(techno music) >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're in Reno, Nevada at the Reno Convention Center. It's InterBike 2018, I think it's like 20,000 people, haven't got the official count yet, but this is an amazing show, it's all about bicycles. We came because we want to learn more about eBikes, and really, this kind of last mile thing that's goin' on, mobility, and right at the center of the eBike revolution is a company that's been around forever, and that's Bosch, and we're happy to have Jonathan Weinert. He's a sales and marketing manager for the Bosch eBikes. Jonathan, great to see you. >> Great to see you, Jeff. >> So, I don't know if everybody knows, you guys power like half of all the eBikes that are out there. You guys are completely in bed with all these manufacturers with really, the industry leading system. >> Thank you, yes, the Bosch eBike system, you'll find it world wide on about 70 different bike brands throughout the world. Here in North America, we're on about 30 different brands, from Trek to Electra to Cannondale. And they power all types of bikes, so commuter bikes, cargo bikes, fat bikes, mountain bikes, any type of bike that you can think of can use the Bosch eBike system to amplify the rider's power and help you go further, higher, farther, less sweat or sweat it out, whatever you want. >> Right, it's like the magic power. >> Exactly, magic carpet ride. >> The main components are you got the drive unit, which is really the heart of the system. >> Yes. >> The battery obviously to provide the power, then the control unit that's up on top of the handlebars, so you can control it. >> Exactly. >> So we were talking before we turned the cameras on, of kind of the history, you guys have been at this for like nine years, I believe you said? >> Exactly, yeah, we invented this system nine years ago, it was a combination of technology from our automotive business. So an electric power steering motor, married with technology from our power tools business, the lithium iron battery pack. And we also had some sensors, torque sensors and electronics and we put these technologies together, and the engineers back then, what they wanted to do is create something to make cycling still feel like cycling but help you conquer hills. >> Right. >> And go farther and use the bike more. >> Right, it's pretty interesting cause there's a whole lot of data that's feeding that software and the algorithms to make those feedback loops smooth, make 'em feel like bicycling, so it's really you're riding on software. >> Exactly, you're riding on software and we have three sensors that are capturing your input. Torque sensor from the pedals, how fast you're pedaling, and wheel speed. And those three sensor measurements go into the electronics and tell the motor how much extra oomph to give you. >> Right, but you have to be pedaling right? >> You always have to be pedaling, yeah. >> That's one of the data inputs. >> Exactly, these are all pedal assist eBikes, and they only assist you when you pedal, no throttle, and they can assist you up to 20 miles per hour, or 28 miles per hour for our speed system. >> Right, we saw that last night in the gazelle, they had one of the 28 mile an hour bikes. >> Yeah, which is great for people that have long distance commutes or they want to do these huge adventure rides, so yeah, both are great. >> Now, what about the maintenance for these types of systems I mean it looks like a pretty closed system. >> It is totally closed, yeah. >> It's totally closed. >> Yeah, the maintenance, they last a long time, they're warrantied for two years, but if you have a problem with anything, you take it to the dealer, the dealer takes the component off, sends it to Bosch and gives you a new one. You don't have to open anything or solder anything. >> Right, right. >> Yeah, no. It's automotive grade, sort of service and diagnostics. >> Right, so the other thing we're seeing all over the show floor here again is all about the data. There's so much more data available to the riders. We were just at the Garmin booth and I don't know how many different data sets that they can track, in terms of your pedal pressure. >> Yes. >> Whether you're tipping back and forth, whether you're even, and you guys are actually pulling some of that external data back into your systems, right? For a unified experience for the rider. I think you said, a heart rate sensor for instance? >> Exactly, that's the newest feature that we're showcasing at InterBike today, the Kiox display. Which connects man and machine, or woman and machine. You can wear a heart rate monitor and as you're riding, you can see your heart rate on your device. Which is great if you want to train on an e-mountain bike. Sometimes you want to keep your heart rate in a certain range. Sometimes you want to make sure it doesn't go above a certain limit. >> Right. Yeah, so it's our first step into connectivity. Many more connectivity features will follow. >> Right, so I'm just curious from your perspective on the bike industry, cause you sit in kind of this, cat bird seat, since you deal with so many different kinds of bikes. And I was amazed at how much of the mountain bike adoption of the eBikes is happening here. Have you seen within your dealers, kind of this new opportunity to leverage electronics and a motor to kind of reinvigorate the brands, reinvigorate the models, and reinvigorate, you know, many of the, just a wide range of cool form factors that we're seeing all over the floor? >> Yeah, so nine years ago, Bosch coupled with Haibike. Haibike sort of created this segment of e-mountain biking by putting the motor in a unique way into the bike, and since then this e-mountain bike trend has really taken off, it's huge in Europe. You'll see e-mountain bikes all over the ski resorts there. They're allowing families to e-mountain bike together, to bike together, just like they ski together in the winter. So it's reinvigorating ski resorts and we see ski resorts here in the US, also embracing e-mountain bikes. Mammoth Mountain just allowed class one e-mountain bikes on all their bike park trails. So e-mountain biking is really spreading through this resort and other resorts, North Star, right up the road. >> Right and I wonder on the city side, again, lessons we can learn from Europe, cause it seems like the regulations are, you know, they're always a little bit behind the technology in terms of, you know, how are eBikes treated. Are they a bike, are they a motor vehicle? And I know there's some laws but it still seems a little bit confused and cities aren't quite ready to realize that an eBike is better than a car, in terms of so many things happening in the city. Are you guys involved in that, kind of industry consortium and how do you see that evolving? >> So we've been involved with several other bike companies and PeopleForBikes to create a framework, how to regulate eBikes. And we've divided eBikes into three classes. Class one, two and three, pedal assist, throttle, anyway. Setting up this definition of the three classes of eBikes, we've created this eBike law in California and nine other states throughout the country. So now they know how to regulate eBikes and these three classes and they can limit where each class can go on the roads. And with this regulation, we're seeing the eBike adoption in these states really start to pick up, now that they're easier to regulate. >> Right, well Jonathan, really a cool story and it's been really fun to watch Bosch, especially as you guys have gone from your long history in the auto parts world to this new exciting space. So thanks for taking a few minutes and congrats. >> Oh, my pleasure, Jeff, thank you. >> Alright, he's Jonathan, I'm Jeff, you're watching theCUBE, we're at InterBike in Reno, Nevada. Thanks for watching, see you next time. (techno music)

>> Announcer: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at the RSA conference in San Francisco 40,000 plus people talking about security, gets bigger and bigger every year. Soon it's going to eclipse Oracle Open World and Sales Force to be the biggest conference in all of San Francisco. But we've got somebody who's been coming here he said for 16 years, Ricardo Villidiego, the EDP and GM Security and Fraud for Cyxtera. Did I get that right, Cyxtera? >> Cyxtera. >> Jeff: Cyxtera Technologies, great to see you. >> Thank you Jeff, it's glad to be here. >> So you said you've been coming here for 16 years. How has it changed? >> Yeah, that's exactly right. You know it's becoming bigger, and bigger, and bigger I believe this is a representation of the size of the prowling out there. >> But are we getting better at it, or is it just the tax service is getting better? Why are there so many, why is it getting bigger and bigger? Are we going to get this thing solved or? >> I think it is that combination within we have the unique solution that is going to help significantly organizations to get better in the security landscape I think the issue that we have is there's just so many now use in general and I think that now is a representation of the disconnection that exists between the way technologies are deploying security and the way technologies are consuming IT. I think IT is completely, has a evolved significantly and is completely hybrid today and organizations are continuing to deploy security in a way like if we were in the 90s. >> Right. >> And that's the biggest connection that exists between the attacks and the protection. >> But in the 90s we still like, or you can correct me, and we can actually build some big brick walls and a moat and a couple crocodiles and we can keep the bad guys out. That's not the way anymore. >> It is not a way. And look, I believe we're up there every protection creates a reaction on the adversary. And that is absolutely true in security and it is absolutely true in the fraud landscape. Every protection measure will push the adversary to innovate and that innovation is what, for good and for bad, has created this big market which we can't complain. >> Right, right. So for folks that aren't familiar with Cyxtera give them the quick update on what you guys are all about. >> So see, I think Cyxtera is here to conquer the cyber security space. I think what we did is we put together technologies from the companies that we acquire. >> Right. >> With a combination of the call center facilities that we also acquired from Centurylink to build this vision of the secure infrastructure company and what we're launching here at the RSA conference 2018 is AppGate 4.0 which is the flagship offering around secure access. Secure access is that anchor up on which organizations can deploy a secure way to enable their workforce and their party relationships to get access the critical assets within the network in a secure way. >> Okay, and you said 4.0 so that implies that there was a three and a two and probably a one. >> Actually you're right. >> So what are some of the new things in 4.0? >> Well, it's great it gives it an evolution of the current platform we lounge what we call life entitlements which is an innovative concept upon which we can dynamically adjust the permitter of an an end point. And the user that is behind that end point. I think, you know, a permitter that's today doesn't exist as they were in the 90s. >> Right, right. >> That concept of a unique permitter that is protected by the firewall that is implemented by Enact Technology doesn't exist anymore. >> Right. >> Today is about agility, today is about mobility, today is about enabling the end user to securely access their... >> Their applications, >> The inevitable actions, >> They may need, right. >> And what AppGate does is exactly that. Is to identify what the security processor of the end point and the user behind the end point and deploy a security of one that's unique to the specific conditions of an end point and the user behind that end point when they're trying to access critical assets within the network. >> Okay, so if I heard you right, so instead of just a traditional wall it's a combination of identity, >> Ricardo: It's identity. >> The end point how their access is, and then the context within the application. >> That's exactly right. >> Oh, awesome so that's very significant change than probably when you started out years ago. >> Absolutely, and look Jeff, I think you know to some extent the way enterprises are deploying security is delusional. And I say that because there is a reality and it looks like we're ignoring ignoring the reality but the reality is the way organizations are consuming IT is totally different than what it was in the 90s and the early 2000s. >> Right. >> The way organizations are deploying security today doesn't match with the way they're consuming IT today. That's where AppGate SDP can breach that gap and enable organizations to deploy security strategies that match with the reality of IT obstacles today. >> Right. If they don't get it, they better get it quick 'cause else not, you know we see them in the Wall Street Journal tomorrow morning and that's not a happy place to be. >> Absolutely not, absolute not and we're trying to help them to stay aware of that. >> Right. Alright, Ricardo we'll have to leave it there we're crammed for time but thanks for taking a few minutes out of your day. >> Alright Jeff, thank you very much I love to be here. >> Alright. He's Ricardo I'm Jeff you're watching theCUBE from RSAC 2018 San Francisco. (upbeat music)

>> Announcer: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> Hey, welcome back everybody. Jeff Frick here with theCUBE. We're at the RSA Conference in downtown San Francisco. Forty thousand plus security experts really trying to help us all out. Protect our borders not so much, but protects access to these machines, which is harder and harder and harder everyday with bring your own devices and all these devices. So really, it's a different strategy. And we're really excited to have ExtraHop back, we had ExtraHop on last year for the first year, he's Matt Cauthorn, the VP of security at ExtraHop. So Matt, what do you think of the show? >> Oh, amazing. Absolutely amazing. Super packed, been walking like crazy. Got all my steps in, its fantastic. >> Alright, so you guys have been in network security for a long time? >> Yeah so we've been, so we live in the East-West corridor, inside the enterprise, inside the perimeter doing wire data analytics, and network security analytics. Our source of data is the network itself. >> Okay. And the network is increasing exponentially with all the traffic that's going through, the data sources are increasing exponentially with all the traffic going through. >> That's right. >> So how are you guys keeping up with the scale, and what's really the security solution that you guys are implementing? >> So the point you make is really interesting. Yes, it is increasing exponentially, and as a data source the network is the only sort of observational point of truth in the entirety of IT. Everything else is sort of self-reported. Logs, end points, those are very valuable data sources, but as an empirical source of truth, of evidence, the network wins. That assumes you can scale. And that assumes you're fluent with the protocols that are traversing the network, and you're able to actually handle the traffic in the first place. And so for us just this week, we announced a 100gb per second capable appliance, which you know is an unprecedented amount of analytics from the network's perspective. So we're very proud about that. >> So what are you looking for? What are some of the telltale signs that you guys are sniffing for? >> So generally, we auto-classify and auto-discover all of the behaviors on the wire. From the devices themselves, to the services that those devices expose, as well as the transactions that those devices exchange. And so from a context perspective, we're able to go far deeper than almost anyone else in the space, that we know of at least. Far deeper and far more comprehensive sort of analysis as it relates to the network itself. >> And the context is really the key, right? Tag testing what, why, how. System behavior, that's what you're looking for? >> A great example is a user logging into a database, that might be part of a cluster of databases, and understanding what the user's behavior is with the database, which queries are being exchanged, what the database response is in the first place. Is it an error, is it an access denied? And does this behavior look like a denial of service, for example. And we can do all of that in real time, and we have a machine learning layer that sits over top and sort of does a lot of the analytics, and the sort of insights preemptively on your behalf. >> And it's only going to get crazier, right? With IOT and 5g. Just putting that much more data, that many more devices, that much more information on the network. Yeah, so IOT in particular is interesting, because IOT is challenging to instrument in traditional ways, and so you really do have to fall back to the network at some point for your analysis. And so that's where we're very, very strong in the IOT world and industrial controls, SCADA and beyond. Healthcare, HL7 for example. So we're able to actually give you a level of insight that's really, really difficult to get otherwise. >> And we've been hearing a lot of the keynotes and stuff, that those machines, those end points are often the easiest path in for the bad guys. >> Yes they are. >> An enormous security camera or whatever, because they don't have the same OS, they don't have all the ability to configure the protections that you would with say a laptop or a server. >> That's right. There's a surprising number of IOT devices out there that are running very, very old. And vulnerable operating systems are easy to exploit. >> Alright, so Matt I guess we're into Q2 already, hard to believe the years passing by. What's priorities for 2018 for you and ExtraHop? >> So we've announced a first class, purpose-built security solution this year, and really the plan is to continue the sort of momentum that we've accrued. Which is very encouraging, the amount of interest that we've had. It's hard to keep up, frankly. Which is fantastic. We want to continue to build on that, grow out the use cases, grow out the customer base and continue our success. >> Alright Matt, well we'll keep an eye on the story, and thanks for stopping by. >> Great, thank you. Appreciate it. >> Alrighties Matt, I'm Jeff, you're watching theCUBE from RSA Conference, San Francisco. Thanks for watching.

>> Narrator: From downtown San Francisco it's the Cube covering RSA North America 2018. >> Hey, welcome back, everybody. Jeff Frick here with the Cube. We're at the RSA conference in downtown San Francisco, 40,000 plus professionals all about security and one of the big themes is how do we work together? How do we leverage our collective knowledge, look for patterns to help, you know, be better against the bad guys, and one of the really big forces for that is the Cyber Threat Alliance and we're really excited to have Michael Daniel, the president and CEO of Cyber Threat Alliance. Michael, great to see you. >> Thanks for having me. >> So, talk about kind of the genesis of this because it's such an important concept that, yes, we're competitors on this floor but if we work together, we can probably save ourselves a lot of work. >> Absolutely, I mean, part of the idea behind the Cyber Threat Alliance is that no matter how big you are, no matter how broad your coverage is of cyber security company, no one individual company ever sees all of the threats all of the time. >> Jeff: Right. >> And, so that, in order to better protect their customers and clients, sharing that threat intelligence at speed at scale is a very fundamental part of being a much better cyber security company. >> So, how hard of a sell was that a year ago? I think you started it a year ago, announced it, and how's the ecosystem kind of changed over the last year? >> Well, I would say that, you know, it's not like I run into anybody that says, "You know, Michael, that's a really "stupid idea, we shouldn't do that." Right, it's really finding the way for a cyber security company to fit it into their business model. >> Right. >> To be able to consume the threat intelligence at a speed that matters and really be able to bake it into their products. That's usually the hard part. Conceptually, everybody agrees that this is what we need to do. >> Right, and then, how 'about just the nitty gritty nuts and bolts of, you know, how do you share information? How is it picked up, how is it communicated? What are the protocols? I'd imagine that's not too simple. >> That's right, and one of the things that we settled on was we use the STIX format because it's an open format that everybody can translate back and forth. We had to build in a lot of business rules to actually make sure that people were playing fair. You know, for example, we actually require all of our members to share. So, you can't just join the alliance and consume information, you actually have to give in order to receive. >> Right, and you've got some really kind of high-level, lofty goals that you've built this around in terms of doing good for the greater good, kind of beyond the profitability of an individual customer transaction. I wonder if you can speak to a few of those. >> Well, sure, so the part of the idea behind the way that CTA is structured is that we're a 501 C6, so we're a non-profit, right, and the idea is that we function to help raise the level of cyber security across the digital ecosystem and actually enable our member companies to compete more effectively because they have better intelligence that their products and services are based on, but we, ourselves, are not in it to make money. >> Right, right, right, alright, Michael. Unfortunately, we're up against the time. >> Absolutely. >> So, we're going to have to leave it there, but love the work that you guys are doing and it makes so much sense for people to work together. >> Well, thank you very much, thank you for having me. >> Alright, he's Michael from Cyber Threat Alliance. I'm Jeff from the Cube. You're watching us from the RSA conference San Francisco, thanks for watchin'. (soft electronic beat)

>> Narrator: From downtown San Francisco it's the Cube covering RSA North America 2018. >> Hey, welcome back, everybody, Jeff Frick here at the Cube. We're at RSA's security conference, about 40,000 plus. I don't know, I got to get the number. The place is packed, it's a mob scene. Really excited to be here and joined by Derek Manky We saw Derek last year from Fortinet. Great to get an update, Derek, what do you think of the show this year? >> It's getting big for sure, as I said. That's an understatement. >> I know. >> This is my tenth year coming to RSA now, yeah. >> It's your tenth? >> And just to see how it's changed over 10 years is phenomenal. >> Alright. So, one of the things you want to talk about that you probably weren't talking about 10 years are swarms of bots. >> Yeah. >> What the heck is going on with swarms of bots? >> There's been a lot of changes on that front too, so the bad guys are clever, of course, right? If we look at 10 years ago, there was a lot of code, you know, crime kits, crime services that were being created for infrastructure. That led up to some more, you know, getting affiliates programs, kind of, business middle men to distribute crime. So, that drove a lot of the numbers up, but, literally, in the last three quarters, if we look at hacking activity, the number has doubled from FortiGuard labs. It's gone from 1.1 million to 2.2 to 4.4 million just over the last three quarters. So, we're looking at a exponential rise to attacks. The reason that's happening is because automation >> Right. >> And artificial intelligence is starting to be put into black cat code, and so the swarm concept, if you think of bees or ants in nature, what do they do? They work together, it's strength in numbers from a black cat's point of view. >> Right, right. >> They work together to achieve a common goal. So, it's intent based attacks, and that's what we're starting to see as precursors as some code, right? These IoT bot nets, we're actually seeing nodes within the bot net that can communicate to each other, say, "Hey, guys, I found this other target in the network. "Let's go launch a DDOS attack "or let's all try to take different "bits of file information from those targets." So, it's that swarm mentality where it takes the attacker more and more out of the loop. That means that the attack surge is also increasing in speed and becoming more agile too. >> So, the bad news, right, is the bad guys have all the same tools that the good guys have in terms of artificial intelligence, machine learning, automation, software to find and they don't have a lot of rules that they're supposed to follow as well. So, it kind of puts you in a tougher situation. >> Yeah, we're always in a tough situation for sure. You know, I would say, for sure, that when it comes to the tools, a lot of the tools are out there, they custom develop some tools. I would have to say on the technology side when it comes to security members especially collaborating together and the amount of infrastructure that we have set up, I think we have a foot up on the attackers there, we're at an advantage, but you're absolutely right, when it comes to rules, there are no rules when it comes to the black cat attackers and we have to be very careful of that, how we proceed, of course, right. >> And that's really the idea behind the alliance, right, so, that you guys are sharing information. >> Yeah. >> So, you're sharing best practices, you're picking up patterns. So, everybody's not out there all by themselves. >> Absolutely, it's strength in numbers concept on our end too. So, we look at Cyber Threat Alliance, Fortinet being out founding member working with all other leading security vendors in this space is how we can team up against the bad guys, share actionable intelligence, deploy that into our security controls which makes it a very effective solution, right. By teaming up, stacking up our security, it makes it much more expensive for cyber criminals to operate. >> Right, that's good. >> Yeah. >> That's a good thing. >> Yeah, yes. >> And then, what about kind of this integration of the knock and the sock? >> Yeah. >> Because security's so much more important for all aspects of the business, right? It's not layered on, it's not stand alone. It's really got to be integrated into the software, into the process and the operations. >> Absolutely, so, the good news is, if you look at things like we're doing with the security fabric, a lot of it is how do we integrate, how do we bring technology and intelligence down to the end user so that they don't have to do day-to-day mundane tasks, right? Talking about the swarm networks, what's happening on the black cats' side, attackers are gettin' much quicker so defense solutions have to be just as quick if not faster, and so that's what the knock sock integration is about, right, how we can take network's security visibility, put it into things like our FortiAnalyzer manager sim appliances, right, be able to bring those solutions so, again, to when it comes to a knock and sock operation, how do you bring visibility into threats? How do you respond to those threats? More importantly, how do you also have automated security defense, so agile defense, put up? >> Right. >> We talk about concepts like agile macrosegmentation, right? That's something we're doing with Fortinet, how we can look at attacks and actively lock down attacks as they're happening is a really concept, right? >> So, really, just to isolate 'em within kind of where they've caused the harm, keep 'em there until you can handle 'em and not let 'em just go bananas all over the orientation. >> Yeah, yeah, so you can think of it as, like, an active quarantine. We've also launched our threat intelligence services. So, this is bringing the why. There's a lot of intelligence out there. There's a lot of logs. We have, now,, threat intelligence services that we bring to security operation centers to show them here are the threats happening on your network. Here is why it is a threat. Here's the capabilities of the threat and here's how you respond to it. So, it helps from a CSOL perspective prioritized response on the incident response model to threats as well. >> Alright, well, Derek, we've got to let it go there. We are at a super crazy time crunch. >> I know. >> We'll get you back into the studio and have a little bit more time when it's not so crazy. >> Okay, I appreciate it. >> Alright, he's Derek Manky, I'm Jeff Frick. You're watching the Cube from RSA 2018, thanks for watchin'. (soft electronic beat)

>> Narrator: From downtown San Francisco it's theCUBE covering RSA North America 2018. >> Welcome back everybody, Jeff Frick here with theCUBE. We're at the RSA Conference North America 2018 downtown San Francisco. 40,000 plus people swarming all over Moscone to the north to the south and to the west. We're excited to have our next guest on. He's Chase Cunningham, principal analyst at Forrester. Chase, great to meet you, welcome. >> Thanks for having me. >> Absolutely, so you just had an interesting blog post. Was Zero Trust on a beer budget. >> Yeah. >> What is that all about? >> Well, so Zero Trust is a pretty simple concept about accepting failure, if you will, and focusing on the internal and moving outward. And basically the premise was, I had friend of mine ask me if he could do Zero Trust for his small company. And I said sure, let's go get a beer and we'll figure this out. And literally, in about half an hour we had a Zero Trust strategy in place for less than 40 grand and his infrastructure is way more secure and it's really simple. >> So that's pretty interesting because, you Know it's easy for big companies that have a lot of resources or the big puddle of Cloud companies have a lot of resources to put a lot of implementation into place. But as we look around this conference tons and tons of companies, it's a lot harder for small and medium businesses either to have the expertise or the budgets to really bring in what they need to secure things. So what were some of the insights from your beer exercise? >> Sure, so it was really simple. If you really think about where the majority of the threat comes from, the network is there and everybody uses it but who accesses the network? The users, the individuals, the devices, everything else. So the first thing we did was we're going to lock down identity and access management because I know if I can control that I've made a fundamental shift into power position for myself. And the next thing we did was we said look you guys don't really own intellectual property but you send emails. We're going to put stuff in place to encrypt every email you send whether you like it or not. So between those two simple things, identity access management and sort of data email encryption we put a really strong security platform in place and it didn't break the bank and it wasn't really hard to do and it's something that you can get better as it goes on. >> Right. And I'm curious, had he had an event or he was just trying to get ahead of the curve? >> He had had some weird stuff showing up. He's in esports, right, so he doesn't have actual intellectual property but he's worried because if they get dossed or they get hacked or they get ransomware for every minute they're down they're losing viewers and that's business and money for them. >> Right, so it kind of ties back to this kind of next gen access where it's really important with the identity but the other one is the context. Who is it and where are they trying to get in? Do they usually come in that way? Do they usually have access? So that's another really way to kind of isolate the problems that might come in the front door. >> Yeah, and you know the, years ago the next gen firewall was really the thing to integrate lots of functions across the network and that's all there. It still exists and it's still necessary but really when you break it down and look at historically where the threats have come from and where the compromises have come from, it's access and if you can't control that you don't have the capability of actually stopping bad things from happening. >> Right, right, so as you look around and you've been coming to this probably for a couple years, as this space evolves. You know, kind of what are your general impressions? I mean, on one hand, so many vendors, so many activities. On the other hand, it was like, we've been at this for a while or are we just stuck in this race and we just got to keep running? >> Well I think we're going to continue running the race but interestingly enough there's buses driving by now with Zero Trust all over the side of it. And I'm glad to see that that strategy is starting to take hold because the problem I have is you can Frankenstein technology together all day long but if you don't have a strategic guidepost that everybody understands from the board down to the network engineer you're going to get it wrong. You're going to miss and so I'm a fan of simplicity and force multipliers and to me the Zero Trust strategy sort of drives that forward. >> All right, well Chris thanks for taking a few minutes. Everyone can log onto your site, take a look at the blog. Thanks for stopping by. >> Thanks for having me. >> All right, he's Chris Cunningham from Forrester. I'm Jeff Frick from theCUBE. Thanks for watching from RSAC 2018.

>> Narrator: From downtown San Francisco it's TheCUBE covering RSA North American 2018. >> Hey, welcome back everybody. Jeff Frick from TheCUBE. We're on the floor at the RSA Conference 2018. 40,000 plus people packed in Moscone North, South, West, and we're excited to be here. It's a crazy conference, Security's top of mind obviously and everybody is aware of this. And our next guest, he's Bill Mann, chief product officer from Centrify. Bill, great to see you. >> Great to see you. >> So you guys have a lot of stuff going on but what I think what's interesting to me is you guys have this kind of no trust as your starting foundation. Don't trust anybody, anything, any device. How do you work from there? Why is that the strategy? >> Well that strategy is because we've got a really new environment now. A new environment where we have to appreciate that the bad actors are already within our environment. And if you stop believing that bad actors are already in your environment, you have to start changing the way you think about security. So it's a really different way of thinking about security. So what we call this new way of thinking about security is zero trust security. And you might have heard this from Google with BeyondCorp and so forth. And with that as the overarching kind of way we are thinking about security, we're focusing on something called NextGenAccess. So how do you give people access to applications and services where they're remote. They're not on the network and they're not behind a firewall because who cares about the firewall anymore because it's not secure. >> Right. So there's four tenants of NextGenAccess. One is verify the user, verify the device that they are coming from so they're not coming from a compromised device. Then give them limited access to what they are trying to access or what we call Limit Privilege and Access. And that last one is learn and adapt which is this kind of pragmatic viewpoint which is we're never going to get security right day one, right? To learn and adapt and what we're doing look at auto tune logs and session logs to change your policy and adapt to get a better environment. >> So are you doing that every time they access the system? As they go from app to app? I mean how granular is it? Where you're consistently checking all these factors? >> We're always checking the end factor and where we use an actual machine learning to check what's happening in the environment and that machine learning is able to give that user a better experience when they are logging in. Let's say Bill's logging into Salesforce.com from the same location, from the same laptop all the time. Let's not get in the way right? But if Bill the IT worker is going from a different location and logging into a different server that's prompting for another factor of authentication because you want to make sure that this is really Bill. Because fundamentally you don't trust anybody in the network. >> And that's really what you guys call this NextGenAccess, right? [Bill]- That right, that's right, that's right. >> It's not just I got a VPN. You trust my VPN. I got my machine. Those days are long gone. >> Well VPNs, no no to VPNs as well, right? We do not trust VPNs either. >> So a bit topic ever since the election, right, has been people kind of infiltrating the election. Influencing you know how people think. And you guys are trying to do some proactive stuff even out here today for the 2018 election to try to minimize that. Tell us a little bit more about it. >> Yeah we call it Secure The Vote. And if the audience has looked at the recent 60 Minutes episode that came on. That did a really good that walked everybody through what was really happening with the elections. The way you know the Russians really got onto the servers that are storing our databases for the registration systems and changed data and created chaos in the environment. But the fundamental problem was compromised credentials. I mean 80% of all breaches believe it or not have to do with compromised credentials. They are not around all the things we think are the problem. So what we're doing here with Secure The Vote is giving our technology to state and local governments for eight months for free. And essentially they can then upgrade their systems, right? So they can secure the vote. So fundamentally securing who has access to what and why and when. And if you look at the people who are working on election boards, they're volunteers, there are a lot of temporary staff and so forth. >> Right, right. >> So you can imagine how the bad guys get into the environment. Now we've got a lot of experience on this. We sell to state and local governments. We've seen our technology being used in this kind of environment. So we're really making sure that we can do our part in terms of securing the election by providing our technology for free for eight months so election boards can use our technology and secure the vote. >> So how hard is it though for them to put it in for temporary kind of situation like that? You made it pretty easy for them to put it in if they are not an existing customer? >> Absolutely I mean one of the things, one of the fallacies around this whole NextGenAccess space is the fact that it's complicated. It's all SAS-Space, it's easy to use, and it's all in bite-sized chunks, right? So some customers can focus on the MFA aspects, right? Some customers can focus on making sure the privileged users who have access to the databases, right, are limiting their access right? So there's aspects of this that you can implement based upon where you want to be able to, what problem you want to be able to solve. We do provide a very pragmatic best practices way of implementing zero trust. So we are really providing that zero trust platform for the election boards. [Jeff]- Alright well that's great work Bill and certainly appreciated by everybody. We don't want crazy stuff going on in the elections. >> Absolutely. >> Jeff: So we'll have to leave it there. We'll catch up back in the office. It's a little chaotic here so thanks for taking a few minutes. >> Thank you very much. >> Alright, he's Bill Mann and I'm Jeff Frick. You're watching TheCUBE from RSCA 2018. Thanks for watching. (bright music)

(upbeat music) >> Announcer: From downtown San Francisco, it's theCUBE covering RSA North America 2018. Hey welcome back everybody, Jeff Frick here with theCUBE. We're at RSA's North American Conference 2018 at downtown San Francisco. 40,000 plus people talking about security. Security continues to be an important topic, an increasingly important topic, and a lot more complex with the, having a public cloud, hybrid cloud, all these API's and connected data sources. So, it's really an interesting topic, it continues to get complex. There is no right answer, but there's a lot of little answers to help you get kind of closer to nirvana. And we're excited to have Misha Govshteyn. He's the co-founder and SVP of Alert Logic, CUBE alumni, it's been a couple years since we've seen you, Misha, great to see you again. >> That's right, I'm glad to be back, thank you. >> Yeah, so since we've seen you last, nothing has happened more than the dominance of public cloud and they continue to eat up-- >> I think I predicted it on my past visits. >> Did you predict it? Wow that's good. >> But I think it happened. >> But it's certainly happening, right. Amazon's AWS' run rate is 20 billion last reported. Google's making moves. >> Their conference is bigger than ours right now. >> Is it? >> That's 45,000 people. >> Yeah, it's 45,000, re:Invent, it's nuts, it's crazy. and then obviously Microsoft's making big moves, as is Google cloud. So, what do you see from the client's perspective as the dominance of public cloud continues to grow, yet they still have stuff they have to keep inside? We have our GDPR regs are going to hit in about a month. >> Well one thing's for sure is, it's not getting any easier, right? Because I think cloud is turning things upside down and it's making things disruptive, right, so there's a lot of people that are sitting there and looking at their security programs, and asking themselves, "Does this stuff still work? "When more and more of my workloads "are going to cloud environments? "Does security have to change?" And the answer is obviously, it does but it always has to change because the adversaries are getting better as well, right. >> Right. >> There's no shortage of things for people to worry about. You know when I talk to security practitioners, the big thing I always hear is, "I'm having a good year if I don't get fired." >> Well it almost feels like it's inevitable, right? It's almost like you're going to, it seems like you're going to get hit. At some way, shape, or form you're going to get hit. So it's almost, you know how fast can you catch it? How do you react? >> That's a huge change from five years ago, right? Five years ago we were still kind of living in denial thinking that we can stop this stuff. Now it's all about detection and response and how does your answer to the response process works? That's the reason why, you know last year, I think we saw a whole bunch of noise about, you know machine learning and anomaly detection, and AI everywhere and a whole lot of next-generation antivirus products. This year, it seems like a lot of it is, a lot of the conversation is, "What do I do with all this stuff? "How do I make use of it?" >> Well then how do you leverage the massive investment that the public cloud people are making? So, you know, love James Hamilton's Tuesday night show and he talks about just the massive investments Amazon is making in networking, in security, and you know, he's got so many resources that he can bring to bear, to the benefit of people on that cloud. So where does the line? How do I take advantage of that as a customer? And then where are the holes that I need to augment with other types of solutions? >> You know here's the way I think about it. We had to go through this process at Alert Logic internally as well. Because we obviously are a fairly large IT organization, so we have 20 petabytes of data that we manage. So at some point we had to sit down and say, "Are we're going to keep managing things the way we have been "or are we going to overhaul the whole thing?" So, I think what I would do is I would watch where my infrastructure goes, right. If my infrastructure is still on-prem, keep investing in what you've been doing before, get it better, right? But if you're seeing more and more of your infrastructure move to the cloud, I think it's a good time to think about blowing it up and starting over again, right? Because when you rebuild it, you can build it right, and you can build it using some of the native platform offerings that AWS and Azure and GCP offer. You can work with somebody like Alert Logic. There's others as well right, to harness those abilities. I'll go out on a limb and say I can build a more secure environment now in a cloud than I ever could on-prem, right. But that requires rethinking a bunch of stuff, right. >> And then the other really important thing is you said the top, the conversation has changed. It's not necessarily about being 100% you know locked down. It's really incident response, and really, it's a business risk trade-off decision. Ultimately it's an investment, and it's kind of like insurance. You can't invest infinite resources in security, and you don't want to just stay at home and not go outside. Now that's not going to get it done. So ultimately, it's trade-offs. It's making very significant trade-off decisions as to where's the investment? How much investment? When is the investment then hit a plateau where the ROI is not there anymore? So how do people think through that? Because, the end of the day there's one person saying, "God, we need more, more, more." You know, anything is bad. At the other hand, you just can't use every nickel you have on security. >> So I'll give you two ends of the spectrum right, and on one end are those companies that are moving a lot of their infrastructure to the cloud and they're rethinking how they're going to do security. For them, the real answer becomes it's not just the investment in technology, and investing into better getting information from my cloud providers, getting a better security layer in place. Some of it is architecture right, and some of the basics right, there's thousands of applications running in most enterprises. Each one of those applications on the cloud, could be in its own virtual private cloud, right. So if it gets broken into, only one domino falls down. You don't have this scenario where the entire network falls down, because you can easily move laterally. If you're doing things right in the cloud, you're solving that problem architecturally, right. Now, aside from the cloud, I think the biggest shift we're seeing now, is towards kind of focusing on outcomes, right. You have your technology stack, but really it's all about people, analytics, data. What do you, how do you make sense of all this stuff? And this is classic I think, with the Target breach and some of the classic breaches we've seen, all the technology in the world, right? They had all the tools they needed. The real thing that broke down is analytics and people. >> Right, and people. And we hear time and time again where people had, like you said, had the architecture in place, had the systems in the place, and somebody mis-configured a switch. Or I interviewed a gal who did a live social hack at Black Hat, just using some Instagram pictures and some information on your browser. No technology, just went in through the front door, said, you know, hey, "I'm trying to get the company picnic "site up, can you please test this URL?" She's got a 100% hit rate! But I think it's really important, because as you said, you guys offer not only software solutions, but also services to help people actually be successful in implementing security. >> And the big question is, if somebody does that to you, can you really block it? And the answer a lot of times is, you can't. So the next battlefront is all about can you identify that kind of breach happening, right? Can you identify abnormal activity that starts to happen? You know, going back to the Equifax breach, right, one of the abnormal things that happened that they should've seen and for some reason didn't, you know, 30 web shells were stood up. Which is the telltale sign of, maybe you don't know how you got broken into, but because there's a web shell in your environment you know somebody's controlling your servers remotely, that should be one of those indicators that, I don't know how it happened, I don't know maybe I missed it and I didn't see the initial attack, but there's definitely somebody on a network poking around. There's still time, right? There's, you know for most companies, it takes about a hundred days on average, to steal the data. I think the latest research is if you can find the breach in less than a day, you eliminate 96% of the impact. That's a pretty big number right? That means that if you, the faster you respond, the better off you are. And most people, I think when you ask 'em, and you ask 'em, "Honestly assess your ability to quickly detect, respond, eradicate the threat." A lot of them will say, "It depends" But really the answer is "Not really." >> Right, 'cause the other, the sad stat that's similar to that one, is usually it takes many, many days, months, weeks, to even know that you've been breached, to figure out the pattern, that you can even start, you know, the investigation and the fixing. >> Somewhat not surprising, right? I don't think there's that many Security Operation Centers out there, right? There's not, you know, not every company has a SOC right? Not every company can afford a SOC. I think the latest number is, for enterprises, right, this is Fortune 2000, right, 15% of them have a SOC. What are the other 85% doing? You know, are they buying a slice of a SOC somewhere else? That's the service that we offer, but I think, suffice to say, there's not enough security people watching all this data to make sense of it right. That's the biggest battle I think going forward. We can't make enough people doing that, that requires a lot of analytics, right. >> Which really then begs, for the standalone single enterprise, that they really need help, right? They're not going to be able to hire the best of the best for their individual company. They're not going to be able to leverage you know best-in-breed, Which I think is kind of an interesting part of the whole open-source ethos, knowing that the smartest brains aren't necessarily in your four walls. That you need to leverage people outside those four walls. So, as it continues to morph, what do you see changing now? What are you looking forward to here at RSA 2018? >> So I made some big predictions five years ago, so I'll say you know, five years from now, I think we're going to see a lot more companies outsource major parts of their security right, and that's just because you can't do it all in-house right. There's got to be a lot more specialization. There's still people today buying AI products right, and having machine learning models they invest in to, there's no company I'm aware of, unless they're, you know, maybe the top five financial firms out there, that should have a, you know, security focused data scientist on staff, right? And if you have somebody like that in your environment, you're probably not spending money the right way, right. So, I think security is going to get outsourced in a pretty big way. We're going to focus on outcomes more and more. I think the question is not going to be, "What algorithm are you using to identify this breach?" The question is going to be, "How good are your identifying breaches?" Period. And some of the companies that offer those outcomes are going to grow very rapidly. And some of the companies that offer just, you know, picks and shovels, are going to probably not do nearly as well. >> Right. >> So five years from now, I'll come back and we'll talk about it then. >> Well, the other big thing, that's going to be happening in a big way five years from now, is IoT and IIoT and 5G. So, the size of the attacked surface, the opportunities to breach-- >> The data volume. >> The data volume, and the impact. You know it's not necessarily stealing credit cards, it's taking control of somebody's vehicle, moving down the freeway. So, you know, the implications are only going to get higher. >> We collect a lot of logs from our customers. Usually, the log footprint, grows at three times the rate of our revenue and customers, right. So, you know, thank god-- >> The log, the log-- >> The log volume grows-- >> volume that you're tracking for a customer, grows at three times your revenue for that customer? >> That's right. I mean, they're not growing at three times that rate, annually right, but annually, you know, we've clocked anywhere between 200% to 300% growth in data that we collect from them, IoT makes that absolutely explode, right. You know, if every device out there, if you actually are watching it, and if you have any chance of stopping the breaches on IoT networks, you got to collect a lot of that data, that's the fuel for a lot of the machine learning models, because you can't put human eyes on small RTUs and you know, in factories. That means even more data. >> Right, well and you know the model that we've seen in financial services and ad-tech, in terms of, you know, an increasing amount of the transactions are going to happen automatically, with no human intervention, right, it's hardwired stuff. >> So I think it's that balance between data size and data volume, analytics, but most important, what do you feed the humans that are sitting on top of it? Can you feed them just the right signal to know what's a breach and what's just noise? That's the hardest part. >> Right, and can you get enough good ones? >> That's right. >> Underneath your own, underneath your own shell, which is probably, "No", well, hopefully. >> I think building this from scratch for every company is madness, right. There's a handful of companies out there that can pull it off, but I think ultimately everybody will realize, you know, I'm a big audio nerd so I Looked it up, right, you used to build all of your own speakers, right. You'd buy a cabinet and you'd buy some tools, and you would build all the stuff. Now you go to the store and you buy an audio system, right? >> Right, yeah, well at least audio, you had, speakers are interesting 'cause there's a lot of mechanical interpretations about how to take that signal and to make sound, but if you're making CDs you know you got to go, with the standard right? You buy Sonos now, and Sonos is a fully integrated system. What is Sonos for security, right? It doesn't exist yet. And that's, I think that's where Security as a Service is going. Security as a Service should be something you subscribe to that gives you a set of outcomes for your business, and I think that's the only way to consume this stuff. It's too complex for somebody to integrate from best-of-breed products and assemble it just the right way. I think the parallels are going to be exactly the same. I'm not building my car either, right? I'm going to buy one. Alright Misha, well, thanks for the update, and hopefully we'll see you before five years, maybe in a couple and get an update. >> We'll do some checkpoints along the way. >> Alright. Alright, he's Misha, I'm Jeff. You're watching theCUBE from RSA North America 2018 in downtown, San Francisco. Thanks for watching. (techno music)

>> Announcer: From downtown San Francisco, it's theCUBE. Covering RSA North America 2018. >> Hey welcome back everybody, Jeff Frick here with theCUBE. We're at RSA North America 2018 in San Francisco. 40,000 plus people talking security, enterprise security, cloud security, a lot going on. It just continues to get more and more important. And we're really excited for our next guest who's been playing in the enterprise space for as long as I can remember, which has been a little while. Mike Decesare, he's the CEO and President of ForeScout. Mike, great to see you. >> Started my career off when I was one. (Jeff laughs) So, I've been in this for a long time. >> You have been in it a long time. So you guys now you're all about, right so there's so much stuff going on in security and security is one of these things that I have to look at it as kind of like insurance. You can't put every last nickel in security, but at the same time, you have to protect yourself. The attack surfaces are only growing with IIoT and we were at an autonomous vehicle show, and 5G is just coming around the corner, and all these connected devices and APIs. So you guys have a pretty unique approach to how you top level think about security called visibility. Explain that to us. >> So visibility is the next big thing in the world of cybersecurity and the dynamic is very basic. It's, for 20 plus years, CIOs and CSOs were substantially able to control everything that was on their network. You'd buy your servers and Windows machines and Blackberries for your employees and then there was very little tolerance for other devices being on those organization's networks. And what happened 10 years ago this year, with the birth of the iPhone was that CIOs, those same CIOs now had to deal with allowing things onto their network that don't subscribe to those same philosophies and when you can't buy it and outfit it with security before you put it into the environment. And that's the gap that ForeScout closes for organizations is we have an agentless approach which means we plug into the network infrastructure itself and we give customers visibility into everything that is connected to their network. >> So that begs a question, how do you do that without an agent? I would imagine you would put a little agent on all the various devices. So what's your technique? >> We actually don't. That's the secret sauce of the company is that >> okay >> you know over 10 years ago, we recognized this IoT trend coming because that's, that's the thing in the world of IoT is unlike the first kind o' 20 years of the internet, there was a substantially smaller number of operating systems, most of them open. The different characteristic about the current internet is that many of these use cases are coming online as closed proprietary operating systems. The example I use here is like your home. You know, you get a Nest thermostat and you put in on your network and it monitors, you know, heating and cooling but the device, the operating system, the application is all one consumer device. It doesn't run Windows. You can't install antivirus on you Nest thermostat. So our approach is we plug into the network infrastructure. We integrate to all of the network vendors, the firewall vendors, the wireless controlling vendors and we pull both active and passive techniques for gathering data off those devices and we translate that into a real-time picture of not just everything connected to the network but we know what those devices are without that client having to do anything. >> So you have what you call device cloud or yeah, ForeScout device cloud. So is that, is that a directory of all potential kind of universe of devices that you're querying off of or is that the devices within the realm of control of your of your clients directly? >> It's the second. It's the, so the way that our product works is we plug into the network infrastructure so anything that requests an IP address, whether is wired and wireless in the campus environment, whether it's data center or cloud in the data center environments or even into the OT space, anything that requests an IP address pops onto our radar the second it requests that address. And that cloud that we've built, that we've had for about nine months, we already have three million devices inside, almost three and a half million devices, is a superset of all of the different devices across our entire install base just from the clients that have been willing to share that data with us already. And that gives us optimism because what that becomes is a known set of fingerprints about all known devices so the first time that we discover a Siemens camera that might be a manufacturer, the company might have ten thousand of those in the environment, the first time that we see that device, we have to understand the pattern of traffic off that device, we label that as a security camera and any other customer world-wide that's has that same device connects, we instantaneously know it's a Siemens security camera. So we need the fingerprint of those devices once. >> Right, and so you're almost going to be like the GE Predix of connected devices down the road potentially with this cloud. >> We won't go there on that. >> He won't go there, alright. We've talked to Bill Ruh a lot of times but he does an interesting concept. The nice thing 'cause you can leverage from a single device and knowledge across the other ones which is so, so important on security so you can pick up multiple patterns, repeated patterns et cetera. >> One of the best parts about ForeScout is the fact that we deployed incredibly quickly. We have clients that have almost a million devices that got live in less than three months. And the reason we're able to do that is we plug into the infrastructure, and then our product kind o' does its own thing with very little effort from the client where we compare what we have in this repository against what they have in their environment. We typically get to an 80 or 90% auto-classification meaning that we know 80 or 90% of the time, not just what's on the network but what that device is and then the other 20% is where we have the implementation where we go through and we look at unique devices. It might be a bank has some model of ATM we've never seen before or a healthcare company has beds or machines on a hospital floor that we haven't recognized before. And the first time that we see each of those devices uniquely, we have to go through the process of fingerprinting it which means that we're looking for the unique pattern of traffic that's coming off a, you know, a router, a switch and a firewall and we're ingesting that and we're tagging that device and saying anytime we see that unique pattern of traffic, that's a certain device, a security camera or what have you. >> Right. >> The reason's that useful is then we get to put a policy in place about how those devices are allowed to behave on the network. So if you take something like the Mirai Botnet which hit about a year ago, was the thing that took down a big chunk of the Northeast, you know, utilities and you know, internet, it infected, it was a bot that infected security cameras predominantly. Nobody thought twice about having security cameras in their environment, but they're the same as they are in your house where you know, you put it online, you hit network pair and it's online. >> Right. >> But that bot was simply trying to find devices that had the default password that shipped from the security manufacturer and was able to be successful millions of time. And with our product in place, that couldn't happen because when you set us up, we would know it's a security camera, we'd put a policy in place that says security camera can speak to one server in the data center called the security camera server. And if that device tries to do anything more criminal, if it tries to dial the internet, if it tries to break into your SAP backend, any of those activities, we would give the customer the ability to automatically to take that device offline in real time. >> Right, so you're... >> And that's why our clients find us to be very useful. >> Right, so you're really segregating the devices to the places they're supposed to play, not letting 'em out of the areas they're supposed to be. Which is the >> Absolutely. >> Which is the classic kind of back door way in that the bad guys are coming in. >> Our philosophy is let everything onto the network. We take a look at that traffic. We give you a picture of all those devices and we allow each customer to put an individual policy in place that fences that in. If you take the other extreme like a Windows machine in a corporate environment, our typical policy will be you know, do you have Windows 2009 or later? 'Cause most customers have policies they don't want XP in their environments anymore. But we enforce it. So if an XP device hits the network, we can block that device or we can force a new version down. If you have Symantec, has it got a dat file update? If you've got Tenable, has it had a scan recently? If you've got, you know, any of the other products that are out there that are on those machines, our job is to enforce that the device actually matches the company's policy before that device is allowed in. >> Before you let it. Alright. >> And if at any time that it's on that network, it becomes noncompliant, we would take that device offline. >> You know, with the proliferation of devices and continuation growth of IoT and then industrial IoT, I mean, you guys are really in a good space because everything is getting an IP address and as you said, most of them have proprietary operation systems or they have some other proprietary system that's not going to allow, kind o' classic IT protections to be put into place. You've really got to have something special and it's a pretty neat approach coming at it from the connectivity. >> It's the secret sauce of the company is we recognized many years ago that the the combination of not just there being very few operating systems but they were all open. Windows, Lennox, right? I mean, you can buy a Windows machine and you can install any product you want on it. But we saw this trend coming when the next wave of devices was going to be massively heterogeneous and also in many cases, very closed. And you know, you mentioned the example of the OT space and that's one of the other, the third biggest driver for us in our business is the OT space because when you looking a WanaCry or a NotPetya and you see companies like Maersk and FedEx and others that are, that are publicly talking about the impact of these breaches on their earnings calls. What those companies are waking up and realizing is they've got 25 year old systems that have run, you know, an old version of Microsoft that's been end-of-life decades ago and the bad actors have proven very adept at trying to find any entry point into an organization, right, and the great news for ForeScout is that really lends itself very much towards our age-endless approach. I mean, many of these OT companies that we're in, devices that are in their manufacturing facilities don't even have an API. There were built so long ago so there's no concept of interacting with that machine. >> Right >> So for us, allowing that device to hit the Belden switches and then be able to interrogate the traffic coming off those switches let's us do the same thing that we do in the campus world over in the OT world as well. >> Good spot to be. So RSA 2018, what are ya looking forward to for this week? >> This is just massive in size. It's like speed dating. From a customer's perspective too, I mean, I meet so many customer's that come here and able to meet with 30 or 40 vendors in a single week and it's no different, you know, for the providers themselves so. You know, we've got some really, kind o' really high profile big wins, you know, it's very coming for us to be doing deals at this point that get up over a million devices so they're very high profile so it's a great chance to reconnect with customers. You know, one of the things I didn't mention to you is that kind o' the, the whole thing that we do of identifying devices and then understanding what they are and allowing those policies to get put in places, that's fundamentally done with our own IP, and the connections into the switch and firewall vendors. But we've built this whole other ecosystem of applications in the world of orchestration that set on top of our products. We integrate the firewall vendors, the vulnerability management vendors, the EDR vendors, the AV vendors, so it's a great chance for us to reconnect with you know, those vendors as well. In fact, we're doing a dinner tonight with CrowdStrike. They're one of our newer partners. Very excited about this week. It brings a lot of optimism. >> Well, great story Mike and excited to watch it to continue to unfold. >> We appreciate you giving us some time. >> Alright, thanks for stopping by. That's Mike Decesare. I'm Jeff Frick. You're watching theCUBE from RSA North America 2018. Thanks for watchin'. Catch you next time. (techno music)

>> Presenter: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> Hey, welcome back, everybody. Jeff Frick here with the theCUBE. We're in downtown San Francisco with RSA North America 2018 40,000 plus professionals talking about security, enterprise security. It's a growing field, it's getting baked into everything. There's a whole lot of reasons that this needs to be better and more integrated into everything that we do, as opposed to just kind of a slap on at the end. And, who better to have on, who's investing at the cutting edge, keeping an eye on the startups than Sean Cunningham, our next guest. He's a managing director ForgePoint Capital, the newly named, so welcome to ForgePoint Capital, I guess. (Sean laughs) >> Thanks, Jeff, we're pretty excited about it. So, we were branded Trident Capital Cybersecurity. We're a 300 million dollar cybersecurity only fund, we closed the fund about a year and a half ago. We've invested in a dozen companies, and we decided that now is a great time to rebrand ForgePoint really tells more about what we're doing, we're forging ahead with our Series A, Series B funded companies, as well as a few growth equity. So, it made a lot of sense, but we're pretty excited about the market, and obviously RSA, with 1700 cybersecurity companies makes it interesting. >> Right, so you've been at this for a while. I wonder if you can speak to some of the macro trends as we've seen the growth of cloud, the growth of IoT will soon be more industrial IoT, enabled by 5G. We've got all these automated systems and financial services trading, and ad tech that we're going to see more and more of that automated transaction happening. You've got APIs and everything's connected to everything else to enable my application. So, really really exciting, and huge, growing threat surface if you will, but at the same, these are the technologies that are driving forward. So, what are you seeing from your, seat at the table some of the newer, more innovative startups? >> Jeff, I think you should probably tell me. You have all the answers there. >> I talked to a lot of smart people, that's the benefit of the job. >> I think the only two buzzwords you left off was Bitcoin and fraudulent payments. >> Oh, we can work a little blockchain in if you want. >> Yeah, but it is absolutely a bit of an interesting environment. I've been doing it since 2000 with Intel Capital for 15 years, but what's really changed, what hasn't changed is the fact that it's all about the hackers are able to monetize this. So, that's not going away. The biggest change are the, I guess, overt nation state attacks. So, between all of those things, the drivers are just continuing to force cybersecurity to become better and better. And, that's why the innovative startups are really, you're seeing these 1700, because the legacy companies can't fix these problems. And, you know, you talk about all these different paths for hackers to get in. It's absolutely the case and we are really big on areas, as you mentioned Jeff, the automation. It has to be about automating. It has to be about having a real solution for a real problem. You know, you look at, let's say 1500 of these security startups, a lot of them are about technology for the sake of technology. So, we're pretty excited about a couple of areas. One, is application security. If you think about the Equifax hack, you know, it's as simple as getting into the website and being able to hack into all of the PII data if you will. And, we've invested in a company called Prevoty and what they do is they make it easy for the application security folks to meet with the DevOps folks and inject the software into these applications. The reason why that's really interesting is, if you think about how long it takes for the DevOps guys to get all their new updates out, through that whole cycle, when you could automate that process and reduce that time to market, that's what it's really all about. >> So, what's your take on GDPR. You know, it's past a little while ago, the enforcement comes into place next month. It's weird what's going on with Facebook right now. I don't ever hear GDPR in the conversation of what's going on, and yet, it's just around the corner and it seems like it would be part of that conversation. DC is just king of a Y2K moment, where there's a lot of buzz and the date hits and we get past it and then we kind of move on with our lives, or is this really a fundamental shift in the way that companies are going to have to manage their data? >> Well, I can show you my scars from investigating compliance companies. I think the winners in that space, from a business standpoint are going to be the consultant companies, initially and at some point then, the legacy guys are going to be also involved, as well as some of the startups. But, clearly, until you see some of the large penalties happen, there's not going to be a lot of movement. There's going to be a lot of hand waving and consulting firms are trying to figure out what's your problem, how do we solve it. So, you're going to see, I'm sure, around the floor a lot of GDLP stuff, but we're being very cautious about where we invest there because, as you say, Y2K and a lot of this is going to be a lot fud. The legacy guys are going to say, oh we can handle that. Same as they did with cloud. Look how long it's taking cloud to get adopted, my God. I mean-- >> Right. >> GDRP is a big piece of that. We did investments in that space, around CASB, it's called. And, we invested in a company called Prelert. It had great traction, but then it just kind of topped out. So, it's going to be investable space and there's going to be a lot of money dumped in there because it's, you know, the Lemming effect. All VCs are going to follow that. >> Right. >> We'll see what happens. >> And then on the cloud, you know, with the growth of public cloud with Amazon and Azure and Google Cloud Platform, and they've got significant resources that they're investing into the security of their clouds and their infrastructure. And, yet, we still hear things happen all the time where there's some breach because somebody forgot to turn a switch from green to blue, or whatever. How did the startups, you know, kind of find their path within these huge public cloud spaces to find a vector that they can concentrate on, that's not already covered by some of these massive investments that the big public cloud people are making? >> Yeah, I think some of the, you know you point something out, I mean we got to think about cloud, you think about the public cloud, you think of private cloud and hybrid model and so on. I think that's really where things are going to to be for a while. The big guys, the big companies, enterprises are not putting a lot of their crown jewels out in the public clouds, yet. And, so the private clouds are equally important to them. And, so they have to be secured. And, the public cloud, you know, there's definitely they have some good security, but they quietly are implementing security from innovative companies also. They're not as public about it because they want to have they're already secure, so don't worry about me, but there's a lot of opportunity there. >> Okay, and then when CIOs are talking about security and thinking about security, ultimately they cannot be 100 percent secure, right, it's just you cannot be. >> It's called job security. >> Yeah, job security for us, right. But, I was thinking of this kind of as an insurance model. At some point, you get kind of the law of diminishing returns and you got to start making business trade-offs for the investment. How are these people thinking about this, at the same time, seeing their competitors and neighbors showing up on the cover of the Wall Street Journal breach after breach after breach? What's the right balance? How should they be thinking about managing risk, and thinking of a risk problem as opposed to kind of a castle problem? >> Yeah, and that's the biggest problem with CIOs and CSOs right now. It's all about what's good enough. Where do I reach that threshold? And, so there is definitely buyer fatigue. And, I think it's a matter, there are companies out there that look at the risk profile and are actually giving ratings of, what is your environment look like. We just invested in a spin out from, we helped spin out a company called CyberCube out of Symantec, and it's insurance. And, they're looking at, from a cyber insurance perspective, of what's your risk profile within your organization and selling and that data from Symantec as well as the data they have and going back to the insurance, the under buyer and saying, hey, we can show you the risk profile of this company and you can properly price your cyber insurance now. We all know how large the cyber insurance market is, so there's a lot of opportunities in that space to really look at the risk factors. >> Alright, well before I let you go, to go visit all the 117 startups, which will be looking for your cheque, I'm sure. >> Human ATM. >> What is one or two things that you think about in some of the more progressive startups that you talk about that still hasn't kind of hit the public eye yet. That they should be thinking about, or that we're going to be talking about in a couple years that's still kind of below the radar? >> Yeah, you know, if I told you then everyone else would be-- >> That's true. >> So, I have to be a little careful. You know, I think the interesting thing is, you know, a bit of a contrarian view. Is, if you think about consumer space, people don't really want to invest. Investors don't want to put money in the consumer, but you think about Symantec again, LifeLock. Identity protection, 2.3 billion dollars Symantec paid to get LifeLock. That's a lot of money. But, if you think about five years ago, how many consumers would pull out their Visa card to buy security. So, we think that there's really a potential opportunity on the consumer side. Now, AV is pretty well scorched earth. A lot of places, a lot of these endpoint things are scorched earth, but consumer might be an interesting place to be able to take these enterprise applications and, what I call, the consumerization of security, and take some of those interesting application and solutions and bring them down to the consumer in a bundle type of environment. >> Yeah, well certainly with all the stuff going on with Facebook now, people's kind of reawakening at the consumer level of what's really happening would certainly be fuel for that fire. >> We have an investment in a company called IDEXPERTS, which does breach remediation and our goal right now is we're continuing to add products from that space to be able to give the consumers a very robust offering. >> Alright, Sean, well thanks for taking a few minutes out of your day from prospecting. >> Yeah, pleasure. >> Over on the floor, he's Sean Cunningham, I'm Jeff Frick. You're watching theCUBE from RSA North America 2018 in downtown San Francisco. Thanks for watching, I'll see you next time. (upbeat music)

>> Announcer: From downtown San Francisco, it's The Cube, covering RSA North America 2018. >> Welcome back, Jeff Frick with The Cube. We're at RSAC, the RSA Conference North American in San Francisco, 2018. 40,000 people, it's an amazingly huge and growing conference, 'cause security is obviously at the forefront of everything, especially as everything moves to devices and services and cloud, we can't forget security and we're excited to have somebody who's kind of got to a third-party validation kind of point of view on the marketplace to get their perspective. It's Jason Brvenik and he is the Chief Technology Officer for NSS Labs. So, Jason, great to meet you. >> Great to meet you. >> So for people that aren't familiar with NSS Labs, give us kind of the overview of what you guys are all about. >> We work with enterprises to understand their needs in security, and then, build and create test environments that create real-world conditions to assess whether or not a product is a good fit. We create comparable environments, so that we can understand fundamentally whether or not the products are delivering on their claims. >> Right, and recently you've done some work around the data center intrusion prevention systems group test. >> Mm-hmm. >> It's a mouthful. What is that all about? >> Well, that's all about the recognition that data centers are the keys to access for most organizations and appropriately protecting them is not as easy as deploying a firewall. You need to have much greater inspections on the interactions with systems, whether or not security's being provided within the application layers, being properly secured, and so, latency and performance and effectiveness against attacks are all measured and then presented in a set of group test reports. >> Right. So, must be getting increasingly complex, 'cause there's all these different components now that build up a solution. Right? It's not just one set of applications, that you're pulling maybe public data sources, you've got a bring-your-own-devices, you've got this huge string of things that are all pulled together. How do you incorporate that into your testing? How do you figure out how these things work together? 'cause ultimately, that increases your attack surface area, vulnerabilities, I would imagine. >> Certainly, and we create an environment, an architecture that we propose, that based on our interactions with the enterprises, it's fairly representative of what an enterprise would have, and then we create or simulate the types of interactions you would have with the different systems, generate attacks against them, and measure whether or not the products are able to sustain a concerted attack from an adversary. All the way into creating evasive techniques, so that an attack that is known to be blocked by a technology, we would apply different techniques to make it evasive and see if we can evade the security controls and to measure those. >> So how accurate are people, not to call anybody up, but how accurate are people in assessing the effectiveness of their own products and solutions? >> That's an interesting mixed bag. >> I'm sure it must run the gamut, right? >> It does, it does. >> Well, we don't want to call out any, beat anybody up, but I would imagine there are some that are just, Are they just looking at the wrong thing? Or how do you sort that all out? >> It's interesting to see the different perspectives that exist in the security space. Everything from just make the pain stop, where they want to do simple signature blocking to, we really want to understand what's happening and dig deep into the protocols and interactions and understand what's an appropriate interaction beyond whether or not there's an attack there. The fundamental premise we have in our space is there's an absolute shortage of talent in the security space that understands that just because the standard says something should be, doesn't mean that an attacker has to adhere to it. And so there's a ton of breaks in that. >> Dang. And what are some of the things that people just miss as the attack surfaces change? And I just think of the fully automated systems like we've seen in ad tech and advanced financial trading systems that are now moving more and more into an increasing group of applications that are going to be IoT-enabled, they're all going to be connected with 5G moving very quickly, so the potential for problems becomes pretty significant if there's a bad actor that gets inserted into that process. >> Certainly and it's interesting that the attackers seem to have automation down pretty well. They can get in and move laterally pretty quickly. >> Right. >> And ferreting out attacker behavior from just bad user behavior can be very difficult. The presumptions that a lot of technologies because the standard says something should be, it will be, create these situations where people aren't effectively looking for the ambiguities and standards, and those are abused all the time. When you look at embedded devices, they get deployed and they stay for 10 years. >> Jeff: Right. >> That's 10 years of technical data that's just deployed and waiting to be exercised and exploited, and having a good general hygiene on an operational environments to understand where these rifts are is probably the biggest gap in the Enterprise world. On the security side, the reliance on standards and the reliance on assumptions of what should be tend to continue, come back, and bite vendors, all right? >> It's funny. So you say just general hygiene and we talked about that in one of the prior interviews where often we'll hear, say, there's a Amazon breach or something and you get to the second paragraph and it's because somebody forgot to set a configuration in the right way, so it's not necessarily the technology or the infrastructure or the safeguards that are put up, it's just somebody forgot to turn the switch on. >> It is. >> So, why these things, general hygiene is still such a problem, is it just because it's so complex, things are moving so fast, people are just too busy? Is it a symptom of dev ops? >> We're human, we're human. >> There we go. >> There's a 1000 things demanding our attention all the time, and without solid processes and procedures, it's easy to miss something. And it's easy in the moment when you've got a big project that needs to launch to say that can wait until next week and then the next big project comes along and next week is here and it waits until the week after. Next thing you know, it's forgotten and you've got an old piece of architecture, infrastructure or security out there that just isn't being maintained anymore. >> Right. >> It's one of the reasons we created an environment that strives to do what we call continuous security validation. So even if you had the best security technologies in the world, it's indistinguishable from no security at all until a breach occurs, right? And so, continuous security validation allows us to look at live attacks that you're usually going to face, measure whether or not your security is deployed, is delivering all protections against them, and highlights there's a gap, simply because you're human. The best technology in the world isn't going to work if you're not managing it well. >> Right. So, are you creating kind of like a digital twin of the key components of my environment back in your lab? Or are you putting things in my system so that you can do this kind of continual monitoring? >> We create, effectively, a virtual remote office and then deploy your security controls and then we attack that remote office for you. And measure whether or not your security controls are being effective and whether or not your people with those controls are able to respond effectively. >> So what's been the impact of public cloud? Of the rise of public cloud? Both obviously, for those applications that are sitting in the public cloud from the Enterprise perspective, but now it's creating this kind of hybrid situation where they've still got stuff in the data center, they've got stuff in the public cloud, there's probably some stuff that's migrating in between, maybe it's tested to have in the public cloud and it gets deployed internally, or maybe they're trying to do a lift-and-shift out of the data center, so how has the rise of public cloud and with the hybrid cloud and multi-cloud environments impacted your guys' world? >> Oh, the biggest shift there, I think, is in the proliferation of what otherwise would have been well-controlled development environments into production environments. It's so easy to move what evolved in developing a technology into a production world without going in and paying attention whether or not all of the right elements are in play. So it used to be you developed it, then you moved it into QA and then from QA, it got moved into production. Now you go right from Dev to Production and QA kind of happens in the background. >> Right, right. And we talked in an earlier conversation, too, which is before then this security would be layered on after the test dev, once it was moving in production. Well, let's slap some security on it, but now it's got to be incorporated in from day one, so another huge opportunity, I guess, to miss that, as you roll that into production. >> It seems like nobody ever thinks about security first. It just isn't the function. No developer ever wakes up in the morning and thinks, I need to do security and then develop features. Their life is all around delivering the value that the customers are looking for and security prevents them creating the feature velocity they want to deliver. There's always a push-and-pull there to get the right balance and it's easy when you're not under sustained attack to believe that security isn't important. >> So how do people adjust kind of their thinking around security? Or is it just below the surface, or it's presumed? How does it become more of an ongoing part of the conversation and a feature that's always baked in during the development versus kind of an afterthought or, oh my gosh, my neighbor just got hacked or there's a big story in the Wall Street Journal? >> I think what we're seeing now in the evolution of software and development is the supply chain involved. It used to be you created systems from scratch and you built it from scratch and you had the opportunity to layer security in as you were going. You would find a weakness, you would design around it, you would overcome it. Now it's more of an assemblage of components to produce an outcome, and the security wasn't built in when the component was built, you've pretty much lost that opportunity and it's hard to go retrofit that. I think we're going to soon see the next phase where these components are start building security assumptions in up front, but it's going to be a long time, much like IoT where things are deployed forever, where we start seeing that supply chain evolve on its own and you can assemble secure software from the start. >> Yeah, it's amazing that's it's still kind of an afterthought when these things are in the newspaper every day and it's almost an assumption maybe we're getting a little numb to the thing that you're going to be breached and you're going to have an issue and how do you react to it? How quickly can you find it? How do you limit the damage? Because it seems like everybody's getting breached every day. >> Especially, when you consider we have decades of technical data. There are companies that still run their businesses on mainframes that haven't been produced in 20 years. >> I didn't even think of that part of it. All right, last question before I let you go, Jason. Big, big week this week at RSA. What are you looking forward to? >> Ah, I'm looking forward to really the evolution of advanced end point technologies, the delivery of visibility to the enterprise, that can do new response actions based on new knowledge. I'm looking forward to the growth of automation. Automation as it relates to security elements, so we can reduce the human element. >> Jeff: Right. >> And the mistakes that are made. >> Yeah, 'cause we certainly need it, 'cause it is easy to make mistakes when you've got a 1000 little tasks, right? >> It is. >> All right, Jason. Well, thank you for taking a few minutes of your day and stopping by. >> Thanks for having me. >> All right. He's Jason, I'm Jeff. You're watching The Cube. We're at RSAC 2018 North America in San Francisco. Thanks for watching. (exciting music)

(upbeat music) >> Announcer: From downtown San Francisco, it's theCUBE. Covering RSA North America 2018. >> Welcome back everybody, Jeff Frick here, with theCUBE. We're at RSA Conference 2018 in downtown San Francisco, 40,000 plus people, it's a really busy, busy, busy conference, talking about security, enterprise security and, of course, a big, new, and growing important theme is cloud and how does public cloud work within your security structure, and your ecosystem, and your system. So we're excited to have an expert in the field, who comes from that side. He's Tim Jefferson, he's a VP Public Cloud for Barracuda Networks. Tim, great to see you. >> Yeah, thanks for having me. >> Absolutely, so you worked for Amazon for a while, for AWS, so you've seen the security from that side. Now, you're at Barracuda, and you guys are introducing an interesting concept of public cloud firewall. What does that mean exactly? >> Yeah, I think from my time at AWS, one of my roles was working with all the global ISVs, to help them re-architect their solution portfolio for public cloud, so got some interesting insight into a lot of the friction that enterprise customers had moving their datacenter security architectures into public cloud. And the great biggest friction point tend to be around the architectures that firewalls are deploying. So they ended up creating, if you think about how a firewall is architected and created, it's really designed around datacenters and tightly coupling all the traffic back into a centralized policy enforcement point that scales vertically. That ends up being a real anti-pattern in public cloud best practice, where you want to build loosely coupled architectures that scale elastically. So, just from feedback from customers, we've kind of re-architected our whole solution portfolio to embrace that, and not only that, but looking at all the native services that the public cloud IaaS platforms, you know, Amazon, Azure, and Google, provide, and integrating those solutions to give customers the benefit, all the security telemetry you can get out of the native fabric, combined with the compliance you get out of web application and next-generation firewall. >> So, it's interesting, James Hamilton, one of my favorite people at AWS, he used to have his Tuesday Nights with James Hamilton at every event, very cool. And what always impressed me every time James talked is just the massive scale that Amazon and the other public cloud vendors have at their disposal, whether it's for networking and running cables or security, et cetera. So, I mean, what is the best way for people to take advantage of that security, but then why is there still a hole, where there's a new opportunity for something like a cloud firewall? >> I think the biggest thing for customers to embrace is that there's way more security telemetry available in the APIs that the public cloud providers do than in the data plane. So most traditional network security architects consider network packets the single source of truth, and a lot of the security architecture's really built around instrumenting in visibility into the data plane so you can kind of crunch through that, but the reality is the management plane on AWS and Azure, GCP, offer tremendous amount of security telemetry. So it's really about learning what all those services are, how you can use the instrument controls, mine that telemetry out, and then combine it with control enforcement that the public cloud providers don't provide, so that kind of gives you the best of both worlds. >> It's interesting, a lot of times we'll hear about a breach and it'll be someone who's on Amazon or another public cloud provider, and then you see, well they just didn't have their settings in the right configuration, right? >> It's usually really kind of Security 101 things. But the reality is, just because it's a new sandbox, there's new rules, new services, you know, and engineers have to kind of, and the other interesting thing is that developers now own the infrastructures they're deploying on. So you don't have the traditional controls that maybe network security engineers or security professionals can build architectures to prevent that. A developer can inadvertently build an app, launch it, not really think about security vulnerabilities he put in, that's kind of what you see in the news. Those people kind of doing basic security misconfigurations that some of these tools can pick up programmatically. >> Now you guys just commissioned a survey about firewalls in the cloud. I wonder if you can share some of the high-level outcomes of that survey. What did you guys find? >> Yeah, it's similar to what we're chatting. It's just that, I think, you know, over 90% of enterprise customers acknowledge the fact that there's friction when they're deploying their datacenter security architectures, specifically network security tools, just because of the architectural friction and the fact that, it's really interesting, you know, a lot of those are really built because everything's tightly coupled into them, but in the public cloud, a lot of your policy enforcement comes from the native services. So, for instance, your segmentation policy, the route tables actually get put into the, when you're creating the networking environment. So the security tools, a network security tool, has to work in conjunction with those native services in order to build architectures that are truly compliant. >> So is firewall even the right name anymore? Should it have a different name, because really, we always think, all right, firewall was like a wall. And now it's really more like this layered risk management approach. >> There's definitely a belief, you know, among especially the cloud security evangelists, to make sure people don't think in terms of perimeter. You don't want to architect in something that's brittle in something that's meant to be truly elastic. I think there's kind of two, you know the word firewall is expanding, right, so more and more customers are now embracing web application firewalls because the applications are developing are port 80 or 443, they're public-facing web apps, and those have a unique set of protections into them. And then next-generation firewalls still provide ingress/egress policy management that the native platforms don't offer, so they're important tools for customers to use for compliance and policy enforcement. They key is just getting customers to understand thinking through specifically which controls they're trying to implement and then architect the solutions to embrace the public cloud they're playing in. So, if they're in Azure, they need to think about making sure the tools they're choosing are architected specifically for the Azure environment. If they're using AWS, the same sort of thing. Both those companies have programs where they highlight the vendors that have well-architected their solutions for those environments. So Barracuda has, you know, two security competencies, there's Amazon Web Services. We are the first security vendor for Azure, so we were their Partner of the Year. So the key is just diving in, and there's no silver bullet, just re-architecting the solutions to embrace the platforms you're deploying on. >> What's the biggest surprise to the security people at the company when they start to deploy stuff on a public cloud? There's obviously things they think about, but what do they usually get caught by surprise? >> I think it's just the depth and breadth of the services. There's just so many of them. And they overlap a little bit. And the other key thing is, especially for network security professionals, a lot of the tools are made for software developers. And they have APIs and they're tooling is really built around software development tools, so if you're not a software developer, it can be pretty intimidating to understand how to architect in the controls and especially to leverage all these native services which all tie together. So it's just bridging those two worlds, you know, software development and network security teams, and figuring out a way for them to collaborate and work together. And our advice to customers have been, we've seen comical stories for those battles between the two. Those are always fun to talk about, but I think the best practice is around getting, instead of security teams saying no, I think everybody's trying to get culturally around how do I say yes. Now the burden can be back to the software development teams. The security teams can say, here the list of controls that I need you to cover in order for this app to go live. You know, HIPAA or PCI, here are these compliance controls. You guys chose which tools and automation frameworks work as part of your CI/CD pipeline pr your development pipeline, and then I'll join your sprints and you guys can show incrementally how we're making progress to those compliance. >> And how early do they interject that data in kind of a pilot program that's on its way to a new production app? How early do the devs need to start baking that in? >> I think it has to be from day zero, because as you embrace and think through the service, and the native services you're going to use, depending on which cloud provider, each one of those has an ecosystem of other native services that can be plugged in and they all have overlapping security value, so it's kind of thinking through your security strategy. And then you can be washed away by all the services, and what they can and can't do, but if you just start from the beginning, like what policies or compliance frameworks, what's our risk management posture, and then architect back from that. You know, start from the end mine and then work back, say hey, what's the best tool or services I can instrument in. And then, it may be, starting with less cloudy tools, you know, just because you can instrument in something you know, and then as you build up more expertise, depending on which cloud platform you're on, you can sort of instrument in the native services that you get more comfortable with then. So it's kind of a journey. >> You got to start from the beginning. Bake it in from the zero >> Got to be from the zero. >> It's not a build-on anymore. All right Tim, last question. What are we looking forward to at RSA this week? >> I'm very cloud-biased, you know, so I'm always looking at the latest startups and how creative people are about rethinking how to deploy security controls and just kind of the story and the pulse around the friction with public cloud security and seeing that evolve. >> All right, well I'm sure there'll be lots of it. It never fails to fascinate me, the way that this valley keeps evolving and evolving and evolving. Whatever the next big opportunity is. All right, he's Tim Jefferson, I'm Jeff Frick, thanks for stopping by. You're watching theCUBE. We're at RSAC 2018 in San Francisco. Thanks for watching. (upbeat techno music)

>> Narrator: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> And welcome back everybody, Jeff Frick here with theCUBE. We're at the RSA Conference in San Francisco, it's 40 thousand plus people talking security, really one of the biggest conferences in San Francisco, and security continues to be an ever increasing and important topic, and more and more complex and complicated and multifaceted. We're excited to have really an innovator who just recently sold his company to Sumo Logic, he's Dave Frampton, VP of security solutions now at Sumo Logic. Dave, great to see you. >> Dave: Good to be here. >> So you guys were relatively a relatively small team working on a very specific piece of this giant pie. So, tell us a little bit about what you're doing and what attracted Sumo Logic to you. >> FactorChain, acquired by Sumo Logic in Q4 of last year was focused on building an investigation platform to really help security analysts very quickly and completely identify, for an individual threat or alert of which they get an avalanche every day, what happened, where did it spread, and then what should be done about it, more importantly. >> It's funny 'cause we talk often, at all these conferences, right, everybody in the keynote will talk about it, "six months before you know you've been breached", or two years, or whatever the average, it changes all the time. But nobody ever really talks about once you've figured it out, then what? So that's really what you guys are about, the "then what?" So what are some of the things that people do wrongly, and what are some of the immediate triage and best practices that people should be aware of if they're not already? >> It's a great question, there's really a difficult work flow that exists when you start digging into one of these indicators of compromise or alerts, typically an analyst is trying to connect the dots across huge numbers of systems and huge data sets. They may have to go to five to ten different systems, run queries which take a long time to run and then take a long time to interpret, kind of stitch together the clues across all of them, and this process can often take 30 minutes, an hour, or even two hours against an inflow rate of hundreds of these per day. So there's sort of this expanding backlog of uninvestigated urgent threats. In many cases, people only get to about 10% of the most urgent threats or alerts that come in to their security operation center, or SOC. And FactorChain's innovation was to develop some new techniques to help human analysts quickly connect the dots across these huge data sets. Integrate a lot of those different systems, so you can go to one place, see huge, deep connections between data sets, and then kind of put it all together in a very concise work flow that helps you get through this process just a lot faster, a lot more skilled. >> So are you identifying patterns of past behavior, 'cause you have a database of how these things work, are you looking for consistency of behavior within one system in others, I mean, what are some of the, obviously you're not going to tell us your secret sauce, but what are some of the tricks and tips that enable you to speed up that process? It's scary to hear that they have hundreds of high priority that they can't get to. >> There's two main components of trying to accelerate this whole work flow. The first one is trying to help analysts very quickly get insight into how variables change in an environment. This investigation process is little bit like a game of whack-a-mole, you're following a particular user or particular machine, but then the name will change, and then there'll be another variable introduced but it will change four times, and you're left to try to figure out which one of these changes map to the original. This process just repeats over and over again. So part of our insight was to try to figure out how to chain, hence the name FactorChain, all of these variable changes together in a very, very concise way, so you can help the analyst find the right path through the data and ignore all the false trails, get back on the trail when they lose the trail. So it's really sort of a data navigation and insight, sort of the key core of FactorChain's innovation. >> So a big factor, shouldn't use that word again, but we'll use it again, factor happening today in the industry is everything going to cloud, right? A huge percentage of business going to cloud. AWS is up to 20 billion dollar run rate and Sumo is a big partner, and Microsoft and Google are trying to catch up from behind, and IBM's got a cloud. So cloud's a big thing and there's more and more cloud. Also, we're in this API economy now, so whether I want to use public data sets and inject those into my processes, or I've got partners that I'm, I'm connecting all these things via API's and I still have my on-prem stuff, or the stuff that just can't go to cloud or legacy for whatever reason. So the environment is becoming way more complex, the number of third party people that you're playing nice with is becoming much, much larger, and a lot of these connections are completely automated, right, when you look at ad tech and some of the financial trading systems. So how does that increasing complexity play into what you guys are doing? >> The migration to the cloud is putting enormous disruptive pressure on some of these traditional security processes. You think about, the old world involved a security operations center and a small team of analysts just going through this list of alerts that were sent in by their infrastructure. The cloud really challenges that in two fundamental ways. I think one of them you hit really well in your description of it, which is just the sheer surface area of possible attack has increased so dramatically. You hit all the key points, there's automated processes, there's a lot of customer facing and production security that didn't exist in the old worlds, so you have so many more ways for the attackers to get in. But importantly, there are new sources of information which are critical to actually orchestrating the defense, to figuring out what to pay attention to and how to pay attention to it. Application layer information is much more relevant in a cloud context. And you have a lot of the infrastructures being standardized underneath, but a lot of the interesting insight might be from the application. Is this a customer or is it a partner? Is it a sensitive piece of information or application, or not? There's all sorts of context which needs to be brought in to the forensic process to help the investigators really get to the bottom of what happened and where did it spread. There's also a need to collaborate across security and other functions in IT in a much more seamless, horizontal way. A typical example would be an analyst in the SOC might understand an awful lot about security forensics but may not really understand some of this application context or even how to interpret some of the application logs at all. So you really need a horizontal collaboration involving IT operations, you hear a lot about DevOps and sort of DevSecOps, you need a much more collaborative work flow, not just a common data set, which I think everybody recognized a few years back, but also common analytics and a common work flow, common tooling that they can collaborate in the same system on the same investigation. And so those are the ways in which the traditional security industry and the boundaries around its processes and its tools are really being challenged and disrupted by the migration to the cloud, and at Sumo Logic, this is sort of at the center of where we live. We live in a world where people are rapidly migrating to the cloud, looking for monitoring and troubleshooting and security analytics, functionality. As they do that, looking at modern applications and how their architectures are changing and what implications that has for security. So we have our sights squarely set on sort of creating that new model for that new cloud-oriented environment. >> Right, and then how much do you work with other applications, which I guess in the past may have been thought of as competitive, but when you're in an environment with all these integrated systems at a customer, and there's probably tremendous benefit to sharing some level of information in terms of the signature of threats and when threats are coming in. I'm sure there's ton of great data that, if shared across people on the good side of the fence, will probably be to the benefit of all. So has that been changing, is that evolving, how do you see kind of working with other apps within, let's just pick the AWS cloud for example, within a particular customer, whether it's AWS directly or other partners in the ecosystem? >> Right, well first, you hit it, I mean, this function of security operations has to be agnostic, right? You have to be open to ingesting context from whichever system and whichever vendor and whatever source it might come from. And so these ecosystems are really important, and integration so that you can quickly, not only take in information from third parties, but then quickly get trending and visualization and really bring insight to that data. And so to that end, Sumo Logic's a leader in the AWS ecosystem, we've been built from the ground up on AWS, and we have rich partnerships with the vast majority of the ecosystem of tools that surround the AWS environment. So we can bring that in and very quickly deliver insight, make correlations, figure out what you need to pay attention to, and then do this investigation work flow that we were talking about earlier. >> Alright, crazy times. So, 40 thousand people here, what are you looking forward to for the next couple of days here at RSAC? >> I think a couple of things. One is, I think everyone is focused, right now, on the upcoming deadline for GEPR, and sort of data protection, data privacy, how do we identify within our data what might be subject to some of these regulations and new compliance requirements, and then how many of those overlap. Though the best of intentions, it creates some dilemmas about how to approach problems, such as for example, right to be forgotten. And I think seeing the community come together and sort of in a live venue, which is really what the show is all about, and kind of discuss and debate those issues, I think that's one. Two is the center of what we've been talking about, is the impact of modern application architectures and cloud on some of these old, traditional security practices and models. And that's why we have a bigger presence this year at the show, because we think that's something that is going to change the way things have been done in the security industry, and we want to be a part of that conversation and obviously giving previews of our upcoming products that address some of those problems. Looking forward to a good week. >> Should be good of a week for you, be busy. >> Dave: Absolutely. >> Thanks for taking a few minutes, and again congratulations on the acquisition with Sumo, great marriage I'm sure, and look forward to following the story. >> Thanks so much. >> Alright, he's Dave Frampton, I'm Jeff Frick. You're watching theCUBE from RSAC 2018 San Francisco. Thanks for watching.

>> Announcer: From downtown San Francisco, it's theCUBE covering RSA North America 2018. >> Hey welcome back everybody, Jeff Frick here with theCUBE. We're in San Francisco at RSA conference 2018, as 40,000 plus professionals talking about security. It's quickly becoming one of the biggest conferences that we have in San Francisco right up there with Oracle OpenWorld and Salesforce.com, pretty amazing show and we're excited to get some of the insight with some of the experts that are here for the event and all the way from the East Coast, from New Hampshire Edna Conway's joining us, she's a chief security officer, global value chain for Cisco, Edna great to see you. >> Oh I'm delighted to be here Jeff, thank you. >> Absolutely so we're glad to get you out of the 21 degree weather that you said was cold and sleety when you departed. >> Cold and sleety, spring in New Hampshire, although it's not much nicer here in San Francisco. >> No, it's a little dodgy today. Well anyway let's jump into it. So you're all about value chain. What exactly when you think about value chain, explain to the people, what are you thinking? >> You know that's a great question because we define the value chain as the end to end life cycle for any solution. So it could be hardware, it could be software, it could be a service, whether it's a service afforded by a person, or a service afforded by the cloud. >> Now it's interesting because the number of components in a solution value chain just continue to grow over time as we have the API economy, and clouds, and all these things are interconnected so I would imagine that the complexity of managing and then by relation securing that value chain must be getting harder and harder over time as we continue to add all these, kind of API components to the solution. Is that what you see in the field? >> I think there's a challenge there without a doubt, but sometimes that interconnection actually gives you a hook in right, and so what we've been thinking about for years now is, is there a way to actually define a simple high level architecture that can be flexible and elastic with some rigidity that allows you to identify what your core goals are, and then allows those third party ecosystem members to join you in the effort to achieve those goals in a way that works for their business. >> Right and then how does open source play in that? Because that's also an increasing component of the value chain, is that integrated into more and more either just overtly, or you're implementing an open source solution or you've got all these people that are kind of open source plus and what they're building and delivering to the market. >> Yeah open source is a great challenge without a doubt. I think the way in which to deal with open source is to understand where you're getting it from, just like all third party ecosystem members. Who are they? What are they doing for you? And more precisely how are you going to utilize them and take a risk based approach to where you're embedding them. >> Right. >> Right. Not all things are created equally. And so your worry needs to be different depending on the utilization. >> Right. The risk based approach is a great comment because cause security in a way to me is kind of like insurance, you can't be ultimately secure unless you just lock the doors and sit in there by yourself. So it's always kind of this risk trade off, benefit versus trade off, and really a financial decision as to how much do you want to invest in that next unit of security relative to the return. So when you're thinking about it from a risk modeling basis versus just, you know, we're putting up the moat and nobody's coming in, which we know doesn't work anymore. What are some of the factors to think about so that you're achieving the right level of success at the right investment? >> I think there are a number of things to think about, and the primary one I would say is, look at what I believe is the currency of the digital economy which is trust. And in order to build trust what you need to do is understand the risks that you're taking. And those risks need to measured in the language of business. So all of a sudden, it becomes really clear when you know what someone is doing for you, and you know how they're doing it, and the invasiveness of your inquiry and partnership with them actually needs to be adjusted, and all of a sudden you develop not only a baseline, but an opportunity to enhance your trust for, let's take an example. So Cisco's working with Intel, we're going to deploy Intel threat detection technology, our first instantiation of that will be tetration. Clearly they're a third party ecosystem member. >> Right, right. >> And they have been for some time. Now what we're thinking about is how does Intel go about deploying that capability? And not only that, but how are we going to utilize it? And our view is if you take CPU telemetry and you combine it with our edge as well as our network telemetry, you have a better solution down the road, better solution for alerts, better solution for quicker decisions for the inevitable. That risk based approach says we're embedding into and partnering at a core solution level. >> Right. >> That's a different area of inquiry then somebody, we were talking earlier and I said, you know, if you're a sheet metal provider on the external part of a chassis, great. >> Don't they love the diligence on that piece? >> Quality due diligence, but security limited, yeah? >> So but it's interesting because on one hand you're opening up kind of new kind of threat surfaces if you will, the more components that are in a solution from the more providers. On the positive side, now you're leveraging their security expertise within the components that they're bringing to the solution. So as most things in life right, it's really kind of two sides of the same coin, opening up more threats, but leveraging another group of resources who have an expertise within that piece of the value chain. >> Absolutely. Look none of us make something from nothing, you know, the reality is we're relying more and more on the digital economy on those third parties. So understanding precisely how they're doing something is important, but we also have to be respectful of one another's intellectual property. And that is a unique wrinkle in a day and age of integration that we haven't seen previously. The other thing I think that's really important is we're seeing a wonderful, I think explosion of IOT, there's a downside obviously, the question is have folks deployed their IOT in a way that included the security community. You should have security at the table, but what IOT does is give you edge visibility that you've never had before. So I see it as a positive, but it needs to be informed by things like AI, it needs to be informed by things like machine learning, and they need to be gates within at the end of the day where the information is managed, which is at the network. >> Right, cause again it's just another entry point in as well, so good thing, bad thing. I want to circle back on kind of the boardroom discussion that we talked about a little bit earlier. Everyone's talking about securities and board conversation, clouds and board conversation, a lot of these big, kind of IT transformational things that are happening are now being elevated to the board cause everybody's a digital company and everybody's a digital business. When you want to talk to the board, and how should people talk to the board about security vis a vis kind of this risk analysis versus just a pure, you know, we're secure, or we're not secure, and I'm sure every CEO and board is worried for that announcement to come out in the paper that they were breached some time ago. And you almost think it's inevitable at some point in time, so what does the board discussion look like? How's the board decision changing as security gets elevated beyond kind of the basics? >> So let me answer that in the context of value chain security. >> Absolutely. >> I think we need to get to the point where security speaks the language of business. We need to walk into the board and say we have an architecture, we are deploying measures to achieve the architecture at a certain level of compliance and goal setting across the ecosystem on a risk based approach. Fabulous words, I'm a board member. What does that mean to me? >> Help me, help me, gimme a number. Exactly, well, and the number comes out of tolerance levels. So if you have this architecture and you have goals set we have 11 domains, we set goals flexibly based on the nature of the third party and what they do for us. Now we have a tolerance level and guess what you can report? I'm at tolerance, I'm above tolerance, I'm below tolerance. And if you start to model through a variety of techniques, there are a number of standards out there and processes some folks have written about them, where you can translate that risk of tolerance into dollars if you're in the US or currency of your choice and the reality is you're walking in and saying at tolerance means this degree of risk, below tolerance means I've reduced my risk to this. It might afford you an opportunity to say hmmm, perhaps you can share some of that benefit with me to take the program to a new level. >> Right, right or in a different area. >> About tolerance, higher degree of risk, what do we do about it? Now you're speaking the language of business. >> So that's pretty old school business right? I want to talk to you about something that's a little bit newer school which is block chain. And you've used the word trust I don't know how many times in this interview, we'll check the transcript, but trust is a really important thing obviously, and some people have said that they view block chain as trust as a service. I'm just curious to get your perspective as we hear more and more about block chain, and big companies like IBM and a lot of companies are putting a bunch of resources behind it, where do you see block chain fitting? What is Cisco's position or I don't know if they have a official position yet as block chain now is introduced into this world of trust. >> So I think we're all looking at it, Cisco included block chain is an incredibly useful tool without a doubt. I'm not sure that block chain's going to solve world hunger or world peace. >> Shoot. >> However, just as we said trust has elements of use artificial intelligence to inform your decisions, achieve a higher degree of trust, what you can have is a set of let's say, hashes, date and time stamps, as something passes through the network because remember, if the currency is trust the integrity of the data is the fuel that allows you to earn trust. And digital, digital ledger technology or block chain is something that I think allows us to develop what I call a passport for the data. So we have a chain of custody, you know I'm an old homicide prosecutor from many, many, years ago chain of custody was important in the trial so too chain of custody of your data and your actions across the full spectrum of a life cycle add a degree of integrity we've never had the ability to do easily before. >> Interesting times. >> Alright Edna well thank you for spending some of your day with us, I'm sure you have a crazy, busy RSA planned out for the next couple days so thanks again. >> My pleasure, thank you so much for having me. >> Alright she's Edna Conway, I'm Jeff Frick. You're watching theCUBE from RSA Conference 2018 thanks for watching. (theme music)

>> Live from Seattle, Washington it's theCUBE, covering KubeCon and CloudNativeCon North America 2018. Brought to you by Red Hat, the Cloud Native Computing Foundation, and its ecosystem partners. >> Hey, welcome back everyone, it's theCUBE live here in Seattle for day three of three of wall-to-wall coverage. We've been analyzing here on theCUBE for three days, talking to all the experts, the CEOs, CTOs, developers, startups. I'm John Furrier, Stu Miniman, with theCUBE coverage of here at dock, not DockerCon, KubeCon and CloudNativeCon. Getting down to the last Con. >> So close, John, so close. >> Lot of Docker containers around here. We'll check it on the Kubernetes. Our next two guests got a startup, hot startup here. You got Norman Hsieh, head of business development, LogDNA. New compelling solution on Kubernetes give them a unique advantage, and of course, Daniel Berg who's distinguished engineer at IBM. They have a deal. We're going to talk about the startup and the deal with IBM. The highlights, kind of a new model, a new world's developing. Thanks for joining us. >> Yeah, no problem, thanks for having us. >> May get you on at DockerCon sometimes. (Daniel laughing) Get you DockerCon. The container certainly been great, talk about your product first. Let's get your company out there. What do you guys do? You got something new and different. Something needed. What's different about it? >> Yeah, so we started building this product. One thing we were trying to do is finding a login solution that was built for developers, especially around DevOps. We were running our own multi-tenant SaaS product at the time and we just couldn't find anything great. We tried open source Elastic and it turned out to be a lot to manage, there was a lot of configuration we had to do. We tried a bunch of the other products out there which were mostly built for log analysis, so you'd analyze logs, maybe a week or two after, and there was nothing just realtime that we wanted, and so we decided to build our own. We overcame a lot of challenges where we just felt that we could build something that was easier to use than what was out there today. Our philosophy is for developers in the terms of we want to make it as simple as possible. We don't want you to manage where you're going to think about how logs work today. And so, the whole idea, even you can go down to some of the integrations that we have, our Kubernetes integration's two lines. You essentially hit two QCTL lines, your entire cluster will get logged, directly logged in in seconds. That's something we show often times at demos as well. >> Norman, I wonder if you can drill in a little bit more for us. Always look at is a lot of times the new generation, they've got just new tools to play with and new things to do. What was different, what changes? Just the composability and what a small form factor. I would think that you could just change the order of magnitude in some of the pricing of some of these. Tell us why it's different. >> Yeah, I mean, I think there's, three major things was speed. So what we found was that there weren't a lot of solutions that were optimized really, really well for finding logs. There were a lot of log solutions out there, but we wanted to optimize that so we fine-tuned Elasticsearch. We do a lot of stuff around there to make that experience really pleasurable for our users. The other is scale. So we're noticing now is if you kind of expand on the world of back in the day we had single machines that people got logs off of, then you went to VMware where you're taking a single machine and splitting up to multiple different things, and now you have containers, and all of a sudden you have Kubernetes, you're talking about thousands and thousands of nodes running and large production service. How do you find logs in those things? And so we really wanted to build for that scale and that usability where, for Kubernetes, we'll automatically tag all your logs coming through. So you might get a single log line, but we'll tag it with all the meta-data you need to find exactly what you want. So if I want to, if my container dies and I no longer know that containers around, how am I going to get the logs off of that, well, you can go to LogDNA, find the container that you're looking for, know exactly where that error's coming from as well. >> So you're basically storing all this data, making it really easy for the integration piece. Where does the IBM relationship fit in? What's the partnership? What are you guys doing together? >> I don't know if Dan wants to-- >> Go ahead, go ahead. >> Yeah, so we're partnering with IBM. We are one of their major partners for login. So if you go into Observability tab under IMB Cloud and click on Login, login is there, you can start the login instance. What we've done is, IBM's brought us a great opportunity where we could take our product and help benefit their own customers and also IBM themselves with a lot of the login that we do. They saw that we are very simplistic way of thinking about logs and it was really geared towards when you think about IBM Cloud and the shift that they're moving towards, which is really developer-focused, it was a really, really good match for us. It brought us the visibility into the upmarket with larger customers and also gives us the ability to kind of deploy globally across IBM Cloud as well. >> I mean, IBMs got a great channel on the sales side too, and you guys got a great relationship. We've seen that playbook before where I think we've interviewed in all the other events with IBM. Startups can really, if they fit in with IBM, it's just massive, but what's the reason? Why the partnership? Explain. >> Well, I mean, first of all we were looking for a solution, a login solution, that fit really well with IKS, our Kubernetes service. And it's cloud-native, high scale, large number of cluster, that's what our customers are building. That's what we want to use internally as well. I mean, we were looking for a very robust cloud-native login service that we could use ourselves, and that's when we ran across these guys. What, about a year ago? >> Yeah, I mean, I think we kind of first got introduced at last year's KubeCon and then it went to Container World, and we just kept seeing each other. >> And we just kept on rolling with it so what we've done with that integration, what's nice about the integration, is it's directly in the catalog. So it's another service in the catalog, you go and select it, and provision it very easily. But what's really cool about it is we wanted to have that integration directly with the Kubernetes services as well, so there's the tab on the Integration tab on the Kubernetes, literally one button, two lines of code that you just have to execute, bam! All your logs are now streaming for the entire cluster with all the index and everything. It just makes it a really nice, rich experience to capture your logs. >> This is infrastructure as code, that's what the promise was. >> Absolutely, yes. >> You have very seamless integration and the backend just works. Now talk about the Kubernetes pieces. I think this is fascinating 'cause we've been pontificating and evaluating all the commentary here in theCUBE, and we've come to the conclusion that cloud's great, but there's other new platform-like things emerging. You got Edge and all these things, so there's a whole new set, new things are going to come up, and it's not going to be just called cloud, it's going to be something else. There's Edge, you got cameras, you got data, you got all kinds of stuff going on. Kubernetes seems to fit a lot of these emerging use cases. Where does the Kubernetes fit in? You say you built on Kubernetes, just why is that so important? Explain that one piece. >> Yeah, I mean, I think there's, Kubernetes obviously brought a lot of opportunities for us. The big differentiator for us was because we were built on Kubernetes from the get go, we made that decision a long time ago, we didn't realize we could actually deploy this package anywhere. It didn't have to be, we didn't have to just run as a multi-tenant SaaS product anymore and I think part of that is for IBM, their customers are actually running, when they're talking about an integrated login service, we're actually running on IBM Cloud, so their customers can be sure that the data doesn't actually move anywhere else. It's going to stay in IBM Cloud and-- >> This is really important and because they're on the Kubernetes service, it gives them the opportunity, running on Kubernetes, running automatic service, they're going to be able to put LogDNA in each of the major regions. So customer will be able to keep their logged data in the regions that they want it to stay. >> Great for compliance. >> Absolutely. >> I mean, compliance, dreams-- >> Got to have it. >> Especially with EU. >> How about search and discovery, that's fit in too? Just simple, what's your strategy on that? >> Yeah, so our strategy is if you look at a lot of the login solutions out there today, a lot of times they require you to learn complex query languages and things like that. And so the biggest thing we were hearing was like, man, onboarding is really hard because some of our developers don't look at logs on a daily basis. They look at it every two weeks. >> Jerry Chen from Greylock Ventures said machine learning is the new, ML is the new SQL. >> Yup. (Daniel laughing) >> To your point, this complex querying is going to be automated away. >> Yup. >> Yes. >> And you guys agree with that. >> Oh, yeah. >> You actually, >> Totally agree with that. >> you talked about it on our interview. >> Norman, wonder if you can bring us in a little bit of compliance and what discussions you're having with customers. Obviously GDPR, big discussion point we had. We've got new laws coming from California soon. So how important is this to your customers, and what's the reality kind of out there in your user base? >> Yeah, compliance was, our founders had run a lot of different businesses before. They had two major startups where they worked with eBay, compliance was the big thing, so we made a decision early on to say, hey, look, we're about 50 people right now, let's just do compliance now. I've been at startups where we go, let's just keep growing and growing and we'll worry about compliance later-- >> Yeah, bite you in the ass, big time. >> Yeah, we made a decision to say, hey, look, we're smaller, let's just implement all the processes and necessary needs, so. >> Well, the need's there too, that's two things, right? I mean, get it out early. Like security, build it up front and you got it in. >> Exactly. >> And remember earlier we were talking and I was telling you how within the Kubernetes service we like to use our own services to build expertise? It's the same thing here. Not only are they running on top of IKS, we're using LogDNA to manage the logs and everything, and cross the infrastructure for IKS as well. So we're heavily using it. >> This also highlights, Daniel, the ecosystem dynamic of having when you break down this monolithic type of environments and their sets of services, you benefit because you can tap into a startup, they can tap in to IBM's goodness. It's like somewhat simple Biz Dev deal other than the RevShare component of the sales, but technically, this is what customers want at the endgame is they want the right tool, the right job, the right product. If it comes from a startup, you guys don't have to build it. >> I mean, exactly. Let the experts do it, we'll integrate it. It's a great relationship. And the teams work really well together which is fantastic. >> What do you guys do with other startups? If a startup watches and says, hey, I want to be like LogDNA. I want to plug into IBM's Cloud. I want to be just like them and make all that cash. What do they got to do? What's the model? >> I mean, we're constantly looking at startups and new business opportunities obviously. We do this all the time. But it's got to be the right fit, alright? And that's important. It's got to be the right fit with the technology, it's got to be the right fit as far as culture, and team dynamics of not only my team but the startup's teams and how we're going to work together, and this is why it worked really great with LogDNA. I mean, everything, it just all fit, it all made sense, and it had a good business model behind that as well. So, yes, there's opportunities for others but we have to go through and explore all those. >> So, Norman, wonder if you can share, how's your experience been at the show here? We'd love to hear, you're going to have so many startups here. You got record-setting attendance for the show. What were your expectations coming in? What are the KPIs you're measuring with and how has it met what you thought you were going to get? >> No, it's great, I mean, previous to the last year's KubeCon we had not really done any events. We're a small company, we didn't want to spend the resources, but we came in last year and I think what was refreshing was people would talk to us and we're like, oh, yeah, we're not an open source technology, we're actually a log vendor and we can, and we'll-- (Stu laughing) So what we said was, hey, we'll brush that into an experience, and people were like, oh, wow, this is actually pretty refreshing. I'm not configuring my fluentd system, fluentd to tap into another Elasticsearch. There was just not a lot of that. I think this year expectation was we need the size doubled. We still wanted to get the message out there. We knew we were hot off the presses with the IMB public launch of our service on IBM Cloud. And I think we we're expecting a lot. I mean, we more than doubled what our lead count was and it's been an amazing conference. I mean, I think the energy that you get and the quality of folks that come by, it's like, yeah, everybody's running Kubernetes, they know what they're talking about, and it makes that conversation that much easier for us as well. >> Now you're CUBE alumni now too. It's the booth, look at that. (everyone laughing) Well, guys, thanks for coming on, sharing the insight. Good to see you again. Great commentary, again, having distinguished engineering, and these kinds of conversations really helps the community figure out kind of what's out there, so I appreciate that. And if everything's going to be on Kubernetes, then we should put theCUBE on Kubernetes. With these videos, we'll be on it, we'll be out there. >> Hey, yeah, absolutely, that'd be great. >> TheCUBE covers day three. Breaking it down here. I'm John Furrier, Stu Miniman. That's a wrap for us here in Seattle. Thanks for watching and look for us next year, 2019. That's a wrap for 2018, Stu, good job. Thanks for coming on, guys, really appreciate it. >> Thanks. >> Thank you. >> Thanks for watching, see you around. (futuristic instrumental music)

>> From Seattle, Washington, it's theCUBE covering KubeCon and CloudNativeCon North America 2018 brought to you by Red Hat, the Cloud Native Computing Foundation and it's ecosystem partners. >> Hello everyone, welcome back to theCUBE's coverage here. Day three of wall to wall coverage at KubeCon, CloudNativeCon 2018, here in Seattle, theCUBE's been breaking it down all week. I'm John Furrier with Stu Miniman. Our next guest is Tuan Nguyen who is the principal engineer in technical marketing, cloud products and solutions at Cisco Systems. Tuan, welcome to theCUBE. Thanks for joining us. >> Thanks for having me. Thank you. >> So obviously, cloud has been a big part of Cisco. We've seen at Cisco Live last year and Cisco Barcelona. >> Yeah. >> Got your big European event coming up, Cisco Live in Europe. >> Yes. >> Cloud has been a big part of the CEO's conversations on stage. >> Yes. >> Cisco's going all in on cloud, DevNet. >> Yeah. >> DevNet Create, two communities. You guys got a cloud native vibe going on in Cisco. >> Yeah, we do. >> Cloud centered. You got some products that are addressing this. >> Right. >> This is a, shift for Cisco, big time. >> Yeah. >> You've in the cloud, but this is like all. It feels like an all in. >> Right, right. Yeah, yeah, so what we've been evangelizing to people here is that Cisco is a software company, right? We certainly have a very strong heritage in our enterprise relationships related to our hardware platforms but we're transitioning and we're really making that conversion to being a software company. Cisco has been acquiring talent and technology in the past couple years. We've developed some strong relationships with Google and AWS as well and we developed these reference architectures that our customers can buy as kind of a single unit and get the support that they need from us. >> Yeah. >> So. >> We covered your recent announcement with AWS. >> Yes. >> Really nice, elegantly designed Kubernetes strategy where using EKS over here, you got the Cisco stuff on here so it's seamless experience for the customer which is great, congrats, I think that's a great announcement. I think it's directionally correct. I think that's what customers want. But I want to ask you a bigger question I want to get your opinion on, perspective. When you look at Kubernetes, what we're hearing here at the show from end users and from the emerging start ups that are contributing is that, breaking down the monolithic application into a series of granule sets of services is what everyone is doing. That's clearly, that microservices, a variety of other things, Kubernetes can connect that. But it's the network that brings it together. >> Right. >> So we're seeing the policy knobs inside Kubernetes as being a very strategic benefit. We had one expert say, "A lot of people "aren't taking advantage of those policy knobs. "This is a great opportunity." >> Right. >> You guys are, (laughing) as networked as you could be at Cisco. This is your DNA. >> Yeah. >> How are you guys looking at Kubernetes? Are you looking at the policy knobs? How do you talk to your customers about this new opportunity with Kubernetes? >> Yeah. >> What's the real up side-- >> Yeah. >> For your customers with Kubernetes? >> Yeah. So one, you mentioned, we see Kubernetes as very pervasive so we offer an on prem version of Kubernetes and of course, you know, we partner with Google and with AWS to deliver on cloud versions of Kubernetes and related to policies, application policies, in the form of Istio and network policies or security policies in the form of a network interface. Our on prem solution offers three types of CNIs. So we're very flexible in that way and certainly if you are a Cisco customer and you have a Cisco ecosystem of hardware platforms then we natively integrate into those platforms and we let you leverage your existing investments, yeah. >> So if I look at it that way, then I'm saying, okay, I'm good with Cisco right now. >> Yeah. >> Do I have to change anything with Kubernetes? What's the impact to me, as a Cisco customer? >> Yeah. >> Is this added value? Consistent environment? What's the impact to the customer's day to day, operational? (laughing) >> Sure, sure. Yeah. >> Environment? >> Yeah, so our customers are asking us to tie both VM based and container based workloads into CICD, so we obviously, with with our ACI/CNI we give them the capability to construct policies in Kubernetes that end up on the hardware platform, right? That's number one. Then we also have a hardware registry, we have security policies, that can be carried across different platforms, so in your private cloud and VMware and OpenStack, you can carry those same policies. For us, we've got application delivery, frameworks and platforms, that deliver the application in the form of both VM and container based as well as bare metal and we kind of unify the user experience, when it comes to application deployment in Kubernetes. >> Yeah, so Tuan, I'm actually glad that we got you towards the end of what we've been talking about here because one of the things we've been teasing apart is, multi clouds, in many ways, is like what we've been talking about a long time about multi vendor. >> Yeah. >> And the networking space is an area that we really understand. You know, what worked and what didn't work in a multi vendor world and the management piece was often the breaking point because just stitching all those together, we've looked for the last few years, customers have multi cloud and getting their arms around that and how do I manage that, can be a real challenge. >> Yeah, yeah. >> We know Cisco's making investments, they've made acquisitions. Tell us, what have we learned from the past? What's different about this now that will make it successful where management has been one of the pitfalls for quite a long time? >> Yeah, yeah. So I think what we've learned from the past is that customers are asking us for policies that can span across the multi cloud, right? So, whereas certain platforms will give you a hybrid cloud experience, Cisco is investing in things like VPN meshed apologies into CSR, in ASR, in protecting workloads as they move across different cloud targets. And then also in the provisioning and life cycle management. We feel that customers want the capability to run applications in any cloud environment and under any type of overlay or underlay networking platforms, yeah. >> Tuan, one of the things that you talk about not only getting your arms around it but there is multi axis's that I need to optimize for. One of the ones, of course, sorting out is cost. So, you know, where does Cisco sit in this environment? The big shift that I think was really highlighted for me last year, going to Cisco Live is, it used to be most of what I'm managing, I control. >> Right. >> Today, most of the network and most of the environments that I'm in charge of? They're outside of my purview. >> Right. >> With doing that multi cloud world. >> Right. >> So how I make sure that I don't, you know, get myself in trouble with the CFO? >> Right. >> Or have unexpected things come up? >> Right, right, yeah. I came through a software acquisition called CliQr Technologies and CliQr Technologies is that one tool that gives you that experience and allows you to see cloud cost. So cloud cost from a hourly, metered perspective but also from a budgeting perspective. And we're adding additional components into our platform that gives you like true cost for all of your compute, all of your network, your storage, your services like Lambda and then also makes recommendations on the instant sizes that you need to use. We have policies like suspension policies that help our customers to save on their cloud bill. In a lot of ways, the life cycle management aspect of applications is something that differentiates us from other cloud management platforms. >> Talk about the cost side and the cost of ownership. I've always been talking about the cloud as the TCO or total cost of ownership, changes a bit. What are some of the challenges that you've seen the customers having that you guys are helping with? When you look at integrating security, networking and application performance and management? Cause it's not siloed anymore. >> Yeah. >> They're integrating together. >> That's right. >> This is a new dynamic. >> Right, right. >> What's state of the art? What are you guys doing? You guys address that? What are some of the customer challenges? Just, what's your thoughts on that area? >> Yeah so most of the time there are two basic challenges to this. One is, you know bringing the cloud economy into the private cloud consumption is something that our platform does. And then also being able to visualize all the costs. Helping our customers to make good decisions about what types of workloads run where best and whether it's, so we enable, obviously, VMs as well as cloud native, container based, micro services to co-exist in a single platform so we'll deploy VMs and containers in a hybrid fashion. >> Yeah. >> Or we'll deploy them into the same and we'll give you the utilization of those workloads based on dollar amounts, based on run time and also based on the type of workload. >> So here's the curve ball question for you. Now multi cloud comes into the equation? >> Yeah. >> How do you guys deal with that because workload, in some cases, I've heard from customers that refactoring those workloads is a problem. >> Right. >> So if I'm going to run true multi cloud, I'm going to have multiple clouds, I need networks to know, have smarts, around where I want to put that and do I want it in different geography maybe or region? So the network has the intelligence on a lot of things. >> Right. >> How are you guys addressing the multi cloud component? >> Yeah, yeah. >> With workload? Without refactoring? >> Yeah. So because we can compose applications that consist of both VMs and containers, right? One of the projects, just one of the use cases that we worked on with our relationship with Google was to, from cloud center, to deploy cloud native workloads in GKE that would navigate and basically traverse the VPN network to go back into the on prem target in order to access a database that was kind of a legacy database using an API URL. So that whole workflow was something that we solved for with our reference architecture so, you know, we obviously have the portfolio of products that allows our customers to take advantage of both hardware, software and networking and security and monitoring all in one reference architecture. >> A lot of opportunities for you guys. I think you're positioned well. We've covered you guys on the DevNet, DevNet Create. >> Yeah. >> You're seeing the cloud center, this dashboard kind of model of looking at the operations side, the development side. A lot of changes. Really kind of fit right into your wheelhouse. >> Yes, yeah. >> I think the Kubernetes policy knobs, it's a big story that I'm walking away with on this trip and saying, wow, policy sounds like a networking thing. Networking guys love policy. >> Yeah. >> If you can automate it? >> Yeah, that's right. >> And managed the costs? >> Yeah. >> It's a good thing. >> Yeah. >> Thanks for coming on, appreciate your insight. >> Thank you, thank you very much. >> CUBE coverage here, day three continues. I'm John Furrier with Stu Miniman. Stay with us for wall to wall coverage here at KubeCon, CloudNativeCon. We'll be right back with more, after this short break. (upbeat techno music)

>> From Seattle, Washington, it's theCUBE covering KubeCon and CloudNativeCon North America 2018. Brought to you by Red Hat, the Cloud-Native computing foundation and its ecoystem partners. >> Everyone welcome back to theCUBE's exclusive coverage here live in Seattle for KubeCon and CloudNativeCon 2018. I'm John Furrier with Stu Miniman, breaking down all the content and the analysis, opinion, getting all the data, sharing that with you, three days of wall-to-wall coverage, we're in day three winding down, great event. Our next guest is one of the stars of the show here, original Kubernetes, a pioneer, Joe Beda, also the Kube founder at Heptio, recently sold to VMware in acquisition. Startup only what, two years old? >> Yeah, about two years. >> About two years. Welcome back to theCUBE, great to see you. >> Thanks for having me. >> Google. Great work you've done with Craig and with pioneering Kubernetes, Heptio startup. >> Yep, yep. >> Got taken off the table as you were ramping up. Congratulations! >> Thank you so much! It's been a little bit of a wild ride, I can tell you that. >> So first question for you is, I don't want to get into the whole VMware thing, we're going to hit that up in VMworld next year. But as you look at the ecosystem of Kubernetes, I mean, you've got to be looking at this sayin, "Hey, we knew this was going to be big." You guys have been running it with Borg and where that came from in the DNA. The magic wand almost was kind of passed out. Hey, this happened! It's kind of happening in a big way. What's your reaction? How do you feel at an emotional level? What's the vibe going on in your mind right now? >> I mean, I look at this and it blows my mind. I think we knew that we had a possibility with Kubernetes to do something big, we could feel it. I don't think we ever expected this, to be honest. The thing, though, that I think surprises me, and it was both about building startup and building a company, but also seeing the community grow, is that every time you hire a new person to do a startup, every time you have somebody join the community and start contributing, it's like it's another cylinder in the engine. And it really starts taking it in directions that you had no idea it was going to to go into. And so, I look around here and this is a product of a community. This is not a product of any single company, any single set of folks. I mean, you start things snowballing and interesting things happen, but it really is a group effort. >> It's so hard to do a startup. You know, I've done a lot of startups. We've done a lot of interviews with startups. It's hard. You got to start a company, you got to do all that legal work, then you've got to get the momentum, and it's capped off by the validation, certainly by VMware, who announced heavily at the VMworld, Pat Gelsinger said that Kubernetes is the dial tone. (laughs) And I'm like, okay, I guess. We were talking earlier, it's the ethernet. I've called it the TCP/IP. So, all the analogies come to this enabling kind of capability. And that's where we see a lot of the value. Where do you see the opportunities for the ecosystem to innovate. I mean, getting some clear visibility around the stability. But now value is starting to get created. What's your thoughts on value creation? Where are some areas that are ripe? >> Yeah, well, I think a couple of things. I think we're at the point now where it's about how do we bring these technologies to new people, to new audiences, to folks who might not have heard about it, don't quite get it. How do we make this stuff more relevant to them? So we're moving out of this technology-focus phase, into this phase that's focused on solution and value that's delivered. And this isn't always about innovation and building on top. Some of it is about different ways to do it, and also just, you know, having these ideas just permeate, right? And as technologists, we build on incredibly complicated technology. We look at, say, something like AWS. If you were to approach that brand new without any idea of the history there, it would be incredibly intimidating. But it's been around long enough, it's grown organically, that everyone's like, "Oh yeah, I totally understand all that stuff." It just takes time sometimes for these technologies to become understood, to become part of the fabric of what people assume the technical skill set is. And I think that's a big part of what we're seeing starting to happen now, too. >> Joe, I want to get your viewpoint. When I think about the last ten, fifteen years, the whole discussion of hybrid cloud, multicloud, portability, even thinking about things from a VMware context, or from a cloud-computing context, it seems like we have a lot of false starts and false expectations about, you know, we've listed Pat Gelsinger and Andy Jassy and others who talk about the three laws of the cloud. We're not changing physics. And Kubernetes is super-important for multicloud, but portability was kind of thrown out there. I want to get you to help us tease out what it is, what it isn't, and how do you see multicloud today? >> Yeah, so I mean, first, on the topic of false starts, there's this popular narrative that, oh, it's going to be this, now this is the hot thing, now it's this. And the reality is that main frames are still around. Technologies don't disappear, it's an additive type of thing. So it's not like, say for example, Kubernetes or Serverless or machine learning, right? It's all of those things working together and I think, if you look at it in that way, it doesn't feel like a false start. It just seems like we're adding more different techniques, more technologies onto the pile. In terms of where I see this stuff going, I think multicloud and compatibility do go hand-in-hand. From the very start, we never wanted to pretend that Kubernetes was going to be this magic layer that was going to make differences between different environments disappear. What we did want to do, though, was actually find the commonalities and minimize the extra differences that didn't need to be there. And so a lot of times, when I talked to customers, I don't say, "Hey, don't use this special service in this cloud." I don't tell them that. What I do say, though, is, "If you are going to start using those things, "do it in an eyes-open type of way. "Understand the trade-offs, "understand why you're doing it" versus just willy-nilly adopting technologies cuz they look nice and shiny, and that's what you want to do, right? So I think, whether you're adopting Kubernetes, whether you're adopting a specific cloud technology, whether you're moving to cloud versus actually building automatable infrastructure on prem, make sure that you're thoughtful about how you enter those types of decisions. >> The way the feedback we hear from people here on theCUBE this week and other places as well, is, pick a problem to solve. Don't boil all of the ocean, get in there, use Kubernetes for what you think you can nail a problem on, iterate from there. That's the common theme. Now as you guys pivot over to VMware, they've been investing a lot in their strategy also with AWS, RDS is now on VMware, they'd look at Kubernetes as a great opportunity to bridge on-premises and cloud. So it's clear to see why they like it. Explain for the folks watching who are fans of you and Craig and Heptio, what's next for you guys? You joined VMware, you just closed the deal, you're principal engineer at VM where you're in the business unit side, share some of the specifics that you can on what's going to happen next. >> Yeah, I think it's too early for me to speak on sort of a grand strategy across VMware. I think I'm still mapping things out and understanding things. What I can talk about is the way that we were thinking about the market from Heptio's point of view. And every indication that I've seen that this is actually very, very compatible for VMware. A lot of the keynotes that you saw here at KubeCon Show, that adoption curve, where we're in the early phase versus the early majority, that type of thing, and I think there's some truth to that. But I also think that there's an axis to that, that actually isn't shown up there, around the different personas that you see adopt different technologies inside of the enterprise organization. And so the strength of somebody like VMware, and I think the early adopters for things like Kubernetes, are that operator persona. And we're seeing an evolution of that persona as it starts to come to grips with the world of the cloud. We're moving from a place where things are ticket-based, human intensive, to how do we move to API-driven, policy-drive types of things, right? And so that's obviously where the cloud is. But how do we take those learnings, how do we take those lessons and actually apply those things on problems? And so our goal from Heptio's point of view, and I think it's incredibly well-aligned with VMware, and an enormous opportunity, is taking the VMware-faithful, the folks who do go to VMworld, that have built careers on that solution, how do we help them move their career forward, move their positioning forward in a way that doesn't eliminate their jobs, but actually helps them be smart in a modern world where cloud is actually part of the landscape. >> We had Aparna on from Google, and you know Aparna from your Google days, and she was making a comment about these new personas, new opportunities, new jobs that are opening up based on Kube. Okay, great, we see some of that. And then we've done rift on the idea that Kubernetes also is a uplift for existing roles: system architect, Network Guy, Server Guy, and then the VMware operator that had been wearing virtual machines, this is a lift for them. Talk about what specifically is going to get them jazzed up, is it the policy knobs on Kubernetes, what's going to really appeal to people below Kubernetes and what's really going to appeal to the developers above Kubernetes? >> Well, for centralized IT within an organization, cloud has been a challenge, right? If, I'm not thinking of a specific customer, but it's not insane to think about something like a developer who wants to write an app, they have to file a ticket, it can take anywhere from two weeks to three months to get stuff provisioned, right? And they're sitting there twiddling their thumbs waiting to actually get that stuff ready. Meanwhile, they take their credit card, go to a cloud, get a machine up and running within 30 seconds, and get their app shipped. So while they're waiting on that ticket, they can get that app shipped, and then they dare their manager to deny the credit card charge when it comes due. That is a challenge for centralized IT which oftentimes has not had any competition. Now, all of a sudden, they find themselves in a situation where they're competing with cloud for the hearts and minds of their own customers, for their developers. And different organizations have reacted to this in different ways. Some of them had said, we're just going to explode out IT and actually say to different business units, "You own your own destiny." But, depending on the enterprise, depending on the goals, depending on their requirements around regulatory needs, around policy, around cost controls, around mobility of developer skills across the organization, that may or may not work for them. And so, for me, the bridge forward for that centralized IT, is really one of giving them the power tools so they can actually serve their customers better in a world where cloud exists. >> Yeah. Their jobs! That's their job to serve the business. >> Well, I mean, the bar has been raised, right? And so we want to help them meet that challenge. >> Awesome. >> Joe, I want to get your thoughts on this growing ecosystem. I said in our open this morning, we've been looking for the last five years or so. Where is that independent, cloud-computing show? And sitting here with 8 thousand people, and another 2 thousand people are in the hallways or on the wait list and things like that. It's here, and there's all of these projects into multiple communities come together. How does it feel that Kubernetes, was it kind of the first domino to help tip something broader with CloudNative? >> I mean it feels really good, to be honest. I think one of the things that we saw Heptio as, and I think VMware is actually in a great position also, is to be a neutral party that really is on the side of customers as they enter this complex world where they're dancing with elephants that are the big cloud providers. And I think that there is an enormous appetite for customers to actually have trusted partners in that world. Now, with respect to the conference, I think, what I love doing is I love being on the floor here, I love talking to people, I love going to the session tracks. That's where I think the heart of this conference is. Some of the contributor community days that happened on Monday that don't get a lot of coverage, the big headlines are one thing but there really is an undercurrent of community that's happening in this conference that is really something pretty special. >> I think that's a great point, and, at least what I've seen that's contributed, you know, the Envoy Group, tomorrow there's the Operators Group, this is not a monolithic community, it's not like, look, I've been at VMworld for years. It was about virtualization and primarily a single product from a single company and everything that wrapped around it. This is not a vendor doing it, there's all of these. I talked to the people that all they care about is Helm, we talked about all these different pieces, and many of them tie into what was going on at Kubernetes, but there's just so much diversity, and it's a common ground for everybody to work together. >> And I think, this is one of the things that I think has been interesting about the CNCF is that there is no, there is an idea that we want to create a set of projects that work well together, but there also is the realization that there is no one way to skin the cat, there is no one way to solve a problem. So there is room for projects to disagree, there's room for projects to experiment, there is room for folks to try and find their audience and be successful. >> That's the modern upgrade in my mind, to, not going against the open source ethos but also innovating with it, You're balancing commercial so you just, I think they've got to apply this upstream concept called CNCF where the downstream benefits for commercialization, you can still do the open source community thing while having an impact downstream to IT and just regular developers. This is the trend we see at Enterprise when we talk to the customers, we talk to other people, IT has been outsourced for decades. Now there has to be a competitive advantage, and we have the competition thing that you pointed out. And the smart CIO CX's are bringing developers in to create a competitive advantage, and it's a new reset. And, not throwing away networks, they're not throwing away compute and storage. They're going to change it. And I think this is where the real tailwind is. Do you agree with that or what's your thoughts? >> The way I like to think about it is that, and I'm using company names here as an example, but I think there is this race between Tesla learning how to become a car company versus, say, Ford or GM learning how to become a software company, right? And that dynamic is playing itself out across every single industry. And I think there is not a CEO or CIO or board out there that doesn't realize that the way for us to be relevant in the future is to turn software into, not just a cost-center and something we deal with, but something that becomes a fundamental advantage and driver of our business. >> Every industry: media, software! We're a software company that happens to do media, with theCUBE. You're totally right, it's just like-- >> Any industry. This is why Amazon's getting into grocery stores. >> It's integration. This is a completely new horizontal dynamic with a little bit of special machine learning at the outlay. >> We're moving into a software-defined world, for sure. >> Joe, been great to have your commentary here on theCUBE. Thanks for sharing. Congratulations on the acquisition. Super outcome, the numbers floating out there. It's pretty large, good deal. We have no comment. (laughs) >> Open source! >> Read DCSE C file. >> Open source business models are changing, but the value is still the same. Those who create the value can extract it. That's the ethos of open source, of course theCUBE as well. Thanks for watching. Stay with us for more coverage after this short break.