(soft music) >> We're in Las Vegas at The Venetian for our continued coverage here of re:Invent '22, AWS's big show going on. Great success off to a wonderful start. We're in the Executive Summit sponsored by Accenture. And we're going to talk about public health and the cloud, how those have come together in the great state of North Carolina. Charles Carter is going to help us do that. He's assistant secretary for technology services with the state of North Carolina's Department of Health and Human Services. Charles, good to see you. Thanks for joining us here on "theCUBE". >> Thank you very much for having me. >> Yeah, thanks for making the time. So first off, let's talk about what you do on the homefront before what you're doing here and where you're going. But in terms of kind of what your plan has been, what your journey has been from a cloud perspective and how you've implemented that and where you are right now in your journey. >> Sure, so we started. When I got there, we didn't have a cloud footprint at all. There was a- >> Host: Which was how long ago? >> I got there in 2016, so about six years. >> Host: Six, seven years, yeah. >> Yeah, five, six years. So anyways, we started off with our first module within our Medicaid expansion. And that was the first time that we went into the cloud. We worked with AWS to do our encounter processing system. And it was an incredible success. I think the ease of use was really kind of something that people weren't quite ready for. But it was really exciting to see that. And the scalability, to be able to turn that on and cover the entirety of North Carolina was awesome. So once we saw that and get a little taste of it, then we really wanted to start implementing it throughout DHHS. And we marshaled in a cloud-only cloud-first strategy where you had to actually get an exemption not to go to the cloud. And that was a first for our state. So that was really kind of the what launched us. But then COVID hit. And once COVID came in, that took us to a new level. COVID forced us to build technologies that enabled a better treatment, a better care, a better response from our team. And so we were able to stand up platforms in 48 hours. We were able to stand up COVID vaccine management systems in six weeks. And none of that would've been possible without the cloud. >> So forced your hand in a way because all of a sudden you've got this extraordinarily remote workforce, right, and people trying to- And you're doing different tasks that were totally unexpected, right, prior to that. What kind of a shock to the system was that from I get from an IT perspective? >> Yeah, so from a state government perspective, for example, you never hear you have all the money you need and you have to do it quickly. It just doesn't work like that. But this was a rare moment in time where you had this critical need. The entire country and our state population was kind of on edge. How do we move through this? How do we factor our lives into this new integration? What is this virus? Is it spreading in my county, in my city, my zip code? Where is it? And that kind of desperation really kind of focused everybody in on build me technologies that can get me the data that I need to make good healthcare decisions, good clinical decisions. And so that was our challenge. Cloud enabled it because it can scale so quickly. We can set up things, we can exchange data. We can move data around a lot easier. And the security is better from our perspective. So that COVID experience really kind of pushed us, you know, if you will, out the door. And we're never going back because it's just too good. >> Yeah, was that the aha moment then in a way because you had to do so much so fast and before capabilities that maybe you didn't have or maybe hadn't tapped? >> Yeah, yeah. >> I mean what was the accelerant there? Was COVID that big, or was it somebody who had to make a decision to say, this is where we're going with this, somebody in your shoes or somebody with whom you work? >> Yeah, no, I mean cloud at the end of the day, we knew that in order to do what we needed to do we couldn't do it on-prem. It wasn't an option. So if we wanted to build these capabilities, if we wanted to bring in technologies that really brought data to our key, our governor, our secretary, to make good decisions on behalf of our residents in North Carolina, then we were going to have to build things quickly. And the only way you can do that is in the cloud. So it was when they came back and said, "We need these things," there's only one answer. That's a good thing about technology. It's pretty binary, so it was either go with what we had, which wasn't adequate, or build to what we knew we could do and pretty short order. And because of that, we were able to actually usher in a huge expansion of cloud footprint within DHHS. And now we've actually been able to implement it in other departments simply because of our expertise. And that's been a huge asset for the state of North Carolina as a whole. >> So what's your measuring stick then for value in terms of identifying benefit? 'Cause it's not really about cost. This is about service, I assume, right? >> Right. >> So, you know, how do you quantify the values and the benefits that you're deriving from this migration over to the cloud? >> So from our perspective, it hits several different areas. I mean, you can start in security. We know that if we're in the cloud the tools that can manage and give us visibility in the cloud are 10 times better than an on-prem environment. And so if we can take a lot of these legacy systems and move them to the cloud, we'll be in a better security posture. So we have that piece of it. The other part of it is the data aspect of it, being able to- We're 33 divisions strong, right? We have a large footprint. We have a lot of siloed data elements. And cloud allows us to start integrating those data sets in a much more usable fashion so that we can see that if Charles Carter's in one area in division, a specific division with DHHS, is he somewhere else? And if he is somewhere else, then how do we provide a better clinical care for that individual? And those are conversations that we can't really have if we don't move to the cloud. So those types of- And of course there's always the OKRs, the actual measurements that you apply to things that we're doing. But at the end of the day, can we get the requirements from our business partners, bring those requirements to bear in technology, and really enable the indoctrination of these requirements throughout our clinical and healthcare kills? >> What about they're always pillars here, right? Governance, huge pillar, security, huge pillar, especially in your world, right? >> Yeah. >> So making that move over to the cloud and still recognizing that these are essentials that you have to have in place, I wouldn't say adjustments, but what kind of, I guess, recognition have you had toward that and making sure that you're still very true to those principles that are vital in the terms of public health? >> It is a great question because our secretary at the time and our governor, Roy Cooper, were very focused on enabling transparency. We had to be very transparent with what we were doing because the residents in North Carolina were just really kind of, "What's going on?" It was a scary time for a lot of us. So transparency was a key element towards our success. And in order to do that, you've got to have proper security. You got to have proper governance. You've got to have proper builds within technology that really enable that kind of visibility. One of the things that we did very early on was we set up a governance structure for our cloud environments so that as we wanted to and stand up an easy-to environment or we wanted to do some sort of work within a cloud or stand up in a different environment, we were able actually to set up a framework for how do you introduce that. Are you doing it correctly? Do you have the proper security on it? Do you have the funding for it? Like all the steps that you need to really kind of build into the scaffolding around a lot of these efforts we had to put in place and pretty quickly to get them going. But once we did that, the acceptance and the adoption of it was just tremendous. I mean, it was a light on for all of our business partners 'cause they understood I can either build on-prem, in which case I won't be able to get what I want in any kind of reasonable time period. Or I can build on cloud. And I can have it in some cases in 48 hours. >> Right, tomorrow. >> Yeah, exactly. >> You know, it was a huge difference. >> So where are you there? I mean, this is just not like a really big old lift and shift and we're all done and this is great. Cloud's taken care of all of our needs. Where are you in terms of the journey that you're undertaking? And then ultimately where do you want to go, like how far? What kind of goals have you set for yourself for the next two, three years down the road? >> Yeah, so this is an exciting part because we have actually- Like I mentioned earlier, we are a cloud-first cloud-only strategy, right? There's no reasons for us to be on-prem. It's just a matter of us kind of sunsetting legacy systems and bringing on cloud performance. We hope to be a 60% of our applications, which we have over 400 applications. So it's pretty large footprint. But we're wanting to migrate all of that to the cloud by 2025. So if we can achieve that, I think we'll be well on our way. And the momentum will carry forward for us to do that. We've actually had to do a reorganization of our whole IT structure. I think this is an important part to maintain that momentum because we've reorganized our staff, reorganized ourselves so that we can focus more on how do you adopt cloud, how do you bring in platforms which are all cloud-based, how do you use data within those systems? And that has allowed us to kind of think differently about our responsibilities, who's accountable for what, and to kind of keep those, that momentum going. So we've got some big projects that are on right now. Some of them are lift and shift, like you mentioned. We have a project with kind of a clumsy, monolithic system. It's called (indistinct). We're trying to migrate that to the cloud. We're in the process of doing that. And it's an excellent demonstration of capability once we pull that off. And then of course any new procurement that we put out there no one's making anything for on-prem anymore. Everyone's making their SaaS products for cloud-based experiences. Or if we're going to build or just use integrators then we'll build that in house. But all of it's based on cloud. >> And you mentioned SaaS. How much of this stuff are you doing on your own? And how much are you doing through managed services? >> Yeah, so like I mentioned, we have over 400 applications. So we had a pretty large footprint, right? >> Big, it's huge, right. >> So we're only who we are, and we can only build so much. So we're kind of taking- We did a application rationalization effort, which kind of identified some threats to our systems. Like maybe they're older things, FoxPro, kind of older languages that we're using. And in some cases we got people who are retiring. And there's not many people who can support that anymore. So how do we take those and migrate them to the cloud, either put them on a Salesforce or ServiceNow or Microsoft Dynamics platform and really kind of upgrade those systems? So we're in the process of kind of analyzing those elements. But yeah, that's kind of the exciting launch, if you will, of kind of taking the existing visibility of our applications and then applying it to what we're capable of with the cloud. >> And if you had advice that you could give to your colleagues who are in public health or just in public, the public sector- And your resources, they're finite. This is kind of what you have to deal with. And yet you have needs, and you're trying to stay current. You've got talent challenges, right? You've got rev or spending challenges. So if you could sit down your colleagues in a room and say, "Okay, this has been our experience. Here's what I would keep an eye out for," what kind of headlights would you beat for them? >> Yeah, so I think the biggest aha that I'd like to share with my contemporaries out there is that you've got a great ability to lower your costs, to excite your own personnel because they want to work on the new stuff. We've actually set up a whole professional development pathway within our organization to start getting people certified on AWS, certified on other platforms, to get them ready to start working in those environments. And so all of that work that we're been doing is coming together and allowing us to maintain the momentum. So what I'd recommend to people is, A, look at your own individual staff. I don't think you need to go outside to find the talent. I think you can train the talent that you have interior. I think you've got to aggressively pursue modernization because modernization enables a lot more. It's less expensive. It enables quicker adoption of business requirements and modern business requirements. And then lastly, focus on your data sharing because what you're going to find in the platforms and in the clouds is that there is a lot more opportunities for data integrations and conjoining disparate data sources. So if you can do those elements, you'll find that your capabilities on the business side are much more, much greater on the other end. >> Don't be scared, right, jump in? (laughing) >> Definitely don't be scared. Don't be, the water's warm. (host laughing) Come on in, you're fine, you're fine. (laughing) >> No little toe dipping in there. You're going to dive into the deep end, let her rip. >> Exactly, just go right in, just go right in. >> Well, it sounds like you've done that with great success. >> I'm very happy with it. >> Congratulations on that. And wish you success down the road. >> Thank you very much, I appreciate it. >> Yeah, thank you, Charles. All right, back with more. You are watching theCUBE here in Las Vegas. theCUBE of course the leader, as you know, in tech coverage. (soft music)

(techno music) >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're in Reno, Nevada at the Reno Convention Center. It's InterBike 2018, I think it's like 20,000 people, haven't got the official count yet, but this is an amazing show, it's all about bicycles. We came because we want to learn more about eBikes, and really, this kind of last mile thing that's goin' on, mobility, and right at the center of the eBike revolution is a company that's been around forever, and that's Bosch, and we're happy to have Jonathan Weinert. He's a sales and marketing manager for the Bosch eBikes. Jonathan, great to see you. >> Great to see you, Jeff. >> So, I don't know if everybody knows, you guys power like half of all the eBikes that are out there. You guys are completely in bed with all these manufacturers with really, the industry leading system. >> Thank you, yes, the Bosch eBike system, you'll find it world wide on about 70 different bike brands throughout the world. Here in North America, we're on about 30 different brands, from Trek to Electra to Cannondale. And they power all types of bikes, so commuter bikes, cargo bikes, fat bikes, mountain bikes, any type of bike that you can think of can use the Bosch eBike system to amplify the rider's power and help you go further, higher, farther, less sweat or sweat it out, whatever you want. >> Right, it's like the magic power. >> Exactly, magic carpet ride. >> The main components are you got the drive unit, which is really the heart of the system. >> Yes. >> The battery obviously to provide the power, then the control unit that's up on top of the handlebars, so you can control it. >> Exactly. >> So we were talking before we turned the cameras on, of kind of the history, you guys have been at this for like nine years, I believe you said? >> Exactly, yeah, we invented this system nine years ago, it was a combination of technology from our automotive business. So an electric power steering motor, married with technology from our power tools business, the lithium iron battery pack. And we also had some sensors, torque sensors and electronics and we put these technologies together, and the engineers back then, what they wanted to do is create something to make cycling still feel like cycling but help you conquer hills. >> Right. >> And go farther and use the bike more. >> Right, it's pretty interesting cause there's a whole lot of data that's feeding that software and the algorithms to make those feedback loops smooth, make 'em feel like bicycling, so it's really you're riding on software. >> Exactly, you're riding on software and we have three sensors that are capturing your input. Torque sensor from the pedals, how fast you're pedaling, and wheel speed. And those three sensor measurements go into the electronics and tell the motor how much extra oomph to give you. >> Right, but you have to be pedaling right? >> You always have to be pedaling, yeah. >> That's one of the data inputs. >> Exactly, these are all pedal assist eBikes, and they only assist you when you pedal, no throttle, and they can assist you up to 20 miles per hour, or 28 miles per hour for our speed system. >> Right, we saw that last night in the gazelle, they had one of the 28 mile an hour bikes. >> Yeah, which is great for people that have long distance commutes or they want to do these huge adventure rides, so yeah, both are great. >> Now, what about the maintenance for these types of systems I mean it looks like a pretty closed system. >> It is totally closed, yeah. >> It's totally closed. >> Yeah, the maintenance, they last a long time, they're warrantied for two years, but if you have a problem with anything, you take it to the dealer, the dealer takes the component off, sends it to Bosch and gives you a new one. You don't have to open anything or solder anything. >> Right, right. >> Yeah, no. It's automotive grade, sort of service and diagnostics. >> Right, so the other thing we're seeing all over the show floor here again is all about the data. There's so much more data available to the riders. We were just at the Garmin booth and I don't know how many different data sets that they can track, in terms of your pedal pressure. >> Yes. >> Whether you're tipping back and forth, whether you're even, and you guys are actually pulling some of that external data back into your systems, right? For a unified experience for the rider. I think you said, a heart rate sensor for instance? >> Exactly, that's the newest feature that we're showcasing at InterBike today, the Kiox display. Which connects man and machine, or woman and machine. You can wear a heart rate monitor and as you're riding, you can see your heart rate on your device. Which is great if you want to train on an e-mountain bike. Sometimes you want to keep your heart rate in a certain range. Sometimes you want to make sure it doesn't go above a certain limit. >> Right. Yeah, so it's our first step into connectivity. Many more connectivity features will follow. >> Right, so I'm just curious from your perspective on the bike industry, cause you sit in kind of this, cat bird seat, since you deal with so many different kinds of bikes. And I was amazed at how much of the mountain bike adoption of the eBikes is happening here. Have you seen within your dealers, kind of this new opportunity to leverage electronics and a motor to kind of reinvigorate the brands, reinvigorate the models, and reinvigorate, you know, many of the, just a wide range of cool form factors that we're seeing all over the floor? >> Yeah, so nine years ago, Bosch coupled with Haibike. Haibike sort of created this segment of e-mountain biking by putting the motor in a unique way into the bike, and since then this e-mountain bike trend has really taken off, it's huge in Europe. You'll see e-mountain bikes all over the ski resorts there. They're allowing families to e-mountain bike together, to bike together, just like they ski together in the winter. So it's reinvigorating ski resorts and we see ski resorts here in the US, also embracing e-mountain bikes. Mammoth Mountain just allowed class one e-mountain bikes on all their bike park trails. So e-mountain biking is really spreading through this resort and other resorts, North Star, right up the road. >> Right and I wonder on the city side, again, lessons we can learn from Europe, cause it seems like the regulations are, you know, they're always a little bit behind the technology in terms of, you know, how are eBikes treated. Are they a bike, are they a motor vehicle? And I know there's some laws but it still seems a little bit confused and cities aren't quite ready to realize that an eBike is better than a car, in terms of so many things happening in the city. Are you guys involved in that, kind of industry consortium and how do you see that evolving? >> So we've been involved with several other bike companies and PeopleForBikes to create a framework, how to regulate eBikes. And we've divided eBikes into three classes. Class one, two and three, pedal assist, throttle, anyway. Setting up this definition of the three classes of eBikes, we've created this eBike law in California and nine other states throughout the country. So now they know how to regulate eBikes and these three classes and they can limit where each class can go on the roads. And with this regulation, we're seeing the eBike adoption in these states really start to pick up, now that they're easier to regulate. >> Right, well Jonathan, really a cool story and it's been really fun to watch Bosch, especially as you guys have gone from your long history in the auto parts world to this new exciting space. So thanks for taking a few minutes and congrats. >> Oh, my pleasure, Jeff, thank you. >> Alright, he's Jonathan, I'm Jeff, you're watching theCUBE, we're at InterBike in Reno, Nevada. Thanks for watching, see you next time. (techno music)

>> Announcer: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at the RSA conference in San Francisco 40,000 plus people talking about security, gets bigger and bigger every year. Soon it's going to eclipse Oracle Open World and Sales Force to be the biggest conference in all of San Francisco. But we've got somebody who's been coming here he said for 16 years, Ricardo Villidiego, the EDP and GM Security and Fraud for Cyxtera. Did I get that right, Cyxtera? >> Cyxtera. >> Jeff: Cyxtera Technologies, great to see you. >> Thank you Jeff, it's glad to be here. >> So you said you've been coming here for 16 years. How has it changed? >> Yeah, that's exactly right. You know it's becoming bigger, and bigger, and bigger I believe this is a representation of the size of the prowling out there. >> But are we getting better at it, or is it just the tax service is getting better? Why are there so many, why is it getting bigger and bigger? Are we going to get this thing solved or? >> I think it is that combination within we have the unique solution that is going to help significantly organizations to get better in the security landscape I think the issue that we have is there's just so many now use in general and I think that now is a representation of the disconnection that exists between the way technologies are deploying security and the way technologies are consuming IT. I think IT is completely, has a evolved significantly and is completely hybrid today and organizations are continuing to deploy security in a way like if we were in the 90s. >> Right. >> And that's the biggest connection that exists between the attacks and the protection. >> But in the 90s we still like, or you can correct me, and we can actually build some big brick walls and a moat and a couple crocodiles and we can keep the bad guys out. That's not the way anymore. >> It is not a way. And look, I believe we're up there every protection creates a reaction on the adversary. And that is absolutely true in security and it is absolutely true in the fraud landscape. Every protection measure will push the adversary to innovate and that innovation is what, for good and for bad, has created this big market which we can't complain. >> Right, right. So for folks that aren't familiar with Cyxtera give them the quick update on what you guys are all about. >> So see, I think Cyxtera is here to conquer the cyber security space. I think what we did is we put together technologies from the companies that we acquire. >> Right. >> With a combination of the call center facilities that we also acquired from Centurylink to build this vision of the secure infrastructure company and what we're launching here at the RSA conference 2018 is AppGate 4.0 which is the flagship offering around secure access. Secure access is that anchor up on which organizations can deploy a secure way to enable their workforce and their party relationships to get access the critical assets within the network in a secure way. >> Okay, and you said 4.0 so that implies that there was a three and a two and probably a one. >> Actually you're right. >> So what are some of the new things in 4.0? >> Well, it's great it gives it an evolution of the current platform we lounge what we call life entitlements which is an innovative concept upon which we can dynamically adjust the permitter of an an end point. And the user that is behind that end point. I think, you know, a permitter that's today doesn't exist as they were in the 90s. >> Right, right. >> That concept of a unique permitter that is protected by the firewall that is implemented by Enact Technology doesn't exist anymore. >> Right. >> Today is about agility, today is about mobility, today is about enabling the end user to securely access their... >> Their applications, >> The inevitable actions, >> They may need, right. >> And what AppGate does is exactly that. Is to identify what the security processor of the end point and the user behind the end point and deploy a security of one that's unique to the specific conditions of an end point and the user behind that end point when they're trying to access critical assets within the network. >> Okay, so if I heard you right, so instead of just a traditional wall it's a combination of identity, >> Ricardo: It's identity. >> The end point how their access is, and then the context within the application. >> That's exactly right. >> Oh, awesome so that's very significant change than probably when you started out years ago. >> Absolutely, and look Jeff, I think you know to some extent the way enterprises are deploying security is delusional. And I say that because there is a reality and it looks like we're ignoring ignoring the reality but the reality is the way organizations are consuming IT is totally different than what it was in the 90s and the early 2000s. >> Right. >> The way organizations are deploying security today doesn't match with the way they're consuming IT today. That's where AppGate SDP can breach that gap and enable organizations to deploy security strategies that match with the reality of IT obstacles today. >> Right. If they don't get it, they better get it quick 'cause else not, you know we see them in the Wall Street Journal tomorrow morning and that's not a happy place to be. >> Absolutely not, absolute not and we're trying to help them to stay aware of that. >> Right. Alright, Ricardo we'll have to leave it there we're crammed for time but thanks for taking a few minutes out of your day. >> Alright Jeff, thank you very much I love to be here. >> Alright. He's Ricardo I'm Jeff you're watching theCUBE from RSAC 2018 San Francisco. (upbeat music)

>> Announcer: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> Hey, welcome back everybody. Jeff Frick here with theCUBE. We're at the RSA Conference in downtown San Francisco. Forty thousand plus security experts really trying to help us all out. Protect our borders not so much, but protects access to these machines, which is harder and harder and harder everyday with bring your own devices and all these devices. So really, it's a different strategy. And we're really excited to have ExtraHop back, we had ExtraHop on last year for the first year, he's Matt Cauthorn, the VP of security at ExtraHop. So Matt, what do you think of the show? >> Oh, amazing. Absolutely amazing. Super packed, been walking like crazy. Got all my steps in, its fantastic. >> Alright, so you guys have been in network security for a long time? >> Yeah so we've been, so we live in the East-West corridor, inside the enterprise, inside the perimeter doing wire data analytics, and network security analytics. Our source of data is the network itself. >> Okay. And the network is increasing exponentially with all the traffic that's going through, the data sources are increasing exponentially with all the traffic going through. >> That's right. >> So how are you guys keeping up with the scale, and what's really the security solution that you guys are implementing? >> So the point you make is really interesting. Yes, it is increasing exponentially, and as a data source the network is the only sort of observational point of truth in the entirety of IT. Everything else is sort of self-reported. Logs, end points, those are very valuable data sources, but as an empirical source of truth, of evidence, the network wins. That assumes you can scale. And that assumes you're fluent with the protocols that are traversing the network, and you're able to actually handle the traffic in the first place. And so for us just this week, we announced a 100gb per second capable appliance, which you know is an unprecedented amount of analytics from the network's perspective. So we're very proud about that. >> So what are you looking for? What are some of the telltale signs that you guys are sniffing for? >> So generally, we auto-classify and auto-discover all of the behaviors on the wire. From the devices themselves, to the services that those devices expose, as well as the transactions that those devices exchange. And so from a context perspective, we're able to go far deeper than almost anyone else in the space, that we know of at least. Far deeper and far more comprehensive sort of analysis as it relates to the network itself. >> And the context is really the key, right? Tag testing what, why, how. System behavior, that's what you're looking for? >> A great example is a user logging into a database, that might be part of a cluster of databases, and understanding what the user's behavior is with the database, which queries are being exchanged, what the database response is in the first place. Is it an error, is it an access denied? And does this behavior look like a denial of service, for example. And we can do all of that in real time, and we have a machine learning layer that sits over top and sort of does a lot of the analytics, and the sort of insights preemptively on your behalf. >> And it's only going to get crazier, right? With IOT and 5g. Just putting that much more data, that many more devices, that much more information on the network. Yeah, so IOT in particular is interesting, because IOT is challenging to instrument in traditional ways, and so you really do have to fall back to the network at some point for your analysis. And so that's where we're very, very strong in the IOT world and industrial controls, SCADA and beyond. Healthcare, HL7 for example. So we're able to actually give you a level of insight that's really, really difficult to get otherwise. >> And we've been hearing a lot of the keynotes and stuff, that those machines, those end points are often the easiest path in for the bad guys. >> Yes they are. >> An enormous security camera or whatever, because they don't have the same OS, they don't have all the ability to configure the protections that you would with say a laptop or a server. >> That's right. There's a surprising number of IOT devices out there that are running very, very old. And vulnerable operating systems are easy to exploit. >> Alright, so Matt I guess we're into Q2 already, hard to believe the years passing by. What's priorities for 2018 for you and ExtraHop? >> So we've announced a first class, purpose-built security solution this year, and really the plan is to continue the sort of momentum that we've accrued. Which is very encouraging, the amount of interest that we've had. It's hard to keep up, frankly. Which is fantastic. We want to continue to build on that, grow out the use cases, grow out the customer base and continue our success. >> Alright Matt, well we'll keep an eye on the story, and thanks for stopping by. >> Great, thank you. Appreciate it. >> Alrighties Matt, I'm Jeff, you're watching theCUBE from RSA Conference, San Francisco. Thanks for watching.

>> Narrator: From downtown San Francisco it's the Cube covering RSA North America 2018. >> Hey, welcome back, everybody. Jeff Frick here with the Cube. We're at the RSA conference in downtown San Francisco, 40,000 plus professionals all about security and one of the big themes is how do we work together? How do we leverage our collective knowledge, look for patterns to help, you know, be better against the bad guys, and one of the really big forces for that is the Cyber Threat Alliance and we're really excited to have Michael Daniel, the president and CEO of Cyber Threat Alliance. Michael, great to see you. >> Thanks for having me. >> So, talk about kind of the genesis of this because it's such an important concept that, yes, we're competitors on this floor but if we work together, we can probably save ourselves a lot of work. >> Absolutely, I mean, part of the idea behind the Cyber Threat Alliance is that no matter how big you are, no matter how broad your coverage is of cyber security company, no one individual company ever sees all of the threats all of the time. >> Jeff: Right. >> And, so that, in order to better protect their customers and clients, sharing that threat intelligence at speed at scale is a very fundamental part of being a much better cyber security company. >> So, how hard of a sell was that a year ago? I think you started it a year ago, announced it, and how's the ecosystem kind of changed over the last year? >> Well, I would say that, you know, it's not like I run into anybody that says, "You know, Michael, that's a really "stupid idea, we shouldn't do that." Right, it's really finding the way for a cyber security company to fit it into their business model. >> Right. >> To be able to consume the threat intelligence at a speed that matters and really be able to bake it into their products. That's usually the hard part. Conceptually, everybody agrees that this is what we need to do. >> Right, and then, how 'about just the nitty gritty nuts and bolts of, you know, how do you share information? How is it picked up, how is it communicated? What are the protocols? I'd imagine that's not too simple. >> That's right, and one of the things that we settled on was we use the STIX format because it's an open format that everybody can translate back and forth. We had to build in a lot of business rules to actually make sure that people were playing fair. You know, for example, we actually require all of our members to share. So, you can't just join the alliance and consume information, you actually have to give in order to receive. >> Right, and you've got some really kind of high-level, lofty goals that you've built this around in terms of doing good for the greater good, kind of beyond the profitability of an individual customer transaction. I wonder if you can speak to a few of those. >> Well, sure, so the part of the idea behind the way that CTA is structured is that we're a 501 C6, so we're a non-profit, right, and the idea is that we function to help raise the level of cyber security across the digital ecosystem and actually enable our member companies to compete more effectively because they have better intelligence that their products and services are based on, but we, ourselves, are not in it to make money. >> Right, right, right, alright, Michael. Unfortunately, we're up against the time. >> Absolutely. >> So, we're going to have to leave it there, but love the work that you guys are doing and it makes so much sense for people to work together. >> Well, thank you very much, thank you for having me. >> Alright, he's Michael from Cyber Threat Alliance. I'm Jeff from the Cube. You're watching us from the RSA conference San Francisco, thanks for watchin'. (soft electronic beat)

>> Narrator: From downtown San Francisco it's the Cube covering RSA North America 2018. >> Hey, welcome back, everybody, Jeff Frick here at the Cube. We're at RSA's security conference, about 40,000 plus. I don't know, I got to get the number. The place is packed, it's a mob scene. Really excited to be here and joined by Derek Manky We saw Derek last year from Fortinet. Great to get an update, Derek, what do you think of the show this year? >> It's getting big for sure, as I said. That's an understatement. >> I know. >> This is my tenth year coming to RSA now, yeah. >> It's your tenth? >> And just to see how it's changed over 10 years is phenomenal. >> Alright. So, one of the things you want to talk about that you probably weren't talking about 10 years are swarms of bots. >> Yeah. >> What the heck is going on with swarms of bots? >> There's been a lot of changes on that front too, so the bad guys are clever, of course, right? If we look at 10 years ago, there was a lot of code, you know, crime kits, crime services that were being created for infrastructure. That led up to some more, you know, getting affiliates programs, kind of, business middle men to distribute crime. So, that drove a lot of the numbers up, but, literally, in the last three quarters, if we look at hacking activity, the number has doubled from FortiGuard labs. It's gone from 1.1 million to 2.2 to 4.4 million just over the last three quarters. So, we're looking at a exponential rise to attacks. The reason that's happening is because automation >> Right. >> And artificial intelligence is starting to be put into black cat code, and so the swarm concept, if you think of bees or ants in nature, what do they do? They work together, it's strength in numbers from a black cat's point of view. >> Right, right. >> They work together to achieve a common goal. So, it's intent based attacks, and that's what we're starting to see as precursors as some code, right? These IoT bot nets, we're actually seeing nodes within the bot net that can communicate to each other, say, "Hey, guys, I found this other target in the network. "Let's go launch a DDOS attack "or let's all try to take different "bits of file information from those targets." So, it's that swarm mentality where it takes the attacker more and more out of the loop. That means that the attack surge is also increasing in speed and becoming more agile too. >> So, the bad news, right, is the bad guys have all the same tools that the good guys have in terms of artificial intelligence, machine learning, automation, software to find and they don't have a lot of rules that they're supposed to follow as well. So, it kind of puts you in a tougher situation. >> Yeah, we're always in a tough situation for sure. You know, I would say, for sure, that when it comes to the tools, a lot of the tools are out there, they custom develop some tools. I would have to say on the technology side when it comes to security members especially collaborating together and the amount of infrastructure that we have set up, I think we have a foot up on the attackers there, we're at an advantage, but you're absolutely right, when it comes to rules, there are no rules when it comes to the black cat attackers and we have to be very careful of that, how we proceed, of course, right. >> And that's really the idea behind the alliance, right, so, that you guys are sharing information. >> Yeah. >> So, you're sharing best practices, you're picking up patterns. So, everybody's not out there all by themselves. >> Absolutely, it's strength in numbers concept on our end too. So, we look at Cyber Threat Alliance, Fortinet being out founding member working with all other leading security vendors in this space is how we can team up against the bad guys, share actionable intelligence, deploy that into our security controls which makes it a very effective solution, right. By teaming up, stacking up our security, it makes it much more expensive for cyber criminals to operate. >> Right, that's good. >> Yeah. >> That's a good thing. >> Yeah, yes. >> And then, what about kind of this integration of the knock and the sock? >> Yeah. >> Because security's so much more important for all aspects of the business, right? It's not layered on, it's not stand alone. It's really got to be integrated into the software, into the process and the operations. >> Absolutely, so, the good news is, if you look at things like we're doing with the security fabric, a lot of it is how do we integrate, how do we bring technology and intelligence down to the end user so that they don't have to do day-to-day mundane tasks, right? Talking about the swarm networks, what's happening on the black cats' side, attackers are gettin' much quicker so defense solutions have to be just as quick if not faster, and so that's what the knock sock integration is about, right, how we can take network's security visibility, put it into things like our FortiAnalyzer manager sim appliances, right, be able to bring those solutions so, again, to when it comes to a knock and sock operation, how do you bring visibility into threats? How do you respond to those threats? More importantly, how do you also have automated security defense, so agile defense, put up? >> Right. >> We talk about concepts like agile macrosegmentation, right? That's something we're doing with Fortinet, how we can look at attacks and actively lock down attacks as they're happening is a really concept, right? >> So, really, just to isolate 'em within kind of where they've caused the harm, keep 'em there until you can handle 'em and not let 'em just go bananas all over the orientation. >> Yeah, yeah, so you can think of it as, like, an active quarantine. We've also launched our threat intelligence services. So, this is bringing the why. There's a lot of intelligence out there. There's a lot of logs. We have, now,, threat intelligence services that we bring to security operation centers to show them here are the threats happening on your network. Here is why it is a threat. Here's the capabilities of the threat and here's how you respond to it. So, it helps from a CSOL perspective prioritized response on the incident response model to threats as well. >> Alright, well, Derek, we've got to let it go there. We are at a super crazy time crunch. >> I know. >> We'll get you back into the studio and have a little bit more time when it's not so crazy. >> Okay, I appreciate it. >> Alright, he's Derek Manky, I'm Jeff Frick. You're watching the Cube from RSA 2018, thanks for watchin'. (soft electronic beat)

>> Narrator: From downtown San Francisco it's theCUBE covering RSA North America 2018. >> Welcome back everybody, Jeff Frick here with theCUBE. We're at the RSA Conference North America 2018 downtown San Francisco. 40,000 plus people swarming all over Moscone to the north to the south and to the west. We're excited to have our next guest on. He's Chase Cunningham, principal analyst at Forrester. Chase, great to meet you, welcome. >> Thanks for having me. >> Absolutely, so you just had an interesting blog post. Was Zero Trust on a beer budget. >> Yeah. >> What is that all about? >> Well, so Zero Trust is a pretty simple concept about accepting failure, if you will, and focusing on the internal and moving outward. And basically the premise was, I had friend of mine ask me if he could do Zero Trust for his small company. And I said sure, let's go get a beer and we'll figure this out. And literally, in about half an hour we had a Zero Trust strategy in place for less than 40 grand and his infrastructure is way more secure and it's really simple. >> So that's pretty interesting because, you Know it's easy for big companies that have a lot of resources or the big puddle of Cloud companies have a lot of resources to put a lot of implementation into place. But as we look around this conference tons and tons of companies, it's a lot harder for small and medium businesses either to have the expertise or the budgets to really bring in what they need to secure things. So what were some of the insights from your beer exercise? >> Sure, so it was really simple. If you really think about where the majority of the threat comes from, the network is there and everybody uses it but who accesses the network? The users, the individuals, the devices, everything else. So the first thing we did was we're going to lock down identity and access management because I know if I can control that I've made a fundamental shift into power position for myself. And the next thing we did was we said look you guys don't really own intellectual property but you send emails. We're going to put stuff in place to encrypt every email you send whether you like it or not. So between those two simple things, identity access management and sort of data email encryption we put a really strong security platform in place and it didn't break the bank and it wasn't really hard to do and it's something that you can get better as it goes on. >> Right. And I'm curious, had he had an event or he was just trying to get ahead of the curve? >> He had had some weird stuff showing up. He's in esports, right, so he doesn't have actual intellectual property but he's worried because if they get dossed or they get hacked or they get ransomware for every minute they're down they're losing viewers and that's business and money for them. >> Right, so it kind of ties back to this kind of next gen access where it's really important with the identity but the other one is the context. Who is it and where are they trying to get in? Do they usually come in that way? Do they usually have access? So that's another really way to kind of isolate the problems that might come in the front door. >> Yeah, and you know the, years ago the next gen firewall was really the thing to integrate lots of functions across the network and that's all there. It still exists and it's still necessary but really when you break it down and look at historically where the threats have come from and where the compromises have come from, it's access and if you can't control that you don't have the capability of actually stopping bad things from happening. >> Right, right, so as you look around and you've been coming to this probably for a couple years, as this space evolves. You know, kind of what are your general impressions? I mean, on one hand, so many vendors, so many activities. On the other hand, it was like, we've been at this for a while or are we just stuck in this race and we just got to keep running? >> Well I think we're going to continue running the race but interestingly enough there's buses driving by now with Zero Trust all over the side of it. And I'm glad to see that that strategy is starting to take hold because the problem I have is you can Frankenstein technology together all day long but if you don't have a strategic guidepost that everybody understands from the board down to the network engineer you're going to get it wrong. You're going to miss and so I'm a fan of simplicity and force multipliers and to me the Zero Trust strategy sort of drives that forward. >> All right, well Chris thanks for taking a few minutes. Everyone can log onto your site, take a look at the blog. Thanks for stopping by. >> Thanks for having me. >> All right, he's Chris Cunningham from Forrester. I'm Jeff Frick from theCUBE. Thanks for watching from RSAC 2018.

>> Narrator: From downtown San Francisco it's TheCUBE covering RSA North American 2018. >> Hey, welcome back everybody. Jeff Frick from TheCUBE. We're on the floor at the RSA Conference 2018. 40,000 plus people packed in Moscone North, South, West, and we're excited to be here. It's a crazy conference, Security's top of mind obviously and everybody is aware of this. And our next guest, he's Bill Mann, chief product officer from Centrify. Bill, great to see you. >> Great to see you. >> So you guys have a lot of stuff going on but what I think what's interesting to me is you guys have this kind of no trust as your starting foundation. Don't trust anybody, anything, any device. How do you work from there? Why is that the strategy? >> Well that strategy is because we've got a really new environment now. A new environment where we have to appreciate that the bad actors are already within our environment. And if you stop believing that bad actors are already in your environment, you have to start changing the way you think about security. So it's a really different way of thinking about security. So what we call this new way of thinking about security is zero trust security. And you might have heard this from Google with BeyondCorp and so forth. And with that as the overarching kind of way we are thinking about security, we're focusing on something called NextGenAccess. So how do you give people access to applications and services where they're remote. They're not on the network and they're not behind a firewall because who cares about the firewall anymore because it's not secure. >> Right. So there's four tenants of NextGenAccess. One is verify the user, verify the device that they are coming from so they're not coming from a compromised device. Then give them limited access to what they are trying to access or what we call Limit Privilege and Access. And that last one is learn and adapt which is this kind of pragmatic viewpoint which is we're never going to get security right day one, right? To learn and adapt and what we're doing look at auto tune logs and session logs to change your policy and adapt to get a better environment. >> So are you doing that every time they access the system? As they go from app to app? I mean how granular is it? Where you're consistently checking all these factors? >> We're always checking the end factor and where we use an actual machine learning to check what's happening in the environment and that machine learning is able to give that user a better experience when they are logging in. Let's say Bill's logging into Salesforce.com from the same location, from the same laptop all the time. Let's not get in the way right? But if Bill the IT worker is going from a different location and logging into a different server that's prompting for another factor of authentication because you want to make sure that this is really Bill. Because fundamentally you don't trust anybody in the network. >> And that's really what you guys call this NextGenAccess, right? [Bill]- That right, that's right, that's right. >> It's not just I got a VPN. You trust my VPN. I got my machine. Those days are long gone. >> Well VPNs, no no to VPNs as well, right? We do not trust VPNs either. >> So a bit topic ever since the election, right, has been people kind of infiltrating the election. Influencing you know how people think. And you guys are trying to do some proactive stuff even out here today for the 2018 election to try to minimize that. Tell us a little bit more about it. >> Yeah we call it Secure The Vote. And if the audience has looked at the recent 60 Minutes episode that came on. That did a really good that walked everybody through what was really happening with the elections. The way you know the Russians really got onto the servers that are storing our databases for the registration systems and changed data and created chaos in the environment. But the fundamental problem was compromised credentials. I mean 80% of all breaches believe it or not have to do with compromised credentials. They are not around all the things we think are the problem. So what we're doing here with Secure The Vote is giving our technology to state and local governments for eight months for free. And essentially they can then upgrade their systems, right? So they can secure the vote. So fundamentally securing who has access to what and why and when. And if you look at the people who are working on election boards, they're volunteers, there are a lot of temporary staff and so forth. >> Right, right. >> So you can imagine how the bad guys get into the environment. Now we've got a lot of experience on this. We sell to state and local governments. We've seen our technology being used in this kind of environment. So we're really making sure that we can do our part in terms of securing the election by providing our technology for free for eight months so election boards can use our technology and secure the vote. >> So how hard is it though for them to put it in for temporary kind of situation like that? You made it pretty easy for them to put it in if they are not an existing customer? >> Absolutely I mean one of the things, one of the fallacies around this whole NextGenAccess space is the fact that it's complicated. It's all SAS-Space, it's easy to use, and it's all in bite-sized chunks, right? So some customers can focus on the MFA aspects, right? Some customers can focus on making sure the privileged users who have access to the databases, right, are limiting their access right? So there's aspects of this that you can implement based upon where you want to be able to, what problem you want to be able to solve. We do provide a very pragmatic best practices way of implementing zero trust. So we are really providing that zero trust platform for the election boards. [Jeff]- Alright well that's great work Bill and certainly appreciated by everybody. We don't want crazy stuff going on in the elections. >> Absolutely. >> Jeff: So we'll have to leave it there. We'll catch up back in the office. It's a little chaotic here so thanks for taking a few minutes. >> Thank you very much. >> Alright, he's Bill Mann and I'm Jeff Frick. You're watching TheCUBE from RSCA 2018. Thanks for watching. (bright music)

(upbeat music) >> Announcer: From downtown San Francisco, it's theCUBE covering RSA North America 2018. Hey welcome back everybody, Jeff Frick here with theCUBE. We're at RSA's North American Conference 2018 at downtown San Francisco. 40,000 plus people talking about security. Security continues to be an important topic, an increasingly important topic, and a lot more complex with the, having a public cloud, hybrid cloud, all these API's and connected data sources. So, it's really an interesting topic, it continues to get complex. There is no right answer, but there's a lot of little answers to help you get kind of closer to nirvana. And we're excited to have Misha Govshteyn. He's the co-founder and SVP of Alert Logic, CUBE alumni, it's been a couple years since we've seen you, Misha, great to see you again. >> That's right, I'm glad to be back, thank you. >> Yeah, so since we've seen you last, nothing has happened more than the dominance of public cloud and they continue to eat up-- >> I think I predicted it on my past visits. >> Did you predict it? Wow that's good. >> But I think it happened. >> But it's certainly happening, right. Amazon's AWS' run rate is 20 billion last reported. Google's making moves. >> Their conference is bigger than ours right now. >> Is it? >> That's 45,000 people. >> Yeah, it's 45,000, re:Invent, it's nuts, it's crazy. and then obviously Microsoft's making big moves, as is Google cloud. So, what do you see from the client's perspective as the dominance of public cloud continues to grow, yet they still have stuff they have to keep inside? We have our GDPR regs are going to hit in about a month. >> Well one thing's for sure is, it's not getting any easier, right? Because I think cloud is turning things upside down and it's making things disruptive, right, so there's a lot of people that are sitting there and looking at their security programs, and asking themselves, "Does this stuff still work? "When more and more of my workloads "are going to cloud environments? "Does security have to change?" And the answer is obviously, it does but it always has to change because the adversaries are getting better as well, right. >> Right. >> There's no shortage of things for people to worry about. You know when I talk to security practitioners, the big thing I always hear is, "I'm having a good year if I don't get fired." >> Well it almost feels like it's inevitable, right? It's almost like you're going to, it seems like you're going to get hit. At some way, shape, or form you're going to get hit. So it's almost, you know how fast can you catch it? How do you react? >> That's a huge change from five years ago, right? Five years ago we were still kind of living in denial thinking that we can stop this stuff. Now it's all about detection and response and how does your answer to the response process works? That's the reason why, you know last year, I think we saw a whole bunch of noise about, you know machine learning and anomaly detection, and AI everywhere and a whole lot of next-generation antivirus products. This year, it seems like a lot of it is, a lot of the conversation is, "What do I do with all this stuff? "How do I make use of it?" >> Well then how do you leverage the massive investment that the public cloud people are making? So, you know, love James Hamilton's Tuesday night show and he talks about just the massive investments Amazon is making in networking, in security, and you know, he's got so many resources that he can bring to bear, to the benefit of people on that cloud. So where does the line? How do I take advantage of that as a customer? And then where are the holes that I need to augment with other types of solutions? >> You know here's the way I think about it. We had to go through this process at Alert Logic internally as well. Because we obviously are a fairly large IT organization, so we have 20 petabytes of data that we manage. So at some point we had to sit down and say, "Are we're going to keep managing things the way we have been "or are we going to overhaul the whole thing?" So, I think what I would do is I would watch where my infrastructure goes, right. If my infrastructure is still on-prem, keep investing in what you've been doing before, get it better, right? But if you're seeing more and more of your infrastructure move to the cloud, I think it's a good time to think about blowing it up and starting over again, right? Because when you rebuild it, you can build it right, and you can build it using some of the native platform offerings that AWS and Azure and GCP offer. You can work with somebody like Alert Logic. There's others as well right, to harness those abilities. I'll go out on a limb and say I can build a more secure environment now in a cloud than I ever could on-prem, right. But that requires rethinking a bunch of stuff, right. >> And then the other really important thing is you said the top, the conversation has changed. It's not necessarily about being 100% you know locked down. It's really incident response, and really, it's a business risk trade-off decision. Ultimately it's an investment, and it's kind of like insurance. You can't invest infinite resources in security, and you don't want to just stay at home and not go outside. Now that's not going to get it done. So ultimately, it's trade-offs. It's making very significant trade-off decisions as to where's the investment? How much investment? When is the investment then hit a plateau where the ROI is not there anymore? So how do people think through that? Because, the end of the day there's one person saying, "God, we need more, more, more." You know, anything is bad. At the other hand, you just can't use every nickel you have on security. >> So I'll give you two ends of the spectrum right, and on one end are those companies that are moving a lot of their infrastructure to the cloud and they're rethinking how they're going to do security. For them, the real answer becomes it's not just the investment in technology, and investing into better getting information from my cloud providers, getting a better security layer in place. Some of it is architecture right, and some of the basics right, there's thousands of applications running in most enterprises. Each one of those applications on the cloud, could be in its own virtual private cloud, right. So if it gets broken into, only one domino falls down. You don't have this scenario where the entire network falls down, because you can easily move laterally. If you're doing things right in the cloud, you're solving that problem architecturally, right. Now, aside from the cloud, I think the biggest shift we're seeing now, is towards kind of focusing on outcomes, right. You have your technology stack, but really it's all about people, analytics, data. What do you, how do you make sense of all this stuff? And this is classic I think, with the Target breach and some of the classic breaches we've seen, all the technology in the world, right? They had all the tools they needed. The real thing that broke down is analytics and people. >> Right, and people. And we hear time and time again where people had, like you said, had the architecture in place, had the systems in the place, and somebody mis-configured a switch. Or I interviewed a gal who did a live social hack at Black Hat, just using some Instagram pictures and some information on your browser. No technology, just went in through the front door, said, you know, hey, "I'm trying to get the company picnic "site up, can you please test this URL?" She's got a 100% hit rate! But I think it's really important, because as you said, you guys offer not only software solutions, but also services to help people actually be successful in implementing security. >> And the big question is, if somebody does that to you, can you really block it? And the answer a lot of times is, you can't. So the next battlefront is all about can you identify that kind of breach happening, right? Can you identify abnormal activity that starts to happen? You know, going back to the Equifax breach, right, one of the abnormal things that happened that they should've seen and for some reason didn't, you know, 30 web shells were stood up. Which is the telltale sign of, maybe you don't know how you got broken into, but because there's a web shell in your environment you know somebody's controlling your servers remotely, that should be one of those indicators that, I don't know how it happened, I don't know maybe I missed it and I didn't see the initial attack, but there's definitely somebody on a network poking around. There's still time, right? There's, you know for most companies, it takes about a hundred days on average, to steal the data. I think the latest research is if you can find the breach in less than a day, you eliminate 96% of the impact. That's a pretty big number right? That means that if you, the faster you respond, the better off you are. And most people, I think when you ask 'em, and you ask 'em, "Honestly assess your ability to quickly detect, respond, eradicate the threat." A lot of them will say, "It depends" But really the answer is "Not really." >> Right, 'cause the other, the sad stat that's similar to that one, is usually it takes many, many days, months, weeks, to even know that you've been breached, to figure out the pattern, that you can even start, you know, the investigation and the fixing. >> Somewhat not surprising, right? I don't think there's that many Security Operation Centers out there, right? There's not, you know, not every company has a SOC right? Not every company can afford a SOC. I think the latest number is, for enterprises, right, this is Fortune 2000, right, 15% of them have a SOC. What are the other 85% doing? You know, are they buying a slice of a SOC somewhere else? That's the service that we offer, but I think, suffice to say, there's not enough security people watching all this data to make sense of it right. That's the biggest battle I think going forward. We can't make enough people doing that, that requires a lot of analytics, right. >> Which really then begs, for the standalone single enterprise, that they really need help, right? They're not going to be able to hire the best of the best for their individual company. They're not going to be able to leverage you know best-in-breed, Which I think is kind of an interesting part of the whole open-source ethos, knowing that the smartest brains aren't necessarily in your four walls. That you need to leverage people outside those four walls. So, as it continues to morph, what do you see changing now? What are you looking forward to here at RSA 2018? >> So I made some big predictions five years ago, so I'll say you know, five years from now, I think we're going to see a lot more companies outsource major parts of their security right, and that's just because you can't do it all in-house right. There's got to be a lot more specialization. There's still people today buying AI products right, and having machine learning models they invest in to, there's no company I'm aware of, unless they're, you know, maybe the top five financial firms out there, that should have a, you know, security focused data scientist on staff, right? And if you have somebody like that in your environment, you're probably not spending money the right way, right. So, I think security is going to get outsourced in a pretty big way. We're going to focus on outcomes more and more. I think the question is not going to be, "What algorithm are you using to identify this breach?" The question is going to be, "How good are your identifying breaches?" Period. And some of the companies that offer those outcomes are going to grow very rapidly. And some of the companies that offer just, you know, picks and shovels, are going to probably not do nearly as well. >> Right. >> So five years from now, I'll come back and we'll talk about it then. >> Well, the other big thing, that's going to be happening in a big way five years from now, is IoT and IIoT and 5G. So, the size of the attacked surface, the opportunities to breach-- >> The data volume. >> The data volume, and the impact. You know it's not necessarily stealing credit cards, it's taking control of somebody's vehicle, moving down the freeway. So, you know, the implications are only going to get higher. >> We collect a lot of logs from our customers. Usually, the log footprint, grows at three times the rate of our revenue and customers, right. So, you know, thank god-- >> The log, the log-- >> The log volume grows-- >> volume that you're tracking for a customer, grows at three times your revenue for that customer? >> That's right. I mean, they're not growing at three times that rate, annually right, but annually, you know, we've clocked anywhere between 200% to 300% growth in data that we collect from them, IoT makes that absolutely explode, right. You know, if every device out there, if you actually are watching it, and if you have any chance of stopping the breaches on IoT networks, you got to collect a lot of that data, that's the fuel for a lot of the machine learning models, because you can't put human eyes on small RTUs and you know, in factories. That means even more data. >> Right, well and you know the model that we've seen in financial services and ad-tech, in terms of, you know, an increasing amount of the transactions are going to happen automatically, with no human intervention, right, it's hardwired stuff. >> So I think it's that balance between data size and data volume, analytics, but most important, what do you feed the humans that are sitting on top of it? Can you feed them just the right signal to know what's a breach and what's just noise? That's the hardest part. >> Right, and can you get enough good ones? >> That's right. >> Underneath your own, underneath your own shell, which is probably, "No", well, hopefully. >> I think building this from scratch for every company is madness, right. There's a handful of companies out there that can pull it off, but I think ultimately everybody will realize, you know, I'm a big audio nerd so I Looked it up, right, you used to build all of your own speakers, right. You'd buy a cabinet and you'd buy some tools, and you would build all the stuff. Now you go to the store and you buy an audio system, right? >> Right, yeah, well at least audio, you had, speakers are interesting 'cause there's a lot of mechanical interpretations about how to take that signal and to make sound, but if you're making CDs you know you got to go, with the standard right? You buy Sonos now, and Sonos is a fully integrated system. What is Sonos for security, right? It doesn't exist yet. And that's, I think that's where Security as a Service is going. Security as a Service should be something you subscribe to that gives you a set of outcomes for your business, and I think that's the only way to consume this stuff. It's too complex for somebody to integrate from best-of-breed products and assemble it just the right way. I think the parallels are going to be exactly the same. I'm not building my car either, right? I'm going to buy one. Alright Misha, well, thanks for the update, and hopefully we'll see you before five years, maybe in a couple and get an update. >> We'll do some checkpoints along the way. >> Alright. Alright, he's Misha, I'm Jeff. You're watching theCUBE from RSA North America 2018 in downtown, San Francisco. Thanks for watching. (techno music)

>> Announcer: From downtown San Francisco, it's theCUBE. Covering RSA North America 2018. >> Hey welcome back everybody, Jeff Frick here with theCUBE. We're at RSA North America 2018 in San Francisco. 40,000 plus people talking security, enterprise security, cloud security, a lot going on. It just continues to get more and more important. And we're really excited for our next guest who's been playing in the enterprise space for as long as I can remember, which has been a little while. Mike Decesare, he's the CEO and President of ForeScout. Mike, great to see you. >> Started my career off when I was one. (Jeff laughs) So, I've been in this for a long time. >> You have been in it a long time. So you guys now you're all about, right so there's so much stuff going on in security and security is one of these things that I have to look at it as kind of like insurance. You can't put every last nickel in security, but at the same time, you have to protect yourself. The attack surfaces are only growing with IIoT and we were at an autonomous vehicle show, and 5G is just coming around the corner, and all these connected devices and APIs. So you guys have a pretty unique approach to how you top level think about security called visibility. Explain that to us. >> So visibility is the next big thing in the world of cybersecurity and the dynamic is very basic. It's, for 20 plus years, CIOs and CSOs were substantially able to control everything that was on their network. You'd buy your servers and Windows machines and Blackberries for your employees and then there was very little tolerance for other devices being on those organization's networks. And what happened 10 years ago this year, with the birth of the iPhone was that CIOs, those same CIOs now had to deal with allowing things onto their network that don't subscribe to those same philosophies and when you can't buy it and outfit it with security before you put it into the environment. And that's the gap that ForeScout closes for organizations is we have an agentless approach which means we plug into the network infrastructure itself and we give customers visibility into everything that is connected to their network. >> So that begs a question, how do you do that without an agent? I would imagine you would put a little agent on all the various devices. So what's your technique? >> We actually don't. That's the secret sauce of the company is that >> okay >> you know over 10 years ago, we recognized this IoT trend coming because that's, that's the thing in the world of IoT is unlike the first kind o' 20 years of the internet, there was a substantially smaller number of operating systems, most of them open. The different characteristic about the current internet is that many of these use cases are coming online as closed proprietary operating systems. The example I use here is like your home. You know, you get a Nest thermostat and you put in on your network and it monitors, you know, heating and cooling but the device, the operating system, the application is all one consumer device. It doesn't run Windows. You can't install antivirus on you Nest thermostat. So our approach is we plug into the network infrastructure. We integrate to all of the network vendors, the firewall vendors, the wireless controlling vendors and we pull both active and passive techniques for gathering data off those devices and we translate that into a real-time picture of not just everything connected to the network but we know what those devices are without that client having to do anything. >> So you have what you call device cloud or yeah, ForeScout device cloud. So is that, is that a directory of all potential kind of universe of devices that you're querying off of or is that the devices within the realm of control of your of your clients directly? >> It's the second. It's the, so the way that our product works is we plug into the network infrastructure so anything that requests an IP address, whether is wired and wireless in the campus environment, whether it's data center or cloud in the data center environments or even into the OT space, anything that requests an IP address pops onto our radar the second it requests that address. And that cloud that we've built, that we've had for about nine months, we already have three million devices inside, almost three and a half million devices, is a superset of all of the different devices across our entire install base just from the clients that have been willing to share that data with us already. And that gives us optimism because what that becomes is a known set of fingerprints about all known devices so the first time that we discover a Siemens camera that might be a manufacturer, the company might have ten thousand of those in the environment, the first time that we see that device, we have to understand the pattern of traffic off that device, we label that as a security camera and any other customer world-wide that's has that same device connects, we instantaneously know it's a Siemens security camera. So we need the fingerprint of those devices once. >> Right, and so you're almost going to be like the GE Predix of connected devices down the road potentially with this cloud. >> We won't go there on that. >> He won't go there, alright. We've talked to Bill Ruh a lot of times but he does an interesting concept. The nice thing 'cause you can leverage from a single device and knowledge across the other ones which is so, so important on security so you can pick up multiple patterns, repeated patterns et cetera. >> One of the best parts about ForeScout is the fact that we deployed incredibly quickly. We have clients that have almost a million devices that got live in less than three months. And the reason we're able to do that is we plug into the infrastructure, and then our product kind o' does its own thing with very little effort from the client where we compare what we have in this repository against what they have in their environment. We typically get to an 80 or 90% auto-classification meaning that we know 80 or 90% of the time, not just what's on the network but what that device is and then the other 20% is where we have the implementation where we go through and we look at unique devices. It might be a bank has some model of ATM we've never seen before or a healthcare company has beds or machines on a hospital floor that we haven't recognized before. And the first time that we see each of those devices uniquely, we have to go through the process of fingerprinting it which means that we're looking for the unique pattern of traffic that's coming off a, you know, a router, a switch and a firewall and we're ingesting that and we're tagging that device and saying anytime we see that unique pattern of traffic, that's a certain device, a security camera or what have you. >> Right. >> The reason's that useful is then we get to put a policy in place about how those devices are allowed to behave on the network. So if you take something like the Mirai Botnet which hit about a year ago, was the thing that took down a big chunk of the Northeast, you know, utilities and you know, internet, it infected, it was a bot that infected security cameras predominantly. Nobody thought twice about having security cameras in their environment, but they're the same as they are in your house where you know, you put it online, you hit network pair and it's online. >> Right. >> But that bot was simply trying to find devices that had the default password that shipped from the security manufacturer and was able to be successful millions of time. And with our product in place, that couldn't happen because when you set us up, we would know it's a security camera, we'd put a policy in place that says security camera can speak to one server in the data center called the security camera server. And if that device tries to do anything more criminal, if it tries to dial the internet, if it tries to break into your SAP backend, any of those activities, we would give the customer the ability to automatically to take that device offline in real time. >> Right, so you're... >> And that's why our clients find us to be very useful. >> Right, so you're really segregating the devices to the places they're supposed to play, not letting 'em out of the areas they're supposed to be. Which is the >> Absolutely. >> Which is the classic kind of back door way in that the bad guys are coming in. >> Our philosophy is let everything onto the network. We take a look at that traffic. We give you a picture of all those devices and we allow each customer to put an individual policy in place that fences that in. If you take the other extreme like a Windows machine in a corporate environment, our typical policy will be you know, do you have Windows 2009 or later? 'Cause most customers have policies they don't want XP in their environments anymore. But we enforce it. So if an XP device hits the network, we can block that device or we can force a new version down. If you have Symantec, has it got a dat file update? If you've got Tenable, has it had a scan recently? If you've got, you know, any of the other products that are out there that are on those machines, our job is to enforce that the device actually matches the company's policy before that device is allowed in. >> Before you let it. Alright. >> And if at any time that it's on that network, it becomes noncompliant, we would take that device offline. >> You know, with the proliferation of devices and continuation growth of IoT and then industrial IoT, I mean, you guys are really in a good space because everything is getting an IP address and as you said, most of them have proprietary operation systems or they have some other proprietary system that's not going to allow, kind o' classic IT protections to be put into place. You've really got to have something special and it's a pretty neat approach coming at it from the connectivity. >> It's the secret sauce of the company is we recognized many years ago that the the combination of not just there being very few operating systems but they were all open. Windows, Lennox, right? I mean, you can buy a Windows machine and you can install any product you want on it. But we saw this trend coming when the next wave of devices was going to be massively heterogeneous and also in many cases, very closed. And you know, you mentioned the example of the OT space and that's one of the other, the third biggest driver for us in our business is the OT space because when you looking a WanaCry or a NotPetya and you see companies like Maersk and FedEx and others that are, that are publicly talking about the impact of these breaches on their earnings calls. What those companies are waking up and realizing is they've got 25 year old systems that have run, you know, an old version of Microsoft that's been end-of-life decades ago and the bad actors have proven very adept at trying to find any entry point into an organization, right, and the great news for ForeScout is that really lends itself very much towards our age-endless approach. I mean, many of these OT companies that we're in, devices that are in their manufacturing facilities don't even have an API. There were built so long ago so there's no concept of interacting with that machine. >> Right >> So for us, allowing that device to hit the Belden switches and then be able to interrogate the traffic coming off those switches let's us do the same thing that we do in the campus world over in the OT world as well. >> Good spot to be. So RSA 2018, what are ya looking forward to for this week? >> This is just massive in size. It's like speed dating. From a customer's perspective too, I mean, I meet so many customer's that come here and able to meet with 30 or 40 vendors in a single week and it's no different, you know, for the providers themselves so. You know, we've got some really, kind o' really high profile big wins, you know, it's very coming for us to be doing deals at this point that get up over a million devices so they're very high profile so it's a great chance to reconnect with customers. You know, one of the things I didn't mention to you is that kind o' the, the whole thing that we do of identifying devices and then understanding what they are and allowing those policies to get put in places, that's fundamentally done with our own IP, and the connections into the switch and firewall vendors. But we've built this whole other ecosystem of applications in the world of orchestration that set on top of our products. We integrate the firewall vendors, the vulnerability management vendors, the EDR vendors, the AV vendors, so it's a great chance for us to reconnect with you know, those vendors as well. In fact, we're doing a dinner tonight with CrowdStrike. They're one of our newer partners. Very excited about this week. It brings a lot of optimism. >> Well, great story Mike and excited to watch it to continue to unfold. >> We appreciate you giving us some time. >> Alright, thanks for stopping by. That's Mike Decesare. I'm Jeff Frick. You're watching theCUBE from RSA North America 2018. Thanks for watchin'. Catch you next time. (techno music)

>> Presenter: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> Hey, welcome back, everybody. Jeff Frick here with the theCUBE. We're in downtown San Francisco with RSA North America 2018 40,000 plus professionals talking about security, enterprise security. It's a growing field, it's getting baked into everything. There's a whole lot of reasons that this needs to be better and more integrated into everything that we do, as opposed to just kind of a slap on at the end. And, who better to have on, who's investing at the cutting edge, keeping an eye on the startups than Sean Cunningham, our next guest. He's a managing director ForgePoint Capital, the newly named, so welcome to ForgePoint Capital, I guess. (Sean laughs) >> Thanks, Jeff, we're pretty excited about it. So, we were branded Trident Capital Cybersecurity. We're a 300 million dollar cybersecurity only fund, we closed the fund about a year and a half ago. We've invested in a dozen companies, and we decided that now is a great time to rebrand ForgePoint really tells more about what we're doing, we're forging ahead with our Series A, Series B funded companies, as well as a few growth equity. So, it made a lot of sense, but we're pretty excited about the market, and obviously RSA, with 1700 cybersecurity companies makes it interesting. >> Right, so you've been at this for a while. I wonder if you can speak to some of the macro trends as we've seen the growth of cloud, the growth of IoT will soon be more industrial IoT, enabled by 5G. We've got all these automated systems and financial services trading, and ad tech that we're going to see more and more of that automated transaction happening. You've got APIs and everything's connected to everything else to enable my application. So, really really exciting, and huge, growing threat surface if you will, but at the same, these are the technologies that are driving forward. So, what are you seeing from your, seat at the table some of the newer, more innovative startups? >> Jeff, I think you should probably tell me. You have all the answers there. >> I talked to a lot of smart people, that's the benefit of the job. >> I think the only two buzzwords you left off was Bitcoin and fraudulent payments. >> Oh, we can work a little blockchain in if you want. >> Yeah, but it is absolutely a bit of an interesting environment. I've been doing it since 2000 with Intel Capital for 15 years, but what's really changed, what hasn't changed is the fact that it's all about the hackers are able to monetize this. So, that's not going away. The biggest change are the, I guess, overt nation state attacks. So, between all of those things, the drivers are just continuing to force cybersecurity to become better and better. And, that's why the innovative startups are really, you're seeing these 1700, because the legacy companies can't fix these problems. And, you know, you talk about all these different paths for hackers to get in. It's absolutely the case and we are really big on areas, as you mentioned Jeff, the automation. It has to be about automating. It has to be about having a real solution for a real problem. You know, you look at, let's say 1500 of these security startups, a lot of them are about technology for the sake of technology. So, we're pretty excited about a couple of areas. One, is application security. If you think about the Equifax hack, you know, it's as simple as getting into the website and being able to hack into all of the PII data if you will. And, we've invested in a company called Prevoty and what they do is they make it easy for the application security folks to meet with the DevOps folks and inject the software into these applications. The reason why that's really interesting is, if you think about how long it takes for the DevOps guys to get all their new updates out, through that whole cycle, when you could automate that process and reduce that time to market, that's what it's really all about. >> So, what's your take on GDPR. You know, it's past a little while ago, the enforcement comes into place next month. It's weird what's going on with Facebook right now. I don't ever hear GDPR in the conversation of what's going on, and yet, it's just around the corner and it seems like it would be part of that conversation. DC is just king of a Y2K moment, where there's a lot of buzz and the date hits and we get past it and then we kind of move on with our lives, or is this really a fundamental shift in the way that companies are going to have to manage their data? >> Well, I can show you my scars from investigating compliance companies. I think the winners in that space, from a business standpoint are going to be the consultant companies, initially and at some point then, the legacy guys are going to be also involved, as well as some of the startups. But, clearly, until you see some of the large penalties happen, there's not going to be a lot of movement. There's going to be a lot of hand waving and consulting firms are trying to figure out what's your problem, how do we solve it. So, you're going to see, I'm sure, around the floor a lot of GDLP stuff, but we're being very cautious about where we invest there because, as you say, Y2K and a lot of this is going to be a lot fud. The legacy guys are going to say, oh we can handle that. Same as they did with cloud. Look how long it's taking cloud to get adopted, my God. I mean-- >> Right. >> GDRP is a big piece of that. We did investments in that space, around CASB, it's called. And, we invested in a company called Prelert. It had great traction, but then it just kind of topped out. So, it's going to be investable space and there's going to be a lot of money dumped in there because it's, you know, the Lemming effect. All VCs are going to follow that. >> Right. >> We'll see what happens. >> And then on the cloud, you know, with the growth of public cloud with Amazon and Azure and Google Cloud Platform, and they've got significant resources that they're investing into the security of their clouds and their infrastructure. And, yet, we still hear things happen all the time where there's some breach because somebody forgot to turn a switch from green to blue, or whatever. How did the startups, you know, kind of find their path within these huge public cloud spaces to find a vector that they can concentrate on, that's not already covered by some of these massive investments that the big public cloud people are making? >> Yeah, I think some of the, you know you point something out, I mean we got to think about cloud, you think about the public cloud, you think of private cloud and hybrid model and so on. I think that's really where things are going to to be for a while. The big guys, the big companies, enterprises are not putting a lot of their crown jewels out in the public clouds, yet. And, so the private clouds are equally important to them. And, so they have to be secured. And, the public cloud, you know, there's definitely they have some good security, but they quietly are implementing security from innovative companies also. They're not as public about it because they want to have they're already secure, so don't worry about me, but there's a lot of opportunity there. >> Okay, and then when CIOs are talking about security and thinking about security, ultimately they cannot be 100 percent secure, right, it's just you cannot be. >> It's called job security. >> Yeah, job security for us, right. But, I was thinking of this kind of as an insurance model. At some point, you get kind of the law of diminishing returns and you got to start making business trade-offs for the investment. How are these people thinking about this, at the same time, seeing their competitors and neighbors showing up on the cover of the Wall Street Journal breach after breach after breach? What's the right balance? How should they be thinking about managing risk, and thinking of a risk problem as opposed to kind of a castle problem? >> Yeah, and that's the biggest problem with CIOs and CSOs right now. It's all about what's good enough. Where do I reach that threshold? And, so there is definitely buyer fatigue. And, I think it's a matter, there are companies out there that look at the risk profile and are actually giving ratings of, what is your environment look like. We just invested in a spin out from, we helped spin out a company called CyberCube out of Symantec, and it's insurance. And, they're looking at, from a cyber insurance perspective, of what's your risk profile within your organization and selling and that data from Symantec as well as the data they have and going back to the insurance, the under buyer and saying, hey, we can show you the risk profile of this company and you can properly price your cyber insurance now. We all know how large the cyber insurance market is, so there's a lot of opportunities in that space to really look at the risk factors. >> Alright, well before I let you go, to go visit all the 117 startups, which will be looking for your cheque, I'm sure. >> Human ATM. >> What is one or two things that you think about in some of the more progressive startups that you talk about that still hasn't kind of hit the public eye yet. That they should be thinking about, or that we're going to be talking about in a couple years that's still kind of below the radar? >> Yeah, you know, if I told you then everyone else would be-- >> That's true. >> So, I have to be a little careful. You know, I think the interesting thing is, you know, a bit of a contrarian view. Is, if you think about consumer space, people don't really want to invest. Investors don't want to put money in the consumer, but you think about Symantec again, LifeLock. Identity protection, 2.3 billion dollars Symantec paid to get LifeLock. That's a lot of money. But, if you think about five years ago, how many consumers would pull out their Visa card to buy security. So, we think that there's really a potential opportunity on the consumer side. Now, AV is pretty well scorched earth. A lot of places, a lot of these endpoint things are scorched earth, but consumer might be an interesting place to be able to take these enterprise applications and, what I call, the consumerization of security, and take some of those interesting application and solutions and bring them down to the consumer in a bundle type of environment. >> Yeah, well certainly with all the stuff going on with Facebook now, people's kind of reawakening at the consumer level of what's really happening would certainly be fuel for that fire. >> We have an investment in a company called IDEXPERTS, which does breach remediation and our goal right now is we're continuing to add products from that space to be able to give the consumers a very robust offering. >> Alright, Sean, well thanks for taking a few minutes out of your day from prospecting. >> Yeah, pleasure. >> Over on the floor, he's Sean Cunningham, I'm Jeff Frick. You're watching theCUBE from RSA North America 2018 in downtown San Francisco. Thanks for watching, I'll see you next time. (upbeat music)

>> Announcer: From downtown San Francisco, it's The Cube, covering RSA North America 2018. >> Welcome back, Jeff Frick with The Cube. We're at RSAC, the RSA Conference North American in San Francisco, 2018. 40,000 people, it's an amazingly huge and growing conference, 'cause security is obviously at the forefront of everything, especially as everything moves to devices and services and cloud, we can't forget security and we're excited to have somebody who's kind of got to a third-party validation kind of point of view on the marketplace to get their perspective. It's Jason Brvenik and he is the Chief Technology Officer for NSS Labs. So, Jason, great to meet you. >> Great to meet you. >> So for people that aren't familiar with NSS Labs, give us kind of the overview of what you guys are all about. >> We work with enterprises to understand their needs in security, and then, build and create test environments that create real-world conditions to assess whether or not a product is a good fit. We create comparable environments, so that we can understand fundamentally whether or not the products are delivering on their claims. >> Right, and recently you've done some work around the data center intrusion prevention systems group test. >> Mm-hmm. >> It's a mouthful. What is that all about? >> Well, that's all about the recognition that data centers are the keys to access for most organizations and appropriately protecting them is not as easy as deploying a firewall. You need to have much greater inspections on the interactions with systems, whether or not security's being provided within the application layers, being properly secured, and so, latency and performance and effectiveness against attacks are all measured and then presented in a set of group test reports. >> Right. So, must be getting increasingly complex, 'cause there's all these different components now that build up a solution. Right? It's not just one set of applications, that you're pulling maybe public data sources, you've got a bring-your-own-devices, you've got this huge string of things that are all pulled together. How do you incorporate that into your testing? How do you figure out how these things work together? 'cause ultimately, that increases your attack surface area, vulnerabilities, I would imagine. >> Certainly, and we create an environment, an architecture that we propose, that based on our interactions with the enterprises, it's fairly representative of what an enterprise would have, and then we create or simulate the types of interactions you would have with the different systems, generate attacks against them, and measure whether or not the products are able to sustain a concerted attack from an adversary. All the way into creating evasive techniques, so that an attack that is known to be blocked by a technology, we would apply different techniques to make it evasive and see if we can evade the security controls and to measure those. >> So how accurate are people, not to call anybody up, but how accurate are people in assessing the effectiveness of their own products and solutions? >> That's an interesting mixed bag. >> I'm sure it must run the gamut, right? >> It does, it does. >> Well, we don't want to call out any, beat anybody up, but I would imagine there are some that are just, Are they just looking at the wrong thing? Or how do you sort that all out? >> It's interesting to see the different perspectives that exist in the security space. Everything from just make the pain stop, where they want to do simple signature blocking to, we really want to understand what's happening and dig deep into the protocols and interactions and understand what's an appropriate interaction beyond whether or not there's an attack there. The fundamental premise we have in our space is there's an absolute shortage of talent in the security space that understands that just because the standard says something should be, doesn't mean that an attacker has to adhere to it. And so there's a ton of breaks in that. >> Dang. And what are some of the things that people just miss as the attack surfaces change? And I just think of the fully automated systems like we've seen in ad tech and advanced financial trading systems that are now moving more and more into an increasing group of applications that are going to be IoT-enabled, they're all going to be connected with 5G moving very quickly, so the potential for problems becomes pretty significant if there's a bad actor that gets inserted into that process. >> Certainly and it's interesting that the attackers seem to have automation down pretty well. They can get in and move laterally pretty quickly. >> Right. >> And ferreting out attacker behavior from just bad user behavior can be very difficult. The presumptions that a lot of technologies because the standard says something should be, it will be, create these situations where people aren't effectively looking for the ambiguities and standards, and those are abused all the time. When you look at embedded devices, they get deployed and they stay for 10 years. >> Jeff: Right. >> That's 10 years of technical data that's just deployed and waiting to be exercised and exploited, and having a good general hygiene on an operational environments to understand where these rifts are is probably the biggest gap in the Enterprise world. On the security side, the reliance on standards and the reliance on assumptions of what should be tend to continue, come back, and bite vendors, all right? >> It's funny. So you say just general hygiene and we talked about that in one of the prior interviews where often we'll hear, say, there's a Amazon breach or something and you get to the second paragraph and it's because somebody forgot to set a configuration in the right way, so it's not necessarily the technology or the infrastructure or the safeguards that are put up, it's just somebody forgot to turn the switch on. >> It is. >> So, why these things, general hygiene is still such a problem, is it just because it's so complex, things are moving so fast, people are just too busy? Is it a symptom of dev ops? >> We're human, we're human. >> There we go. >> There's a 1000 things demanding our attention all the time, and without solid processes and procedures, it's easy to miss something. And it's easy in the moment when you've got a big project that needs to launch to say that can wait until next week and then the next big project comes along and next week is here and it waits until the week after. Next thing you know, it's forgotten and you've got an old piece of architecture, infrastructure or security out there that just isn't being maintained anymore. >> Right. >> It's one of the reasons we created an environment that strives to do what we call continuous security validation. So even if you had the best security technologies in the world, it's indistinguishable from no security at all until a breach occurs, right? And so, continuous security validation allows us to look at live attacks that you're usually going to face, measure whether or not your security is deployed, is delivering all protections against them, and highlights there's a gap, simply because you're human. The best technology in the world isn't going to work if you're not managing it well. >> Right. So, are you creating kind of like a digital twin of the key components of my environment back in your lab? Or are you putting things in my system so that you can do this kind of continual monitoring? >> We create, effectively, a virtual remote office and then deploy your security controls and then we attack that remote office for you. And measure whether or not your security controls are being effective and whether or not your people with those controls are able to respond effectively. >> So what's been the impact of public cloud? Of the rise of public cloud? Both obviously, for those applications that are sitting in the public cloud from the Enterprise perspective, but now it's creating this kind of hybrid situation where they've still got stuff in the data center, they've got stuff in the public cloud, there's probably some stuff that's migrating in between, maybe it's tested to have in the public cloud and it gets deployed internally, or maybe they're trying to do a lift-and-shift out of the data center, so how has the rise of public cloud and with the hybrid cloud and multi-cloud environments impacted your guys' world? >> Oh, the biggest shift there, I think, is in the proliferation of what otherwise would have been well-controlled development environments into production environments. It's so easy to move what evolved in developing a technology into a production world without going in and paying attention whether or not all of the right elements are in play. So it used to be you developed it, then you moved it into QA and then from QA, it got moved into production. Now you go right from Dev to Production and QA kind of happens in the background. >> Right, right. And we talked in an earlier conversation, too, which is before then this security would be layered on after the test dev, once it was moving in production. Well, let's slap some security on it, but now it's got to be incorporated in from day one, so another huge opportunity, I guess, to miss that, as you roll that into production. >> It seems like nobody ever thinks about security first. It just isn't the function. No developer ever wakes up in the morning and thinks, I need to do security and then develop features. Their life is all around delivering the value that the customers are looking for and security prevents them creating the feature velocity they want to deliver. There's always a push-and-pull there to get the right balance and it's easy when you're not under sustained attack to believe that security isn't important. >> So how do people adjust kind of their thinking around security? Or is it just below the surface, or it's presumed? How does it become more of an ongoing part of the conversation and a feature that's always baked in during the development versus kind of an afterthought or, oh my gosh, my neighbor just got hacked or there's a big story in the Wall Street Journal? >> I think what we're seeing now in the evolution of software and development is the supply chain involved. It used to be you created systems from scratch and you built it from scratch and you had the opportunity to layer security in as you were going. You would find a weakness, you would design around it, you would overcome it. Now it's more of an assemblage of components to produce an outcome, and the security wasn't built in when the component was built, you've pretty much lost that opportunity and it's hard to go retrofit that. I think we're going to soon see the next phase where these components are start building security assumptions in up front, but it's going to be a long time, much like IoT where things are deployed forever, where we start seeing that supply chain evolve on its own and you can assemble secure software from the start. >> Yeah, it's amazing that's it's still kind of an afterthought when these things are in the newspaper every day and it's almost an assumption maybe we're getting a little numb to the thing that you're going to be breached and you're going to have an issue and how do you react to it? How quickly can you find it? How do you limit the damage? Because it seems like everybody's getting breached every day. >> Especially, when you consider we have decades of technical data. There are companies that still run their businesses on mainframes that haven't been produced in 20 years. >> I didn't even think of that part of it. All right, last question before I let you go, Jason. Big, big week this week at RSA. What are you looking forward to? >> Ah, I'm looking forward to really the evolution of advanced end point technologies, the delivery of visibility to the enterprise, that can do new response actions based on new knowledge. I'm looking forward to the growth of automation. Automation as it relates to security elements, so we can reduce the human element. >> Jeff: Right. >> And the mistakes that are made. >> Yeah, 'cause we certainly need it, 'cause it is easy to make mistakes when you've got a 1000 little tasks, right? >> It is. >> All right, Jason. Well, thank you for taking a few minutes of your day and stopping by. >> Thanks for having me. >> All right. He's Jason, I'm Jeff. You're watching The Cube. We're at RSAC 2018 North America in San Francisco. Thanks for watching. (exciting music)

(upbeat music) >> Announcer: From downtown San Francisco, it's theCUBE. Covering RSA North America 2018. >> Welcome back everybody, Jeff Frick here, with theCUBE. We're at RSA Conference 2018 in downtown San Francisco, 40,000 plus people, it's a really busy, busy, busy conference, talking about security, enterprise security and, of course, a big, new, and growing important theme is cloud and how does public cloud work within your security structure, and your ecosystem, and your system. So we're excited to have an expert in the field, who comes from that side. He's Tim Jefferson, he's a VP Public Cloud for Barracuda Networks. Tim, great to see you. >> Yeah, thanks for having me. >> Absolutely, so you worked for Amazon for a while, for AWS, so you've seen the security from that side. Now, you're at Barracuda, and you guys are introducing an interesting concept of public cloud firewall. What does that mean exactly? >> Yeah, I think from my time at AWS, one of my roles was working with all the global ISVs, to help them re-architect their solution portfolio for public cloud, so got some interesting insight into a lot of the friction that enterprise customers had moving their datacenter security architectures into public cloud. And the great biggest friction point tend to be around the architectures that firewalls are deploying. So they ended up creating, if you think about how a firewall is architected and created, it's really designed around datacenters and tightly coupling all the traffic back into a centralized policy enforcement point that scales vertically. That ends up being a real anti-pattern in public cloud best practice, where you want to build loosely coupled architectures that scale elastically. So, just from feedback from customers, we've kind of re-architected our whole solution portfolio to embrace that, and not only that, but looking at all the native services that the public cloud IaaS platforms, you know, Amazon, Azure, and Google, provide, and integrating those solutions to give customers the benefit, all the security telemetry you can get out of the native fabric, combined with the compliance you get out of web application and next-generation firewall. >> So, it's interesting, James Hamilton, one of my favorite people at AWS, he used to have his Tuesday Nights with James Hamilton at every event, very cool. And what always impressed me every time James talked is just the massive scale that Amazon and the other public cloud vendors have at their disposal, whether it's for networking and running cables or security, et cetera. So, I mean, what is the best way for people to take advantage of that security, but then why is there still a hole, where there's a new opportunity for something like a cloud firewall? >> I think the biggest thing for customers to embrace is that there's way more security telemetry available in the APIs that the public cloud providers do than in the data plane. So most traditional network security architects consider network packets the single source of truth, and a lot of the security architecture's really built around instrumenting in visibility into the data plane so you can kind of crunch through that, but the reality is the management plane on AWS and Azure, GCP, offer tremendous amount of security telemetry. So it's really about learning what all those services are, how you can use the instrument controls, mine that telemetry out, and then combine it with control enforcement that the public cloud providers don't provide, so that kind of gives you the best of both worlds. >> It's interesting, a lot of times we'll hear about a breach and it'll be someone who's on Amazon or another public cloud provider, and then you see, well they just didn't have their settings in the right configuration, right? >> It's usually really kind of Security 101 things. But the reality is, just because it's a new sandbox, there's new rules, new services, you know, and engineers have to kind of, and the other interesting thing is that developers now own the infrastructures they're deploying on. So you don't have the traditional controls that maybe network security engineers or security professionals can build architectures to prevent that. A developer can inadvertently build an app, launch it, not really think about security vulnerabilities he put in, that's kind of what you see in the news. Those people kind of doing basic security misconfigurations that some of these tools can pick up programmatically. >> Now you guys just commissioned a survey about firewalls in the cloud. I wonder if you can share some of the high-level outcomes of that survey. What did you guys find? >> Yeah, it's similar to what we're chatting. It's just that, I think, you know, over 90% of enterprise customers acknowledge the fact that there's friction when they're deploying their datacenter security architectures, specifically network security tools, just because of the architectural friction and the fact that, it's really interesting, you know, a lot of those are really built because everything's tightly coupled into them, but in the public cloud, a lot of your policy enforcement comes from the native services. So, for instance, your segmentation policy, the route tables actually get put into the, when you're creating the networking environment. So the security tools, a network security tool, has to work in conjunction with those native services in order to build architectures that are truly compliant. >> So is firewall even the right name anymore? Should it have a different name, because really, we always think, all right, firewall was like a wall. And now it's really more like this layered risk management approach. >> There's definitely a belief, you know, among especially the cloud security evangelists, to make sure people don't think in terms of perimeter. You don't want to architect in something that's brittle in something that's meant to be truly elastic. I think there's kind of two, you know the word firewall is expanding, right, so more and more customers are now embracing web application firewalls because the applications are developing are port 80 or 443, they're public-facing web apps, and those have a unique set of protections into them. And then next-generation firewalls still provide ingress/egress policy management that the native platforms don't offer, so they're important tools for customers to use for compliance and policy enforcement. They key is just getting customers to understand thinking through specifically which controls they're trying to implement and then architect the solutions to embrace the public cloud they're playing in. So, if they're in Azure, they need to think about making sure the tools they're choosing are architected specifically for the Azure environment. If they're using AWS, the same sort of thing. Both those companies have programs where they highlight the vendors that have well-architected their solutions for those environments. So Barracuda has, you know, two security competencies, there's Amazon Web Services. We are the first security vendor for Azure, so we were their Partner of the Year. So the key is just diving in, and there's no silver bullet, just re-architecting the solutions to embrace the platforms you're deploying on. >> What's the biggest surprise to the security people at the company when they start to deploy stuff on a public cloud? There's obviously things they think about, but what do they usually get caught by surprise? >> I think it's just the depth and breadth of the services. There's just so many of them. And they overlap a little bit. And the other key thing is, especially for network security professionals, a lot of the tools are made for software developers. And they have APIs and they're tooling is really built around software development tools, so if you're not a software developer, it can be pretty intimidating to understand how to architect in the controls and especially to leverage all these native services which all tie together. So it's just bridging those two worlds, you know, software development and network security teams, and figuring out a way for them to collaborate and work together. And our advice to customers have been, we've seen comical stories for those battles between the two. Those are always fun to talk about, but I think the best practice is around getting, instead of security teams saying no, I think everybody's trying to get culturally around how do I say yes. Now the burden can be back to the software development teams. The security teams can say, here the list of controls that I need you to cover in order for this app to go live. You know, HIPAA or PCI, here are these compliance controls. You guys chose which tools and automation frameworks work as part of your CI/CD pipeline pr your development pipeline, and then I'll join your sprints and you guys can show incrementally how we're making progress to those compliance. >> And how early do they interject that data in kind of a pilot program that's on its way to a new production app? How early do the devs need to start baking that in? >> I think it has to be from day zero, because as you embrace and think through the service, and the native services you're going to use, depending on which cloud provider, each one of those has an ecosystem of other native services that can be plugged in and they all have overlapping security value, so it's kind of thinking through your security strategy. And then you can be washed away by all the services, and what they can and can't do, but if you just start from the beginning, like what policies or compliance frameworks, what's our risk management posture, and then architect back from that. You know, start from the end mine and then work back, say hey, what's the best tool or services I can instrument in. And then, it may be, starting with less cloudy tools, you know, just because you can instrument in something you know, and then as you build up more expertise, depending on which cloud platform you're on, you can sort of instrument in the native services that you get more comfortable with then. So it's kind of a journey. >> You got to start from the beginning. Bake it in from the zero >> Got to be from the zero. >> It's not a build-on anymore. All right Tim, last question. What are we looking forward to at RSA this week? >> I'm very cloud-biased, you know, so I'm always looking at the latest startups and how creative people are about rethinking how to deploy security controls and just kind of the story and the pulse around the friction with public cloud security and seeing that evolve. >> All right, well I'm sure there'll be lots of it. It never fails to fascinate me, the way that this valley keeps evolving and evolving and evolving. Whatever the next big opportunity is. All right, he's Tim Jefferson, I'm Jeff Frick, thanks for stopping by. You're watching theCUBE. We're at RSAC 2018 in San Francisco. Thanks for watching. (upbeat techno music)

>> Narrator: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> And welcome back everybody, Jeff Frick here with theCUBE. We're at the RSA Conference in San Francisco, it's 40 thousand plus people talking security, really one of the biggest conferences in San Francisco, and security continues to be an ever increasing and important topic, and more and more complex and complicated and multifaceted. We're excited to have really an innovator who just recently sold his company to Sumo Logic, he's Dave Frampton, VP of security solutions now at Sumo Logic. Dave, great to see you. >> Dave: Good to be here. >> So you guys were relatively a relatively small team working on a very specific piece of this giant pie. So, tell us a little bit about what you're doing and what attracted Sumo Logic to you. >> FactorChain, acquired by Sumo Logic in Q4 of last year was focused on building an investigation platform to really help security analysts very quickly and completely identify, for an individual threat or alert of which they get an avalanche every day, what happened, where did it spread, and then what should be done about it, more importantly. >> It's funny 'cause we talk often, at all these conferences, right, everybody in the keynote will talk about it, "six months before you know you've been breached", or two years, or whatever the average, it changes all the time. But nobody ever really talks about once you've figured it out, then what? So that's really what you guys are about, the "then what?" So what are some of the things that people do wrongly, and what are some of the immediate triage and best practices that people should be aware of if they're not already? >> It's a great question, there's really a difficult work flow that exists when you start digging into one of these indicators of compromise or alerts, typically an analyst is trying to connect the dots across huge numbers of systems and huge data sets. They may have to go to five to ten different systems, run queries which take a long time to run and then take a long time to interpret, kind of stitch together the clues across all of them, and this process can often take 30 minutes, an hour, or even two hours against an inflow rate of hundreds of these per day. So there's sort of this expanding backlog of uninvestigated urgent threats. In many cases, people only get to about 10% of the most urgent threats or alerts that come in to their security operation center, or SOC. And FactorChain's innovation was to develop some new techniques to help human analysts quickly connect the dots across these huge data sets. Integrate a lot of those different systems, so you can go to one place, see huge, deep connections between data sets, and then kind of put it all together in a very concise work flow that helps you get through this process just a lot faster, a lot more skilled. >> So are you identifying patterns of past behavior, 'cause you have a database of how these things work, are you looking for consistency of behavior within one system in others, I mean, what are some of the, obviously you're not going to tell us your secret sauce, but what are some of the tricks and tips that enable you to speed up that process? It's scary to hear that they have hundreds of high priority that they can't get to. >> There's two main components of trying to accelerate this whole work flow. The first one is trying to help analysts very quickly get insight into how variables change in an environment. This investigation process is little bit like a game of whack-a-mole, you're following a particular user or particular machine, but then the name will change, and then there'll be another variable introduced but it will change four times, and you're left to try to figure out which one of these changes map to the original. This process just repeats over and over again. So part of our insight was to try to figure out how to chain, hence the name FactorChain, all of these variable changes together in a very, very concise way, so you can help the analyst find the right path through the data and ignore all the false trails, get back on the trail when they lose the trail. So it's really sort of a data navigation and insight, sort of the key core of FactorChain's innovation. >> So a big factor, shouldn't use that word again, but we'll use it again, factor happening today in the industry is everything going to cloud, right? A huge percentage of business going to cloud. AWS is up to 20 billion dollar run rate and Sumo is a big partner, and Microsoft and Google are trying to catch up from behind, and IBM's got a cloud. So cloud's a big thing and there's more and more cloud. Also, we're in this API economy now, so whether I want to use public data sets and inject those into my processes, or I've got partners that I'm, I'm connecting all these things via API's and I still have my on-prem stuff, or the stuff that just can't go to cloud or legacy for whatever reason. So the environment is becoming way more complex, the number of third party people that you're playing nice with is becoming much, much larger, and a lot of these connections are completely automated, right, when you look at ad tech and some of the financial trading systems. So how does that increasing complexity play into what you guys are doing? >> The migration to the cloud is putting enormous disruptive pressure on some of these traditional security processes. You think about, the old world involved a security operations center and a small team of analysts just going through this list of alerts that were sent in by their infrastructure. The cloud really challenges that in two fundamental ways. I think one of them you hit really well in your description of it, which is just the sheer surface area of possible attack has increased so dramatically. You hit all the key points, there's automated processes, there's a lot of customer facing and production security that didn't exist in the old worlds, so you have so many more ways for the attackers to get in. But importantly, there are new sources of information which are critical to actually orchestrating the defense, to figuring out what to pay attention to and how to pay attention to it. Application layer information is much more relevant in a cloud context. And you have a lot of the infrastructures being standardized underneath, but a lot of the interesting insight might be from the application. Is this a customer or is it a partner? Is it a sensitive piece of information or application, or not? There's all sorts of context which needs to be brought in to the forensic process to help the investigators really get to the bottom of what happened and where did it spread. There's also a need to collaborate across security and other functions in IT in a much more seamless, horizontal way. A typical example would be an analyst in the SOC might understand an awful lot about security forensics but may not really understand some of this application context or even how to interpret some of the application logs at all. So you really need a horizontal collaboration involving IT operations, you hear a lot about DevOps and sort of DevSecOps, you need a much more collaborative work flow, not just a common data set, which I think everybody recognized a few years back, but also common analytics and a common work flow, common tooling that they can collaborate in the same system on the same investigation. And so those are the ways in which the traditional security industry and the boundaries around its processes and its tools are really being challenged and disrupted by the migration to the cloud, and at Sumo Logic, this is sort of at the center of where we live. We live in a world where people are rapidly migrating to the cloud, looking for monitoring and troubleshooting and security analytics, functionality. As they do that, looking at modern applications and how their architectures are changing and what implications that has for security. So we have our sights squarely set on sort of creating that new model for that new cloud-oriented environment. >> Right, and then how much do you work with other applications, which I guess in the past may have been thought of as competitive, but when you're in an environment with all these integrated systems at a customer, and there's probably tremendous benefit to sharing some level of information in terms of the signature of threats and when threats are coming in. I'm sure there's ton of great data that, if shared across people on the good side of the fence, will probably be to the benefit of all. So has that been changing, is that evolving, how do you see kind of working with other apps within, let's just pick the AWS cloud for example, within a particular customer, whether it's AWS directly or other partners in the ecosystem? >> Right, well first, you hit it, I mean, this function of security operations has to be agnostic, right? You have to be open to ingesting context from whichever system and whichever vendor and whatever source it might come from. And so these ecosystems are really important, and integration so that you can quickly, not only take in information from third parties, but then quickly get trending and visualization and really bring insight to that data. And so to that end, Sumo Logic's a leader in the AWS ecosystem, we've been built from the ground up on AWS, and we have rich partnerships with the vast majority of the ecosystem of tools that surround the AWS environment. So we can bring that in and very quickly deliver insight, make correlations, figure out what you need to pay attention to, and then do this investigation work flow that we were talking about earlier. >> Alright, crazy times. So, 40 thousand people here, what are you looking forward to for the next couple of days here at RSAC? >> I think a couple of things. One is, I think everyone is focused, right now, on the upcoming deadline for GEPR, and sort of data protection, data privacy, how do we identify within our data what might be subject to some of these regulations and new compliance requirements, and then how many of those overlap. Though the best of intentions, it creates some dilemmas about how to approach problems, such as for example, right to be forgotten. And I think seeing the community come together and sort of in a live venue, which is really what the show is all about, and kind of discuss and debate those issues, I think that's one. Two is the center of what we've been talking about, is the impact of modern application architectures and cloud on some of these old, traditional security practices and models. And that's why we have a bigger presence this year at the show, because we think that's something that is going to change the way things have been done in the security industry, and we want to be a part of that conversation and obviously giving previews of our upcoming products that address some of those problems. Looking forward to a good week. >> Should be good of a week for you, be busy. >> Dave: Absolutely. >> Thanks for taking a few minutes, and again congratulations on the acquisition with Sumo, great marriage I'm sure, and look forward to following the story. >> Thanks so much. >> Alright, he's Dave Frampton, I'm Jeff Frick. You're watching theCUBE from RSAC 2018 San Francisco. Thanks for watching.

>> Announcer: From downtown San Francisco, it's theCUBE covering RSA North America 2018. >> Hey welcome back everybody, Jeff Frick here with theCUBE. We're in San Francisco at RSA conference 2018, as 40,000 plus professionals talking about security. It's quickly becoming one of the biggest conferences that we have in San Francisco right up there with Oracle OpenWorld and Salesforce.com, pretty amazing show and we're excited to get some of the insight with some of the experts that are here for the event and all the way from the East Coast, from New Hampshire Edna Conway's joining us, she's a chief security officer, global value chain for Cisco, Edna great to see you. >> Oh I'm delighted to be here Jeff, thank you. >> Absolutely so we're glad to get you out of the 21 degree weather that you said was cold and sleety when you departed. >> Cold and sleety, spring in New Hampshire, although it's not much nicer here in San Francisco. >> No, it's a little dodgy today. Well anyway let's jump into it. So you're all about value chain. What exactly when you think about value chain, explain to the people, what are you thinking? >> You know that's a great question because we define the value chain as the end to end life cycle for any solution. So it could be hardware, it could be software, it could be a service, whether it's a service afforded by a person, or a service afforded by the cloud. >> Now it's interesting because the number of components in a solution value chain just continue to grow over time as we have the API economy, and clouds, and all these things are interconnected so I would imagine that the complexity of managing and then by relation securing that value chain must be getting harder and harder over time as we continue to add all these, kind of API components to the solution. Is that what you see in the field? >> I think there's a challenge there without a doubt, but sometimes that interconnection actually gives you a hook in right, and so what we've been thinking about for years now is, is there a way to actually define a simple high level architecture that can be flexible and elastic with some rigidity that allows you to identify what your core goals are, and then allows those third party ecosystem members to join you in the effort to achieve those goals in a way that works for their business. >> Right and then how does open source play in that? Because that's also an increasing component of the value chain, is that integrated into more and more either just overtly, or you're implementing an open source solution or you've got all these people that are kind of open source plus and what they're building and delivering to the market. >> Yeah open source is a great challenge without a doubt. I think the way in which to deal with open source is to understand where you're getting it from, just like all third party ecosystem members. Who are they? What are they doing for you? And more precisely how are you going to utilize them and take a risk based approach to where you're embedding them. >> Right. >> Right. Not all things are created equally. And so your worry needs to be different depending on the utilization. >> Right. The risk based approach is a great comment because cause security in a way to me is kind of like insurance, you can't be ultimately secure unless you just lock the doors and sit in there by yourself. So it's always kind of this risk trade off, benefit versus trade off, and really a financial decision as to how much do you want to invest in that next unit of security relative to the return. So when you're thinking about it from a risk modeling basis versus just, you know, we're putting up the moat and nobody's coming in, which we know doesn't work anymore. What are some of the factors to think about so that you're achieving the right level of success at the right investment? >> I think there are a number of things to think about, and the primary one I would say is, look at what I believe is the currency of the digital economy which is trust. And in order to build trust what you need to do is understand the risks that you're taking. And those risks need to measured in the language of business. So all of a sudden, it becomes really clear when you know what someone is doing for you, and you know how they're doing it, and the invasiveness of your inquiry and partnership with them actually needs to be adjusted, and all of a sudden you develop not only a baseline, but an opportunity to enhance your trust for, let's take an example. So Cisco's working with Intel, we're going to deploy Intel threat detection technology, our first instantiation of that will be tetration. Clearly they're a third party ecosystem member. >> Right, right. >> And they have been for some time. Now what we're thinking about is how does Intel go about deploying that capability? And not only that, but how are we going to utilize it? And our view is if you take CPU telemetry and you combine it with our edge as well as our network telemetry, you have a better solution down the road, better solution for alerts, better solution for quicker decisions for the inevitable. That risk based approach says we're embedding into and partnering at a core solution level. >> Right. >> That's a different area of inquiry then somebody, we were talking earlier and I said, you know, if you're a sheet metal provider on the external part of a chassis, great. >> Don't they love the diligence on that piece? >> Quality due diligence, but security limited, yeah? >> So but it's interesting because on one hand you're opening up kind of new kind of threat surfaces if you will, the more components that are in a solution from the more providers. On the positive side, now you're leveraging their security expertise within the components that they're bringing to the solution. So as most things in life right, it's really kind of two sides of the same coin, opening up more threats, but leveraging another group of resources who have an expertise within that piece of the value chain. >> Absolutely. Look none of us make something from nothing, you know, the reality is we're relying more and more on the digital economy on those third parties. So understanding precisely how they're doing something is important, but we also have to be respectful of one another's intellectual property. And that is a unique wrinkle in a day and age of integration that we haven't seen previously. The other thing I think that's really important is we're seeing a wonderful, I think explosion of IOT, there's a downside obviously, the question is have folks deployed their IOT in a way that included the security community. You should have security at the table, but what IOT does is give you edge visibility that you've never had before. So I see it as a positive, but it needs to be informed by things like AI, it needs to be informed by things like machine learning, and they need to be gates within at the end of the day where the information is managed, which is at the network. >> Right, cause again it's just another entry point in as well, so good thing, bad thing. I want to circle back on kind of the boardroom discussion that we talked about a little bit earlier. Everyone's talking about securities and board conversation, clouds and board conversation, a lot of these big, kind of IT transformational things that are happening are now being elevated to the board cause everybody's a digital company and everybody's a digital business. When you want to talk to the board, and how should people talk to the board about security vis a vis kind of this risk analysis versus just a pure, you know, we're secure, or we're not secure, and I'm sure every CEO and board is worried for that announcement to come out in the paper that they were breached some time ago. And you almost think it's inevitable at some point in time, so what does the board discussion look like? How's the board decision changing as security gets elevated beyond kind of the basics? >> So let me answer that in the context of value chain security. >> Absolutely. >> I think we need to get to the point where security speaks the language of business. We need to walk into the board and say we have an architecture, we are deploying measures to achieve the architecture at a certain level of compliance and goal setting across the ecosystem on a risk based approach. Fabulous words, I'm a board member. What does that mean to me? >> Help me, help me, gimme a number. Exactly, well, and the number comes out of tolerance levels. So if you have this architecture and you have goals set we have 11 domains, we set goals flexibly based on the nature of the third party and what they do for us. Now we have a tolerance level and guess what you can report? I'm at tolerance, I'm above tolerance, I'm below tolerance. And if you start to model through a variety of techniques, there are a number of standards out there and processes some folks have written about them, where you can translate that risk of tolerance into dollars if you're in the US or currency of your choice and the reality is you're walking in and saying at tolerance means this degree of risk, below tolerance means I've reduced my risk to this. It might afford you an opportunity to say hmmm, perhaps you can share some of that benefit with me to take the program to a new level. >> Right, right or in a different area. >> About tolerance, higher degree of risk, what do we do about it? Now you're speaking the language of business. >> So that's pretty old school business right? I want to talk to you about something that's a little bit newer school which is block chain. And you've used the word trust I don't know how many times in this interview, we'll check the transcript, but trust is a really important thing obviously, and some people have said that they view block chain as trust as a service. I'm just curious to get your perspective as we hear more and more about block chain, and big companies like IBM and a lot of companies are putting a bunch of resources behind it, where do you see block chain fitting? What is Cisco's position or I don't know if they have a official position yet as block chain now is introduced into this world of trust. >> So I think we're all looking at it, Cisco included block chain is an incredibly useful tool without a doubt. I'm not sure that block chain's going to solve world hunger or world peace. >> Shoot. >> However, just as we said trust has elements of use artificial intelligence to inform your decisions, achieve a higher degree of trust, what you can have is a set of let's say, hashes, date and time stamps, as something passes through the network because remember, if the currency is trust the integrity of the data is the fuel that allows you to earn trust. And digital, digital ledger technology or block chain is something that I think allows us to develop what I call a passport for the data. So we have a chain of custody, you know I'm an old homicide prosecutor from many, many, years ago chain of custody was important in the trial so too chain of custody of your data and your actions across the full spectrum of a life cycle add a degree of integrity we've never had the ability to do easily before. >> Interesting times. >> Alright Edna well thank you for spending some of your day with us, I'm sure you have a crazy, busy RSA planned out for the next couple days so thanks again. >> My pleasure, thank you so much for having me. >> Alright she's Edna Conway, I'm Jeff Frick. You're watching theCUBE from RSA Conference 2018 thanks for watching. (theme music)

>> Announcer: Live from Las Vegas, it's The Cube covering Dell EMC World 2017 brought to you by Dell EMC. >> Welcome back here on The Cube, the Flagship broadcast of SiliconANGLE TV. We rap up our coverage today, day two of Dell EMC World 2017. We're live in Las Vegas. I'm John Walls along with Rebecca Knight and joining us now all the way from Tobacco Road Patrick Williams, who is the IT Infrastructure Architect at North Carolina State University in beautiful Raleigh, North Carolina. Patrick, thank you for joining us. >> Thank you. >> Tell us first of all, you know, academically, you're the first, somebody from that community that we have a chance to speak with over the past two days. What are you seeing here that you are going to find of interest that you might want to take back with you to Raleigh, that maybe you're going to put into practice? >> Right, so we're really taking a look at the technologies that we have in play, and there's been a lot of new announcements at the conference this year, so we have Unity Storage, we have Data Domain and there's been announcements pretty much across that product spectrum, so we've been looking, going to breakout sessions talking to the experts and trying to take a look at the technology and see how we can take advantage of the new features that are offered in our environment. >> So before the cameras were rolling, you were setting the scene a little bit and describing the kinds of data needs, security needs that you have for a busy, thriving, and large college campus. Can you lay that out for our viewers? >> Right so for a college campus, one of the biggest concerns is around security, so there's a mandate or desire, probably as part of the academic culture to be as open as possible because the goal is to exchange ideas and to share resources between the university and across our set of institutions. So contrast that with the reality that we have to maintain a high level of security now, so there's obviously a lot of incidents. We are a Google Mail university and as you know, there was recently an attack on Gmail, right? So one of the things that we've had to do is to say, "We're going to implement Two Factor Authentication. "We're going to develop a classification system "around how we assess and manage data," so depending on the category, there's different levels of security that are in put in place in our (mumbles) environment, while also trying to remain as open as possible. >> So you have a lot of competing interests, it seems, in trying to balance those interests, is how much of your job? >> 100%. (laughing) Yeah, so what I would say is that in order to be able to get proposals forward, I have to be able to make the case on all sides of the equation, so I have to make the correct academic case. I have to make the correct business case. I have to make the correct cultural case and if I can make those cases coincide, then we can succeed and move things forward and get proposals. >> 'Cause you're saying that at NC State, it's not central IT. You're in IT, but there are some more schools that have options, they can make their own decisions, and so I would think coordination, integration, are not barriers, but certainly challenges. >> That's right, so we are, we call ourselves a central IT group; however, there is no mandate for each of the colleges to use central IT services, so our goal is to create kind of a foundational set of services that the consumers then in come and build on top of rather than building their own resources and we like to see that grow kind of organically rather than to mandate it, use of central services, and we've actually had great success. So we've had a lot of resources to come back from the edge into the central folds and be able to grow that centrally, put a higher level of resiliency on top of those services and satisfy our customers. >> In terms of one of the challenges, though, cost is a huge one, and then making sure that things do come within budget and not a penny over. Can you talk a little bit about some of those obstacles and how you've overcome them? >> Right, so cost is everything for us. Our budgets have been flat for the past three years, but the demand for growth in capacity and existing environments and the demand for new services is ongoing. What we've been able to do is to work really hard on assessing our resources. We've implemented Cloud IQ a year ago when it was first announced to get a kind of a long-term view of our environment and kind of track our growth, and that has enabled us to put the right data in the appropriate tier and be able to maximize our investment and that's really helped us be able to continue to grow our environments as we move forward. >> When you're talking about the different clients or constituencies you're trying to please: you've got the students, the faculty, the administration, and the staff, what do students want, what do faculty want, and how do you give them what they want? >> That's right. So students, is really interesting because the student perspective has really changed over the past couple of years and it caught us off-guard. We have a pervasive data network on our campus. We have all the dorms wired. We have about 21,000 students total. About 8000 stay on campus. All those dorms were hard-wired, but we did not have wifi enabled in all the dorms and we survey students every year. Last year we surveyed them and we got very bad marks because that, even a jack was not enough for them. If you look at what you typically show up with now, how many devices have a hard-wired jack, none, right? So they show up with four devices. They couldn't use any of them on our data network and their response on the survey was, the one that I remember the most was, "Our lives depend on wifi," that was the quote. >> Of course. >> We, of course, immediately went and looked at how we roll out 4000 access points right away. We did that over a summer. That was able to succeed. We also have a very unique set of challenges in that because I mentioned that, we only have 4000 students, slightly more than that, that stay on campus. The majority of them move back and forth between classes so 10 AM when 5000 people walk by one access point. >> When they've just woken up. >> That's right. >> 10 AM. >> Or log in to check their email, et cetera. So those are unique challenges so what we had to do is what are the tools to track the application resources? What's normal application performance? What's a normal peak and what's a breakout that's outside of the normal, and how do we profile that and we want to be well ahead of the demand so that we can put those resources in place ahead of the need. >> So what do you do about the challenge of future deployments? Your budget's going to be somewhat constrained. You know your needs are increasing. You know your constituents have new and growing demand. So, I mean, tough nut to crack, isn't it? You're trying to make your cloud strategy. What are you going to do with that? The 4GG server coming on board now, how do you find, or how do you balance that from the academic perspective? >> You mentioned that and also I didn't mention that one of our data centers is aging and so on top of all that, we're also starting to see, put a strain on our data center resources. What we really hope to be able to do is to leverage some type of a hybrid cloud strategy. The challenge for us has been, what is our application profile? If you look at applications that are a great fit in cloud and applications that are not a great fit in cloud, the traditional backend applications, the core infrastructure applications are not necessarily a great fit, and so what we're trying to figure out is what is the best hybrid solution that will help you move our environment forward and still leverage existing resources. >> So looking ahead, what does the college campus of the future, the technology-enabled college campus of the future look like? Give us a picture. >> I think one of the best examples i can give is our Hunt Library, so we opened a new library on what we call our Centennial Campus a few years ago. It was designed from the ground up as kind of a new model of what does the next generational library look like because it's not, if you think of a library now, you don't think of a traditional, okay, here's a building and stacks and stacks and stacks of books. So they put the books off in a corner and there is a large robotic library that's designed to handle the books and the bulk of it is about collaborative spaces, so there are high-end collaborative work stations, consolidated areas. There are students that are in the design school. If you want to go and practice your DJ skills, you can do that there as well, so that's where things are really headed. >> So Patrick, before we let you go, my final question is, when are you going to beat Carolina and Duke at basketball? >> We're waiting, so we have that US Championship banners from the '80s and I'm tired of looking at that, so we're really looking forward to-- >> Those days are long-gone. >> Right. >> Right, Patrick Williams, NC State, thank you for being with us here on The Cube. Safe travels back home and continued success at Raleigh. >> Thank you. >> Appreciate the time. >> Alright. >> Good. That raps it up here on The Cube, day two is in the books. We'll see you back here tomorrow morning at 11:30 central time, that's 2:30 on the East Coast, for more interviews live from Las Vegas, until then. For Rebecca Knight, I'm John Walls. Have a good night.

(upbeat music) >> Hello everyone. Welcome to theCube's presentation of the "AWS Startup Showcase." The topic this episode is AI and machine learning, top startups building foundational model infrastructure. This is season three, episode one of the ongoing series covering exciting startups from the AWS ecosystem. And this time we're talking about AI and machine learning. I'm your host, John Furrier. I'm excited I'm joined today by Robert Nishihara, who's the co-founder and CEO of a hot startup called Anyscale. He's here to talk about Ray, the open source project, Anyscale's infrastructure for foundation as well. Robert, thank you for joining us today. >> Yeah, thanks so much as well. >> I've been following your company since the founding pre pandemic and you guys really had a great vision scaled up and in a perfect position for this big wave that we all see with ChatGPT and OpenAI that's gone mainstream. Finally, AI has broken out through the ropes and now gone mainstream, so I think you guys are really well positioned. I'm looking forward to to talking with you today. But before we get into it, introduce the core mission for Anyscale. Why do you guys exist? What is the North Star for Anyscale? >> Yeah, like you mentioned, there's a tremendous amount of excitement about AI right now. You know, I think a lot of us believe that AI can transform just every different industry. So one of the things that was clear to us when we started this company was that the amount of compute needed to do AI was just exploding. Like to actually succeed with AI, companies like OpenAI or Google or you know, these companies getting a lot of value from AI, were not just running these machine learning models on their laptops or on a single machine. They were scaling these applications across hundreds or thousands or more machines and GPUs and other resources in the Cloud. And so to actually succeed with AI, and this has been one of the biggest trends in computing, maybe the biggest trend in computing in, you know, in recent history, the amount of compute has been exploding. And so to actually succeed with that AI, to actually build these scalable applications and scale the AI applications, there's a tremendous software engineering lift to build the infrastructure to actually run these scalable applications. And that's very hard to do. So one of the reasons many AI projects and initiatives fail is that, or don't make it to production, is the need for this scale, the infrastructure lift, to actually make it happen. So our goal here with Anyscale and Ray, is to make that easy, is to make scalable computing easy. So that as a developer or as a business, if you want to do AI, if you want to get value out of AI, all you need to know is how to program on your laptop. Like, all you need to know is how to program in Python. And if you can do that, then you're good to go. Then you can do what companies like OpenAI or Google do and get value out of machine learning. >> That programming example of how easy it is with Python reminds me of the early days of Cloud, when infrastructure as code was talked about was, it was just code the infrastructure programmable. That's super important. That's what AI people wanted, first program AI. That's the new trend. And I want to understand, if you don't mind explaining, the relationship that Anyscale has to these foundational models and particular the large language models, also called LLMs, was seen with like OpenAI and ChatGPT. Before you get into the relationship that you have with them, can you explain why the hype around foundational models? Why are people going crazy over foundational models? What is it and why is it so important? >> Yeah, so foundational models and foundation models are incredibly important because they enable businesses and developers to get value out of machine learning, to use machine learning off the shelf with these large models that have been trained on tons of data and that are useful out of the box. And then, of course, you know, as a business or as a developer, you can take those foundational models and repurpose them or fine tune them or adapt them to your specific use case and what you want to achieve. But it's much easier to do that than to train them from scratch. And I think there are three, for people to actually use foundation models, there are three main types of workloads or problems that need to be solved. One is training these foundation models in the first place, like actually creating them. The second is fine tuning them and adapting them to your use case. And the third is serving them and actually deploying them. Okay, so Ray and Anyscale are used for all of these three different workloads. Companies like OpenAI or Cohere that train large language models. Or open source versions like GPTJ are done on top of Ray. There are many startups and other businesses that fine tune, that, you know, don't want to train the large underlying foundation models, but that do want to fine tune them, do want to adapt them to their purposes, and build products around them and serve them, those are also using Ray and Anyscale for that fine tuning and that serving. And so the reason that Ray and Anyscale are important here is that, you know, building and using foundation models requires a huge scale. It requires a lot of data. It requires a lot of compute, GPUs, TPUs, other resources. And to actually take advantage of that and actually build these scalable applications, there's a lot of infrastructure that needs to happen under the hood. And so you can either use Ray and Anyscale to take care of that and manage the infrastructure and solve those infrastructure problems. Or you can build the infrastructure and manage the infrastructure yourself, which you can do, but it's going to slow your team down. It's going to, you know, many of the businesses we work with simply don't want to be in the business of managing infrastructure and building infrastructure. They want to focus on product development and move faster. >> I know you got a keynote presentation we're going to go to in a second, but I think you hit on something I think is the real tipping point, doing it yourself, hard to do. These are things where opportunities are and the Cloud did that with data centers. Turned a data center and made it an API. The heavy lifting went away and went to the Cloud so people could be more creative and build their product. In this case, build their creativity. Is that kind of what's the big deal? Is that kind of a big deal happening that you guys are taking the learnings and making that available so people don't have to do that? >> That's exactly right. So today, if you want to succeed with AI, if you want to use AI in your business, infrastructure work is on the critical path for doing that. To do AI, you have to build infrastructure. You have to figure out how to scale your applications. That's going to change. We're going to get to the point, and you know, with Ray and Anyscale, we're going to remove the infrastructure from the critical path so that as a developer or as a business, all you need to focus on is your application logic, what you want the the program to do, what you want your application to do, how you want the AI to actually interface with the rest of your product. Now the way that will happen is that Ray and Anyscale will still, the infrastructure work will still happen. It'll just be under the hood and taken care of by Ray in Anyscale. And so I think something like this is really necessary for AI to reach its potential, for AI to have the impact and the reach that we think it will, you have to make it easier to do. >> And just for clarification to point out, if you don't mind explaining the relationship of Ray and Anyscale real quick just before we get into the presentation. >> So Ray is an open source project. We created it. We were at Berkeley doing machine learning. We started Ray so that, in order to provide an easy, a simple open source tool for building and running scalable applications. And Anyscale is the managed version of Ray, basically we will run Ray for you in the Cloud, provide a lot of tools around the developer experience and managing the infrastructure and providing more performance and superior infrastructure. >> Awesome. I know you got a presentation on Ray and Anyscale and you guys are positioning as the infrastructure for foundational models. So I'll let you take it away and then when you're done presenting, we'll come back, I'll probably grill you with a few questions and then we'll close it out so take it away. >> Robert: Sounds great. So I'll say a little bit about how companies are using Ray and Anyscale for foundation models. The first thing I want to mention is just why we're doing this in the first place. And the underlying observation, the underlying trend here, and this is a plot from OpenAI, is that the amount of compute needed to do machine learning has been exploding. It's been growing at something like 35 times every 18 months. This is absolutely enormous. And other people have written papers measuring this trend and you get different numbers. But the point is, no matter how you slice and dice it, it' a astronomical rate. Now if you compare that to something we're all familiar with, like Moore's Law, which says that, you know, the processor performance doubles every roughly 18 months, you can see that there's just a tremendous gap between the needs, the compute needs of machine learning applications, and what you can do with a single chip, right. So even if Moore's Law were continuing strong and you know, doing what it used to be doing, even if that were the case, there would still be a tremendous gap between what you can do with the chip and what you need in order to do machine learning. And so given this graph, what we've seen, and what has been clear to us since we started this company, is that doing AI requires scaling. There's no way around it. It's not a nice to have, it's really a requirement. And so that led us to start Ray, which is the open source project that we started to make it easy to build these scalable Python applications and scalable machine learning applications. And since we started the project, it's been adopted by a tremendous number of companies. Companies like OpenAI, which use Ray to train their large models like ChatGPT, companies like Uber, which run all of their deep learning and classical machine learning on top of Ray, companies like Shopify or Spotify or Instacart or Lyft or Netflix, ByteDance, which use Ray for their machine learning infrastructure. Companies like Ant Group, which makes Alipay, you know, they use Ray across the board for fraud detection, for online learning, for detecting money laundering, you know, for graph processing, stream processing. Companies like Amazon, you know, run Ray at a tremendous scale and just petabytes of data every single day. And so the project has seen just enormous adoption since, over the past few years. And one of the most exciting use cases is really providing the infrastructure for building training, fine tuning, and serving foundation models. So I'll say a little bit about, you know, here are some examples of companies using Ray for foundation models. Cohere trains large language models. OpenAI also trains large language models. You can think about the workloads required there are things like supervised pre-training, also reinforcement learning from human feedback. So this is not only the regular supervised learning, but actually more complex reinforcement learning workloads that take human input about what response to a particular question, you know is better than a certain other response. And incorporating that into the learning. There's open source versions as well, like GPTJ also built on top of Ray as well as projects like Alpa coming out of UC Berkeley. So these are some of the examples of exciting projects in organizations, training and creating these large language models and serving them using Ray. Okay, so what actually is Ray? Well, there are two layers to Ray. At the lowest level, there's the core Ray system. This is essentially low level primitives for building scalable Python applications. Things like taking a Python function or a Python class and executing them in the cluster setting. So Ray core is extremely flexible and you can build arbitrary scalable applications on top of Ray. So on top of Ray, on top of the core system, what really gives Ray a lot of its power is this ecosystem of scalable libraries. So on top of the core system you have libraries, scalable libraries for ingesting and pre-processing data, for training your models, for fine tuning those models, for hyper parameter tuning, for doing batch processing and batch inference, for doing model serving and deployment, right. And a lot of the Ray users, the reason they like Ray is that they want to run multiple workloads. They want to train and serve their models, right. They want to load their data and feed that into training. And Ray provides common infrastructure for all of these different workloads. So this is a little overview of what Ray, the different components of Ray. So why do people choose to go with Ray? I think there are three main reasons. The first is the unified nature. The fact that it is common infrastructure for scaling arbitrary workloads, from data ingest to pre-processing to training to inference and serving, right. This also includes the fact that it's future proof. AI is incredibly fast moving. And so many people, many companies that have built their own machine learning infrastructure and standardized on particular workflows for doing machine learning have found that their workflows are too rigid to enable new capabilities. If they want to do reinforcement learning, if they want to use graph neural networks, they don't have a way of doing that with their standard tooling. And so Ray, being future proof and being flexible and general gives them that ability. Another reason people choose Ray in Anyscale is the scalability. This is really our bread and butter. This is the reason, the whole point of Ray, you know, making it easy to go from your laptop to running on thousands of GPUs, making it easy to scale your development workloads and run them in production, making it easy to scale, you know, training to scale data ingest, pre-processing and so on. So scalability and performance, you know, are critical for doing machine learning and that is something that Ray provides out of the box. And lastly, Ray is an open ecosystem. You can run it anywhere. You can run it on any Cloud provider. Google, you know, Google Cloud, AWS, Asure. You can run it on your Kubernetes cluster. You can run it on your laptop. It's extremely portable. And not only that, it's framework agnostic. You can use Ray to scale arbitrary Python workloads. You can use it to scale and it integrates with libraries like TensorFlow or PyTorch or JAX or XG Boost or Hugging Face or PyTorch Lightning, right, or Scikit-learn or just your own arbitrary Python code. It's open source. And in addition to integrating with the rest of the machine learning ecosystem and these machine learning frameworks, you can use Ray along with all of the other tooling in the machine learning ecosystem. That's things like weights and biases or ML flow, right. Or you know, different data platforms like Databricks, you know, Delta Lake or Snowflake or tools for model monitoring for feature stores, all of these integrate with Ray. And that's, you know, Ray provides that kind of flexibility so that you can integrate it into the rest of your workflow. And then Anyscale is the scalable compute platform that's built on top, you know, that provides Ray. So Anyscale is a managed Ray service that runs in the Cloud. And what Anyscale does is it offers the best way to run Ray. And if you think about what you get with Anyscale, there are fundamentally two things. One is about moving faster, accelerating the time to market. And you get that by having the managed service so that as a developer you don't have to worry about managing infrastructure, you don't have to worry about configuring infrastructure. You also, it provides, you know, optimized developer workflows. Things like easily moving from development to production, things like having the observability tooling, the debug ability to actually easily diagnose what's going wrong in a distributed application. So things like the dashboards and the other other kinds of tooling for collaboration, for monitoring and so on. And then on top of that, so that's the first bucket, developer productivity, moving faster, faster experimentation and iteration. The second reason that people choose Anyscale is superior infrastructure. So this is things like, you know, cost deficiency, being able to easily take advantage of spot instances, being able to get higher GPU utilization, things like faster cluster startup times and auto scaling. Things like just overall better performance and faster scheduling. And so these are the kinds of things that Anyscale provides on top of Ray. It's the managed infrastructure. It's fast, it's like the developer productivity and velocity as well as performance. So this is what I wanted to share about Ray in Anyscale. >> John: Awesome. >> Provide that context. But John, I'm curious what you think. >> I love it. I love the, so first of all, it's a platform because that's the platform architecture right there. So just to clarify, this is an Anyscale platform, not- >> That's right. >> Tools. So you got tools in the platform. Okay, that's key. Love that managed service. Just curious, you mentioned Python multiple times, is that because of PyTorch and TensorFlow or Python's the most friendly with machine learning or it's because it's very common amongst all developers? >> That's a great question. Python is the language that people are using to do machine learning. So it's the natural starting point. Now, of course, Ray is actually designed in a language agnostic way and there are companies out there that use Ray to build scalable Java applications. But for the most part right now we're focused on Python and being the best way to build these scalable Python and machine learning applications. But, of course, down the road there always is that potential. >> So if you're slinging Python code out there and you're watching that, you're watching this video, get on Anyscale bus quickly. Also, I just, while you were giving the presentation, I couldn't help, since you mentioned OpenAI, which by the way, congratulations 'cause they've had great scale, I've noticed in their rapid growth 'cause they were the fastest company to the number of users than anyone in the history of the computer industry, so major successor, OpenAI and ChatGPT, huge fan. I'm not a skeptic at all. I think it's just the beginning, so congratulations. But I actually typed into ChatGPT, what are the top three benefits of Anyscale and came up with scalability, flexibility, and ease of use. Obviously, scalability is what you guys are called. >> That's pretty good. >> So that's what they came up with. So they nailed it. Did you have an inside prompt training, buy it there? Only kidding. (Robert laughs) >> Yeah, we hard coded that one. >> But that's the kind of thing that came up really, really quickly if I asked it to write a sales document, it probably will, but this is the future interface. This is why people are getting excited about the foundational models and the large language models because it's allowing the interface with the user, the consumer, to be more human, more natural. And this is clearly will be in every application in the future. >> Absolutely. This is how people are going to interface with software, how they're going to interface with products in the future. It's not just something, you know, not just a chat bot that you talk to. This is going to be how you get things done, right. How you use your web browser or how you use, you know, how you use Photoshop or how you use other products. Like you're not going to spend hours learning all the APIs and how to use them. You're going to talk to it and tell it what you want it to do. And of course, you know, if it doesn't understand it, it's going to ask clarifying questions. You're going to have a conversation and then it'll figure it out. >> This is going to be one of those things, we're going to look back at this time Robert and saying, "Yeah, from that company, that was the beginning of that wave." And just like AWS and Cloud Computing, the folks who got in early really were in position when say the pandemic came. So getting in early is a good thing and that's what everyone's talking about is getting in early and playing around, maybe replatforming or even picking one or few apps to refactor with some staff and managed services. So people are definitely jumping in. So I have to ask you the ROI cost question. You mentioned some of those, Moore's Law versus what's going on in the industry. When you look at that kind of scale, the first thing that jumps out at people is, "Okay, I love it. Let's go play around." But what's it going to cost me? Am I going to be tied to certain GPUs? What's the landscape look like from an operational standpoint, from the customer? Are they locked in and the benefit was flexibility, are you flexible to handle any Cloud? What is the customers, what are they looking at? Basically, that's my question. What's the customer looking at? >> Cost is super important here and many of the companies, I mean, companies are spending a huge amount on their Cloud computing, on AWS, and on doing AI, right. And I think a lot of the advantage of Anyscale, what we can provide here is not only better performance, but cost efficiency. Because if we can run something faster and more efficiently, it can also use less resources and you can lower your Cloud spending, right. We've seen companies go from, you know, 20% GPU utilization with their current setup and the current tools they're using to running on Anyscale and getting more like 95, you know, 100% GPU utilization. That's something like a five x improvement right there. So depending on the kind of application you're running, you know, it's a significant cost savings. We've seen companies that have, you know, processing petabytes of data every single day with Ray going from, you know, getting order of magnitude cost savings by switching from what they were previously doing to running their application on Ray. And when you have applications that are spending, you know, potentially $100 million a year and getting a 10 X cost savings is just absolutely enormous. So these are some of the kinds of- >> Data infrastructure is super important. Again, if the customer, if you're a prospect to this and thinking about going in here, just like the Cloud, you got infrastructure, you got the platform, you got SaaS, same kind of thing's going to go on in AI. So I want to get into that, you know, ROI discussion and some of the impact with your customers that are leveraging the platform. But first I hear you got a demo. >> Robert: Yeah, so let me show you, let me give you a quick run through here. So what I have open here is the Anyscale UI. I've started a little Anyscale Workspace. So Workspaces are the Anyscale concept for interactive developments, right. So here, imagine I'm just, you want to have a familiar experience like you're developing on your laptop. And here I have a terminal. It's not on my laptop. It's actually in the cloud running on Anyscale. And I'm just going to kick this off. This is going to train a large language model, so OPT. And it's doing this on 32 GPUs. We've got a cluster here with a bunch of CPU cores, bunch of memory. And as that's running, and by the way, if I wanted to run this on instead of 32 GPUs, 64, 128, this is just a one line change when I launch the Workspace. And what I can do is I can pull up VS code, right. Remember this is the interactive development experience. I can look at the actual code. Here it's using Ray train to train the torch model. We've got the training loop and we're saying that each worker gets access to one GPU and four CPU cores. And, of course, as I make the model larger, this is using deep speed, as I make the model larger, I could increase the number of GPUs that each worker gets access to, right. And how that is distributed across the cluster. And if I wanted to run on CPUs instead of GPUs or a different, you know, accelerator type, again, this is just a one line change. And here we're using Ray train to train the models, just taking my vanilla PyTorch model using Hugging Face and then scaling that across a bunch of GPUs. And, of course, if I want to look at the dashboard, I can go to the Ray dashboard. There are a bunch of different visualizations I can look at. I can look at the GPU utilization. I can look at, you know, the CPU utilization here where I think we're currently loading the model and running that actual application to start the training. And some of the things that are really convenient here about Anyscale, both I can get that interactive development experience with VS code. You know, I can look at the dashboards. I can monitor what's going on. It feels, I have a terminal, it feels like my laptop, but it's actually running on a large cluster. And I can, with however many GPUs or other resources that I want. And so it's really trying to combine the best of having the familiar experience of programming on your laptop, but with the benefits, you know, being able to take advantage of all the resources in the Cloud to scale. And it's like when, you know, you're talking about cost efficiency. One of the biggest reasons that people waste money, one of the silly reasons for wasting money is just forgetting to turn off your GPUs. And what you can do here is, of course, things will auto terminate if they're idle. But imagine you go to sleep, I have this big cluster. You can turn it off, shut off the cluster, come back tomorrow, restart the Workspace, and you know, your big cluster is back up and all of your code changes are still there. All of your local file edits. It's like you just closed your laptop and came back and opened it up again. And so this is the kind of experience we want to provide for our users. So that's what I wanted to share with you. >> Well, I think that whole, couple of things, lines of code change, single line of code change, that's game changing. And then the cost thing, I mean human error is a big deal. People pass out at their computer. They've been coding all night or they just forget about it. I mean, and then it's just like leaving the lights on or your water running in your house. It's just, at the scale that it is, the numbers will add up. That's a huge deal. So I think, you know, compute back in the old days, there's no compute. Okay, it's just compute sitting there idle. But you know, data cranking the models is doing, that's a big point. >> Another thing I want to add there about cost efficiency is that we make it really easy to use, if you're running on Anyscale, to use spot instances and these preemptable instances that can just be significantly cheaper than the on-demand instances. And so when we see our customers go from what they're doing before to using Anyscale and they go from not using these spot instances 'cause they don't have the infrastructure around it, the fault tolerance to handle the preemption and things like that, to being able to just check a box and use spot instances and save a bunch of money. >> You know, this was my whole, my feature article at Reinvent last year when I met with Adam Selipsky, this next gen Cloud is here. I mean, it's not auto scale, it's infrastructure scale. It's agility. It's flexibility. I think this is where the world needs to go. Almost what DevOps did for Cloud and what you were showing me that demo had this whole SRE vibe. And remember Google had site reliability engines to manage all those servers. This is kind of like an SRE vibe for data at scale. I mean, a similar kind of order of magnitude. I mean, I might be a little bit off base there, but how would you explain it? >> It's a nice analogy. I mean, what we are trying to do here is get to the point where developers don't think about infrastructure. Where developers only think about their application logic. And where businesses can do AI, can succeed with AI, and build these scalable applications, but they don't have to build, you know, an infrastructure team. They don't have to develop that expertise. They don't have to invest years in building their internal machine learning infrastructure. They can just focus on the Python code, on their application logic, and run the stuff out of the box. >> Awesome. Well, I appreciate the time. Before we wrap up here, give a plug for the company. I know you got a couple websites. Again, go, Ray's got its own website. You got Anyscale. You got an event coming up. Give a plug for the company looking to hire. Put a plug in for the company. >> Yeah, absolutely. Thank you. So first of all, you know, we think AI is really going to transform every industry and the opportunity is there, right. We can be the infrastructure that enables all of that to happen, that makes it easy for companies to succeed with AI, and get value out of AI. Now we have, if you're interested in learning more about Ray, Ray has been emerging as the standard way to build scalable applications. Our adoption has been exploding. I mentioned companies like OpenAI using Ray to train their models. But really across the board companies like Netflix and Cruise and Instacart and Lyft and Uber, you know, just among tech companies. It's across every industry. You know, gaming companies, agriculture, you know, farming, robotics, drug discovery, you know, FinTech, we see it across the board. And all of these companies can get value out of AI, can really use AI to improve their businesses. So if you're interested in learning more about Ray and Anyscale, we have our Ray Summit coming up in September. This is going to highlight a lot of the most impressive use cases and stories across the industry. And if your business, if you want to use LLMs, you want to train these LLMs, these large language models, you want to fine tune them with your data, you want to deploy them, serve them, and build applications and products around them, give us a call, talk to us. You know, we can really take the infrastructure piece, you know, off the critical path and make that easy for you. So that's what I would say. And, you know, like you mentioned, we're hiring across the board, you know, engineering, product, go-to-market, and it's an exciting time. >> Robert Nishihara, co-founder and CEO of Anyscale, congratulations on a great company you've built and continuing to iterate on and you got growth ahead of you, you got a tailwind. I mean, the AI wave is here. I think OpenAI and ChatGPT, a customer of yours, have really opened up the mainstream visibility into this new generation of applications, user interface, roll of data, large scale, how to make that programmable so we're going to need that infrastructure. So thanks for coming on this season three, episode one of the ongoing series of the hot startups. In this case, this episode is the top startups building foundational model infrastructure for AI and ML. I'm John Furrier, your host. Thanks for watching. (upbeat music)

(upbeat music) >> Welcome back to The Cubes coverage of WIDS 2023 the eighth Annual Women in Data Science Conference which is held at Stanford University. I'm your host, Lisa Martin. I'm really excited to be having some great co-hosts today. I've got Hannah Freytag with me, who is a data journalism master student at Stanford. We have yet another inspiring woman in technology to bring to you today. Kelly Hoang joins us, data scientist at Gilead. It's so great to have you, Kelly. >> Hi, thank you for having me today. I'm super excited to be here and share my journey with you guys. >> Let's talk about that journey. You recently got your PhD in information sciences, congratulations. >> Thank you. Yes, I just graduated, I completed my PhD in information sciences from University of Illinois Urbana-Champaign. And right now I moved to Bay Area and started my career as a data scientist at Gilead. >> And you're in better climate. Well, we do get snow here. >> Kelly: That's true. >> We proved that the last... And data science can show us all the climate change that's going on here. >> That's true. That's the topic of the data fund this year, right? To understand the changes in the climate. >> Yeah. Talk a little bit about your background. You were mentioning before we went live that you come from a whole family of STEM students. So you had that kind of in your DNA. >> Well, I consider myself maybe I was a lucky case. I did grew up in a family in the STEM environment. My dad actually was a professor in computer science. So I remember when I was at a very young age, I already see like datas, all of these computer science concepts. So grew up to be a data scientist is always something like in my mind. >> You aspired to be. >> Yes. >> I love that. >> So I consider myself in a lucky place in that way. But also, like during this journey to become a data scientist you need to navigate yourself too, right? Like you have this roots, like this foundation but then you still need to kind of like figure out yourself what is it? Is it really the career that you want to pursue? But I'm happy that I'm end up here today and where I am right now. >> Oh, we're happy to have you. >> Yeah. So you' re with Gilead now after you're completing your PhD. And were you always interested in the intersection of data science and health, or is that something you explored throughout your studies? >> Oh, that's an excellent question. So I did have background in computer science but I only really get into biomedical domain when I did my PhD at school. So my research during my PhD was natural language processing, NLP and machine learning and their applications in biomedical domains. And then when I graduated, I got my first job in Gilead Science. Is super, super close and super relevant to what my research at school. And at Gilead, I am working in the advanced analytics department, and our focus is to bring artificial intelligence and machine learning into supporting clinical decision making. And really the ultimate goal is how to use AI to accelerate the precision medicine. So yes, it's something very like... I'm very lucky to get the first job that which is very close to my research at school. >> That's outstanding. You know, when we talk about AI, we can't not talk about ethics, bias. >> Kelly: Right. >> We know there's (crosstalk) Yes. >> Kelly: In healthcare. >> Exactly. Exactly. Equities in healthcare, equities in so many things. Talk a little bit about what excites you about AI, what you're doing at Gilead to really influence... I mean this, we're talking about something that's influencing life and death situations. >> Kelly: Right. >> How are you using AI in a way that is really maximizing the opportunities that AI can bring and maximizing the value in the data, but helping to dial down some of the challenges that come with AI? >> Yep. So as you may know already with the digitalization of medical records, this is nowaday, we have a tremendous opportunities to fulfill the dream of precision medicine. And what I mean by precision medicines, means now the treatments for people can be really tailored to individual patients depending on their own like characteristic or demographic or whatever. And nature language processing and machine learning, and AI in general really play a key role in that innovation, right? Because like there's a vast amount of information of patients and patient journeys or patient treatment is conducted and recorded in text. So that's why our group was established. Actually our department, advanced analytic department in Gilead is pretty new. We established our department last year. >> Oh wow. >> But really our mission is to bring AI into this field because we see the opportunity now. We have a vast amount of data about patient about their treatments, how we can mine these data how we can understand and tailor the treatment to individuals. And give everyone better care. >> I love that you brought up precision medicine. You know, I always think, if I kind of abstract everything, technology, data, connectivity, we have this expectation in our consumer lives. We can get anything we want. Not only can we get anything we want but we expect whoever we're engaging with, whether it's Amazon or Uber or Netflix to know enough about me to get me that precise next step. I don't think about precision medicine but you bring up such a great point. We expect these tailored experiences in our personal lives. Why not expect that in medicine as well? And have a tailored treatment plan based on whatever you have, based on data, your genetics, and being able to use NLP, machine learning and AI to drive that is really exciting. >> Yeah. You recap it very well, but then you also bring up a good point about the challenges to bring AI into this field right? Definitely this is an emerging field, but also very challenging because we talk about human health. We are doing the work that have direct impact to human health. So everything need to be... Whatever model, machine learning model that you are building, developing you need to be precise. It need to be evaluated properly before like using as a product, apply into the real practice. So it's not like recommendation systems for shopping or anything like that. We're talking about our actual health. So yes, it's challenging that way. >> Yeah. With that, you already answered one of the next questions I had because like medical data and health data is very sensitive. And how you at Gilead, you know, try to protect this data to protect like the human beings, you know, who are the data in the end. >> The security aspect is critical. You bring up a great point about sensitive data. We think of healthcare as sensitive data. Or PII if you're doing a bank transaction. We have to be so careful with that. Where is security, data security, in your everyday work practices within data science? Is it... I imagine it's a fundamental piece. >> Yes, for sure. We at Gilead, for sure, in data science organization we have like intensive trainings for employees about data privacy and security, how you use the data. But then also at the same time, when we work directly with dataset, it's not that we have like direct information about patient at like very granular level. Everything is need to be kind of like anonymized at some points to protect patient privacy. So we do have rules, policies to follow to put that in place in our organization. >> Very much needed. So some of the conversations we heard, were you able to hear the keynote this morning? >> Yes. I did. I attended. Like I listened to all of them. >> Isn't it fantastic? >> Yes, yes. Especially hearing these women from different backgrounds, at different level of their professional life, sharing their journeys. It's really inspiring. >> And Hannah, and I've been talking about, a lot of those journeys look like this. >> I know >> You just kind of go... It's very... Yours is linear, but you're kind of the exception. >> Yeah, this is why I consider my case as I was lucky to grow up in STEM environment. But then again, back to my point at the beginning, sometimes you need to navigate yourself too. Like I did mention about, I did my pa... Sorry, my bachelor degree in Vietnam, in STEM and in computer science. And that time, there's only five girls in a class of 100 students. So I was not the smartest person in the room. And I kept my minority in that areas, right? So at some point I asked myself like, "Huh, I don't know. Is this really my careers." It seems that others, like male people or students, they did better than me. But then you kind of like, I always have this passion of datas. So you just like navigate yourself, keep pushing yourself over those journey. And like being where I am right now. >> And look what you've accomplished. >> Thank you. >> Yeah. That's very inspiring. And yeah, you mentioned how you were in the classroom and you were only one of the few women in the room. And what inspired or motivated you to keep going, even though sometimes you were at these points where you're like, "Okay, is this the right thing?" "Is this the right thing for me?" What motivated you to keep going? >> Well, I think personally for me, as a data scientist or for woman working in data science in general, I always try to find a good story from data. Like it's not, when you have a data set, well it's important for you to come up with methodologies, what are you going to do with the dataset? But I think it's even more important to kind of like getting the context of the dataset. Like think about it like what is the story behind this dataset? What is the thing that you can get out of it and what is the meaning behind? How can we use it to help use it in a useful way. To have in some certain use case. So I always have that like curiosity and encouragement in myself. Like every time someone handed me a data set, I always think about that. So it's helped me to like build up this kind of like passion for me. And then yeah. And then become a data scientist. >> So you had that internal drive. I think it's in your DNA as well. When you were one of five. You were 5% women in your computer science undergrad in Vietnam. Yet as Hannah was asking you, you found a lot of motivation from within. You embrace that, which is so key. When we look at some of the statistics, speaking of data, of women in technical roles. We've seen it hover around 25% the last few years, probably five to 10. I was reading some data from anitab.org over the weekend, and it shows that it's now, in 2022, the number of women in technical roles rose slightly, but it rose, 27.6%. So we're seeing the needle move slowly. But one of the challenges that still remains is attrition. Women who are leaving the role. You've got your PhD. You have a 10 month old, you've got more than one child. What would you advise to women who might be at that crossroads of not knowing should I continue my career in climbing the ladder, or do I just go be with my family or do something else? What's your advice to them in terms of staying the path? >> I think it's really down to that you need to follow your passion. Like in any kind of job, not only like in data science right? If you want to be a baker, or you want to be a chef, or you want to be a software engineer. It's really like you need to ask yourself is it something that you're really passionate about? Because if you really passionate about something, regardless how difficult it is, like regardless like you have so many kids to take care of, you have the whole family to take care of. You have this and that. You still can find your time to spend on it. So it's really like let yourself drive your own passion. Drive the way where you leading to. I guess that's my advice. >> Kind of like following your own North Star, right? Is what you're suggesting. >> Yeah. >> What role have mentors played in your career path, to where you are now? Have you had mentors on the way or people who inspired you? >> Well, I did. I certainly met quite a lot of women who inspired me during my journey. But right now, at this moment, one person, particular person that I just popped into my mind is my current manager. She's also data scientist. She's originally from Caribbean and then came to the US, did her PhDs too, and now led a group, all women. So believe it or not, I am in a group of all women working in data science. So she's really like someone inspire me a lot, like someone I look up to in this career. >> I love that. You went from being one of five females in a class of 100, to now having a PhD in information sciences, and being on an all female data science team. That's pretty cool. >> It's great. Yeah, it's great. And then you see how fascinating that, how things shift right? And now today we are here in a conference that all are women in data science. >> Yeah. >> It's extraordinary. >> So this year we're fortunate to have WIDS coincide this year with the actual International Women's Day, March 8th which is so exciting. Which is always around this time of year, but it's great to have it on the day. The theme of this International Women's Day this year is embrace equity. When you think of that theme, and your career path, and what you're doing now, and who inspires you, how can companies like Gilead benefit from embracing equity? What are your thoughts on that as a theme? >> So I feel like I'm very lucky to get my first job at Gilead. Not only because the work that we are doing here very close to my research at school, but also because of the working environment at Gilead. Inclusion actually is one of the five core values of Gilead. >> Nice. >> So by that, we means we try to create and creating a working environment that all of the differences are valued. Like regardless your background, your gender. So at Gilead, we have women at Gilead which is a global network of female employees, that help us to strengthen our inclusion culture, and also to influence our voices into the company cultural company policy and practice. So yeah, I'm very lucky to work in the environment nowadays. >> It's impressive to not only hear that you're on an all female data science team, but what Gilead is doing and the actions they're taking. It's one thing, we've talked about this Hannah, for companies, and regardless of industry, to say we're going to have 50% women in our workforce by 2030, 2035, 2040. It's a whole other ballgame for companies like Gilead to actually be putting pen to paper. To actually be creating a strategy that they're executing on. That's awesome. And it must feel good to be a part of a company who's really adapting its culture to be more inclusive, because there's so much value that comes from inclusivity, thought diversity, that ultimately will help Gilead produce better products and services. >> Yeah. Yes. Yeah. Actually this here is the first year Gilead is a sponsor of the WIDS Conference. And we are so excited to establish this relationship, and looking forward to like having more collaboration with WIDS in the future. >> Excellent. Kelly we've had such a pleasure having you on the program. Thank you for sharing your linear path. You are definitely a unicorn. We appreciate your insights and your advice to those who might be navigating similar situations. Thank you for being on theCUBE today. >> Thank you so much for having me. >> Oh, it was our pleasure. For our guests, and Hannah Freytag this is Lisa Martin from theCUBE. Coming to you from WIDS 2023, the eighth annual conference. Stick around. Our final guest joins us in just a minute.