and that makes the conversation much easier. Then they will go and present to the customer and what's the customer gets an idea far this all possible. Now that starts a deeper level technology and server and GPU engagement. So this is one way we go up and talk to different customers. What's the school's >> second? About a bit. Marcus. Cisco is so enormous, they have a billion different. I'm slightly exaggerating products with but a lot of different technologies that form many different solutions. So I imagine your Cisco expertise over many years of working with Cisco's a partner for other companies. How do you once you get to that deeper level conversation, how do you bring this different groups within Cisco together? So that that solution conversation is one that really aligns to that use case and the customer doesn't get it? >> Yeah, that's a difficult question to answer. That's like, you know your work. It's just cause a large company. But I think I also think they're also very cells driven, and that's what drives the different groups to come together. In fact, some people called me the Connector because I've been working. Cisco's so long. I know people and definite I know people in sales. I know people in the server. BU, in fact, if you think about the The platform was talking about the i r eleven o one with the jets and GPU that came as a result. I was talking to the i o t bu result talking to Dev net our situation the definite he said. You know what? This is cool are gonna do this. Then we take that to the IOC Guys is Oh, this is cool. We can take that. Put it in this platform, and then I'm next. Actually, next week I'm talking to a sale. Seaman Cisco. They cover utilities. And this platform was profit for utilities. Even think about fire monitoring in a forest. How do you do, boy thousand? The people to just watch what happens. We can take a platform like that now and really deploy it in hundreds of places which could monitor fires or the starting off a fire. But yes, bringing them together. It is no easy task. It's fun >> where you are smiling. I like that. Marty the connector. Jane, thank you >> so much for >> joining me on the kid this afternoon. Fun conversation. I enjoyed it. >> Ofcourse. Thank you. Likewise. Thank >> you, Lisa Martin for the Cube. you're watching us live, Francisco Definite. Create twenty nineteen. This is the end of day one. Stick around, John. Failure on I will be back tomorrow to cover day too. Thanks for watching.

produced from the cube studios this is strong by science in-depth conversations about science based training sports performance and all things health and wellness here's your host max smart [Music] [Applause] [Music] all right thank you guys tune in today I have the one and only Dean of big data the man the myth the legend bill Schwarz oh also my dad is the CTO of Hitachi van Tara and IOC in analytics he has a very interesting background because he is the well he's known as the Dean of big data but also the king of the court and all things basketball related when it comes to our household and unlike most people in the data world and I want to say most as an umbrella term but a some big bill has an illustrious sports career playing at Coe College the Harvard of the Midwest my alma mater as well but I think having that background of not just being computer science but where you have multiple disciplines involved when it comes to your jazz career you had basketball career you have obviously the career Iran now all that plays a huge role in being able to interpret and take multiple domains and put it into one so thank you for being here dad yeah thanks max that's a great introduction I rep reciate that no it's it's wonderful to have you and for our listeners who are not aware bill is referring him is Bill like my dad but I call my dad the whole time is gonna drive me crazy bill has a mind that thinks not like most so he he sees things he thinks about it not just in terms of the single I guess trajectory that could be taken but the multiple domains that can go so both vertically and horizontally and when we talk about data data is something so commonly brought up in sports so commonly drop in performance and athletic development big data is probably one of the biggest guess catchphrases or hot words or sayings that people have nowadays but doesn't always have a lot of meaning to it because a lot of times we get the word big data and then we don't have action out of big data and bill specialty is not just big data but it's giving action out of big data with that going forward I think a lot of this talk to be talking about how to utilize Big Data how do you guys data in general how to organize it how to put yourself in a situation to get actionable insights and so just to start it off Becky talked a little bit on your background some of the things you've done and how you develop the insights that you have thanks max I have kind of a very nos a deep background but I've been doing data analytics a long time and I was very fortunate one of those you know Forrest Gump moments in life where in the late 1980s I was involved in a project at Procter & Gamble I ran the project where we brought in Walmart's point of sales data for the first time into a what we would now call a data warehouse and for many of this became the launching point of the data warehouse bi marketplace and we can trace the effect the origins of many of the BI players to that project at Procter & Gamble in 87 and 88 and I spent a big chunk of my life just a big believer in business intelligence and data warehousing and trying to amass data together and trying to use that data to report on what's going on and writing insights and I did that for 20 25 years of my life until as you probably remember max I was recruited out Business Objects where I was the vice president of analytic applications I was recruited out of there by Yahoo and Yahoo had a very interesting problem which is they needed to build analytics for their advertisers to help those advertisers to optimize or spend across the Yahoo ad network and what I learned there in fact what I unlearned there was that everything that I had learned about bi and data warehouse and how you constructed data warehouses how you were so schema centric how everything was evolved around tabular data at Yahoo there was an entirely different approach the of my first introduction to Hadoop and the concept of a data Lake that was my first real introduction into data science and how to do predictive analytics and prescriptive analytics and in fact it was it was such a huge change for me that I was I was asked to come back to the TD WI data world Institute right was teaching for many years and I was asked to do a keynote after being at Yahoo for a year or so to share sort of what were the observations what did I learn and I remember I stood up there in front of about 600 people and I started my presentation by saying everything I've taught you the past 20 years is wrong and it was well I didn't get invited back for 10 years so that probably tells you something but it was really about unlearning a lot about what I had learned before and probably max one of the things that was most one of the aha moments for me was bi was very focused on understanding the questions that people were trying to ask an answer davus science is about us to understand the decisions they're trying to take action on questions by their very nature our informative but decisions are actionable and so what we did at Yahoo in order to really drive the help our advertisers optimize your spend across the Yahoo ad network is we focus on identifying the decisions the media planners and buyers and the campaign managers had to make around running a campaign know what what how much money to allocate to what sides how much how many conversions do I want how many impressions do I want so all the decisions we built predictive analytics around so that we can deliver prescriptive actions to these two classes of stakeholders the media planners and buyers and the campaign managers who had no aspirations about being analysts they're trying to be the best digital marketing executives or you know or people they could possibly be they didn't want to be analysts so and that sort of leads me to where I am today and my my teaching my books my blogs everything I do is very much around how do we take data and analytics and help organizations become more effective so everything I've done since then the books I've written the teaching I do with University of San Francisco and next week at the National University of Ireland and Galway and all the clients I work with is really how do we take data and analytics and help organizations become more effective at driving the decisions that optimize their business and their operational models it's really about decisions and how do we leverage data and analytics to drive those decisions so what would how would you define the difference between a question that someone's trying to answer versus a decision but they're trying to be better informed on so here's what I'd put it I call it the Sam test I am and that is it strategic is it actionable is it material and so you can ask questions that are provocative but you might not fast questions that are strategic to the problems you're trying to solve you may not be able to ask questions that are actionable in a sense you know what to do and you don't necessarily ask questions that are material in the sense that the value of that question is greater than the cost of answering that question right and so if I think about the Sam test when I apply it to data science and decisions when I start mining the data so I know what decisions are most important I'm going through a process to identify to validate the value and prioritize those decisions right I understand what decisions are most important now when I start to dig through the data all this structured unstructured data across a number different data sources I'm looking for I'm trying to codify patterns and relationships buried in that data and I'm applying the Sam test is that against those insights is it strategic to the problem I'm trying to solve can I actually act on it and is it material in the sense that it's it's it's more valuable to act than it is to create the action around it so that's the to me that big difference is by their very nature decisions are actually trying to make a decision I'm going to take an action questions by their nature are informative interesting they could be very provocative you know questions have an important role but ultimately questions do not necessarily lead to actions so if I'm a a sport coach I'm writing a professional basketball team some of the decisions I'm trying to make are I'm deciding on what program best develops my players what metrics will help me decide who the best prospect is is that the right way of looking at it yeah so we did an exercise at at USF too to have the students go through an exercise - what question what decisions does Steve Kerr need to make over the next two games he's playing right and we go through an exercise of the identifying especially in game decisions exercise routes oh no how often are you gonna play somebody no how long are they gonna play what are the right combinations what are the kind of offensive plays that you're gonna try to run so there's a know a bunch of decisions that Steve Kerr is coach of the Warriors for example needs to make in the game to not only try to win the game but to also minimize wear and tear on his players and by the way that's a really good point to think about the decisions good decisions are always a conflict of other ideas right win the game while minimizing wear and tear on my players right there's there are there are all the important decisions in life have two three or four different variables that may not be exactly the same which is by this is where data science comes in the data science is going to look across those three or four very other metrics against what you're going to measure success and try to figure out what's the right balance of those given the situation I'm in so if going back to the decision about about playing time well think about all the data you might want to look at in order to optimize that so when's the next game how far are they in this in this in the season where do they currently sit ranking wise how many minutes per game has player X been playing looking over the past few years what's there you know what's their maximum point so there's there's a there's not a lot of decisions that people are trying to make and by the way the beauty of the decisions is the decisions really haven't changed in years right what's changed is not the decisions it's the answers and the answers have changed because we have this great bound of data available to us in game performance health data you know all DNA data all kinds of other data and then we have all these great advanced analytic techniques now neural networks and unstructured supervised machine learning on right all this great technology now that can help us to uncover those relationships and patterns that are buried in the data that we can use to help individualize those decisions one last point there the point there to me at the end when when people talk about Big Data they get fixated on the big part the volume part it's not the volume of big data that I'm going to monetize it's the granularity and what I mean by that is I now have the ability to build very detailed profiles going back to our basketball example I can build a very detailed performance profile on every one of my players so for every one of the players on the Warriors team I can build a very detailed profile it the details out you know what's their optimal playing time you know how much time should they spend before a break on the feet on the on the on the court right what are the right combinations of players in order to generate the most offense or the best defense I can build these very detailed individual profiles and then I can start mission together to find the right combination so when we talk about big it's not the volume it's interesting it's the granularity gotcha and what's interesting from my world is so when you're dealing with marketing and business a lot of that when you're developing whether it be a company that you're trying to find more out about your customers or your startup trying to learn about what product you should develop there's tons of unknowns and a lot of big data from my understanding it can help you better understand some patterns within customers how to market you know in your book you talk about oh we need to increase sales at Chipotle because we understand X Y & Z our current around us now in the sports science world we have our friend called science and science has helped us early identify certain metrics that are very important and correlated to different physiological outcomes so it almost gives us a shortcut because in the big data world especially when you're dealing with the data that you guys are dealing with and trying to understand customer decisions each customer is individual and you're trying to compile all together to find patterns no one's doing science on that right it's not like a lab work where someone is understanding muscle protein synthesis and the amount of nutrients you need to recover from it so in my position I have all these pillars that maybe exist already where I can begin my search there's still a bunch of unknowns with that kind of environment do you take a different approach or do you still go with the I guess large encompassing and collect everything you can and siphon after maybe I'm totally wrong I'll let you take it away no that's it's a it's a good question and what's interesting about that max is that the human body is governed by a series of laws we'll say in each me see ology and the things you've talked about physics they have laws humans as buyers you know shoppers travelers we have propensity x' we don't have laws right I have a propensity that I'm gonna try to fly United because I get easier upgrades but I might fly you know Southwest because of schedule or convenience right I have propensity x' I don't have laws so you have laws that work to your advantage what's interesting about laws that they start going into the world of IOT and this concept called digital twins they're governed by laws of physics I have a compressor or a chiller or an engine and it's got a bunch of components in it that have been engineered together and I can actually apply the laws I can actually run simulations against my digital twins to understand exactly when is something likely to break what's the remaining useful life in that product what's the severity of the the maintenance I need to do on that so the human body unlike the human psyche is governed by laws human behaviors are really hard right and we move the las vegas is built on the fact that human behaviors are so flawed but body mate but bat body physics like the physics that run these devices you can actually build models and one simulation to figure out exactly how you know what's the wear and tear and what's the extensibility of what you can operate in gotcha yeah so that's when from our world you start looking at subsystems and you say okay this is your muscular system this is your autonomic nervous system this is your central nervous system these are ways that we can begin to measure it and then we can wrote a blog on this that's a stress response model where you understand these systems and their inferences for the most part and then you apply a stress and you see how the body responds and even you determine okay well if I know the body I can only respond in a certain number of ways it's either compensatory it's gonna be you know returning to baseline and by the mal adaptation but there's only so many ways when you look at a cell at the individual level that that cell can actually respond and it's the aggregation of all these cellular responses that end up and manifest in a change in a subsystem and that subsystem can be measured inferential II through certain technology that we have but I also think at the same time we make a huge leap and that leap is the word inference right we're making an assumption and sometimes those assumptions are very dangerous and they lead to because that assumptions unknown and we're wrong on it then we kind of sway and missed a little bit on our whole projection so I like the idea of looking at patterns and look at the probabilistic nature of it and I'm actually kind of recently change my view a little bit from my room first I talked about this I was much more hardwired and laws but I think it's a law but maybe a law with some level of variation or standard deviation and it we have guardrails instead so that's kind of how I think about it personally is that something that you say that's on the right track for that or how would you approach it yeah actually there's a lot of similarities max so your description of the human body made up of subsystems when we talk to organizations about things like smart cities or smart malls or smart hospitals a smart city is comprised of a it's made up of a series of subsystems right I've got subsystems regarding water and wastewater traffic safety you know local development things like this look there's a bunch of subsystems that make a city work and each of those subsystems is comprised of a series of decisions or clusters of decisions with equal use cases around what you're trying to optimize so if I'm trying to improve traffic flow if one of my subsystems is practically flow there are a bunch of use cases there about where do I do maintenance where do I expand the roads you know where do I put HOV lanes right so and so you start taking apart the smart city into the subsystems and then know the subsystems are comprised of use cases that puts you into really good position now here's something we did recently with a client who is trying to think about building the theme park of the future and how do we make certain that we really have a holistic view of the use cases that I need to go after it's really easy to identify the use cases within your own four walls but digital transformation in particular happens outside the four walls of an organization and so what we what we're doing is a process where we're building journey maps for all their key stakeholders so you've got a journey map for a customer you have a journey map for operations you have a journey map for partners and such so you you build these journey maps and you start thinking about for example I'm a theme park and at some point in time my guest / customer is going to have a pity they want to go do something you want to go on vacation at that point in time that theme park is competing against not only all the other theme parks but it's competing against major league baseball who's got things it's competing against you know going to the beach in Sanibel Island just hanging around right there they're competing at that point and if they only start engaging the customer when the customers actually contacted them they must a huge part of the market they made you miss a huge chance to influence that person's agenda and so one of the things that think about I don't know how this applies to your space max but as we started thinking about smart entities we use design thinking and customer journey match there's a way to make certain that we're not fooling ourselves by only looking within the four walls of our organization that we're knocking those walls down making them very forest and we're looking at what happens before somebody engages it with us and even afterwards so again going back to the theme park example once they leave the theme park they're probably posting on social media what kind of fun they had or fun they didn't have they're probably making plans for next year they're talking to friends and other things so there's there's a bunch of stuff we're gonna call it afterglow that happens after event that you want to make certain that you're in part of influencing that so again I don't know how when you combined the data science of use cases and decisions with design thinking of journey Maps what that might mean to do that your business but for us in thinking about smart cities it's opened up all kinds of possibilities and most importantly for our customers it's opened up all kinds of new areas where they can create new sources of value so anyone listening to this need to understand that when the word client or customer is used it can be substituted for athlete and what I think is really important is that when we hear you talk about your the the amount of infrastructure you do for an idea when you approach a situation is something that sports science for in my opinion especially across multiple domains it's truly lacking what happens is we get a piece of technology and someone says go do science while you're taking the approach of let's actually think out what we're doing beforehand let's determine our key performance indicators let's understand maybe the journey that this piece of technology is going to take with the athlete or how the athletes going to interact with this piece of technology throughout their four years if you're in the private sector right that afterglow effect might be something that you refer to as a client retention and their ability to come back over and over and spread your own word for you if you're in the sector with student athletes maybe it's those athletes talking highly about your program to help with recruiting and understanding that developing athletes is going to help you know make that college more enticing to go to or that program or that organization but what really stood out was the fact that you have this infrastructure built beforehand and the example I give I spoke with a good number of organizations and teams about data utilization is that if if you're to all of a sudden be dropped in the middle of the woods and someone says go build a cabin now how was it a giant forest I could use as much wood as I want I could just keep chopping down trees until I had something that had with a shelter of some sort right even I could probably do that well if someone said you know what you have three trees to cut down to make a cabin you could become very efficient and you're going to think about each chop in each piece of wood and how it's going to be used and your interaction with that wood and conjunction with that woods interaction with yourself and so when we start looking at athlete development and we're looking at client retention or we're looking at general health and wellness it's not just oh this is a great idea right we want to make the world's greatest theme park and we want to make the world's greatest training facility but what infrastructure and steps you need to take and you said stakeholders so what individuals am i working with am I talking with the physical therapist am i talking with the athletic trainer am I talking with the skill coach how does the skill coach want the data presented to them maybe that's different than how the athletic trainer is going to have a day to present it to them maybe the sport coach doesn't want to see the data unless something a red flag comes up so now you have all these different entities just like how you're talking about developing this customer journey throughout the theme park and making sure that they have a you know an experience that's memorable and causes an afterglow and really gives that experience meaning how can we now take data and apply it in the same way so we get the most value like you said on the granular aspect of data and really turn that into something valuable max you said something really important and one of the things that let me share one of many horror stories that that that comes up in my daily life which is somebody walking up to me and saying hey I got a client here's their data you know go do some science on it like well well what the heck right so when we created this thing called the hypothesis development canvas our sales teams hate it or do the time our data science teams love it because we do all this pre work we just say we make sure we understand the problem we're going after the decision they're trying to make the KPI is it's what you're going to measure success in progress what are they the operational and financial business benefits what are the data sources we want to consider here's something by the way that's it's important that maybe I wish Boeing would have thought more about which is what are the costs of false positives and false negatives right do you really understand where your risks points are and the reason why false positive and false negatives are really important in data science because data size is making predictions and by virtue of making predictions we are never 100% certain that's right or not predictions hath me built on I'm good enough well when is good enough good enough and a lot of that determination as to when is good enough good enough is really around the cost of false positives and false negatives think about a professional athlete like the false the you know the ramifications of overtraining professional athlete like a Kevin Durant or Steph Curry and they're out for the playoffs as huge financial implications them personally and for the organization so you really need to make sure you understand exactly what's the cost of being wrong and so this hypothesis development canvas is we do a lot of this work before we ever put science to the data that yeah it's it's something that's lacking across not just sports science but many fields and what I mean by that is especially you referred to the hypothesis canvas it's a piece of paper that provides a common language right it's you can sit it out before and for listeners who aren't aware a hypothesis canvas is something bill has worked and developed with his team and it's about 13 different squares and boxes and you can manipulate it based on your own profession and what you're diving into but essentially it goes through the infrastructure that you need to have setup in order for this hypothesis or idea or decision to actually be worth a damn and what I mean by that is that so many times and I hate this but I'm gonna go in a little bit of a rant and I apologize that people think oh I get an idea and they think Thomas Edison all son just had an idea and he made a light bulb Thomas Edison's famous for saying you know I did you know make a light bulb I learned was a 9000 ways to not make a light bulb and what I mean by that is he set an environment that allowed for failure and allowed for learning but what happens often people think oh I have an idea they think the idea comes not just you know in a flash because it always doesn't it might come from some research but they also believe that it comes with legs and it comes with the infrastructure supported around it that's kind of the same way that I see a lot of the data aspect going in regards to our field is that we did an idea we immediately implement and we hope it works as opposed to set up a learning environment that allows you to go okay here's what I think might happen here's my hypothesis here's I'm going to apply it and now if I fail because I have the infrastructure pre mapped out I can look at my infrastructure and say you know what that support beam or that individual box itself was the weak link and we made a mistake here but we can go back and fix it

>> From the SiliconANGLE media office in Boston Massachusetts, it's theCUBE. Now here's your host, Dave Vellante. >> Hi everbody, this is Dave Vellante, and welcome to this special Cube conversation on a very important topic, cyber security and cyber resiliency. With me today is Stefan Voss who's the Senior Director of Product Management for Data Protection Software and Cyber Security and Compliance at Dell EMC. Stefan, thanks for coming on and helping us understand this very important topic ahead of RSA World. >> My pleasure, thanks Dave for having me. >> You're welcome, so let's talk about the environment today. We have, for years, seen back-up evolve into data protection, obviously disaster recovery is there, certainly long term retention. But increasingly, cyber resilience is part of the conversation. What are you seeing from customers? >> Yeah, definitely, we're seeing that evolution as well. It's definitely a changing market and what a perfect fit. We have to worry about right of breach, What happens when I get attacked? How can I recover? And the technologies we have, that we have for business resiliency back-up, they all apply, they all apply more than ever. But sometimes they have to be architected in a different way. So folks are very sensitive to that and they realize that they have great technologies. >> I'm glad you mentioned the focus on recovery because we have a lot of conversations on theCUBE about the CIO and how he, or she, should be communicating to the board, or the CSO, how they should be communicating to the board. That conversation has changed quite dramatically over the last 10 years. Cyber is a board-level issue. When you talk to, certainly large companies, every quarter they're talking about cyber. And not just in terms of what they're doing to keep the bad guys out but really what the processes are to respond, what the right regime is - you know, cyber security is obviously a team sport, it's not just the responsibility of the CSO or the SECOPS team, or the IT team, everybody has to be involved and be aware of it. Are you seeing that awareness at board levels within your customer base, and maybe even at smaller companies? >> 100%, I think the company size almost doesn't matter. Everybody can lose their business fairly quickly and there's one thing that NotPetya, that very bad, sort of, attack told us is that it can be very devastating. And so if we don't have a process and if we don't treat it as a team sport, we'll be uncoordinated. So, first of all, we learned that recovery is real and we need to have a recovery strategy. Doesn't mean we don't do detection, so the NIS continuum applies, but the CSOs are much more interested in the actual data recovery than they ever were before which is very interesting. And then, you know, you learn that the process is as important as the technology. So, in other words, Bob Bender - a fabulous quote from Founders Federal - you know, the notion of sweating before the game, being prepared, having a notion of a cyber recovery run book. Because the nature of the disasters are changing so, therefore, we have to think about using the same technologies in a different way. >> And I said at the open that things are shifting from just a pure back-up and recovery spectrum to much broader. The ROI is changing, people are trying to get more out of their data protection infrastructure than just insurance and, certainly, risk management and cyber resiliency and response is part of that. How is the ROI equation changing? >> Yeah, I mean, it's a very valid question. You know, we do have, people are asking for the ROI. We have to take a risk-based approach, we are mitigating risk. It's never fun to have any data protection or business resilience topology, 'cause it's incremental cost, but we do that for a reason. We need to be able to have an operational recovery strategy, a recovery strategy from a geographic disaster and, of course, now more so than ever a recovery strategy from a cyber attack. And so, therefore, we have to think about, you know, not so much the ROI but what is my risk reduction, right? By having, sort of, that process in place but also the confidence that I can get to the data that I need to recover. >> Now we're gonna get into that a little bit later when we talk about the business impact analysis. But I wanna talk about data isolation. Obviously ransomware is a hot topic today and this notion of creating an air gap. What is data isolation from your perspective? What are customers doing there? >> Yeah, I mean, I think almost every customer has a variant of data isolation. It's clear that it works, we've seen this from the NotPetya attack again that where we were, large logistics company, right, found data the domain controller on a system that underwent maintenance in Nigeria. So a system that was offline, but we don't wanna operate that way. So we wanna get the principles of isolation because we know it kind of reduces the attack surface, right, from the internal actor, from ransomware variants, you name it. All of these are, when you have stuff on the network it's theoretically fair game for the attacker. >> So that Nigeria example was basically by luck there was a system offline under maintenance that happened to be isolated? And so they were able to recover from that system? >> Absolutely. And another example was, of course, critical data that domain controller, 'cause that's what this attack happened to go after, was on tape. And so, you know, this just shows and proves that isolation works. The challenge we were running into with every customer we work with was the recovery time. Especially when you have to do selective recovery more often, you know, we wanna be able to get the benefits of online media. But also get, sort of, the benefits of isolation. >> Yeah, I mean, you don't wanna recover from tape. Tape is there as a last resort and hopefully you never have to go to it. How are customers, sort of, adopting this data isolation strategy and policy? Who's involved, what are some of the pre-requisites that they need to think about? >> Yeah, so the good thing - first thing's first, right. We have technology we know and love, so our data protection appliances where we started architecting this workflow, that we can use. So, in other words, you don't have to learn a new technology, buy something else. There's an incremental investment, yes. And then we have to think about who's involved. So that earlier point, the security folks are almost always involved, and they should be involved. Sometimes they fund the project, sometimes it comes out of IT. Right, so, this is the collaborative effort and then to the extent it's necessary, of course, you wanna have GRC - so the risk people - involved to make sure that we really focus on the most important critical assets. >> Now ahead of RSA, let's talk a little bit about what's going on in that world. There are security frameworks, Nist in particular is one, that's relatively new, I mean it's 2014 it came out, it's been revised really focusing on prevent, detect and, very importantly, respond. Something we've talked about a lot. Are people using that framework? Are they doing the self-assessments that Nist prescribes? What's your take? >> Yeah, I think they are. So, first of all, they are realizing that leaning too much left of breach, in other words hoping that we can always catch everything, sort of the eggshell perimeter, everybody understands that that's not enough. So we have to go in-depth and we also have to have a recovery strategy. And so the way I always like to break it down pragmatically is - one, what do I prioritize on? So we can always spend money on everything, but doing a business impact analysis and then maybe governing that in a tool like RSA Archer can help me be a little bit more strategic. And then, on the other end, if I can do a better job co-ordinating the data recovery along with the incident response, that will go a long way. You know and, of course, that doesn't forego any investment in the detection but it is widely adopted. >> One of the key parts about the NIS framework is understanding exposure in the supply chain where you may not have total control over one of your suppliers' policies, but yet they're embedded into your workflow. How are people handling that? Is there a high degree of awareness there? What are you seeing? >> It is absolutely, that's why product security is such an important element, and it's the number one priority for Dell Security, even above and beyond the internal security of our data center, as crazy as it sounds. Because, you know, we can do a lot of damage right in the market. So, certainly, supply chain, making sure we have robust products all along the way is something that every customer asks about all the time and it's very important. >> Let's go back to business impact analysis, we've mentioned it a couple of times now. What is a business impact analysis and how do you guys go about helping your customers conduct one? >> Yeah, I mean, let's maybe keep it to that example, let's say I go through this analysis and I find that I'm a little bit fuzzy on the recovery and that's an area I wanna invest. You know, and then I buy off on the concept that I have an isolated or cyber recovery vault on an isolated enclave onto which I can then copy data and make sure that I can get to it when I have to recover. The question then becomes, well what does business critical mean? And that's where the business impact analysis will help to say what is your business critical process - number one, number two - what are the associated applications, assets? 'Cause when you have that dependency map it makes it a lot easier to start prioritizing what applications do I put in the vault, in other words. In this specific example. And then how can I put it into financial terms to justify the investment? >> Well we were talking about ROI before, I mean really we've done actually quite a few studies looking at Global 2000 and the cost of downtime. I mean, these are real tangible metrics that, if you can reduce the amount of downtime or you can reduce the security threat, you're talking about putting money back in your pocket. Because Global 2000 organizations are losing millions and millions of dollars every year, so it is actually hard ROI. Even though some people might look at it as softer. I wanna talk about isolated data vault, you know, this notion of air gaps. What are you guys specifically doing there? Do you have solutions in that area? >> Yeah, we do. So we are using, luckily, so the concepts that we know from resiliency disaster recovery. Right, so our data protection storage which is very robust, it's very secure, it has very secure replication. So we have the mechanisms to get data into the vault, we have the mechanisms to create a read-only copy, so an immutable copy, that I can then go back into. So all of this is there, right, but the problem is how do I automate that workflow? So that's a software that we wrote that goes along with the data protection appliance sale. And what it does, it's all about ingesting that business critical data that I talked about into the secure enclave, and then rendering it into an immutable copy that I can get to when I have nowhere else to go. >> Okay, so you've got that gap, that air gap. Now, the bad guys will say 'Hey, I can get through an air gap, I can dress somebody up as a worker and put a stick in'. And so, how much awareness is there of that exposure? And I know it's maybe, you know, we're hitting the tip of the pyramid here, but still important. Can you guys help address that through, whether it's processes or product or experience? >> 100% so we have, of course, our consulting services that will then work with you on elements of physical security, or how do I lock down that remaining replication link? It's just about raising the bar for the attacker to make it more likely we'll catch them before they can get to, really, the prized assets. We're just raising the bar but, yes, those are things we do. So consulting, physical security, how do I do secure reporting out? How do I secure management going in? How do I secure that replication or synchronization link into the vault? All of these are topics that we then discuss, if they kind of deviate from the best practices and we have very good answers through our many customer arrangements. >> Stefan, let's talk about some of the specific offerings. RSA is a portfolio company in the Dell Technologies Group, it's a sister company of Dell EMC. What are you guys doing with RSA? Are you integrating with any of their specific products? Maybe you could talk about that a little bit? >> Yeah, I think, so when you think about recovery and incident response being so important, there's an obvious, right? So what RSA has found - I thought this was very interesting is that there's a lack of coordination between, typically, the security teams and the data professionals, data restoration professionals. So the more we can bridge that gap through technology, reporting, the better it is, right? So, there's a logical affinity between an incident response retainer, activity, and the data recovery solutions that we provide. That's one example, right? So every day counts, that example that I talked about NotPetya, the specific customer was losing 25 Euros every day. If I can shave off one day, it's money in the bank. Or money not out of the bank. The other area is, how do I make sure that I'm strategic about what data I protect in this way? That's the BIA Archer. And then there's some integrations we are looking at from an analytics perspective. >> Archer being the sort of governance risk and compliance, workflow, that's sort of one of the flagship products of RSA. So you integrate to that framework. And what about analytics, things like IOC, RSA NetWitness, are those products that you're integrating to or with, or leveraging in any way? >> Yeah, first off, analytics in general it's an interesting concept now we have data inside our secure enclave, right? So what if we could actually go in and give more confidence to the actual copies that we're storing there. So we have an ecosystem from an analytics perspective. We work with one specific company, we have Arrest API-based integration where we then, essentially, use them to do a vote of confidence on the copy, of the raw back up. Is it good? Are there signs that it was corrupted by malware? and so forth. So what that helps us do is be more proactive around our recovery because, I think you're about to say something - but if I knew there's something, you know, suspicious then I can start my analytics activity that much sooner. >> Well the lightbulb went off in my head. Because if I have an air gap, and I was saying before, it's necessary but insufficient. If I can run analytics on the corpus of the back up data and I can identify anomalies, I might be able to end run somebody trying to get through that air gap that I just mentioned before. Maybe it's a physical, you know, security breach. And the analytics might inform me. Is that a reasonable scenario? >> It is a reasonable scenario, though we do something slightly different. So, first of all, detection mechanisms, left of breach stuff, is what it is, we love it, we sell it, you know, we use it. But, you know, when it comes to back up they're not off-the-shelf tools we can just use and say 'Hey, why don't you scan this back up?' It doesn't typically work. So what we do is, in the vault, we have time, we have a workbench so it's almost like sending a specimen to the lab. And then we take a look at it. Are there any signs that there was data corruption that was indicative of a ransomware attack? And when there is such a scenario we say, 'You might wanna take a look at it, and do some further investigation'. That's when we then look at NetWitness or working with the security teams. But we can now be of service and say 'You might wanna look at this copy over here'. It's suspicious, there's an indicative compromise. And then take the next steps other than hoping for the best. >> You mentioned the ecosystem, you mentioned the ecosystem before. I wanna double-click on that. So, talk about the ecosystem. We've said here it's a team sport, you can't just do it alone. From a platform perspective is it open, is it API based? Maybe you can give some examples of how you're working with the ecosystem and how they're leveraging the platform. >> Yeah 100%. So, like I said, so we have, you know, our data protection appliances and that's sort of our plumbing, right, to get the data to where I want. We have the orchestration software. This is the part we're talking about. The orchestration software has Arrest API, everything's documented in Swagger. And the reason we did that is that we can do these orchestrations with third party analytics vendors, that's one use case right? So, I'm here, I have a copy here, please scan, tell me what you find and then give me an alert if you find something. The other example would be, maybe, doing a level of resiliency orchestration. Where you'd automate the recovery workflow beyond what we would have to offer. There are many examples but that is how we are enabling the ecosystem, essentially. >> You mentioned Founders Federal earlier. Is that a customer, is that a reference customer? What can you tell me about them? >> Yeah it's a reference customer and they very much saw the need for this type of protection. And, you know, we've been working with them. There's a Dell World, last year, session that we did with them. And very much the same sort of, like the quote said, focus on the process not only the product and the set of technologies, right? And, so that's how we've been partnering with them. >> The quote being 'Sweat before the game'? Founders Federal, that's a great quote. Alright, we've talked a lot about just, sort of, general terms about cyber recovery. What can you tell us, tell the audience, what makes Dell EMC cyber recovery different in the marketplace and, you know, relative to your competition? Pitch me. >> Yeah, I mean, I think it's a very unique capability. Because, one, you need a large install base and, sort of, a proven platform to even built it on, right? So when you look at the data domain technology we have a lot to work with. We have a lot of customers using it. So that's very hard to mimic. We have the orchestration software where we, I believe, are ahead of the game, right? So the orchestration software that I talked about that gets the data into the vault securely. And then our ecosystem, right? So those are really the three things. And then, of course, we have the consulting services which is also hard to mimic. To really, you know, design the process around this whole thing. But I think the ecosystem, sort of, approach is also very powerful. >> You have a big portfolio, you've got your sister company that's, sort of, well known obviously in this business. Do you also have solutions? I mean, for instance, is there an appliance as part of the portfolio that fits in here? And what is that? >> Yeah, so, you can think of this as, if I wanted to really blow it down, the two things I would buy is a data domain - it could be the smallest one - and a VxRail appliance that runs the software. And then I stick that in the vault. And then there's, sort of, that product. So you can think of it as an appliance that happens to go with the software that I talked about that does the orchestration. >> Okay, so, RSA the premier conference on cyber coming up in a couple of weeks. What have you guys got going there? Give us a little tease. >> Yeah, absolutely. So it's gonna be an awesome show and we will have a booth, and so we look forward to a lot of customer conversations. And we do have a panel. It's gonna be with Mastercard and RSA and myself. And we're really gonna take it from left of breach all the way to right of breach. >> Awesome, do you know when that panel is yet? >> It is, I think, on the 5th, I may have to check. >> Which is which day? >> I wanna say it's Wednesday. >> So it starts on the Monday, right? So that'll be day three. So check the conference schedule, I mean things change at the last minute. But that's great. Mastercard is an awesome reference customer. We've worked with them in the past and so, that's great. Stefan, thanks very much for coming to theCUBE and sharing some of your perspectives and what's coming up at RSA. It's good to have you. >> Thanks so much, Dave, I appreciate it. >> Okay, thanks for watching everybody. This is Dave Vellante from our East Cost headquarters. You're watching theCUBE.

>> Announcer: Live from Washington, DC it's theCUBE. Covering .conf2017. Brought to you by Splunk. >> Welcome back here on theCUBE continuing our coverage of .conf2017 sponsored by Get Together in your nations capitol, we are live here at the Walter Washington Convention Center in Washington, DC. Along with Dave Vellante I'm John Walls Joined now by a couple CUBE alums, actually, you guys were here about a year ago. Yeah, Robert Herjavec, with the Herjavec Group of course you all know him from Shark Tank fame answer Atif Ghauri who is the VP of Customer Service Success at the Herjavec Group. I love that title, Atif we're going to get into that in just a little bit. Welcome. >> Thank you. >> Good to see you all. >> We're more like CUBE groupies We're more like CUBE groupies. >> Alums. >> Alums, okay, yeah. >> If we had a promo reel. >> Yeah, we love it here. We get free mugs with the beautiful Splunk. >> That doesn't happen all the time does it. >> Where did you get those? >> They're everywhere. >> Dave, I'll share. >> So again for folks who don't, what brings you here what, what's the focus here for the Herjavec Group in in terms of what you're seeing in the Splunk community and I assume it's very security driven. >> Yeah, well we've been part of the Splunk community for many years going on gosh, eight, nine years. We're Splunkers and we use Splunk as our core technology to provide our managed service and we manage a lot of customer environments with Splunk and we've been really forefront of Splunk as a SIM technology for a long time. >> Atif, excuse me, David, just the title, VP of Customer Service Success, what's under that umbrella? >> Yeah, it's actually pretty simple and straightforward given especially that Splunk's aligned the same way. Christmas success is King, right. If our customers aren't successful then how are we successful? So what we're trying to do there is putting the customer first and help in growing accounts and growing our services starting with our customers that we have today. >> It was actually Doug Maris, I have to give him full credit him and I were on a flight, and I said to him what's really critical to you growing revenue, efficiency, innovation and he said, number one for us is customer success. So we're very happy to steal other people's ideas if they're better. >> So security's changing so fast. You mentioned SIM, Splunk's narrative is that things are shifting from a traditional SIM world to one of an analytic driven remediation world. I wonder if you could talk about what you're seeing in the customer base, are people actually shifting their spending and how fast and where do you see it all going? >> Yeah, so the days of chasing IOC's is a dead end. Because that's just a nonstop effort. What's really happening now is technique detection. Defining, looking at how hackers are doing their trade craft and then parroting that. So Splunk has ideas and other vendors have ideas on how to go about trying to detect pattern recognition of attacker trade craft. And so what definitely was driving what's next when it comes to security automation, security detection, for our customers today. >> You know, we always tell people and it's just dead on but the challenge is people want to buy the, sexy, exciting thing and why I always try to say to customers is you're a dad and you have three kids, and you have a minivan. You don't really want to own a minivan, you want a really nice Ferrari or Corvette but at the end of the day, you have three kids and you got to get to the store. And in the security world it's a little bit like that. People talk about artificial intelligence and better threat metrics and analytics but the core, foundational basis still is logs. You have to manage your log infrastructure. And the beauty of Splunk is, it does it better than anyone and gives you an upstream in fact to be able to do the analytics and all those other things. But you still got to do the foundation. You still got to get three kids into the minivan and bring back groceries. >> So there's been a lot of focus, obviously security's become a Board level topic. You hear that all the time, you used to not hear it all the time, used to be IT problem. >> Absolutely, the only way I could get a meeting with the CEO or CIO was because I was on Shark Tank. But as a security guy, I would never meet any executives. Oh yeah I spend 80% of my time meeting with CEO, not just CIO's, but CEO's and Boards and that kind of stuff, absolutely. >> How should the CIO be communicating the Board about security, how often, what should be the narrative you know, transparency, I wonder if you could give us your thoughts. >> It's a great question. There's a new financial regulation that's coming out where CISO's and CIO's actually have to sign off on financial statements related to cyber security. And there's a clause in there that says if they knowingly are negligent, it carries criminal charges. So the regulations coming into cyber security are very similar to what we're seeing and Sarbanes Oxley like if a CEO signs an audit statement that he suspects might have some level of negligence to it I'm not talking about outright criminal fraud but just some level of negligence, it carries a criminal offense. If you look at the latest Equifax breach, a lot of the media around it was that there should be criminal charges around it. And so as soon as as you use words like criminal, compliance, audit, CEO's, executives really care. So the message from the CIO has to be we're doing everything in our power, based on industry standards, to be as secure as we can number one. And number two we have the systems in place that if we are breached, we can detect it as quickly as possible. >> So I was watching CNBC the other day and what you don't want to see as a Board member, every Board members picture from Equifax up there, with the term breach. >> Is that true? >> Yeah, yeah. >> See, but, isn't that different. Like you never, like if we think back on all the big breaches, Target and Sony they were all seminal in their own way. Target was seminal because the CEO got fired. And that was the first time it happened. I think we're going to remember Equifax, I didn't know that about the Board. >> For 50 seconds it was up there. I the sound off. >> You don't want to be a Board member. >> I mean, I hate to say it, but it's got to be great for your business, first of all it's another reason not to be a public company is one more hurdle. But if you are they need help. >> They absolutely need help. And on point I don't want to lose is that what we're seeing with CISO's, Chief Information Security Officers, Is that that role's transcending, that role is actually reporting directly to in to CEO's now. Directly into CFO's now, away from the CIO, because there's some organizational dynamics that keep the CISO from telling, what's really going on. >> Fox in henhouse. >> Exactly. >> You want to separate those roles. You're you're seeing that more often. What percent of the CISO's and CIO's are separate in your experience? >> Organizations that have a mature security program. That have evolved to where it's really a risk-based decision, and then the security function becomes more like risk management, right. Just what you they've been doing for decades. But now you have a choice security person leading that charge. >> So what we really always saying theCUBE, it's not a matter of if, it's when you're going to get infiltrated. Do you feel as though that the Boards and CIO's are transparent about that? Do Boards understand that that it's really the remediation and the response that's most important now, or there's still some education that has to go on there? >> You know, Robert speaks to Boards are the time he can comment on that, but they really want to know two things, how bad is it and how much money do you need. And those are the key questions that's driving from a Board perspective what's going to happen next. >> What's worse that Equifax got breached or that Equifax was breached for months and didn't know about it. I mean, as a Board member the latter is much worse. There's an acceptance like I have a beautiful house and I have big windows a lots of alarms and a dog, not a big dog, but still, I have a dog. >> A yipper. >> Yeah, I have a yipper. It's worse to me if somebody broke into my house, was there for a while and my wife came home at night and the person was still there. That to me is fundamentally worse than getting an alarm and saying, somebody broke the window, went in, stole a picture frame. You're going to get breached, it's how quickly you respond and what the assets are. >> And is it all shapes and sizes, too I mean, we talk about big companies here you've mentioned three but is it the mid-level guys and do smaller companies have the same concerns or same threats and risks right now? >> See these are the you heard about. What about all the breaches you don't know. >> That's the point, how big of a problem are we talking about? >> It's a wide scaling problem right and to the previous question, the value now in 2017, is what is the quality of your intelligence? Like what actions can I take, with the software that you're giving me, or with the service that you're giving me because you could detect all day but what are you going to do about it? And you're going to be held accountable for that. >> I'm watching the service now screen over here and I've seen them flash the stat 191 days to detect an infiltration. >> That sounds optimistic to me. I think most people would be happy with that if they could guarantee that. >> I would think the number's 250 to 300 so that now maybe they're claiming they can squeeze that down but, are you seeing any compression in that number? I mean it's early days I know. >> I think that the industry continues to be extremely complicated. There's a lot of vendors, there's a lot of products. The average Fortune 500 company has 72 security products. There's a stat that RSA this year that there's 1500 new security start ups every year. Every single year. How are they going to survive? And which ones do you have to buy because they're critical and provide valuable insights. And which ones are going to be around for a year or two and you're never going to hear about again. So it's a extremely challenging complex environment. >> From the bad guys are so much more sophisticated going from hacktivists to whatever State sponsored or criminal. >> That's the bottom line, I mean the bad guys are better, the bad guys are winning. The white hats fought their way out to the black hats, right. The white hats are trying, trying hard, we're trying to get organized, we're trying to win battles but the war is clearly won by the by the black hats. And that's something that as an industry we're getting better at working towards. >> Robert, as an investor what's your sentiment around valuations right now and do you feel as though. >> Not high enough. >> Oh boy. >> Managed security companies should be trading way higher value. >> Do you feel like they're somewhat insulated? >> Its a really good question, we're in that space you know we're we're about a $200 million private company. We're the largest privately held, managed security company in the world actually. And so I always think every time we're worth more I think wow, we couldn't be worth more, the market can't get bigger. Because your values always based for potential size. Nobody values you for what you're worth today. Because an investor doesn't buy history an investor doesn't buy present state, an investor buys future state. So if the valuations are increasing, it's a direct correlation because the macro factors are getting bigger. And so the answer to your question is values are going to go up because the market is just going to be fundamentally bigger. Is everybody going to survive? No, but I think you're going to see valuations continue to increase. >> Well in digital business everybody talks about digital business. We look at digital business as how well you leverage data. We think the value of data is going through the roof but I'm not sure customers understand the intrinsic value of the data or have a method to actually value their data. If they did, we feel like they would find it's way more valuable and they need to protect it better. What are you seeing in that regard with customers? >> There's an explosion of data in that with IoT, internet of things, and the amount of additional data that's come now. But, to your point, how do you sequence and label data? That's been a multi-decade old question more organizations struggle with. Many have gone to say that, it's all important so let's protect it all, right. And verses having layers of approach. So, it's a challenging problem, I don't think across all our customer base. That's something that each wrestling with to try to solve individually for their companies. >> Well, I think you also have the reality though of money. So, it's easy to say all the data is important, Structured unstructured, but you look at a lot of the software and tools that you need around this floor are sold to you on a per user or per ingestion model. So, even though all your data is critical. You can't protect all your data. It's like your house, you can't protect every single component of it, you try, and every year gets better maybe get a better alarm maybe I'll get rid the yappy dog and get a Doberman you know you're constantly upgrading. But you can't protect everything, because reality is you still live in an unstructured, unsafe world. >> So is that the complexity then, because the a simple question is why does it take so long to find out if there's something wrong with your house? >> I think it's highly complex because we're dealing with people who are manipulating what we know to their benefit in ways we've never done it. The Wannacry breach was done in a way that had not been done before. If it had done before we could have created some analytics around it, we could created some, you know, metrics around it but these are attacks that are happening in a way we've never seen before and so it's this element of risk and data and then you always have human nature. Gary Moore was that the Council this morning. The writer of Crossing the Chasm, legendary book, and he said something very interesting which was Why do people always get on a flight and say, good luck with the flight, hope you fly safe. But they don't think twice about hopping in their car and driving to the grocery store. Whereas statistically, your odds of dying in that car are fundamentally greater, and it's human nature, it's how we perceive risk. So it's the same with security and data in cyber security. >> As security experts I'm curious and we're here in DC, how much time you think about and what your thoughts might be in the geopolitical implications of security, cyber war, you know it's Stuxnet, fast forward, whatever, ten years. What are you thoughts as security practitioners in that regard? >> The longest and most heated battles in the next World War, will not be on Earth, they'll be in cyberspace. It's accepted as a given. That's the way this Country is moving. That's the way our financial systems are tied together and that's the way we're moving forward. >> It's interesting we had Robert Gates on last year and he was saying you know we have to be really careful because while we have the United States has the best security technologies, we also have the most to lose with our infrastructure and it's a whole new you know gamification or game theory balance we have to play. >> I would agree with him that we have some of the best security technology in the world but I would say that our barometer and our limiter is the freedom of our society. By nature what we love about our country and Canada is that we love freedom. And we love giving people access to information and data and free speech. By nature we have countries that may not have as good a security, but have the ability to limit access to outsiders, and I'm not saying that's good by any means but it does make security a little bit easier from that perspective. Whereas in our system, we're never going to go to that, we shouldn't go to that. So now we have to have better security just to stay even. >> To Dave's point talking about the geopolitical pressures, the regulatory environment being what it is, you know legislators, if they smell blood right, it in terms of compliance and what have you, what are you seeing in terms of that shift focus from the Hill. >> Great question. I did a speech to about two thousand CIO's, CISO's not long ago and I said, how many people in this room buy security to be more secure and how many people buy because you have to be compliant. 50/50, even the security ones admitted that how they got budget was leveraging the compliance guys. It was easier to walk into CEO's office and say look, we have to buy this to meet some kind of a political, compliance, Board issue. Than it was to say this will make us better. Better is a hard sell. So that, has to go to the head to pull the trigger to do some of that. >> You know, I think in this geopolitical environment it's look at the elections, look at all the rhetoric. It's just there is going to be more of that stuff. >> A lot's changed in crypto and its potential applications in security. More money poured into ICO's in the first half than venture backed crypto opportunities. >> There are practical applications of blockchain technology all across the board, right, but as you mentioned is fundamentally built on pathology. On core gut security work and making a community of people decide whether something's authentic or not. It's a game changer, as far what what we could do from a platform standpoint to secure our financial systems and short answer it's volatile. As you saw with the fluctuation of Bitcoin and then the currency of Bitcoin, how it's gone up and down. It's quite volatile right now because there's a lot of risk So I say what's the next Bitcoin in six months or eighteen months and what's going to happen to the old Bitcoin and then all the money that into there, where is that going to go? So that's a discuss the pivot point I think for the financial services industry and more and more their larger institutions are just trying to get involved with that whole network of blockchain. >> Crypto currencies really interesting. In some ways it's the fuel that's funding the cyber security ransomeware. I mean it's one of the easiest ways to send money and be completely anonymous. If you didn't have crypto currency, how would you pay for ransomware? You give them your checking account? You deposit into their checking account? So, I think that you're seeing a big surge of it but if you look at the history of money or even checks, checks were developed by company called Deluxe here in the United States 104 years ago. They're a customer of ours, that's why I know this, but the basis of it is that somebody, a real institution with bricks and mortar and people in suits is backing that check, or that currency. Who's backing crypto currency today? So you have, by nature, you have this element of volatility and I don't know if it's going to make it or it's not going to make it. But inevitably has to cross from a purely electronic crypto form to some element of a note or a tender that I can take from that world and get backing on it. >> That's kind of what Warren Buffet has said about it. I mean I would respond that it's the community, whatever that means, that's backing it. I mean, what backs the greenback, it's the US Government and the US military. It's an interesting. >> Right like, at the end of the day I would still rather take a US dollar than even a Canadian dollar or a UK dollar. >> Gentlemen thanks for being with us. >> Great to see you. >> Thank you for the coffee mug. >> This is incredible. >> There's actually stuff in it too so be careful. >> I drank it is that okay? >> Can I go to the hospital. >> Atif, thanks for the time and Robert good luck with that new dog. (all laughing) >> Don't tell my wife I got rid of her dog. >> In time. >> In time. All things a time, theCUBE continues live here Washington DC at .conf2017 right after this.