>>Yeah, yeah. >>Welcome back to session, too. Thoughts about everywhere. Unlock new revenue streams with embedded search and I Today we're joined by our senior director of Global Oh am Rick Dimel, along with speakers from our thoughts about customer Hayes to discuss how thought spot is open for everyone by unlocking unprecedented value through data search in A I, you'll see how thoughts about compound analytics in your applications and hear how industry leaders are creating new revenue streams with embedded search and a I. You'll also learn how to increase app stickiness on how to create an autonomous this experience for your end users. I'm delighted to introduce our senior director of Global OPM from Phillips Spot, Rick DeMARE on then British Ramesh, chief technology officer, and Leon Roof, director of product management, both from Hayes over to you. Rick, >>Thank you so much. I appreciate it. Hi, everybody. We're here to talk to you about Fox Spot everywhere are branded version of our embedded analytics application. It really our analytics application is all about user experience. And in today's world, user experience could mean a lot of things in ux design methodologies. We want to talk about the things that make our product different from an embedded perspective. If you take a look at what product managers and product design people and engineers are doing in this space, they're looking at a couple of key themes when they design applications for us to consume. One of the key things in the marketplace today is about product led growth, where the product is actually the best marketing tool for the business, not even the sales portion or the marketing department. The product, by the word of mouth, is expanding and getting more people onto the system. Why is that important? It's important because within the first few days of any application, regardless of what it is being used binding users, 70% of those users will lose. Interest will stop coming back. Why do they stop coming back? Because there's no ah ha moment through them. To get engaged within the technology, today's technologies need to create a direct relationship with the user. There can't be a gatekeeper between the user and the products, such as marketing or sales or information. In our case. Week to to make this work, we have toe leverage learning models in leverage learning as it's called Thio. Get the user is engaged, and what that means is we have to give them capabilities they already know how to use and understand. There are too many applications on the marketplace today for for users to figure out. So if we can leverage the best of what other APS have, we can increase the usage of our systems. Because in today's world, what we don't want to do from a product perspective is lead the user to a dead end or from a product methodology. Our perspective. It's called an empty state, and in our world we do that all the time. In the embedded market place. If you look at at the embedded marketplace, it's all visualizations and dashboards, or what I call check engine lights in your application's Well, guess what happens when you hit a check engine life. You've got to call the dealer to get more information about what just took place. The same thing happens in the analytic space where we provide visualizations to users. They get an indicator, but they have to go through your gatekeepers to get access to the real value of that data. What am I looking at? Why is it important the best user experiences out on the marketplace today? They are autonomous. If we wanna leverage the true value of digital transformation, we have to allow our developers to develop, not have them, the gatekeepers to the rial, content to users want. And in today's world, with data growing at much larger and faster levels than we've ever seen. And with that shelf life or value of that data being much shorter and that data itself being much more fragmented, there's no developer or analysts that can create enough visualizations or dashboards in the world to keep the consumption or desire for these users to get access to information up to speed. Clients today require the ability to sift through this information on their own to customize their own content. And if we don't support this methodology, our users are gonna end up feeling powerless and frustrated and coming back to us. The gatekeepers of that information for more information. Loyalty, conversely, can be created when we give the users the ability toe access this information on their own. That is what product like growth is all about in thought spot, as you know we're all about search. It's simple. It's guided as we type. It gives a super fast responses, but it's also smart on the back end handling complexities, and it's really safe from a governance and as well as who gets access to what perspective it's unknown learned environment. Equally important in that learned environment is this expectation that it's not just search on music. It's actually gonna recommend content to me on the fly instantly as I try content I might not even thought of before. Just the way Spotify recommends music to us or Netflix recommends a movie. This is a expected learned behavior, and we don't want to support that so that they can get benefit and get to the ah ha moments much quicker. In the end, which consumption layer do you want to use, the one that leads you to the Dead End Street or the one that gets you to the ah ha moment quickly and easily and does it in an autonomous fashion. Needless to say, the benefits of autonomous user access are well documented today. Natural language search is the wave of the future. It is today. By 2004 75% of organizations are going to be using it. The dashboard is dead. It's no longer going to be utilized through search today, I if we can improve customer satisfaction and customer productivity, we're going to increase pretensions of our retention of our applications. And if we do that just a little bit, it's gonna have a tremendous impact to our bottom line. The way we deploy hotspots. As you know, from today's conversations in the cloud, it could be a manage class, not offering or could be software that runs in your own VPC. We've talked about that at length at this conference. We've also talked about the transformation of application delivery from a Cloud Analytics perspective at length here it beyond. But we apply those same principles to your product development. The benefits are astronomical because not only do you get architectural flexibility to scale up and scale down and right size, but your engineers will increase their productivity because their offerings, because their time and effort is not going to be spent on delivering analytics but delivering their offerings. The speed of innovation isn't gonna be released twice a year or four times a year. It's gonna It can happen on a weekly basis, so your time to market in your margins should increase significantly. At this point, I want a hand. The microphone over to Revert. Tesche was going to tell you a little bit about what they're doing. It hes for cash. >>Thanks, Rick. I just want to introduce myself to the audience. My name is Rotational. Mention the CTO Europe ace. I'm joined my today by my colleague Gillian Ruffles or doctor of product management will be demoing what we have built with thoughts about, >>um but >>just to my introduction, I'm going to talk about five key things. Talk about what we do. What hes, uh we have Really, um what we went through the select that spot with other competitors What we have built with that spot very quickly and last but not least, some lessons learned during the implementation. So just to start with what we do, uh, we're age. We are health care compliance and revenue integrity platform were a saas platform voter on AWS were very short of l A. That's it. Use it on these around 1 50 customers across the U. S. On these include large academic Medical Insight on. We have been in the compliant space for the last 30 plus years, and we were traditionally consulting company. But very recently we have people did more towards software platform model, uh, in terms off why we chose that spot. There were three business problems that I faced when I took this job last year. At age number one is, uh, should be really rapidly deliver new functionality, nor platform, and he agile because some of our product development cycles are in weeks and not months. Hey had a lot of data, which we collected traditionally from the SAS platform, and all should be really create inside stretch experience for our customers. And then the third Big one is what we saw Waas large for customers but really demanding self service capabilities. But they were really not going for the static dash boats and and curated content, but instead they wanted to really use the cell service capabilities. Thio mind the data and get some interesting answers during their questions. So they elevated around three products around these problems statements, and there were 14 reasons why we just start spot number one wars off course. The performance and speed to insights. Uh, we had around 800 to a billion robot of data and we wanted to really kind of mind the data and set up the data in seconds on not minutes and hours. We had a lot of out of the box capabilities with that spot, be it natural language search, predictive algorithms. And also the interactive visualization, which, which was which, Which gave us the agility Thio deliver these products very quickly. And then, uh, the end user experience. We just wanted to make sure that I would users can use this interface s so that they can very quickly, um, do some discovery of data and get some insights very quickly. On last but not least, talksport add a lot of robust AP ice around the platform which helped us embed tot spot into are offering. But those are the four key reasons which we went for thoughts part which we thought was, uh, missing in in the other products we evaluated performance and search, uh, the interactive visualization, the end user experience, and last but not least flexible AP ice, which we could customize into our platform in terms of what we built. We were trying to solve to $50 billion problem in health care, which is around denials. Um so every year, around 2, 50 to $300 billion are denied by players thes air claims which are submitted by providers. And we built offering, which we called it US revenue optimizer. But in plain English, what revenue optimizer does is it gives the capability tow our customers to mind that denials data s so that they can really understand why the claims were being denied. And under what category? Recent reasons. We're all the providers and quarters who are responsible for these claims, Um, that were dryland denials, how they could really do some, uh, prediction off. It is trending based on their historical denial reasons. And then last but not least, we also build some functionality in the platform where we could close the loop between insights, action and outcome that Leon will be showing where we could detect some compliance and revenue risks in the platform. On more importantly, we could, uh, take those risks, put it in a I would say, shopping card and and push it to the stakeholders to take corrective action so the revenue optimizer is something which we built in three months from concept to lunch and and that that pretty much prove the value proposition of thoughts. But while we could kind of take it the market within a short period of time Next leopard >>in terms >>off lessons learned during the implementation thes air, some of the things that came to my mind asses, we're going through this journey. The first one is, uh, focus on the use case formulation, outcomes and wishful story boarding. And that is something that hot spot that's really balance. Now you can you can focus on your business problem formulation and not really focus on your custom dash boarding and technology track, etcetera. So I think it really helped our team to focus on the versus problem, to focus on the outcomes from the problem and more importantly, really spend some time on visualizing What story are we say? Are we trying to say to our customers through revenue optimizer The second lesson learned first When we started this implementation, we did not dualistic data volume and capacity planning exercise and we learned it our way. When we are we loaded a lot of our data sets into that spot. And then Aziz were doing performance optimization. XYZ. We figured out that we had to go back and shot the infrastructure because the data volumes are growing exponentially and we did not account for it. So the biggest lesson learned This is part of your architectural er planning, exercise, always future proof your infrastructure and make sure that you work very closely with the transport engineering team. Um, to make sure that the platform can scale. Uh, the last two points are passport as a robust set of AP Ice and we were able to plug into those AP ice to seamlessly ended the top spot software into a platform. And last but not least, one thing I would like to closest as we start these projects, it's very common that the solution design we run into a lot of surprises. The one thing I should say is, along those 12 weeks, we very closely work with the thoughts, part architecture and accounting, and they were a great partner to work with us to really understand our business problem, and they were along the way to kind of government suggested, recommends and workarounds and more importantly, also, helpers put some other features and functionality which you requested in their engineering roadmap. So it's been a very successful partnership. Um, So I think the biggest take of it is please make sure that you set up your project and operating model value ember thoughts what resources and your team to make sure that they can help you as you. It's some obstacles in the projects so that you can meet your time ones. Uh, those are the key lessons learned from the implementation. And with that, I would pass this to my colleague Leon Rough was going to show you a demo off what we go. >>Thanks for Tesh. So when we were looking Thio provide this to our customer base, we knew that not everyone needed do you access or have available to them the same types of information or at the same particular level of information. And we do have different roles within RMD auto Enterprise platform. So we did, uh, minimize some roles to certain information. We drew upon a persona centric approach because we knew that those different personas had different goals and different reasons for wanting to drive into these insights, and those different personas were on three different levels. So we're looking at the executive level, which is more on the C suite. Chief Compliance Officer. We have a denial trending analyses pin board, which is more for the upper, uh, managers and also exact relatives if they're interested. And then really, um, the targeted denial analysis is more for the day to day analysts, um, the usage so that they could go in and they can really see where the trends are going and how they need to take action and launch into the auditing workflow so within the executive or review, Um, and not to mention that we were integrating and implementing this when everyone was we were focused on co vid. So as you can imagine, just without covert in the picture, our customers are concentrated on denials, and that's why they utilize our platform so they could minimize those risks and then throw in the covert factor. Um, you know, those denial dollars increase substantially over the course of spring and the summer, and we wanted to be able to give them ah, good view of the denials in aggregate as well as's we focus some curated pin boards specific to those areas that were accounting for those high developed denials. So on the Executive Overview Board, we created some banner tiles. The banner tiles are pretty much a blast of information for executives thes air, particular areas where there concentrating and their look looking at those numbers consistently so it provides them away to take a good look at that and have that quick snapshot. Um, more importantly, we did offer as I mentioned some curated pin boards so that it would give customers this turnkey access. They wouldn't necessarily have to wonder, You know, what should I be doing now on Day one, but the day one that we're providing to them these curated insights leads the curiosity and increases that curiosity so that they can go in and start creating their own. But the base curated set is a good overview of their denial dollars and those risks, and we used, um, a subject matter expert within our organization who worked in the field. So it's important to know you know what you're targeting and why you're targeting it and what's important to these personas. Um, not everyone is necessarily interests in all the same information, and you want to really hit on those critical key point to draw them and, um, and allowed them that quick access and answer those questions they may have. So in this particular example, the curated insight that we created was a monthly denial amount by functional area. And as I was mentioning being uber focused on co vid, you know, a lot of scrutiny goes back to those organizations, especially those coding and H i M departments, um, to ensure that their coding correctly, making sure that players aren't sitting on, um, those payments or denying those payments. So if I were in executive and I came in here and this was interesting to me and I want to drill down a little bit, I might say, You know, let me focus more on the functional area than I know probably is our main concern. And that's coating and h i M. And because of it hit in about the early winter. I know that those claims came in and they weren't getting paid until springtime. So that's where I start to see a spike. And what's nice is that the executive can drill down, they may have a hunch, or they can utilize any of the data attributes we made available to them from the Remittance file. So all of these data, um, attributes are related to what's being sent on the 8 35 fear familiar with the anti 8 35 file. So in particular, if I was curious and had a suspicion that these were co vid related or just want to concentrate in that area, um, we have particular flag set up. So the confirmed and suspected cases are pulling in certain diagnosis and procedure codes. And I might say 1.27 million is pretty high. Um, toe look at for that particular month, and then they have the ability to drill down even further. Maybe they want to look at a facility level or where that where that's coming from. Furthermore, on the executive level, we did take advantage of Let me stop here where, um also provided some lagged a so leg. This is important to organizations in this area because they wanna know how long does it take before they re submit a claim that was originally denied before they get paid industry benchmark is about 10 days of 10 days is a fairly good, good, um, basis to look at. And then, obviously anything over that they're going to take a little bit more scrutiny on and want to drill in and understand why that is. And again, they have that capabilities in order to drill down and really get it. Those answers that they're looking for, we also for this particular pin board. And these users thought it would be helpful to utilize the time Siri's forecasting that's made available. So again, thes executives need thio need to keep track and forecast where they're trends were going or what those numbers may look like in the future. And we thought by providing the prediction pins and we have a few prediction pins, um would give them that capability to take a look at that and be able to drill down and use that within, um, certain reporting and such for their organization. Another person, a level that I will go to is, um, Mawr on the analyst side, where those folks are utilizing, um, are auditing workflow and being in our platform, creating audits, completing audits, we have it segregated by two different areas. And this is by claim types so professional or institutional, I'm going to jump in here. And then I am going to go to present mode. So in this particular, um, in this particular view or insight, we're providing that analysts view with something that's really key and critical in their organization is denials related Thio HCC s andi. That's a condition category that kind of forecast, the risk of treatment. And, you know, if that particular patient is probably going to be seen again and have more conditions and higher costs, higher health care spending. So in this example, we're looking at the top 15 attending providers that had those HCC denials. And this is, um, critical because at this point, it really peaks in analyst curiosity. Especially, You know, they'll see providers here and then see the top 15 on the top is generating Ah, hide denial rate. Hi, denial. The dollars for those HCC's and that's a that's a real risk to the organization, because if that behavior continues, um, then those those dollars won't go down. That number won't go down so that analysts then can go in and they can drill down um, I'm going to drill down on diagnosis and then look at the diagnosis name because I have a suspicion, but I'm not exactly sure. And what's great is that they can easily do this. Change the view. Um, you know, it's showing a lot of diagnoses, but what's important is the first one is sepsis and substance is a big one. Substances something that those organizations see a lot of. And if they hover, they can see that 49.57 million, um, is attributed to that. So they may want to look further into that. They'd probably be interested in closing that loop and creating an audit. And so what allowed us to be able to do that for them is we're launching directly into our auditing workflow. So they noticed something in the carried insight. It sparked some investigation, and then they don't have to leave that insight to be able to jump into the auditing workflow and complete that. Answer that question. Okay, so now they're at the point where we've pulled back all the cases that attributed to that dollar amount that we saw on the Insight and the users launching into their auditing workflow. They have the ability Thio select be selective about what cases they wanna pull into the audit or if they were looking, um, as we saw with sepsis, they could pull in their 1600 rose, but they could take a sampling size, which is primarily what they would do. They went audit all 1600 cases, and then from this point in they're into, they're auditing workflow and they'd continue down the path. Looking at those cases they just pulled in and being able Thio finalized the audit and determine, you know, if further, um, education with that provider is needed. So that concludes the demo of how we integrated thought spot into our platform. >>Thank you, LeAnn. And thank you. Re test for taking the time to walk us through. Not only your company, but how Thought spot is helping you Power analytics for your clients. At this point, we want to open this up for a little Q and A, but we want to leave you with the fact that thought spot everywhere. Specifically, it cannot only do this for Hayes, but could do it for any company anywhere they need. Analytical applications providing these applications for their customers, their partners, providers or anybody within their network for more about this, you can see that the website attached below >>Thanks, Rick and thanks for tests and Leon that I find it just fascinating hearing what our customers are doing with our technology. And I certainly have learned 100% more about sepsis than I ever knew before this session. So thank you so much for sharing that it's really is great to see how you're taking our software and putting it into your application. So that's it for this session. But do stay tuned for the next session, which is all about getting the most out of your data and amplifying your insights. With the help of A, I will be joined by two thought spot leaders who will share their first hand experiences. So take a quick breather and come right back

(bright orchestral music) >> John: Hello there and welcome to this special cube conversation, I'm John Furrier, here in theCUBE's Palo Alto studio. We're here with Jonathan Nguyen, who's with, formerly Verizon, now with Fortinet. What's your title? >> Jonathan: Vice President of Strategy. >> John: Vice President of Strategy, but you're really, more of a security guru. You, notably, were the author of the Verizon data breach investigative report. Great report >> Jonathan: Thank you. >> John: It really has been the industry standard. Congratulations, great to have you here. >> Jonathan: Thanks, it was a great 16 years at Verizon in the security business, ran that data breach investigations team. So yeah, that was a great honor in my career. >> John: So you call it "strategy" because they don't want you to word cyber security in your title on LinkedIn in case they spearfish you. Is that right? (laughs) >> Jonathan: Yeah, having started my career as a US Foreign Service Officer, as a victim of the OPM data breach, everything about me is out there. I love in the perfect universe about how do you defend your identity when everything about you has been compromised to begin with. >> John: So many stories I had a Cube guest talk about LinkedIn and the tactics involved in spearfishing and the efforts that people go in to attack that critical resource that's inside a perimeter. This is a big problem. This is the problem with cyber warfare and security and crime. >> Jonathan: Yes. >> John: Talk about that dynamic, because this is, I mean, we always talk about the cloud changes, the perimeter, but of course, more than ever this is really critical. >> Jonathan: So, fundamentally as we begin going into digital transformation and notions about where data is today and the nature of computing, so everything has changed and the notion of a traditional perimeter has changed as well. So I'm going to borrow a great analogy from my friend Ed Amoroso and he said Look, let's pretend that this is your traditional enterprise network and all of your assets are in there, and we all agreed that that perimeter firewall is being probed every day by nation-state actors, organized criminal syndicates, hacktivists, anybody. Everyone's probing that environment. It's also dissolving because you've got staffers inside there using shadow IT, so they're opening up that firewall as well. Then, you've got applications and portals that need to be accessed by your stakeholders, your vendors, your customers. And so that traditional wall is gradually eroding, but yet that's where all of our data is, right? And against this environment you've got this group, this unstoppable force, as Ed calls it, these nation-state actors, these organize crime, these hacktivist groups, all highly sophisticated, and we all agree, that with time and effort, they can all penetrate that traditional perimeter. We know that because that's why we hire pin testers and red-teamers to demonstrate how to get into that network and how to protect that. So, if that's the case that we have this force, and they're going to break in eventually, why are we still spending all of our time and effort to defend this traditional perimeter that's highly vulnerable? Well the answer is, of course, that we need to distribute these work loads, into multiple clouds and into multi-hybrid cloud solutions. The challenge has been, well how do you do that with enough control and visibility and detection as you would have in a traditional perimeter, because a lot of folks just simply don't trust that type of deployment. >> John: That's the state of the art, that's the state of the art problem. How to deal with the complexity of IT as with digital transformation as it becomes so complicated and so important at the same time, yet cloud is also on the horizon and it's here. We see the results with Amazon Web Services. We see what Azur's doing and Google, etc., etc. And some companies are building their own cloud, so you have this new model, with cloud computing, data-driven applications, and it's complex, but does that change the security paradigm? How does the complexity play into it? >> Jonathan: Absolutely, so complexity has always been the enemy of security and at Fortinet, what we essentially do is that we help companies understand and manage complexities to manage risk. So complexity is only going to increase, so digital transformation, the widespread adoption of digital technologies to enable exponential and explosive productivity growth, right? Societal-level changes, right? >> John: Right. >> Jonathan: Also massive expand the inter connective nature of our society. More and more introductions. Accelerated cycles across the board. Greater levels of complexity. The challenge is going to be, not about whether you're moving into the cloud. Everyone is going to move into the cloud, that is the basis of computing moving next. So in the Australian government, the US government, all the agencies have a cloud-first migration initiative. It's not about whether. It's not about, it's really about when, so how do you move forward with moving your computing, your workload into the cloud? In many ways, it goes back to fundamentals about risk management. It's about understanding your users and your systems, the criticality, the applications you're associated with, and understanding what can you move into the cloud and what do you keep on prim in a private cloud as it were. >> John: I want to ask you more about global, more about cyber security, but first let's take a step back and set the table. What is the wholistic and the general trend in cyber security today. I mean, what is the, what's going on in the landscape and what are the core problems people are optimizing for? >> Jonathan: Sure. So, across my 20-odd years in cyber, what we've seen consistently has been the acceleration of the volume, the complexity, and the variety of cyber threats. 10 years ago, 2007 or so, there were about 500 threat factors. Today we're north of 5,000. Back in that point, there were maybe 200 vendors, today we're north of 5,000 vendors. There was less than $1 billion of cyber security spent. Today we're north of $80 billion of spend and yet the same challenges pervade. And what's happening now, they're only becoming more accelerated, so in the threat environment, the criminal environment, the nation-state threat actors, they're all becoming more sophisticated. They're all sharing information. They're sharing TTP and they're sharing in a very highly effective marketplace. The dark web cyber crime marketplace is an effective mechanism on sharing information, on matching threat actors to targets. So the frequency, the variety, the intelligence of attacks, automated ransomware attacks, is only going to grow. Across the board, all of us on this side of the fence, our challenge is going to be, how do we effectively address security at speed and scale. And that's the key because you can effect security very well in very discrete systems, networks, facilities, but how do you do it from the IoT Edge, from the home area network, the vehicle area network, the personal area network, to the enterprise network, then to a hybrid cloud. A highly distributed ecosystem and how do you have visibility and scale across that when the interval of detection between the detonation of malware to the point of irrecoverable damage, is in seconds. >> John: So tons of attack vectors, but also I would add to complicate the situation further is the surface area. You mentioned IoT. >> Jonathan: Yeah. >> John: We've seen examples of IoT increasing, more avenues in. >> Jonathan: Yeah. >> John: Okay, so you've got more surface area, more attack vectors with technology. Malware is one. We've seen that and ransomware certainly number one. But it's not just financial gain, it's also, there's terrorism involved. >> Jonathan: Absolutely. >> John: So, it's not just financial services, get the cash and embarrass a company. It's, I want to take down that power plant. >> Jonathan: Sure. >> John: So, is there a common thread, because you can, I mean, every vertical is going to have their own rendering issues, have their own kind of situation contextually. But is there a common thread across the industry that cyber security is run, is there a baseline that you guys are attacking and that problems are being solved on? Can you talk about that? >> Jonathan: Sure. So, at the heart of that is a convergence of operational technologies and information technology. Operational technologies were never designed to be IP enabled. They were air-gapped. Never designed to be integrated and interconnected with information technology systems. The challenge has been, as you said, is that as you go through digital transformation, become more interconnected, how do you understand when a thermostat has gone offline, or a conveyor belt has gone offline, or a furnace is going out of control, how do you understand that the HVAC system for the operating theater, the surgery theater, is operating properly? Now we have this notion of functional safety and you have to marry that with cyber security and so, in many ways, the traditional approaches are still relevant today. Understanding what systems you have, the users that use them, and what's happening in that and to detect those anomalies and mitigate that in a timely fashion. Those themes are still relevant, it's just that they're much, much larger now. >> John: Let's get back to the perimeter erosion issue because... >> Jonathan: Yeah. >> John: One of the things we're seeing on The Cube is digital transformation, it's out there, to kick around the buzzword, it's out there, but it's certainly, it's relevant. People are transforming to a digital business. Peter Burrows had (unintelligible) they talk about this all the time and it's a lot, a lot involves IT, business process, putting data to work, all that good stuff, transforming the business, drive revenue, but security is more coarse. And sometimes it's, we're seeing it being unbundled from IT and reporting directly up to either the board level or C level. So, that being said, how do you solve this? I'm a digital transformation candidate. I'm doing it. I got, my mind's full of security all the time. How do I solve the security problems, cyber security problem? Just prevention, other things? What's the formula? >> Jonathan: Okay, so at the heart of cyber security is risk management. So digital transformation is the use of digital technology to drive exponential productivity gains across the board and it's about data-driven decision making versus intuitive-led human decision making. So, the heart of digital transformation is making sure that the business leaders have the timely information to make decisions in a much more timely fashion. So that you have better business outcomes and better quality of life, safety, if you will. And so the challenge is about how do you actually enable digital transformation and it comes down to trust. And so, again across the pillars of digital transformation and they are first, IoT, these devices that are connected to collect and share information, to make decisions, the sheer volume of data, zetabytes of data that will be generated in a process of these transactions. Then you have ubiquitous access and you're going to have 5G. You have this notion of centralized and distributed computing. How will you enable those decisions to be made across the board? And then, how do you secure all of that? And so, at the heart of this is the ability to have automated, and that's key, automated deep visibility and control across an ecosystem. So you've got to be able to understand, at machine speed, what is happening. >> John: How do I do that? What do I do? Do I buy a box? Do I, is it a mindset? Is it everything? What's the, how do I stop those cyber attacks? >> Jonathan: So, you need a framework of automated devices that are integrated. So a couple of things you're going to need. You're going to need to have the points across this ecosystem where you can detect. So, whether that is a firewall on that IoT Edge or in the Home or there's an internally segmented firewall, across the enterprise network into the hybrid cloud. You're also going to need to have intelligence and by intelligence, I mean you're going to need a partner who has a global infrastructure of telemetry to understand what's happening in real time, in the wild. And once you collect that data, you're going to need to have intelligence analysts, researchers, that can put into context what that data means, because data doesn't become information on its own. You actively have to have someone analyze that. So you have to have a team. At Fortinet, we have hundreds of people who do just that. And once you have the intelligence, you've got to have a way of utilizing it, right? And so, then you've got a way of orchestrating that intelligence into that large framework of integrated devices so you can act. And in order to do that effectively, you have to do that at machine speed and that's what I mean by speed and scale. The big challenge about security is the ability to have deep visibility and control at speed, at machine speed, and at scale from that IoT Edge way across into the cloud. >> John: Scale's interesting, so I want to ask you about the Fortinet. How are you guys at Fortinet solving this problem for customers because you have to, is it, the totality of the offering? Is it some here, technology here and again, you've got 5,000 attack vectors, you mentioned that earlier and you did the defense report at Verizon, your former job. So you kind of know the landscape. What does Fortinet do? What do you guys, how do you solve that problem? >> Jonathan: So, from day one, every CISO has been trying to build the fabric. We didn't call it that, but from my first packet-filtering firewall to my first stateful firewall, then I deployed intrusion-detection systems and when all that generated far more lists than I can manage, I deployed an SEM. And then I went to intrusion prevention and I had to look at logs, and so I went to an SIEM. And when that didn't work, I deployed Sandbox, which was called dynamic malware inspection back in the day. And then when that didn't work, I had to go to analytics. And then I had to bring in third-party technology, third-party intelligence feeds and all along, I hoped I was able to make those firewalls, those defense sensors, that platform integrated with intelligence, work somehow to detect the attack and mitigate that in real time. Now, what we essentially do in the Fortinet security fabric is we reduce that complexity. We bring that level of automa-... >> John: And by the way, your ad hoc, you're reacting in that mode. You're just, ya know, I got to do this. I got to add that to it. So it's almost like sprawling, software sprawl. You're just throwing solutions at the wall. >> Jonathan: Right, and a lot of that time, no one knows if the devices are properly configured. No one has actually done the third party technology integration. No one has actually met the requirements that we'd employ three years ago through requirements today and the requirements three years from now. And so, that's a huge level of complexity and I think at the heart of that complexity, that's reflected in the fact that we're missing the basic elements in security across today. The reason the large data attacks and the data breaches didn't come because of advanced malware. They didn't happen of nation-state threats. These were known vulnerabilities. The patches existed. They weren't patched. In my experience, 80% of all the attacks could be mitigated through simple to intermediate controls. >> John: Deploying the patches. Doing the job. >> Jonathan: Complexity. Patch management sounds easy. It's hard. Some applications, there is no patch available. You can't take things offline. You have to have virtual patches or unintended consequences. And there are a lot of things that don't happen. There's the handoff between the IT team and the security team and it adds complexity. And if you think about this, if our current teams are so overwhelmed that they cannot mitigate known attacks, exploits against known vulnerabilities, how are they going to be able to grapple with the complexity of managing zetabytes of data with an ecosystem that spans around the world, that operates in milliseconds, where now it's not just digital issues. It's health, safety, physical security. How can we trust that a connected vehicle is secure or not. >> John: Talk about the dynamic between machines and humans because you mentioned patches, and this is, you can argue that it's a human mistake, but also you mentioned automation earlier. The balance between automation, using machines and humans, because prevention and risk management seem to be the axis of the practice. It used to be all prevention, now it's a lot more risk management. There's still a human component in here. >> Jonathan: Yeah. >> John: How are you guys talking about that and how is that rendering itself as a value proposition for customers? >> Jonathan: So, humans are the essence, both the challenge, in so many cases we have faulty passwords, we have bad hygiene. That's why security's awareness training is so critical, right? Because humans are part of the problem, on one end. On the other end, within the sock, humans are grappling with huge amounts of data and trying to understand what is malicious, what needs to be mitigated, and then prioritizing that. For us, it's about helping, the complexity, reducing the complexity of that challenge and helping automate those areas that should be automated so the humans can act better and faster, as it were. >> John: We're here with Jonathan Nguyen with Fortinet. I want to ask you about the ecosystem you mentioned that early and also the role of CISO, the Chief Information Security Officer and CIO, essentially the executives in charge of security. Say you have executives in charge of the risk management, don't get hacked, don't get breached, and also the ecosystem partners. So, you have a very interesting environment right not where people are sharing information, you mentioned that earlier as well. So you got the ecosystem of sharing and you have executives in charge of running their businesses effectively and not have security breaches happen. What's happening in... What are they working on? What are the key things that chief security officers are working on with CIOs? What specifics are on their plate and what's the ecosystem doing around that too? >> Jonathan: Sure. So digital transformation dominates all discussions today. And every CISO has two masters. They have a productivity master, which is always the business-side of the house and they have a security master, which is ensuring that reasonable level of security is, in the advent, managing risk, right? And that's the challenge, how do you balance that? So, across the board, CISOs are being challenged to make sure that the applications, the digital transformation initiatives are actually occurring and at the same time, in the advent of a data breach, understanding the risk and managing the risk. How do you tell your board of directors, your governments that you're not only compliant, but that you have handled risk to a reasonable level of assurance? And that means, in my opinion, across my experience, you've got to be able to demonstrate a couple of things: one, you have identified and adopted, with third-party implementation and attestation, a recommended best practices and controls. Second, you've implemented and used best-in-class products and technologies like Fortinet. Products that have gone through clearances, gone through common criteria, where things are properly certified and that's how you demonstrate a reasonable level. It's really about risk management, understanding what level of risk you will tolerate, what level of risk you will mitigate, and what level of risk you're going to transfer. And I think that's the discussion at the board level today. >> John: So more, make people feel comfortable, but also have a partner that can actually do the heavy lifting on new things. 'Cause there's always going to be a new attack vector out there. >> Jonathan: Absolutely. So I think the key to it is understanding what you're really good at and so then one of the questions I ask ever CISO is that when you look at technology, what is it that your organization is really good at? Is it using technology? Is it operationalizing that experience? Or is it really about ensuring that the firewall is integrated with your sim and that the sim works and trying to create your own threat intelligence. And I think that one of the things we do better than anybody else is that we reduce the level of complexity of that, allowing our clients to really focus on providing security, using the best-in-class technologies to do that. >> John: Jonathan, a final question. In 2018, what's your outlook for the year for CISOs and companies with cyber right now? >> Jonathan: I think it's going to be an exciting time. I think, is there going to be a focus back on basics? Because before we take this next evolutionary leap, in terms of cyber and computing and the digital nature of our society, we've got to get the basics done right. And I think the way Fortinet's going, our ability to use the fabric, to help manage risk, and reduce risk, is going to be the path forward. >> John: This is The Cube, bringing you commentary and coverage of cyber security of course, here in our Palo Alto studio. I'm John Furrier, thanks for watching. (orchestral music) The Cube.

(bright music) >> Hello everybody, welcome to this special CUBE Conversation. I'm John Furrier here in theCUBE's Palo Alto studio. We're here with Jonathan Nguyen, who's with, formally Verizon, now with Fortinet. What's your title? >> Vice President of Strategy. >> Vice President of Strategy, but you're really, I would say, more of a security guru. You had, notably, with the author of the Verizon Data Breach Investigative Report. Great report, it really has been interesting. Congratulations, it's great to have you here. >> Thanks, it was great, 16 years at Verizon, in the security business. ran the data breach investigations team, so that was a great honor in my career, yeah. >> John: So, you called strategy, 'cause they didn't want you to use the word cyber security on your title on LinkedIn in case they spearfish you, is that right, no? (laughs) >> Jonathan: You know, having started my career as a US foreign service officer, as a victim of the OPM data breach, everything about me is out there. >> Yeah. (laughs) >> I live in a perfect universe about how do you defend your identity when everything about you's been compromised to begin with? >> Some of these stories, I had a CUBE guest talk about LinkedIn, and attackers involved in spearfishing, and the efforts that people go into to attack that critical resources inside the parameter. This is a big problem. This is the problem with cyber warfare and security, and crime. >> Yes. Talk about that dynamic, 'cause this is, we always talk about the cloud change, the perimeter, of course. >> Sure. >> More than ever, this is really critical. >> Jonathan: Fundamentally, as we begin going into digital transformation and notions about where data is today and the nature of computing, everything has changed, and the notion of a traditional perimeter has changed as well. I'm going to borrow a great analogy from my friend, Ed Amoroso, and he said, "Look, let's pretend "this is your traditional enterprise network, "and all your assets are in there. "And we all agree that that perimeter firewall "is being probed everyday by nation state actors, "organized criminal syndicates, hacktivists, anybody. "Everyone's probing that environment." It's also dissolving because we've got staffers inside there using shadow IT, so they're opening up that firewall as well. Then you've got applications and portals that need to be accessed by your stakeholders, your vendors, your customers. And so that traditional wall is gradually eroding, yet, that's where all of our data is, right? And against this environment, you've got this group, this unstoppable force, as Ed calls it. These nation-state actors, these organized crime, these hacktivist groups, all highly sophisticated. And we all agree, that with time and effort, they can all penetrate that traditional perimeter. We know that because that's why we hire pin testers, and red teamers, to demonstrate how to get into that network and how to protect that. So if that's the case, that we have this force, and they're going to break in eventually, why are we still spending all of our time and effort to defend this traditional perimeter that's highly vulnerable? Well, the answer is, of course, that we need to distribute these workloads, into multiple clouds, into multi hybrid cloud solutions. The challenge has been, well, how do you do that with enough control and visibility and detection as you have with a traditional perimeter, because a lot of folks just simply don't trust that type of deployment. >> That's the state of the, I mean, that's the state of our problem. How to deal with the complexity of IT, with digital transformation, as it becomes so complicated, and so important, at the same time. Yet, cloud is also on the horizon, it's here. We see the results of Amazon Web Services, see what Azure is doing, Google, et cetera, et cetera. And some companies are doing their own cloud. So, you have this new model, cloud computing. Data driven applications. And it's complex, but does that change the security paradigm? How does the complexity play into it? >> Jonathan: Absolutely, so, complexity has always been the enemy of security. And at Fortinet, what we essentially do is that we help companies understand and manage complexity to manage risk. So complexity is only going to increase. So digital transformation, the widespread adoption of digital technology is to enable exponential explosive productivity growth. Societal level changes, right? Also, massively expand the inter-connective nature of our society. More and more connections, accelerated cycles across the board, greater levels of complexity. The challenge is going to be not about whether we're moving to the cloud, everyone is going to move into the cloud, that is the basis of computing moving next. So in the Australian government, the US government, all of the agencies have a cloud-first migration initiative. It's not about whether, it's not about, it's really about when. So how you move forward with moving your computing, your workloads into the cloud? In many ways it goes back to fundamentals about risk management. It's about understanding your users and your systems, the criticality, the applications you're associated with. And understanding what can you move into the cloud, and what do you keep on-prem, in a private cloud, as it were? >> I want to ask you more about global, more about cybersecurity, but first, take a step back and set the table. What is the holistic and the general trend, in cybersecurity today? What's going on in the landscape, and what are the core problems people are optimizing for? >> Sure. >> So, across my 20-odd years in cyber, what we've seen consistently has been the acceleration of the volume, the complexity, and the variety of cyber threats. So, 10 years ago, 2007 or so, there were about 500 threat factors; today, we're north of 5000. Back at that point, there were maybe 200 vendors; today, we're north of 5000 vendors. There was less than a billion dollars of cybersecurity spent; today, we're north of 80 billion dollars spent. And yet, the same challenges pervade. And what's happening now, they're only becoming more accelerated. So in the threat environment, the criminal environment, the nation-state threat actors, they're all becoming more sophisticated. They're all sharing information! (laughs) They're sharing TTP, and they're sharing it on a highly effective marketplace: the dark web cyber crime marketplace is an effective mechanism of sharing information, of matching threat actors to targets. So the frequency, the variety, the intelligence of attacks, automated ransomware attacks, is only going to grow. Across the board, all of us on this side of the fence, our challenge is going to be, how do we effectively address security at speed and scale? And that's the key. Because you can affect security very well, in very discreet systems, networks, facilities. But how do you do it from the IOT edge? From the home area network, the vehicle area network, the personal area network? To the enterprise network, to then, to a hybrid cloud. A highly distributed ecosystem. And how do you have visibility and scale across that, when the interval of detection, between the detonation of malware, to the point of irrecoverable damage, is in seconds. >> So, tons of attack vectors, but, also, I would add, to complicate the situation further is, the service area, you mentioned IOT. We've seen examples of IOT increasing more avenues in. Okay, so you've got more surface area, more attack vectors with technology. Malware, we see that in ransomware, certainly, number one. But it's not just financial gain, there's also this terrorism involved. >> Absolutely. It's not just financial services get the cash, and embarrass the company, it's, I want to take down that power plant. So, is there a common thread? I mean, every vertical is going to have their own, kind of situation, contextually. But is there a common thread across the industries, that cybersecurity, is there a baseline, that you guys are attacking, that problems are being solved? Can you talk about that? >> Sure. >> So, at the heart of that is a convergence of operational technologies and information technology. Operational technologies were never designed to be IP enabled, they were air gapped. Never designed to be integrated and interconnected, with information technology systems. The challenge has been, as you said, is that as you go through digital transformation, become more interconnected, how do you understand when a thermostat has gone offline, or a conveyor belt has gone offline, or a furnace is going out of control? How do you understand that the HVAC system for the operating theater, the surgery theater, is operating properly? Now we have this notion of functional safety, and you have to marry that with cybersecurity. So, in many ways, the traditional approaches are still relevant today. Understanding what systems you have, the users that use them, and what's happening, in that. And detect those anomalies and to mitigate that, in a timely fashion? Those same themes are still relevant. It's just that they're much, much larger now. >> John: Let's get back to the perimeter erosion issue because one of the things that we're seeing on theCUBE is digital transformations out there. And that's, I kicked a lot of buzzwords out there, but certainly, it's relevant. >> Yeah. People are transforming to digital business. Peter Burroughs had research, we keep on top of those all of the time. And it's, a lot involves IT. Business process, putting data to work, all that good stuff, transforming the business, drive revenue. But security is more coarse. And sometimes we're seeing it unbundled from IT, and we're reporting directly to the board level, or CEO level. That being said, how do you solve this? I'm a digital transformation candidate, I'm doing it, and I'm mindful of security all the time. How do I solve the security problem, cyber security problem? Just prevention, other things? What's the formula? >> Okay, so at the heart of cybersecurity is risk management. So digital transformation is the use of digital technologies to drive exponential productivity gains across the board. And it's about data driven decision making, versus intuitive led human decision making. So at the heart of digital transformation is making sure that the business leaders have their timely information to make decisions, in a much more timely fashion, so they have better business outcomes and better quality of life. Safety, if you will. And so the challenge is about, how do you actually enable digital transformation, it comes down to trust. And so, again, across the pillars of digital transformation. And they are, first, IOT. These devices that are connected collect, share information, to make decisions. The sheer volume of data, zettabytes of data, that will be generated in the process of these transactions. Then you have ubiquitous access. And you're going to have five G, you have this notion of centralized and distributed computing. How will you enable those decisions to be made, across the board? And then how do you secure all of that? And so, at the heart of this is the ability to have, automated, that's key, automated deep visibility and control across an ecosystem. So you've got to be able to understand, at machine speed, what is happening. >> John: How do I do that, what do I do? Do I buy a box, is it mindset, is it everything? How do I solve, how do I stop cyber attacks? >> You need a framework of automated devices that are integrated. So, a couple of things you're going to need: you're going to need to have the points, across this ecosystem, where you can detect. And so, whether that is a firewall on that IOT edge, or in the home, or that's an internally segmented firewall, across the enterprise network into the hybrid cloud. You're also going to need to have intelligence, and by intelligence, that means, you're going to need a partner who has a global infrastructure of telemetry, to understand what's happening in real time, in the wild. And once you collect that data, you're going to need to have intelligence analysts, researchers, that can put into context what that data means, because data doesn't come into information on its own, you actively have to have someone to analyze that. So you have to have a team, at Fortinet, we have hundreds of people who do just that. And once you have the intelligence, you've got to have a way of utilizing it, right? And so, then you've got to have a way of orchestrating that intelligence into that large framework of integrated devices, so you can act. And in order to do that, effectively, you have to do that at machine speed. And that's what I mean by speed and scale. The big challenge about security is the ability to have deep visibility, and control, at speed, at machine speed. And at scale, from that IOT edge, way across, into the cloud. >> Scale is interesting, so what I want to ask you about Fortinet, how are you guys, at Fortinet, solving this problem for customers? Because you have to, is it, the totality of the offering, is it, some technology here, and again, you have 5000 attack vectors, you mentioned that earlier, and you did the defense report at Verizon, in your former jobs. You kind of know the landscape. What does Fortinet do, what are you guys, how do you solve that problem? >> So, from day one, every CSO has been trying to build a fabric, we didn't call it that. But from my first packet-filtering firewall, to my first stateful firewall, then I employed intrusion detection systems, and all of that generated far more lists I can manage, and I deployed an SEM. And then I went to intrusion prevention. And I had to look at logs, so I went to an SIEM. And when that didn't work, I deployed sandboxing, which was called dynamic malware inspection, back in the day, and then when that didn't work, I had to go to analytics. And then, I had to bring in third party technology, third party intelligence feats, and all along, I hoped I was able to make those firewalls, and defense sensors, that platform, integrated with intelligence, work somehow to detect the attack, and mitigate that in real time. Now, what we essentially do, in the Fortinet security fabric is, we reduce that complexity. We bring that level of-- >> And by the way. >> John: You're Ed Hoff, you're reacting in that mode, you're just, I got to do this, I got to add that to it. So it's almost like sprawling, software sprawl. You're just throwing solutions at the wall. >> Right, and a lot of that time, no one knows if their vices are properly configured, no one has actually done the third party technology integration. No one has actually met the requirements that were deployed three years ago, there are requirements today, there are requirements three years from now. And so, that's a huge level of complexity, and I think, at the heart of that complexity. That's reflected in the fact that, we're missing the basic elements in security today. The reason, the large data attacks, and the data breaches, didn't come because of advanced malware, they didn't happen off nation-state threats. These were known vulnerabilities, the patches existed, they weren't patched! In my experience, 80% of all the attacks could be mitigated through simple to intermediate controls. >> Deploying the patches, doing the job. >> Complexity. Patch management sounds easy, it's hard. Some applications, there is no patch available. You can't take things offline, you have to have virtual patches, there are unintended consequences. And there are a lot of things that don't happen. There's the handoff between the IT team and the security team, and it adds complexity. And if you think about this, if our current teams are so overwhelmed that they cannot mitigate known attacks, exploits against known vulnerabilities. How are they going to be able to grapple with the complexity of managing zettabytes of data, with an ecosystem that spans around the world, and operates in milliseconds, where, now, it's not just digital issues, it's health, safety, physical security. How can we trust a connected vehicle, is it secure or not? >> Jon, talk about the digital transformation for industries. As we talked earlier about the commonalities of the industries, they all have their own unique use cases, contextually, I mean, oil and gas, financial services, healthcare, EDU, they all have different things. What is the digital transformation objective and agenda and challenges and opportunities for financial services, healthcare, education, and the public sector? >> So, digital transformation has some similar themes, across industry verticals. For financial services, it's about omnichannel customer engagement, it's about owning that customer experience, how will a financial service company be able to reach each connected consumer? Highly personalized way, highly customized services, suited for that customer so that they can interact, at any time, that they desire, on any device, any media they desire, across the entire experience? For when that person first becomes employed, and has a first checking account, to the point that they retire, the notion around digital transformation for financial services. How do we go about, as an FS company, to reach that customer, in an omnidirectional, omnichannel way, and maximize that experience? How do we do that with highly personalized, highly customized service, self-service, if you will, all with security, across massive amounts of data? How do you ensure that that's the challenge? And then you have to do that in a very distributed ecosystem, from the ATM, home, from the vehicle, and as we move into digitally enabled societies, from the connected car, all of those places will have transactions, all of that will have to be the purveyance of financial services companies. So the level of complexity that they're going to have to grapple with is going to be immense. >> John: And the app, too, is basically the teller, 'cause the app is driving everything, too. It brings up, essentially, the argument, not argument, our thesis, your thesis, on the obvious, which is, the perimeter is eroding. It's the app on the phone. (laughs) Okay, healthcare. Healthcare is one of those things that is near and dear to my heart because, I remember back in the days, when I was younger, HIPAA compliance, it created all of these databases. Creating complexity, but also, structured things. So, healthcare is being disrupted, and security is obviously concerned. More ransomware in hospitals, you see, everywhere these days, big, big issue. >> Yeah, so, challenges in healthcare are twofold. On the one hand, their targets are ransomware because that's where money is. They have compliance challenges, but in a very interesting way, based off of the research we've seen, is that healthcare is a lot more kin to the intelligence community than any other. Because it has insider threats. Large amounts, 7 out of 10 healthcare data breaches are the result of insider threat. So, like financial services, and the other verticals in digital transformation, again, it comes to the notion of the connected consumer and the connected citizen. How do you make sure that that person can be touched and served, irrespective of whether they're in the home, or in another healthcare facility, and all of their devices that are IP-enabled are safe and secure, and to monitor that. And to keep that secure, across a large distributed ecosystem, and for a long period of time, as well. >> Education, talk about insider threats probably there, too. Education is a huge vertical with a lot of, sure, students, but also the general EDU market is hot too. >> Jon: And it's incredibly challenging, because the environment ranges from kindergarten, preschool, to high school, to higher levels of education, that are government funded, with classified intelligence, and materials, and research labs. And the educational environment, how do you provide security, confidentiality, and availability, in an ecosystem that was designed for the free flow and access of information, and how do you do that across a highly distributed ecosystem? Again, constant themes of complexity, volumes of data, and personalized and customized services. >> John: And you got to be able to turn those services on fast, and turn them off and on. Okay, finally, my favorite area is the federal, or public sector market, of course, that also includes higher ed, whatnot. But really government and federal. Public sector, seeing govcloud booming. What are some of the challenges with digital transformation in federal? >> So the hard part of federal government is the notion of service to the connected citizen. And that connected citizen now wants to be able to access city hall, their members of Congress, the White House, in a digital way, at any time, on any device, so that they can log their opinion. It is a cacophony of demand from across the board. From state, local, to federal, that every citizen now demands access to services, on any digital media, and, at the same time, for everything from potholes, and snow removal, and trash removal, those are the types of services that are needed. So, government, now, needs to provide services in the digital way, and provide security across that. >> John: In respect to those verticals, especially public sector and education, transparency is critical. You can't hide, the government can't hide. They provide citizens connectivity, and services. There's no more excuses, they have to go faster. This is a big dynamic. >> I think that we all have expectations of what it is to grow up in a digital world. My children have only grown up in a digital world. They expect things to happen at digital speed, at machine speed, they expect a high level of customized services, so that when they go, and interact with a government agency or a vendor, that vendor, that service provider, needs to know his or her preference. And will automate that and deliver those services in an incredible fashion. As I said earlier, when my kids talk about, when they learned about Moses, and heard about Moses coming down from the mountain with tablets, they thought that he was an Apple user. You know, there was no notion of other types of tablets. The connected citizen is a digital citizen, with digital demands and expectations. And our job in cyber is to enable the digital transformation so that all of those things can be delivered, and expectations met. >> Talk about the dynamic between machines and humans, because you mentioned patches, this is, you could argue it's a human mistake. But also, you mentioned automation earlier. Balance between automation, and using machines and humans. Because prevention and risk management seem to be the axis of the practice. It used to be all prevention, now it's a lot more risk management. There's still a human component in here. How are you guys talking about that, and how is that rendering itself, as a value proposition for customers? >> Sure, so it's just, humans are the essence. Both the challenge, in so many cases, we have faulty passwords, we have bad hygiene. That's why security awareness training is so critical, right, because humans are part of the problem, on one end. On the other end, within the sock, humans are grappling with huge amounts of data, and trying to understand what is malicious, what needs to be mitigated, and then prioritizing that. For us, it's about helping reduce the complexity of that challenge, and helping automate those areas that should be automated, so that humans can act better and faster, as it were. >> We have Jonathan Nguyen with Fortinet. I wanted to ask you about the ecosystem, you mentioned that earlier, and also the role of CSOs, chief information security officers, and CIOs, essentially, they're the executives in charge of security. So, you have the executives in charge of the risk management, don't get hacked, don't get breached. And also, the ecosystem partners. So you have a very interesting environment right now where people are sharing information, you mentioned that earlier, as well. So you got the ecosystem of sharing, and you have executives in charge of running their businesses effectively, and not have security breaches happen. What's happening, what are they working on, what are they key things that chief security officers are working on with CIOs, what specifics are on their plate? And what's the ecosystem doing around that, too? >> So digital transformation dominates all discussions today. And every CSO has two masters. They have a productivity master, which is always the business side of the house, and they have a security master. Which is ensuring that reasonable level of security, in the advent, and managing risk, right? And that's the challenge, how do you balance that? So, across the board, CSOs are being challenged to make sure that the applications, those digital transformation initiatives are actually occurring. At the same time, in the advent of a data breach, understanding the risk and managing the risk. How do you tell your board of directors, your governments, that you're not only compliant, but that you have handled risk to a reasonable level of assurance? And that means, in my opinion, across my experience, you've got to be able to demonstrate a couple of things. One, you have identified and adopted, with third party implementation, and attestation, of recommended best practices and controls. Second, you have implemented and used best-in-class products and technology, like Fortinet. Products that have gone through clearances, gone through common criteria, where things are properly certified. And that's how you demonstrate a reasonable level, it's really about risk management. Understanding what level of risk you will tolerate, what level of risk you will mitigate, and what level of risk you're going to transfer. And I think that's the discussion at the board level today. >> So, make people feel comfortable. But also have a partner that can actually do the heavy lifting on new things. 'Cause there's always going to be a new attack vector out there. >> Absolutely, so, I think the key to it is understanding what you're really good at. And so one of the questions that I ask every CSO is that, when you look at technology, what is it that your organization is really good at? Is it using technology, operationalizing that experience? Or is it really about ensuring that that firewall is integrated with your sim, that the sim works in trying to create your own threat intelligence. And I think one of the things that we do better than anybody else is that we reduce the level of complexity, of that allowing our clients to really focus on providing security, using best-in-class technologies to do that. >> John: That's awesome. I want to just kind of go off the board, on a question that's a little bit more societal oriented, but it's mostly here in the US. You're seeing cryptocurrencies booming, blockchain, whatnot, and it is really kind of two vectors there, that conversation, it's attacks and regulation. So the regulatory environment in DC, on the hill, looks at tech companies these days, oh my god, the big bad, Google, Apple, Facebook. And that's kind of today's narrative. But in general, technology can be an innovation opportunity. So around cyber, it's a little bit more relevant. As govcloud becomes much more ingrained in public sector, what is the regulatory environment out there? Is it helping, is it hurting? What's your thoughts? >> Jonathan: I think, on the most part, it's helping, because regulatory and compliance environments typically lag behind technology. And that's been consistent across not just cyber, but just every field of human endeavor. And I think in cryptocurrency we're beginning to see the effects as governments around the world begin to grapple with, what does this mean, if they have no visibility, insight, or control, over a currency, and we're seeing that in East Asia today. We're seeing that in China, we're seeing that in South Korea. It will have implications, I mean, the question you have to ask, with regards to cryptocurrencies is, will governments allow a non-controlled currency to operate in their marketplace? And given that we are a more integrated and digital marketplace, unless it's adopted on a global basis, is it really compelling? Now, blockchain technology is compelling; what is going to be powering that is a different question. I think that regu-- >> And also. >> The profiteering mode of hackers, which, we talked before we came on camera, is a central part of the dynamic. So if you have a flourishing ecosystem of cryptocurrency, aka Bitcoin, you have, now, a clearinghouse for payments. And that's where ransomware is mostly paid off, in Bitcoin. >> Absolutely. So this is an interesting dynamic, I'm just trying to get a read from how that plays into some of these cybersecurity dynamics. >> I think cybersecurity is highly dynamic, as you said. It is move and countermove, active threat adversaries, active marketplaces coming up with new challenges. I think, for us, on this side of the fence, it's really about making sure, getting the fundamentals right first. I often tell people, first, do you really have all of the security controls in place? Do you really know what's operating in your system? Do you understand your users? Have you done the vulnerability scans? Where are you in those basic things, first? I mean, if you do the basics, you'll mitigate, eight, nine, out of 10 attacks. >> John: Well the costs are going up, obviously, we talked about it, global, earlier. The global impact is interesting, and that's not to say cloud is global, but you now have different regional aspects of cryptocurrencies as one example. But yeah, data breach is another, look at GEPR, the penalties involved. (laughs) And certain countries in Europe, it's going to be astronomical. So there seems to be a tax involved here. So the motivations are multifold. >> So, the motivations in cyber crime. Always consistent, whether they're monetary gain, social media gain, or some sort of political gain. And I think the way you address that is that you cannot take down the marketplace, you cannot take down the physical criminals themselves. You're going to have to take away the ability to monetize, or make gains from cyber attacks. And the way I look at it is that, if you make it so complex to actually launch a successful attack, and then, to go beyond that, and monetize what you've gained, or compromised, you effectively take away the root motivation for cyber crime. And that's, it's an interesting thought, because no one talks about that, because at an industry level, do you really have the ability to, what I call, affect the trajectory of cyber crime? That's a very different way to look at it. >> John: And it's interesting, in Jeff's position, he's basically saying, make it more complex, that'll be more effective against cybersecurity, yet, digital transformation is supposed to make it easier. With building blocks in cloud, you can almost argue that if you can make it easy to deploy in cloud, it's inherently complex. So, creating a very easy to use, complex environment, or complex system, seems to be the architecture. >> The essence of cyber, I think, moving forward, is managing complexity. If you can manage complexity then you have taken complexity and made it your advantage. Because now the cyber criminal has to figure out, where is the data? Is it in the traditional data center, that enterprise environment? Is it a multi-cloud environment, if so, which node, and if I'm successful at compromising one node, I can't get to the next node, because the security fabric separated it. >> John: Jon, the final question, 2018, what's your outlook for the year, for CSOs, and companies with cyber, right now? >> I think it's going to be an exciting time. I think, is there going to be a focus back on basics? Because before we take this next evolutionary leap, in terms of cyber, and computing, and the digital nature of our society, we've got to get the basics done right. And I think the way Fortinet is going, our ability to use the fabric, to help manage risk, and reduce risk, is going to be the path forward. >> Jonathan Nguyen, with Fortinet, former author of the Data Breach Investigation Report, which I've been a big fan of, been reading it for years. Super document, congratulations, it must have been fun working on that. >> It was the high point of my career, at this point. >> It really was a great doc, it was the Bible of state of the art, state of the union, for cyber security. This is theCUBE, bringing you commentary and coverage of cybersecurity, of course, here, in our Palo Alto studio. I'm John Furrier, thanks for watching. (bright music)

>> Live from Washington D.C., it's the CUBE covering dot next conference. Brought to you by Nutanix. >> Welcome back to Nutanix.next everybody. This is Dave Villante with Stu and this is the CUBE, the leader in live tech coverage. We go out to the events, we extract the signal from the noise. Alan Cohen is here, he's the chief commercial officer of hot startup Illumio. Alan, friend of the CUBE, great to see you again. Always happy to be here. Wherever you guys are, I'm going to show up. >> It's nice not to be in Silicon Valley for a change, hanging out with the CUBE. >> Right, the real world, you'll have to talk to John Courier that things happen outside of Palo Alto. >> So the timing of this interview is perfect because we just had Stephen Hadley on, who's sort of a public policy expert. We were talking about basically how industry should really lead with this whole new era of cyber and he was talking about if we let government do it, they're probably going to mess it up. >> Right. >> So it's guys like yourselves and others in our industry that really have to lead, so, but before we do that, give us the update on Illumio. You guys did another big raise, you guys are smokin' hot, growing like crazy, what's the update? >> So I mean so since we spoke to you guys last we did have a little funding round. It was led by J.P. Morgan Chase. You might have heard of them, they have credit cards and branches and things like that. Actually, they're also a customer of Illumio's. Which is a really big deal. They are advanced, so we're growing very rapidly, lot of geographic expansion, lot of technology expansion and I think actually today and this morning Sineal and the technology roadmap talked about micro segmentation, the ability to create really smaller and smarter water tight compartments around your data, down even to the workload or the process level is just going to be a way that people are going to have to do their computing. And so as you look at the journey now from data center or enterprise cloud into public cloud, this approach to security that we're building is a key component allowing people to take advantage of cloud architectures. So that's also really led to our growth. >> So I think it's fair to say you guys are really the pioneer of this concept of micro segmentation. Others have sort of hopped on board. >> Well I got to give Vmware credit, they actually did break- >> They were first. >> Yeah, but they- >> To commercialize it. >> Yeah, they commercialized it in their environment, I would say Illumio is the first company through software to commercialize it in all environments. In a cloud, in a box, with a fox, in a house, with a mouse, bare metal virtual machines, containers, Amazon, Azure, Oracle, across all of those environments simultaneously. And I think we were talking earlier this morning about the idea of multi-cloud, right? So you're going to pick your cloud based on where the workload and the applications should live. So your security has to move with that. And that's really what we've focused on. >> Right, okay, so VMware's there, you know Cisco's in there as well, so- >> Yeah, I've heard of those guys. >> Duking it out, so how do you feel about our competitive position, talk about about that a little bit. >> Well, we feel good that our competitors have finally kind of woken up and started to amplify our message. About this, you know, at the end of the day, you have to make a decision whether your goal in building security is to drive the sale of your infrastructure, or is to make your customer's environment more secure wherever they run. So in their own environments they're clearly adding value. But at the end of the day they're dependent on maintaining server licenses or upgrading your switches. That's not a really good motivation for how to make your security decision. You should make your security decision based on what you're trying to do, not what infrastructure you're in. >> Okay, so, now what about the traditional security guys? Are they catching up, are they hopping on board, do they just think this is an itch that's not worth it, or they just missed the boat? >> Well, you know, with the I'm being respectful and aggressive at the same time, I think most of the firewall vendors have been primarily focused on the perimeter, and then they've looked at APT technologies, things like fire I have done and they've made a lot of their investments there, so they have not been as focused. Now, to also be fair, in the heart of the data center in the public cloud, you don't see firewall technology. Right? So people said I have this hard crunchy exterior, I protect the perimeter of my environment, and I assume once I protect the perimeter the inside is safe. So their traditional model didn't lend itself to that kind of introspection and focus on the interior. What's happened in the last couple of years, though, and you had Hadley on, is that the focus of cyber has shifted to the interior, right? So, Target, Sony, OPM, all the big breaches started with basically vulnerabilities on the inside that have then kind of spread and then ex-filtrated outside of the organization. So we started focusing on the inside out, not the outside in, I mean to say I think ultimately the large security venues and perimeters, they're partners of ours, because they're going to wind up working both sides of the equation. >> Yeah, because even an air gap doesn't protect you. >> You don't want an air gap, actually, you know, we have a partnership with F-five, we actually talked about it with the CUBE couple years ago, because you think about the consequence of something like a load balancer, it sits between tiers of applications, you don't want that to be a black box. So the basically the world is moving into the zero trust model, so trust nothing. And you know it's kind of like running it you know like in a mob, it's like the Sopranos, you've got to make sure everybody does the collections and everybody's got to check in everyday, everything's got to be part of the security fabric. >> Alan, so, bringing it back to the Nutanix discussion. We had Sue Neil on earlier in the keynote this morning I saw broad ecosystem, love our partners, saw Illumio, >> Huge logo, wasn't that great? They got me. >> Great glow man, they finally figured it out. >> Release the Krakken, yeah, you know what, up there. And I asked Neil, how do you balance the we're going to have broad ecosystem but seems a lot of that energy is being put into AHV. And one of the examples he brought up was like oh, if you buy, if you use AHV, you get micro segmentation for free included in there. What are you seeing, how does Nutanix fit into micro segmentation environment? >> Yeah, I mean I showed her the slides too, right, so? If you remember how he defined it, if I have ten workloads, and I want to segment them off, I will put it in what I call micro segmentation. And that to me is like a virtual network segment, but he said you don't have to use an FCN overlay, and that is not any different than what a security group does in Amazon or Azure and I assume Google has its own version of that. When you go into that couple of levels deeper, that's where Illumio lives. So we live inside public cloud security groups today and across them and to non-environment. So you got to remember a lot of people are going to have Nutanix workloads, but then they're going to have workloads sitting in Azure and they're not going to have anything to do with each other for awhile from a software point of view. So illumio is really that bridge. So I mean I think it's actually a fairly synergystic kind of relationship to do that. Actually for me, that recognition, and that communication and micro segmentation into their base, is really good. So, you're always going to have a little bit of overlap. I mean they're smart and they really build great software. >> So it sounds like you're saying the definitions of micro segmentation are a little bit complementary and you're also going to help with that heterogeneous mess that everybody has and gives them consistent security across those environments. >> Right, we don't define micro segmentation that way. I might want to say I want to micro segment off one workload or I want to segment processes or I'm going to have a Kubernetes application running someplace and then I'm going to have the core database someplace else. How do I move across that? >> So it's granularity and flexibility of the use case that you provide. >> Yeah, we have this thing we call the wheel of cheese, from the segmentation. So there's like rough front use segmentation, and then there's micro and then there's nano, so over time, people are going to basically close the gates tighter and tighter. Because the challenge in cyber is lateral spread. Like you guys you have these fast high speed networks. So if I compromise one server, one workload, today it flies through the environment, so you actually have to keep closing those doors from a security point of view. So, I mean I think it was a great first move for them. And I mean, we like it, it works really well. We work with other vendors, cloud vendors, today that do some form of segmentation. >> So I know we're super tight on time, everybody wants to talk security, and your schedule's packed John Furry is watching, no surprise. >> Oh, hey John. >> So when he has to give up the mic there's always crowd chat, so he's got a question on crowd share for you. Ask Alan about the economics of the cyber security business models with all this stuff going on with cyber war and ransom ware and- >> Yes, so here are some stats. You guys are great analysts you focus on this. So cyber security is about a hundred billion dollar business somewhere between 80 and 100, depending on who's counting on that. But think about the scheme of overall IT. How much is IT? Three trillion dollars? >> Trillions, yeah. >> Right, so a hundred billion dollars is a fairly small segment. Now, I would be disingenuous as a vendor, but I'll go for it, I would say people are highly underinvested in security relative ... Stu's laughing his head off, right? >> Well, is that not a big enough pie for you, come on. >> No, it's not, I think the pie should be like five times bigger, I mean. >> You don't want to make that comparison with health insurance, do you? >> You have health insurance, you have life insurance, you insurance on your car, you have insurance on your home. You guys are high net worth individuals, you probably have policies so you don't get sued. You probably spend ten percent of your total income on forms of insurance, things that protect you and your family. >> So you're saying it should be triple the spend. >> Why are you only spending two or three percent of your IT given the criticality of the data that's sitting in those environments? >> Okay, so we know we only pay for insurance when we need it, in marketing the joke's always I waste half of money, I just don't know which half. You know, how much are we wasting in security vs. >> Well, I mean I think if you're buying infrastructure based models you're spending, you're building, you're wasting a lot. Illumio is a consumption-based model based on how much you use. So I mean we look more like you know, it's a per operating system instance that you pay a yearly license for. So I think we're closer to the Amazon consumption model for security, and we've led with that four years ago, when we started the company. So I think if security became more like you pay as you go, and less pay for just having it, just as we talk about the different models for infrastructure, where I own it, where I rent it, where I pay as I go, I think you will get better spends. I mean, we effectively sell security the way Uber sells or Lyft sells car, when you need to pay for it, use it, you pay for it. There's probably a whole lot of efficiency that could be there, but I'd argue it's under invested. >> Well, the other dimension that is inside out vs. outside in, I mean, you're building more moats. We know still more money is spent over here. >> Well here's a stat. So the vast bulk of data center security, so the perimeter firewall market's about a ten billion dollar market. Only about Cisco just sent out their announcement this week about their cloud index. 17 percent of the traffic, net traffic that goes in and out of the data center and about 80 percent of it's inside, and a little bit of it goes to the co-load, right? So you are putting all your investment on 17 percent of your traffic. So that's like buying all the cable channels. You watch the cooking channel? You're paying for it. You're watching rugged outdoor fishermen channel? You're paying for it. So I think you're going to have to, just like you're making infrastructure investments are moving to paying for what you use, your security investments have to go the same way. So why would you put all your money only guarding 17% of your network traffic? >> Okay, we're out of time, but so, last question, what are you guys going to do, what are you doing with this big bag of money that you just got? Where are you directing it? What's your strategy? >> Well, I mean we're probably going to have to hire the CUBE to come to like Illumio. >> Fantastic, let's do that. >> Yeah, we're totally going to do that but ... >> Oh really, well, what's the show, Illumio World? >> Well there's going to be an Illumio World when we launch it you guys are going to be there. >> Fantastic, I'd love to be there. >> So, there's no doubt. You have that in writing, you have that on video, like testimony. >> Yeah, even better. >> Yeah, like I can't even say I didn't tweet it, like you'll have a record of it. >> We can shame you into it. >> You can totally shame me into it. I think you're going to see a lot of geographic expansion of the company. We're about to expand down under and other places we've been mostly in North America and parts of Europe. And a lot of investments going into the channels, strategic partnerships and I mean a lot like Nutanix, I mean our company's half R&D, we're going to just as heavily a year from now we'll still be half R&D. Even with growth, because we've got a lot of platform build, and we're building a platform that's going to be around for decades. So there's still a lot of engineering to do too. >> Al, we love having you on, you're plugged in, great Silicon Valley friend, really appreciate you coming back. >> Appreciate you having me today. >> You're welcome. Okay, keep it right there everybody, we're back with our next guest after this short break. This is the CUBE here live from next.conf. We'll be right back.