>> Announcer: Live from Las Vegas, Nevada. It's the Cube covering Accelerate 2017, brought to you by Fortinet. Now here are your hosts Lisa Martin and Peter Burris. >> Hi welcome back to the Cube. I'm Lisa Martin joined by my co-host Peter Burris and we are with Fortinet in beautiful Las Vegas at their Fortinet Accelerate 2017 event. A great event that brings together over 700 partners from 93 countries. And right now we're very excited to be joined by one of their technology partners, Carbon Black. Jim Rein, welcome to the Cube. >> Thank you very much, I appreciate it. Great to be here. >> Absolutely. You are a key alliance partner, Carbon Black, as you're the director of technology alliances. I knew you've been at Carbon Black for three years but you're quite the veteran in terms of technology, engineering, sales, channel services expertise, quite the veteran, quite the sage. But some interesting things that I wanted to let our viewers know about Carbon Black, and we'll have you expand upon this is that you guys are the leading cloud based endpoint security company that stops cyber threats. And that your roots are actually in offensive security. You now protect more than seven million endpoints worldwide and 30 of the Fortune 100 are your customers. Tell our viewers a little more about Carbon Black. what are you doing? What are some of the things that you are seeing as security now as a boardroom level topic? >> We're seeing a lot of changes. It's the idea of taking an endpoint context, what's actually happening at the endpoints. The endpoints are always the real source of where the attacker was really targeting to get to the information. For such a long period of time we've used legacy technology to really to do that. So we're looking at what are some things that we need to do now to really change that entire game. And one of the key things about that is looking beyond just simple files. Malware's bad, we know that, and we have great ways of stopping that for years and our attackers are moving well beyond just malware today and they're moving really into leveraging different attacks by actual actors within the customers' environments. And so we're really positioning ourselves to stop those next threats, the new threats that we're seeing and do it in such a way that it's very easy for a customer to do. Still manage, still maintain it, and then integrate that with other things. >> And I think the key word is integrate it with other things. Because it's not just enough to know what the endpoint's doing, you have to know what the endpoint's doing in the context of what its supposed to be able to do with those other things. Talk a little bit about that and Fortinet come together for customers. >> So it was really important. We've had a really strong opinion that open APIs are very important. The idea that we're better together than we are apart. And that really is true in security. For too long we've had different vendors that have tried to installing everything under one roof and the problem is that most customers will make financial investments within a given product and then they need to capitalize on that, on every single new product they bring on board. With us at Endpoint Contacts we really wanted to make sure that our endpoint data, the actual vision of what we're seeing, could be shared with network entities, could be shared with a sock. And so the sock can have a holistic picture of the entire environment not just on premise but also off. >> Talking about endpoints, tablets, mobile, the proliferation of IOT devices, how does a company nowadays that, we we're talking off air, but the day of everyone getting issued a phone or a Black Berry is over. But when we're all providing our own devices as employees, how realistic is it for a company to actually secure the things that I as an employee are doing with my own devices? On a corporate network. >> It's really tough. It's really tough. We have to control the things we can control, right? Which are the endpoints that we issue. So the laptops, the desktops, the home systems. For a lot of engineers now with a remote context, they're working from home on an iMac. We need to be able to protect that as it was on a corporate network. And so part of that is taking that off network devices, but enabling the corporate assets, the actual on network devices, to leverage that. And that's what we've done with Fortinet. We leverage the FortiSandbox so that whenever we see a brand new binary on an endpoint, we can submit that to FortiSandbox and say, is it good or is it bad? Obviously we don't know that binary at that point, we're making a determination. And if FortiSandbox comes back and says that is malicious, we can not only stop it from executing again, but also terminating in motion. >> One of the things I'm curious about, during the general session this morning, there was a Cecil panel of Levis, AT&T, and Lizard was there. There were also some great customer videos. Pittsburgh Stealers. And some other telecommunications companies. When we're talking about what you're doing at Fortinet, expand upon that a little bit more in terms of the integration. Also are you focused on certain industries that might be at higher risk? Health care, financial services, for example? >> I mean I'd like to say yes, but honestly I think everybody's at a high risk. The hard part today is that attackers are going after wherever they can find the most valuable data to them. And it's not based upon my role or my job or my industry, it's based upon what that attacker actually needs. And so we see it in small mom and pop shops, we see it in health care, we see it in finance. Definitely see it in retail a lot recently and manufacturing. And so we really view it as the customer needs to take a proper assessment, understand where their assets are, and then deploy multiple different layers, which includes an endpoint solution, to actually stop that. So you take our next generation endpoint. You take Fortinet's advanced capabilities on the network. You take the visibility what they've done with the fabric, and now all of a sudden you have this really great solution that does protect the assets they can control. For IOT I mean honestly that'll be something that we'll have to challenged for with a while. But if these can segment that a little bit and protect what I can control, I don't throw my hands up and say I can't do anything. Now I have IOT segment in such a way that I can properly address that with an overall posture. >> Can we presume that your customers have this awareness as knowledge that we're already breached, we now have to be providing or limiting damage? Is that the feeling and the vibe that you're getting when you're talking to customers about endpoint security? >> We hope so. We came out about three years ago and said that there's an assumption of breach. Which is don't assume you won't be, assume it's already happened. And assume you just don't know about it. And that's really a reality I think for a lot of people nowadays. You know Ponamon does a really great yearly expose where it talks about how long a breach has occurred within environments, and it's 200 plus days or some number. The point is it's always a significant amount of time. So the ability to have more visibility within a network, not only on the network side but also on the endpoint side, and combine that into one view is so important. Because most customers honestly don't know they have that. And then what it is, it's a panic situation. And that's rough. >> But increasingly, in enterprise, it's providing service to a customer or partner, is really providing service to an endpoint somewhere. >> It is. >> And so we know for example that when the bad guys are trying to do something malicious, they're just not getting into your network, and working their way through your systems until they can find the most valuable data. They also know that if you are a trading partner, that even if your data is not that valuable, the trading partner's data may be very valuable. And so they are hopping corporate boundaries as well. And so trading partners absolutely have to be able to secure and validate that their relations are working the way that they're supposed to be working. So how does my ability to be a trading partner go up and down based on my ability to demonstrate that I've got great endpoint security in my business? >> You know it's a great question, because I don't know of too many customers that have a strict validation to say if I'm a partner of yours, not a technology partner but a business partner, that I expect you to maintain a certain level of security protection. There's just an automatic assumption that we partner with you know Sea-bil or somebody else and of course they have a protection enabled. I think you have to raise it up a level. So we have to have a policy mindset to not say that you know obviously we have different solutions deployed, but what have I enabled? From a very broad perspective, what kind of things do I allow my endpoints or do I allow my network to do? What kind of things do I disallow, do I block? Do I have control of domain admin? Something as simple as that. But that forms a policy, and then different companies can match policies together and say, yes you actually do comply with our policy or our security posture, therefore we're going to enable the partnership. Because you're right. If I come in through a partner, does that allow my insurance to cover me from a cyber protection perspective? That may be disallowed because it may be seen as an authorized entry within an environment, not a breach. And so there's all kinds of complexities that come out of that. But we have to have a better way of communicating between our companies. >> So as Ken Xie, the CEO of Fortinet, talked about this morning in his key note. He was talking about the evolution of security, going from the perimeter to web, and web 2.0, cloud, and now we're moving towards 2020 in this time of needing to have resilience and automation. And it's also an interesting time as we get towards 2020, and that's not that far away. You know this is 2017, if you can believe that. The proliferation of mobile and IOT and tablet, I mean there's suspected to be about 20 billion IOT devices connected in 2020, and only about a billion PCs. As you see that proliferation, and you look at the future from an endpoint perspective, how has the game changed today, and how do you expect the game for endpoint security to change in the next few years as we get to 2020? >> I mean it's interesting, because I remember the days when I was first installing the firewall, the only one in my enterprise, and working through that, that kind of perimeter and barrier concept. And now that barrier's disappeared. So we see a lot of things moving to cloud. And I think that really is the key enabler. What Fortinet is doing with the structure, they're really targeting for a cloud controller, cloud protection, we're seeing it from a lot of vendors. There's a lot of focus on that right now. Because if I have a mobile device, I may not be able to attach the mobile itself, because of the operating system or restrictions from the provider like IOS has in it. But I can control the application, I can tie into that. And if I tie that back to my corporate environment, so the same policies are being applied, and I can apply that down to my endpoint to make sure that at least from an application perspective, what's running on my laptop is the same control segment running on my application in the cloud. I now have a better control of the entire environment. And I think that's where our first step is. There's going to be a lot of advances I believe really in the next 10 years, five years or less for 2020, that really bring about some unique things concerning to mobile and IOT. >> Can you share with us a little bit more exactly how your technologies integrate with Fortinet's technologies, especially kind of looking at the announcements today? What they're doing with FortiGate, the announcements with the operating system? >> Absolutely. So today from an endpoint perspective, anytime we see a binary that comes on from our CB protection product, we'll send that to FortiSandbox. First we'll quarry it, find out whether or not they've seen it before. If they haven't, we'll send it to them, and they can do a detonation. Obviously we're taking the results of that back and we're making a block determination on that. Obviously those are things that we haven't already seen before. So different protection modes, different protection policies are in place. But if I haven't seen that particular binary, something brand new, it could be malicious, it could be a zero day. I can play that against the FortiSandbox and find out whether or not it actually does have that malicious nature to it and then act upon it. >> I've always though of endpoint security, and tell me if I'm right, as the first line of defense. >> It is. We've always thought of the firewall as the first line, because we think outward in. But really it is inward out, because you use your laptops at home, right? So it is the first place that everything always starts. >> So it's the first line of defense, to my perspective, and increasingly as businesses deliver, provide, or their services are in fact based on data, that that notion of the first line of defense creates new new responsibilities for both customers as well as vendors, as well as sellers. So over the next few years, how is that notion of the first line of defense going to change? Are we going to see customers start thinking about this, and whether or not I'm a good customer? How do we anticipate kind of some of the social changes that are going to be made possible by evolution of endpoint security and how it will make new demands on endpoint security? >> It's going to start with more visibility. I don't mean that in a very broad sense. But today we have antivirus solutions that we're really targeted about, just simply binary yes or no. Do I allow something to execute or not? And that worked very well 10 15 years ago. Increasingly over time we know that it really hasn't, because advanced attacks have come around. So now we're applying more visibility to that endpoint, saying what actually is occurring, and how are those processes working together? If I see something operate from an email file, I click on it, something else happens, now all of a sudden there's code executing. That sequence of events or that stream becomes very very important for the visibility standpoint. Our project CB defense takes that streaming prevention. We say what is the risk factor scoring that we've applied to this, and how does that sum together not only blocking good and bad, but now I'm getting to actions. So now that I'm paying more attention, that rolls into what are users doing? What are they actually doing on the endpoints, and how does that policy dictate? I think for so long we've said that we can't approach endpoints because we can't control them, and that's the CEO's device or whatever it is. We're really changing that methodology. I think mindset wise people are okay with I need more controls on the endpoint, I need more capabilities. That's going to start transitioning to having conversations about well how do you control your endpoints? And suddenly there's more of a focus, besides just saying do you have something installed to block stuff? That conversation got really short, because it just doesn't work today. So I'm not saying do I have Carbon Black installed or anything else installed, it's what am I doing, what policy am I applying there, and then how does that match up to my business partners? >> I've made commitments to this customer, this customer's made commitments to me. Are those commitments being fulfilled, and is someone trying to step beyond those commitments to do something bad? >> I never want to be the source of an attack to my partner. (laughing) That would be the worst. >> And well there are some very high profile cases where an HVAC company for example suddenly discovered that they were a security risk to some very very big companies. It wasn't supposed to happen that way. >> And to your point before, it was an HVAC company. Nobody thought about HVAC being a targeted industry. >> A critical infrastructure, right, right. >> Exactly, it doesn't matter. People are after the data. They're after what's on the endpoint, and that's why we need to protect the endpoints as the first step. But obviously combining that with a bigger motion, because it's not all endpoint. There has to be a network barrier. You have to have other things involved. There's cloud now and were transitioning to Quickway, and that's where partnerships are going to be formed. I really believe that you're going to see more and more partnerships over time with this collective nature of leveraging Fortinet calls it the intent-based networking, right? So intent-based, what is the intent behind it? What is the attacker really trying to do? And I love that and that concept, because it really does match up well with us. >> Well but as security practices and technologies improve in one area, security practices and technologies have to improve in all areas. Otherwise one part of that security infrastructure becomes the point that everybody's using for the attack. >> A vulnerability, right. >> Yeah, it's a vulnerability. My point is a lot of people are now starting to think, oh endpoint security, that's not that, this. No, that too has to evolve. And it's going to create value, and it has to, in context, it has to evolve in the context of the broader class of attacks and the things that people are trying to do with their data in digital business. >> Absolutely. I think that a lot of customers have realized that they're making that a part of their overall security planning. You know for three years our what am I going to do, and where do I stand at today? And obviously there's existing license cycles and things like that on the network side as well. But I think a lot of customers are starting to formulate a whole plan about how do I look at my entire infrastructure? Forget what I have. Let me say I want to have certain protections in place. First off, do I have them? And if not can I plug something in that actually still will seamlessly integrate? And that's a really important point for a lot of our customer base. >> And speaking on kind of giving you the last word Jim, you both talked about evolution here. As we look at where Carbon Black is today, you were just named by Forrester as the market leader for endpoint security, fantastic. Looking at that going into 2017 as we're in January 2017, the announcements from Fortinet today. What most excites you about this continued technology partnership? >> Continued with Fortinet? >> With Fortinet, yes. >> Okay, I thought you were talking over all, it's good. Honestly it's something as simple as their approach to the APIs. I mean it sounds silly, but at the end of the day, if their approach is really to leverage and to work with other partners, and that's what ours has been for a long time. So we're not saying it just has to be our product, it just has to be our solutions. They're saying whatever the customer is already invested in, we're going to make it better. And that's a strong message we've had for a long time as well. I don't care what you've put in for a firewall necessarily. But I do want to be able to integrate with that, because the customer needs that. It's not me being very selfish so to speak. Customers are demanding that they have a simpler solution to manage. And it's that simplistic way, that's where we're headed from and endpoint perspective, of having a solution that actually takes in everything from the environment and really makes it a common view, for the instant responder and the personnel. >> And it's all essential for digital business transformation which is as we've been talking about Peter is the crux of that is data and that. Well Jim Rein from Carbon Black, thank you so much for joining us on the Cube today. And on behalf of Peter Burris and myself Lisa Martin, we thank you so much for watching the Cube, and we're going to be right back.