>> Okay, welcome back to the portion of the program for customer lightning talks, where we chat with Armis' customers for a rapid fire five minute session on their Cisco perspectives and insights into cybersecurity. First up is Tim Everson, CISO of Kalahari resorts and conventions. Let's get it going. Hi, Tim. Welcome to theCUBE and Armis program, managing risk across your extended surface area. >> Thanks for having me appreciate it. >> So let's get going. So unified visibility across the extended asset serves as key. You can't secure what you can't see. Tell me about what you're able to centralize, your views on network assets and what is Armis doing from an impact standpoint that's had on your business? >> Sure. So traditionally basically you have all your various management platforms, your Cisco platforms, your Sims, your wireless platforms, all the different pieces and you've got a list of spare data out there and you've got to chase all of this data through all these different tools. Armis is fantastic and was really point blank dropping in place for us as far as getting access to all of that data all in one place and giving us visibility to everything. Basically opened the doors letting us see our customer wireless traffic, our internal traffic, our PCI traffic because we deal with credit cards, HIPAA, compliance, all this traffic, all these different places, all into one. >> All right, next up, vulnerability management is a big topic, across all assets, not just IT devices. The gaps are there in the current vulnerability management programs. How has Armis vulnerability management made things better for your business and what can you see now that you couldn't see before? >> So Armis gives me better visibility of the network side of these vulnerabilities. You have your Nessus vulnerability scanners, the things that look at machines, look at configurations and hard facts. Nessus gives you all those. But when you turn to Armis, Armis looks at the network perspective, takes all that traffic that it's seeing on the network and gives you the network side of these vulnerabilities. So you can see if something's trying to talk out to a specific port or to a specific host on the internet and Armis consolidates all that and gives you trusted sources of information to validate where those are coming from. >> When you take into account all the criticality of the different kinds of assets involved in a business operation and they're becoming more wider, especially with edge in other areas, how has the security workload changed? >> The security workload has increased dramatically, especially in hospitality. In our case, not only do we have hotel rooms and visitors and our guests, we also have a convention center that we deal with. We have water parks and fun things for people to do. Families and businesses alike. And so when you add all those things up and you add the wireless and you add the network and the audio video and all these different pieces that come into play with all of those things in hospitality and you add our convention centers on top of it, the footprint's just expanded enormously in the past few years. >> When you have a digital transformation in a use case like yours, it's very diverse. You need a robust network, you need a robust environment to implement SaaS solutions. No ages to deploy, no updates needed. You got to be in line with that to execute and scale. How easy was Armis to implement ease of use of simplicity, the plug and play? In other words, how quickly do you achieve this time to value? >> Oh goodness. We did a proof of concept about three months ago in one of our resort locations, we dropped in an Armis appliance and literally within the first couple hours of the appliance being on the network, we had data on 30 to 40,000 devices that were touching our network. Very quick and easy, very drop and plug and play and moving from the POC to production, same deal. We, we dropped in these appliances in site. Now we're seeing over 180,000 devices touching our networks within a given week. >> Armis has this global asset knowledge base, it's crowdsourced an a asset intelligent engine, it's a game changer. It tracks managed, unmanaged IOT devices. Were you shocked when you discovered how many assets they were able to discover and what impact did that have for you? >> Oh, absolutely. Not only do we have the devices that we have, but we have guests that bring things on site all the time, Roku TVs and players and Amazon Fire Sticks and all these different things that are touching our network and seeing those in real time and seeing how much traffic they're using we can see utilization, we can see exactly what's being brought on, we can see vehicles in our parking lot that have access points turned on. I mean, it's just amazing how much data this opened our eyes to that you know it's there but you don't ever see it. >> It's bring your own equipment to the resort just so you can watch all your Netflix, HDMI cable, everyone's doing it now. I mean, this is the new user behavior. Great insight. Anything more you'd want to say about Armis for the folks watching? >> I would say the key is they're very easy to work with. The team at Armis has worked very closely with me to get the integrations that we've put in place with our networking equipment, with our wireless, with different pieces of things and they're working directly with me to help integrate some other things that we've asked them to do that aren't there already. Their team is very open. They listen, they take everything that we have to say as a customer to heart and they really put a lot of effort into making it happen. >> All right, Tim. Well, thanks for your time. I'm John Furrier with theCUBE, the leader in enterprise tech coverage. Up next in this lightning talk session is Brian Gilligan, manager, security and Operations at Brookfield Properties. Thanks for watching.

(upbeat music) >> Today's organizations are overwhelmed by the number of different assets connected to their networks, which now include not only IT devices and assets, but also a lot of unmanaged assets, like cloud, IoT, building management systems, industrial control systems, medical devices, and more. That's not just it, there's more. We're seeing massive volume of threats, and a surge of severe vulnerabilities that put these assets at risk. This is happening every day. And many, including me, think it's only going to get worse. The scale of the problem will accelerate. Security and IT teams are struggling to manage all these vulnerabilities at scale. With the time it takes to exploit a new vulnerability, combined with the lack of visibility into the asset attack surface area, companies are having a hard time addressing the vulnerabilities as quickly as they need. This is today's special CUBE program, where we're going to talk about these problems and how they're solved. Hello, everyone. I'm John Furrier, host of theCUBE. This is a special program called Managing Risk Across Your Extended Attack Surface Area with Armis, new asset intelligence platform. To start things off, let's bring in the co-founder and CTO of Armis, Nadir Izrael. Nadir, great to have you on the program. >> Yeah, thanks for having me. >> Great success with Armis. I want to just roll back and just zoom out and look at, what's the big picture? What are you guys focused on? What's the holy grail? What's the secret sauce? >> So Armis' mission, if you will, is to solve to your point literally one of the holy grails of security teams for the past decade or so, which is, what if you could actually have a complete, unified, authoritative asset inventory of everything, and stressing that word, everything. IT, OT, IoT, everything on kind of the physical space of things, data centers, virtualization, applications, cloud. What if you could have everything mapped out for you so that you can actually operate your organization on top of essentially a map? I like to equate this in a way to organizations and security teams everywhere seem to be running, basically running the battlefield, if you will, of their organization, without an actual map of what's going on, with charts and graphs. So we are here to provide that map in every aspect of the environment, and be able to build on top of that business processes, products, and features that would assist security teams in managing that battlefield. >> So this category, basically, is a cyber asset attack surface management kind of focus, but it really is defined by this extended asset attack surface area. What is that? Can you explain that? >> Yeah, it's a mouthful. I think the CAASM, for short, and Gartner do love their acronyms there, but CAASM, in short, is a way to describe a bit of what I mentioned before, or a slice out of it. It's the whole part around a unified view of the attack surface, where I think where we see things, and kind of where Armis extends to that is really with the extended attack surface. That basically means that idea of, what if you could have it all? What if you could have both a unified view of your environment, but also of every single thing that you have, with a strong emphasis on the completeness of that picture? If I take the map analogy slightly more to the extreme, a map of some of your environment isn't nearly as useful as a map of everything. If you had to, in your own kind of map application, you know, chart a path from New York to whichever your favorite surrounding city, but it only takes you so far, and then you sort of need to do the rest of it on your own, not nearly as effective, and in security terms, I think it really boils down into you can't secure what you can't see. And so from an Armis perspective, it's about seeing everything in order to protect everything. And not only do we discover every connected asset that you have, we provide a risk rating to every single one of them, we provide a criticality rating, and the ability to take action on top of these things. >> Having a map is huge. Everyone wants to know what's in their inventory, right, from a risk management standpoint, also from a vulnerability perspective. So I totally see that, and I can see that being the holy grail, but on the vulnerability side, you got to see everything, and you guys have new stuff around vulnerability management. What's this all about? What kind of gaps are you seeing that you're filling in the vulnerability side, because, okay, I can see everything. Now I got to watch out for threat vectors. >> Yeah, and I'd say a different way of asking this is, okay, vulnerability management has been around for a while. What the hell are you bringing into the mix that's so new and novel and great? So I would say that vulnerability scanners of different sorts have existed for over a decade. And I think that ultimately what Armis brings into the mix today is how do we fill in the gaps in a world where critical infrastructure is in danger of being attacked by nation states these days, where ransomware is an everyday occurrence, and where I think credible, up-to-the-minute, and contextualize vulnerability and risk information is essential. Scanners, or how we've been doing things for the last decade, just aren't enough. I think the three things that Armis excels at and completes the security staff today on the vulnerability management side are scale, reach, and context. Scale, meaning ultimately, and I think this is of no news to any enterprise, environments are huge. They are beyond huge. When most of the solutions that enterprises use today were built, they were built for thousands, or tens of thousands of assets. These days, we measure enterprises in the billions, billions of different assets, especially if you include how applications are structured, containers, cloud, all that, billions and billions of different assets, and I think that, ultimately, when the latest and greatest in catastrophic new vulnerabilities come out, and sadly, that's a monthly occurrence these days. You can't just now wait around for things to kind of scan through the environment, and figure out what's going on there. Real time images of vulnerabilities, real time understanding of what the risk is across that entire massive footprint is essential to be able to do things, and if you don't, then lots and lots of teams of people are tasked with doing this day in, day out, in order to accomplish the task. The second thing, I think, is the reach. Scanners can't go everywhere. They don't really deal well with environments that are a mixed IT/OT, for instance, like some of our clients deal with. They can't really deal with areas that aren't classic IT. And in general, these days over 70% of assets are in fact of the unmanaged variety, if you will. So combining different approaches from an Armis standpoint of both passive and active, we reach a tremendous scale, I think, within the environment, and ability to provide or reach that is complete. What if you could have vulnerability management, cover a hundred percent of your environment, and in a very effective manner, and in a very scalable manner? And the last thing really is context. And that's a big deal here. I think that most vulnerability management programs hinge on asset context, on the ability to understand, what are the assets I'm dealing with? And more importantly, what is the criticality of these assets, so I can better prioritize and manage the entire process along the way? So with these things in mind, that's what Armis has basically pulled out is a vulnerability management process. What if we could collect all the vulnerability information from your entire environment, and give you a map of that, on top of that map of assets? Connect every single vulnerability and finding to the relevant assets, and give you a real way to manage that automatically, and in a way that prevents teams of people from having to do a lot of grunt work in the process. >> Yeah, it's like building a search engine, almost. You got the behavioral, contextual. You got to understand what's going on in the environment, and then you got to have the context to what it means relative to the environment. And this is the criticality piece you mentioned, this is a huge differentiator in my mind. I want to unpack that. Understanding what's going on, and then what to pay attention to, it's a data problem. You got that kind of search and cataloging of the assets, and then you got the contextualization of it, but then what alarms do I pay attention to? What is the vulnerability? This is the context. This is a huge deal, because your businesses, your operation's going to have some important pieces, but also it changes on agility. So how do you guys do that? That's, I think, a key piece. >> Yeah, that's a really good question. So asset criticality is a key piece in being able to prioritize the operation. The reason is really simple, and I'll take an example we're all very, very familiar with, and it's been beaten to death, but it's still a good example, which is Log4j, or Log4Shell. When that came out, hundreds of people in large organizations started mapping the entire environment on which applications have what aspect of Log4j. Now, one of the key things there is that when you're doing that exercise for the first time, there are literally millions of systems in a typical enterprise that have Log4j in them, but asset criticality and the application and business context are key here, because some of these different assets that have Log4j are part of your critical business function and your critical business applications, and they deserve immediate attention. Some of them, or some Git server of some developer somewhere, don't warrant quite the same attention or criticality as others. Armis helps by providing the underlying asset map as a built-in aspect of the process. It maps the relationships and dependencies for you. It pulls together and clusters together. What applications does each asset serve? So I might be looking at a server and saying, okay, this server, it supports my ERP system. It supports my production applications to be able to serve my customers. It serves maybe my .com website. Understanding what applications each asset serves and every dependency along the way, meaning that endpoint, that server, but also the load balancers are supported, and the firewalls, and every aspect along the way, that's the bread and butter of the relationship mapping that Armis puts into place to be able to do that, and we also allow users to tweak, add information, connect us with their CMDB or anywhere else where they put this in, but once the information is in, that can serve vulnerability management. It can serve other security functions as well. But in the context of vulnerability management, it creates a much more streamlined process for being able to do the basics. Some critical applications, I want to know exactly what all the critical vulnerabilities that apply to them are. Some business applications, I just want to be able to put SLAs on, that this must be solved within a week, this must be solved within a month, and be able to actually automatically track all of these in a world that is very, very complex inside of an operation or an enterprise. >> We're going to hear from some of your customers later, but I want to just get your thoughts on, anecdotally, what do you hear from? You're the CTO, co-founder, you're actually going into the big accounts. When you roll this out, what are they saying to you? What are some of the comments? Oh my God, this is amazing. Thank you so much. >> Well, of course. Of course. >> Share some of the comments. >> Well, first of all, of course, that's what they're saying. They're saying we're great. Of course, always, but more specifically, I think this solves a huge gap for them. They are used to tools coming in and discovering vulnerabilities for them, but really close to nothing being able to streamline the truly complex and scalable process of being able to manage vulnerabilities within the environment. Not only that, the integration-led, designer-led deployment and the fact that we are a completely agent-less SaaS platform are extremely important for them. These are times where if something isn't easily deployable for an enterprise, its value is next to nothing. I think that enterprises have come to realize that if something isn't a one click deployment across the environment, it's almost not worth the effort these days, because environments are so complex that you can't fully realize the value any other way. So from an Armis standpoint, the fact that we can deploy with a few clicks, the fact that we immediately provide that value, the fact that we're agent-less, in the sense that we don't need to go around installing a footprint within the environment, and for clients who already have Armis, the fact that it's a flip of a switch, just turn it on, are extreme. I think that the fact, in particular, that Armis can be deployed. the vulnerability management can be deployed on top of the existing vulnerability scanner with a simple one-click integration is huge for them. And I think all of these together are what contribute to them saying how great this is. But yeah, that's it. >> The agent listing is huge. What's the alternative? What does it look like if they're going to go the other route, slow to deploy, have meetings, launch it in the environment? What's it look like? >> I think anything these days that touches an endpoint with an agent goes through a huge round of approvals before anything goes into an environment. Same goes, by the way, for additional scanners. No one wants to hear about additional scanners. They've already gone through the effort with some of the biggest tools out there to punch holes through firewalls, to install scanners in different ways. They don't want yet another scanner, or yet another agent. Armis rides on top of the existing infrastructure, the existing agents, the existing scanners. You don't need to do a thing. It just deploys on top of it, and that's really what makes this so easy and seamless. >> Talk about Armis research. Can you talk about, what's that about? What's going on there? What are you guys doing? How do you guys stay relevant for your customers? >> For sure. So one of the, I've made a lot of bold claims throughout, I think, the entire Q and A here, but one of the biggest magic components, if you will, to Armis that kind of help explain what all these magic components are, are really something that we call our collective asset knowledge base. And it's really the source of our power. Think of it as a giant collective intelligent that keeps learning from all of the different environments combined that Armis is deployed at. Essentially, if we see something in one environment, we can translate it immediately into all environments. So anyone who joins this or uses the product joins this collective intelligence in essence. What does that mean? It means that Armis learns about vulnerabilities from other environments. A new Log4j comes out, for instance. It's enough that, in some environments, Armis is able to see it from scanners, or from agents, or from SBOMs, or anything that basically provides information about Log4j, and Armis immediately infers or creates enrichment rules that act across the entire tenant base, or the entire client base of Armis. So very quick response to industry events, whenever something comes out, again, the results are immediate, very up to the minute, very up to the hour, but also I'd say that Armis does its own proactive asset research. We have a huge data set at our disposal, a lot of willing and able clients, and also a lot of partners within the industry that Armis leverages, but our own research is into interesting aspects within the environment. We do our own proactive research into things like TLStorm, which is kind of a bit of a bridging research and vulnerabilities between cyber physical aspect. So on the one hand, the cyber space and kind of virtual environments, but on the other hand, the actual physical space, vulnerabilities, and things like UPSs, or industrial equipment, or things like that. But I will say that also, Armis targets its research along different paths that we feel are underserved. We started a few years back research into firmwares, different types of real time operating systems. We came out with things like URGENT/11, which was research into, on the one hand, operating systems that run on two billion different devices worldwide, on the other hand, in the 40 years it existed, only 13 vulnerabilities were ever exposed or revealed about that operating system. Either it's the most secure operating system in the world, or it's just not gone through enough rigor and enough research in doing this. The type of active research we do is to complement a lot of the research going on in the industry, serve our clients better, but also provide kind of inroads, I think, for the industry to be better at what they do. >> Awesome, Nadir, thanks for sharing the insights. Great to see the research. You got to be at the cutting edge. You got to investigate, be ready for a moment's notice on all aspects of the operating environment, down to the hardware, down to the packet level, down to the any vulnerability, be ready for it. Great job. Thanks for sharing. Appreciate it. >> Absolutely. >> In a moment, Tim Everson's going to join us. He's the CSO of Kalahari Resorts and Conventions. He'll be joining me next. You're watching theCUBE, the leader in high tech coverage. I'm John Furrier. Thanks for watching. (upbeat music)

(upbeat music) >> Today's organizations are overwhelmed by the number of different assets connected to their networks, which now include not only IT devices and assets, but also a lot of unmanaged assets, like cloud, IoT, building management systems, industrial control systems, medical devices, and more. That's not just it, there's more. We're seeing massive volume of threats, and a surge of severe vulnerabilities that put these assets at risk. This is happening every day. And many, including me, think it's only going to get worse. The scale of the problem will accelerate. Security and IT teams are struggling to manage all these vulnerabilities at scale. With the time it takes to exploit a new vulnerability, combined with the lack of visibility into the asset attack surface area, companies are having a hard time addressing the vulnerabilities as quickly as they need. This is today's special CUBE program, where we're going to talk about these problems and how they're solved. Hello, everyone. I'm John Furrier, host of theCUBE. This is a special program called Managing Risk Across Your Extended Attack Surface Area with Armis, new asset intelligence platform. To start things off, let's bring in the co-founder and CTO of Armis, Nadir Izrael. Nadir, great to have you on the program. >> Yeah, thanks for having me. >> Great success with Armis. I want to just roll back and just zoom out and look at, what's the big picture? What are you guys focused on? What's the holy grail? What's the secret sauce? >> So Armis' mission, if you will, is to solve to your point literally one of the holy grails of security teams for the past decade or so, which is, what if you could actually have a complete, unified, authoritative asset inventory of everything, and stressing that word, everything. IT, OT, IoT, everything on kind of the physical space of things, data centers, virtualization, applications, cloud. What if you could have everything mapped out for you so that you can actually operate your organization on top of essentially a map? I like to equate this in a way to organizations and security teams everywhere seem to be running, basically running the battlefield, if you will, of their organization, without an actual map of what's going on, with charts and graphs. So we are here to provide that map in every aspect of the environment, and be able to build on top of that business processes, products, and features that would assist security teams in managing that battlefield. >> So this category, basically, is a cyber asset attack surface management kind of focus, but it really is defined by this extended asset attack surface area. What is that? Can you explain that? >> Yeah, it's a mouthful. I think the CAASM, for short, and Gartner do love their acronyms there, but CAASM, in short, is a way to describe a bit of what I mentioned before, or a slice out of it. It's the whole part around a unified view of the attack surface, where I think where we see things, and kind of where Armis extends to that is really with the extended attack surface. That basically means that idea of, what if you could have it all? What if you could have both a unified view of your environment, but also of every single thing that you have, with a strong emphasis on the completeness of that picture? If I take the map analogy slightly more to the extreme, a map of some of your environment isn't nearly as useful as a map of everything. If you had to, in your own kind of map application, you know, chart a path from New York to whichever your favorite surrounding city, but it only takes you so far, and then you sort of need to do the rest of it on your own, not nearly as effective, and in security terms, I think it really boils down into you can't secure what you can't see. And so from an Armis perspective, it's about seeing everything in order to protect everything. And not only do we discover every connected asset that you have, we provide a risk rating to every single one of them, we provide a criticality rating, and the ability to take action on top of these things. >> Having a map is huge. Everyone wants to know what's in their inventory, right, from a risk management standpoint, also from a vulnerability perspective. So I totally see that, and I can see that being the holy grail, but on the vulnerability side, you got to see everything, and you guys have new stuff around vulnerability management. What's this all about? What kind of gaps are you seeing that you're filling in the vulnerability side, because, okay, I can see everything. Now I got to watch out for threat vectors. >> Yeah, and I'd say a different way of asking this is, okay, vulnerability management has been around for a while. What the hell are you bringing into the mix that's so new and novel and great? So I would say that vulnerability scanners of different sorts have existed for over a decade. And I think that ultimately what Armis brings into the mix today is how do we fill in the gaps in a world where critical infrastructure is in danger of being attacked by nation states these days, where ransomware is an everyday occurrence, and where I think credible, up-to-the-minute, and contextualize vulnerability and risk information is essential. Scanners, or how we've been doing things for the last decade, just aren't enough. I think the three things that Armis excels at and completes the security staff today on the vulnerability management side are scale, reach, and context. Scale, meaning ultimately, and I think this is of no news to any enterprise, environments are huge. They are beyond huge. When most of the solutions that enterprises use today were built, they were built for thousands, or tens of thousands of assets. These days, we measure enterprises in the billions, billions of different assets, especially if you include how applications are structured, containers, cloud, all that, billions and billions of different assets, and I think that, ultimately, when the latest and greatest in catastrophic new vulnerabilities come out, and sadly, that's a monthly occurrence these days. You can't just now wait around for things to kind of scan through the environment, and figure out what's going on there. Real time images of vulnerabilities, real time understanding of what the risk is across that entire massive footprint is essential to be able to do things, and if you don't, then lots and lots of teams of people are tasked with doing this day in, day out, in order to accomplish the task. The second thing, I think, is the reach. Scanners can't go everywhere. They don't really deal well with environments that are a mixed IT/OT, for instance, like some of our clients deal with. They can't really deal with areas that aren't classic IT. And in general, these days over 70% of assets are in fact of the unmanaged variety, if you will. So combining different approaches from an Armis standpoint of both passive and active, we reach a tremendous scale, I think, within the environment, and ability to provide or reach that is complete. What if you could have vulnerability management, cover a hundred percent of your environment, and in a very effective manner, and in a very scalable manner? And the last thing really is context. And that's a big deal here. I think that most vulnerability management programs hinge on asset context, on the ability to understand, what are the assets I'm dealing with? And more importantly, what is the criticality of these assets, so I can better prioritize and manage the entire process along the way? So with these things in mind, that's what Armis has basically pulled out is a vulnerability management process. What if we could collect all the vulnerability information from your entire environment, and give you a map of that, on top of that map of assets? Connect every single vulnerability and finding to the relevant assets, and give you a real way to manage that automatically, and in a way that prevents teams of people from having to do a lot of grunt work in the process. >> Yeah, it's like building a search engine, almost. You got the behavioral, contextual. You got to understand what's going on in the environment, and then you got to have the context to what it means relative to the environment. And this is the criticality piece you mentioned, this is a huge differentiator in my mind. I want to unpack that. Understanding what's going on, and then what to pay attention to, it's a data problem. You got that kind of search and cataloging of the assets, and then you got the contextualization of it, but then what alarms do I pay attention to? What is the vulnerability? This is the context. This is a huge deal, because your businesses, your operation's going to have some important pieces, but also it changes on agility. So how do you guys do that? That's, I think, a key piece. >> Yeah, that's a really good question. So asset criticality is a key piece in being able to prioritize the operation. The reason is really simple, and I'll take an example we're all very, very familiar with, and it's been beaten to death, but it's still a good example, which is Log4j, or Log4Shell. When that came out, hundreds of people in large organizations started mapping the entire environment on which applications have what aspect of Log4j. Now, one of the key things there is that when you're doing that exercise for the first time, there are literally millions of systems in a typical enterprise that have Log4j in them, but asset criticality and the application and business context are key here, because some of these different assets that have Log4j are part of your critical business function and your critical business applications, and they deserve immediate attention. Some of them, or some Git server of some developer somewhere, don't warrant quite the same attention or criticality as others. Armis helps by providing the underlying asset map as a built-in aspect of the process. It maps the relationships and dependencies for you. It pulls together and clusters together. What applications does each asset serve? So I might be looking at a server and saying, okay, this server, it supports my ERP system. It supports my production applications to be able to serve my customers. It serves maybe my .com website. Understanding what applications each asset serves and every dependency along the way, meaning that endpoint, that server, but also the load balancers are supported, and the firewalls, and every aspect along the way, that's the bread and butter of the relationship mapping that Armis puts into place to be able to do that, and we also allow users to tweak, add information, connect us with their CMDB or anywhere else where they put this in, but once the information is in, that can serve vulnerability management. It can serve other security functions as well. But in the context of vulnerability management, it creates a much more streamlined process for being able to do the basics. Some critical applications, I want to know exactly what all the critical vulnerabilities that apply to them are. Some business applications, I just want to be able to put SLAs on, that this must be solved within a week, this must be solved within a month, and be able to actually automatically track all of these in a world that is very, very complex inside of an operation or an enterprise. >> We're going to hear from some of your customers later, but I want to just get your thoughts on, anecdotally, what do you hear from? You're the CTO, co-founder, you're actually going into the big accounts. When you roll this out, what are they saying to you? What are some of the comments? Oh my God, this is amazing. Thank you so much. >> Well, of course. Of course. >> Share some of the comments. >> Well, first of all, of course, that's what they're saying. They're saying we're great. Of course, always, but more specifically, I think this solves a huge gap for them. They are used to tools coming in and discovering vulnerabilities for them, but really close to nothing being able to streamline the truly complex and scalable process of being able to manage vulnerabilities within the environment. Not only that, the integration-led, designer-led deployment and the fact that we are a completely agent-less SaaS platform are extremely important for them. These are times where if something isn't easily deployable for an enterprise, its value is next to nothing. I think that enterprises have come to realize that if something isn't a one click deployment across the environment, it's almost not worth the effort these days, because environments are so complex that you can't fully realize the value any other way. So from an Armis standpoint, the fact that we can deploy with a few clicks, the fact that we immediately provide that value, the fact that we're agent-less, in the sense that we don't need to go around installing a footprint within the environment, and for clients who already have Armis, the fact that it's a flip of a switch, just turn it on, are extreme. I think that the fact, in particular, that Armis can be deployed. the vulnerability management can be deployed on top of the existing vulnerability scanner with a simple one-click integration is huge for them. And I think all of these together are what contribute to them saying how great this is. But yeah, that's it. >> The agent listing is huge. What's the alternative? What does it look like if they're going to go the other route, slow to deploy, have meetings, launch it in the environment? What's it look like? >> I think anything these days that touches an endpoint with an agent goes through a huge round of approvals before anything goes into an environment. Same goes, by the way, for additional scanners. No one wants to hear about additional scanners. They've already gone through the effort with some of the biggest tools out there to punch holes through firewalls, to install scanners in different ways. They don't want yet another scanner, or yet another agent. Armis rides on top of the existing infrastructure, the existing agents, the existing scanners. You don't need to do a thing. It just deploys on top of it, and that's really what makes this so easy and seamless. >> Talk about Armis research. Can you talk about, what's that about? What's going on there? What are you guys doing? How do you guys stay relevant for your customers? >> For sure. So one of the, I've made a lot of bold claims throughout, I think, the entire Q and A here, but one of the biggest magic components, if you will, to Armis that kind of help explain what all these magic components are, are really something that we call our collective asset knowledge base. And it's really the source of our power. Think of it as a giant collective intelligent that keeps learning from all of the different environments combined that Armis is deployed at. Essentially, if we see something in one environment, we can translate it immediately into all environments. So anyone who joins this or uses the product joins this collective intelligence in essence. What does that mean? It means that Armis learns about vulnerabilities from other environments. A new Log4j comes out, for instance. It's enough that, in some environments, Armis is able to see it from scanners, or from agents, or from SBOMs, or anything that basically provides information about Log4j, and Armis immediately infers or creates enrichment rules that act across the entire tenant base, or the entire client base of Armis. So very quick response to industry events, whenever something comes out, again, the results are immediate, very up to the minute, very up to the hour, but also I'd say that Armis does its own proactive asset research. We have a huge data set at our disposal, a lot of willing and able clients, and also a lot of partners within the industry that Armis leverages, but our own research is into interesting aspects within the environment. We do our own proactive research into things like TLStorm, which is kind of a bit of a bridging research and vulnerabilities between cyber physical aspect. So on the one hand, the cyber space and kind of virtual environments, but on the other hand, the actual physical space, vulnerabilities, and things like UPSs, or industrial equipment, or things like that. But I will say that also, Armis targets its research along different paths that we feel are underserved. We started a few years back research into firmwares, different types of real time operating systems. We came out with things like URGENT/11, which was research into, on the one hand, operating systems that run on two billion different devices worldwide, on the other hand, in the 40 years it existed, only 13 vulnerabilities were ever exposed or revealed about that operating system. Either it's the most secure operating system in the world, or it's just not gone through enough rigor and enough research in doing this. The type of active research we do is to complement a lot of the research going on in the industry, serve our clients better, but also provide kind of inroads, I think, for the industry to be better at what they do. >> Awesome, Nadir, thanks for sharing the insights. Great to see the research. You got to be at the cutting edge. You got to investigate, be ready for a moment's notice on all aspects of the operating environment, down to the hardware, down to the packet level, down to the any vulnerability, be ready for it. Great job. Thanks for sharing. Appreciate it. >> Absolutely. >> In a moment, Tim Everson's going to join us. He's the CSO of Kalahari Resorts and Conventions. He'll be joining me next. You're watching theCUBE, the leader in high tech coverage. I'm John Furrier. Thanks for watching. (upbeat music)

(upbeat music) >> Hello, welcome to this CUBE Conversation here in Palo Alto, California. I'm John Furrier, host of theCUBE. We're here with Tim Everson, CISO at Kalahari Resorts & Conventions. Tim, great to see you. Thanks for coming on theCUBE. >> Thank you for having me. Looking forward to it. >> So, you know, RSA is going on this week. We're talking a lot about security. You've got a lot of conferences. Security is a big scale now across all enterprises, all businesses. You're in the hospitality, you got conventions. You're in the middle of it. You have an interesting environment. You've got a lot of diverse use cases. And you've got a lot of needs. They're always changing. I mean, you talk about change. You've got a network that has to be responsive, robust and support a lot of tough customers who want to have fun or do business. >> Exactly, yeah. We have customers that come in, that we were talking about this before the segment. And we have customers that come in that bring their own Roku Sticks their own Amazon devices. All these different things they bring in. You know, our resort customers need dedicated bandwidth. So they need dedicated network segments stood up at a moment's notice to do the things they're doing and run the shows they're showing. So it's never, never ending. It's constantly changing in our business. And there's just data galore to keep an eye on. So it's really interesting. >> Can you scope the scale of the current cybersecurity challenges these days in the industry? Because they're wide and far, they're deep. You got zero trust on one end, which is essentially don't trust anything. And then you got now on the software supply chain, things like more trust. So you got the conflict between a direction that's more trusted and then zero trust, and everything in between. From, endpoint protection. It's a lot going on. What's the scale of this situation right now in cyber? >> You know, right now everything's very, very up in the air. You talk about zero trust. And zero trust can be defined a lot of ways depending on what security person you talk to today. So, I won't go into my long discussion about zero trust but suffice to say, like I said zero trust can be perceived so many different ways. From a user perspective, from a network perspective, from an end point. I look more broadly at the regulatory side of things and how that affects things too. Because, regulations are changing daily. You've got your GDPRs, your CCPAs, your HIPAA regulations, PCI. All these different things that affect businesses, and affect businesses different ways. I mean, at Kalahari we're vulnerable or we're not vulnerable, but we're subject to a lot of these different regulations, more so than other people. You wouldn't expect a lot of hotels to have HIPAA regulations for instance. We have health people at our resorts. So we actually are subject to HIPAA in a lot of cases. So there's a lot of these broad scenarios that apply and they come into play with all different industries. And again, things you don't expect. So, when you see these threats coming, when you see all the hacks coming. Even today I got an email that the Marriott breach data from a few years ago, or the MGM breach from a few years ago. We've got all these breaches out there in the world, are coming back to the surface and being looked at again. And our users and our guests and our corporate partners, and all these different people see those things and they rely on us to protect them. So it makes that scope just exponentially bigger. >> Yeah, there's so many threads to pull on here. One is, you know we've observed certainly with the pandemic and then now going forward is that if you weren't modern in your infrastructure, in your environment, you are exposed. Even, I'm not talking old and antiquated like in the dark ages IT. We're talking like really state of the art, current. If you're lagging just by a few years, the hackers have an advantage. So, the constant bar raising, leveling up on technology is part of this arms race against the bad guys. >> Absolutely. And you said it, you talked earlier about the supply chain. Supply chain, these attacks that have come through the SolarWinds attacks and some of these other supply chain attacks that are coming out right now. Everybody's doing their best to stay on top of the latest, greatest. And the problem with that is, when you rely on other vendors and other companies to be able to help you do that. And you're relying on all these different tool sets, the supply chain attack is hugely critical. It makes it really, really important that you're watching where you're getting your software from, what they're doing with it, how they secure it. And that when you're dealing with your vendors and your different suppliers, you're making sure that they're securing things as well as you are. And it just, it adds to the complexity, it adds to the footprint and it adds to the headache that a lot of these security teams have. Especially small teams where they don't have the people to manage those kind of contacts. >> It's so interesting, I think zero trust is a knee jerk reaction to the perimeter being gone. It's like, you got to People love the zero trust. Oh it's like, "We're going to protect this that nobody, and then vet them in." But once you're trusted, trust also is coming in to play here. And in your environment, you're a hotel, you're a convention. You have a lot of rotation of guests coming in. Very much high velocity. And spear phishing and phishing, I could be watching and socially engineering someone that could be on your property at any given time. You got to be prepared for that. Or, you got ransomware coming around the corners or heavily. So, you got the ransomware threat and you got potentially spear phishing that could be possible at your place. These are things that are going on, right? That you got to protect for. What's your reaction to that? >> Absolutely. We see all those kind of attacks on a daily basis. I see spear phishing attacks. I see, web links and I chase them down and see what's going on. I see that there's ransomware trying to come in. We see these things every single day. And the problem you have with it is not only, especially in a space where you have a high volume of customers and a high turnover of customers like you're talking about that are in and out of our resorts, in and out of our facilities. Those attacks aren't just coming from our executives and their email. We can have a guest sitting on a guest network, on a wireless network. Or on one of our business center machines, or using our resort network for any one of a number of the conference things that they're doing and the different ports that we have to open and the different bandwidth scenarios that you've got dealing with. All of these things come into play because if any attack comes from any of those channels you have to make sure that segmentation is right, that your tooling is proper and that your team is aware and watching for it. And so it does. It makes it a very challenging environment to be in. >> You know, I don't want to bring up the budget issue but I'll bring up the budget issue. You can have unlimited budget because there's so many tools out there and platforms now. I mean, if you've look at the ecosystem map of the cybersecurity landscape that you have to navigate through as a customer. You've got a lot of people knocking on your door to sell you stuff. So I have to ask you, what is the scale? I mean, you can't have unlimited budget. But the reality is you have to kind of, do the right thing. What's the most helpful kind of tools and platforms for you that you've seen that you've had experience with? Where's this going in terms of the most effective mechanisms and software and platforms that are available out there? >> From the security perspective specifically, the three things that are most important to me are visibility. Whether it's asset visibility or log visibility. You know, being able to see the data, being able to see what's going on. End user. Making sure that the end user has been trained, is aware and that you're watching them. Because the end user, the human is always the weakest link. The human doesn't have digital controls that can be hard set and absolutely followed. The human changes every day. And then our endpoint security solutions. Those are the three biggest things for me. You know, you have your network perimeter, your firewalls. But attackers aren't always looking for those. They're coming from the inside, they're finding a way around those. The biggest three things for me are endpoint, visibility and the end user. >> Yeah, it's awesome. And a lot of companies are really looking at their posture right now. So I would ask you as a CISO, who's in the front end of all this great stuff and protecting your networks and all your environments and the endpoints and assets. What advice would you have for other CISOs who are kind of trying to level up to where you're at, in terms of rethinking their security posture? What advice would you give them? >> The advice I would give you is surround yourself with people that are like-minded on the security side. Make sure that these people are aware but that they're willing to grow. Because security's always changing. If you get a security person that's dead set that they're going to be a network security person and that's all they're going to do. You know, you may have that need and you may fill it. But at the end of the day, you need somebody who's open rounded and ready to change. And then you need to make sure that you can have somebody, and the team that you work with is able to talk to your executives. It never fails, the executives. They understand security from the standpoint of the business, but they don't necessarily understand security from the technical side. So you have to make sure that you can cross those two boundaries. And when you grow your team you have to make sure that that's the biggest focus. >> I have to ask the pandemic question, but I know cybersecurity hasn't changed. In fact, it's gotten more aggressive in the pandemic. How has the post pandemic or kind of like towards the tail end of where we're at now, affect the cybersecurity landscape? Has it increased velocity? Has it changed any kind of threat vectors? Has it changed in any way? Can you share your thoughts on what happened during the pandemic and now has we come out of it into the next, well post pandemic? >> Absolutely. It affected hospitality in a kind of unique way. Because, a lot of the different governments, state, federal. I'm in Ohio. I work out of our Ohio resort. A lot of the governments literally shut us down or limited severely how many guests we could have in. So on the one hand you've got less traffic internal over the network. So you've got a little bit of a slow down there. But on the flip side it also meant a lot of our workers were working from home. So now you've got a lot of remote access coming in. You've got people that are trying to get in from home and work machines. You have to transition call centers and call volume and all of the things that come along with that. And you have to make sure that that human element is accounted for. Because, again, you've got people working from home, you no longer know if the person that's calling you today, if it's not somebody you're familiar with you don't know if that person is Joe Blow from the front desk or if that person's a vendor or who they are. And so when you deal with a company with 5,000 ish employees or 10,000 that some of these bigger companies are. 15,000, whatever the case may be. You know, the pandemic really put a shift in there because now you're protecting not only against the technologies, but you're dealing with all of the scams, all of the phishing attempts that are coming through that are COVID related. All of these various things. And it really did. It threw a crazy mix into cybersecurity. >> I can imagine that the brain trust over there is prior thinking, "Hey, we were a hybrid experience." Now, if people who have come and experienced our resorts and conventions can come in remotely, even in a hybrid experience with folks that are there. You've seen a lot of hybrid events for instance go on, where there's shared experience. I can almost imagine your service area is now extending to the homes of those guests. That you got to start thinking differently. Has that been something that you guys are looking at? >> We're looking at it from the standpoint of trying to broaden some of the events. In the case of a lot of our conventions, things of that nature. The conventions that aren't actually Kalahari's run conventions, we host them, we manage them. But it does... When you talk about workers coming from home to attend these conventions. Or these telecommuters that are attending these conventions. It does affect us in the stance that, like I said we have to provision network for these various events. And we have to make sure that the network and the security around the network are tight. So it does. It makes a big deal as far as how Kalahari does its business. Being able to still operate these different meetings and different conventions, and being able to host remotely as well. You know, making sure that telecommunications are available to them. Making sure that network access and room access are available to them. You know for places where we can't gather heavily in meetings. You know, these people still being able to be near each other, still being able to talk, but making sure that that technology is there between them. >> Well, Tim is great to have you on for this CUBE Conversation. CISO from the middle of all the action. You're seeing a lot. There's a lot of surface area you got to watch. There's a lot of data you got to observe. You got to get that visibility. You can only protect what you can see, and the more you see the better it is. The better the machine learning. You brought up the the common area about like-minded individuals. I want to just ask you on the final point here, on hiring and talent coming into the marketplace. I mean, this younger generation coming out of university and college is, or not even going to school. There's no cyber degree. I mean, there are now. But I mean, the world's changing. It's easy to level up. So, skill sets you can't get a degree in certain things. I mean, you got to have a broad set. What do you look for in talent? Is there a trend you see in terms of what makes a good cybersecurity professional, developer, analyst? Is there roles that you see emerging that you think people should pay attention to? What's your take on this as someone who's looking at the future? And- >> You know, it's very interesting that you bring this up. I actually have two of my team members, one directly working for me and another team member at Kalahari that are currently going through college degree programs for cybersecurity. And I wrote recommendations for them. I've worked with them, I'm helping them study. But as you bring people up, you know the other thing I do is I mentor at a couple of the local technical schools as well. I go in, I talk to people, I help them design their programs. And the biggest thing I try to get across to them is, number one, if you're in the learning side of it. Not even talking about the hiring side of it. If you're in the learning side of it, you need to come into it with a kind of an understanding to begin with to where you want to fit into security. You know, do you want to be an attacker, a defender, a manager? Where do you want to be? And then you also need to look at the market and talk to the businesses in the area. You know, I talk to these kids regularly about what their need is. Because if you're in school and you're taking Cisco classes, and focusing on firewalls and what an organization needs as somebody who can read log and do things like that. Or somebody who can do pen testing. You know, that's a huge thing. So I would say if you're on the hiring side of that equation, you know. Like you said, there's no super degrees that I can speak to. There's a lot of certifications. There's a lot of different things like that. The goal for me is finding somebody who can put hands to the ground and feet to the ground, and show me that they know what they know. You know, I'll pull somebody in, I'll ask them to show me a certain specific or I'll ask them for specific information and try to feel that out. Because at the end of the day, there's no degree that's going to protect my network. There's no degree that's a hundred percent going to understand Kalahari, for instance. So I want to make sure that the people I talk to, I get a broad interview scope, I get a number of people to talk to. And really get a feel for what it is they know, and what tools they want to work with and make sure it's going to align with us. >> Well, Tim, that's great that you do that. I think the industry needs that. And I think that's really paying it forward, by getting in and using your time to help shape the young curriculums and the young guns out there. It's interesting you know, like David Vellante and I talk on theCUBE all the time. Cyber is like sports. If you're playing football, you got to know the game. If you're playing football and you come in as a baseball player, the skills might not translate, right? So it's really more of, categorically cyber has a certain pattern to it. Math, open mindedness, connecting dots, seeing things around corners. Maybe it's more holistic views, if you're at the visibility level or getting the weeds with data. A lot of different skill sets needed. The aperture of the job requirements are changing a lot. >> They are. And you know, you touched on that really well. You know, they talk about hacking and the hacker mindset. You know, all the security stuff revolves around hacker. And people mislabel hacker. Hacking in general is making something do something that it wasn't originally designed to do. And when I hire people in security, I want people that have that mindset. I want people that not only are going to work with the tool set we have, and use that mathematical ability and that logic and that reasoning. But I want them to use a reasoning of, "Hey, we have this tool here today. How can this tool do what I want it do but what else can it do for me?" Because like any other industry we have to stretch our dollar. So if I have a tool set that can meet five different needs for me today, rather than investing in 16 different tool sets and spreading that data out and spreading all the control around. Let's focus on those tool sets and let's focus on using that knowledge and that adaptive ability that the human people have on the security side, and put that to use. Make them use the tools that work for them but make 'em develop things, new tools, new methods, new techniques that help us get things across. >> Grow the capabilities, protect, trust all things coming in. And Tim, you're a tech athlete, as we say and you've got a great thing going on over there. And again, congratulations on the work you're doing on the higher ed and the education side and the Kalahari Resorts & Conventions. Thanks for coming on theCUBE. I really appreciate the insight you're sharing. Thank you. >> Thanks for having me. >> Okay. I'm John Furrier here in Palo Alto for theCUBE. Thanks for watching. (somber music)

>>Okay, welcome back to the portion of the program for customer lightning talks, where we chat with Armas as customers for a rapid fire five minute session on their CISO perspectives and insights into cybersecurity. First up is Tim Everton, CISO of Kalahari resorts and conventions. Let's get it going. Hi, Tim. Welcome to the cube and Armas program, managing risk across your extended surface area. >>Thanks for having me appreciate it. >>So let's go, let's get going. So unified visibility across the extended asset service is key. You can't secure what you can see. Tell me about what you're able to centralize your views on network assets and what is arm doing from an impact standpoint that's had on your business? >>Sure. So traditionally basically, you know, you have all your various, your various management platforms, your Cisco platforms, your Sims, your, your wireless platforms, all of the different pieces. And you've got a list of disparate data out there, and you've gotta chase all of this data through all these different tools. Armas is fantastic and was really, you know, point blank drop in place for us as far as getting access to all of that data all in one place and giving us visibility into everything, basically open the doors, letting us see our customer wireless traffic, our internal traffic, our PCI traffic, because we deal with credit cards, HIPAA compliance, all this traffic, all these different places, all into one. >>All right, next up, vulnerability management is a big topic across all assets, not just it devices, the gaps are there in the current vulnerability management programs. How has Armas vulnerability management made things better for your business? And what can you see now that you couldn't see before? >>So Armas gives me better visibility of the network side of these vulnerabilities. You know, you, you have your necess vulnerability scanners, the things that look at machines, look at configurations and, and hard facts NEIS gives you all those. But when you turn to Armas, Armas looks at the network perspective, takes all that traffic that it's seeing on the network and gives you the network side of these vulnerabilities. So you can see if something's trying to talk out to a specific port or to a specific host on the internet and Armas consolidates, all that and gives you trusted sources of information to, to validate where those are coming from. >>You know, when you take into account all the criticality of the different kinds of assets involved in a business operation, and they're becoming more wider, especially with edge in other other areas, how has the security workload changed? >>The security workload has increased dramatically, especially in hospitality. In our case, we have, you know, not only do we have hotel rooms and, and visitors in our guests, we also have a convention center that we deal with. We have water parks and, and fun things for people to do, you know, families and, and businesses alike. And so when you add all those things up and you add the wireless and you add the network and you know, the audio video and all these different pieces that come into play with all of those things in hospitality, and you add our convention centers on top of it, the footprints just expanded enormously in the past few years. >>You know, when you have a digital transformation in a use case like yours, it's very diverse. You need a robust network, you need a robust environment to implement SaaS solutions, no ages to deploy, no updates needed. You gotta be gotta be in, in line with that to, to execute and scale. How easy was Armas to implement, ease of use of simplicity to plug and play. In other words, how quickly do you achieve this time to value? >>Oh goodness. We did a, we did a proof of concept about three months ago and one of our resort locations, we dropped in an Armas appliance and literally within the first couple hours of the appliance being on the network, we had data on 30 to 40,000 devices that were touching our network very quick and easy, very drop in plug and play and moving from the, you know, the POC to production, same deal. We, we dropped in these appliances in site. Now we're seeing over 180,000 devices touching our networks within a given week. >>Armas has this global asset knowledge base it's crowdsource and a asset intelligent engine. It's a game changer. It tracks managed unmanaged IOT devices. Were you shocked when you discovered how many assets they were able to discover and what impact did that have for you? >>Oh, absolutely. You know, not only do we have the devices that you know that we have, but you know, we have guests that bring things on site all the time, Roku, TVs, and players, and Amazon fire sticks and all these different things that are touching our network and seeing those in real time and seeing how much traffic they're using, you know, we can see utilization, we can see, you know, exactly what's being brought on. We can see vehicles in our parking lot that have access points turned on. I, it's just amazing how much data this opened our eyes to that. You know, you know, it's there, but you don't ever see it. >>It's bring your own equipment to the resort so you can watch all your Netflix HTMI cable. Everyone's doing it now. I mean, this is the new user behavior. Great insight. Anything more you'd want to say about Armas for the folks watching? >>I would say the key is they're very easy to work with. The team at Armas has worked very closely with me to get the integrations that we've, that we've put in place, you know, with, with our networking equipment, with our wireless, with, with different pieces of things. And they're working directly with me to help integrate some other things that we've asked them to do that aren't there already. Their team is very open. They listen, they take everything that we have to say as a customer to heart and, and they really put a lot of effort into making it happen. >>All right, Tim. Well, thanks for your time. I'm John fur with the cube, the leader in enterprise tech coverage. Up next in this lightning talk session is Brian Gilligan manager security and operates at Brookfield properties. Thanks for watching.

[Music] Andre one of the things that have come up is your relation with Russia as we talked about so I have to ask you a direct question do you to work with sanctioned Russian entities or Russian companies shown we and c5 we do not work with any company that's sanctioned from any country including Russia and the same applies to me we take sanctions very very seriously the one thing you don't mess with is US sanctions which has application worldwide and so you always have to stay absolutely on the right side of the law when it comes to sanctions so nothing nothing that's something that's connection nets are trying to make they're also the other connection is a guy named Victor Vail Selberg Viktor Vekselberg Vekselberg to go with the Russian names as people know what is your relationship with Viktor Vekselberg so victim Viktor Vekselberg is a is a very well known Russian businessman he's perhaps one of the best known Russian businessman in the West because he also lived in the US for a period of time it's a very well-known personality in in in Europe he's a donor for example to the Clinton Foundation and he has aggregated the largest collection of Faberge eggs in the world as part of national Russian treasure so he's a very well known business personality and of course during the course of my career which has focused heavily on also doing investigations on Russian related issues I have come across Viktor Vekselberg and I've had the opportunity to meet with him and so I know him as a as a business leader but c5 has no relationship with Viktor Vekselberg and we've never accepted any investment from him we've never asked him for an investment and our firm a venture capital firm has no ties to Viktor Vekselberg so you've worked had a relationship at some point in your career but no I wouldn't on a daily basis you don't have a deep relationship can you explain how deep that relationship is what were the interactions you had with him so clarify that point so so I know Viktor Vekselberg and I've met him on more than one occasion in different settings and as I shared with you I served on the board of a South African mining company which is black owned for a period of a year and which Renova had a minority investment alongside an Australian company called South 32 and that's the extent of the contact and exposure I've had to so casual business run-ins and interactions not like again that's correct deep joint ventures are very kind of okay let's get back to c5 for a minute cause I want to ask you it but just do just a circle just one last issue and Viktor Vekselberg Viktor Vekselberg is the chairman of scope over the Russian technology innovation park that we discussed and he became the chairman under the presidency of President Dmitry Medvedev during the time when Hillary Clinton was doing a reset on Russian relations and during that time so vekselberg have built up very effective relationships with all of the or many of the leading big US technology companies and today you can find the roster of those partners the list of those partners on the scope of our website and those nuclear drove that yes Victor drove that Victor drove that during during in the Clinton Secretary of this started the scope of our project started during the the Medvedev presidency and in the period 2010-2011 you'll find many photographs of mr. vekselberg signing partnership agreements with very well known technology companies for Skolkovo and most of those companies still in one way or another remain involved in the Skolkovo project this has been the feature the article so there are I think and I've read all the other places where they wanted to make this decision Valley of Russia correct there's a lot of Russian programmers who work for American companies I know a few of them that do so there's technology they get great programmers in Russia but certainly they have technology so oracles they're ibm's they're cisco say we talked about earlier there is US presence there are you do you have a presence there and does Amazon Web service have a presence on do you see five it and that's knowing I was alright it's well it's a warning in the wrong oh sorry about that what's the Skog Obama's called spoke over so Andres Kokomo's this has been well report it's the Silicon Valley of Russia and so a lot of American companies they're IBM Oracle Cisco you mentioned earlier I can imagine it makes sense they a lot of recruiting little labs going on we see people hire Russian engineers all the time you know c5 have a presence there and does AWS have a presence there and do you work together in a TBS in that area explain that relationship certainly c5 Amazon individually or you can't speak for Amazon but let's see if I've have there and do you work with Amazon in any way there c-5m there's no work in Russia and neither does any of our portfolio companies c5 has no relationship with the Skolkovo Technology Park and as I said the parties for this spoke of a Technology Park is a matter of record is only website anyone can take a look at it and our name is not amongst those partners and I think this was this is an issue which I which I fault the BBC report on because if the BBC report was fair and accurate they would have disclosed the fact that there's a long list of partners with a scope of our project very well known companies many of them competitors in the Jedi process but that was not the case the BBC programme in a very misleading and deceptive way created the impression that for some reason somehow c5 was involved in Skolkovo without disclosing the fact that many other companies are involved they and of course we are not involved and your only relationship with Declan Berg Viktor Vekselberg was through the c5 raiser bid three c5 no no Viktor Vekselberg was never involved in c5 raiser Petco we had Vladimir Kuznetsov as a man not as a minority investor day and when we diligence him one of our key findings was that he was acting in independent capacity and he was investing his own money as a you national aniseh Swiss resident so you if you've had no business dealings with Viktor Vekselberg other than casual working c-5 has had no business dealings with with Viktor Vekselberg in a in a personal capacity earlier before the onset of sanctions I served on the board of a black-owned South African mining company and which Renault bombs the Vekselberg company as a minority investment alongside an Australian company called South 32 and my motivation for doing so was to support African entrepreneurship because this was one of the first black owned mining companies in the country was established with a British investment in which I was involved in and I was very supportive of the work that this company does to develop manganese mining in the Kalahari Desert and your role there was advisory formal what was the role there it was an advisory role so no ownership no ownership no equity no engagement you call them to help out on a project I was asked to support the company at the crucial time when they had a dispute on royalties when they were looking at the future of the Kalahari basin and the future of the manganese reserve say and also to help the company through a transition of the black leadership the black executive leadership of the cut year is that roughly 2017 so recently okay let on the ownership of c5 can you explain who owns c5 I mean you're described as the owner if it's a venture capital firm you probably of investors so your managing director you probably have some carry of some sort and then talk about the relationship between c5 razor bidco the Russian special purpose vehicle that was created is that owning what does it fit is it a subordinate role so see my capital so Jones to start with c5 razor boot code was was never a Russian special purpose vehicle this was a British special purpose vehicle which we established for our own investment into a European enterprise software company vladimir kuznetsov later invested as an angel investor into the same company and we required him to do it through our structure because it was transparent and subject to FCA regulation there's no ties back to c5 he's been not an owner in any way of c5 no not on c5 so C fibers owned by five families who helped to establish the business and grow the business and partner in the business these are blue chip very well known European and American families it's a small transatlantic community or family investors who believe that it's important to use private capital for the greater good right history dealing with Russians can you talk about your career you mentioned your career in South Africa earlier talk about your career deal in Russia when did you start working with Russian people I was the international stage Russian Russia's that time in 90s and 2000 and now certainly has changed a lot let's talk about your history and deal with the Russians so percent of the Soviet Union I think there was a significant window for Western investment into Russia and Western investment during this time also grew very significantly during my career as an investigator I often dealt with Russian organized crime cases and in fact I established my consulting business with a former head of the Central European division of the CIA who was an expert on Russia and probably one of the world's leading experts on Russia so to get his name William Lofgren so during the course of of building this business we helped many Western investors with problems and issues related to their investments in Russia so you were working for the West I was waiting for the West so you are the good side and but when you were absolutely and when and when you do work of this kind of course you get to know a lot of people in Russia and you make Russian contacts and like in any other country as as Alexander Solzhenitsyn the great Russian dissident wrote the line that separates good and evil doesn't run between countries it runs through the hearts of people and so in this context there are there are people in Russia who crossed my path and across my professional career who were good people who were working in a constructive way for Russia's freedom and for Russia's independence and that I continue to hold in high regard and you find there's no technical security risk the United States of America with your relationship with c5 and Russia well my my investigative work that related to Russia cases are all in the past this was all done in the past as you said I was acting in the interest of Western corporations and Western governments in their relations with Russia that's documented and you'd be prepared to be transparent about that absolutely that's all those many of those cases are well documented to corporations for which my consulting firm acted are very well known very well known businesses and it's pretty much all on the on the Podesta gaiting corruption we were we were we were helping Western corporations invest into Russia in a way that that that meant that they did not get in meshed in corruption that meant they didn't get blackmailed by Russia organized crime groups which meant that their investments were sustainable and compliant with the Foreign Corrupt Practices Act and other bribery regulation at war for everyone who I know that lives in Europe that's my age said when the EU was established there's a flight of Eastern Europeans and Russians into Western Europe and they don't have the same business practices so I'd imagine you'd run into some pretty seedy scenarios in this course of business well in drug-dealing under I mean a lot of underground stuff was going on they're different they're different government they're different economy I mean it wasn't like a structure so you probably were exposed to a lot many many post-conflict countries suffer from predatory predatory organized crime groups and I think what changed and of course of my invested investigative career was that many of these groups became digital and a lot of organized crime that was purely based in the physical world went into the into the digital world which was one of the other major reasons which led me to focus on cyber security and to invest in cyber security well gets that in a minute well that's great I may only imagine some of the things you're investigated it's easy to connect people with things when yeah things are orbiting around them so appreciate the candid response there I wanna move on to the other area I see in the stories national security risk conflict of interest in some of the stories you seeing this well is there conflict of interest this is an IT playbook I've seen over the years federal deals well you're gonna create some Fahd fear uncertainty and doubt there's always kind of accusations you know there's accusations around well are they self dealing and you know these companies or I've seen this before so I gotta ask you they're involved with you bought a company called s DB advisors it was one of the transactions that they're in I see connecting to in my research with the DoD Sally Donnelly who is Sally Donnelly why did you buy her business so I didn't buy Sonny Donnelly's business again so Sally Tony let's start with Sally darling so Sally Donny was introduced to me by Apple Mike Mullen as a former chairman of the Joint Chiefs of Staff and Sally served as his special advisor when he was the chairman of the Joint Chiefs of Staff Apple Mullen was one of the first operating parties which we had in c5 and he continues to serve Admiral Mullen the four start yes sir okay and he continues to serve as one of operating partners to this day salad only and that will Mike worked very closely with the Duke of Westminster on one of his charitable projects which we supported and which is close to my heart which is established a new veteran rehabilitation center for Britain upgrading our facility which dates back to the Second World War which is called Headley court to a brand-new state-of-the-art facility which was a half a billion dollar public-private partnership which Duke led and in this context that Ron Mullen and Sally helped the Duke and it's team to meet some of the best experts in the US on veteran rehabilitation on veteran care and on providing for veterans at the end of the service and this was a this was a great service which it did to the to this new center which is called the defense and national rehabilitation center which opened up last summer in Britain and is a terrific asset not only for Britain but also for allies and and so the acquisition she went on to work with secretary Manus in the Department of Defense yes in February Feb 9 you through the transaction yes in February 2017 Sally decided to do public service and support of safety matters when he joined the current administration when she left her firm she sold it free and clear to a group of local Washington entrepreneurs and she had to do that very quickly because the appointment of secretary mattis wasn't expected he wasn't involved in any political campaigns he was called back to come and serve his country in the nation's interest very unexpectedly and Sally and a colleague of us Tony de Martino because of their loyalty to him and the law did to the mission followed him into public service and my understanding is it's an EAJA to sell a business in a matter of a day or two to be able to be free and clear of title and to have no compliance issues while she was in government her consulting business didn't do any work for the government it was really focused on advising corporations on working with the government and on defense and national security issues I didn't buy Sonny's business one of c-5 portfolio companies a year later acquired SPD advisors from the owner supported with a view to establishing and expanding one of our cyber advising businesses into the US market and this is part of a broader bind bolt project which is called Haven ITC secure and this was just one of several acquisitions that this platform made so just for the record c5 didn't buy her company she repeat relieved herself of any kind of conflict of interest going into the public service your portfolio company acquired the company in short order because they knew the synergies because it would be were close to it so I know it's arm's length but as a venture capitalist you have no real influence other than having an investment or board seat on these companies right so they act independent in your structure absolutely make sure I get that's exactly right John but but not much more importantly only had no influence over the Jedi contract she acted as secretary mitosis chief of staff for a period of a year and have functions as described by the Government Accounting Office was really of a ministerial nature so she was much more focused on the Secretary's diary than she was focused on any contracting issues as you know government contracting is very complex it's very technical sally has as many wonderful talents and attributes but she's never claimed to be a cloud computing expert and of equal importance was when sally joined the government in february 17 jeddah wasn't even on the radar it wasn't even conceived as a possibility why did yet I cannot just for just for the record the Jedi contract my understanding is that and I'm not an expert on one government contracting but my understanding is that the RFP the request for proposals for the July contract came out in quarter three of this year for the first time earlier this year there was a publication of an intention to put out an RFP I think that happened in at the end of quarter one five yep classic yeah and then the RFP came out and called a three bits had to go in in November and I understand a decision will be made sometime next year what's your relationship well where's she now what she still was so sunny left finished the public service and and I think February March of this year and she's since gone on to do a fellowship with a think-tank she's also reestablished her own business in her own right and although we remain to be good friends I'm in no way involved in a business or a business deal I have a lot of friends in DC I'm not a really policy wonk of any kind we have a lot of friends who are it's it's common when it administrations turnover people you know or either appointed or parked a work force they leave and they go could they go to consultancy until the next yeah until the next and frustration comes along yeah and that's pretty common that's pretty cool this is what goes on yeah and I think this whole issue of potential conflicts of interest that salad only or Tony the Martino might have had has been addressed by the Government Accounting Office in its ruling which is on the public record where the GAO very clearly state that neither of these two individuals were anywhere near the team that was writing the terms for the general contract and that their functions were really as described by the GAO as ministerial so XI salient Antonia was such a long way away from this contact there's just no way that they could have influenced it in in in any respect and their relation to c5 is advisory do they and do they both are they have relations with you now what's the current relationship since since Sally and Tony went to do public service we've had no contact with them we have no reason of course to have contact with them in any way they were doing public service they were serving the country and serving the nation and since they've come out of public service we've we've not reestablished any commercial relationship so we talked earlier about the relation with AWS there's only if have a field support two incubators its accelerator does c5 have any portfolio companies that are actually bidding or working on the Jedi contract none what Santa John not zero zero so outside of c5 having relation with Amazon and no portfolios working with a Jedi contract there's no link to c5 other than a portfolio company buying Sally Donnelly who's kind of connected to general mattis up here yeah Selleck has six degrees of separation yes I think this is a constant theme in this conspiracy theory Jonas is six degrees of separation it's it's taking relationships that that that developed in a small community in Washington and trying to draw nefarious and sinister conclusions from them instead of focusing on competing on performance competing on innovation and competing on price and perhaps that's not taking place because the companies that are trying to do this do not have the capability to do so Andre I really appreciate you coming on and answering these tough questions I want to talk about what's going on with c5 now but I got to say you know I want to ask you one more time because I think this is critical you've worked for big-time company Kroll with terminus international market very crazy time time transformation wise you've worked with the CIA in Quantico the FBI nuclei in Quantico on a collaboration you were to know you've done work for the good guys you have see if I've got multiple years operating why why are you being put as a bad guy here I mean you're gonna you know being you being put out there with if you search your name on Google it says you're a spy all these evil all these things are connecting and we're kind of digging through them they kind of don't Joan I've had the privilege of a tremendous career I've had the privilege of working with with great leaders and having had great mentors if you do anything of significance if you do anything that's helping to make a difference or to make a change you should first expect scrutiny but also expect criticism when that scrutiny and criticism are fact-based that's helpful and that's good for society and for the health of society when on the other hand it is fake news or it is the construct of elaborate conspiracy theories that's not good for the health of society it's not good for the national interest is not good for for doing good business you've been very after you're doing business for the for the credibility people questioning your credibility what do you want to tell people that are watching this about your credibility that's in question again with this stuff you've done and you're continuing to do what's the one share something to the folks that might mean something to them you can sway them or you want to say something directly what would you say the measure of a person it is his or her conduct in c-five we are continuing to build our business we continue to invest in great companies we continue to put cravat private capital to work to help drive innovation including in the US market we will continue to surround ourselves with good people and we will continue to set the highest standards for the way in which we invest and build our businesses it's common I guess I would say that I'm getting out as deep as you are in the in term over the years with looking at these patterns but the pattern that I see is very simple when bad guys get found out they leave the jurisdiction they flee they go do something else and they reinvent themselves and scam someone else you've been doing this for many many years got a great back record c5 now is still doing business continuing not skipping a beat the story comes out hopefully kind of derail this or something else will think we're gonna dig into it so than angle for sure but you still have investments you're deploying globally talk about what c5 is doing today tomorrow next few months the next year you have deals going down you're still doing business you have business out there our business has not slowed down for a moment we have the support of tremendous investors we have the support of tremendous partners in our portfolio companies we have the support of a great group of operating partners and most important of all we have a highly dedicated highly focused group of investment teams of very experienced and skilled professionals who are making profitable investments and so we are continuing to build our business we have a very full deal pipeline we will be completing more investment transactions next week and we are continue to scalar assets under management next year we will have half a billion dollars of assets under management and we continue to focus on our mission which is to use private capital to help innovate and drive a change for good after again thank you we have the story in the BBC kicked all this off the 12th no one's else picked it up I think other journals have you mentioned earlier you think this there's actually people putting this out you you call out let's got John wheeler we're going to look into him do you think there's an organized campaign right now organized to go after you go after Amazon are you just collateral damage you mentioned that earlier is there a funded effort here well Bloomberg has reported on the fact that that one of the competitors for this bit of trying to bring together a group of companies behind a concerted effort specifically to block Amazon Web Services and so we hear these reports we see this press speculation if that was the case of course that would not be good for a fair and open and competitive bidding process which is I think is the Department of Defense's intention and what is in the interests of the country at a time when national security innovation will determine not only the fate of future Wars but also the fate of a sons and daughters who are war fighters and to be fair to process having something undermine it like a paid-for dossier which I have multiple sources confirming that's happened it's kind of infiltrating the journalists and so that's kind of where I'm looking at right now is that okay the BBC story just didn't feel right to me credible outlet you work for them you did investigations for them back in the day have you talked to them yes no we are we are we are in correspondence with the BBC I think in particular we want them to address the fact that they've conflated facts in this story playing this parlor game of six degrees of separation we want them to address the important principle of the independence of the in editorial integrity at the fact that they did not disclose that they expert on this program actually has significant conflicts of interests of his own and finally we want them to disclose the fact that it's not c5 and Amazon Web Services who have had a relationship with the scope of our technology park the scope of our technology park actually has a very broad set of Western partners still highly engaged there and even in recent weeks of hosted major cloud contracts and conferences there and and all of this should have been part of the story in on the record well we're certainly going to dig into it I appreciate your answer the tough questions we're gonna certainly look into this dossier if this is true this is bad and if there's people behind it acting behind it then certainly we're gonna report on that and I know these were tough questions thanks for taking the time Andre to to answer them with us Joan thanks for doing a deep dive on us okay this is the Q exclusive conversation here in Palo Alto authority narc who's the founder of c-5 capital venture capital firm in the center of a controversy around this BBC story which we're going to dig into more this has been exclusive conversation I'm John Tory thanks for watching [Music] you