live from Barcelona Spain it's the cube covering Cisco live 2020s brought to you by Cisco and its ecosystem partners welcome back to Barcelona Spain everybody this is the cube the leader and live tech coverage and we're here day one for us at Cisco live Barcelona even though we did a little preview game preview yesterday my good friend kena Reilly is here he's the director of customer experience at Cisco and he's joined by Kyle winters Technical Marketing engineer for the customer experience technology and transformation group it's six to go guys great to see you thanks for coming on and you know we love talking customer experience Cisco is a it's a big company big portfolio and a lot of complexity for clients and so bring it all together and customer experience is very important can't we have it a conversation with Alastair early today and he was talking about Cisco's commitment from the top chuck Robbins on down to really improve that customer experience bring essentially a digital virtual experience to your customers and you guys obviously fit into that right absolutely so about two years ago when Chuck brought in Maria Martinez that was the first step into really pushing Cisco to focus more on successful outcomes for customers so we had already always sold that way but with the complexity of technology and how fast technology is moving accelerating value realization for customers has never been bigger especially in the security space because as we've talked before you know with everything that goes on today and the fact that the bad guys are trying to get data faster quicker and different getting the technology in play operational and production it has never been more important and we're gonna dig in with Kyle with some detail and double click into the lifecycle specifically and the different points of that journey but that's really important for any customer experience is really understanding that lifecycle that maturity model can you talk about that a little bit yeah so so with us you know we've been at it for about six years when we started as Lancope so we've got a great model and you know our approach to getting outcomes for customers is completely in line with with the strategy of our products and technologies and all security so it's really important that you align with that strategy because salespeople sell and they sell you the what we sell the how we're gonna get you and so you have to understand what it is that customers need and how that technology maps because you don't want a shelf where and you don't want products or technology sitting there waiting to be implemented because you know these days especially with the move to the cloud it's got to get up and running you know within an hour so our model has always been that way we built our model with customer first and so we are you know we are the security experts we're the trusted security adviser so when we go in and work with customers we completely know exactly those outcomes that they need and with all the sort of technologies and products that we have not only with stealthWatch but the other products that sent ulema tree to us we have in Kyle will talk about how our service is completely aligned with those outcomes and the journeys that we will take our customers on yes a faster adoption means faster time to value obviously let's focus in on stealthWatch Kenneth you came in with the stealthWatch acquisitions been very successful I mean Cisco security business grew 22% last quarter we'll talk more about the sort of umbrella but let's drill in with Kyle to stealthWatch services specifically maybe you could sort of take us through you know at a high level what what the areas are and then we can sort of follow up on yeah yes so so our customer maturity model when it comes to services there's kind of three different stages to it it starts with the visibility stage so we have services around being able to deploy an operational I stealthWatch will bring in our best practices and help customers get up to speed and using the system quickly and efficiently from there we also have services around detection capabilities so being able to use automation and integrations to further the detection capabilities of stealthWatch things like being able to classify host groups through automation from source like IP address management systems things like asset discovering classification service that helped drive segmentation efforts all of these things help improve the behavioral algorithms and processes that stealthWatch is using to detect these threats in real time and then from there we have an integration stage as well - which is all about bridging the gap between stealthWatch and the rest of not only Cisco's portfolio but the entirety of our customer security portfolio as well and some of those services include things like sim integrations being able to integrate stealthWatch with Splunk we have services such as our proxy integration service as well a lot of different types of services that we're able to help get our customers to the next stage with their stealth watch environments I got a lot of questions yeah we could get to it and you guys could take it by stage so yes the sort of visibility that's where you start that's when you do the discovery right so what what are you discovering how do you actually do that discovery so a lot of that is about making sure that we've got all the flow and telemetry that we need from the various different sources of our network coming into stealthWatch feeding into the processes and algorithms that are going on there so a lot of things is not only net flow data but getting ice integrated in there as well being able to pull that user attribution data and being able to find sources of data where we maybe can convert it into net flow if it's not already net flow and be able to ingest that data as well we also in that space typically to help set up customers with a lot of different best practices that kind of get them operationalized very quickly and things like being able to build custom reports and dashboards for them will work through them which is kind of understanding the system from a base level to more of a professional fully operational level a lot of times we come in during the stage two and customers don't even understand what's going on in their network they're seeing things that maybe they've never seen before one stealthWatch turns on a great example actually as we were at a large financial firm and we were able within 30 minutes of being on site with them through our services team we were able to identify rogue DNS servers unsecured telnet going on sequel injections suspicious SMB and that's the sage traffic this is all just within 30 minutes of us coming on there and taking a look at this stuff you don't even want to look at sometimes yeah so who's doing this can I mean is this sort of all automated you've got professionals sort of overseeing it in our society yeah so the team that we have the technology transformation team when we've talked about it before that team is kind of on the bleeding edge of helping customers and you know a lot of these services that that Kyle talked about is we are building services that customers are consuming based on their needs today and that's why the team is very flexible we build you know a lot of these integrations with those requirements in mind and then we take those and we can scale that so these are all field engineers we have developers so in in essence it is like a mini development team that goes out and works on the specific things that customers need to protect themselves okay and my understanding is there's a there's an ongoing learning with the customers and a it's a transfer of knowledge from day one right there the customer is with you on this in each of these phases and you're sort of learning as they go along and that's sort of part of the transfer of knowledge it's I would say even a tool a transfer knowledge too because we're teaching them our best practices and how to best be successful with these systems but we also learn from them what's going on what are the trends that they're seeing how can we help get them to the next stage and that's where our technology and transformation group comes and they're able to be on the cutting edge here the problems that the customers are talking about and be able to take stealthWatch to the next level okay let's dig it to the detection phase so this is where you're classifying things like host groups etc I'm interested in how that happens is that you know it used to be you'd get everybody in a room you start drawing pictures and that just doesn't scale it's too complicated today so can you auto classify stuff how does that all work and use them oh yeah genius math to do that so so traditionally the the you know the MIT's a manual effort to classify your whole group somebody who's very familiar with the network comes in and they say okay these are the DNS servers these are the web servers these are this network scanners oh oh today but the problem is that today's networks are so dynamic and fluid that what the network looks like today is not necessarily going to be the same tomorrow so there needs to be that relief from the analyst to be able to come in there needs to be that automation that they can go in each day and know that their system is going to be classified accurately and meaningfully that way the behavioral detection that is built into stealthWatch is also driven and accurate and meaningful - so we have this service so for example our host group automation service and through that we're able to pull in telemetry and data from various different sources such as IP address management systems cmdbs we can do threat feeds as well external threat feeds and we're able to drive the classification based off of the metadata that we see from these different sources so we're able to write different types of automation rules that essentially pull this data in detect the different patterns that we're seeing with that metadata and then drive that classification stealthWatch that way when you come in that next day you know that your network scanners are gonna be classified as Network scanners and your web servers are gonna be web servers etc etc so you you have that integrity of data coming in every single day yeah so a lot of different data sources data quality obviously really important I mean you'd love it if somebody had like you know a single CMDB from ServiceNow boom and pop it right in but that's not always the case we never always the case there's always a challenge and that's where kind of our services engineers come in they're able to work through these different environments and understand what the main admit what the metadata is where we need to go and how we need to classify and driving the classification from there so it does require a little bit of a human element on the front-end but once we get it worked out it can be fully automated you know there's lots of different sources and the quality of the data is not always there we've seen for example customers who have Excel spreadsheets and everything is just you're all over the place and we have to figure out a way to work with that and that's part of what our engineer success is so before we get to the integration piece can you been following this industry for for a while um security is really exciting space it's growing like crazy it's really hard I did a braking analysis piece you know a few weeks ago just talking about the fragmentation in the business you see startups coming out like crazy big valuations at the same time you see companies like Cisco with big portfolios yeah you mentioned Splunk before and they've kind of become a gold standard for for log files but very complex and you talk to security practitioners and they'll tell you our number one problem is just skillsets so get you know paint a picture of what's going on in the security world and what's in the house cisco is trying to address that so the security teams the analysts all the way up the management chain to the sea so they're under tremendous pressure their businesses are growing and so when their businesses are growing the sort of a tax base is growing and the business is growing faster than they can protect it so with the sort of increase in the economy more money more investment to build more point products so you've got a very stressed team a lot of turnover skill sets aren't great and what do we do as an industry we just give them more technology right more tools more tools complexity avalanche ok they're buried all right so we feel and we've made great strides within the security group within Cisco is we're taking the products that we have and we're integrating them under one platform so that it is in a bunch of point products and so that the that's what everybody else is doing I mean the other guys are acquiring companies then they're trying to integrate those because the customers are saying I don't need another point protocol yeah yeah it's too much so you know with us that's the way we approach it and now with the platform that's going to be launching this year the cisco threat response that we've launched you're gonna see later on in this year that we will be selling and positioned in implementing the entire platform yeah so I have a stat I came up with this and my one of my analyses it was the the worldwide economy is like 86 trillion and we spent about 0.014 percent on security so we're barely scratching the surface so this sort of tools avalanche probably isn't gonna change though integration becomes an extremely important aspect of the customer journeys and it's through that and to continue on that point you just made as well - I believe in our Cisco cybersecurity report from 2017 only fifty four six percent or fifty seven percent of actual threats are being investigated remediated so there's always that need to kind of help build bridge that gap make it easier for people to understand these threats and and mitigate and prioritize know what to go after right which part the integration exactly so we do have a lot of different integration services as well - for example I mentioned our sim integration service one thing that we can really do that's really awesome with that is we're able to deploy for example with Splunk a full-fledged stealthWatch for Splunk application that allows you to utilize stealth watches capabilities directly inside of Splunk without having to actually store an index any data inside of Splunk so all these api's are on demand inside of this app and available throughout the rest of the Splunk capabilities as well so you can extend it into other search reporting correlate that against other sets of data that you have and Splunk you can do quite a bit with it we also have other ways absolutely advantage of that is just obviously integration you're not leaving the environment plus its cost you're saving customers money a lot of a lot of customers kind of see their sim as a single pane of glass so being able to bring that stealthWatch value into that single pane is a huge win for our customers not to mention that reduction in licensing costs as well we have other ways to that we can reduce licensing costs some customers like to send their flow data into their sim for deeper analytics and long-term retention and we have a service we call it our flow adapter service and through this service we're essentially able to take buy flow off of the stealthWatch flow collectors and the buy flow is essentially when the raw net flow hits the stealthWatch flow collectors it's coming from multiple different routers and switches on the network this is gets converted into bi flow which is bi-directional deduplicated stitched together flow records so right there by sending that data into a sim or a data Lake as opposed to ronette flow we see data reduction cost anywhere from 15 to 80% depending on how the customers network is architected great any any favorite customer examples you have that you can share where ya guys have gone in you know provided these services and and it's had an outcome that got the customer excited or you found some bad guys or there's one that's one of my favorites so we have this service we call it our asset discovering classification service and I mentioned the host tree of automation service that's if you have some sort of authoritative source we can pull that information in but if a customer doesn't have that authoritative source they don't know what's on their network and a lot of times too they want to do a segmentation effort they're undergoing network segmentation but they need to understand what's on their network how these devices are communicating and that's where our asset discovery classification service comes in we're able to pull in telemetry not just from stealthWatch but other sources such as ice tetration Active Directory I Pam's again as well and we're able to essentially profile these different devices based off of the nature of their behavior so we were at a kind of a large technology company and we were essentially in this effort trying to segment their security cameras and upon segmenting their security cameras we were able to build this report where we can see the security camera and how its communicating with the other parts of the network and we noticed that there was essentially two IP addresses from inside of their network that were accessing all these different security cameras but they were not authorized to so with this service we were able to see that these different these two hosts were unauthorized actually accessing these devices that got reported up through the management chain and ultimately those two employees were no longer at that technology permanence that was discovered nice to love it alright bring us on we're here in the dev net zone sort of all about hit for structures code and software and and and and talk a little bit about the futures where you see this all going yeah so for us for Cisco security the future is really bright we've either built or acquired a portfolio that the customers really need that get absolute outcomes that customers need and through the customer experience organization certainly stealthWatch is fitting into the broader play to to get customers who have all those technologies get that operational and get them success so when we talked last summer I told you the jury was still out we would see how the journeys gonna go and the journey has started it has gotten much better since the summer and this year I think we're gonna be doing some great things for our customers just we can't get in too much of the business but stealthWatch customers are still expanding because I think we told you last time customers can never get enough stealthWatch okay the attack surface is too big right so so we we feel really good about that and the other technologies that they're building really fit into what customers need we're going to the cloud so they're gonna be able to consume cloud on-prem hybrid protect networks the campus protect their cloud infrastructure so we're really checking a lot of boxes in our group brings it all together and takes all the complexity out of that for customers just to get them the outcomes that I named us Cisco is one of my four star security companies for 2020 okay based on spending data that we share from our friends at ETR and the reason was because cisco has both a large presence in the market and but also you have spending momentum I mentioned 22% you know growth last quarter and the security business but you've also got the expertise you put your money where your mouth is you know the big portfolio which helps if you can bring it together and do these types of integrations it simplifies the customers environment and so that's a winner in my book so I named you along with some other high fliers right you know and you see some really interesting startups coming out and probably acquisition targets probably something that aren't your radar but guys thanks so much for coming on the cube thank you thank you I keep it right there everybody we'll be back with our next guest is a Dave Volante for the cubes 2 min Amanda John Faria are also in the house at Cisco live Barcelona right back