>> Announcer: Live from San Diego, California it's The Cube! Covering Cisco Live US 2019. Brought to you by Cisco and it's ecosystem partners. >> Welcome back to The Cube's coverage of Cisco Live Day 2 from sunny San Diego. I'm Lisa Martin joined by Dave Vallante. Dave and I have an alumni, a Cube alumni back with us, Jeff Moncrief, consulting systems engineer from Cisco. Jeff, welcome back! >> Thank you very much, it's great to be back! >> So, we're in the DevNet Zone, loads of buzz going on behind us. This community is nearly 600,000 strong. We want to talk with you about Stealthwatch. You did a very interesting talk yesterday. You said, it had a couple hundred folks in there. War stories from real networks. War stories ... strong descriptor. Talk to us about what that means, what some of those war stories are, and how Stealthwatch can help customers learn from that and eradicate those. >> So it's called Saved by Stealthwatch. It was a really good session. This is the third Cisco Live that I've presented this session at. And it's really just stories from actual customer networks where I've actually deployed Stealthwatch into. I've been selling Stealthwatch for about five years now. And I've compiled quite a list of stories, right? And it really ... if you think about advanced threats and insider threats and those kinds of exciting things, the presentation was really about getting back to fundamentals. Getting back to the fact that in all these years that I've been working with customers and using Stealthwatch, a lot of the scary things that I have found have nothing to do with that. With the advanced type threat stuff. It really has to do with the fact that they're forgetting the basics. Their firewalls are wide open, their networks are flat. Their segmentation boundaries aren't being adhered to. So it's allowed us to come in and expose a lot of scary things that were going on and they were just completely oblivious to it. >> Why are those gaps there? Is it because of a change management issue? Technology's moving so quickly? Lack of automation? >> Yeah, I think there's a couple reasons that I've seen. It's a recurring theme really. Limited resources ... number one. Number two, limited budgets, so your priorities have to shift. But I think a big one that I've seen a lot is turnover and attrition. A lot of times we'll go in with Stealthwatch and we'll kick off an evaluation or whatnot and the customer will say, I just don't know what's there. I don't know if I have 100 machines that need visibility or for a thousand. And I'm a Stealthwatch cloud consulting systems engineer so the cloud world is where I spend a lot of my time now and what I'm seeing as it relates to the cloud realm is that's exponentially worse now. Because now you've got things like devops and shadow IT that are all playing in the customer's public cloud environment deploying workloads, deploying instances and building things that the security team has no awareness of. So there's a lot of things that are living and breathing on the network that they just don't know about. >> And so the tribal knowledge leaves the building, how do you guys help solve that problem? >> So we come in ... and you know the last time that you and I spoke, you used the term cockroaches, I think, which I loved. I actually have used that a lot since then, so thank you for that. >> Dave: Yeah, you're welcome. >> No, but, you know ... we come in and we actually, we turn the customer's network infrastructure ... Whether it's on-prem or in the public cloud into a giant security sensor grid. And we leverage something called NetFlow, which you've probably heard of. And it's essentially allowing us to account for every conversation throughout the entire infrastructure, whether or not it's on-prem or in the public cloud or maybe even in a private cloud. We've got you covered in that area. And it allows us to expose every one of those living, breathing things. And then we can just query the system. So think of us like a giant network DVR on steroids. We see everything, you can't hide from us, because we're using the network to look at everything. And then we can just set little trip wires up. And that's kind of what I go into in my presentation also is how you can set these trip wires ahead of time to find things that are going on that you just didn't know about and frankly, they're probably going to scare ya. >> One of the stories that you shared in your talk yesterday. You talk about people really forgetting the basics. A university that had a vending machine breach. You just think, a vending machine in a cafeteria? >> Jeff: That's right. >> Really? Tell us about that. What kind of data was exposed from a vending machine? >> So that's one of my favorite stories to tell. We had gone in and we'd installed Stealthwatch at a small university in the US. And they had a very small team. Okay, you're going to see that recurring theme. Limited staff. And they really just had a firewall. Okay, that was what they were doing for security. So we came in, we enabled NetFlow, we kind of let Stealthwatch do it's thing for a couple of days, and I just queried the system. Okay, it's not rocket science, it's not AI a lot of times, it's really the fundamentals. And I just said, tell me anything talking on remote desktop protocols inside the network out to the internet. And lo and behold, there was one IP address that had communication from it to every bad country you can imagine ... actively. And I said to them ... I said, what is this IP address? What's it doing? And that was in the conference room in the university with their staff and the guy looked it up in the asset inventory system, and he looked at me and he goes, that's a vending machine. And I said, a vending machine? And he said, yeah. And then I was like, okay, well that's a first, I've never heard of that before. And he goes wait a minute, it's a dirty tray return machine. You ever heard of one of those? >> Lisa: No. >> I hadn't either. >> Lisa: Explain. >> So for loss prevention, I guess universities and other public institutions, they will buy these unique vending machines that are designed for loss prevention. So that the college students don't go around and you know, steal or throw away the trays from the cafeteria. You have to return the tray to get a coin. There's a common supermarket chain that does the same thing with their shopping carts. And it's for loss prevention. So I said, okay, that's pretty strange. Even stranger than just vending machine. And I said, well did you realize that it was talking to a remote desktop all over the world? And he said no. And I said so, can you tell me what it has access to? So he looked it up in the firewall manager right there and he said, it has access to the entire network. Flat network, no segmentation. No telling how long this had been going on, and we exposed it. >> And Stealthwatch exposes those gaps with just kind of old school knock on the door. >> Yeah, it really is. We're talking about fundamental network telemetry that we're gathering off the route switch infrastructure itself. You know, obviously, we're at Cisco Live, we work really well with Cisco gear. Cisco actually invented NetFlow about 20 years ago. And we leveraged that to give visibility footprint that allow us to expose things like the vending machine. I've found hospital x-ray machines that were scanning all the US military, for instance. I find things in the cloud that are just completely wide open from a security ACL standpoint. So we've got that fundamental level of visibility with Stealthwatch, and then we kick in some really cool machine learning and statistical analytics and machine running analytics and that allows us to look for anomalies that would be indicators of compromise. So we're taking that visibility footprint and we're taking it to that next level looking for threats that might be in the customer's environment. >> So before we get to the machine intelligence, I presume that cloud and containers only makes this problem worse. What are you seeing in the field? How are you dealing with that? >> So we're in a landscape today where we've got a lot of customers that might be cloud averse. But we've also got a lot of customers that are on the wide other side of that spectrum and they're very cloud progressive. And a lot of them are doing things like server-less micro services, containers and, when you think of containers you think of container orchestration ... kubernetes. So Stealthwatch Cloud is actually in that realm right now today, able to protect and illuminate those environments. That's really the Wild West right now, is trying to protect those very abstract server-less and containerized environments but yeah, we come in, we are able to deploy inside kubernetes clusters or AWS or azure or GCP, and tell the Stealthwatch story in those environments, find segmentation violations, find firewall holes just like we would on premise, and then look for anomalies that would be interesting. >> So the security paradigm for those three you mentioned, those three cloud vendors, and you're on-prem, and maybe even some of your partners, is a lot of variability there. How should customers deal with maintaining the edicts of the organization and sort of busting down those silos? >> Yeah, so you think about like Stealthwatch Cloud which is the product that I'm a CSE for, we're really focusing on automation, high efficacy and accuracy. All right, we're not going to be triggering hundreds or thousands of alerts whenever you plug us in. It's going to further bog down a limited team. They've got limited time and they have to change their priorities constantly. This solution is designed to work immediately out of the box quickly deploy within a matter of hours. It's all SAAS based so actually it lives in the cloud. And it really takes that burden off of the organization of having to go and set a bunch of policies and trip wires and alerts. It does it automatically. It's going to let you know when you need to take a look at it so that you can focus on your other priorities. >> So curious where your conversations are within an organization - whether it's a hospital, or a university when what you're finding is in this multi-cloud world that we live in where there's attrition and all of these other factors contributing to organizations that don't know what they have with multi-cloud edge comes this very amorphous perimeter, right? Where are those conversations because if data is the lifeblood of an organization, if it's not secure and protected, if it's exposed there's a waterfall of problems that could come with that. So is this being elevated into the C-Suite of an organization? How do you start those conversations? >> So it's not just the C-Suite and the executive type structure that we're having to talk to now, traditionally we would go in with the Stealthwatch opportunity and talk to the teams in the organization it's going to be the InfoSec team, right? As we move to the cloud though, we're talking about a whole bunch of different teams. You've got the InfoSec team, you've got the network operations team now, they're deploying those workloads. The big one though that we've really got to think about and what we've really got to educate our customers on is the Dev Ops teams. Because the Dev Ops teams, they're really the ones that are deploying those cloud workloads now. You've got to think about ... they've got API access, they've got direct console login access. So you've got multiple different entry points now into all these different heterogeneous environments. And a lot of times, we'll go in and we'll turn on Stealthwatch and we show the organization, yeah, you knew that Dev Ops was in the VPC's deploying things, but you didn't know the extent that they were deploying them. >> Lights up like a Christmas tree? >> Yeah, lights up like a Christmas tree and like a conversation I had last week with a customer. I asked them, I said, all right so you're in AWS, are we talking do you have 50 instances or do you have 500? He said, I have no idea. Because I'm not the one deploying these instances. I'm just lucky enough to get permission to have access to them to let you plug your stuff in to show me what's going on in that environment. But yet they're in charge of securing that data. So it's quite frightening. >> So you've got discovery, you've got ways to expose the gaps, and then you're obviously advising on remediation activity. And you're also bringing in machine intelligence. So what's the endgame there? Is it automation? Is it systems of agency where the machine is actually taking action? Can you explain that? So when the statistical analysis comes in and the anomaly detection comes in, it's really that network DVR, so we've got the data, now let's do some really cool things with it. And that's where we're in actually, for every single one of these entities, and I do stress entities because the days of operating systems and IP addresses are going away. Face it, it's happening. Things are becoming more and more abstract. You know, API keys, user accounts, lambda's and runtime compute, we have to think about those. So what we do for all these different entities is we build a model for each one of these, and that model, that's where all the math and the AI comes in. We're going to learn Known Good for it. Who do they talk to? How much data's sent or received? And then we start looking for activity in that infrastructure as it relates to that entity that's outside of that Known Good model. So that would be the anomaly detection and you know, our anomaly detection, it really can be attributed to two different major categories. Number one is going to be, we're looking for things that cross the cyber kill chain. So those different IOC's as a threat actually manifests. That's what the anomaly detection's doing. And then we're also looking for just straight compliance and configuration violations in the customer's cloud infrastructure, for instance, that would just be a flat out security risk today, day one, forget base lining anomaly detection, it should just not be configured that way. >> Let's see, roughly 25% of Cisco's revenue is in services, what role does the customer service team play in all this? How do you interact ... how do the product guys and the service guys work together? >> So we've got a great customer experience team, customer services team for Stealthwatch and it doesn't matter if we're talking Stealthwatch on-premise or the Stealthwatch cloud, they cover both. And what will happen is we'll come in from a pre-sales standpoint, we do the evaluation, show good value, and then we've got a good relationship with the CX team where we'll hand that off to them, and then we'll work with the CX team to make sure that customer is good to go, they're taken care of, and it's not we've sold this and we're just going to forget you type scenario. They do a good job of coming in, they make sure that the customer's needs are met, any feature requests that they like taken care of. You know, they have routine touchpoints with the customers and they make sure that the product, for all intents and purposes, doesn't lose interest or visibility in the customer's environment. That they're using it, they're getting good value out of it, and we're going to build a relationship. I call it cradle to grave. We're going to be with that customer cradle to grave. >> Now Jeff, one of the things I didn't talk to you about at Google Next was ... first I got to ask you, you're a security guy, right? Have you always been a security guy? >> Yeah, security for about 20 years now, dating back to internet security systems. >> The question I often ask security guys is who's your favorite superhero? >> My favorite superhero ... I'd say Batman. >> Dave: Batman? >> Yeah. >> I like Batman. (chuckles) The reason I ask is that somebody told me one time that true security guys, they love superheroes because they grew up kind of wanting to save the world and protect the innocent. So ... just had to ask. >> Yeah there you go .. Batman. >> I'm sensing a tattoo coming. Last question for you Jeff is in terms of time to business impact, the vending machine story is just so polarizing because it's such a shocking massive exposure point, did they ever discover how long it had been open and in terms of being able to remedy that, how quickly can Stealthwatch come in, identify these- >> So very quick operation wise. So like the vending machine story, that's something that if you turn on Flow, and you send it to Stealthwatch right now, we can pick that up in 10 minutes. That quick to visibility and value. Now how long has it been going on? A lot of times they can't answer that question because they've never had anything to illuminate that to begin with. But moving forward, now they've got a forensic incident response audit trail capability with Stealthwatch which is actually a pretty common use case. Especially if you think about things like PCI that have got auto requirements and whatnot. A lot of organizations if they're not using a Flow based security analytics tool, they can't always meet those audit and forensic requirements. So at least from the point of installing Stealthwatch they'll be good to go from that point forward. >> So if they can find an anomaly that needs to be rectified in 10 minutes, what's the next step for them to actually completely close that gap? >> So like with Cisco Identity Services engine, we've got a great integration there where we can actually take action, shut off that machine instantly. We can shut off a switch port. We can isolate that machine to an isolated sandboxed VLAN, get it off the network, and then in the cloud, we can do things like automated remediation. We can use things like Amazon and Lambda to actually shut off an instance that might be compromised. We can actually use Lambda's to insert firewall rules. So if we find a hole, we can plug it. Very easily, automated- >> Ship a function to it and plug a hole. >> Batman slash detective. I think you need a tattoo and a badge. >> I can work on that, I like it. >> Jeff thank you so much for joining Dave and me on The Cube this afternoon. >> My pleasure. >> Really interesting stuff, we appreciate your time. >> Absolutely. >> For Dave Vallante, I'm Lisa Martin. You're watching The Cube's second day of coverage of Cisco Live from San Diego. Thanks for watching. (upbeat music)

>> Narrator: Live from San Diego, California it's theCUBE covering Cisco Live, US, 2019. Brought to you by Cisco and its eco system partners. >> Welcome back to San Diego everybody. This is theCUBE the leader in live tech coverage, My name is Dave Vellante, Stu Miniman is here, Lisa Martin as well but we've got a very special guest now Ken O'Reilly my good friend is here. He's the director of customer experience for Cisco Stealthwatch. Kenny great to see you thanks for coming on. >> Well, thanks for having me, Dave. Good seeing you as well. >> Yes so customer experience, people think about customer experience and security it's not always great right? It's a challenging environment they're constantly sort of chasing their tails it's like the arms race with the bad guy so what is customer experience all about in the context of security? >> So our number one goal for our security customers is to accelerate their value realization so our challenge is to make sure that they get the value out of the product that they're buying because every minute of every day the bad guys are trying to get their assets and their IP and when they buy a technology the quicker you can get it up and running and protect the better it is for our customer. >> So how do you measure like value? It's like reducing the amount of data that you're exposed to losing? Is it increasing the cost of the bad guys getting in? 'cause if I'm a bad guy and it costs me more to get in I would maybe go somewhere else, how do you measure that? >> Right so, you're right, so our whole product strategy is to increase the cost for the bad guy to get the IP or the assets and so for us we have to understand what the value proposition is for our product so that the customers can realize that value, so whether it's tryna help them with the use cases or operationalize the product or in our case what we try to do we have both network users and security users we try to get both groups to adopt the technology and then expand it from there, operation centers to the guys that are doing the thread hunting to the investigations et cetera. So that's how we sort of gauge the value is the number of people that are using the technology and the number of use cases that are actually implemented. >> So we've been talking about security all week Stealthwatch obviously you know one of the flagship products Cisco security business grew 21% last quarter so that's kind of an interesting stat services is 25% of the companies revenue so you're the intersection of two pretty important places for Cisco so specifically when you come into a customer engagement who are you engaging with is it a multidisciplinary are you primarily dealing with the SecOps group or do you touch other parts of the organization? >> Yeah, so typically when a company's looking, it's usually they're looking for network visibility so we're dealing with the network architecture teams and they typically bring in the security architects 'cause today they're working hand in hand, and then from there that's where we say preach the gospel of Stealthwatch we always say you can never have enough Stealthwatch okay? Because you can never have enough visibility 'cause once you turn the lights on and they can see what's going on in their network it's very illuminating for them and then they realize the challenges that they have and what they have to do to protect their assets. >> Yeah I joked at Google Cloud Next it's like the cockroaches all scrambling you know for the corners when you turn the lights on and Stealthwatch at its core is you don't need a lot of fancy AI even though you can apply fancy AI but you start with the basics right? What do ya got, where are the gaps okay, so now once it's exposed what do you do with that information is the customer experience group come in and help implement it faster? That's part of the value so time to value to that? >> So time to value with our experts of course we understand the space we understand our product we understand the challenge and of course our network and security customers are overwhelmed you know the stat that they throw out there is that our large customers have anywhere from 50-100 security products so how do you stand out? So as a vendor our number one goal is to build that relationship with the customer to become the trusted security advisor so we know better than anybody how to get that value how to get it quickly and you know the number one problem that they have Dave is how to operationalize all these tools 'cause Stealthwatch sits in the middle we're a big integration platform we take data, telemetry, NetFlow from a lot of different products and we bring that data together to figure out, to help that customer figure out how to make sense of it update their policies create better policies and really tighten up their security posture. >> Okay so they might like to reduce the number of tools but they really can't right? 'cause their using 'em and so what you do is you bring in a layer to help manage that. >> Absolutely. >> But you're also solving a problem just in terms of exposing gaps and then do you also have tooling to fill those gaps? Or is that partners tools is that Stealthwatch? >> So we have our own what we call integration platform where we have a platform that helps integrate other, not only other Cisco security technologies into our platform but other security technologies as well outside of Cisco so you know it's a platform that we've built it's part of our customer experience sort of tool set but it's a tool set unlike anybody else ever has so that along with what we do with the DevNet group we've built our own set of API's to integrate in with the product API's so we can pump data out to data lakes we can pump data out to SIMS like Splunk and some of the others so you know that's where we are we're a solutions group that's what we do we work on the solutions, long term value you know we work on the lifecycle sort of value chain with customers. We're there with 'em the whole time you know our goal; retention, we want them to renew which means they're investing in us again and of course as Cloud, as their infrastructure is moving the the Cloud and our technologies are moving to the Cloud we have to be there to help them get through all those technology challenges. >> So the pricing model is a subscription model is that right? >> Yeah. >> Or can be or? >> Yes, well we call it term all right? But it's essentially subscription we have switched over the last 18 months from a perm to a term based model. >> Which I mean Chuck Robbins in the conference calls in the earnings calls talks about the importance of you know increasingly having a rateable model and recognizing subscription, so when you say a term so I got to what, sign up for a year, two years, three years or something like that? >> We like three yep. >> So who doesn't right? Okay so you sign up for three years but the price book says monthly I'm sure right so you (laughs) make it look smaller, but it makes sense though because you're not going to start stop, start stop with your security, you really want to get success out of it so you got to have some kind of commitment, let's talk a little bit more about the analytics side of it and how you're applying machine intelligence I mean there's always been some form of analytics largely for reporting and things of that nature but now it's getting more automated so take us on that analytics journey Stealthwatch has been around for what five years? >> 15 yeah over 15 years. >> 15? >> Ken: Yes, yes, yes. >> Oh wow maybe I just found out about it five years ago. >> (laughs) right yeah, not but I mean-- >> Dave: Take us back five years. >> Five years? So the big thing for us in the data that we collect is context. Right so you've talked to TK about the more context you can add to that data the better you are at analyzing that data so for us that's one of the things that we do we add a lot of context to that data through ICE so identity information, what kind of assets they are and that's where we get to through our tools add more context so that our analytical engines so like the cognitive thread analytics, the encrypted thread analytics that we have, that they're able to analyze that data a lot better and that's what we've been doing now for the past three plus years since we were acquired by Cisco is to find a way to add more context to the data so that helps our analytics become much more effective. >> And you can interact with through API's say for instance Splunk you mentioned that so you got that data that you can operate on do you see a point where the machines are actually going to plug the holes? I mean are we on the cusp of that? In other words you see a gap >> Right. >> Dave: Today a human has to take action correct? >> Yes, right, right, right. >> Do you see a point maybe it's two, three, five 10 years but are we going to get to that point? >> I think so down the line I mean because we've seen as we've been able to get better visibility and better context about that data we can make better decisions through the machine all right? So it doesn't take an army of people to read the matrix right, we're getting better at you know synthesizing that matrix down you take our network segmentation capabilities that we've built as part of the Stealthwatch customer experience team we can get to well over 90% identification of the assets on the network which is a lot better than anybody else in the industry all right? So we're getting there and through sort of the final stages of reading that metrics, reading the matrix we're getting to the point where we understand a lot more what's on peoples networks what those assets are. >> So as a security practitioner how do you think we're doing as an industry? I mean I used to go back every year and say okay how much was spent on security? are we more secure, less secure? And it felt like you know as data grew it felt like we were getting more and more and more exposed you've seen the stats where when a company gets infiltrated it takes on average you know 250 days for them to realize they've been infiltrated is that changing, are we getting better as an industry? >> I think in Cisco we are because of the products that we have in that integrated architecture so when we first joined three years ago that was the drum beat and now today we integrate with ICE we're going to integrate with next generation firewall through the integration of the sort of analytics that we've got in the Cloud that's happening right? And we're trying to integrate with other products but you know you go down on the floor and you see the number of point products that is a nightmare for our customers so for us through the customer experience in our organization we're there to take that complexity out and bring all of those technologies together and when you get to that point then you're really making progress with a customer, a customer that's got 50-100 products in the mix that's a recipe for disaster and if it's still like that five years from now customers are still going to be challenged. >> So a big part of your customer experience mission is simplification, speed time, time to value. >> Yes. >> Raise the cost to the bad guys and then do it all over again. >> Yeah, yeah it's just rinse and repeat and that's a life cycle journey and that's what we take our customers through right. >> Now I noticed you have on your phone you got the Bruins logo. >> That's right, right here proud. >> So big game tomorrow any predictions? >> 4-3 in overtime Bruins. >> Oh my God I don't think my heart could take that. >> Could you not take that Dave? It's going to be an overtime game. >> Well it's you know it's rare to have a game seven in any, at the very final one, a lot of game sevens but not to win it all I think the last time at Boston was 1984. >> Ken: Is that right? >> Yeah it's been a long time, so you know I'm excited. >> I know you are (laughs) that's right. >> Warriors fans too we got that thing going out I mean I don't know for all you hoop fans out there so, >> Hopefully there's a game seven for that as well. >> Yeah let's go right, why not? >> Why not, game seven all round. >> All right so Chara is going to play with his broken jaw or whatever's going on. >> Matt Grzelcyk I hope is back. >> Dave: Yeah that would be key. >> That would be key yeah so, >> Dave: sure up the defense >> That's right. (crosstalk) >> Ken: He's a plus minus leader Chara. >> Oh yeah. >> That's right all time. >> Even though we give him a lot of grief. (laughter) he may look slow but he's all time plus minus leader. >> All right Kenny hey thanks so much-- >> All right Dave thanks for having me on all right go Bruins. >> All right keep it right there everybody go Bruins we will be right back Dave Vellante, Stu Miniman and Lisa Martin we're live from Cisco Live in San Diego you're watching theCUBE. (electronic jingle)

>> Live from Orlando, Florida, it's The Cube, covering Cisco Live 2018 brought to you by Cisco, NetApp and The Cube's ecosystem partners. >> Hey, welcome back everyone, we're here live at Cisco 2018, Cisco Live 2018. It's The Cube live coverage here in Orlando, Florida. I'm John Furrier with Stu Miniman my co-host for the next three days of live coverage. Our next guest is Brooks Borcherding, president and CEO of LiveAction and Darren Kimura, chief strategist and vice chair from LiveAction, fresh off the heels of a great acquisition. Next generation monitoring, networking. Welcome to The Cube. >> Thank you. >> Thanks for joining us. It's good to see you again. >> Thank you, we're so glad to be here. >> So, love the action going on, literally, LiveAction with MNA activity. You guys got some good news happening around the company but also Cisco's event here really is perfectly poised for what you guys are doing. The CEO on stage literally saying to his army of customers, "This old way is now old. This is the new modern era." And really talking about what is multicloud, basically. So his entire army of customers are moving to next generation. So it intersects with what you guys are doing, so take a minute to talk about LiveAction and the news. >> Okay, so I think first of all, LiveAction, you know, we've always been known to be a leader in network management. We've worked very, very closely with Cisco for a dozen years and what we help companies do is take the complexity out of the management of their large networks. So that's been the core, fundamental, you know, value proposition that we've always delivered is how we simplified the network in these increasingly complex environments, right? So what's interesting now with this period of time is networks continue to become more and more complex. You have things like digital transformation, you have things like cloud and multicloud and hybrid cloud. You have things like software-defined networks. Each of them in their own right just makes the wide area that much more complex. >> And more endpoints every day. I think he threw a stat out, another couple hundred million endpoints are coming now. >> Right. >> So it's not ending. >> That's true and in that market transition it gives us a great opportunity because our core value proposition has always been simplifying the networks. Now that's even more essential than ever before. >> One of the critical problems that come out of that, obviously, is the tsunami of endpoints is one, we heard the security threats with encryption is another one. So, the need to instrument seems obvious but also it's almost overbearing, like, what do you do? How do you guys see the core problems that you're attacking? >> Why don't you take that? >> Well I think the big, what we're trying to do at Live Action is simplify the network. That's really at the core of everything we trying to do. And when we talk to our customers we understand from them that most times they might have four or ten different tools. So the first thing we're trying to do is figure out what are the biggest use cases and combine them all into one singular tool. And that's what we're producing at LiveAction, is the ability for you to see your entire network from end to end. East-west and north-south. So, as we take a look at things like the cloud environment, you know, what exactly is that, right? You know, is it north-south, is it east-west? It's all of the above. And what we're trying to do at LiveAction is have a Full Stack application that can basically provide visibility and analytics so you can understand all of it in one place. >> So any vector, no matter what it is. I mean, surely that makes sense with the perimeter gone. >> Yes. >> Security certainly has to have that baseline. >> Right. >> We'll give you a good example of that, is now with the whole software-defined network in what we're doing with SD Access, for example, but now we're going back into the data center and there's these complex terms around the overlay network and underlay network and logical and physical and it's becoming incredibly complex. We give the ability to actually see the flows, like, through those complex fabrics and that's an essential toolkit now because you need to be able to find out when there's an issue, where's that coming from, right? That is the, what is the source of that issue? How quickly can you identify that and how quickly can you then remediate it? >> Before you get there I want to follow up on that because one of the focus was here in DevOps side, is automation. If you can't see it, how do you know to automate it? >> Right. >> Does that come into the dialogue or is that? >> That is the dialogue for us here, so, we provide situational awareness. We hope for our end users to understand what's happening across their networks realtime. And then, you know, we work with Cisco, for example, hand in hand on the intent based network. So, being able to provide insights for, you know, the next generation of the products to be able to actually take action. >> Yeah, one of the things we've been watching in the networking space for many years is the use of analytics. And you recently made an acquisition that really ties into that space. Why don't you give us, what led to the acquisition? >> We did, so we had news on Friday and to be fair, I mean, Darren's been leading this charge for us for quite some time because we've been a NetFlow based solution for a long period of time, meaning that we can provide visualization for the devices that we have integrations with, essentially. There's a lot of devices that don't have NetFlow. So we couldn't actually capture them into our visualization engine. So what we did on Friday is we announced the acquisition of Savius, and Savvius is a packet capture and inspection technology company. Been around a long time, some very famous products with Omnipeek and Omnipliance, for example, that are consumed by thousands of customers. And now we're able to, with that appliance, actually tap into all sorts of devices, and suddenly propagate all of that into our visualization engine. So it opens up a dramatically larger and restful opportunity for us and we're kind of defining this to be the next generation of networks and ports management because no one else is doing this visualization across that scope of devices like we are. >> Your observation space is massive now. >> It is. >> Yeah, Darren, I wonder if you'd follow up that 'cause one of the big questions I had coming in to this is, if I'm a networking person, what about all that networking that I don't control anymore that I'm on the hook for it. So, you know, we actually, the network here went down even for a few minutes and we're like, we're here at Cisco Live with, you know, probably the largest single concentration of network people and wireless experts and the like, so, yeah. >> Yeah, so one of the things that we're trying to do now is we're trying to capture all data from basically all endpoints. Whether it be a client to a server, a VM container, doesn't matter what it is. We wanna see it all, we wanna get it from the granular, most granular packet level all the way up, but take all of that data and make it simple for people to understand. You put it on a simple UI, understand a very simple workflow so that they can automatically associate problem or good network behaviors right there on screen without having to, you know, go through the 5,000 page Cisco manual and really understand what exactly is going on. >> Okay. >> I think what's important about that is how quickly can you identify the source of the issue? That's really where we come into play. We talk a lot, even these days, about MTTR, meantime to resolution, that continues to be an essential, kind of, metric that people measure. But what's more important to that even is the initial diagnostic. So, is it the network? Is it, you know, something at the edge of the network? Is it the service provider? You know, where in the network does this happen? And by being able to provide that essential information to the first point of contact it really does help extradite and accelerate the entire process. >> Huge acceleration. Darren, I wanna ask you a point about, sorry Stu, to interrupt but on the acquisition, help the customers that you had on one side understand the benefits of the NetFlow integrations and the NetFlow customers understand the new benefits. What is the customer's orientation? What should they do, I mean, how should they understand the new Live Action? >> Yeah, so what we've added on is the ability to diagnose at a significantly deeper level. So, one of the things LiveAction has always been really good at is voice and video, but we do it at a NetFlow level. So, the problem is, when we try to get down to the very granular level, you know, what exactly is going on? Where is it happening? We were blind to that, frankly. Now, with the packet capture technology we can actually go all the way down and capture down to the millisecond and be able to look back over time and understand exactly where the problem occurred. And that allows our users to actually go in and fix it once and for all. >> And what are they solving with that problem? More point problems, solution resolution? Routing, policy, where does the value live? >> It's all of it, it's all of it. Understand where the packets are dropped. Understand we get down to deep packet inspection, so understanding applications and users and who really is having the problem and why. >> Fake news, maybe? Gonna help us identify fake news out there? >> (laughs) Um, I hadn't thought about that yet. >> And the Russian packet. (laughs) (laughing) >> We've been talking in the network the surface area has continued to grow as we push out to the edge, we push out to SAS, push out to public clouds. How's that impacting you and your customers? >> It's, so, we're definitely trying to stay ahead of that with a few things that we've done recently. So, one of them is, for example, we now have an agent that we can deploy onto servers and workstations in mass quantities so you can now get those, kind of, those elements to be fed into your visualization network as well. We also have the ability to deploy that type of concept into the cloud and into SAS applications so we can then get a pulse coming from them. And so we're starting to correlate all of that together into the same type of workflow. >> Yep. >> Guys, take a minute to talk about your relationship with Cisco. Obviously we're here at Cisco Live, their show, they've got their priorities pretty laid out, they've got a lot of work to do and we heard the CEO talk about some of the pressure they're under with the security alone. I mean, they're running huge networks, networks are changing, what are you guys doing next now that you've got your acquisition papered up and you gotta do some, you know, quick integrations and roll out the integrations. How are you taking that to the next level with Cisco? What are some of the things on your radar, on your horizon, that you can share? >> Well, I think we work so closely with Cisco and the Cisco Enterprise networking team that we're often, you know, looking ahead of the curb as far as where we want to develop and invest in next. For example, you see that with the way we're prototyping the SD Access and Cat9k management. So, we did that in Barcelona, actually, about six months ago. So we were the first out with that. We're doing the exact same thing now with DNA Center and with integration with DNA Center. So, they're able to, like, talk about how LiveAction as a third party is integrating into their framework and extending that framework out for a lot of new innovation. >> Your strategy is to go deep with Cisco. You go down as deep as you can, get everyone geared out on the engineering side. You're nodding your head, yeah. >> Absolutely, that's been our strategy since day one. It's been an awesome partnership for us. I think we've been able to bring, you know, a different point of view and also provide validation, you know, a third party perspective for the end user to understand and have confidence on what exactly the network is doing. >> You know, I get this all the time, entrepreneurs in Silicone Valley always ask me about Cisco and Cisco's had a sustained track record of letting partners take big white spaces. To them it's a white space, to a company it's a, you know, it's an IPO potential, so this is a Cisco thing, talk about that dynamic, 'cause you guys seem to be really solving a big problem and they're happy with it. >> Oh, I think what we've, to your point about white space, I think what LiveAction has been able to really effectively do is be a strong partner to complement the solution that Cisco is already putting out there. So as Brooks had mentioned, you know, in our past we worked very closely with the Cisco Prime team and we brought in things like visualization, for example, quality of service configuration, and as the infrastructure began to, I guess, change over time, you know, through ILAN and now into Viptela, you know, we bring the same kind of ideas. We bring the same posture to the party, if you will, meaning that we try to make it, we try to understand what Cisco Product Management is doing and bring what we do best, the situation awareness, visibility, action ability to that. >> Alright, one of my final questions is, bumper sticker the bottom line for your customers. With the acquisition on Friday, with what you guys going on at Cisco, what's the bottom line for your customers? What are they gonna see? What's the immediate headline for the customer? >> So we've, you know, we've adopted this tagline of defining the next generation of network management, and we think we have a very unique position in defining where that market is going now with the acquisition of Savvius and what we're doing with the ability to visualize all of these different elements. There really isn't anybody out there that's doing anything close to that as far as how we're making it easy to manage increasingly complex networks. It's as simple as that, you know, we've had great conversations here already with many of some of the largest companies in the world and what they're looking for is, I need help, you know, I need help to simplify, right? >> And run at a high level. >> That's right, to kind of deliver the service levels that I'm expected to hold to my, you know, to my Fortune 500 type of enterprise, I need better tools to help me cope with this increasing complexity. >> Alright, Brooks and Darren, I'll put you on the spot with the last question. We're at day one of Cisco Live, what's they big story you see emerging? I know it's day one, we've got two more days, but you can almost see the smoke screen going, the signal's there, what is the top story coming out of Cisco Live 2018, in your opinion? >> I still see software-defined WAN as being massive. I think that, I think I stole his answer. (laughs) But, you know, it's been a topic for such a long time but now we're seeing the implementations happen and it's so exciting because, you know, it's actually bringing real change to networking, something we haven't seen in 10 plus years. >> What's different about SD WAN than the promises were, say, five years ago? That's happening now? >> Well I think now people are actually monetizing them. So now it's enterprise ready, I think Cisco led the whole industry a step forward with the acquisition of Viptela and increased, kind of, the pace of that, of the maturity of those offerings. And now that it's six months in they're being adopted at scale, you have a lot of reference cases now that people are using it, they're getting, deriving the monetary benefit from it, you know, they're taking a step into software-defined and we're kind of in that mainstream adoption phase, is what I would say right now. >> Thanks so much for sharing, great commentary. Congratulations on the success, the new acquisition and the continued integration deep with Cisco. >> Thank you. >> You know, good stuff pays off. Of course, we're here with all the live action coverage. Both LiveAction company and also the live Cube action here at Cisco Live 2018 here. Stay with us, three days of wall-to-wall coverage. I'm John Furrier with Stu Miniman. We'll be right back after this short break. >> Thank you, gentlemen.

(lively techno music) >> Hello, everyone, I'm John Furrier with theCUBE. We are here in Palo Alto to showcase a brand new relationship and technology partnership and technology showcase. We're here with Niel Viljoen, who's the CEO of Netronome. Did I get that right? (Niel mumbles) Almost think that I will let you say it, and Nick McKeown, who's Chief Scientist and Chairman and the co-founder Barefoot Networks. Guys, welcome to the conversation. Obviously, a lot going on in the industry. We're seeing massive change in the industry. Certainly, digital transmissions, the buzzword the analysts all use, but, really, what that means is the entire end-to-end digital space, with networks all the way to the applications are completely transforming. Network transformation is not just moving packets around, it's wireless, it's content, it's everything in between that makes it all work. So let's talk about that, and let's talk about your companies. Niel, talk about your company, what you guys do, Netronome and Nick, same for you, for Barefoot. Start with you guys. >> So as Netronome, our core focus lies around SmartNICs. What we mean by that, these are elements that go into the network servers, which in this sort of cloud and NFV world, gets used for a lot of network services, and that's our area of focus. >> Barefoot is trying to make switches that were previously fixed function, turning them into something that those who own and operate networks can program them for themselves to customize them or add new features or protocols that they need to support. >> And Barefoot, you're walking in the park, you don't want to step in any glass, and get a cut, and I like that, love the name of the company, but brings out the real issue of getting this I/O world if there were NICs, it throws back the old school mindset of just network cards and servers, but if you take that out on the Internet now, that is the I/O channel engine, real time, it's certainly a big part of the edge device, whether that's a human or device, IoT to mobile, and then moving it across the network, and by the way, there's multiple networks, so is this kind of where you guys are showcasing your capabilities? >> So, fundamentally, you need both sides of the line, if I could put it that way, so we, on the server side, and specifically, also giving visibility between virtual machines to virtual machines, also called VNFs to VNFs in a service chaining mechanism, which has what a lot of the NFV customers are deploying today. >> Really, as the entire infrastructure upon which these services are delivered, as that moves into software, and more of it is created by those who own and operate these services for themselves, they either create it, commission it, buy it, download it, and then modify it to best meet their needs. That's true whether it's in the network interface portion, whether it's in the switch, and they've seen it happen in the control plane, and now it's moving down so that they can define all the way down to how packets are processed in the NIC and in the switches, and when they do that, they can then add in their ability to see what's going on in ways that they've never been able to do before, so we really think of ourselves as providing that programmability and that flexibility down, all the way to the way that the packets are processed. >> And what's the impact, Nick, talk about the impact then take us through like an example. You guys are showcasing your capabilities to the world, and so what's the impact and give us an example of what the benefit would be. I mean, what goes on like this instrumentation, certainly, everyone wants to instrument everything. >> Niel: Yes. >> Nick: Yeah. >> But what's the practical benefit. I mean who wins from this and what's the real impact? >> Well, you know, in days gone by, if you're a service provider providing services to your customers, then you would typically do this out of vertically integrated pieces of equipment that you get from equipment vendors. It's closed, it's proprietary, they have their own sort of NetFlow, sFlow, whatever the mechanism that they have for measuring what's going on, and you had to learn to live with the constraints of what they had. As this all gets kind of disaggregated and broken apart, and that the owner of the infrastructure gets to define the behavior in software, they can now chain together the modules and the pieces that they need in order to deliver the service. That's great, but now they've lost that proprietary measurement, so now they need to introduce the measurement that they can get greater visibility. This actually has created a tremendous opportunity and this is what we're demonstrating, is if you can come up with a uniform way of doing this, so that you can see, for example, the path that every packet takes, the delay that it encounters along the way, the rules that it encounters that determines the path that it gets, if it encounters congestion, who else contributed to that congestion, so we know who to go blame, then by giving them that flexibility, they can go and debug systems much more quickly, and change them and modify them. >> It's interesting, it's almost like the aspirin, right? You need, the headache now is, I have good proprietary technology for point measurement and solutions, but yet I need to manage multiple components. >> I think there's an add-on to what Nick said, which is the whole key point here which is the programmability, because there's data, and then there's information. Gathering lots and lots of telemetry data is easy. (John chuckles) The problem is you need to have it at all points, which is Nick's key point, but the programmability allows the DevOps person, in other words, the operational people within the cloud or carrier infrastructure, to actually write code that identifies and isolates the data, the information rather than the data that they need. >> So is this customer-based for you guys, the carriers, the service providers, who's your target audience? >> Yep, I think it's service providers who are applying the NFV technologies, in other words, the cloud-like technologies. I always say the real big story here is the cloud technologies rather than just the cloud. >> Yeah, yeah. >> And how that's-- >> And same for you guys, you guys have this, this joint, same target customer. >> Yeah, I don't think there's any disagreement. >> Okay. (laughs) Well, I want to get drilling to the whole aspirin analogy 'cause it's of the things that you brought up with the programmability because NFV has been that, you know, saving grace, it's been the Holy Grail for how many years now, and you're starting to see the tides shifting now towards where NFV is not a silver bullet, so to speak, but it is actually accelerating some of the change, and I always like to ask people, "Hey, are you an aspirin or you a vitamin?" One guest told me, "I'm a steroid. "We make things grow faster." I'm like, "Okay," but in a way, the aspirin solves a problem, like immediate headaches, so it sounds like a lot of the things that you mentioned. That's an immediate benefit right there on the instrumentation, in an open way, multi-component, multi-vendor kind of, benefits of proprietary but open, but the point about programmability gives a lot of headroom around kind of that vitamin, that steroid piece where it's going to allow for automation, which brings an interesting thing, that's customizable automation, meaning, you can apply software policy to it. Is that kind of like, can you tease that out, is that an area that you guys talking about? >> I think the first thing that we should mention is probably the new language called P4. I think Nick will be too modest to state that but I think Nick has been a key player in, along with his team and many other people, in the definition and the creation of this language, which allows the programmability of all these elements. >> Yeah, just drill down, I mean, toot your own horn here, let's get into it because what is it and what's the benefit and what is the real value, what's the upshot of P4? >> Yeah, the way that hardware that processes packets, whether it's in network interface cards, or in switching, the way that that's been defined in the past, has been by chip designers. At the time that they defined the behavior, they're writing Verilog or VHDL, and as we know, people that design chips, don't operate big networks, so they really know what capabilities to put in-- >> They're good at logic in a vacuum but not necessarily in the real world, right? Is that what you (laughs). >> So what we-- >> Not to insult chip designers, they're great, right? >> So what we've all wanted to do for some time is to come up with a uniform language, a domain-specific language that allows you to define how packets will be processed in interfaces, in switches, in hypervisor switches inside the virtual machine environments, in a uniform way so that someone who's proficient in that language can then describe a behavior that can then operate in different paths of the chained services, so that they can get the same behavior, a uniform behavior, so that they can see the network-wide, the service-wide behavior in a uniform way. The P4 language is merely a way to describe that behavior, and then both Netronome and Barefoot, we each have our own compilers for compiling that down to the specific processing element that operates in the interfaces and in the switches. >> So you're bridging the chip layer with some sort of abstraction layer to give people the ability to do policy programming, so all the heavy lifting stuff in the old network days was configuration management, I mean all the, I mean that was like hard stuff and then, now you got dynamic networks. It even gets harder. Is this kind of where the problem goes away? And this is where automation. >> Exactly, and the key point is the programmability versus configurability. >> John: Yeah. >> In a configurable environment, you're always trying to pre-guess what your customer's going to try to look at. >> (chuckles) Guessing's not good in the networking area. That's not good for five nines. >> In the new world that we're in now, the customer actually wants to define exactly what the information is they want to extract-- >> John: I wanted to get-- >> Which is your whole question around the rules and-- >> So let me see if I can connect the dots here, just kind of connect this for, and so, in the showcase, you guys are going to show this programmability, this kind of efficiency at the layer of bringing instrumentation then using that information, and/or data depending on how it's sliced and diced via the policy and programmability, but this becomes cloud-like, right? So when you start moving, thinking about cloud where service providers are under a lot of pressure to go cloud because Over-The-Top right now is booming, you're seeing a huge content and application market that's super ripe for kind of the, these kinds of services. They need that ability to have the infrastructure be like software, so infrastructure is code, is the DevOps term that we talk about in our DevOps world, but that has been more data-centered kind of language, with developers. Is it going the same trajectory in the service provider world because you have networks, I mean they're bigger, higher scale. What are some of those DevOps dynamics in your world? Can you talk about that and share some color on that? >> I mean, the way in which large service providers are starting to deliver those services is out of something that looks very much like the cloud platform. In fact, it could in fact be exactly the same technology. The same servers, the same switches, same operating systems, a lot of the same techniques. The problem they're trying to solve is slightly different. They're chaining together the means to process a sequence of operations. A little bit like, though the cloud operators are moving towards microservices that get chained together, so there are a lot of similarities here and the problems they face are very similar, but think about the hell that this potentially creates for them. It means that we're giving them so much rope to hang themselves because everything is now got to be put together in a way that's coming from different sources, written and authored by different people with different intent, or from different places across the Internet, and so, being able to see and observe exactly how this is working is even more critical than-- >> So I love that rope to hang yourself analogy because a lot of people will end up breaking stuff as Mark Zuckerberg's famous quote is, "Move fast, break stuff," and then by the way, when they 100 million users and moved, slogan went for, "Move fast, be reliable," so he got on the five nines bandwagon pretty quick, but it's more than just the instrumentation. The key that you're talking about here is that they have to run those networks in really high reliability environments. >> Nick: Correct. >> And so that begs the challenge of, okay, it's not just easy as throwing a docker container at something. I mean that's what people are doing now, like hey, I'm going to just use microservices, that's the answer. They still got stuff under the hood, but underneath microservices. You have orchestration challenges and this kind of looks and feels like the old configuration management problems but moved up the stack, so is that a concern in your market as well? >> So I think that's a very, very good point that you make because the carriers, as you say, tend to be more dependent, almost, on absolute reliability, and very importantly, performance, but in other words, they need to know that this is going to be 100 gigs because that's what they've signed up the SLA with their customer for. (John chuckles) It's not going to be almost 100 gigs 'cause then they're going to end up paying a lot of penalties. >> Yeah, they can't afford breakage. They're OpsDev, not DevOps. Which comes first in their world? >> Yes, so the critical point here is just that this is where the demo that we're doing which shows the ability to capture all this information at line rate, at very high speeds in the switches. (mumbles) >> So let's about this demo you're doing, this showcase that you guys are providing and demonstrating to the marketplace, what's the pitch, I mean what is it, what's the essence of the insight of this demo, what's it proving? >> So I think that the, it's good to think about a scenario in which you would need this, and then this leads into what the demo would be. Very common in an environment like the VNF kind of environment, where something goes wrong, they're trying to figure out very quickly, who's to blame, which part of the infrastructure was the problem? Could it be congestion, could it be a misconfiguration? (John laughs) >> Niel: Who's flow-- >> Everyone pointing finger at the other guy. >> Nick: The typical way-- >> Two days later, what happened, really? >> Typical way that they do this, is they'll bring the people that are responsible for the compute, the networking, and the storage quickly into one room, and say, "Go figure it out." The people that are doing the compute, they'll be modifying and changing and customizing, running experiments, isolating the problem. So are the people that are doing storage. They can program their environment. In the past, the networking people had ping and traceroute. That's the same tools that they had 20 years ago. (John chuckles) What we're doing is changing that by introducing the means where they can program and configure, run different experiments, run different probes, so that they can look and see the things that they need to see, and in the demo in particular, you'll be able to see the packets coming in through a switch, through a NIC, through a couple of VMs, back out through a switch, and then you can look at that packet afterwards, and you can ask questions of the packet itself, something you've never been able to-- >> It's the ultimate debugger. Basically, it's the ultimate debugger. >> Nick: That's right. Go to the packet, say-- >> Niel: Programmable debugger. >> "Which path did you take? "How long did you wait at each NIC, "at each VM, at each switch port as you went through? "What are the rules that you followed "that led you to be here, and if you encountered "some congestion, whose fault was it? "Who did you share that queue with?" so we can go back and apportion the blame-- >> So you get a multiple dimension of path information coming in, not just the standard stovepiped tools-- >> Nick: That's right. >> And then, everyone compares logs and then there's all these holes in it, people don't know what the hell happened. >> And through the programmability, you can isolate the piece of the information-- >> So the experimentation agile is where I think, is that what you're getting at? You can say, you can really get down and dirty into a duplication environment and also run these really fast experiments versus kind of in theory or in-- >> Exactly, which is what, as Nick said, is exactly what people on the server side and on the storage side have been able to do in the past. >> Okay so for people watching that are kind of getting into this and people who aren't, just give me in order maybe through of the impact and the consequences of not taking this approach, vis-a-vis the available, today's available techniques. >> If you wanted to try and figure out who it was that you were sharing a queue with inside an interface or inside a switch, you have no way to do that today, right? No means to do that, and so if you wanted to be able to say it's that aggressive flow over there, that malfunction in service over there, you've got no means to do it. As a consequence, the networking people always get the blame because they can't show that it wasn't them. But if you can say, I can see, in this queue, there were four flows going through or 4,000 flows, and one of them was really badly behaved, and it was that one over there and I can tell you exactly why its packets were ending up here, then you can immediately go in and shut that one down. They have no way that they go and randomly shut-- >> Can I get this for my family, I need this for my household. I mean, I'm going to use this for my kids. I mean I know exactly the bad behavior, I need to prove it. No, but this is what the point is, is this is fast. I mean you're talking speed, too, as another aspect-- >> Niel: It's all about the-- >> What's the speed lag on approach versus taking the old, current approach versus this joint approach you guys are taking? What's the, give me an estimate on just ballpark numbers-- >> Well there's two aspects to the speed. One is the speed at which it's operating, so this is going to be in the demo, it's running at 40 gigabits per seconds, but this can easily run, for example, in the Barefoot switch, it'll run at 6 terabits per second. The interesting thing here is that in this entire environment, this measurement capability does not generate a single extra packet. All of it is self-contained in the packets that are already flowing. >> So there's no latency issues on running this in production. >> If you wanted then change the behavior, you needed to go and modify what was happening in the NIC, modify what was happening in the switch, you can do that in minutes. So that you can say-- >> Now the time it takes for a user now to do this, let's go to that time series. What does that look like? So current method is get everyone in a room, do these things, are we talking, you know. >> I think that today, it's just simply not possible. >> Not possible. >> So it's, yes, new capability. >> I think is the key issue. >> So this is a new capability. >> This is a new capability and exactly as Nick said, it's getting the network to the same level of ability that you always had inside the-- >> So I got to ask you guys, as founders of your companies because this is one of those things that's a great success story, entrepreneurs, you got, it's not just a better mousetrap, it's revolutionary in the sense that no one's ever had the capability before, so when you go to events like Mobile World Congress, you're out in the field, are you shaking people like, "You need me! "I need to cut the line and tell you what's going on." I mean, you must have a sense of urgency that, is it resonating with the folks you're talking to? I mean, what are some of the conversations you're having with folks? They must be pretty excited. Can you share any anecdotal stories? >> Well, yup, I mean we're finding, across the industry, not only in the service providers, the data center companies, Wall Street, the OEM box vendors, everybody is saying, "I need," and have been saying for a long time, "I need the ability to probe into the behavior "of individual packets, and I need whoever is owning "and operating the network to be able to customize "and change that." They've never been able to do that. The name of the technique that we use is called In-band Network Telemetry or INT, and everybody is asking for it now. Actually, whether it's with the two of us, or whether they're asking for it more generally, this is, this is-- >> Game changer. >> You'll see this everywhere. >> John: It's a game changer, right? >> That's right. >> Great, all right, awesome. Well, final question is, is that, what's the business benefits for them because I can imagine you get this nailed down with the proper, the ability to test new apps because obviously, we're in a Wild West environment, tsunami of apps coming, there's always going to be some tripwires in new apps, certainly with microservices and APIs. >> I think the general issues that we're addressing here is absolutely crucial to the successful rollout of NFV infrastructures. In other words, the ability to rapidly change, monitor, and adapt is critical. It goes wider than just this particular demo, but I think-- >> It's all apps on the service provider. >> The ability to handle all the VNFs-- >> Well, in the old days, it was simply network spikes, tons of traffic, I mean, now you have, apps could throw off anomalies anywhere, right? You'd have no idea what the downstream triggers could be. >> And that's the whole notion of the programmable network, which is critical. >> Well guys, any information where people can get some more information on this awesome opportunity? You guys' sites, want to share quick web addresses and places people get whitepapers or information? >> For the general P4 movement, there's P4.org. P, the number four, .org. Nice and easy. They'll find lots of information about the programmability that's possible by programming the, the forwarding being what both of us are doing. In-band Network Telemetry, you'll find descriptions there, P4 programs, and whitepapers describing that, and of course, on the two company websites, Netronome and Barefoot. >> Right. Nick and Niel, thanks for spending some time sharing the insights and congratulations. We'll keep an eye for it, and we'll be talking to you soon. >> Thank you. >> Thank you very much. >> This is theCUBE here in Palo Alto. I'm John Furrier, thanks for watching. (lively techno music)

>> Announcer: From New York, it's the Cube. Covering Big Data New York City 2016. Brought to you by Headline Sponsors, Cisco, IBM, NVIDIA, and our ecosystem sponsors. Now, here are your hosts, Dave Vellante and George Gilbert. >> Welcome back to New York City everybody, this is the Cube, the worldwide leader in live tech coverage, and we've been going wall to wall since Monday here at Strata plus Hadoop World, Big Data NYC is our show within the show. Omer Trajman is here, he's the CEO of Rocana, Cube alum, good to see you again. >> Yeah you too, it's good to be here again. >> What's the deal with the shirt, it says, 'your boss is useless', what are you talking about? >> So, if I wasn't on mic'd up, I'd get up and show you, ~but you can see in the faint print that it's not talking about how your boss is useless, right, it's talking about how you make better use of data and what your boss' expectations are. The point we're trying to get across is that context matters. If you're looking at a small fraction of the information then you're not going to get the full picture, you're not going understand what's actually going on. You have to look at everything, you have no choice today. >> So Rocana has some ambitious plans to enter this market, generally referred to as IT operations, if I can call it that, why does the world need another play on IT operations? >> In IT operations? If you look at the current state of IT operations in general, and specifically people think of this largely versus monitoring, is I've got a bunch of systems, I can't keep track of everything, so I'm going to pick and choose what I pay attention to. I'm going to look at data selectively, I'm only going to keep it for as long as I can afford to keep it, and I'm not going to pay attention to the stuff that's outside that hasn't caused problems, yet. The problem is, the yet, right? You all have seen the Delta outages, the Southwest issues, the Neiman Marcus website, right? There's plenty of examples of where someone just wasn't looking at information, no one was paying attention to it or collecting it and they got blindsided. And in today's pace of business where everything is digital, everyone's interacting with the machines directly, everything's got to be up all the time. Or at least you have to know that something's gone askew and fix it quickly. And so our take is, what we call total operational visibility. You got to pay attention to everything all the time and that's easier said than done. >> Well, because that requires you got to pay attention to all the data, although this reminds me of IP meta in 2010, said, "Sampling is dead", alright? Do you agree he's right? >> Trajman: I agree. And so it's much more than that, of course right, sampling is dead, you want to look at all the details all the time, you want to look at it from all sources. You want to keep enough histories so if you're the CIO of a retailer, if your CEO says, "Are we ready for Cyber Monday, can you take a look at last year's lead up and this years", and the CEO's going to look back at them and say, "I have seven days of data (chuckles), "what are you talking about, last year". You have to keep it for as long as you need to, to address business issues. But collecting the data, that's step one, right? I think that's where people struggle today, but they don't realize that you can't just collect it all and give someone a search box, or say, "go build your charts". Companies don't have data scientists to throw at these problems. You actually have to have the analytics built in. Things that are purpose built for data center and IT operations, the machine learning models, the built in cubes, the built in views, visualizations that just work out of the box, and show you billions of events a day, the way you need to look at that information. That's prebuilt, that comes out of the box, that's also a key differentiator. >> Would it be fair to say that Hadoop has historically has been this repository for all sorts of data, and but it was a tool set, and that Splunk was the anti-Hadoop, sort of out of the box. It was an application that had some... It collected certain types of data and it had views out of the box for that data. Sounds like you're trying to take the best of each world where you have the full extensibility and visibility that you can collect with all your data in Hadoop but you've pre built all the analytic infrastructure that you need to see your operations in context. >> I think when you look at Hadoop and Splunk and your concert of Rocana's the best of both worlds, is very apt. It's a prepackaged application, it just installs. You don't have to go in under the covers and stitch everything together. It has the power of scalability that Hadoop has, it has the openness, right, 'cause you can still get at the data and do what you need with it, but you get an application that's creating value, day one. >> Okay, so maybe take us... Peel back the onion one layer, if you can go back to last year's Cyber Monday and you've got out of the box functionality, tell us how you make sense out of the data for each organization, so that the context is meaningful for them. >> Yeah, absolutely. What's interesting is that it's not a one time task, right? Every time you're trying to solve a slightly different problem, or move the business in different direction, you want to look at data differently. So we think of this more as a toolkit that helps you navigate where to find the root cause or isolate where a particular problem is, or where you need to invest, or grow the business. In the Cyber Monday example, right what you want to look at is, let me take a zoom out view, I just want to see trends over time, the months leading up or the weeks leading up to Cyber Monday. Let's look at it this year. Let's look at it last year. Let's stack on the graph everything from the edge caching, to the application, to my proxy servers to my host servers through to my network, gimmie the broad view of everything, and just show me the trend lines and show me how those trend lines are deviating. Where is there unexpected patterns and behavior, and then I'm going to zoom in on those. And what's causing those, is there a new disconfiguration, did someone deploy a new network infrastructure, what has caused some change? Or is it just... It's all good, people are making more money, more people are coming to the website it's actually a capacity issue, we just need to add more servers. So you get the step back, show me everything without a query, and then drag and drop, zoom in to isolate where are there particular issues that I need to pay attention to. >> Vellante: And this is infrastructure? >> Trajman: It's infrastructure all the way through application... >> Correct? It is? So you can do application performance management, as well? >> We don't natively do the instrumentation there's a whole domain which is, bytecode instrumentation, we partner with companies that provide APM functionality, take that feed and incorporate it. Similar to a partner with companies that do wire level deep packet inspection. >> Vellante: I was going to say... >> Yeah, take that feed and incorporate it. Some stuff we do out of the box. NetFlow, things like IPFIX, STATSD, Syslog, log4j, right? There's kind of a lot of stuff that everyone needs standard interfaces that we do out of the box. And there's also pre-configured, content oriented parsers and visualizations for an OpenStack or for Cloud Foundry or for a Blue Coat System. There's certain things that we see everywhere that we can just handle out of the box, and then there's things that are very specific to each customer. >> A lot of talk about machine learning, deep learning, AI, at this event, how do you leverage that? >> How do we fit in? It's interesting 'cause we talk about the power delivers in the product but part of it is that it's transparent. Our users, who are actually on the console day to day or trying to use Rocana to solve problems, they're not data scientists. They don't understand the difference between analytic queries and full text search. They understand understand machine learning models. >> They're IT people, is that correct? >> They're IT folks, whose job it is to keep the lights on, right? And so, they expect the software to just do all of that. We employ the data scientists, we deliver the machine learning models. The software dynamically builds models continuously for everything it's looking at and then shows it in a manner that someone can just look at it and make sense of it. >> So it might be fair to say, maybe replay this, and if it's coming out right, most people, and even the focus of IBM's big roll out this week is, people have got their data links populated and they're just now beginning to experiment with the advanced analytics. You've got an application where it's already got the advanced analytics baked into such an extent that the operator doesn't really care or need to know about it. >> So here's the caveat, people have their data links populated with the data they know they need to look at. And that's largely line of business driven, which is a great area to apply big data machine learning, analytics, that's where the data scientists are employed. That's why what IBM is saying makes sense. When you get to the underlying infrastructure that runs it day to day, the data lakes are not populated. >> Interviewer: Oh, okay. >> They're data puddles. They do not have the content of information, the wealth of information, and so, instead of saying, "hey, let's populate them, "and then let's try to think about "how to analyze them, and then let's try to think about "how get insights from them, and then let's try to think "about, and then and then", how about we just have a product that does it all for you? That just shows you what to do. >> I don't want to pollute my data lake with that information, do I? >> What you want is, you want to take the business feeds that have been analyzed and you want to overlay them, so you want to send those over to probably a much larger lake, which is all the machine data underneath it. Because what you end up with especially as people move towards more elastic environments, or the hybrid cloud environments, in those environments, if a disk fails or machine fails it may not matter. Unless you can see the topline revenue have an impact, maybe it's fine to just leave the dead machine there and isolate it. How IT operates in those environments requires knowledge of the business in order to become more efficient. >> You want to link the infrastructure to the value. >> Trajman: Exactly. >> You're taking feeds essentially, from the business data and that's informing prioritization. >> That's exactly right. So take as an example, Point of Sale systems. All the Point of Sale systems today, they're just PCs, they're computers, right? I have to monitor them and the infrastructure to make sure it's up and running. As a side effect, I also know the transactions. As an IT person, I not only know that a system is up, I know that it's generating the same amount of revenue, or a different amount of revenue than it did last week, or that another system is doing. So I can both isolate a problem as an IT person, right, as an operator, but I can also go to the business and say, "Hey nothing's wrong with the system, we're not making as much money as we were, why is that", and let's have a conversation about that. So it brings IT into a conversation with the business that they've never been able to have before, using the data they've always had. They've always had access to. >> Omer, We were talking a little before about how many more companies are starting to move big parts of their workloads into public cloud. But the notion of hybrid cloud, having a hybrid cloud strategy is still a bit of a squishy term. >> Trajman: Yeah. (laughs) >> Help us fill in, for perhaps, those customers who are trying to figure out how to do it, where you add value and make that possible. >> Well, what's happening is the world's actually getting more complex with cloud, it's another place that I can use to cost effectively balance my workloads. We do see more people moving towards public cloud or setting up private cloud. We don't see anyone whole scale, saying "I'm shutting down everything", and "I'm going to send everything to Amazon" or "I'm going to send everything to Microsoft". Even in the public cloud, it's a multi cloud strategy. And so what you've done is, you've expanded the number of data centers. Maybe I add, a half dozen data centers, now I've got a half dozen more in each of these cloud providers. It actually exacerbates the need for being able to do multi-tier monitoring. Let me monitor at full fidelity, full scale, everything that's happening in each piece of my infrastructure, aggregate the key parts of that, forward them onto something central so I can see everything that's going on in one place, but also be able to dive into the details. And that hybrid model keeps you from clogging up the pipes, it keeps you from information overload, but now you need it more than ever. >> To what extent does that actually allow you, not just to monitor, but to re-mediate? >> The sooner you notice that there's an issue, the sooner you can address that issue. The sooner you see how that issue impacts other systems, the more likely you are to identify the common root cause. An example is a customer that we worked with prior to Rocana, had spent an entire weekend isolating an issue, it was a ticket that had gotten escalated, they found the root cause, it was a core system, and they looked at it and said, "Well if that core system was actually "the root cause, these other four systems "should have also had issues". They went back into the ticketing system, sure enough, there were tickets that just didn't get escalated. Had they seen all of those issues at the same time, had they been able to quickly spin the cube view of everything, they would have found it significantly faster. They would have drawn that commonality and seen the relationships much more quickly. It requires having all the data in the same place. >> Part of the actionable information is to help triage the tickets in a sense, of that's the connection to remediation. >> Trajman: Context is everything. >> Okay. >> So how's it going? Rocana's kind of a heavy lift. (Trajman laughs) You're going after some pretty entrenched businesses that have been used to doing things a certain way. How's business? How you guys doing? >> Business is, it's amazing, I mean, the need is so severe. We had a prospective customer we were talking to, who's just starting to think about this digital transformation initiative and what they needed from an operational visibility perspective. We connected them with an existing customer that had rolled out a system and, the new prospect looked at the existing customer, called us up and said, "That," (laughs) "that's what we want, right there". Everyone's got centralized log analytics, total operational visibility, people are recognizing these are necessary to support where the business has to go and businesses are now realizing they have to digitize everything. They have to have the same kind of experience that Amazon and Google and Facebook and everyone else has. Consumers have come to expect it. This is what is required from IT in order to support it, and so we're actually getting... You say it's a heavy lift, we're getting pulled by the market. I don't think we've had a conversation where someone hasn't said, "I need that", that's what we're going through today that is my number one pang. >> That's good. Heavy lifts are good if you've got the stomach for it. >> Trajman: That's what I do. >> If you got a tailwind, that's fantastic. It sounds like things are going well. Omer, congratulations on the success we really appreciate you sharing it with our Cube audience. >> Thank you very much, thanks for having me. >> You're welcome. Keep it right there everybody. We'll be back with our next guest, this is the Cube, we're live, day four from NYC. Be right back.