>>We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome. Good to see you. >>Hey, good morning Davis. Nice to meet, Meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so a few years ago IT security and an enterprise was primarily putting a wrapper around the data center because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the one small enough control today with the distributed data, intelligent software, different systems, multi-cloud onement and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure. In today's, you know, data driven world, it operates everywhere. And that has created and accessed everywhere so far from, you know, the centralized mono data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation, enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a wrap around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic. They need to be integrated, scalable, one that spans the entire enterprise and with a consistent and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing, changing, destroying, or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape, primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you're thinking about securing network infrastructure, when you are looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say, rules for that metal in a role based access control, whether you are security admin or a network admin or a storage admin. >>And it's imperative that logging is enabled because any of the change to the configuration is actually logged and monitored as well. We talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get und desired results in terms of, say validation of the images. It's, it needs to be done through in digital signature. So, so it's important that when you're talking about say, software integrity, A, you are ensuring that the platform is not compromised, you know, is not compromised, and B, that any upgrades, you know, that happens to the platform is happening through validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i, I think response, but please continue. >>Yeah, so you know, the third myth about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different. You know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And this are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It prides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging of any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like say segmentation isolated segments, I know via vrs or, or some micro segmentation via partners, this allows various level of security for each of those segments. >>So it's important, you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? You know, there are multiple layers of defense, you know, both at the edge and in the network, in the hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. >>If you look at say that you know the different pillars of a zero touch architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trusted platform in a trusted platform models tpms on certain offer products and you know, the physical security know, plain, simple old one lab port enabled from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. If you look at say a transport and a session trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain or telenet or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or a certificate authority based certification. >>And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the VGP peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here in now, you know, it's, it's typical that if you don't have a contra plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. From an application trust perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. >>And I did talk about, say the digital signature and the cryptographic checks and that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about say multitenancy aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift a vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz sec op teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our portfolio, >>It enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the anti fabric and you know, from a deployment and you know, the management of the network infrastructure, there are simplicities, you know, using, you know, like Ansible s for Sonic for example, are, you know, for a better or settle and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and awareness and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic NAS is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center. You now right up to the edge. Now if you look at our north from a smart traffic voice 10 perspective, you know, as I mentioned, we do have smart fabric services which essentially, you know, simplifies the deployment day zero. I mean rather day one, day two deployment expansion plans and the life cycle management of our conversion infrastructure and hyper and hyperconverge infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick pitch me, can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned. We've talking about the physical security, for example, let's say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is validated for the digital signature in know prior to any upgrade process. And if you are looking at secure access control, we do have things like role-based access control, SSH to the switches, control plane access control that pretty do attacks and say access control from multifactor authentication. >>We do have various tech hacks for entry control to the network and things like CSAC and P IV support, you know, from a federal perspective, we do have, say logging wherein, you know, any event, any auditing capabilities can be possible by say, looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say networks, you know, say network separation and you know, these, you know, separation, you know, ensures that that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone. And you know, this can be implemented by a, the micro segmentation, you know, just a plain old wheel are using virtual route of framework vr, for example. >>A lot there. I mean, I think, frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in, in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you can be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the Cube, your leader in enterprise and emerging tech coverage.

(upbeat music) >> We're back with a Blueprint for Trusted Infrastructure in partnership with Dell Technologies and theCUBE. And we're here with Mahesh Nagarathnam who is a consultant in the area of networking product management at Dell technologies. Mahesh, welcome, good to see you. >> Hey, good morning, Dave. It's nice to meet you as well. >> Hey, so we've been digging into all the parts of the infrastructure stack, and now we're going to look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective what's unique and challenging about securing network infrastructure that we should know about? >> Yeah, so a few years ago, IT security in an enterprise was primarily putting a wrapper around the data center because IT was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a wrapper around it like a perimeter or a firewall was a sufficient response because you could basically control the enormous data into small enough control. Today, with the distributed data intelligent software different systems, multi-cloud environment and asset service delivery. The infrastructure for the modern era changes the way to secure the network infrastructure. In today's data driven world, IT operates everywhere and data is created and accessed everywhere. So far from the centralized mono data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent, with automation, enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >> Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed, there is no perimeter anymore. So you can't just, as you say, put a wrapper around it, I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >> So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic. They need to be integrated, scalable, one that spans the enterprise and with a consistent and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles. In order to prevent the threat actors from accessing, changing, destroying or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective it's the ability to protect from and withstand attacks on the networking systems. As we continue to evolve, this will also include the ability to adapt and recover from these attacks which is what cyber resilience aspect is all about. So cybersecurity, best practices as you know is continuously changing the landscape primarily because the cyber threats also continue to evolve. >> Yeah, got it. I like that. So, it's got to be integrated. It's got to be scalable. It's got to be comprehensive and adaptable. You're saying it can't be static. >> Right. So I think, you had a second part of the question that says, what are the basic principles when you're thinking about securing network infrastructure. When you are looking at securing the network infrastructure it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to, based on their user level. Now accessing a network platform like a switch or a router, for example, is typically used for configuration and management of the networking switch. So user access is based on roles for that matter role based access control, whether you are security admin or a network admin or a storage admin. And it's imperative that logging is enabled because any of the change to the configuration is actually logged and monitored as well. When we're talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And this is important because it could actually get hold of the system and you could get undesired results. In terms of validation of the images, it needs to be done through digital signature. So it's important that when you're talking about software integrity, A, you are ensuring that the platform is not compromised and B, that any upgrades that happens to the platform is happening through validated signature. >> Okay. And now you've, so there's access control, software integrity and I think you got a third element, which is, I think response, but please continue. >> Yeah. So, the third one about vulnerability. So we follow the same process that's been followed by the rest of the products within the Dell Product family that's to report or identify any kind of vulnerability that's being addressed by the Dell Product Security Incident Response Team. So the networking portfolio is no different. It follows the same process for identification for triage and for resolution of these vulnerabilities. And this address either through patches or through new resource via networking software. >> Yeah, got it. I mean, you didn't say zero trust but when you were talking about access control you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but you, I think gave it some clarity there. Software integrity, it's about assurance, validation, your digital signature, you mentioned, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description. Thank you for that. But then the next question is how does Dell Networking fit into the construct of what we've been talking about, Dell Trusted Infrastructure? >> So networking is the key element in the Dell Trusted Infrastructure. It provides the interconnect between the server and the storage world and it's part of any data center configuration. For a trusted infrastructure, the network needs to have access control in place where only the authorized personals are able to make change to the network configuration and logging of any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network, you have things like segmentation, isolated segments and via VRFs or micro-segmentation via partners. This allows various level of security for each of those segments. So it's important that the network infrastructure has the ability to provide all these services. From a Dell networking security perspective, there are multiple layers of defense, both at the edge and in the network, in the hardware and in the software. And essentially, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality and accessibility of the network assets. So each network security layer, it implements policies and controls, as I said, including network segmentation, we do have capabilities, resources, centralized management, automation, and capability and scalability for that matter. Now you add all of these things with the open networking standards or software different principles, and you essentially reach to the point where you're looking at zero trust network access which is essentially sort of a building block for increased cloud adoption. If you look at the different pillars of a zero touch architecture, if you look at the device aspect, we do have support for secure boot, for example, we do have trusted platform, trusted platform models, TPMs on certain offer products. And the physical security, plain simple old WLAN port enable disable. From a user trust perspective, we know it's all done via access control base via role based access control and capability in order to provide remote authentication or things like sticky MAC or MAC learning limit and so on. If you look at a transport and a session trust layer, these are essentially, how do you access this switch. Is it by plain old Telnet, or is it like secure SSH. And when a host communicates to the switch, we do have things like self-signed or a certificate authority based certification. And one of the important aspect is, in terms of the routing protocol the routing protocol, for example, BGP, for example, we do have the capability to support MD5 authentication between the BGP peers so that there is no malicious attack to the network where the routing table is compromised. And the other aspect is about control plain ESL. It's typical that if you don't have a control plane Azure, it could be flooded and the switch could be compromised by denial of service attacks. From an application test perspective, as I mentioned, we do have the application specific security rules where you could actually define the specific security rules based on the specific applications that are running within the system. And I did talk about the digital signature and the cryptographic checks and that we do for authentication and, I mean rather for the authenticity and the validation of the image and the boundary and so on and so forth. Finally the data trust, we are looking at the network separation. The network separation could happen over VRF, plain old VLANs which can bring about multitenancy aspects. We talk about micro-segmentation as it applies to NSX, for example. The other aspect is we do have with our own smart fabric services, that's enabled in a fabric, we have a concept of cluster security. So all of this, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >> Yeah, so thank you for that. There's a lot to unpack there. One of the premise, the premise really this segment that we're setting up in this series, is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team and the premise that we're putting forth is that because security teams are so stretched thin, you got to shift a vendor community, Dell specifically is shifting a lot of those tasks to their own R&D and taking care of a lot of that. 'cause SecOps teams got a lot of other stuff to worry about. So my question relates to things like automation which can help and scalability. What about those topics as it relates to networking infrastructure? >> Our portfolio, it enables state of the automation software that enables simplifying of the design. So for example, we do have the fabric design center, a tool that automates the design of the entire fabric and from a deployment and the management of the network infrastructure, there are simplicities using like Ansible playbooks for SONiC, for example. Or for a better storage, we do have smart fabric services that can automate the entire fabric for a storage solution or for one of the workloads, for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, we have those capabilities using SONiC or smart traffic services. If you look at SONiC for example, it delivers automated intent based secure containerized network. And it has the ability to provide network visibility and awareness and of these things are actually valid for a modern networking infrastructure. So now if you look at SONiC, the usage of those tools that are available within the SONiC NAS is not restricted just to the data center infrastructure, it's a unified NAS that's well applicable beyond the data center, right up to the edge. Now, if you look at our NAS from a smart traffic OS10 perspective, as I mentioned, we do have smart traffic services, which essentially simplifies the deployment, day one day two deployment expansion plans and the life cycle management of our converged infrastructure and hyperconverged infrastructure solutions. And finally, in order to enable zero touch deployment, we do have a VEP solution with our SD-WAN capability. So these are in a ways by which we bring down the complexity by enhancing the automation capability using a singular NAS that can expand from a data center now, right to the edge. >> Great, thank you for that. Last question real quick. Pitch me, can you summarize from your point of view what's the strength of the Dell networking portfolio? >> So from a Dell networking portfolio we support the capabilities at multiple layers, as I mentioned. We've talking about the physical security, for example, let's say disabling of the unused interface, sticky MAC and trusted platform modules are the things that to go after. And when you're talking about secure boot, for example, it delivers the authenticity and the integrity of the OS10 images at the startup. And secure boot also protects the startup configuration so that the startup configuration file is not compromised. And secure boot also enables the bootloader protection, for example. That is at another aspect of software image, integrity validation, wherein the image is validated for the digital signature prior to any upgrade process. And if you are looking at secure access control we do have things like role-based access control, SSH to the switches, control plane, access control, that pre-onset attacks and access control through multifactor authentication. We do have Radius Tech ads for entry control to the network and things like CSE and PRV support from a federal perspective. We do have logging wherein any event, any auditing capabilities can be possible by looking at the syslog servers which are pretty much in our transmitter from the devices ORTS, for example. And last we talked about network separation. And this separation ensures that that is a contained segment for a specific purpose or for the specific zone. And this can be implemented by a micro-segmentation, just a plain old WLAN or using virtual route of framework VRF, for example. >> A lot there. I mean, I think frankly, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for coming on theCUBE and explaining that in quite some depth. Really appreciate it. >> Thank you, Dave. >> Oh, you're very welcome. Okay in a moment, I'll be back to dig into the hyperconverged infrastructure part of the portfolio, and look at how, when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you could be sure that your infrastructure is trusted and secure. You're watching a Blueprint for Trusted Infrastructure made possible by Dell technologies and collaboration with theCUBE, your leader in enterprise and emerging tech coverage. (soft upbeat music)

>> Hi, I'm Peter Burris and welcome to another CUBE conversation. Today we're going to talk about a really interesting topic. At least it's interesting to me. And that is, if we go back, and the old adage that when you automate bad process or bad business, you just get more bad business at scale. And, when we think about customer service over the last number of years or customer engagement over the last number of years, in many respects we've done a great job of automating really bad practices. And all that has led to is an increased frustration amongst consumers who are trying to utilize an engagement form if they want, more digital engagement, but end up being even more frustrated because it still takes the same amount of time and it still has the same failure rates. And to discuss that today, we've got Mahesh Ram, who's the founding partner of Solvvy, to talk a bit about some of these transformations that are taking place in terms of how digital engagement's going to change the way that businesses interact with consumers. Mahesh, welcome to theCUBE. >> Oh, it's great to be here. I'm a fan of theCube and honored to be here. So, Mahesh, let's start. Tell us a little bit about yourself and tell us a little bit about Solvvy. Sure, my background is in technology and I've built two successful start-ups in the past. The last one was a company that was acquired by Pearson in 2012, focused on automation for non-native English speakers. But my entire career has been spent really thinking about ways in which we can use technology to make people's lives better and improve existing workflows and processes. And so, it's why Solvvy attracted me, why it's so exciting, and I think that this is the most interesting thing I've ever done in my career, so I'm excited about that. >> Now Solvvy has a pretty decent reputation as being a thought we are in this domain of not just cutting the cost of engagement, but actually improving the quality of engagement. How does it do that? >> I think it's a great question. It starts with the mission of the company, I think. That's the easiest way to say it. Our mission is to enable every interaction between consumers and business to be effortless. Anywhere, any time, and any channel. So if you start with that mission, you really start to focus in on what's most important. What's most important is to deliver that amazing experience for that end user or that consumer, and at the same time, drive down the operational cost for the business, i.e. improve their efficiency. And so our vision for the company, is to take our intelligent AI and machine learning automation technology which is world-class and is better than anything else on the market and apply it to deliver on a vision which is we want these interactions between the consumer and the business to be successfully completed in five minutes or less. >> Five minutes? >> Yes, and today it's measure in hours, eight hours, 12 hours, 24 hours. That's the vision and we're well on the way to accomplishing that. >> Alright, so as a thought leader, give us an example of how business is doing that, and then we'll get into some of the technology questions. But, first off, what is the competitive advantage of being able to complete a client engagement under five minutes versus eight hours? >> Well, first of all, I think, again, if we put the end-user, the consumer, at the focal point, we're talking about a fundamental change in what they expect from business. They expect immediacy, they expect accuracy, they want you to respect their time. In fact, I think some of the latest analyst reports says that valuing consumer's time is the single biggest driver to brand loyalty. So if you've got that situation, you've got an obligation to the consumer to deliver what they want. Well, now put yourself in the shoes of the consumer, which we all are. I'm a consumer, I come to a business, I'm asking you a question about a product, a service, a defect, anything, an order that's missing. I expect to get an answer very quickly because my time is precious and I know that someone like me has asked that question in the past. Why has it not been possible in the past for me as a consumer to get that answer right away, leveraging the expertise that has already happened in an enterprise? And when I do that, when Solvvy is able to enable that for the business, there's multiple benefits. The consumer is happier, their CSAT goes up, their customer satisfaction goes way up. Their time is respected, they get their answer in a minute or less, as opposed to hours. The business is happy because there's no ticket created, there's no need for a human agent to go back and forth with you, ask you a bunch of things, and maybe come back to you six hours later and now you're upset. Maybe you switched brands in the meanwhile because you're so angry of having to wait. So, the benefit is, I sometimes say to our customers, "It's the magic X", the CSAT goes up, and the cost goes down and that's never been possible before Solvvy. >> How does it work? >> How it works is very simple. The first thing we do is we engage with the business. So, the business is our customer, right? They buy the product or they buy our SATS platform. It's a SATS platform built on AI and machine learning technology that was developed by my two co-founders during their PHD work at Carnegie Mellon. So, at it's core, is the ability to understand natural language expressions of issues, by the end user, by the consumer. So typically people give us their life story, but they're asking for a refund. The ability to parcel that in that conversation and say I think you want a refund, let me help you get that is a very powerful piece of IP. So we go to companies and we say, "Just tell us where all of your knowledge assets are." You don't have to touch it, don't create anything new, don't build a new silo because they already have the silo, and we simply go out and index it all, learn from it, and start building a knowledge graph for that business. It's specific to how that business handles resolutions, but it also learns how customers have asked questions in the past, and how agents have answered it. So again, your best expertise is captured and used in that knowledge graph. We then say, "In less than an hour, "in one line of java scripts, here's a model "you can put in front of your consumer." You can put it anywhere you want, and it says when you need help, click on it, pops up, on mobile you can speak the question, and tells the consumer, "Just tell me what your issue is." It understands the intension of that question or the issue, and then goes in the knowledge graph, and says, "Hmmm, can I find an answer "in this knowledge graph that can help you help yourself?" And if so, it matches it. And it's actually giving you a specific resolution. It's not making you wade through pages of material. It's saying, "Here's the three steps you need to do "to reset your account." Now that is instant and immediate for the consumer. They don't have to hunt, they don't have to search. And it says, "Have I helped you?" And we're putting the power in the hands in the consumer. We're saying, "We don't want it to be false fiction." We're saying, you the consumer can say, "Nope, this didin't help me," and now the company can then guide you to the right flow. They can get you on a chat, if you're a V.I.P. user, maybe they get you on a phone call, whatever it might be. But, by putting the consumer at the center, by delivering real value to them, we've accomplished both sides, right? CSATS higher, the cost goes down, because we are actually self-serving anywhere from 15 to 40% of the tickets or issues that used to cost the business money, being self-served now, and so that's a pretty miraculous transformation for the business and for the consumer. >> Well, in today's world, attention is everything. Every, as you said, every experience, every engagement has to be a source of value to the customer. And so, not only do you get a better customer, but you presumably also get a richer set of interactions because the customer now believes that the system actually is helpful, is useful. Does that data then go back into the system, so that it becomes even knowledgeable about the nature of the problems, the nature of the resolutions, anticipatory about how to improve things, and maybe product people can get visibility in this stuff? Is that kind of where all this goes? >> It's a very organic system and it learns constantly. It think that's the really powerful thing about it. So, it learns many things. So it learns when you ask me questions. It learns if I have not given you a good answer. It actually learns from the negative. I still passed you to the agent because then it follows it all the way through and says, "How did the agent answer?" And, it learns from that interaction. And so because we know we can't self-serve every question that a consumer has, but we're getting better, better, and better. In fact, our self-service rates have doubled just in the last 12 months, because of the machine learning and the ability to learn. And we actually learn across all the businesses we do business with. We learn things for example that consumer review show more than a paragraph of text, they don't engage in self-service. We show bullets, they are much more likely to interact. Those are implicit learnings that system uses to more accurately to give you responses. But there's another flip side to this which is when we see 100% of the conversations between the consumer and your business, we're now able to go to business and give them categorical views of what's actually going on once their product or service is shipped to the consumer, which they've never had before. We're now able to say to them, "We think that payment "page that people are using to renew might be broken "because there seems to be a lot "more issues associated with that." Now that's something that the engineer who built that page may not know, or if the person said, "That's broken," they'd say, "How do you know? "Show me the data." And now you can actually go with a data driven model and say, "We can tell you. "This is 14% of the issues this week, "and two weeks ago, it was two percent. "Can you tell me what's changed?" Or you can put a dollar value on it. "This product seems to be defective "and it's costing us money "because we keep having to do returns. "Here's the number of situations where that's happened "in the last week, it's costing us "two million dollars a year, fix it." That's the kind of incite that the vps of customer experience or customer support have had to spend hundreds of hours to try to massage and get, and it doesn't give them a seat at the table with the strategy with product and marketing. >> But every company has been talking about the need to build their community, where basically a community is defined by folks who have something in common and are taking common actions. But one of the challenges has been, is how do I provide value so that I get that type of interaction? Let me ask you a question. Are we ultimately suggesting, we all seem to be getting to a point where the quality of engagement is such, and while it keeps costs low, that it might actually catalyze even greater engagement with the customer base so that you learn not just initially, you not only learn something about a product, or for example, you might actually learn things about how to facilitate adoption, because customers are willing to engage more often and more deeply as a consequence of a good experience in using Solvvy related type technologies? >> It is the opportunity to use that customer engagement when they're contacting your business about an issue or problem, the opportunity is first I have to take care of your issue. You won't listen to me if I don't take care of your issue well, but if I do that, I have an enormous opportunity to educate you. How can you do better with the product or service I sold you" Perhaps you need something that's on top of that. Maybe you're a free user and by subscribing to the premium product, you'd get all the benefits that you're frustrated about. And maybe that's an time to give you an offer. So, I think that notion of personalized recommendation is something that is actually never been possible before with the old systems. The idea was that support was kind of a backwater in many ways, which it should never have been. And in fact, the leading brands like Zappos realized quickly that by winning on that basis, you could actually dominate the market. But, it was often the case that the people in support felt like goal keepers. Just keep the issues away, but in fact, now in an integrated world, it's very difficult with subscription based businesses for example, to know when you're buying and when you're asking for support. It's subscription service, I could cancel at any time. So now I'm engaging with your brand. I'm asking a question, "Hey how do I get "more of x,y,z shipped to my house?" It's an enormous opportunity to not only answer my question, but then suggest things, recommend things, play books, so if you think about that experience, how would I enhance the consumer experience, that interactive conversational flow is the perfectplace to do it. >> I would think it would also allow you to envision other types of engagement, because as long as the consumer finds it valuable, to have that conversation, then they'll be willing to enter into that conversation. Well, so let me step back, where does this all go? Because we've been talking about being able to do this for a number of years, and as I said in the preamble, in many respects, all we did was digitize bad process, but now we're talking about bringing technology to bear and dramatically improving the process. Five minute resolution, pretty good. As a consumer, I'd like that, so where does this go? What's the limit of utilizing these technologies to incorporate or enhance engagement? >> So, let me illustrate with an example that I think is very compelling of the power of how this is going to change our world. So, one of our customers is Eero, the smart wifi system. You're probably familiar with it. One of the most innovative products on the planet. Now, we've been working with Eero for well over a year, and they just published a case study of what we've accomplished with them. So, we have self-served 45% of the issues that would have come into them, that have conversations that come into them regarding issues, and that's a fantastic number. They had never seen anything close to it. And that's a great outcome for the business and the consumer. Under one minute is the average time for resolution for those 45%. Imagine again, how much time I've saved you, me, all of us as consumers of Eero. But the better story that I like is two weeks ago, we got a call from the CEO of one of the leading mid-western electronics distributors in the world, and he had said, "I'm going to have my support team, "customer experience team contact you guys, "because I was at home, I bought an Eero smart wifi system, "I went home and tried to install it, and I had trouble. "And I went on, and Solvvy gave me the exact steps "it took to solve the issue, "and I never had to contact them, "and I was able to get the wifi up and running in minutes, "and I was on my way. "And I'm delighted with my Eero system, "and it was because of this interface." And he said, "I think my company should be using it too." And, that was one of many, many catalytic events for us, that realized, wow, we're touching over 200 million consumers with our service. We're reaching all the way out, and we're extending these brand's promise into the consumers' homes, into their devices. _ Two hundred million? >> Two hundred million. >> So that's literally 10% of the population that's online. >> If you're talking about the world leading brands, so we're working with the leading brands that are reaching these people, so by extension Solvvy is as well. And so, you're talking about companies, leading gaming companies, on-demand companies, consumer electronics. These are all companies that self-service automation. And it's intelligent automation, right? It doesn't require a lot of work from the business. As I said, we implement in less than an hour. With one line of java script, we've developed very powerful, unsupervised machine learning models, that can just take all that transcript date from all the past conversations that consumers have had with your business, automatically learn the best stuff from it, and then be able to show the users the right issues. So the customer journey is where we're so focused, right? Because the customer journey is opportunity for the brand to really create a market-leading position and we're enhancing that conversation. >> Fantastic. >> Mahesh Ram, founding CEO of Solvvy, thank you very much for coming on theCube. It's been a great a great conversation about the evolution of customer service, and where it goes. >> It's my pleasure, an honor to be on theCUBE. >> So once again, this is Peter Burris, this has been a CUBE conversation, until next time.

>> Okay, welcome back everyone to our special Silicon angle presentation with Druva's Live Event here in Palo Alto. I'm John Furrier. Our next segment is about the 80-million dollars in funding topic and I'm here with Mahesh Patel, CFO of Druva and Jeff Parks, general co-founder and partner of Riverwood Capital, the investor who put it all together with Mahesh. Thank you for coming on, appreciate it. Let's talk about the 80 million dollars, a lot of cabbage, as we say. (chuckling) So talk about what's going on with the funding. >> Well we're a late-stage company. We have established product market fit, over 4,000 customers, 40 petabytes managed in the Cloud, but a real differentiated product, the way we attack the market and the data-protection landscape is evolving fast and we believe we have the right products out there to go capitalize on. >> Just to get the numbers down, what round is this and how much total raise have you guys done? >> We really call it late-stage round because just the nomenclature around (cross-talk) what round >> John: A-B-C -- >> Changes, what round -- >> John: So it's a growth round? >> It's a growth round for us, so it's what we believe, very late-stage round for us, we believe it's the right amount of capital to kind of carry us forward. It's really about the opportunities that are ahead of us. When we think about what we've executed on thus far, we've had an amazing journey but our best is ahead of us so we have the tipping point with Clouded Option, especially in infrastructure management and back-up and we play really well and our new product sets are showing very strong progress so, really, our best is ahead of us with this capital, we're going to be able to capitalize on some market. >> So were you guys looking for capital? Or did this just kind of come together opportunistically? How did, this validation market, with the new next generation Druva Cloud Platform, also you got to do some more development but were you guys seeking financing or how did this all come together? >> Well it really validates, again, it validates what we've been building and we really think of this as opportunistic for us because we see, we see this as a great market for us. We see, executed at, accelerating revenue, accelerated billing growth, with the Clouded Option, we're seeing it continue to evolve but we recognize at this point, at this journey, the additional capital allows us to get to the next stage, the next level and really, with a partner like Riverwood to join us, not only with the capital but with the domain experience they bring to the table, it was the right partnership to carry us forward. >> Jeff, what did you see in Druva? Obviously, you do a lot of investing. You've invested in companies that have been over a billion dollars in valuation. You've got a great pedigree of deals that you guys are involved in. What, about Druva, was attractive to you from a financial investment standpoint? >> Yeah, thanks for the compliment, by the way. I would probably remark on three things, John. The first thing we look for in companies like this is really a very large market opportunity and when you think about the secondary storage market, I think it's actually one of the larger markets that is yet to be really, truly disrupted by the Cloud and Druva, certainly at the forefront of that, and so with that leadership position and that sort of obvious megatrend, I think there's a great growth opportunity for the company. The second thing I'd say is part of our due diligence, we really check out an extensive customer call background check and what we found there is really to a T that every customer is not only happy with what Druva's providing but really, I think, have a significant expansion opportunity there, and that's a great validation. And, really, lastly is the management team. We certainly look to partner with these companies and really with the teams that we're backing and between Jaspreet and Mahesh and the team, I think we're really quite excited about partnering with the Druva team. >> Interesting you mention about grilling the customers for the references as your due diligence, which is what all investors do, you guys are hard-core, it sounds like you're disciplined to go see that all the way through. On the customer journey segment, we had the customers drilling Druva pretty hard, so -- (cross-talk) some, all this due diligence, it's a new space. >> Jeff: Sure! Of course. >> You're not new to this area. You're also on the board of Nutanix, they do primary storage, you mentioned secondary storage, was there help there having a visibility into what Nutanix was doing and then visibility into secondary storage, and the difference in-between them? >> Well, certain, we've been long-time investors in the infrastructure space, generally, and certainly our involvement in Nutanix has given us a great front row seat at some of the major enterprise infrastructure transitions and that certainly informs our view about the secondary storage market and the opportunity that Druva has. >> What's next for Druva? What are you guys going to do with the cash? Are you going to do an exit? Is that being discussed? I mean, take us through how you see Druva unfolding. >> Well, it's been a fantastic journey so far. I'd say we executed amazingly over the last few years and continue to execute with accelerating revenue growth, as well. We built out a global sales team servicing over 20 countries at this point. We are near cashflow-positive at this point and frankly, we have an amazing set of customers to capitalize on further. Really, what we've done with the new Druva Cloud Platform bring it to the table, this additional capital allows us to really take this forward and we really think we're in the early stages of a long game ahead of us so we're really excited about where this capital is going to take us. >> And you're watching the cash, making sure it's going to the right spot? You got your investor there, you got to keep him happy. >> Mahesh: Absolutely, absolutely. >> Congratulations, guys. It's been great exposure to the data transformation, as you put it, appreciate it. Great disruption in data protection, secondary storage, great market opportunity. The stakes are high and the best product, great management team and the ones who have the technology chops for centralizing the Cloud operation will make it happen. Thanks to you guys for participating in this special event. Thanks for watching, everyone.

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for, eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now, that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers, which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges, and I'm not saying that SecOps pros are now talented. They are. There just aren't enough of them to go around, and the adversary is also talented and very creative, and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically, we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante, and I'm your host now. Previously, we looked at what trusted infrastructure means >>And the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that devs SEC op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies, and after that we're gonna bring on Mahesh Naar oim, who was a consultant in the networking product management area at Dell. And finally, we're closed with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program.

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented. They are. There just aren't enough of them to go around and the adversary is also talented and very creative and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents? >>Right? What is that is exactly right, right? Breachers are bound to happen. And given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry. But we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized. So they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach. And that's where Dell pays a lot of attention into assuring the security approach approaching. And it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it. And bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner, which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives, which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server, walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that, you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube. Your leader in enterprise and emerging tech coverage.

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented, They are. There just aren't enough of them to go around and the adversary is also talented and very creative, and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years, we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents, >>Right? What is that is exactly right, right? Breachers are bound to happen and given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry, but we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized so they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach and that's where Dell pays a lot of attention into assuring the security approach approaching and it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it and bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube, your leader in enterprise and emerging tech coverage. We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome, good to see you. >>Hey, good morning Dell's, nice to meet, meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so few years ago IT security and an enterprise was primarily putting a wrapper around data center out because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the environment and data small enough control today with the distributed data, intelligent software, different systems, multi-cloud environment and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure In today's, you know, data driven world, it operates everywhere and data has created and accessed everywhere so far from, you know, the centralized monolithic data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a rapper around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic, they need to be integrated, scalable, one that span the entire enterprise and with a co and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing changing best destroy or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you think about securing network infrastructure, when you're looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say roles for that matter in a role based access control, whether you are a security admin or a network admin or a storage admin. >>And it's imperative that logging is enable because any of the change to the configuration is actually logged and monitored as that. Talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get UND desire results in terms of say validation of the images. It's, it needs to be done through say digital signature. So, so it's important that when you're talking about say, software integrity, a, you are ensuring that the platform is not compromised, you know, is not compromised and be that any upgrades, you know, that happens to the platform is happening through say validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i I think response, but please continue. >>Yeah, so you know, the third one is about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different, you know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And these are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It provides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging off any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like segmentation isolated segments and via VRF or, or some micro segmentation via partners, this allows various level of security for each of those segments. So it's important you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? >>You know, there are multiple layer of defense, you know, both at the edge and in the network in this hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. If you look at say that you know the different pillars of a zero trust architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trust platform in a trusted platform models tpms on certain offer products and you know, the physical security know plain, simple old one love port enable from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. >>If you look at say a transport and decision trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain hotel net or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or is certificate authority based certification. And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the b g peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here, you know, you know, it's, it's typical that if you don't have a control plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. >>From an application test perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. And I did talk about, say the digital signature and the cryptographic check that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about sales multi 10 aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift the vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz scop teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our >>Portfolio, it enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the fabric and you know, from a deployment and you know, the management of the network infrastructure that are simplicities, you know, using like Ansible s for Sonic for example are, you know, for a better sit and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and Avan has and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic no is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center, you know, right up to the edge. Now if you look at our north from a smart traffic OS 10 perspective, you know, as I mentioned, we do have smart traffic services which essentially, you know, simplifies the deployment day zero, I mean rather day one, day two deployment expansion plans and the lifecycle management of our conversion infrastructure and hyper and hyper conversion infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick, just pitch me, what can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned, we're talking about the physical security for examples, say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is data for the digital signature, you know, prior to any upgrade process. And if you are looking at secure access control, we do have things like role based access control, SSH to the switches, control plane access control that pre do tags and say access control from multifactor authentication. >>We do have various tech ads for entry control to the network and things like CSE and PRV support, you know, from a federal perspective we do have say logging wherein, you know, any event, any auditing capabilities can be possible by say looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say network segment, you know, say network separation and you know, these, you know, separation, you know, ensures that are, that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone and, you know, just can be implemented by a, a micro segmentation, you know, just a plain old wheel or using virtual route of framework VR for example. >>A lot there. I mean I think frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you could be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the cube, your leader in enterprise and emerging tech coverage, your own west product management security lead at for HCI at Dell Technologies hyper-converged infrastructure. Jerome, welcome. >>Thank you Dave. >>Hey Jerome, in this series of blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? >>So what's unique about hyper-converge infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system. So like a server or storage system or a virtualization piece of software, software. I mean HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft, and internal partners like the Dell Power Edge team, the Dell storage team, the Dell networking team, and on and on. These partnerships in these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short term solutions and we need long term solutions as well. >>So for the short term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio. We build our software on VMware, so we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily VX rail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle so that VMware would produce a patch and within 14 days we will integrate our own code with the VMware release we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VHA had over 40 releases of software updates last year for a longer term solution. We're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co engineer with effective collaborations with our, with our partners. >>Great, thank you for that. That description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, and to me my takeaway was you gotta have a short term instant patch solution and then you gotta do an integration in a very short time, you know, two weeks to then have that integration done. And then longer term you have to have a software bill of materials so that you can ensure the providence of all the components help us. Is that a right way to think about cybersecurity resilience? Do you have, you know, a additives to that definition? >>I do. I really think that's site cybersecurity and resilience for hci because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me, let me give you an example. So hci, it's a, basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtual virtualizing hardware functionality, like say a storage controller, you could implement it in hardware, but for hci, for example, in our VX rail portfolio, we, our Vxl product, we integrated it into a product called vsan, which is provided by our partner VMware. So that portfolio of strength is still, you know, through our, through our partnerships. >>So what we do, we integrate these, these security functionality and features in into our product. So our partnership grows to our ecosystem through products like VMware, products like nsx, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware and we also leverage VMware's software, part software partnerships on top of that. So for example, VX supports multifactor authentication through vSphere integration with something called Active Directory Federation services for adfs. So there's a lot of providers that support adfs including Microsoft Azure. So now we can support a wide array of identity providers such as Off Zero or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >>Great, I mean that's super helpful. You've mentioned nsx, Horizon, Carbon Black, all the, you know, the VMware component OTH zero, which the developers are gonna love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway cuz you've got this software defined environment and you're managing servers and networking and storage with this software led approach, how do you ensure that the entire system is secure end to end? >>That's a really great question. So the, the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, VxRail is the market's only co engineered solution with VMware, other vendors sell VMware as a hyper converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development life cycle, which other products might talk about in their discussions with you that we integrate into our engineering life cycle. So because we follow the same framework, all of the, all of the codes should interoperate from a security standpoint. And so when we do our final validation testing when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >>That's great. All right, let's, let's close pitch me, what would you say is the strong suit summarize the, the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio specifically from a security perspective? Jerome? >>So I talked about how hyper hyper-converged infrastructure simplifies security management because basically you're gonna take all of these features that are abstracted in in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be, say, you know, in for VX rail would be b be center, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the, the key to making it to hci. Now, what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co engineered, it's not bolted on. So I gave the example of spo, I gave the example of how we, we modify our software release process with VMware to make it very responsive. >>A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell that's not done through a partnership. So we digitally signed our software updates so the user can be sure that the, the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own a specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for, for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage it all comes in a package. So it, it can be all managed through vCenter, for example, or, and then the specific hyper, hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few pains of glass that the, the administrator or user ever has to worry about. It's all self contained and manageable. >>That makes a lot of sense. So you've got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, you know, they gotta deal with cloud security, they gotta deal with multiple clouds. Now they have their shared responsibility model going across multiple cl. They got all this other stuff that they have to worry, they gotta secure the containers and the run time and and, and, and, and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the, the securities is gonna get worse. So what my takeaway is, you're removing that infrastructure piece and saying, Okay guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners to and your own teams to really nail that. Is that a fair summary? >>I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define, to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because we are, our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I, I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and, and other highly regulated environments and we're very successful there. >>Excellent. Okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry and so would appreciate that. >>I would look forward to it. Thank you very much, Dave. >>You're really welcome. In a moment I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I wanna thank our guests for their contributions in helping us understand how investments by a company like Dell can both reduce the need for dev sec up teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality providence and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, on prem or at the edge, you are responsible for your own security. But vendor r and d and vendor process must play an important role in easing the burden faced by security devs and operation teams. And on behalf of the cube production content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember part one of this series as well as all the videos associated with this program and of course today's program are available on demand@thecube.net with additional coverage@siliconangle.com. And you can go to dell.com/security solutions dell.com/security solutions to learn more about Dell's approach to securing infrastructure. And there's tons of additional resources that can help you on your journey. This is Dave Valante for the Cube, your leader in enterprise and emerging tech coverage. We'll see you next time.