>> Narrator: TheCUBE presents Ignite '22, brought to you by Palo Alto Networks. >> Greetings from the MGM Grand Hotel in beautiful Las Vegas. It's theCUBE Live Day two of our coverage of Palo Alto Networks, ignite 22. Lisa Martin, Dave Vellante. Dave, what can I say? This has been a great couple of days. The amount of content we have created and shared with our viewers on theCUBE is second to none. >> Well, the cloud has completely changed the way that people think about security. >> Yeah. You know at first it was like, oh, the cloud, how can that be secure? And they realized, wow actually cloud is pretty secure if we do it right. And so shared responsibility model and partnerships are critical. >> Partnerships are critical, especially as more and more organizations are multicloud by default. Right? These days we're going to be bring Google into the conversation. Josh Haslet joins us. Strategic Partnership Manager at Google. Welcome. Great to have you Josh. >> Hi Lisa, thanks for having me here. >> So you are a secret squirrel from Palo Alto Networks. Talk to me a little bit about your background and about your role at Google in terms of partnership management. >> Sure, I feel like we need to add that to my title. [Lisa] You should, secret squirrel. >> Great. Yeah, so as a matter of fact, I've been at Google for two and a half years. Prior to that, I was at Palo Alto Networks. I was managing the business development relationship with Google, and I was kind of at the inception of when the cash came in and, and decided that we needed to think about how to do security in a new way from a platform standpoint, right? And so it was exciting because when I started with the partnership, we were focusing on still securing you know, workloads in the cloud with next generation firewall. And then as we went through acquisitions the Palo Alto added it expanded the capabilities of what we could do from cloud security. And so it was very exciting, you know, to, to make sure that we could onboard with Google Cloud, take a look at how not only Palo Alto was enhancing their solutions as they built those and delivered those from Google Cloud. But then how did we help customers adopt cloud in a more easy fashion by making things, you know more tightly integrated? And so that's really been a lot of what I've been involved in, which has been exciting to see the growth of both organizations as we see customers shifting to cloud transformation. And then how do they deploy these new methodologies and tools from a security perspective to embrace this new way of working and this new way of, you know creating applications and doing digital transformation. >> Important, since work is no longer a place, it's an activity. Organizations have have to be able to cater to the distributed workforce. Of course, the, the, the workforce has to be able to access everything that they need to, but it has to be done in a secure way regardless of what kind of company you are. >> Yeah, you're right, Lisa. It's interesting. I mean, the pandemic has really changed and accelerated that transformation. I think, you know really remote working has started previous to that. And I think Nikesh called that out in the keynote too right? He, he really said that this has been ongoing for a while, but I think, you know organizations had to figure out how to scale and that was something that they weren't as prepared for. And a lot of the technology that was deployed for VPN connectivity or supporting remote work that was fixed hardware. And so cloud deployment and cloud architecture specifically with Prisma access really enabled this transformation to happen in a much faster, you know, manner. And where we've come together is how do we make sure that customers, no matter what device, what user what application you're accessing. As we take a look at ZTNA, Zero Trust Network Access 2.0, how can we come together to partner to make sure the customers have that wide range of coverage and capability? >> How, how do you how would you describe Josh Google's partner strategy generally and specifically, you know, in the world of cyber and what makes it unique and different? >> Yeah, so that's a great question. I think, you know, from Google Cloud perspective we heard TK mention this in the keynote with Nikesh. You know, we focus on on building a secure platform first and foremost, right? We want to be a trusted cloud for customers to deploy on. And so, you know, we find that as customers do one of two things, they're looking at, you know, reducing cost as they move to cloud and consolidate workloads or as they embrace innovation and look at, you know leveraging things like BigQuery for analytics and you know machine learning for the way that they want to innovate and stay ahead of the competition. They have to think about how do they secure in a new way. And so, not only do we work on how do we secure our own platform, we work with trusted partners to make sure that customers have you mentioned it earlier, Dave the shared security model, right? How do they take a look at their applications and their workloads and this new way of working as they go to CI/CD pipelines, they start thinking about DevSecOps. How do they integrate tooling that is frictionless and seamless for their, for their teams to deploy but allows them to quickly embrace that cloud transformation journey. And so, yes, partners are critical to that. The other thing is, you know we find that, you mentioned earlier, Lisa that customers are multicloud, right? That's kind of the the new normal as we look at enterprises today. And so Google Cloud's going to do a great job at securing our platform, but we need partners that can help customers deploy policy that embraces not only the things that they put in Google Cloud but as they're in their transformation journey. How that embraces the estates that are in data centers the things that are still on-prem. And really this is about making sure that the applications no matter where they are, the databases no matter where they are, and the users no matter where they are are all secure in that new framework of deploying and embracing innovation on public cloud. >> One of the things that almost everybody from Palo Alto Networks talks about is their partnering strategy their acquisition strategy integrations. And I was doing some research. There's over 50 joint integrations that Google Cloud and Palo Alto Networks. Have you talked about Zero Trust Network Access 2.0 that was announced yesterday. >> Correct. >> Give us a flavor of what that is and what does it deliver that 1.0 did not? >> Well, great. And what I'd like to do is touch a little bit on those 50 integrations because it's been, you know, a a building rolling thunder, shall we say as far as how have we taken a look at customers embracing the cloud. The first thing was we took a look at at how do we make sure that Palo Alto solutions are easier for customers to deploy and to orchestrate in Google Cloud making their journey to embracing cloud seamless and easy. The second thing was how could we make that deployment and the infrastructure even more easy to adopt by doing first party integrations? So earlier this year we announced cloud IDS intrusion detection system where we actually have first party directly in our console of customers being able to simply select, they want to turn on inspection of the traffic that's running on Google Cloud and it leverages the threat detection capability from Palo Alto Networks. So we've gone from third party integration alone to first party integration. And that really takes us to, you know, the direction of what we're seeing customers need to embrace now which is, this is your Zero Trusts strategy and Zero Trust 2.0 helps customers do a number of things. The first is, you know, we don't want to just verify a user and their access into the environment once. It needs to be continuous inspection, right? Cause their state could change. I think, you know, the, the teams we're talking about some really good ways of addressing, you know for instance, TSA checkpoints, right? And how does that experience look? We need to make sure that we're constantly evaluating that user's access into the environment and then we need to make sure that the content that's being accessed or, you know, loaded into the environment is inspected. So we need continuous content inspection. And that's where our partnership really comes together very well, is not only can we take care of any app any device, any user, and especially as we take a look at you know, embracing contractor like use cases for instance where we have managed devices and unmanaged devices we bring together beyond Corp and Prisma access to take a look at how can we make sure any device, any user any application is secure throughout. And then we've got content inspection of how that ZTNA 2.0 experience looks like. >> Josh, that threat data that you just talked about. >> Yeah. >> Who has access to that? Is it available to any partner, any customer, how... it seems like there's gold in them, NAR hills, so. >> There is. But, this could be gold going both ways. So how, how do you adjudicate and, how do you make sure that first of all that that data's accessible for, for good and not in how do you protect it against, you know, wrong use? >> Well, this is one of the great things about partnering with Palo Alto because technically the the threat intelligence is coming from their ingestion of malware, known threats, and unknown threats right into their technology. Wildfire, for instance, is a tremendous example of this where unit 42 does, you know, analysis on unknown threats based upon what Nikesh said on stage. They've taken their I think he said 27 days to identification and remediation down to less than a minute, right? So they've been able to take the intelligence of what they ingest from all of their existing customers the unknown vulnerabilities that are identified quickly assessing what those look like, and then pushing out information to the rest of their customers so that they can remediate and protect against those threats. So we get this shared intelligence from the way that Palo Alto leverages that capability and we've brought that natively into Google Cloud with cloud intrusion detection. >> So, okay, so I'm, I'm I dunno why I have high frequency trading in my mind cause it used to be, you know, like the norm was, oh it's going to take a year to identify an intrusion. And, and, and now it's down to, you know take was down to 27 days. Now it's down to a minute. Now it's not. That's best practice. And I'm, again, I'm thinking high frequency trading how do I beat the speed of light? And that's kind of where we're headed, right? >> Right. >> And so that's why he said one minute's not enough. We have to keep going. >> That's right. >> So guys got your best people working on that? >> Well, as a matter of fact, so Palo Alto Networks, you know when we take a look at what Nikesh said from stage, he talked about using machine learning and AI to get ahead of what we what they look at as far as predictability not only about behaviors in the environment so things that are not necessarily known threats but things that aren't behaving properly in the environment. And you can start to detect based on that. The second piece of it then is a lot of that technology is built on Google Cloud. So we're leveraging, their leveraging the capabilities that come together with you know, aggregation of, of logs the file stitching across the entire environment from the endpoint through to cloud operations the things that they detect for network content inspection putting all those files together to understand, you know where has the threat vector entered how has it gone lateral inside the environment? And then how do you make sure that you remediate all of those points of intrusion. And so yeah it's been exciting to see how our product teams have worked together to continue to advance the capabilities for speed for customers. >> And secure speed is critical. We had the opportunity this morning to speak with Lee Claridge, the chief product officer, and you know one of the things that I had heard about Lee is that despite all of the challenges in cybersecurity and the amorphous expansion of the threat network and the sophistication of the adversaries he's really optimistic about what it's going to enable organizations to do. I see you smiling. Do you share that optimism? >> I, I do. I think, you know, when you bring, when you bring leaders together to tackle big problems, I think, you know we've got the right teams working on the right things and we understand the problems that the customers are facing. And so, you know, from a a Google cloud perspective we understand that partnering with Palo Alto Networks helps to make sure that that optimism continues. You know, we work on continuous innovation when it comes to Google Cloud security framework, but then partnering with Palo Alto brings additional capabilities to the table. >> Vision for the, for the partnership. Where do you want to see it go? What's... we're two to five years down the road, what's it look like? Maybe two to three years. Let's go. >> Well, it was interesting. I, I think neer was the one that mentioned on stage about, you know how AI is going to start replacing us in our main jobs, right? I I think there's a lot of truth to that. I think as we look forward, we see that our teams are going to continue to help with automation remediation and we're going to have the humans working on things that are more interesting and important. And so that's an exciting place to go because today the reality is that we are understaffed in cybersecurity across the industry and we just can't hire enough people to make sure that we can detect, remediate and secure, you know every user endpoint and environment out there. So it's exciting to see that we've got a capability to move in a direction to where we can make sure that we get ahead of the threat actors. >> Yeah. So he said within five years your SOC will be AI based and and basically he elaborated saying there's a lot of stuff that you're doing today that you're not going to be doing tomorrow. >> That's true. >> And that's going to continue to be a moving target I would think Google is probably ahead in that game and ahead of most, right? I mean, you guys were there early. I mean, I remember when Hadoop was all the rage like just at the beginning you guys like, yeah, you know Google's like, no, no, no, we're not doing Hadoop anymore. That's like old news. So you tended to be, I don't know, at least five maybe seven years ahead of the industry. So I imagine you using a lot of those AI techniques in your own business today. >> Absolutely. I mean, I think you see it in our consumer products, and you certainly see it in the the capabilities we make available to enterprise as far as how they can innovate on our cloud. And we want to make sure that we continue to provide those capabilities, you know not only for the tools that we build but the tools that customers use. >> What's the, as we kind of get towards the end of our conversation here, we we talk about zero trust as, as a journey, as an approach. It's not a product, it's not a tool. What is the, who's involved in the zero trust journey from the customers perspective? Is this solely with the CSO, CSO, CIOs or is this at the CEO level going, we have to be a data company but we have to be a secure data company 24/7. >> It's interesting as you've seen malware, phishing, ransomware attacks. >> Yeah. >> This is not only just a CSO CIO conversation it's a board level conversation. And so, you know the way to address this new way of working where we have very distributed environments where you can't create a perimeter anymore. You need to strategize with zero trust. And so continuously, when we're talking to customers we're hearing that as a main initiative, you know from the CIO's office and from the board level. >> Got it, last question. The upgrade path for existing customers from 1., ZTNA 1.0 to 2.0. How simple is that? >> It's easy. You know, when we take- >> Is there an easy button? >> So here's the great thing [Dave] If you're feeling lucky. [Lisa] Yeah. (group laughs) >> Well, Palo Alto, right? Billing prisma access has really taken what was traditional security that was an on-prem or a data center deployed strategy to cloud-based. And so we've worked with customers like Princeton University who had to quickly transition from in-person learning to distance learning find a way to ramp their staff their faculty and their students. And we were able to, you know Palo Alto deploy it on Google Cloud's, you know network that solution in very quick order and had those, you know, everybody back up and running. So deployment and upgrade path is, is simple when you look at cloud deployed architectures to address zero trusts network. >> That's awesome. Some of those, some of those use cases that came out of the pandemic were mind blowing but also really set the table for other organizations to go, yes, this can be done. And it doesn't have to take forever because frankly where security is concerned, we don't have time. >> That's right. And it's so much faster than traditional architectures where you had to procure hardware. >> Yeah. >> Deploy it, configure it, and then, you know push agents out to all the endpoints and and get your users provisioned. In this case, we're talking about cloud delivered, right? So I've seen, you know, with Palo Alto deploying for customers that run on Google Cloud they've deployed tens of thousands of users in a very short order. You know, we're talking It was, it's not months anymore. It's not weeks anymore. It's days >> Has to be days. Josh, it's been such a pleasure having you on the program. Thank you for stopping by and talking with Dave and me about Google Cloud, Palo Alto Networks in in addition to secret squirrel. I feel like when you were describing your background that you're like the love child of Palo Alto Networks and Google Cloud, you might put that on your cartoon. >> That is a huge compliment. I really appreciate that, Lisa, thank you so much. >> Thanks so much, Josh. [Josh] It's been a pleasure being here with you. [Dave] Thank you >> Oh, likewise. For Josh Haslett and Dave, I'm Lisa Martin. You're watching theCUBE, the leader in live coverage for emerging and enterprise tech. (upbeat outro music)

>> Announcer: "theCUBE" presents HPE Discover 2022, brought to you by HPE. >> Greetings from Las Vegas, everyone. Lisa Martin, here with Dave Vellante. We are live at HPE Discover 2022 with about 8,000 folks here at The Sands Expo Convention Center. First HPE Discover in three years, everyone jammed in that keynote room, it was standing in only. Dave and I have a couple of exciting guests we're proud to introduce you to. Please, welcome back to "theCUBE," John Schultz, the EVP and general counsel of HPE. Great to have you back here. And Kay Firth-Butterfield, the head of AI and machine learning at the World Economic Forum. Kay, thank you so much for joining us. >> Thank you. It's an absolute pleasure. >> Isn't it great to be back in person? >> Fantastic. >> John, we were saying that. >> Fantastic. >> Last time you were on "theCUBE", it was Cube Virtual. Now, here we are back. A lot of news this morning, a lot's going on. The Edge to Cloud Conferences is the theme this year. In today's Edge to Cloud world, so much data being generated at the edge, it's just going to keep proliferating. AI plays a key role in helping to synthesize that, analyze large volumes of data. Can you start by talking about the differences of the two? The synergies, what you see? >> Yeah. Absolutely. And again, it is great to be back with the two of you, and great to be with Kay, who is a leading light in the world of AI, and particularly, AI responsibility. And so, we're going to talk a little bit about that. But really, this synergistic effect between data and AI, is as tight as they come. Really, data is just the raw materials by which we drive actionable insight. And at the end of the day, it's really about insights, and that speed to insight to make the difference. AI is really what is powering our ability to take vast amounts of data. Amounts of data that we'd never conceived of, being able to process before and bring it together into actionable insights. And it's simplest form, right? AI is simply making computers do what humans used to do, but the power of computing, what you heard about frontier on the main stage today, allows us to use technology to solve problems so complex that it would take humans millions of years to do it. So, this relationship between data and AI, it's incredibly tight. You need the right raw materials. You need the right engine, that is the AI, and then you will generate insights that could really change the world. >> So, Kay, there's a data point from the World Economic Forum which really caught my attention. It says the 15.7 billion of GDP growth is going to be a result of AI by 2030, 15.7 billion added. That includes the dilutive effects where we're replacing humans with machines. What is driving this in this incremental growth? >> Well, I think obviously, it's the access to the huge amounts of data that John pointed out. But one of the things that we have to remember about, AI is that actually, AI is pretty dumb unless you give it nice, clean, organized data. And so, it's not just all data, but it's data that has been through a process that enables the AI to gain insights from it. And so, what is it? It's the compute power, the ever increasing compute power. So, in the past, we would never have thought that we could use some of the new things that we're seeing in machine learning, so even deep learning. It's only been about for a small length of time, but it's really with the compute power, with the amount of data, being able to put AI on steroids, for luck of a better analogy. And I think it's also that we are now in business, and society, being able to see some of the benefits that can be generated from AI. Listening to Oakridge talk about the medical science advances that we can create for human beings, that's extraordinary. But we're also seeing that across business. >> That's why I was going to add. As impressive as those economic figures are in terms of what value it could add from a pure financial perspective? It's really the problems that could be solved. If you think about some of the things that happened in the pandemic, and what virtual experience allowed with a phone or with a tablet to check in with a doctor who was going to curate your COVID test, right? When they invented the iPhone, nobody thought that was going to be the use. AI has that same promise, but really on a macro global scale, some of the biggest problems we're trying to solve. So, huge opportunity, but as we're going to talk about a little later, huge risk for it to be misused if it's not guided and aimed in the right direction. >> Absolutely. >> That's okay. Maybe talk about that? >> Well, I was just going to come back about some of the benefits. California has been over the last 10 years trying to reduce emissions. One wildfire, absolutely wiped out all that good work over 10 years. But with AI, we've been developing an application that allows us to say, "Tomorrow, at this location, you will have a wildfire. So, please send your services to that location." That's the power of artificial intelligence to really help with things like climate change. >> Absolutely. >> Is that a probability model that's running somewhere? >> Yeah. Absolutely >> So, I wanted to ask you, but a lot of AI today, is modeling that's done, and the edge, you mentioned the iPhone, with all this power and new processors. AI inferencing at the edge in real time making real time decisions. So, one example is predicting, the other is there's actually something going on in this place. What do you see there? >> Yeah, so, I mean, yes we are using a predictive tool to ingest the data on weather, and all these other factors in order to say, "Please put your services here tomorrow at this time." But maybe you want to talk about the next edge. >> Yeah. Yeah. Well, and I think it's not just grabbing the data to do some predictive modeling. It's now creating that end-to-end value chain where the actions are being taken in real time based on the information that's being processed, especially out at the edge. So, you're ending up, not just with predictive modeling, but it's actually transferring into actual action on the ground that's happening... You know, we like to say automagically. So, to the point where you can be making real time changes based on information that continues to make you smarter and smarter. So, it's not just a group of people taking the inputs out of a model and figuring out, okay now what am I going to do with it? The system end-to-end, allows it to happen in a way that drives a time to value that is beyond anything we've seen in the pas- >> In every industry? >> In every industry. >> Absolutely, and that's something we learned during the pandemic, one of the many things. Access to real time data to actually glean those insights that can be acted on, is no longer a nice to have. >> No. >> For companies in any industry they've got to have that now, they've got to use it as their competitive advantage. Where do you see when you're talking with customers, John? Where are they in that capability and leveraging AI on steroids, as I said? >> Yeah. I think it varies. I mean, certainly I think as you look in the medical field, et cetera, I mean, I think they've been very comfortable, and that continues to up. The use cases are so numerous there, that in some ways we've only scratched the surface, I think. But there's a high degree of acceptance, and people see the promise. Manufacturing's another area where automation and relying on some form of what used to be kind of analog intelligence, people are very comfortable with. I would say candidly, I would say the public sector and government is the furthest behind. It may be used for intelligence purposes, and things like that, but in terms of advancing overall, the common good, I think we're trailing behind there. So, that's why things like the partnership with Oak Ridge National Laboratory, and some of the other things we're seeing. That's why organizations like the World Economic Forum are so important, because we've got to make sure that this isn't just a private sector piece, It's not just about commercialization, and finding that next cost savings. It really should be about, how do you solve the world's biggest problems and do in a way that's smarter than we've ever been able to do it before? >> It's interesting, you say public sectors is behind because in some respects, they're really advanced, but they're not sharing that because it's secretive. >> Yeah. >> Right? >> That's very fair. >> Yeah. So, Kay, the other interesting stat, was that by 2023 this is like next year, 6.8 trillion will be spent on digital transformation. So, there's this intersection of data. I mean, to me, digital is data. But a lot of it was sort of, we always talk about the acceleration 'cause of the pandemic. If you weren't a digital business you were out of business, and people sort of rushed, I call it the force-march to digital. And now, are people stepping back and saying, "Okay, what can we actually do?" And maybe being more planful? Maybe you could talk about the sort of that roadmap? >> Sure. I think that that's true. And whilst I agree with John, we also see a lot of small... A lot of companies that are really only at proof of value for AI at the moment. So, we need to ensure that everybody, we take everybody, not just the governments, but everybody with us. And one of the things I'm often asked, is if you're a small or medium-sized enterprise, how can you begin to use AI at scale? And I think that's one of the exciting things about building a platform. >> That's right. >> And enabling people to use that. I think that there is also, the fact that we need to take everybody with us on this adventure because AI is so important. And it's not just important in the way it's currently being used. But if we think about these new frontier technologies like Metaverse, for example. What's the Metaverse except an application of AI? But if we don't take everybody on the journey now, then when we are using applications in the Metaverse, or building applications in the Metaverse what happens at that point? >> Think about if only certain groups of people or certain companies had access to wifi, or had access to cellular, or had access to a phone, right? The advantage and the inequality would be manifest, right? We have to think of AI and super computing in the same way, because they are going to be these raw ingredients that are going to drive the future. And if they are not, if there isn't some level of AI equality, I think the potential negative consequences of that, are incredibly high, especially in the developing world. >> Talk about it from a responsibility perspective? Getting everybody on board is challenging from a cultural standpoint, but organizations have to do it as you both articulated. But then every time we talk about AI, we've got to talk about it's used responsibly. Kay, what are your thoughts there? What are you seeing out in the field? >> Yeah, absolutely. And I started working in this in about 2014 when there were maybe a handful of us. What's exciting for me, is that now you hear it on people's lips, much more. But we still got a long way to go. We still got that understanding to happen in companies that although you might, for example, be a drug discovery company, you are probably using AI not just in drug discovery but in a number of backroom operations such as human resources, for example. We know the use of AI and human resources is very problematic. And is about to be legislated against, or at least be set up as a high risk problem use of AI by the E.U. So, across the E.U, we know what happened with GDPR that it became something that lots and lots of countries used, and we expect the AI Act to also become used in that way. So, what you need, is you need not only for companies to understand that they are gradually becoming AI companies, but also that as part of that transformation, it's taking your workers with you. It's helping them understand that AI won't actually take their jobs, it will merely help them with reskilling or working better in what they do. And they think it's also in actually helping the board to understand. We know lots of boards that don't have any clue about AI. And then, the whole of the C-suite and the trickle all down, and understanding that at the end, you've got tools, you've got data, and you've got people, and they all need to be working together to create that functional, responsible AI layer. >> When we think about it, really, when we think about responsible AI, really think about at least three pillars, right? The first off, is that privacy aspect. It's really that data ingestion part, which is respecting the privacy of the individuals, and making sure that you're collecting only the data you should be collecting to feed into your AI mechanism, right? The second, is that inclusivity and equality aspect. We've got to make sure that the actions that are coming out, the insights were generate, driving, really are inclusive. And that goes back to the right data sets. It goes back to the integrity in the algorithm. And then, you need to make sure that your AI is both human and humane. We have to make sure we don't take that human factor out and lose that connection to what really creates our shared humanity. Some of that's transparency, et cetera. I think all of those sound great. We've had some really interesting discussions about in practice, how challenging that's going to be, given the sophistication of this technology. >> When you say transparency, you're talking about the machine made a decision. I have to see how, understand how the machine made a decision. >> Algorithmic transparency. Go ahead. >> Algorithmic transparency. And the United States is actually at the moment considering something which is called the Algorithmic Accountability Act. And so, there is a movement to particularly where somebody's livelihood is affected. Say, for example, whether you get a job, and it was the algorithm that did the pre-selection in the human resources area. So, did you get a job? No, you didn't get that job. Why didn't you get that job? Why did the algorithm- >> A mortgage would be another? >> A mortgage would be another thing. And John was talking about the data, and the way that the algorithms are created. And I think, one great example, is lots of algorithms are currently created by young men under 20. They are not necessarily representative of your target audience for that algorithm. And unless you create some diversity around that group of developers, you're going to create a product that's less than optimal. So, responsible AI, isn't just about being responsible and having a social conscience, and doing things, but in a human-centered way, it's also about your bottom line as well. >> It took us a long time to recognize the kind of the shared interest we have in climate change. And the fact that the things that are happening one part of the world, can't be divorced from the impact across the the globe. When you think about AI, and the ability to create algorithms, and engage in insights, that could happen in one part of the world, and then be transferred out, not withstanding the fact, that most other countries have said, "We wouldn't do it this way, or we would require accountability. You can see the risk." It's what we call the race to the bottom. If you think about some of the things that have happened over the time in the industrial world. Often, businesses flock to those places with the least amount of safeguards that allow them to go the fastest, regardless of the collateral damage. I think we feel that same risk exists today with AI. >> So, much more we could talk about, guys, unfortunately, we are out of time. But it's so amazing to hear where we are with AI, where companies need to be. And it's the tip of the iceberg. You're very exciting. >> Yes. >> Kay and John, thank you so much for joining Dave and me. >> Thank you. >> Thank you. >> Thank you. >> It's a pleasure. >> We want to thank you for watching this segment. Lisa Martin, with Dave Vellante for our guests. We are live at HPE Discover '22. We'll be back with our next guest in just a minute. (bright upbeat music)

(calm music) >> Okay, welcome back everyone to theCUBE's live coverage here on the floor at Moscone south in San Francisco California for AWS summit, 2022. This is part of their summit conferences, not re:Invent it's kind of like becoming like regional satellite, mini re:Invents, but it's all part of education developers. Of course theCUBE's here. We're going to be at the AWS summit in New York city, only two this year. And this summer check us out. Of course, re:MARS is another event we're going to be going to so check us out there as well. And of course re:Invent at the end of the year and re:Inforce the security conference in Boston. So, Sarbjeet Johal, our next guest here. CUBE alumni, CUBE influencer, influencer in the cloud industry. Sarbjeet great to see you. Thanks for coming on. Oh, by the way, we'll be at Boston re:Inforce, re:Invent in December, re:MARS which is the robotics AI show, and of course the summit here in San Francisco and New York city, the hot areas. >> That's cool. >> Great to see you. >> Good to see you too. >> Okay. I got a lot of data to report. You've been on the floor talking to people. What are you finding out? What's the report? >> The report is actually, I spoke to three people from AWS earlier. As said one higher up guy from the doctor, Casey Tan. He works on French SaaS chips and he gave me a low down on how that thing works. And there's a systolic arrays TPUs, and like a lot of insider stuff >> Like deep Silicon chip stuff. >> Yes. And that they're doing some great stuff there. And of course that works for us at scale and for cloud guys it's all about scale. If you're saving pennies at that scale, you're saving millions and maybe hundreds of millions at some point. Right? So that was one. And I also spoke to the analytics guys and they gave me some low-down on the Glue announcements. How the big data processing is happening at AWS and how they are now giving you the ability where your infrastructure hugs your demand. So you're not wasting any sources. So that was a number one complaint with the Glue from AWS. So that was one. And then I did the DeepRacing race and my timings were like number 78. So. >> You got some work to do. You download your machine learning module. >> No, I will do that and then play with it. Yes. I will train one. >> You like a simulation too? >> Yeah. Yeah. I will do that simulation, yes. >> What else? Anything jump off the page for you. What's the highlight if you could point at something? Did anything pop up at you in this event with AWS? Was there any aha moment or something that just jumps off the page? >> I think it was mainly sort of incremental to be honest with you. And the one thing-- >> Nothing earth shattering >> Nothing earth shattering and that at the summit it's like that, you know, like it but they are doing new announcements of like almost every day with new services. So I would go home and read on that but there are some patterns that we are seeing emerging and there are some folks very active on Twitter. Mark in recent just did very controversial kind of tweet couple of days back. That was, that was hard. >> Was he shit posting again? >> Shit posting. Yeah. He was shit posting actually, according to actually I saw Corey as well on the floor, Corey and Rodrigo. And, and-- >> Did you see Corey's interview with me? We were talking about shit posting 'cause he wrote in this newsletter. Mark and recently Elon Musk, they're all kind of like they're really kind of active on Twitter with a lot of highly intelligent snarkiness. >> They're super intelligent and they know the patterns, they know the economics and technology. Super smart guys and yeah. Who is in control, there was a move from the middle seat and social media kind of side of things where people are controlling the narratives and who controls the narrative. Is it billionaires? Is it government? We see that. >> Well I mean, it's interesting seeing the power. I mean, I call it the revenge of the nerds. You got the billionaires who are looking at the political screw-ups that Facebook and others have done. And by not being clear and it's hard, it's a hard problem to solve. I don't really want to be in their seat. Even Andy Jassy is the CEO of AWS. What is he? I mean, he's dealing with problems that for some people would be their worst part of like they could ever dream of scenario. He's dealing with that at breakfast. And then throughout his day, he's got all kinds of Amazon's so big and Apple and you got Google and you got the fan companies. So, you know, at some point tech is now so part of society, it's not just the nerds from California. It's tech is in everything now. So it's a societal impact. And so there's consequences for stuff. And so you're starting to see this force for good that's come from the sustainability angle. You're going to start to see force for good with technology as it relates to people's lives. And we had Mapbox on the CUBE and they provide all this navigation and Gareth the guy who runs that division, he talks about dark kitchens, dark stores. So just they're re-engineering the supply chain of delivery. So we all been to restaurants and seen people there from picking up food delivery. Why are they going to the retail? So dark kitchens are just basically depots for supplying the 10 menus that everyone orders from. That's a change of a structural change in the industry. So that's jumped out at me, Matt Wood spoke to me about serverless impact to the analytics team. And again, structural changes, technical and culture. Right? So, so you're starting to see to me more and more of the two themes of some technology change, architectural change, system change and culture thinking. And you know, we had a 20 year old guest on here who was first worked at Amazon web services when he was 16. >> Wow. >> Graduated high school early and went into Amazon. He's like, I love tools. So people love tools. Hardware is coming back. Right? So I mean Sarbjeet this is crazy. >> It's crazy. >> What's going on. >> It's crazy actually. Remember the nine year old kid at re:Invent 2019. Karthick was the name if I remember, but I spoke to him and he was crazy. He was AWS certified and kids are playing with this technology in their high schools. >> It's awesome. >> And even in their elementary schools now. >> They can get their hands on it quicker. They don't need to go in full class for a year. They can self-teach, they can do side projects they can launch a side hustle, they can stand up a headless retail outlet, who knows what they can do if you got the Lego blocks. This is what I love about the cloud, you can really show something fast and then abandon it. >> Actually, I think it is all enabled through cloud. Like the accessibility of technology has gone like exponentially, like wildfire. Like once you have access to the cloud just all you need is connection to the internet. After that you have the VMs. and you have the serverless, there's zero cost to you. And things are thrown at you. Somebody who was saying that earlier here like we have said that many times it's like that's how the drug dealer, you know, sell the drug. Like sniff it, it's free, >> First is free. >> So they're doing it. Yes. >> We say that about theCUBE. >> And from the, I see cloud from two different angles, like we all do. And like, I try to sort of force myself to look at it from the both angles. There's the supplier side and the buyer side or the consumer side on the other side. Right? So from the supplier side, it's a race for talent to build it, number one, then number two is race for talent to train them. So we saw the numbers and millions being shown today at the keynote again. And Google is showing those numbers as well. Like how many millions they are training like 25 to 30 million people within next two, three years. It's crazy numbers. >> Sarbjeet I got to say so if I have to look at what jumped off the page for me on this event, was couple things and this is kind of weird nuanced stuff but I'll just try to explain it as best I can. Number one, we're going to see more managed services like DevOps managed services. As DevOps teams grow, talent is a problem. And Kubernetes obviously is growing and got to get that right. It's not easy to be a Kubernetes, you know slinging clusters around with Kubernetes. It's hard. I think that's got to get easier. So I think the path to easy is going to be some sort of abstraction service layer. And I think the smart people are going to have this layer will manage it and then provide that as a service, number one. Number two is this notion of a systems design thinking around elements, whether it's storage or maps for like Mapbox and around these elements they have to have a systematic effect of other things. You can't just, if it changes, it's going to have consequences that's what systems do. So, tooling being built around these elements and they have to have hardened APIs that is clear. People who are trying to be "cloud native" need to get this right. And you have to have the tooling in and around the the element and then have APIs to connect and then glue up. So it's interesting. Clearly those things are happening and multiple conversations, people were teasing that out. And then obviously the super cloud was coming in. >> Is there. >> Mapbox is basically a super cloud. They're like what snowflake is for data analytics. They are for-- >> MongoDB is another one. >> MongoDB's got Atlas. I mean, MongoDB was criticized for years. Doesn't scale. Remember the old lamp stack days, they were preferred. They're document, they nailed it with document. The document aspects of data, but they were always getting criticized. They can't scale. And they just keep scaling. But now with Atlas, they're on AWS. It's just, auto scale. So that's killer for MongoDB. So I think their stock price is undervalued my opinion but you know, I don't give legal advice. >> I think that the whole notion of-- >> Or financial advice. >> The multicloud, right? So for a multicloud to kill that complexity of multicloud, we have to go to the what Dave Vellante and you guys say super cloud, right? Another level of abstraction on top of infrastructure provider by AWS, Google cloud, Azure. So that's where we're going. >> Well, Dave and I debate this right, he bundles multi-cloud in there and most people think that's what he's saying but I'm saying multi-cloud is a reality. I mean, multi-cloud means you're going to have multiple clouds. They're just not you're not sharing workloads across those clouds. It's like not the same workload. That's not going to yet happen. I run Azure because I have 365, that's it. I run Amazon for everything else. That's kind of the use case. But to me, super cloud is building on top of AWS or Azure where you leverage their CapEx and create differentiated value. It's your own cloud without all the CapEx but it's got to be like super integrated and the benefit's got to be so good that it seems like pennies to your point earlier. >> Yeah. >> And the economics to the applications in it are just so obvious and they got to be they got to be so big for the application developer. So that's to me is super cloud. And then of course having the connected tissue to manage the transit around multiple clouds. >> Yeah. I think they have it too. I totally agree with you. But another thing is from having the developer background I think the backward compatibility is a huge issue in cloud. >> Yeah. I agree. >> It's a lot of technical debt being built and I hear that, I'm hearing that more and more. I think that we have to solve as industry as like these three main players have to solve that problem. So that's one big thing, actually. I'm very like after, you know, like to talk about it and all that stuff. So yeah. It's another thing is another pattern actually to all the cloud naysayers out there, right? Is that those are the people who come from the hardware background. So I've seen another pattern out there. So I'm trying to synthesize, who are these people who bash cloud all the time? I'm pro-cloud of course everybody knows that. >> We know you're pro, we're all pro cloud. We're totally biased. We love cloud >> Actually. No, I've seen both sides. I've seen both sides. I've worked at EMC, VMware, I worked at Oracle cloud as well. And then, and before that I have written a lot of software. A software developer is pro-cloud. A typical hardware ops guy or girl, they are pro on-prem or pro hybrid and all that. Like they try to keep it there. >> I think first of all, I have opinion on this. I think, I think you're right. But how hardware is coming back, if you look at how cloud is enabling hardware, it's retro, it's designed for the cloud. So hardware's going to offload, either accelerate stuff and offload stuff from the software guide. So look at DeepRacer it's hardware. Now it's a car. You've got the silicon and the chips. So the chips you're talking about. Those aren't chips for service and the data center. They're just chips to make the software in the cloud run better. >> Sarbjeet: Well scale. >> So scaling. And so I think we're going to see a Renaissance in hardware. It's going to look different. It's going to act different. So we're watching this. I mean, you brought up the idea of having a CUBE hardware box. >> Yeah. It's a great idea. >> It's a good idea. DM me and tell me it's a bad idea or good idea. I'll blame Sarbjeet for that. But what else have you learned? >> What else have learnt actually it's basically boils down to economics at the end of the day. It's about moving fast. It's about having developer productivity, again going back the cloud naysayers. It's like, why did you build a bike? Remember Steve Job used to say that, "computer is the bicycle for the human minds." >> Yes. >> Right. So cloud is the bicycle for the enterprises. They makes them move faster. 'So I think that's-- >> All right. We're closing down. We're going to hold on until they pull the plug on theCUBE literally. Sarbjeet great to see you on there. Check 'em out on Twitter. Great event. Good to see you, great report. Thank for sharing. Sarbjeet Johal here on theCUBE, taking over our community site I hear, right? Now you going to work-- >> I'm there. I'm always there. >> Great to have you on. I'm going to work on some new things with theCUBE. Really appreciate working with us. Thanks a lot. >> I really appreciate you guys giving me this platform. It's an amazing platform. Thank you very much. >> That's all right. We'll be back. That's it for our coverage of AWS summit 2020 here live on the floor. Events are back. Hybrid's back. We get theCUBE studios in Palo Alto in Boston. Re:invent at the end of the year but we're going to the summit in New York city. In the summer, we got re:Inforce in Boston the security conference. Re:MARS which is the robotics IML conference. And of course the big summit New York and San Francisco we're there of course. Share thecube.net for all the action. I'm John for your host with Sarbjeet here. Closing out the show. Thanks for watching. (Calm music)

>> from our studios in the heart of Silicon Valley, Palo Alto, California It is a cute conversation. >> Well, the Special Cube conversation. We are here in Palo Alto, California, Cube studios here. Tony, Gino, Domenico, Who's the senior security strategist and research at for Net and four to guard labs live from Las Vegas. Where Black Hat and then Def Con security activities happening, Tony, also known as Tony G. Tony G. Welcome to this cube conversation. >> Hey, Thanks, John. Thanks for having me. >> So a lot of action happening in Vegas. We just live there all the time with events. You're there on the ground. You guys have seen all the action there. You guys are just published. Your quarterly threat report got a copy of it right here with the threat index on it. Talk about the quarterly global threats report. Because the backdrop that we're living in today, also a year at the conference and the cutting edge is security is impacting businesses that at such a level, we must have shell shock from all the breaches and threats they're going on. Every day you hear another story, another story, another hack, more breaches. It said all time high. >> Yeah, you know, I think a lot of people start to get numb to the whole thing. You know, it's almost like they're kind of throwing your hands up and say, Oh, well, I just kind of give up. I don't know what else to do, but I mean, obviously, there are a lot of different things that you can do to be able to make sure that you secure your cybersecurity program so at least you minimize the risk of these particular routes is happening. But with that said with the Threat Landscape report, what we typically dio is we start out with his overall threat index, and we started this last year. If we fast forward to where we are in this actual cue to report, it's been one year now, and the bad news is that the threats are continuing to increase their getting more sophisticated. The evasion techniques are getting more advanced, and we've seen an uptick of about 4% and threat volume over the year before. Now the silver lining is I think we expected the threat volume to be much higher. So I think you know, though it is continuing to increase. I think the good news is it's probably not increasing as fast as we thought it was going to. >> Well, you know, it's always You have to know what you have to look for. Blood. People talk about what you can't see, and there's a lot of a blind spot that's become a data problem. I just want to let people know that. Confined the report, go to Ford Nets, ah website. There's a block there for the details, all the threat index. But the notable point is is only up 4% from the position year of a year that the attempts are more sophisticated. Guys gotta ask you, Is there stuff that we're not seeing in there? Is there blind spots? What's the net net of the current situation? Because observe ability is a hot topic and cloud computing, which essentially monitoring two point. Oh, but you gotta be able to see everything. Are we seeing everything? What's what's out there? >> Well, I mean, I think us as Ford, a guard on Darcy, have cyber threat in challenges. I think we're seeing a good amount, but when you talk about visibility, if you go back down into the organizations. I think that's where there's There's definitely a gap there because a lot of the conversations that I have with organizations is they don't necessarily have all the visibility they need from cloud all the way down to the end point. So there are some times that you're not gonna be able to catch certain things now. With that said, if we go back to the report at the end of the day, the adversaries have some challenges to be able to break into an organization. And, of course, the obvious one is they have to be able to circumvent our security controls. And I think as a security community, we've gotten a lot better of being able to identify when the threat is coming into an organization. Now, on the flip side, Oh, if you refer back to the minor Attack knowledge base, you'll see a specific tactic category called defense evasions. There's about 60 plus techniques, evasion techniques the adversary has at their disposal, at least that we know may there may be others, but so they do have a lot of opportunity, a lot of different techniques to be able to leverage with that, said There's one technique. It's, ah, disabling security tools that we started seeing a bit of an increase in this last cue to threat landscape report. So a lot of different types of threats and mile where have the capability to be ableto one look at the different processes that may be running on a work station, identifying which one of those processes happen to be security tools and then disabling them whether they're no, maybe they might just be able to turn the no, the actual service off. Or maybe there's something in the registry that they can tweak. That'll disable the actual security control. Um, maybe they'll actually suppress the alerts whatever. They conduce you to make sure that that security control doesn't prevent them from doing that malicious activity. Now, with that said, on the flip side, you know, from an organization for perspective, you want to make sure that you're able to identify when someone's turning on and turning off those security control to any type of alert that might be coming out of that control also. And this is a big one because a lot of organizations and this certainly do this minimize who has the ability to turn those particular security controls on and off. In the worst cases, you don't wanna have all of your employees uh, the you don't want to give them the ability to be able to turn those controls on and off. You're never gonna be ableto baseline. You're never gonna be able to identify a, you know, anomalous activity in the environment, and you're basically gonna lose your visibility. >> I mean, this increase in male wearing exploit activity you guys were pointing out clearly challenge the other thing that the report kind of She's out. I want to get your opinion on this. Is that the The upping? The ante on the evasion tactics has been very big trend. The adversaries are out there. They're upping the ante. You guys, we're upping the guarantees. This game you continue this flight will continues. Talk about this. This feature of upping the ante on evasion tactics. >> Yes. So that's what I was that I was kind of ah, referring to before with all the different types of evasion techniques. But what I will say is most of the all the threats these days all have some type of evasion capabilities. A great example of this is every quarter. If you didn't know. We look at different types of actors and different types of threats, and we find one that's interesting for us to dig into and where create was called an actual playbook, where we want to be able to dissect that particular threat or those threat actor methodologies and be able to determine what other tactics and corresponding techniques, which sometimes of course, includes evasion techniques. Now, the one that we focused on for this quarter was called His Ego's Was Ego, says a specific threat that is an information stealer. So it's gathering information, really based on the mission goals off, whatever that particular campaign is, and it's been around for a while. I'm going all the way back to 2011. Now you might be asking yourself, Why did we actually choose this? Well, there's a couple different reasons. One happens to be the fact that we've seen an uptick in this activity. Usually when we see that it's something we want to dive into a little bit more. Number two. Though this is a tactic of the of the adversary, what they'll do is they'll have their threat there for a little while, and then local doorman. They'll stop using that particular malware. That's no specific sort of threat. They'll let the dust settle that things die down. Organizations will let their guard down a little bit on that specific threat. Security organizations Ah, vendors might actually do the same. Let that digital dust kind of settle, and then they'll come back. Bigger, faster, stronger. And that's exactly what Z ghosted is. Ah, we looked at a specific campaign in this new mall where the new and improved Mauer, where is they're adding in other capabilities for not just being able to siphon information from your machine, but they're also now can capture video from your webcam. Also, the evasion techniques since Iran that particular subject, what they're also able to do is they're looking at their application logs. Your system logs your security logs, the leading them making a lot more difficult from a forensic perspective. Bill, go back and figure out what happened, what that actual malware was doing on the machine. Another interesting one is Ah, there. We're looking at a specific J peg file, so they're looking for that hash. And if the hash was there the axle? Um, our wouldn't run. We didn't know what that was. So we researched a little bit more on What we found out was that J Peg file happened to be a desktop sort of picture for one of the sandboxes. So it knew if that particular J pick was present, it wasn't going to run because it knew it was being analyzed in a sandbox. So that was a second interesting thing. The 3rd 1 that really leaned us towards digging into this is a lot of the actual security community attribute this particular threat back to cyber criminals that are located in China. The specific campaign we were focused on was on a government agency, also in China, So that was kind of interesting. So you're continuing to see these. These mile wears of maybe sort of go dormant for a little bit, but they always seem to come back bigger, faster, stronger. >> And that's by design. This is that long, whole long view that these adversaries we're taking in there as he organized this economy's behind what they're doing. They're targeting this, not just hit and run. It's get in, have a campaign. This long game is very much active. Howto enterprises. Get on, get on top of this. I mean, is it Ah, is it Ah, people process Issue is it's, um, tech from four to guard labs or what? What's what's for the Nets view on this? Because, I mean, I can see that happening all the time. It has >> happened. Yeah, it's It's really it's a combination of everything on this combination. You kind of hit like some of it, its people, its processes and technology. Of course, we have a people shortage of skilled resource is, but that's a key part of it. You always need to have those skills. Resource is also making sure you have the right process. Is how you actually monitoring things. I know. Ah, you know, a lot of folks may not actually be monitoring all the things that they need to be monitoring from, Ah, what is really happening out there on the internet today? So making sure you have clear visibility into your environment and you can understand and maybe getting point in time what your situational awareness is. You you, for my technology perspective, you start to see and this is kind of a trend. We're starting the leverage artificial intelligence, automation. The threats are coming, and it's such a high volume. Once they hit the the environment, instead of taking hours for your incident response to be about, at least you know not necessarily mitigate, but isolate or contain the breach. It takes a while. So if you start to leverage some artificial intelligence and automatic response with the security controls are working together. That's a big that's a big part of it. >> Awesome. Thanks for coming. This is a huge problem. Think no one can let their guard down these days? Certainly with service, they're expanding. We're gonna get to that talk track in the second. I want to get quickly. Get your thoughts on ransom, where this continues to be, a drum that keeps on beating. From a tax standpoint, it's almost as if when when the attackers need money, they just get the same ransomware target again. You know, they get, they pay in. Bitcoin. This is This has been kind of a really lucrative but persistent problem with Ransomware. This what? Where what's going on with Ransomware? What's this state of the report and what's the state of the industry right now in solving that? >> Yeah. You know, we looked into this a little bit in last quarter and actually a few quarters, and this is a continuous sort of trend ransom, where typically is where you know, it's on the cyber crime ecosystem, and a lot of times the actual threat itself is being delivered through some type of ah, phishing email where you need a user to be able to click a langur clicking attachment is usually kind of a pray and spray thing. But what we're seeing is more of ah, no sort of ah, you know, more of a targeted approach. What they'll do is to look for do some reconnaissance on organizations that may not have the security posture that they really need. Tohave, it's not as mature, and they know that they might be able to get that particular ransomware payload in there undetected. So they do a little reconnaissance there, And some of the trend here that we're actually seeing is there looking at externally RTP sessions. There's a lot of RTP sessions, the remote desktop protocol sessions that organizations have externally so they can enter into their environment. But these RTP sessions are basically not a secure as they need to be either week username and passwords or they are vulnerable and haven't actually been passed. They're taking advantage of those they're entering and there and then once they have that initial access into the network, they spread their payload all throughout the environment and hold all those the those devices hostage for a specific ransom. Now, if you don't have the, you know, particular backup strategy to be able to get that ransom we're out of there and get your your information back on those machines again. Sometimes you actually may be forced to pay that ransom. Not that I'm recommending that you sort of do so, but you see, or organizations are decided to go ahead and pay that ransom. And the more they do that, the more the adversary is gonna say, Hey, I'm coming back, and I know I'm gonna be able to get more and more. >> Yeah, because they don't usually fix the problem or they come back in and it's like a bank. Open bank blank check for them. They come in and keep on hitting >> Yeah >> same target over and over again. We've seen that at hospitals. We've seen it kind of the the more anemic I t department where they don't have the full guard capabilities there. >> Yeah, and I would have gone was really becoming a big issue, you know? And I'll, uh, ask you a question here, John. I mean, what what does Microsoft s A N D. H s have in common for this last quarter? >> Um, Robin Hood? >> Yeah. That attacks a good guess. Way have in common is the fact that each one of them urged the public to patch a new vulnerability that was just released on the RTP sessions called Blue Keep. And the reason why they was so hyped about this, making sure that people get out there and patch because it was were mobile. You didn't really need tohave a user click a link or click and attachment. You know, basically, when you would actually exploit that vulnerability, it could spread like wildfire. And that's what were mobile is a great example of that is with wannacry. A couple years ago, it spread so quickly, so everybody was really focused on making sure that vulnerability actually gets patched. Adding onto that we did a little bit of research on our own and ransom Internet scans, and there's about 800,000 different devices that are vulnerable to that particular ah, new vulnerability that was announced. And, you know, I still think a lot of people haven't actually patched all of that, and that's a real big concern, especially because of the trend that we just talked about Ransomware payload. The threat actors are looking at are Rdp as the initial access into the environment. >> So on blue Keep. That's the one you were talking about, right? So what is the status of that? You said There's a lot of vulnerable is out. There are people patching it, is it Is it being moving down, the down the path in terms of our people on it? What's your take on that? What's the assessment? >> Yeah, so I think some people are starting to patch, but shoot, you know, the scans that we do, there's still a lot of unpacked systems out there, and I would also say we're not seeing what's inside the network. There may be other RTP sessions in the environment inside of an organization's environment, which really means Now, if Ransomware happens to get in there that has that capability than to be able to spread like the of some RTP vulnerability that's gonna be even a lot more difficult to be able to stop that once it's inside a network. I mean, some of the recommendations, obviously, for this one is you want to be able to patch your RTP sessions, you know, for one. Also, if you want to be able to enable network authentication, that's really gonna help us. Well, now I would also say, You know, maybe you want a hard in your user name and passwords, but if you can't do some of this stuff, at least put some mitigating controls in place. Maybe you can isolate some of those particular systems, limit the amount of AH access organizations have or their employees have to that, or maybe even just totally isolated. If it's possible, internal network segmentation is a big part of making sure you can. You're able to mitigate some of these put potential risks, or at least minimize the damage that they may cause. >> Tony G. I want to get your thoughts on your opinion and analysis expert opinion on um, the attack surface area with digital and then ultimately, what companies can do for Let's let's start with the surface area. What's your analysis there? Ah, lot of companies are recognizing. I'll see with Coyote and other digital devices. The surface area is just everywhere, right? So I got on the perimeter days. That's kind of well known. It's out there. What's the current digital surface area threats look like? What's your opinion? >> Sure, Yeah, it's Ah, now it's funny. These days, I say no, Jenna tell you everything that seems to be made as an I P address on it, which means it's actually able to access the Internet. And if they can access the Internet, the bad guys can probably reach out and touch it. And that's really the crux of the problem of these days. So anything that is being created is out on the Internet. And, yeah, like, we all know there's really not a really rigid security process to make sure that that particular device as secure is that secure as it actually needs to be Now. We talked earlier on about You know, I ot as relates to maybe home routers and how you need to be ableto hard in that because you were seeing a lot of io teapot nets that air taking over those home routers and creating these super large I ot botnets on the other side of it. You know, we've seen ah lot of skate of systems now that traditionally were in air gapped environments. Now they're being brought into the traditional network. They're being connected there. So there's an issue there, but one of the ones we haven't actually talked a lot about and we see you're starting to see the adversaries focus on these little bit more as devices in smart homes and smart buildings in this queue to threat landscape report. There was a vulnerability in one of these you motion business management systems. And, you know, we looked at all the different exploits out there, and the adversaries were actually looking at targeting that specific exploit on that. That's smart management building service device. We had about 1% of all of our exploit, uh, hits on that device. Now that might not seem like a lot, but in the grand scheme of things, when we're collecting billions and billions of events, it's a fairly substantial amount. What, now that we're Lee starts a kind of bring a whole another thought process into as a security professional as someone responds double for securing my cyber assets? What if I include in my cyber assets now widen include all the business management systems that my employees, Aaron, for my overall business. Now that that actually might be connected to my internal network, where all of my other cyber assets are. Maybe it actually should be. Maybe should be part of your vulnerability mentioned audibly patch management process. But what about all the devices in your smart home? Now? You know, all these different things are available, and you know what the trend is, John, right? I mean, the actual trend is to work from home. So you have a lot of your remote workers have, ah, great access into the environment. Now there's a great conduit for the obvious areas to be ableto break into some of those smart home devices and maybe that figure out from there there on the employees machine. And that kind of gets him into, you know, the other environment. So I would say, Start looking at maybe you don't wanna have those home devices as part of, ah, what you're responsible for protecting, but you definitely want to make sure your remote users have a hardened access into the environment. They're separated from all of those other smart, smart home devices and educate your employees on that and the user awareness training programs. Talk to them about what's happening out there, how the adversaries air starting to compromise, or at least focus on some of them smart devices in their home environment. >> These entry points are you point out, are just so pervasive. You have work at home totally right. That's a great trend that a lot of companies going to. And this is virtual first common, a world. We build this new new generation of workers. They wanna work anywhere. So no, you gotta think about all that. Those devices that your son or your daughter brought home your husband. Your wife installed a new light bulb with an I peed connection to it fully threaded processor. >> I know it. Gosh, this kind of concern me, it's safer. And what's hot these days is the webcam, right? Let's say you have an animal and you happen to go away. You always want to know what your animals doing, right? So you have these Webcams here. I bet you someone might be placing a webcam that might be near where they actually sit down and work on their computer. Someone compromises that webcam you may be. They can see some of the year's name and password that you're using a log in. Maybe they can see some information that might be sensitive on your computer. You know, it's the The options are endless here. >> Tony G. I want to get your thoughts on how companies protect themselves, because this is the real threat. A ni O t. Doesn't help either. Industrial I ot to just Internet of things, whether it's humans working at home, too, you know, sensors and light bulbs inside other factory floors or whatever means everywhere. Now the surface area is anything with a knife he address in power and connectivity. How do companies protect themselves? What's the playbook? What's coming out of Red hat? What's coming out of Fort Annette? What are you advising? What's the playbook? >> Yeah, you know I am. You know, when I get asked this question a lot, I really I sound like a broken record. Sometimes I try to find so many different ways to spin it. You know, maybe I could actually kind of say it like this, and it's always means the same thing. Work on the fundamentals and John you mentioned earlier from the very beginning. Visibility, visibility, visibility. If you can't understand all the assets that you're protecting within your environment, it's game over. From the beginning, I don't care what other whiz bang product you bring into the environment. If you're not aware of what you're actually protecting, there's just no way that you're gonna be able to understand what threats are happening out your network at a higher level. It's all about situational awareness. I want to make sure if I'm if I'm a C so I want my security operations team to have situational awareness at any given moment, all over the environment, right? So that's one thing. No grabbing that overall sort of visibility. And then once you can understand where all your assets are, what type of information's on those assets, you get a good idea of what your vulnerabilities are. You start monitoring that stuff. You can also start understanding some of different types of jabs. I know it's challenging because you've got everything in the cloud all the way down to the other end point. All these mobile devices. It's not easy, but I think if you focus on that a little bit more, it's gonna go a longer way. And I also mentioned we as humans. When something happens into the environment, we can only act so fast. And I kind of alluded to this earlier on in this interview where we need to make sure that we're leveraging automation, artificial in intelligence to help us be able to determine when threats happened. You know, it's actually be in the environment being able to determine some anomalous activity and taking action. It may not be able to re mediate, but at least it can take some initial action. The security controls can talk to each other, isolate the particular threat and let you fight to the attack, give you more time to figure out what's going on. If you can reduce the amount of time it takes you to identify the threat and isolate it, the better chances that you're gonna have to be able to minimize the overall impact of that particular Reno. >> Tony, just you jogging up a lot of memories from interviews I've had in the past. I've interviewed the four star generals, had an essay, had a cyber command. You get >> a lot of >> military kind of thinkers behind the security practice because there is a keeping eyes on the enemy on the target on the adversary kind of dialogue going on. They all talk about automation and augmenting the human piece of it, which is making sure that you have as much realty. I'm information as possible so you can keep your eyes on the targets and understand, to your point contextual awareness. This seems to be the biggest problem that Caesar's heir focused on. How to eliminate the tasks that take the eyes off the targets and keep the situational winners on on point. Your thoughts on that? >> Yeah, I have to. You know what, son I used to be? Oh, and I still do. And now I do a lot of presentations about situational awareness and being ableto build your you know, your security operations center to get that visibility. And, you know, I always start off with the question of you know, when your C so walks in and says, Hey, I saw something in the news about a specific threat. How are we able to deal with that? 95% of the responses are Well, I have to kind of go back and kind of like, you don't have to actually come dig in and, you know, see, and it takes them a while for the audio. >> So there's a classic. So let me get back to your boss. What? Patch patch? That, um Tony. Chief, Thank you so much for the insight. Great Congressional. The Holy Report. Keep up the good work. Um, quick, Quick story on black hat. What's the vibe in Vegas? Def con is right around the corner after it. Um, you seeing the security industry become much more broader? See, as the industry service area becomes from technical to business impact, you starting to see that the industry change Amazon Web service has had an event cloud security called reinforce. You starting to see a much broader scope to the industry? What's the big news coming out of black at? >> Yeah, you know, it's it's a lot of the same thing that actually kind of changes. There's just so many different vendors that are coming in with different types of security solutions, and that's awesome. That is really good with that, said, though, you know, we talked about the security shortage that we don't have a lot of security professionals with the right skill sets. What ends up happening is you know, these folks that may not have that particular skill, you know, needed. They're being placed in these higher level of security positions, and they're coming to these events and they're overwhelmed because they're all they'll have a saw slight. It's all over a similar message, but slightly different. So how did they determine which one is actually better than the others? So it's, um, I would say from that side, it gets to be a little bit kind of challenging, but at the same time, No, I mean, we continued to advance. I mean, from the, uh, no, from the actual technical controls, solutions perspective, you know, You know, we talked about it. They're going, we're getting better with automation, doing the things that the humans used to do, automating that a little bit more, letting technology do some of that mundane, everyday kind of grind activities that we would as humans would do it, take us a little bit longer. Push that off. Let the actual technology controls deal with that so that you can focus like you had mentioned before on those higher level you know, issues and also the overall sort of strategy on either howto actually not allow the officer to come in or haven't determined once they're in and how quickly will be able to get them out. >> You know, we talked. We have a panel of seashells that we talk to, and we were running a you know, surveys through them through the Cube insights Most see says, we talk Thio after they won't want to talk off the record. I don't want anyone know they work for. They all talked him. They say, Look, I'm bombarded with more and more security solutions. I'm actually trying to reduce the number of suppliers and increase the number of partners, and this is nuanced point. But to your what you're getting at is a tsunami of new things, new threats, new solutions that could be either features or platforms or tools, whatever. But most si SOS wanna build an engineering team. They wanna have full stack developers on site. They wanna have compliance team's investigative teams, situational awareness teams. And they want a partner with with suppliers where they went partners, not just suppliers. So reduce the number suppliers, increase the partners. What's your take on that year? A big partner. A lot of the biggest companies you >> get in that state spring. Yeah. I mean, that's that's actually really our whole strategy. Overall strategy for Ford. Annette is, and that's why we came up with this security fabric. We know that skills are really not as not as prevalent as that they actually need to be. And of course, you know there's not endless amounts of money as well, right? And you want to be able to get these particular security controls to talk to each other, and this is why we built this security fabric. We want to make sure that the controls that we're actually gonna build him, and we have quite a few different types of, you know, security controls that work together to give you the visibility that you're really looking for, and then years Ah, you know, trusted partner that you can actually kind of come to And we can work with you on one identifying the different types of ways the adversaries air moving into the environment and ensuring that we have security controls in place to be able to thwart the threat. Actor playbook. Making sure that we have a defensive playbook that aligns with those actual ttp is in the offensive playbook, and we can actually either detect or ultimately protect against that malicious activity. >> Tony G. Thanks for sharing your insights here on the cube conversation. We'll have to come back to you on some of these follow on conversations. Love to get your thoughts on Observe ability. Visibility on. Get into this. What kind of platforms are needed to go this next generation with cloud security and surface area being so massive? So thanks for spending the time. Appreciate it. >> Thanks a lot, Right. We only have >> a great time in Vegas. This is Cube conversation. I'm John for here in Palo Alto. Tony G with Fortinet in Las Vegas. Thanks for watching

>> Announcer: Live from Washington, DC, it's the Cube, covering .conf2017, brought to you by Splunk. (busy electronic music) >> Welcome back to the Washington Convention Center, the Walter Washington Convention Center, in our nation's capital as our coverage continues here of .conf2017. We're here at Splunk along with Dave Vellante. I'm John Walls, and kind of coming down the home stretch, Dave. There's just something about the crowd's lingering still, the show for, still has that good vibe to it, late second day, hasn't let off yet. >> Oh, no, remember, the show goes on through tomorrow. There's some event tonight, I think. I don't know, the band's here. >> Yeah, but-- >> Be hanging out, partying tonight. >> But you can tell the Splunkers are alive and well. We have Terry Ramos with us, who's going to join us for the next 15 minutes or so, the VP of Business Development of Palo Alto Networks. Terry, good to see you, sir. >> Good, really appreciate you having me here. >> You bet, you bet, thanks for joining us. You've got a partnership now, you've synced up with Splunk. >> Terry: Yes. >> Tell us a little bit about that. Then we'll get into the customer value after that. But first off, what's the partnership all about? >> Sure. We've actually been partners for about five years, really helping us solve some customer needs. We've got about several thousand customers who are actually using both products together to solve the needs I'll talk about in a minute. The partnership is really key to us. We've invested a ton of time, money, effort into it, we have executive level sponsorship all the way down to sales. In the field, we have reps working together to really position the solution to customers, both us and Splunk and then how we tie together. We're the number one downloaded app for Splunk by far that's a third party, so they have a couple that are more downloaded than us, but for third party, we've done that. We develop it all in house ourselves. For customers out there who think the app's great, I'll talk about the new version coming, I'd love any feedback on what should we do next, what are the next things we should do in the app, because we're really developing this and making this investment for customers to get the value out of it. >> What about the business update for Palo Alto Networks? I mean, can you give us the sort of quick rundown on what's going on in your world? >> Sure. I think most people know Palo Alto Networks has done pretty well. We just finished our FY '17, finished with about 42,500 customers. Revenue was, I think, 1.8 billion, approximately. We're still a very high growth company, and been growing the product set pretty well, from products next-gen firewall, all the attached subscriptions. Then we've got things like the Endpoint Traps now that's really doing well in the market, where customers need help on preventing exploits on the endpoint. That's been a growing market for us. >> It's the hottest space in the data center right now, and everybody wants to partner with you guys. Obviously, Splunk, you go to all the big shows, and they're touting their partnerships with Palo Alto. What do you attribute that sort of success to? >> Customers, truly. I run the partnerships for the company. If we do not have a customer who will be invested in the integration and the partnership, we don't do it. The number one thing we ask when somebody says, I want to partner with you, is, who's the customer, what's the use case, and why, right. Then if we can get good answers to that, then we go down the path of a partnership. Even then, though, we're still pretty selective. We've got 150 partners today that are technology partnerships. But we've got a limited number, Splunk's a big one, that we really invest heavily in, far more than the others, far more than just an API integration, the stuff of getting out to customers in the field the development of apps and integration, those things. >> Talk about, we laugh about Barney deals sometimes, I love you, you love me, let's do a press release. What differentiates that sort of Splunk level of partnership? Is it engineering resources? Is it deeper go to market? Maybe talk about that a little. >> Yeah, I hate Barney partnerships completely. If I do those, fire me, truthfully. I think the value that we've done with Splunk that we've really drawn out is, we've built this app, right, so BD has a team of developers on our team that writes the app for Splunk. We have spent four years developing this app. We were the first company to do adaptive response before it was called adaptive response. You see something in Splunk, you can actually take action back to a firewall to actually block something, quarantine something, anything like that. The app today is really focused on our products, right, through Endpoint, WildFire, things like that, right, so it's very product focused. We're actually putting in a lot of time and effort into a brand new app that we're developing that we're showing off now that we'll ship in about a month a half that's really focused on adversaries and incidents. We have something called the adversary score card where it'll show you, this is what's actually happening on my network, how far is this threat penetrating my network and my endpoints, is it being stopped, when is it being stopped. Then we've got an incident flow, too, that shows that level down to Traps prevented this, and here's how it prevented it. Then if we go back to the adversary score card, it ties into what part of the kill chain did we actually stop it at. For a CISO, when you come in and you say, there's a new outbreak, there's a new worm, there's a new threat that's happening, how do I know that I'm protected? Well, Splunk gives you great access to that data. What we've done is an app on top of it that's a single click. A SOC guy can say, here's where we're at, here's where we've blocked it. >> I guess I've been talking to a lot of folks here the last two days, and we've got a vendor right over here, we're talking, they have a little scorecard up, and they tell you about how certain intrusions are detected at certain intervals, 190 days to 300 and some odd days. Then I hear talk about a scorecard that tells you, hey, you've got this risk threat, and this is what's happened. I mean, I guess I'm having a hard time squaring that all up with, it sounds like a real time examination. But it's really not, because we're talking about maybe half a year or longer, in some cases, before a threat is detected. >> Yeah, so as a company, we've really focused on prevention. Prevent as much as you can. We have a product called WildFire, where we have tens of thousands of customers who actually share data with us, files and other things, files, URLs, other things. What we do is we run those through sandboxing, dynamic analysis, static analysis, all sorts of stuff, to identify if it's malicious. If it's malicious, we don't just start blocking that file, we also send down to the firewall all the things that it does. Does it connect to another website to download a different payload, does it connect to a C&C site, command and control site? What's that malware actually doing? We send that down to the customer, but we also send it to all of our customers. It may hit a target, right, the zero day hit one customer, but then we start really, how do we prevent this along the way, both in the network and at the endpoint? Yeah, there are a lot of people that talk about breaches long term, all that, what we're trying to make sure is we're preventing as much as we can and letting the SOC guys really focus on the things that they need to. A simple piece of malware, they shouldn't be having to look at that. That should be automatically stopped, prevented. But that advanced attack, they need to focus on that and what are they doing about it. >> The payloads have really evolved in the last decade. You mentioned zero day. Think about them, we didn't even know what it was in the early 2000s. I wonder if you could talk about how your business has evolved as the sophistication of the attackers has evolved from hacktivist to organized crime to nation state. >> Yeah, yeah. It has evolved a lot, and when you think about the company, 42,500 customers says a lot. We've been able to grow that out. When you talk about a product, something like WildFire that does this payload analysis, when we launched the product it was free. You'd get an update about every 24 hours, right. We moved it down to, I think it was four hours, then it was an hour, 20 minutes, and now it's about five minutes. In about five minutes, we do all that analysis and how do we stop it. Back to the question is, when you're talking about guys that are just using malware and running it over and over, that's one thing. But when you're talking about sophisticated nation states, that's where you've got to get this, prevent it as quickly as you possibly can. >> If we're talking about customer value, you've kind of touched on it a little bit, but ultimately, you said you've got some to deal with Splunk, some to deal with you, some are now dealing with both. End of the day, what does that mean to me, that you're bringing this extra arsenal in? How am I going to leverage that in my operations? What can I do with it better, I guess, down the road? >> Yeah, I think it really comes down to that, how quickly can you react, how do you know what to react to. I mean, it's as simple as that, I know it sounds super simple, but it is that. If I'm a SOC guy sitting in a SOC, looking at the threats that are happening on my network, what's happening on my endpoints, and being able to say, this one actually got through the firewall. It was a total zero day, we had never seen it before. But it landed at the endpoint, and it tried to run and we prevented it there. Now you can go and take action down to that endpoint and say, let's get it off the endpoint, the firewall's going to be updated in a few minutes anyway. But let's go really focus on that. It's the focus of, what do you need to worry about. >> Dave: Do you know what a zero day is? >> You've kind of, yeah, I mean, it's the movie, right? >> He's going, no, no, there was a movie because of the concept-- >> Because of the idea. >> David's note, there's been zero days of protection. But you can explain it better than I can. >> Yeah, zero day means it's a brand new attack, never seen before, whether it be-- >> Unique characteristics and traits in a new way that infiltrate, and something that's totally off from left field. >> When you think about it, those are hard to create. They take a lot of time and effort to go find the bugs in programs, right. If it's something in a Microsoft or an Oracle, that's a lot of effort, right, to go find that new way to do a buffer overflow or a heap spray or whatever it is. That's a lot of work, that's a lot of money. One of the things we focused on is, if we can prevent it faster, that money, that investment those people are making is out the window. We really, again, are going to focus on the high end, high fidelity stuff. >> The documentary called "Zero Days," but there was, I don't know how many zero day viruses inside of Stuxnet, like, I don't know, four or five. You maybe used to see, the antivirus guys would tell you, we maybe see one or two a year, and there were four or five inside of this code. >> Loaded into one invasion, yeah, yeah, yeah. >> It's the threat from within. I mean, one of the threats, if I recall correctly, was actually, they had to go in and steal some chip at some Taiwanese semiconductor manufacturer, so they had to have a guy infiltrate, who knows, with a mop or something, stick a, had to break in, basically. These are, when you see a payload like that, you know it's a nation state, not just some hacktivist, right, or even organized crime doesn't necessarily have the resources for the most part, right? >> It's a big investment, it is. Zero days are a big investment, because you've got to figure it out, you may have to get hardware, you have to get the software. It's a lot of work to fund that. >> They're worth a lot of money on the black market. I mean, you can sell those things. >> That's why, if we make them unusable fairly quickly, it stops that investment. >> We were talking with Monte Mercer earlier, just talking about his comments this morning, keynotes about you could be successful defending, right. It's not all bets are off, we're hopeless here. But it still sounds as if, in your world, there are these inherent frustrations, because bad guys are really smart. All of a sudden, you've got a whole new way, a whole new world that you have to combat, just when you thought you had enough prophylactic activity going on in one place, boom, here you are now. Can you successfully defend? Do you feel like you have the tools to be that watch at the gate? >> I'd be a liar if I say you can prevent everything, right. It's just not possible. But what you've got to be able to prevent is everything that's known, and then take the unknown, make it known as quickly as possible, and start preventing that. That's the goal. If anybody out here is saying they prevent everything, it's just not true, it can't be true. But the faster you take that unknown and make it known and start preventing it, that's what you do. >> Well, and it's never just one thing in this world, right? Now there's much more emphasis being placed on response and predicting the probability of the severity and things of that nature. It really is an ecosystem, right. >> Terry: It is, that's what I do. >> Which is kind of back to what you do. How do you see this ecosystem evolving? What are your objectives? >> I think that from my standpoint, we'll continue to build out new partnerships for customers. We really focus on those ones that are important to customers. We recently did a lot with authentication partners, right, because that's another level of, if people are getting those credentials and using them then what are they doing with them, right? We did some new stuff in the product with a number of partners where we look at the credentials, and if they're leaving the network, going to an unknown site, that should never happen, right? Your corporate credentials should never go to some unknown site. That's a good example of how we build out new things for customers that weren't seen before with a partner. We don't do authentication, so we rely on partners to do that with us. As we continue to talk about partnership and BD, we're going to continue to focus on those things that really solve that need for our customer. >> Well, I don't know how you guys sleep at night, but I'm glad you do. >> Dave: No, we don't. What do you mean? I'm glad you don't. >> It's 24/7, that's for sure. >> Terry: Yes. >> Terry, thanks for being with us. >> Thank you very much. >> We appreciate the time, glad to have you on the Cube. The Cube will continue live from Washington, DC, we're at .conf2017. (busy electronic music)