(upbeat music) >> Narrator: From around the globe, it's the cube with digital coverage of AWS re:invent 2020, sponsored by Intel, AWS, and our community partners. >> Hey, welcome back, everybody. Jeff Frick here with the cube. Welcome back to our ongoing coverage of AWS re:invent 2020. It's virtual this year, just like everything is virtual this year. But it's still the biggest event in cloud, and we're excited to be back. I'd like to welcome in our next guest, he is Erez Yarkoni, head of cloud and telco technologies for checkpoint software technologies. There it is great to see you. >> Nice to see you, Jeff. Thank you for hosting me this morning. >> Absolutely, so let's jump into it. You've been in the cloud space. For a while I saw a great interview with you, I think like four or five years ago, when I was doing some research, and you're talking about, all the great innovation that's coming from cloud. That was years and years ago. Now, suddenly, we had COVID arrived. And I'm sure you've seen all the social media means who's driving your digital transformation, the CEO, the CMO, or COVID. And we don't know what the answer is. So first off, I'd just love to get your perspective, you've been in this a long time now that we're here in 2020, both in terms of the development of the cloud and the adoption of the cloud, as well as this accelerant that came into our lives in March. >> Hey Jeff, You know I have been lucky that I got to participate in this kind of innovation cycle of IT and technology. Earlier, I was a CIO for an organization, large organization, and we were adopting cloud. At the same time, as an organization, we were selling technologies and networks to our customers, and they were asking to adopt cloud and so on. And these are probably some of the early interviews we looked at. So I got lucky that I had to look at my own organization and understand where cloud is beneficial. And obviously, now I work with cybersecurity and secure in the cloud. So it's all come together. I think that as as cloud technologies came in, it really came in to help many of us address the fundamental need to come to market with business capabilities and functionality faster. For those of us in technology, you know we were probably always the bottleneck of our business counterparts that said. Well, if you could only do this for me, I could grow the business, I could change your business, I can go to other places, I can incrementally bring more customers, revenues, and so on. The cloud platforms have done a tremendous job allowing developers and operators have technology to change the speed in which they service their businesses. But with speed comes security. And I think the cloud platforms disneynow. Specifically, here platforms like AWS build security into into the cloud as well. But there's other needs in it and the pandemic or COVID. All it did is it shifted some of these motions into another gear and then it created some new business needs that can only be service that digital mean, you are now having a collaboration session over a digital channel where otherwise would be probably sitting in the same studio. So definitely collaboration has changed. Commerce have changed, especially for some organizations that never planned to do commerce over digital channels, small businesses and so on. Just think about the food delivery industry and how many new customers have now sole, restaurants that have now signed up for food delivery services that must have exploded. These continuous changes brought continuous needs to address security as well. AWS is allowing people to build some amazing applications. I watched the commercials when I watch football on Sunday. Right? So peloton and zoom in education and many other things. And yeah, so when people build those amazing applications, the next thing they need to do is make sure that the zoom session is secure. And nobody's crashing in if you have a bunch of kids doing zoom for school. >> Erez you talked on so many topics on that. So let's break a few of them down. First off, I just, you know thank goodness for cloud, right? >> Yeah >> If this pandemic had hit 10 years ago, 15 years ago, we would not have been able those of us in the IT industry to shift so easily to cloud based or excuse me to working from home or working from anywhere because of the cloud based applications huge enabler. But it's funny now once on what you just talked about, did you talk about cost savings? And I still find there's a lot of people that are looking at cloud as a way to save costs. You been in it for a while, and you know the truth is all about agility and speed of business, speed of adoption, speed of innovation. You said it in every single one of your answers. But it still seems to be a lag for a lot of people now with with COVID, and, you know securing people work from home, one of the big issues go back to security is increasing attack surface. And we know the increasing sophistication of the bad guys. Now, I'm hearing from some people that they're actually using old techniques that they used to use back in the day because they know people are at home, and maybe things are as locked down. You talk about security needs to bake be baked in all long the way we're using all these, more and more cloud based apps. How do people think about the security perspective? How do you bake it into everything that you do? And how do you respond to the increased attack surfaces that have now suddenly opened up to look like for probably a little while not just going back to the old way, anytime soon? >> Yeah, so you know, you you touched on that, you said that you hear about people using old secure the old attack methods or vectors or so on, coming back, because people are now at home and no longer behind a very secure environment in their office or in the data center, people had to maybe move things that they never thought they would call center operations. That was by definition, you showed up to the call center for certain organizations and moved it out. And they may have not been ready to move those applications so on, so they had to address the security of it. I think that's exactly it, which is now some of the reaction we had to have for just staying in business. We used kind of very older, or, we increased what we know about security about remote access by increasing VPN capacity for the organization or, or those type of methodologies. Now people are looking at what happened to our topology to our architecture, where are people and machines coming in to execute their work over the network? Where are the applications residing? What have we moved to the cloud because we had to know flex for capacity and speed and maybe localize and move it into regions and so on. I don't think it was about cost saving, as you think it was about business agility, especially in this phase. I actually think that at the end of the day, the big benefit from cloud is business agility. Cost has to come with it, we cannot sacrifice costs and everything we do. And we look at overall how we use cloud technologies and other technologies and make sure that the cost fits into what our business demands from a cost structure but it is about business agility. Now, it's also about security agility. So people are building, you know methods and capabilities to match the business agility with security and security was, at least for me, for instance, as as a CIO, security was a bottleneck. So when business demanded the Agile development, you know iterations, sprints, deliver functionality in weeks, and, you know keep pouring it into the environment. One of the inhibitors was security, right, we weren't ready for it, we weren't ready to release it. So we had to find a way to adopt it. And then came in companies like AWS, saying, we built some of that security built into the platform. And companies like checkpoint saying we have cloud security that moves at cloud speed and allows you to integrate into your CICD, environmental or, or processes and allows you to match the speed of the business with the speed of security. >> Yeah, that's great. I mean, again, I agree with you, 100%, it's all about agility, and speed of business. And being able to move faster just always surprises me how people how many people are still kind of stuck on the cost saving piece. And then the other thing, of course, which you're super aware of, if you've ever been to one of kind of the technical keynotes at AWS re:invent the amount of investment that they can make an infrastructure including security, in just, just completely over overshadows anything in an individual company can invest just in terms of the resources and then somebody like you guys can leverage on top of not only using the the massive Amazon, kind of core investments in security at the infrastructure layer, but then all the stuff that you guys can do in terms of securing the enterprise and helping make sure that the right people have access to the right information at the right time, but not a lot more than that. I wonder if you can talk about a new kind of zero trust in some of the evolution within security in terms of the posturing, and how you kind of make assumptions, as we said, it's no longer like a wall anymore, it's no longer talking about having these physical borders, or even logical borders, but it's really about access and breaking down access even to the person in the application and the data etc. >> Yeah, I think you asked specifically about zero trust, and I think that we want to move, maybe want to keep that the the theme here around the application security, I'll get to zero trust at the end. You know, so one of the things that that definitely is thematic, or what we see happening is, in the evolution in the maturity curve of adopting the cloud, the initial adoption was, maybe some lift shift from organizations and the IaaS layer was a big player. But the PaaS layers of the cloud are where all the interesting things happen, where all the exciting services, all the innovation coming from organizations like AWS, all the enablers for a business agility, and capabilities are coming from there. And when you start developing your applications for that PaaS layer, we start leveraging the services, the type of security changes, so you're no longer looking at network security, or maybe northeast, east west, north south, east west type of security on your network, you're now looking at security API's and securing the backplane of the cloud, from those services that they give you, you know you get to encrypt your buckets, you got to make sure your security groups are correct, you want to make sure your serverless functions are not executing anything malicious in them or, or talking to IP addresses, they shouldn't be. Same with your container, you want to make sure that your container code is scanned properly, you didn't download anything in there that's malicious. And obviously, have runtime security, both to make sure you're compliant from a posture perspective, you make compliance may require you to be PCI compliant one of those. So the elevation in which you execute to security changed from the from the stack from a kind of a traditional stack, requires different capabilities and between what AWS has built into the platform and what checkpoint puts together in cloud guard. This is big, the big target, then we get into, okay, so how do you access all these great things that we just built? Right? So we built these, this great application? It's sitting on AWS, it's using some of the great services there. How do you how do you get to it? Who gets to it? How do you get to it? This is where some of these, sassy and zero trusts come in. Because what happened is, you used to come into a lot of enterprise applications from the data center, then we moved some web apps, and you came over the web into the application. So we have some web firewalls and security for that. Now you're getting into every application from the edge of the network, because we are all at home, or we are we used to be traveling but a lot more of us are now at home coming over the edge of the network, we're adding IoT devices coming on via generic and so on, there's a lot more volume coming at you. And you get to find different ways than just VPN authentication of the traffic into so we are coming into the age of having to identify who's coming at the application at the capability at any given time. And that's where you come into the framework of zero trust, I, every time you come in, I'm going to authenticate that is you. And there's different methodologies in there. For instance, one of the things that we just added to our portfolio is the ability to put an agent, let's say in your around your AWS application, and allow remote access with no VPN to your enterprise app aah to an acquisition company we call odo without having to put a VPN so the administrator defines what applications are connected to the connector. They define who's the users that are allowed and authenticate them based on the authentication framework, let's say Octo, something like that, and allows them to come in and that that those are the type of capabilities you need in these new frameworks. So, how do you get to these great applications we're building? >> Right, right. And you touched on something really interesting, right, which is, which is the complexity is only going up? As you mentioned edge you mentioned a little bit of IoT, right, so as 5G comes on board, as IoT gets increasing amounts of traction. All these applications are API based there's all types of information flying back and forth, so I wonder if you can share kind of your guys thoughts on, applied machine learning and artificial intelligence to help, you know kind of get through all the all the signal or excuse me all the noise, find the signal, and really, you know bring more automation to help the security experts in the security systems be more effective at their jobs. >> Yeah, so I think a lot of what we talked about, until now was protecting establishing a new perimeter, there's not really a perimeter, right because we talked about the perimeter has grown and it's fuzzy and it's at scale that really doesn't allow you to say I have it for an undersea up to authentic everybody. But like you said, with that speed, and scale, came a lot of data, you got a lot of logs running in there, you're like got a lot of events, you got a lot of things that you can look into. And by looking into them, you can start with machine learning and those type of AI methodologies start looking both to identify things before they happen, or inform organizations and inform about things that are already happened and they're in and potentially remediate them. At checkpoint, for instance, we have something called the threat, the threat cloud, we collect these events from every gateway, every appliance, every virtual appliance, every type of security agent that we have around the world, into the flex cloud that processes and I'm going to throw a number there, that's the closer about 80 billion a day transactions. >> 80 billion with B >> Yeah, and that allows us to, to process to apply machine learning and AI algorithms to find threat, and then inform all these great checkpoint security agents out there of new threats and prevent those threats from ever happening in the in the environment. Right? If you're operating on a on an AWS environment, there's a lot of blood flows happening in your environment, there's a lot of things to collect and look at, right. So in cloud guard, we offer something called logic log.ic, which allows you to harvest those logs, we enrich them and then we allow threat hunting inside those environment, right. So those types of capabilities are definitely kind of the future of advanced security, right. So beyond just establishing, it's like, you establish your security around what you do. And then you have your intelligence unit starting to identify what signals are out there allowing you to both prevent security breaches or any type of threats, but also remediate anything, any, you find the traces of things that happened and remediate them. >> Right, right. Well, there is that's, that's a great illustration of, kind of baking security into the multiple steps of the process and all the steps of the process. That's not just a bolt on anymore. It's got to be, part of everything you do and baked into everything you do. I still, I still wonder how certain companies that that are run by having people click on links that they're not familiar with still happen today. But I guess, I guess they still do. So as I give you the final word, again, you've been in this space for a long time, as we kind of turned to turn the page on 2020. What are some of your priorities we are you excited about for 2021? >> I think the most exciting things for us in cloud security in 2021 is we're releasing more capabilities into into the environment, we're in the maturity curve, of protecting, your network in the cloud, and then protecting your posture in the cloud. We're moving very strongly into predicting your runtime and applications in the cloud, your API's, and working with organizations through that maturity curve and getting them up to all the way up to threat hunting capabilities. And I think that'll be exciting because I hear from customers that they need to move quickly through that maturity curve of cloud security as they have accelerated and continue there to accelerate their move to the cloud. >> Well, that's great. Well, I think, no shortage of job security in the cloud security space. So I'm sure it will be a busy year. Well, it was thanks for sharing your insight. Really appreciate the time and it was great catching up. >> Thank you, Jeff, for your time today. And it was great talking to you. >> Absolutely. All right. Well, he's Erez I'm Jeff. You're watching the cubes, continuous coverage of AWS re:invent 2020 Thanks for watching. I'll see you next time. (upbeat music)