>> Announcer: Live from Atlanta, Georgia, it's theCUBE, covering AnsibleFest 2019, brought to you by Red Hat. >> Okay, welcome back, everyone, it's CUBE's live coverage here in Atlanta, Georgia, for AnsibleFest 2019, and I'm John Furrier, with Stu Miniman, my co-host. Our next guest is Massimo Ferrari, product manager with Ansible Security. Welcome to theCUBE, thanks for coming on. >> Thanks very much. Thank you for having me. >> So, security, obviously, big part of the conversation in automation. >> Obviously. >> Making things more efficient, making security, driving a lot of automation, obviously, job performance, among other things. Red Hat's done a lot of automation in other areas outside of just configuration, network automation, now security looking kind of like the same thing, but security's certainly different and more critical. >> Massimo: It is, it's more time-sensitive-- >> Talk us through the security automation angle, what's going on? >> Well, basically, there are several things going on, right? I believe the main thing is that IT organizations are changing, well, honestly, IT organizations have been changing for the last, probably five years, 10 years, and as a consequence, the infrastructures to be protected are changing as well. And there are a couple of challenges that are kind of common to other areas. As you said, automation is all over the place, so clearly, there are some challenges that are common to IT operations, or network operations, something that is peculiar for the security space. What we are seeing, basically, is that if you think about, there's a major problem of scale, right? If you think about the adoption of technologies like containers, or private and public cloud, if you are a large organization, you are introducing those technologies side by side with, for example, your legacy applications on bare metal or your fantastic digital machines, but what they do actually is introducing a problem of size, a problem of scale, and a problem of complexity connected to that, and a problem of distribution which is just unmanageable without automation. And the other problem is just complexity, that I mentioned before, is, I wasn't specifically referring to the complexity of the infrastructure per se. If we think about adopting best practices or practices like microservices or adopting functions of service, we can easily imagine how an old-school three-tiers application can be re-engineered to become something like with made of 10 hundred components, and those are microcomponents, very focused on single things, but from a security perspective, those are ingress points. And what automation did, what automation proved to be able to do, is to manage complexity for other areas. So you can be successful in IT operations, in network, and clearly, it can be successful in security, but what is unique to security is that professionals are facing a problem of speed, which means different things, but to give you an example, what we are seeing is that more and more cyberattacks are using automation and artificial intelligence, and the result of that is that the velocity and impact of those attacks is so big that you can't cope with human operators, so we are in a classic situation of fighting fire with fire. >> So, this is a great example. We had the service guys on earlier talking about the Automation Platform, and one comment was, "You don't want to boil the ocean over. "Focus on some things you can break down "and show some wins." Security professionals have that same problem, they want to throw automation and AI at the problem, "It's going to solve everything." >> Of course. >> And so, it's certainly very valuable, managing configurations, open ports, S3 buckets, there's a variety of things that are entry points for hackers and adversaries to come in, take down networks. What's the best practice? How would you see customers applying automation? What's the playbook, if you will? What's the formula for a customer to look at security and say, "Okay, how do I direct Ansible "at my security problems, or opportunities, "to manage that?" >> Well, when you discuss security automation with customers, it really depends on the kind of audience that you have. As you know, security organizations tend to be fairly structured, right? And depending on the person you are talking to, they may have a slightly different meaning for security automation. It's a broader practice in general. What we are trying to do with Ansible Security Automation is we are targeting a very specific problem. There is a well-known issue in the security world, which is the lack of integration. What we know is that if you are any large organization, you buy tens, hundred sometime, of security solutions, and those are great, they protect whatever they have to protect, but there is little to no integration between them, and the result of that is that security teams have an incredible amount of manual work to do just to correlate data coming from different dashboards, or to perform an investigation across different perimeters, or at some point, they have to remediate something that is going on and they have to apply this remediation across groups of devices that are sparse. And what we are trying to do with Ansible Security Automation is to propose Ansible as an integrational layer, as a glue, between all those different technologies. On one hand it's a matter of become more efficient, streamline the process. On the other hand is an idea of having, truly, a way to plan, use the automation as your action plan, because security is obiously is time-critical, and so, automation becomes, in this context, become even more important. >> Massimo, with the launch of the Ansible Automation Platform, we see a real enhancement of how the ecosystem's participating here. Where does security fit into the collections that are coming from the partner ecosystem of Ansible? >> Well, in one way, we have been building over the shoulders of our friends in Network Automation. They did an amazing job over four years. They did two major things. The first one is that they expanded for the first time the footprint of Ansible outside the traditional IT operations space. That was amazing. And we did kind of the same thing, and we started working with some vendors that were already working with us for slightly different use cases, and we helped them to identify the right use cases for security, and expand even more what they were capable of doing through Ansible. And what we are doing now is basically working with customers, we have lighthouse customers, we call them, that guide us to understand which is the next step that we are supposed to perform, and we are gathering together a security community around Ansible. Because surprisingly, we all know that the security community has always been there, always been super vocal, but open-sourcing security's a fairly new thing, right? And so we have this ability, the important thing is that we all know that Red Hat is not a security vendor, right? We don't want to be a security vendor. That's not the ambition that we have. We are automation experts, in the case of Ansible, and we are open-source experts across the board. So what we are doing with them, we are helping them to get there, to cooperate in the open-source world. And for security, proven to be very interesting the adoption of collection, because in some way allows them to deliver the content that they want to deliver in a very, I would say, focused way, and since security relies on, again, is a matter of time to market or time to solve the problem, through collection, they have more independence, they are capable to deliver whatever they want to deliver, when they want to deliver, according to their staff needs. >> You know, one of the things you mentioned, glue layer, integration layer, and open source, your expertise on automation. It's interesting, and I want to get your reaction to this, 'cause we did a survey of CISOs in our community prior to the Amazon Web Services re:Inforce conference this past summer. It was their first, inaugural, cloud security, so, yeah, cloud security was a big part of it. But with on-premise and hybrid and multi-cloud here, being discussed, this notion of what cloud and role of enterprise is interesting to the CISOs, chief information security officer. And the trend on the survey was is that CISOs are re-hiring internal development teams to build stacks onsite in their own organizations, investing in their stack, and they're picking a cloud, and then a secondary cloud. So as that development team picks up, that seems to be a trend, one, do you agree with that? And if people want to have their own developers in-house, for security purposes, how does Ansible fit into that glue layer? Because if it's configuring all the gear and all the pipes and plumbing, it makes sense to kind of think about that. So this might be a trend that's helping you? >> So, the trend, there is a general trend in the corporate enterprise world hat more technical people are coming into traditionally, in areas that are traditionally under the purview of other people or domains, right? So, more technical people coming into business lines. We are seeing more developers coming into security, that's certainly a trend. It is a matter of managing scale and complexity. You need to have technical people there. So, in one hand, that help us to create a more efficient and more pervasive community around security. You have developers there, which means that you need to serve that corner case that you are not targeted at the moment, you have talented people that can cooperate with us and build those kinds of things. >> John: And use the open-source software. (laughs) >> Exactly, but that's the entire purpose, right? You want to drive people to contribute. They get the value back, we get the value back, they get the value back, that's the entire purpose. >> So you do see the trend of more developers being hired by enterprises in-house? >> It certainly is, and it's been going on for about, probably three to five years I've seen that, in other areas, mainly in the business area, because they want to gain that agility and want to be self-contained, in some way. Business want to be self-contained, and security, in some sense, is going the same direction. That fits clearly one angle of Ansible, so you have more contribution in the community. On the other hand, what we are trying to make sure is that we support the traditional security teams. Traditional security teams are not super developmental yet, so they want to consume the content. >> Well, DevOps is always, as infrastructure as code implies that the infrastructure has been coded, and if you look at all of the security breaches that have been big, a lot of them have been basic stuff. An exposed S3 bucket, is that Amazon's fault, or is that the operator's fault? Or patches that aren't deployed. You guys are winning with Ansible in these area. This seems to be a nice spot for you guys to come in. I mean, can you elaborate on those points, and is that true, you guys winning in those areas? 'Cause, I mean, I could see automation just solving a lot of those problems. >> Well, I will say something that's not super popular, but as a security community, we've always been horrible at the basics, right? Like any other technical people, we're chasing the latest and greatest, the fun stuff, the basics, we always been bad at that. Automation is a fairly new thing in security, And what we all know that automation does is providing you consistency and reduce human error. Most of this stuff is because somebody forgot to configure something, someone forgot to rotate a secret or something like that. >> They didn't bring their playbook to the game. (laughs) >> So, I'm not trying to guide the priorities here, but the point is that the same benefits that we get from automation-- >> There's just no excuse. If you have automation, you can basically-- >> Exactly. >> Load that patch, or configure that port properly, because a playbook exists. This only helps. >> Absolutely, but those are the basic values of automation. You're communicating a slightly different way to security, because they use different language, and for them, automation is still a new thing. But what you heard during the keynote, so, the entire purpose of the platform is to help different areas in the IT organization to cooperate with each other. As we know, security is not a problem of IT security anymore. It's a broader problem and needs to have a common tool to be solved. >> In the demo in the keynote this morning, I thought that they did a good job showing how the various stakeholders in the organization can all collaborate and work together. I want you to explain how security fits into that discussion, and also, they hadn't added the hardening piece in there, but I would expect for many companies that, I want to flag when I'm creating this image, that it's going to say, "Hey, "have you put the right security policies on top of it," not something that they just, "Oh, it's one of the steps that I do." How do we make sure that everybody follows those corporate edicts that we have? >> Well, it's mainly a matter, I don't want to play the usual card of cultural change, but the fact is that in security, especially, we are looking at two major shifts, and one of these shifts is that pretty much everyone, I would say private organization and government, kind of acknowledge that security, cybersecurity, is not an IT problem anymore, it's a business problem, right? Being a business problem, that means that the stakeholders involved are in all different parts of the organization, and that requires a different level of collaboration. Collaboration starts with training, and enablement of people to understand where the problems are, and understand that they are part of the same process. We used to have security as an highly specialized function of IT, right now, what happens is that, if you think about a data breach, a data breach could be caused by an IT problem, but most of the impact is on the business, right? So right now, a lot of security processes are shifting to give responsibility to the business owners, and if the government is involved, I live in London, and in Europe, for another month, I guess, we have this fantastic thing that you know, it's called GDPR. GDPR forces you to have what is called a data breach notification process, which means that now, if you're investigating a cyberthreat, you want to have legal there to make sure that everything is fine, and if this data breach could become a media thing, you want to have PR there, because you want to have a plan to mitigate whatever kind of impact you may have on your corporate image. You may also want to have there, I don't know, customer care, just to handle the calls from the customer worried for the data. So the point is that this is becoming a process that need to involve people. People needs to be aware that they are part of this process, and what we can do, as an automation provider, we are trying to enable, through the platform, the IT organizations to cooperate with each other. Having workflows, having the ability to contribute to the same process allows you to be responsible for your piece. >> Massimo, the new security track here at the show this year, for those that didn't get to come, or maybe that didn't get to see all of it, some of the highlights you want to share with the audience? >> So, this year, the general message this year is that it's the first time that we have this fantastic security track, and this is not a security conference, it is never going to be a security conference. So what we are trying to do is to enable security teams to talk with the automation experts to introduce automation in that space. So the general message that we have this year is, well, the desire is to create a bridge between the Ansible practitioners, the Ansible heroes, whatever you want to call them, to understand what the problem is, what the problem could be, and have a sort of a common language they can use to communicate. So the message that we have this year is, go back home, and sit down at the same table with your security folks, and make sure that they are aware that there's a new possibility, and you can help them, that you now have a common tool together. We had a couple of very interesting tracks. We have partners, a lot of partners are contributing to security space, we mentioned that before, and most of them have tracks here, and they are showing what they built with us, what are the possibilities of those tools. We have a couple of customer stories that are extremely interesting. I just came out from a session presenting one of our customer stories. And in general, we are trying to show also how you can integrate security in all the broader processes, like the mythical DevSecOps process. >> What's been the feedback from customers specifically around the talk, and the security conversations here at AnsibleFest? >> It wasn't unexpected, but it's going particularly well. We have very good feedbacks. And we have, we kind of-- >> John: What are they saying? >> Well, they are saying some, okay, the best quote that I can give you, the customer told me, "Oh, this year, I learned something new. "I learned that we can do something "in this space that we never thought about." Which is a good feedback to have at a conference. And a lot of people are attending these sessions. We have quite a lot of security professionals, that was kind of unexpected, so all the sessions are pretty full, but we also are seeing people that are just, they're just curious, they're coming in, and they are staying, they are paying attention. So there is the real opportunity, they see the same opportunity that we see, and hopefully, they will bring the message home. >> Massimo, thank you for coming on theCUBE and sharing your insights. Certainly, security is a main driver for automation, one of the key four bullet points that we outlined in our opening. Thanks for coming on, and sharing your insights. >> Thank you very much for having me. >> It's theCUBE coverage here at AnsibleFest 2019, where Red Hat's announced their Ansible Automation Platform. I'm John Furrier, with Stu Miniman. Stay with us for more after this short break. (upbeat music)

>> Red Hat OpenShift Container Platform >> Announcer: Live from Boston, Massachusetts, it's theCube Covering Red Hat Summit 2017. Brought to you by Red Hat. >> Welcome back to theCube's coverage, I'm Rebecca Knight your host, here with Stu Miniman. Our guest now is Andrius Benokraitis, he is the Principle Product Manager at Ansible Red Hat Network Automation, thanks so much Andrius. >> Thanks for having me I appreciate it. >> This is your first time on the program. >> Andrius: First time. >> We're nice, >> Really nervous, so, okay. we don't bite. >> Start a little bit with your new to the company relatively >> Andrius: Relatively. >> networking guy by background, can you give us a little bit about your background. >> Sure, I mean, I actually started at Red Hat in 2003. And then did about four five jobs there for about 11 years. And then jumped, went to a startup named Cumulus Networks for about two years. Great crew, and then, now I'm at Ansible, been there since about December, so working on the Network Automation Use Case for Ansible. >> Alright, so networking, has a little bit of coverage here, I remember, you know, something like the Open Daylight stuff and I have, actually there are a couple of Red Hatters that I interviewed at one show ended up forming a company that got bought by Dockers, so you know, there's definitely networking people, but maybe give us a broad view of where networking fits into this stuff that you're working on specifically. >> Yeah, sure thing. I think it's interesting to point out that as everything started in the compute side, and everything started to get disaggregated, the networking side has come along for the ride per se. It's been a little bit behind. When we talk about networking a lot of people just think automatically that's the end. And we're actually trying to think a little bit lower level, so layer one, layer two, layer three, so switching, routing, firewalls, load balancers, all those things are still required in the data center. And when people started using Ansible, it started five years ago on the compute side, a lot of the people started saying, I need to run the whole rec, and I'm not a CCIE, and I don't really know what to do there but I've been thrown in to do something, I'm a cloud admin, the new title right. I have to run the network, so what do I do. I don't know anything about networking, I'm just trying to be good enough, well, I know Ansible, so why don't I just treat switches like servers, and just treat them like, like what I know, they just have a lot more interfaces, but they just treat it that way. So a lot of the expertise came from the ground up with the opensource model and said this is the new use case. >> Well, Jay Rivers, the founder of Cumulus, it's like networking will just be a Linux operating model, you know, extended to the network, which is always like, hey, sounds like a company like Red Hat should be doing that kind of stuff. >> Exactly, it's interesting to see a Bash prompt in the networking right, it's familiar to a lot of people, in the devop space, absolutely. >> So it's a very rapidly changing time, as we know, in this digital computing age, the theme of this conference is the power of the individual, celebrating that individual, the developer, empowering the developers to take risks, be able to fail, make changes, modify. You're not a developer, but you manage developers, you lead developers, how do you work on creating that context, that Jim Whitehurst talked about today. >> I think it starts with, the true empowerment, you have the majority of the networking platforms are still proprietary and walled off, walled off gardens, they're black boxes you can't really do much with them, but you still have the ability to SSH into them, you have familiar terms and concepts from the server side in the networking side. So as long as you have SSH in the box and you know your CLI commands to make changes, you can utilize that in part of Ansible to generate larger abstractions to use the play books in order to build out your data center, with the terms and the Lexicon of YAML, the language of Ansible, things that you already know and utilizing that and going further. >> Can you speak to us a little bit about customers, you know, what's holding them back, how are you guys moving them forward to the more agile development space? >> Our customers are mostly brownfield, they're trying to extend what they already have. They have all their gear, they have everything they have that they need but they're trying to do things better. >> I don't find greenfield customers when it comes to the network side of the house, I mean we've all got what I have and we knew that IT's always additive, so, I mean that's got to be a challenge. >> It's a huge challenge. >> Something you can help with right? >> It's a huge challenge, and I think from the network operators and network engineers, a lot of them are saying, again, they're looking at their friends on the compute side, and they can spin up VMs and provision hardware instantaneously, but why does it have to take four to six weeks to provision a VLAN or get a VLAN added to a network switch? That sounds ridiculous, so a lot of the network engineers and operators are saying, well I think I can be as agile as you, so we can actually work together, using a common framework, common language with Ansible, and we can get things done, and we can get all of this stuff I hate doing, and we don't have to do that anymore, we can worry about more important things in our network, like designing the next big thing, if you want to do BGP, design your BGP infrastructure, you want to move from a layer two to a layer three or an SDN solution. >> I love that you talk about everybody, kind of the software wave and breaking down silos, network and storage people are like, oh my God, you're taking my job away. >> Exactly, completely, no, we're not taking your job. We are augmenting what you already have. We're giving you more tools in your tool belt to do better at your job, and that's truly it, we don't have to, people can be smarter so, if you want to add a VLAN, that can be a code snippet created by the sys admin, it can be in Git, and then the network engineer can say, oh yeah, that looks good, and then I just say, submit. What we see today with some of the customers is, yeah, I want to automate, I really want to automate, and you say, great, let's automate. But then you start getting, you peel back the onion, and you start seeing that, well, how are you managing your inventory, how are you managing your endpoints. And they're like, I have a spreadsheet? And you're like, as a networking guy I guess you, (excited clamoring) >> Networking is scary for a lot, >> It's super scary, yeah. >> So how, do you break that down? >> You do what you can, you do it in small pieces, we're not trying to change the world, we're not trying to say, you're going to go 100% devops in the network. Start small, start with something, like again, you really hate doing, if you want to change, something really low risk, things you really hate doing, just start small, low risk things. And then you can propagate that, and as you start getting confidence, and you start getting the knowledge, and the teams, and every one starts, everyone has to be bought in by the way. This is not something you just go in and say, go do it. You have to have everyone on board, the entire organization, it can't be bottom up, it can't be top down, everyone has to be on board. >> And Andrius, when I talk to people in the networking space, risk is the number one thing they're worried about. They buy on risk, they build on risk, and the problem we have with the networks, they're too many things that are manual. So if I'm typing in some you know, 16 digit hexadecimal code >> From notepad, manually you're copying and pasting >> from like a spreadsheet. Copying and pasting, or gosh, so things like that, the room for error is too high. So there's the things that we need to be able to automate, so that we don't have somebody that's tired or just, wait, was that a one or an L or an I. I don't know, so we understand that it actually should be able to reduce risk, increase security, all the things that the business is telling you. >> All these network vendors have virtual instances. You can do all your testing and deployment, all your testing and your infrastructure, and you can do everything in Jenkins and have all your networking switches, virtually, you can have your whole data center in a virtual environment if you want. So if you talk about lower risk, instead of just copying and pasting, and oh was that a slash 24 or a slash 16, oops, I mean that looked right, but it was wrong, but did it go through test, it probably didn't. And then someone's going to get paged at three in the morning, and a router's down, an edge router's down and your toast. So enabling the full devops cycle of continuous integration. So bringing in the same concepts that you have on the compute side, testing, changes, in a full cycle, and then doing that. >> You talked about the importance of buy in and also the difficulties of getting buy in. How much of that is an impediment to the innovation process, but one of the things we've been talking about, is can big companies innovate? What are the challenges that you see, and how do you overcome them? >> That is the number one, that is the biggest issue right now in the network space, is getting buy in. Whether it's someone who has done it on their own, someone can just install Ansible and do something, and then deploy a switch, but if they leave the company and there's no remediation, if it's not in the MOP, if it's not in the Method of Procedure, no one knows about it. So it has to be part of your, you want to keep all the things you have, all the good things you have today with your checks and balances in the networking, and the CIOs and the people at the top have to understand, you can keep all that stuff, but you have to buy in to the automation framework, and everyone has to be onboard to understand how it fits in in order to go from where you are today to where you want to be. >> At the show here what's exciting your customers? You know, give us a little bit of a viewpoint for people that are checking out your stuff, what to expect. >> Well I think the one thing is they're not used to seeing, they think it's black magic, they think it's just magic. They're like, I can use the same things for everything? I say, yeah, you can. The development processes, the innovation in the community, you know for example, if you want to assist, go ACI Module, it's in GitHub, it's in Cisco's GitHub, you can just go ahead and do that. Now we're trying, starting to migrate those things into core. So the more that we get innovation in the community, and that we have the vendors and the partners driving it, and you're seeing that today, you know, we have F5 here we have Cisco, we have Juniper we have Avi, all those people, you know, they have certified platforms with Ansible, Ansible Core, which is going to be integrated with Ansible Tower, we have full buy in from them. They want to meet with us and say how can we do better. How can we innovate with you to drive the nexgen data centers with our products. >> You talked about yourself as a boomerang employee, what is the value in that, and are you seeing a lot of colleagues who are bouncing around and then coming back from ... >> Absolutely, I think pre acquisition Ansible, the vast majority of the people, I believe were ex-Red Hatters that went to Ansible. So what's really nice to come back home and understand the people that left, that came back to understand already what the, >> And people feel that way, it's a coming home? >> Yeah, it's a coming home, it really is. They understand, you know, they came back, they understood the values of opensource and the culture, again, I started Red Hat in 2003, I see the great things, I see new people getting hired and I see the same things I saw back then, 2003, 2004, with all the great things that people are doing, and the culture. You know, Jim's done a great job at keeping the culture how it is, even way back then when there was only 400 people when I started. >> Andrius, extend that culture, I think about the network community and opensource and you know, you talk about, there's risk there, and you know, you think about, I grew up with kind of enterprise, infrastructure mentality, it's like, don't touch it, don't play with it. We always joked, I got every thing there, really don't walk by it and definitely, you know, some zip tie or duct tape's going to come apart. Are we getting better, is networking embracing this? >> Yes, for sure. I think the nice thing is you start seeing these communities pop up. You're starting to see network operators and engineers, they've been historically, if they don't know the answer, they won't go find it. They kind of may be shy, shy to ask for help, per se. >> If it wasn't on their certification, >> Exactly. >> They weren't going to do it. >> If it wasn't there I'm not going to go, we're bringing them into, so we have, whether there's slack instance, there are networking communities, networking automation, communities, just for network automation. And there's one, there's an Ansible channel, on the network decode, select channel, has almost 800 people on it. So they're coming and now they have a place, they have a safe place to ask questions. They don't have to kind of guess or say, you know what, I'm not going to do that. And know they have a safe place for network engineers, for network engineers to get into the net devop space. >> Another one of the sort of sub themes of this summit is people's data strategy, and customers and vendors, how they're dealing with the massive amounts of data that they're customers are generating. What is your data strategy, and how are you using data? >> So there's two aspects here. So the data can be the actual playbooks themselves, the actual, the golden master images, so you can pull configs from switches, and you can store them and you can use them for continuous compliance. You can say, you know, a rogue engineer might make a change, you know, configuration drift happens. But you need to be able to make those comparisons to the other versions. So we're utilizing things like Git, so you're data strategy can be in the cloud, it can be similar on your side, you can do Stash locally. For part of the operations piece, you can use that. A second piece is, log aggregation is a big piece of the Ansible. So when you actually want to make sure that a change happens, that it's been successful, and that you want to ensure continuous compliance, all that data has to go somewhere, right? So you can utilize Ansible Tower as an aggregator, you can go off using the integrations like Splunk and some other log aggregation connectors with Ansible Tower to help utilize your data strategy with the partners that are really the driving, the people that know data and data structures, so we can use them. >> And one of the other issues is the building the confidence to make decisions with all the data, are you working on that too with your team? >> Yes, we are working with that, and that's part of the larger tower organization, so it goes beyond networking. So, whatever networking gets, everyone else gets. When we started developing Ansible Core and the community and Ansible Tower in-house, we think about networking and we think about Windows, that's a huge opportunity there, you know, we're talking about AWS in the cloud. So cloud instances, these are all endpoints that Ansible can manage, and it's not just networking, so we have to make sure that all of the pieces, all of the endpoints can be managed directly. Everyone benefits from that. >> Andrius thank you so much for your time we appreciate it. >> Thanks again for having me. >> I'm Rebecca Knight for Stu Miniman, thank you very much for joining us. We'll be back after this.