live from Barcelona Spain it's the cube covering Cisco live 2020s brought to you by Cisco and its ecosystem partners welcome back to Barcelona Spain everybody this is the cube the leader and live tech coverage and we're here day one for us at Cisco live Barcelona even though we did a little preview game preview yesterday my good friend kena Reilly is here he's the director of customer experience at Cisco and he's joined by Kyle winters Technical Marketing engineer for the customer experience technology and transformation group it's six to go guys great to see you thanks for coming on and you know we love talking customer experience Cisco is a it's a big company big portfolio and a lot of complexity for clients and so bring it all together and customer experience is very important can't we have it a conversation with Alastair early today and he was talking about Cisco's commitment from the top chuck Robbins on down to really improve that customer experience bring essentially a digital virtual experience to your customers and you guys obviously fit into that right absolutely so about two years ago when Chuck brought in Maria Martinez that was the first step into really pushing Cisco to focus more on successful outcomes for customers so we had already always sold that way but with the complexity of technology and how fast technology is moving accelerating value realization for customers has never been bigger especially in the security space because as we've talked before you know with everything that goes on today and the fact that the bad guys are trying to get data faster quicker and different getting the technology in play operational and production it has never been more important and we're gonna dig in with Kyle with some detail and double click into the lifecycle specifically and the different points of that journey but that's really important for any customer experience is really understanding that lifecycle that maturity model can you talk about that a little bit yeah so so with us you know we've been at it for about six years when we started as Lancope so we've got a great model and you know our approach to getting outcomes for customers is completely in line with with the strategy of our products and technologies and all security so it's really important that you align with that strategy because salespeople sell and they sell you the what we sell the how we're gonna get you and so you have to understand what it is that customers need and how that technology maps because you don't want a shelf where and you don't want products or technology sitting there waiting to be implemented because you know these days especially with the move to the cloud it's got to get up and running you know within an hour so our model has always been that way we built our model with customer first and so we are you know we are the security experts we're the trusted security adviser so when we go in and work with customers we completely know exactly those outcomes that they need and with all the sort of technologies and products that we have not only with stealthWatch but the other products that sent ulema tree to us we have in Kyle will talk about how our service is completely aligned with those outcomes and the journeys that we will take our customers on yes a faster adoption means faster time to value obviously let's focus in on stealthWatch Kenneth you came in with the stealthWatch acquisitions been very successful I mean Cisco security business grew 22% last quarter we'll talk more about the sort of umbrella but let's drill in with Kyle to stealthWatch services specifically maybe you could sort of take us through you know at a high level what what the areas are and then we can sort of follow up on yeah yes so so our customer maturity model when it comes to services there's kind of three different stages to it it starts with the visibility stage so we have services around being able to deploy an operational I stealthWatch will bring in our best practices and help customers get up to speed and using the system quickly and efficiently from there we also have services around detection capabilities so being able to use automation and integrations to further the detection capabilities of stealthWatch things like being able to classify host groups through automation from source like IP address management systems things like asset discovering classification service that helped drive segmentation efforts all of these things help improve the behavioral algorithms and processes that stealthWatch is using to detect these threats in real time and then from there we have an integration stage as well - which is all about bridging the gap between stealthWatch and the rest of not only Cisco's portfolio but the entirety of our customer security portfolio as well and some of those services include things like sim integrations being able to integrate stealthWatch with Splunk we have services such as our proxy integration service as well a lot of different types of services that we're able to help get our customers to the next stage with their stealth watch environments I got a lot of questions yeah we could get to it and you guys could take it by stage so yes the sort of visibility that's where you start that's when you do the discovery right so what what are you discovering how do you actually do that discovery so a lot of that is about making sure that we've got all the flow and telemetry that we need from the various different sources of our network coming into stealthWatch feeding into the processes and algorithms that are going on there so a lot of things is not only net flow data but getting ice integrated in there as well being able to pull that user attribution data and being able to find sources of data where we maybe can convert it into net flow if it's not already net flow and be able to ingest that data as well we also in that space typically to help set up customers with a lot of different best practices that kind of get them operationalized very quickly and things like being able to build custom reports and dashboards for them will work through them which is kind of understanding the system from a base level to more of a professional fully operational level a lot of times we come in during the stage two and customers don't even understand what's going on in their network they're seeing things that maybe they've never seen before one stealthWatch turns on a great example actually as we were at a large financial firm and we were able within 30 minutes of being on site with them through our services team we were able to identify rogue DNS servers unsecured telnet going on sequel injections suspicious SMB and that's the sage traffic this is all just within 30 minutes of us coming on there and taking a look at this stuff you don't even want to look at sometimes yeah so who's doing this can I mean is this sort of all automated you've got professionals sort of overseeing it in our society yeah so the team that we have the technology transformation team when we've talked about it before that team is kind of on the bleeding edge of helping customers and you know a lot of these services that that Kyle talked about is we are building services that customers are consuming based on their needs today and that's why the team is very flexible we build you know a lot of these integrations with those requirements in mind and then we take those and we can scale that so these are all field engineers we have developers so in in essence it is like a mini development team that goes out and works on the specific things that customers need to protect themselves okay and my understanding is there's a there's an ongoing learning with the customers and a it's a transfer of knowledge from day one right there the customer is with you on this in each of these phases and you're sort of learning as they go along and that's sort of part of the transfer of knowledge it's I would say even a tool a transfer knowledge too because we're teaching them our best practices and how to best be successful with these systems but we also learn from them what's going on what are the trends that they're seeing how can we help get them to the next stage and that's where our technology and transformation group comes and they're able to be on the cutting edge here the problems that the customers are talking about and be able to take stealthWatch to the next level okay let's dig it to the detection phase so this is where you're classifying things like host groups etc I'm interested in how that happens is that you know it used to be you'd get everybody in a room you start drawing pictures and that just doesn't scale it's too complicated today so can you auto classify stuff how does that all work and use them oh yeah genius math to do that so so traditionally the the you know the MIT's a manual effort to classify your whole group somebody who's very familiar with the network comes in and they say okay these are the DNS servers these are the web servers these are this network scanners oh oh today but the problem is that today's networks are so dynamic and fluid that what the network looks like today is not necessarily going to be the same tomorrow so there needs to be that relief from the analyst to be able to come in there needs to be that automation that they can go in each day and know that their system is going to be classified accurately and meaningfully that way the behavioral detection that is built into stealthWatch is also driven and accurate and meaningful - so we have this service so for example our host group automation service and through that we're able to pull in telemetry and data from various different sources such as IP address management systems cmdbs we can do threat feeds as well external threat feeds and we're able to drive the classification based off of the metadata that we see from these different sources so we're able to write different types of automation rules that essentially pull this data in detect the different patterns that we're seeing with that metadata and then drive that classification stealthWatch that way when you come in that next day you know that your network scanners are gonna be classified as Network scanners and your web servers are gonna be web servers etc etc so you you have that integrity of data coming in every single day yeah so a lot of different data sources data quality obviously really important I mean you'd love it if somebody had like you know a single CMDB from ServiceNow boom and pop it right in but that's not always the case we never always the case there's always a challenge and that's where kind of our services engineers come in they're able to work through these different environments and understand what the main admit what the metadata is where we need to go and how we need to classify and driving the classification from there so it does require a little bit of a human element on the front-end but once we get it worked out it can be fully automated you know there's lots of different sources and the quality of the data is not always there we've seen for example customers who have Excel spreadsheets and everything is just you're all over the place and we have to figure out a way to work with that and that's part of what our engineer success is so before we get to the integration piece can you been following this industry for for a while um security is really exciting space it's growing like crazy it's really hard I did a braking analysis piece you know a few weeks ago just talking about the fragmentation in the business you see startups coming out like crazy big valuations at the same time you see companies like Cisco with big portfolios yeah you mentioned Splunk before and they've kind of become a gold standard for for log files but very complex and you talk to security practitioners and they'll tell you our number one problem is just skillsets so get you know paint a picture of what's going on in the security world and what's in the house cisco is trying to address that so the security teams the analysts all the way up the management chain to the sea so they're under tremendous pressure their businesses are growing and so when their businesses are growing the sort of a tax base is growing and the business is growing faster than they can protect it so with the sort of increase in the economy more money more investment to build more point products so you've got a very stressed team a lot of turnover skill sets aren't great and what do we do as an industry we just give them more technology right more tools more tools complexity avalanche ok they're buried all right so we feel and we've made great strides within the security group within Cisco is we're taking the products that we have and we're integrating them under one platform so that it is in a bunch of point products and so that the that's what everybody else is doing I mean the other guys are acquiring companies then they're trying to integrate those because the customers are saying I don't need another point protocol yeah yeah it's too much so you know with us that's the way we approach it and now with the platform that's going to be launching this year the cisco threat response that we've launched you're gonna see later on in this year that we will be selling and positioned in implementing the entire platform yeah so I have a stat I came up with this and my one of my analyses it was the the worldwide economy is like 86 trillion and we spent about 0.014 percent on security so we're barely scratching the surface so this sort of tools avalanche probably isn't gonna change though integration becomes an extremely important aspect of the customer journeys and it's through that and to continue on that point you just made as well - I believe in our Cisco cybersecurity report from 2017 only fifty four six percent or fifty seven percent of actual threats are being investigated remediated so there's always that need to kind of help build bridge that gap make it easier for people to understand these threats and and mitigate and prioritize know what to go after right which part the integration exactly so we do have a lot of different integration services as well - for example I mentioned our sim integration service one thing that we can really do that's really awesome with that is we're able to deploy for example with Splunk a full-fledged stealthWatch for Splunk application that allows you to utilize stealth watches capabilities directly inside of Splunk without having to actually store an index any data inside of Splunk so all these api's are on demand inside of this app and available throughout the rest of the Splunk capabilities as well so you can extend it into other search reporting correlate that against other sets of data that you have and Splunk you can do quite a bit with it we also have other ways absolutely advantage of that is just obviously integration you're not leaving the environment plus its cost you're saving customers money a lot of a lot of customers kind of see their sim as a single pane of glass so being able to bring that stealthWatch value into that single pane is a huge win for our customers not to mention that reduction in licensing costs as well we have other ways to that we can reduce licensing costs some customers like to send their flow data into their sim for deeper analytics and long-term retention and we have a service we call it our flow adapter service and through this service we're essentially able to take buy flow off of the stealthWatch flow collectors and the buy flow is essentially when the raw net flow hits the stealthWatch flow collectors it's coming from multiple different routers and switches on the network this is gets converted into bi flow which is bi-directional deduplicated stitched together flow records so right there by sending that data into a sim or a data Lake as opposed to ronette flow we see data reduction cost anywhere from 15 to 80% depending on how the customers network is architected great any any favorite customer examples you have that you can share where ya guys have gone in you know provided these services and and it's had an outcome that got the customer excited or you found some bad guys or there's one that's one of my favorites so we have this service we call it our asset discovering classification service and I mentioned the host tree of automation service that's if you have some sort of authoritative source we can pull that information in but if a customer doesn't have that authoritative source they don't know what's on their network and a lot of times too they want to do a segmentation effort they're undergoing network segmentation but they need to understand what's on their network how these devices are communicating and that's where our asset discovery classification service comes in we're able to pull in telemetry not just from stealthWatch but other sources such as ice tetration Active Directory I Pam's again as well and we're able to essentially profile these different devices based off of the nature of their behavior so we were at a kind of a large technology company and we were essentially in this effort trying to segment their security cameras and upon segmenting their security cameras we were able to build this report where we can see the security camera and how its communicating with the other parts of the network and we noticed that there was essentially two IP addresses from inside of their network that were accessing all these different security cameras but they were not authorized to so with this service we were able to see that these different these two hosts were unauthorized actually accessing these devices that got reported up through the management chain and ultimately those two employees were no longer at that technology permanence that was discovered nice to love it alright bring us on we're here in the dev net zone sort of all about hit for structures code and software and and and and talk a little bit about the futures where you see this all going yeah so for us for Cisco security the future is really bright we've either built or acquired a portfolio that the customers really need that get absolute outcomes that customers need and through the customer experience organization certainly stealthWatch is fitting into the broader play to to get customers who have all those technologies get that operational and get them success so when we talked last summer I told you the jury was still out we would see how the journeys gonna go and the journey has started it has gotten much better since the summer and this year I think we're gonna be doing some great things for our customers just we can't get in too much of the business but stealthWatch customers are still expanding because I think we told you last time customers can never get enough stealthWatch okay the attack surface is too big right so so we we feel really good about that and the other technologies that they're building really fit into what customers need we're going to the cloud so they're gonna be able to consume cloud on-prem hybrid protect networks the campus protect their cloud infrastructure so we're really checking a lot of boxes in our group brings it all together and takes all the complexity out of that for customers just to get them the outcomes that I named us Cisco is one of my four star security companies for 2020 okay based on spending data that we share from our friends at ETR and the reason was because cisco has both a large presence in the market and but also you have spending momentum I mentioned 22% you know growth last quarter and the security business but you've also got the expertise you put your money where your mouth is you know the big portfolio which helps if you can bring it together and do these types of integrations it simplifies the customers environment and so that's a winner in my book so I named you along with some other high fliers right you know and you see some really interesting startups coming out and probably acquisition targets probably something that aren't your radar but guys thanks so much for coming on the cube thank you thank you I keep it right there everybody we'll be back with our next guest is a Dave Volante for the cubes 2 min Amanda John Faria are also in the house at Cisco live Barcelona right back

>> Narrator: Live from San Diego, California it's theCUBE covering Cisco Live, US, 2019. Brought to you by Cisco and its eco system partners. >> Welcome back to San Diego everybody. This is theCUBE the leader in live tech coverage, My name is Dave Vellante, Stu Miniman is here, Lisa Martin as well but we've got a very special guest now Ken O'Reilly my good friend is here. He's the director of customer experience for Cisco Stealthwatch. Kenny great to see you thanks for coming on. >> Well, thanks for having me, Dave. Good seeing you as well. >> Yes so customer experience, people think about customer experience and security it's not always great right? It's a challenging environment they're constantly sort of chasing their tails it's like the arms race with the bad guy so what is customer experience all about in the context of security? >> So our number one goal for our security customers is to accelerate their value realization so our challenge is to make sure that they get the value out of the product that they're buying because every minute of every day the bad guys are trying to get their assets and their IP and when they buy a technology the quicker you can get it up and running and protect the better it is for our customer. >> So how do you measure like value? It's like reducing the amount of data that you're exposed to losing? Is it increasing the cost of the bad guys getting in? 'cause if I'm a bad guy and it costs me more to get in I would maybe go somewhere else, how do you measure that? >> Right so, you're right, so our whole product strategy is to increase the cost for the bad guy to get the IP or the assets and so for us we have to understand what the value proposition is for our product so that the customers can realize that value, so whether it's tryna help them with the use cases or operationalize the product or in our case what we try to do we have both network users and security users we try to get both groups to adopt the technology and then expand it from there, operation centers to the guys that are doing the thread hunting to the investigations et cetera. So that's how we sort of gauge the value is the number of people that are using the technology and the number of use cases that are actually implemented. >> So we've been talking about security all week Stealthwatch obviously you know one of the flagship products Cisco security business grew 21% last quarter so that's kind of an interesting stat services is 25% of the companies revenue so you're the intersection of two pretty important places for Cisco so specifically when you come into a customer engagement who are you engaging with is it a multidisciplinary are you primarily dealing with the SecOps group or do you touch other parts of the organization? >> Yeah, so typically when a company's looking, it's usually they're looking for network visibility so we're dealing with the network architecture teams and they typically bring in the security architects 'cause today they're working hand in hand, and then from there that's where we say preach the gospel of Stealthwatch we always say you can never have enough Stealthwatch okay? Because you can never have enough visibility 'cause once you turn the lights on and they can see what's going on in their network it's very illuminating for them and then they realize the challenges that they have and what they have to do to protect their assets. >> Yeah I joked at Google Cloud Next it's like the cockroaches all scrambling you know for the corners when you turn the lights on and Stealthwatch at its core is you don't need a lot of fancy AI even though you can apply fancy AI but you start with the basics right? What do ya got, where are the gaps okay, so now once it's exposed what do you do with that information is the customer experience group come in and help implement it faster? That's part of the value so time to value to that? >> So time to value with our experts of course we understand the space we understand our product we understand the challenge and of course our network and security customers are overwhelmed you know the stat that they throw out there is that our large customers have anywhere from 50-100 security products so how do you stand out? So as a vendor our number one goal is to build that relationship with the customer to become the trusted security advisor so we know better than anybody how to get that value how to get it quickly and you know the number one problem that they have Dave is how to operationalize all these tools 'cause Stealthwatch sits in the middle we're a big integration platform we take data, telemetry, NetFlow from a lot of different products and we bring that data together to figure out, to help that customer figure out how to make sense of it update their policies create better policies and really tighten up their security posture. >> Okay so they might like to reduce the number of tools but they really can't right? 'cause their using 'em and so what you do is you bring in a layer to help manage that. >> Absolutely. >> But you're also solving a problem just in terms of exposing gaps and then do you also have tooling to fill those gaps? Or is that partners tools is that Stealthwatch? >> So we have our own what we call integration platform where we have a platform that helps integrate other, not only other Cisco security technologies into our platform but other security technologies as well outside of Cisco so you know it's a platform that we've built it's part of our customer experience sort of tool set but it's a tool set unlike anybody else ever has so that along with what we do with the DevNet group we've built our own set of API's to integrate in with the product API's so we can pump data out to data lakes we can pump data out to SIMS like Splunk and some of the others so you know that's where we are we're a solutions group that's what we do we work on the solutions, long term value you know we work on the lifecycle sort of value chain with customers. We're there with 'em the whole time you know our goal; retention, we want them to renew which means they're investing in us again and of course as Cloud, as their infrastructure is moving the the Cloud and our technologies are moving to the Cloud we have to be there to help them get through all those technology challenges. >> So the pricing model is a subscription model is that right? >> Yeah. >> Or can be or? >> Yes, well we call it term all right? But it's essentially subscription we have switched over the last 18 months from a perm to a term based model. >> Which I mean Chuck Robbins in the conference calls in the earnings calls talks about the importance of you know increasingly having a rateable model and recognizing subscription, so when you say a term so I got to what, sign up for a year, two years, three years or something like that? >> We like three yep. >> So who doesn't right? Okay so you sign up for three years but the price book says monthly I'm sure right so you (laughs) make it look smaller, but it makes sense though because you're not going to start stop, start stop with your security, you really want to get success out of it so you got to have some kind of commitment, let's talk a little bit more about the analytics side of it and how you're applying machine intelligence I mean there's always been some form of analytics largely for reporting and things of that nature but now it's getting more automated so take us on that analytics journey Stealthwatch has been around for what five years? >> 15 yeah over 15 years. >> 15? >> Ken: Yes, yes, yes. >> Oh wow maybe I just found out about it five years ago. >> (laughs) right yeah, not but I mean-- >> Dave: Take us back five years. >> Five years? So the big thing for us in the data that we collect is context. Right so you've talked to TK about the more context you can add to that data the better you are at analyzing that data so for us that's one of the things that we do we add a lot of context to that data through ICE so identity information, what kind of assets they are and that's where we get to through our tools add more context so that our analytical engines so like the cognitive thread analytics, the encrypted thread analytics that we have, that they're able to analyze that data a lot better and that's what we've been doing now for the past three plus years since we were acquired by Cisco is to find a way to add more context to the data so that helps our analytics become much more effective. >> And you can interact with through API's say for instance Splunk you mentioned that so you got that data that you can operate on do you see a point where the machines are actually going to plug the holes? I mean are we on the cusp of that? In other words you see a gap >> Right. >> Dave: Today a human has to take action correct? >> Yes, right, right, right. >> Do you see a point maybe it's two, three, five 10 years but are we going to get to that point? >> I think so down the line I mean because we've seen as we've been able to get better visibility and better context about that data we can make better decisions through the machine all right? So it doesn't take an army of people to read the matrix right, we're getting better at you know synthesizing that matrix down you take our network segmentation capabilities that we've built as part of the Stealthwatch customer experience team we can get to well over 90% identification of the assets on the network which is a lot better than anybody else in the industry all right? So we're getting there and through sort of the final stages of reading that metrics, reading the matrix we're getting to the point where we understand a lot more what's on peoples networks what those assets are. >> So as a security practitioner how do you think we're doing as an industry? I mean I used to go back every year and say okay how much was spent on security? are we more secure, less secure? And it felt like you know as data grew it felt like we were getting more and more and more exposed you've seen the stats where when a company gets infiltrated it takes on average you know 250 days for them to realize they've been infiltrated is that changing, are we getting better as an industry? >> I think in Cisco we are because of the products that we have in that integrated architecture so when we first joined three years ago that was the drum beat and now today we integrate with ICE we're going to integrate with next generation firewall through the integration of the sort of analytics that we've got in the Cloud that's happening right? And we're trying to integrate with other products but you know you go down on the floor and you see the number of point products that is a nightmare for our customers so for us through the customer experience in our organization we're there to take that complexity out and bring all of those technologies together and when you get to that point then you're really making progress with a customer, a customer that's got 50-100 products in the mix that's a recipe for disaster and if it's still like that five years from now customers are still going to be challenged. >> So a big part of your customer experience mission is simplification, speed time, time to value. >> Yes. >> Raise the cost to the bad guys and then do it all over again. >> Yeah, yeah it's just rinse and repeat and that's a life cycle journey and that's what we take our customers through right. >> Now I noticed you have on your phone you got the Bruins logo. >> That's right, right here proud. >> So big game tomorrow any predictions? >> 4-3 in overtime Bruins. >> Oh my God I don't think my heart could take that. >> Could you not take that Dave? It's going to be an overtime game. >> Well it's you know it's rare to have a game seven in any, at the very final one, a lot of game sevens but not to win it all I think the last time at Boston was 1984. >> Ken: Is that right? >> Yeah it's been a long time, so you know I'm excited. >> I know you are (laughs) that's right. >> Warriors fans too we got that thing going out I mean I don't know for all you hoop fans out there so, >> Hopefully there's a game seven for that as well. >> Yeah let's go right, why not? >> Why not, game seven all round. >> All right so Chara is going to play with his broken jaw or whatever's going on. >> Matt Grzelcyk I hope is back. >> Dave: Yeah that would be key. >> That would be key yeah so, >> Dave: sure up the defense >> That's right. (crosstalk) >> Ken: He's a plus minus leader Chara. >> Oh yeah. >> That's right all time. >> Even though we give him a lot of grief. (laughter) he may look slow but he's all time plus minus leader. >> All right Kenny hey thanks so much-- >> All right Dave thanks for having me on all right go Bruins. >> All right keep it right there everybody go Bruins we will be right back Dave Vellante, Stu Miniman and Lisa Martin we're live from Cisco Live in San Diego you're watching theCUBE. (electronic jingle)