(bright upbeat music) >> Welcome back to theCUBE's coverage of VeeamON 2022. We're here at the Aria in Las Vegas. This is day two, Dave Vallante with David Nicholson. You know with theCUBE, we talked about the cloud a lot and the company that started the cloud, AWS. Jeanna James is here. She's the Global Alliance Manager at AWS and a data protection expert. Great to see you. Thanks for coming on theCUBE again. >> Thanks so much for having me, Dave. It's great to be here in person with everyone. >> Yes, you know, we've done a few events live more than a handful. Thanks a lot to AWS. We've done a number. We did the DC Summits. Of course, re:Invent was huge out here last year. That was right in between the sort of variant Omicron hitting. And it was a great, great show. We thought, okay, now we're back. And of course we're kind of back, but we're here and it's good to have you. So Veeam, AWS, I mean, they certainly embrace the cloud. What's your relationship there? >> Yeah, so Veeam is definitely a strong partner with AWS. And as you know, AWS is really a, you know, we have so many different services, and our customers and our partners are looking at how can I leverage those services and how do I back this up, right? Whether they're running things on premises and they want to put a copy of the data into Amazon S3, Amazon S3 Infrequent Access or Amazon S3 Glacier Deep Archive, all of these different technologies, you know Veeam supports them to get a copy from on-prem into AWS. But then the great thing is, you know, it's nice to have a copy of your data in the cloud but you might want to be able to do something with it once it gets there, right? So Veeam supports things like Amazon EC2 and Amazon EKS and EKS Anywhere. So those customers can actually recover their data directly into Amazon EC2 and EKS Anywhere. >> So we, of course, talked a lot about ransomware and that's important in that context of what you just mentioned. What are you seeing with the customers when you talk to them about ransomware? What are they asking AWS to do? Maybe we could start unpacking that a bit. >> Yeah, ransomware is definitely a huge topic today. We're constantly having that conversation. And, you know, five years ago there was a big malware attack that was called the NotPetya virus. And at that time it was based on Petya which was a ransomware virus, and it was designed to go in and, you know, lock in the data but it also went after the backup data, right? So it hold all of that data hostage so that people couldn't recover. Well, NotPetya was based on that but it was worse because it was the seek and destroy virus. So with the ransomware, you can pay a fee and get your data back. But with this NotPetya, it just went in, it propagated itself. It started installing on servers and laptops, anything it could touch and just deleting everything. And at that time, I actually happened to be in the hospital. So hospitals, all types of companies got hit by this attack. And my father had been rushed to the emergency room. I happened to be there. So I saw live what really was happening. And honestly, these network guys were running around shutting down laptops, taking them away from doctors and nurses, shutting off desktops. Putting like taping on pictures that said, do not turn on, right? And then, the nurses and staff were having to kind of take notes. And it was just, it was a mess, it was bad. >> Putting masks on the laptops essentially. >> Yeah, so just-- >> Disinfecting them or trying to. Wow, unplugging things from the network. >> Yes, because, you know, and that attack really demonstrated why you really need a copy of the data in the cloud or somewhere besides tape, right? So what happened at that time is if you lose 10 servers or something, you might be able to recover from tape, but if you lose a hundred or a thousand servers and all of your laptops, all in hours, literally a matter of hours, that is a big event, it's going to take time to recover. And so, you know, if you put a copy of the backup data in Amazon S3 and you can turn on that S3 Object Lock for immutability, you're able to recover in the cloud. >> So, can we go back to this hospital story? 'Cause that takes us inside the disaster potential. So they shut everything down, basically shut down the network so they could figure out what's going on and then fence it off, I presume. So you got, wow, so what happened? First of all, did they have to go manual, I mean? >> They had to do everything manually. It was really a different experience. >> Going back to the 1970s, I mean. >> It was, and they didn't know really how to do it, right? So they basically had kind of yellow notepads and they would take notes. Well, then let's say the doctor took notes, well, then the nurse couldn't read the notes. And even over the PA, you know, there was an announcement and it was pretty funny. Don't send down lab work request with just the last name. We need to know the first name, the last name, and the date of birth. There are multiple Joneses in this hospital so yeah (giggles). >> This is going to sound weird. But so when I was a kid, when you worked retail, if there was a charge for, you know, let's say $5.74 and, you know, they gave you, you know, amount of money, you would give them, you know, the penny back, count up in your head that's 75, give them a quarter and then give them the change. Today, of course, it works differently. The computer tells you, how much change to give. It's like they didn't know what to do. They didn't know how to do it manually 'cause they never had the manual process. >> That's exactly right. Some of the nurses and doctors had never done it manually. >> Wow, okay, so then technically they have to figure out what happened so that takes some time. However they do that. That's kind of not your job, right? I dunno if you can help with that or not. Maybe Amazon has some tooling to do that, probably does. And then you've got to recover from somewhere, not tape ideally. That's like the last resort. You put it on a Chevy Truck, Chevy Truck Access Method called CTAM, ship it in. That takes days, right? If you're lucky. So what's the ideal recovery. I presume it's a local copy somewhere. >> So the ideal-- >> It's fenced. >> In that particular situation, right? They had to really air gap so they couldn't even recover on those servers and things like that-- >> Because everything was infected on on-prem. >> Because everything was just continuing to propagate. So ideally you would have a copy of your data in AWS and you would turn on Object Lock which is the immutability, very simple check mark in Veeam to enable that. And that then you would be able to kick off your restores in Amazon EC2, and start running your business so. >> Yeah, this ties into the discussion of the ransomware survey where, you know, NotPetya was not seeking to extort money, it was seeking to just simply arrive and destroy. In the ransomware survey, some percentage of clients who paid ransom, never got their data back anyway. >> Oh my. >> So you almost have to go into this treating-- >> Huge percentage. >> Yeah, yeah, yeah. >> Like a third. >> Yeah, when you combine the ones where there was no request for ransom, you know, for any extorted funds, and then the ones where people paid but got nothing back. I know Maersk Line, the shipping company is a well studied example of what happened with NotPetya. And it's kind of chilling because what you describe, people running around shutting down laptops because they're seeing all of their peers' screens go black. >> Yes, that's exactly what's happening. >> And then you're done. So that end point is done at that point. >> So we've seen this, I always say there are these milestones in attacks. I mean, Stuxnet proved what a nation state could do and others learned from that, NotPetya, now SolarWinds. And people are freaking out about that because it's like maybe we haven't seen the last of that 'cause that was highly stealth, not a lot of, you know, Russian language in the malware. They would delete a lot of the malware. So very highly sophisticated island hopping, self forming malware. So who knows what's next? We don't know. And so you're saying the ideal is to have an air gap that's physically separate. maybe you can have one locally as well, we've heard about that too, and then you recover from that. What are you seeing in terms of your customers recovering from that? Is it taking minutes, hours, days? >> So that really de depends on the customers SLAs, right? And so with AWS, we offer multiple tiers of storage classes that provide different SLA recovery times, right? So if you're okay with data taking longer to recovery, you can use something like Amazon S3 Glacier Deep Archive. But if it's mission critical data, you probably want to put it in Amazon S3 and turn on that Object Lock for immutability sake. So nothing can be overwritten or deleted. And that way you can kick off your recoveries directly in AWS. >> One of the demos today that we saw, the recovery was exceedingly fast with a very small data loss so that's obviously a higher level SLA. You got to get what you pay for. A lot of businesses need that. I think it was like, I didn't think it was, they said four minutes data loss which is good. I'm glad they didn't say zero data loss 'cause there's really no such thing. So you've got experience, Jeanna, in the data protection business. How have you seen data protection evolve in the last decade and where do you see it going? Because let's face it, I mean when AWS started, okay, it had S3, 15 years ago, 16 years ago, whatever it was. Now, it's got all these tools as you mentioned. So you've learned, you've innovated along with your customers. You listened to your customers. That's your whole thing, customer obsession. >> That's right. >> What are they telling you? What do you see as the future? >> Definitely, we see more and more containerization. So you'll see with the Kasten by Veeam product, right? The ability to protect Amazon EKS, and Amazon EKS Anywhere, we see customers really want to take advantage of the ability to containerize and not have to do as much management, right? So much of what we call undifferentiated heavy lifting, right? So I think you'll see continued innovation in the area of containerization, you know, serverless computing. Obviously with AWS, we have a lot going on with artificial intelligence and machine learning. And, you know, the backup partners, they really have a unique capability in that they do touch a lot of data, right? So I think in the future, you know, things around artificial intelligence and machine learning and data analytics, all of those things could certainly be very applicable for folks like Veeam. >> Yeah, you know, we give a lot of, we acknowledge that backup is different from recovery but we often fall prey to making the mistake of saying, oh, well your data is available in X number of minutes. Well, that's great. What's it available to? So let's say I have backed up to S3 and it's immutable. By the way my wife keeps calling me and saying she wants mutability for me. (Jeanna laughs) I'm not sure if that's a good thing or not. But now I've got my backup in S3, begs the question, okay, well, now what do I do with it? Well, guess what you mentioned EC2. >> That's right. >> The ability exists to create a restore environment so that not only is the data available but the services are actually online and available-- >> That's right-- >> Which is what you want with EKS and Kasten. >> So if the customer is running, you know, Kubernetes, they're able to recover as well. So yes, definitely, I see more and more services like that where customers are able to recover their environment. It might be more than just a server, right? So things are changing. It's not just one, two, three, it's the whole environment. >> So speaking of the future, one of the last physical theCUBE interviews that Andy Jassy did with us. John Furrier and myself, we were asking about the edge and he had a great quote. He said, "Oh yeah, we look at the data center as just another edge node." I thought that was good classic Andy Jassy depositioning. And so it was brilliant. But nonetheless, we've talked a little bit about the edge. I was interviewing Verizon last week, and they told me they're putting outposts everywhere, like leaning in big time. And I was saying, okay, but outpost, you know, what can you do with outpost today? Oh, you can run RDS. And, you know, there's a few ecosystem partners that support it, and he's like, oh no, we're going to push Amazon. So what are you seeing at the edge in terms of data protection? Are customers giving you any feedback at this point? >> Definitely, so edge is a big deal, right? Because some workloads require that low latency, and things like outpost allow the customers to take advantage of the same API sets that they love in, you know, AWS today, like S3, right? For example. So they're able to deploy an outpost and meet some of those specific guidelines that they might have around compliance or, you know, various regulations, and then have that same consistent operational stance whether they're on-prem or in AWS. So we see that as well as the Snowball devices, you know, they're being really hardened so they can run in areas that don't have connected, you know, interfaces to the internet, right? So you've got them running in like ships or, you know, airplanes, or a field somewhere out in nowhere of this field, right? So lots of interesting things going on there. And then of course with IoT and the internet of things and so many different devices out there, we just see a lot of change in the industry and how data is being collected, how data's being created so a lot of excitement. >> Well, so the partners are key for outposts obviously 'cause you can't do it all yourself. It's almost, okay, Amazon now in a data center or an edge node. It's like me skating. It's like, hmm, I'm kind of out of my element there but I think you're learning, right? So, but partners are key to be able to support that model. >> Yes, definitely our partners are key, Veeam, of course, supports the outpost. They support the Snowball Edge devices. They do a lot. Again, they pay attention to their customers, right? Their customers are moving more and more workloads into AWS. So what do they do? They start to support those workloads, right? Because the customers also want that consistent, like we say, the consistent APIs with AWS. Well, they also want the consistent data protection strategy with Veeam. >> Well, the cloud is expanding. It's no longer just a bunch of remote services somewhere out there in the cloud. It's going to data centers. It's going out to the edge. It's going to local zones. You guys just announced a bunch of new local zones. I'm sure there are a lot of outposts in there, expanding your regions. Super cloud is forming right before our eyes. Jeanna, thanks so much for coming to theCUBE. >> Thank you. It's been great to be here. >> All right, and thank you for watching theCUBE's coverage. This is day two. We're going all day here, myself, Dave Nicholson, cohost. Check out siliconangle.com. For all the news, thecube.net, wikibon.com. We'll be right back right after this short break. (bright upbeat music)

(bright music) >> Welcome back to HPE Discover 2021. My name is Dave Vellante and you're watching theCUBE's virtual coverage of HPE's big customer event. Of course, the virtual edition and we're going to dig into transformations, the role of technology and the role of senior technology leadership. Look, let's face it, HPE has gone through a pretty dramatic transformation itself in the past few years so it makes a great example in case study and with me is Rashmi Kumar who is the senior vice president and CIO at HPE, Rashmi welcome come on inside theCUBE. >> Hi Dave nice to be here. >> Well it's been almost a year since COVID you know changed the world as we know it. How would you say the role of the CIO specifically in generally IT has changed? I mean you got digital, zero trust has gone from buzzword to mandate, digital, everybody was you know complacent about digital in many ways and now it's really accelerated, remote work, hybrid, how do you see it? >> Absolutely, as I said in the last Discover that COVID has been the biggest reason to accelerate digital transformation in the companies. I see CIO's role has changed tremendously in the last 15 months. It's no more just keep the operations running, that's become a table stake. Our roles have become not only to create digital customer experience, engage with our customers in different ways, but also to transform the company operations from inside out to be able to give that digital experience from beginning to end of the customer engagement going forward. We have also become responsible for switching our strategies around the companies as the COVID hit in different parts of the world at different times and how companies structured their operations to go from one region to another, a global company like HPE had to look into its supply chain differently, had to look into strategies to mitigate the risk that was created because of the supply chain disruptions, as well as you go to taking care of our employees. How do you create this digital collaboration experience where teams can still come together and make the work happen for our end customers? How do we think about future employee engagement when people are not coming into these big buildings and offices and working together, but how do you create the same level of collaboration, coordination, as well as delivery of faster, good and services which is enabled by technology going forward. So CIO and IT's role has gone from giving a different level of customer experience to different level of employee experience, as well as enabling day-to-day operations of the companies. CEOs have realized that digital is the way to go forward, it does not matter what industry you are in and now CIOs have their seat at the table to define what the future of every company now which is a technology company irrespective you are in oil and gas, or mining, or a technical product, or a car or a mobility company, end of the day you have to act and behave like a technology company. >> So I want to ask you about that because you've been a CIO at a leading technology provider now for the last three years and you've had previous roles and were, you know non-technical, technology, you know, selling to IT companies and as you point out those worlds are coming together. Everybody's a technology company today. How do you think that changes the role of the CIO because it would always seem to me that there was a difference between a CIO at a tech company you know what I mean by that and a CIO at sort of every other company is, are those two worlds converging? >> Absolutely and it's interesting you pointed out that I have worked in many different industries from healthcare and pharma, to entertainment, to utilities and now at a technology company. End of the day the issues that IT deals with are pretty similar across the organization. What is different here is now my customers are people like me in other industries and I have little bit of an advantage because just having the experience across various ecosystem even that HPE look I was fortunate at HPE because of Antonio's leadership we had top-down mandate to transform how we did business and I talked about my NextGEN IT program in last year's CUBE interview. But at the same time while we were changing our customer, partner's experience from ordering, to order processing, to supply chain, to finance, we decided this pivot of becoming as a service company. And if you think about that pivot, it's pretty common. If it was a technology company or non-technology company. At HPE we were very used to selling a product and coming back three years later at the time of refresh of infrastructure or hardware. That's no more true for us. Now we are becoming an as a service or a subscription company and IT played a major role to enable that quote-to-cash experience which is very different than the traditional experience, around how we stay connected with our customer, how we proactively understand their behavior. I always talk about this term digital exhaust which results into data, which can result into better insight and you can not only upsell, cross-sell because now you have more data about your product usage, but first and foremost give what your customer wants in a much better way because you can proactively understand their needs and wants because you are providing a digital product versus a physical product. So this is the change that most of the companies are now going through. If you look at Domino's transition, they are pizza sellers but they did better because they had better digital experience. If you look at Chipotle, these are food service companies. Ikea which is a furniture manufacturer, across the board we have helped our customers and industries to understand how to become a more digital provider. And remember when HPE says edge to cloud platform as a service, edge is the product, the customers is what we deal with and how do we get that, help them get that data, understand how the product is behaving and then get the information to cloud for further analysis and understanding from the data that comes out of the products that they sell. >> I think you've been at HPE now I think around three years and I've been watching of course for decades, you know HPE, well HP then HPE is, I feel like it's entering now that sort of third phase of its transformation, your phase one was okay we got to figure out how to deal or operate as separate companies, okay, that took some time and then it was okay, now how do we align our resources? And you know what are the waves that we're going to ride? And how do we take our human capital, our investments and what bets do we place? And you're all in on as a service and now it's like okay, you know how do we deliver on all those promises? So pretty massive transformations. You talked about edge to cloud as a service so you've got this huge pivot in your business. What's the technology strategy to support that transformation? >> Yeah, that's a great question. So as I mentioned first, your second phase which was becoming a stand-alone company was the NextGEN IT program where we brought in S4 and 60 related ecosystem application where even in the traditional business there was a realization that we were 120 billion company, we are a 30 billion company, we need different types of technologies as well as more integrated across our product line, across the globe and we, I'm very happy to report that we are the last leg of NextGEN IT transformation. Where we have brought in new customer experience through low-touch or no-touch order processing, a very strong S4 capabilities where we are now able to run all global orders across all our hardware and services business together and I'm happy to report that we have been able to successfully run through the transformation which a typical company of our size would take five or six years to do in around close to three years. But at the same time while we were building this foundation and the capabilities to be able to do order management supply chain and data and analytics platforms, we also made the pivot to go to as a service. Now for as a service and subscription selling, it needs a very different quote-to-cash experience for our customers. And that's where we had bring in platforms like BRIM to do subscription billing, convergent charging and a whole different way to address. But we were lucky to have this transformation completed on which we could bolt on this new capability and we had the data analytics platform built which now these as a service products can also use to drive better insight into our customer behavior as well as how they're using our product real time for our operations teams. >> Well they say follow the money, in theCUBE we love to say follow the data. I mean data is obviously a crucial component of competitive advantage, business value, so talk a little bit more about the role of data, I'm interested in where IT fits. You know a lot of companies they'll have a chief data officer, or a CIO, sometimes they're separate sometimes they work, you know for each other, or CDO works for CIO, how do you guys approach the whole data conversation? >> Yeah that's a great question and has been top of the mind of a lot of CEOs, CIOs, chief digital officers in many different companies. The way we have set it up here is we do have a chief data officer and we do have a head of technology and platform and data lake within IT. Look the way I see is that I call the term data torture. If they have multiple data lakes, if they have multiple data locations and the data is not coming together at one place at the first time that it comes out to the source system, we end up with data swamps and it's very difficult to drive insights, it's very difficult to have single version of truth. So HPE had two-pronged approach. First one was as part of this NextGEN IT transformation we embarked upon the journey first of all to define our customers and products in a very uniform way across the globe. It's called entity master data and product master data program. These were very, very difficult program. We are now happy to report that we can understand the customer from cold stage to servicing stage beginning to end across all our system. It's been a tough journey but it was effort well spent. At the same time while we were building this master data capability we also invested time in our analytics platform. Because we are generating so much data now globally as one footprint, how do we link our data lake to our SAP and Salesforce and all these systems where our customer data flows through and create analytics and insight from it from our customers or our operations team. At the same time we also created a chief data officer role where the responsibility is really to drive business from understanding what decision making and analytics they need around product, around customer, around their usage around their experience to be able to drive better alignment with our customers and products going forward. So this creates efficiencies in the organization. If you have a leader who is taking care of your platforms and data, building single source of truth and you have a leader who is propagating this mature notion of handling data as enterprise data and driving that focus on understanding the metrics and the insight that the businesses need to drive better customer alignment, that's when we gain those efficiencies and behind the scenes the chief data officer and the data leader within my organization work very, very closely to understand each other needs, sometimes art of the possible, where do we need the data processing? Is it at the edge? Is it in the cloud? What's the best way to drive the technology and the platform forward? And they kind of rely on each other's knowledge and intelligence to give us superior results. And I have done data analytics in many different companies, this model works. Where you have focus on insight and analytics without, because data without insight is of no value. But at the same time you need clean data, you need efficient, fast platforms to process that insight at the functional non-functional requirement that our business partners have. And that's how we have established in here and we have seen many successes recently as of now. >> I want to ask you a kind of a harder, maybe it's not a harder question it's a weird question around single version of the truth. 'Cause it's clearly a challenge for organizations and there's many applications, workloads that require that single version of the truth, the operational systems, the transaction systems, the HR, the Salesforce and clearly you have to have a single version of the truth. I feel like, however we're on the cusp of a new era where business lines see an opportunity for whatever, their own truth to work with a partner to create some kind of new data product. And it's early days in that but I wonder, maybe not the right question for HPE but I wonder if you see it with in your ecosystems where it's yes, single version of truth is sort of one class of data and analytics got to have that nailed down, data quality, everything else. But then there's this sort of artistic version of the data where business people need more freedom, they need more latitude to create. Are you seeing that? Maybe you can help me put that into context. >> That's a great question Dave and I'm glad you asked it so. I think Tom Davenport, who is known in the data space talks about the offensive and the defensive use cases of leveraging data. I think the piece that you talked about where it's clean, it's pristine, it's quality, it's all that, most of those offer the offensive use cases where you are improving companies' operations incrementally because you have very clean data, you have very good understanding of how my territories are doing, how my customers are doing, how my products are doing, how am I meeting my SLAs or how my financials are looking, there's no room for failure in that area. The other area is though which works on the same set of data. It's not a different set of data but the need is more around finding needles in the haystack to come up with new needs, new wants in customers or new business models that we go with. The way we have done it is we do take this data, take out what's not allowed for everybody to be seen and then what we call is a private space but that's this entire data available to our business leader not real time, because the need is not as real time because they are doing more, what we call this predictive analytics to be able to leverage the same data set and run their analytics. And we work very closely with business units, we educate them, we tell them how to leverage this data set and use it and gather their feedback to understand what they need in that space to continue to run with their analytics. I think as we talk about hindsight, insight and foresight, hindsight and insight happens more from this clean data lakes where you have authenticity, you have quality and then most of the foresight happens in a different space where the users have more leverage to use data in many different ways to drive analytics and insights which is not readily available. >> Great thank you for that. That's an interesting discussion. You know digital transformation it's a journey and it's going to take you know many years. I know a lot of ways, not a lot of ways, 2020 was a forced march to digital you know. If you weren't a digital business you were out of business and so you really didn't have much time to plan. So now organizations are stepping back saying, okay, let's really lean into our strategy, the journey and along the way, there's going to be blind spots, there's bumps in the road, when you look out what are the potential disruptions that you see maybe in terms of how companies are currently approaching their digital transformations? >> That's a great question Dave and I'm going to take a little bit more longer-term view on this topic, right? And what's top of my mind recently is the whole topic of ESG, environmental, social and governance. Most of the companies have governance in place right? Because they are either public companies, or they're under some kind of scrutiny from different regulatory bodies or whatnot even if you're a startup you need to do things with our customers and whatnot. It has been there for companies, it continues to be there. We the public companies are very good at making sure that we have the right compliance, right privacy, right governance in place. Now we'll talk about cybersecurity I think that creates a whole new challenge in that governance space, however we have the setup within our companies to be able to handle that challenge. Now, when we go to social, what happened last year was really important. And now as each and every company we need to think about what are we doing from our perspective to play our part in that and not only the bigger companies, leaders at our level I would say that between last March and this year I have hired more than 400 people during pandemic which was all virtual, but me and my team have made sure that we are doing the right thing to drive inclusion and diversity which is also very big objective for HPE and Antonio himself has been very active in various round tables in US at the World Economic Forum level and I think it's really important for companies to create that opportunity, remove that disparity that's there for the underserved communities. If we want to continue to be successful in this world to create innovative product and services we need to sell it to the broader cross section of populations and to be able to do that we need to bring them in our fold and enable them to create that equal consumption capabilities across different sets of people. HPE has taken many initiatives and so are many companies. I feel like the momentum that companies have now created around the topic of equality is very important. I'm also very excited to see that a lot of startups are now coming up to serve that 99% versus just the shiny ones as you know in the Bay Area to create better delivery methods of food or products right? But the third piece which is environmental is extremely important as well. As we have seen recently in many companies and where even the dollar or the economic value is flowing are around the companies which are serious about environmental. HPE recently published it's a Living Progress Report, we have been in the forefront of innovation to reduce carbon emissions, we help our customers through those processes. Again, if we don't, if our planet is on fire none of us will exist right? So we all have to do that every little part to be able to do better. And I'm happy to report I myself as a person solar panels, battery, electric cars, whatever I can do. But I think something more needs to happen right? Where as an individual I need to pitch in but maybe utilities will be so green in the future that I don't need to put panels on my roof which again creates a different kind of race going forward. So when you ask me about disruptions, I personally feel that successful company like ours have to have ESG top of their mind and think of product and services from that perspective, which creates equal opportunity for people, which creates better environment sustainability going forward and you know our customers, our investors are very interested in seeing what we are doing to be able to serve that cause for bigger cross section of companies. And I'm most of the time very happy to share with my CIO cohort around how our HPEFS capabilities creates or feeds into the circular economy, how much e-waste we have recycled or kept it off of landfills, our green lake capabilities, how it reduces the e-waste going forward, as well as our sustainability initiatives which can help other CIOs to be more carbon neutral going forward as well. >> You know that's a great answer Rashmi thank you for that 'cause I got to tell you I hear a lot of mumbo jumbo about ESG but that was a very substantive, thoughtful response that I think tech companies in particular are, have to lead and are leading in this area. So I really appreciate that sentiment. I want to end with a very important topic which is cyber it's, obviously you know escalated in the news the last several months, it's always in the news but, you know 10 or 15 years ago there was this mentality of failure equals fire. And now we realize, hey they're going to get in, it's how you handle it. Cyber has become a board-level topic. You know years ago there was a lot of discussion, oh you can't have the SecOps team working for the CIO because that's like the fox watching the hen house that's changed. It's been a real awakening, a kind of a rude awakening so the world is now more virtual, you've got a secure physical assets. I mean any knucklehead can now become a ransomware attacker, they can buy ransomware as a service in the dark web so that's something we've never seen before. You're seeing supply chains get hacked and self-forming malware I mean it's a really scary time. So you've got these intellectual assets it's a top priority for organizations. Are you seeing a convergence of the CISO role, the CIO role, the line of business roles relative to sort of prior years in terms of driving security throughout organizations? >> Yeah this is a great question and this was a big discussion at my public board meeting a couple of days ago. It's, as I talk about many topics, if you think digital, if you think data, if you think ESG, it's no more one organization's business, it's now everybody's responsibility. I saw a Wall Street Journal article a couple of days ago where somebody has compared cyber to 9/11 type scenario that if it happens for a company that's the level of impact you feel on your operations. So, you know all models are going to change where CISO reports to CIO, at HPE we are also into product security and that's why CISO is a peer of mine who I work with very closely, who also worked with product teams where we are saving our customers from lot of pain in this space going forward and HPE itself is investing enormous amount of efforts and time in coming out of products which are secure and are not vulnerable to these types of attacks. The way I see it is CISO role has become extremely critical in every company and a big part of that role is to make people understand that cybersecurity is also everybody's responsibility. That's why an IT we propagate DevSecOps, as we talk about it we are very, very careful about picking the right products and services. This is one area where companies cannot shy away from investing. You have to continuously looking at cybersecurity architecture, you have to continuously look at and understand where the gaps are and how do we switch our product or service that we use from the providers to make sure our companies stay secure. The training not only for individual employees around anti-phishing or what does cybersecurity mean, but also to the executive committee and to the board around what cyber security means, what zero trust means, but at the same time doing drive-ins. We did it for business continuity and disaster recovery before, now it is time we do it for a ransomware attack and stay prepared. As you mentioned and we all say in tech community, it's always if not when. No company can take them their chest and say, "oh we are fully secure," because something can happen going forward. But what is the readiness for something that can happen? It has to be handled at the same risk level as a pandemic, or a earthquake, or a natural disaster and assume that it's going to happen and how as a company we will behave when something like this happens. So I'm huge believer in the framework of protect, detect, govern and respond as these things happen. So we need to have exercises within the company to ensure that everybody's aware of the part that they play day to day but at the same time when some event happen and making sure we do very periodic reviews of IT and cyber practices across the company, there is no more differentiation between IT and OT. That was 10 years ago. I remember working with different industries where OT was totally out of reach of IT and guess what happened? WannaCry and Petya and XP machines were still running your supply chains and they were not protected. So, if it's a technology it needs to be protected. That's the mindset people need to go with. Invest in education, training, awareness of your employees, your management committee, your board and do frequent exercises to understand how to respond when something like this happen. See it's a big responsibility to protect our customer data, our customer's operations and we all need to be responsible and accountable to be able to provide all our product and services to our customers when something unforeseen like this happens. >> Rashmi you're very generous with your time thank you so much for coming back in theCUBE it was great to have you again. >> Thank you Dave, it was really nice chatting with you. >> And thanks for being with us for our ongoing coverage of HPE Discover '21. This is Dave Vellante you're watching the virtual CUBE, the leader in digital tech coverage we'll be right back. (bright music)

>> Live from Las Vegas, it's theCUBE covering VMworld 2018. Brought to you by VMware and it's ecosystem partners. >> Hey, welcome back everyone, we are live here in the broadcast booth presented by theCUBE. I'm John Furrier co-host with Dave Vellante. VMworld 2018, day three of three days of wall-to-wall coverage. Our 9th year covering VMworld and the VMware ecosystem. It's great to have on theCUBE Tom Corn, who's the Senior Vice President, General Manager of the Security Products from VMware. Welcome to theCUBE, good to see you. >> Thank you! >> We were just bantering before we came on that you are part of building AppDefense, one-year-old product. >> Yes, yeah. >> You're in the nerd nation, if you will. >> (chuckles) Yes. (laughter) >> We say that with all due respect, Tom. >> I take it. >> I had to stay for Stanford since the football opening day is Friday, so we'll be tailgating at Stanford, but Palo Alto VMware, tons of technology in VMware, we covered the radio event, which was first opened to the press this year, we were there. Security's number one. Pat Gelsinger has said on theCUBE so many times, even four years ago, he said security's a do-over. But it's more than a do-over, it's central to how the Cloud and on-premises are working. >> Yes. >> Hybrid Cloud validated by Andy Jassy this week. >> Yes. >> With RDS on VMware on premises, pretty major industry milestone there. You're in the middle of the security leading the team. What's the update for VMware, still pumping on all cylinders? >> Uh, I think this is actually, we're making some of the biggest strides forward in security right now. I think there is such a huge opportunity to not make the mistakes we made in the past, and start with a clean slate, do security the way it really, ultimately, makes sense. At the end of the day, we're really not trying to protect servers or networks, we're trying to protect data and applications. And being able to see things through, look at the infrastructure through the lens of the application, the lens of the data, and align security to that, is a huge opportunity to fundamentally make Cloud more secure than a traditional, sort of physical environment. >> So, we, I got a stat from TrendMicro, just came by theCUBE today on the briefing, they said one in six dollars are being spent outside the organization and buying other SAAS platforms. Cloud certainly, with Shadow IT has caused that. Whether it's DropBox, ADS-Bih instances, just stuff flying up there opening up, potential vulnerabilities. Virtual networking is clearly a part of the architecture with virtual machines. So security is really under a lot of pressure, and Micro Segmentation seems to be a hot topic. This is driving a lot of new value as the architecture shifts to Hybrid Cloud, which is such a Cloud Operations. >> Yeah. >> Infosec teams, Net Ops, are all working together now, but it seems more confusing than ever. Can you clarify how companies are organizing around the Cloud, Hybrid Cloud operating model in Multi-Cloud with security? >> Yeah, so, first it's important to understand the central idea behind micro-segmentation is to provide a mechanism to compartmentalize all the elements that compose an application, a regulatory scope, so that if one thing falls, everything doesn't fall, right? The reality is a perimeter of a data center is so porous in so many dimensions that you cannot, your security strategy can't be predicated on anything inside my data center is just fundamentally secure. I think we live in a state of compromise. Deal with it, right? And so, the notion of compartmentalizing an application allows for a limited lateral movement of attacks. It also provides a policy boundary to say, you know, I can place controls on the boundaries of an application and that boundary may not exist in the physical world, but it does in the virtual world. You know, the best analogy I came up with for this is imagine you had an entire company in a skyscraper, now all the employees were in that skyscraper. You could put guards in the front door of that building, and the instructions for them on who gets in and who gets out, or what looks weird in the lobby, pretty straightforward, okay? Now take the employees and spread them out into parts of floors of different buildings all over the city, fill the building that you had with employees from lots of different companies, now there's a bank, a TGI Friday's, a bowling alley, and the FBI. Now tell those guards what looks weird in the lobby. Like, now tell those guards who should get in. Now, suddenly, it gets really confusing, and the ability to say I want to create a virtual skyscraper that will put all the employees in one place, that's the idea behind micro-segmentation. >> Tom, you talked about the Cloud, the potential for the Cloud to be more secure than the traditional environment. In June, John and I were at the public sector summit, and we heard the CEO of the CIA say Cloud, on our worst day, from a security standpoint, is better than my client server. 'Cos the first time I'd heard client server in about ten years, but nonetheless, >> (laughs) That's the government. >> So, (laughs) my question for you is, in terms of, so his implication was, it's already there. What has to be done to bring that level of security to that hybrid world? >> Yeah. First, I would be careful with that statement. I think we are probably right for the average company, the way a Cloud provider would secure the infrastructure on down, is actually very solid. The application's your problem. The data that's running on it is your problem. And that's not quite the same thing, there's a different set of things about what can get access, how that's isolated for other things. So-- >> Let me make sure I understand that. So you're saying, the infrastructure check, but that's not the story. >> And what's above the operating system, my applications, and how data's flowing on that, and there's no good excuse that oh, it was running on such and such infrastructures or service, it's not my problem. It's still the company's problem, right? >> Right. >> So a lot of the basic things of access control, alignment of controls, policy, those are still, ultimately, in the hands of the customer. Now, I do agree that the opportunity is to make the simpler, less misalignment, less misconfigurations, those are tremendous opportunities of the Cloud. >> But there's some conventional wisdom in the industry that says, you know what, it's a fait accompli you're going to get hacked, so it's all about how you respond. I'm inferring from you that no, that's not the case, that you could actually protect the data if you take an application view. >> Yeah. >> Of course, response is important. >> Yeah, but I feel like there's no perfect solution. I guess maybe the best way to think of security is as a risk management exercise. You're going to spend whatever you're going to spend. The question is, are you spreading that like peanut butter on a bunch of stuff, or are you investing your time, money, and capital in the things that would have the most material reduction in risk? There's a wonderful framework that Gartner came up with that I liked that, and Neil Macdonald from Gartner came up with it, which is the, he calls it the Cloud Workload Protection Framework. He's stack ranked all the things you could do to protect the workload, in order of how much risk it gets rid of. The things at the bottom, the big risks, patching, segmentation, application control, protect the memory, encryption, those are all things that have to do with reducing attack surface as opposed to finding the attack of the day. The stuff at the top, you know, antivirus running for a server inside the data server behind all these walls, it's not, it's marginal residual risk, so the focus of VMware, in the security realm, has been we can not only bake security in, so you're not adding boxes, you're not managing agents. More importantly, we're in this unique position to understand where things are supposed to be. You know, for example, the AppDefense product that we launched last year, you mentioned, and we have a bunch of new stuff here, we're leveraging the hypervisor itself to understand the intention of the applications you loaded on it, and then use the hypervisor to say that's all it can do, nothing else. It flips the model completely from saying I'm going to try to find bad things to I'm going to really understand what good it's supposed to be, and that's all that's allowed. >> So you're narrowing the scope with policy, bascially? >> 100%. >> I mean, so this comes up with IOT, I heard a guy saying these light bulbs that are WiFi-enabled have full, multi-process threads, we don't need it, it's a light bulb. It needs to go on and off, so by bounding, by bounding the apps, that's what you're saying. >> That's exactly right. >> Using virtualization mechanisms to do that. >> Exactly right. We've never used it for this before, but the hypervisor kernel does a bunch of pretty amazing things, we just. It can see what's running, it can see what you provisioned in the first place, it can do that without adding an agent, it can do that in a way that can't be turned off, without a lot of overheard, and it can do almost anything in response. So the central idea behind AppDefense was, let's use it, it will tell you what all your VM's are for, now you have an application view that says here are the applications in your infrastructure divided into services, divided into machines, here's what they're supposed to be, tell us what you want to have happen if what's running doesn't match what you intended. That's it. >> Well, technology's perfectly positioned with that. And Pat was mentioning NSX, and I want to ask about that in a second about NSX. >> Yes. >> But I want to put you on the spot and ask the question that comes up all the time. Two factors in security that's hard to get your arms around. >> Yeah. >> One is, patching. Which, you said, you don't patch stuff, so you don't patch up the whole surface area. Two, social engineering. 'Cos you've got human error whether you pass or not, did I configure the bounding properly, that's a human error, batching, I call human error and social engineering. Those are two factors that are still prevalent in security. >> Absolutely. >> Your thoughts on that? >> Well, you can't patch humans, so that is all weak, and then the thing that we can really advance there is to move increasingly to automation, and do things that, candidly, humans probably aren't the best at doing that, but you can't just automate, old, unreliable processes, that just makes them faster, it doesn't necessarily make them better. >> Yeah. >> I think that the key to a lot of this is, >> Automating a bad process still makes it a bad process. >> Yeah, it's just faster. (chuckles) It's more efficient. >> (chuckles) An efficiently bad process. >> Exactly, exactly right. So, you know, I think a lot of the automation and ability to compartmentalize things and, candidly, a lot of the policies, whether it's for patching, etc, when thought of through the lens of an application as opposed to like, what's our policy for patching the patient care system, how often? Is my patient care system unpatched, is different from saying I've got thousands of machines, and some of them are patched and some of them are not, how do I prioritize which ones I should get. It really does, not only simplify things, but align things to a business outcome, which really, it goes back to a risk management decision a business has. >> Ransomware is a great example to your point earlier, I think you said that off-camera as well, is that, you know, you don't want to attack the same treadmill of problems. So ransomware, one guy said that on theCUBE here at another event said that, ransomware's easy, just patch them back up and you're good. >> Yeah. >> That sounds simple, doesn't it? >> Yeah. It-- >> Surface area, patch it, back it up. >> Yeah. Sometimes there's reasons why the patch, that people just don't roll out the updates to an absolute critical server on the trading floor, sometimes they have challenges. But, you know, interesting enough, yesterday we were showing, we had a live, we did a live attack on stage with Petya, with a live strain or ransomware, throwing it against the machine, we showed why it worked, and we were just using AppDefense to say, all right, let's assume you didn't patch it, AppDefense is going to make sure that application can't do anything you didn't intend it to do, the ransomware doesn't work. And it's not because we understand what malware you had there, it's because the malware, to work, has to change. >> I'm thinking about security strategies in general for organizations. You know, given that credential theft is still such a huge problem, are the things that you can do with analytics, because you may have visibility on certain parts from the infrastructure standpoint, that you can do to maybe not stop credential theft, that's bad human behavior, but to identify some anomalous behavior. What's happening with analytics, and what role, if any, does VMware play? >> Yeah, so, again, the central theme, I suppose, is summed up as, we're trying to say, here's your applications and data, what is intended? On the network with NSX, on the compute stack with AppDefense, Workspace One is trying to address that from a user and a device perspective. And the questions one asks for what your discussing is, is this who they say they are, are they on the list of invites, and are they on a trusted device? And those were traditionally silo decisions, separately. And what we're saying is, it's about answering those things in concert that allow us to spot the stuff that doesn't make sense. It's the ability to answer them in concert that allows you to make that less intrusive into the daily activities of the users. So the work that's happening on Workspace One Intelligence to do analytics looking at the device and how the device is behaving, the user, and how the user is, what indication, what risk do we see? This may not be the person or the risk that they're working from a device I might not trust even if I trust who it is. Either of those might tip me off to say, you know what, I might want to limit what they have access to, or this is the place I need to look at first. Again, I think that starts to clarify and put things in context. >> We were talking off-camera about the infosec team and the IT team, and often they're in silos and not talking to each other. What's the right regime, in terms of what you see in the marketplace, of best practice to approach this problem? >> It sort of depends on the size and scope. But the infosec team, often lead by the Chief Security Officer, often, in most organizations that I deal with, own the security operation center, security architecture, and governs it's risk and compliance. They're mostly looking at setting overall policy, and seeing when things are breaking down, and reacting to it. But as you point out, there's a lot of security happening in the infrastructure teams, whether it's firewalling, segmentation, locking down the computer stack, even things like AV running by end user services teams. They're looking to set policy, and things that are getting in the data path, that are about locking things down, and they need to collaborate. They need to, to be effective, they need to each know their roles and operate from a single source of truth, and that's where it's breaking down. In fact, I would take it a step further. The other group that needs to be part of this conversation is the application team. And as we move to Dev Ops, and the applications change very rapidly, it's going to be increasingly important that they collaborate, and not ignore each other as silos. >> Mm-hmm. >> I want to ask you, I know we've got one more question left, but, I want to get out there. You mentioned adaptive segmentation is an extension of where micro-segmentation is going. A lot of buzz here at VMworld on micro-segmentation. What is adaptive segmentation? >> So it's really the next logical evolution. Which is, we've taken some of the technology that we've built with AppDefense, that can figure out and map out the applications. Now we have manifests that say what these things are for, and we know the patient care system is actually all these machines and how they interact. It's basically saying, why don't we have the system program the micro-segment, and do it in an automated way? Now you have a micro-segment that is automatically and perfectly aligned driven from the application itself. And the other beauty is, the adaptive portion, which says, if the application changes, that's pushed down through puppet or chef or it's, or something is modified through patching, to have the system to be smart enough to see that's an update, and that automatically changed the actual segment, and lock the network and compute down. That's what we're doing there. >> What is the impact to the customer? And what is the impact of that? >> It's simpler. Much faster time to actually go in. It's simpler, and it's a much more accurate representation of the application. You lock things down both from lateral and direct attacks, so it's a big deal. >> Okay, final, final question. I always like to get the final question in here. Tom, tell us about a prediction for 2019. Next year VMworld, what are we going to be talking about? What are going to be the security issues on the table? More of the same, rinse and repeat issues? What is your prediction for 2019 in the security world? Well, you know what, I think security's going to get more complicated before it gets simpler. I think we're on the right path, but there are so many moving parts. I think, one thing, I don't think you're going to start seeing people increasingly open to security being delivered as SAAS. Because there's too many benefits of machine learning across populations of users. I think we're going to start to see security models that are, to fool one of us you've got to fool all of us. I think those are the kinds of things that are going to be the needle mover. >> Sounds a great service, security's a service, theCUBE is a service bringing these three days of wall-to-wall coverage, we'll be back with more on day three coverage. I'm John, for Dave, stay with us for more after this short break.

(vibrant music) >> Hi, I'm Peter Burris, welcome once again to another CUBE Conversation from our Palo Alto studios. Recently, we had FortiGaurd Labs here on theCUBE talking about a regular report that they do on the state of the security industry. And once again, we've got Anthony Giandomenico. >> Yeah, good. >> Here to talk about the most recent, the Q1 update. First of all, tell us a little bit about FortiGaurd labs, where's this come from? >> So FortiGaurd Labs actually is the threat intelligence organization of Fortinet, so what we do, is we keep track of the tactics, techniques, and procedures of the adversary. And make sure that we have detection methodologies to be able to stop all those tactics, techniques, and procedures. >> Peter: So you're the ones that are collecting the data that's right from the ground to help everybody keep up to date on where the threat's are likely to be, set priorities. So that's what this report does, right? >> Absolutely, it's something we do on a quarterly basis, and it's really, you know, we're looking at billions of events that we're observing in real time, you know, production environments, and what we're trying to do is identify the top application exploits, malware, and botnets, and what we want to be able to do is find different types of trends that then can be able to translate into helping organizations fortify their environments. >> Peter: Alright, so here, this is the Q1, 2018, people can get access to it. >> Anthony: Yeah. >> What's the top line change? >> Anthony: Yeah, well at a high level, I think, you know, one the actual cyber criminals, they're evolving, their attack methodologies to be able to increase their, you know, success rate as well as being able to increase their infection rate. So that's one thing, you know, the other thing, obviously we always have to talk about ransomware. That, you know, seems to be a very hot threat these days for cyber criminals to make money. Now, that threat isn't going away. We did see a slight decrease though, where the adversaries were more interested in hijacking, you know, systems to be able to mine for crypto currencies as opposed to taking that machine hostage and demanding a ransome. >> Peter: Really? >> Anthony: Yeah, believe it or not. >> I'm a little bit, I mean ransomware just seems like it would have so much potential, and crypto currencies are, well they're interesting. Tell us a little bit about why that's happening. >> What seems to be the indicators? >> Yeah, well, you know, like I said, ransomware isn't going away, I think they're going to continue to use that to make money. But from a crypto jacking, you know, perspective, we did see the uptake last year in our Q4 report. It was about 13 percent of the organizations actually reported some type of crypto jacking attack. Fast forward to this report, and it nearly doubled. Actually, over doubled to, you know 28 percent, so that's about one in four organizations that are actually impacted with this particular threat. Now, what I think is interesting about this particular threat, is the way it evolves, right. 'Cause it's so new, it's always looking back at, its other successful, you know, predecessors to be able to determine how can I be more stealthy, and how can I get my, you know, malware, or my, you know, payload out to all the different sort of systems. So, you know, an example of that is phallus malware. Phallus malware is very stealthy. It's starting to use phallus malware techniques, it'll use scripts to inject their actual payload into memory, nothing on disc, so it makes it a lot more difficult to be able to detect. Now, how do I get my payload out to all the other, you know, workstations? Well, it takes a one two punch combination that, you know, Petya used last year. It's leveraging, um, there's this open source technology called, you know, minicats, steals different types of credentials and does something called pass the hash. Passes the hash credential out to those other systems, and then it gains access. That way it can actually pass the actual malware from system to system. If that fails, and then goes back to identifying different vulnerabilities that it could then exploit. One vulnerability it does looks for is eternal blue, which was a vulnerability that was so graciously given to us from shadow brokers. So those are the ways they're starting to be more effective and be more stealthy, and also being able to propagate a lot faster. >> Peter: And crypto currency obviously is one of the more extreme things because you take over the computer resources without necessarily stealing any data. You're just grabbing computer resources. >> Anthony: Yeah, what's interesting, I don't want to actually kind of go off topic here, but that' another conversation. Is crypto jacking actually a threat or not? Right, 'cause all it's really doing is stealing, you know, CPU resources, so, you know, so people say. So that's a whole 'nother discussion to actually get into is, is it actually really a threat or not? >> Well, you're able to get access to a computer, presumably you're able to get access not just for that purpose, but many others. >> Exactly. >> So that's probably an indication, you may have a problem. >> Yes, yes. >> Let's talk about ransomware. You said ransomware's not going away. Ransomware, most folks are familiar with it. What is it, what's the report suggest? >> You know Peter, did you realize that this month is the one year anniversary of WannaCry? Don't know if you remember that or not, but, you know, WannaCry was very infamous for, not necessarily the payload, but by the way that it actually was able to spread so fast and affect so many different machines. Now, that spreading, that worm-like spreading, kind of capability still exists here, you know. Today, you see a lot of different sort of threats using that, but what seems to be a bit different now is the combination of that ransomware payload along with more targeted attacks. >> Mm-hmm >> So, usually in a ransomware type of attack, you do some type of spammy campaign. You spam out that email, you know, and see what sticks. Well, these are more, a lot more targeted, so they're going to spend a lot more time doing, you know, reconnaissance on an organization and being able to find different vulnerabilities on the outside of the network. Once they actually come in, very methodical at how they're able to laterally move and put their actual malware on systems that they actually think, you know, well you know, however many systems they think they should actually have that particular malware on. Now, at this point, they hadn't actually executed you know, the actual payloads. So they have it on as many systems as possible, and once their ready (fingers snap). They flip the switch, and all those systems now are held hostage. That impact is much greater to the business. >> Peter: Now, when we think about the attacks, we think in terms of computing devices, whether it's a mobile device or PC device, or servers or what not, but are we seeing any changes in how people are attacking other computing resources within a network, hitting routers and other to try to drive more control over somebody's network resources? >> Well, I mean, we definitely see exploits that are actually hitting, you know, mobile devices, their hitting routers, um, a lot of IOT as well, but also web technology because, you know, web technology, there's so much external facing websites these days, you know, they're much easier targets. So we are seeing that. I would mention also that, it's up seven percent to 21 percent of organizations have actually reported mobile malware as well. >> And that is a especially difficult thing because your mobile applications are not just associated with a particular business, but other businesses as well. So you are both an employee and a consumer, and if your mobile applications get hit, that can have enormous ramifications on a number of different levels. >> Anthony: Yeah, absolutely, and I think sometimes, you know, in an organization where an actual consumer will have a phone, and they won't necessarily think it's the same as their workstation. So, it's like, oh, well not that much can happen on my mobile phone, right, not the same as on my workstation, but actually, it could be even worse. >> Peter: Yes, so if you think about some of the things that are on the horizon, you mention that we're seeing a greater utilization of different techniques to make money in some of the new domains, like jacking, uh, crypto jacking. >> Mm-hmm. >> Uh, there's still ransomware, still an issue, as folks go back and identify these different malware, these different security breaches, what are they doing to actually clean things up? Are we seeing folks actually cleaning up, or is there still just like, whack-a-mole, whacking things out, andt worrying about whether they go back and clean things up later? >> Anthony: Well, to basically answer your question, they are starting to actually kind of clean up, but, you know wait 'til you hear this, so what we try to do here, in this quarterly report, is we wanted to measure how quickly they were able to clean up that, you know, that particular threat. And what we found out, you know, we used botnet alerts. And we wanted to see how fast those botnet alerts actually got cleaned up. So what we were able to determine is 58 percent of all organizations, within 24 hours, were able to clean up that particular botnet infection. Which is actually pretty good. But, that 42 percent, it took them either two days or longer, you know, to be able to get that actual threat out. Actually, sometimes the threat really never even, you know, actually went away. Great example of that, is actually the Andromeda botnet. It's a threat that was brought down last year, but even though it's not there anymore, the infections on the workstations are still there, so we're still kind of getting those actual hits on that Andromeda botnet, and that actual threat >> for Q1, was one of the highest in prevalence and volume. >> Even if it wasn't necessarily doing damage, because we'd figured out how to deal with it, >> Right. >> but if it's there, somebody might find a way to use it again in the future. >> Absolutely, absolutely. >> So as we think about the next quarter, you doing this on every quarter, are there any particular areas that you think folks have to, they need to anticipate some of these changes, more of the same, different trends, or what about OT for example, as operational technology becomes increasingly part of that common technology fabric, how is that likely to be affected by some of these different attach types? >> In answer of your first question, I think we'll probably see a lot more of the same. And I think what we'll continue to see, you know there's this whole zero day market, I think it's getting more and more mature, meaning that we're going to see more and more vulnerabilities that are actually kind of zero day that have just been discovered or just been announced, and I think we're going to continue to see the adversaries take advantage of those newly discovered zero day vulnerabilities. You know, they'll take those actual, those exploits, you know, put 'em into their attack methodologies, to propagate faster and faster, so I think, organizations are going to have to make sure they can address some of those newly discovered vulnerabilities fairly quickly. Now, as we switch the, you know, the OT side, you know, we didn't see a lot of attacks if you look at the percentage of the overall attacks, however, you know, OT, if there is an actual successful attack, I think it's, you know, worth saying that it's >> a much larger impact, right. >> You have a major problem. >> You know, my concern is, these different types of trends that are coming together. One, OT is starting to connect to other networks, which means they're going to eventually be accessible from the internet, which makes it a lot more difficult to be able to protect. At the same time, we're seeing nation states continue to focus on compromising OT systems as well. So, I don't know what's going to happen in the coming months and years, but the trends aren't actually looking so good right now. >> So if you were to, if we had a CIO sitting here right now, and you were talking about this report, what are the, first off, how should they regard the information, what should they be doing differently as a result of the information that the reports are viewing? >> Yeah, I mean, I would say, one, we always talk about this, it's easier said than done, but you know, going back to the basics, and making sure that you have good cyber hygiene and being able to identify vulnerabilities that exist in your environment, and that, you know, me just saying that sounds kind of simple, but that really means identifying all the assets that you have in your environment that you're responsible for protecting, number one, and then being able to, you know, identify the vulnerabilities that may exist on those things. That's uh, it's not the easiest thing to do, but I think it's something that really should be focused on. At the same time though, threats are going to get into your network. That's just a, you know, that's a given. So being able to make sure that you can identify, you know, threats within your environment is extremely important, and then, once you identify them, what's the processes for you to go ahead and actually respond and clean up those particular threats? That really is going to be the key. I know it's at a high level, it's much deeper than that. But that's where you start. >> Alright, Anthony Giandomenico, Tony G, >> Tony G. >> thanks very much once again for being on theCUBE and talking to us about FortiGuard's Q1, 2018 report from Fortinet. >> Awesome, well thanks for having me. >> You betcha, so, Anthony Giandomenico (laughs) a senior strategist researcher at FortiGuard labs, Fortinet, talking to us about the 1Q 2018 report. Once again, this has been a CUBE Conversation thanks for listening. (vibrant music)

>> Narrator: Live from Las Vegas it's theCube covering AWS reInvent 2017 presented by AWS, Intel and our ecosystem of partners. >> Hello and welcome to theCube's exclusive coverage here in Las Vegas for AWS, Amazon Web Services reinvent 2017, 45,000 people. It's theCube's fifth year in covering AWS, five years ago I think 7,000 people attended, this year close to 45,000, developers and industry participants. And of course this is theCube I'm John Furrier with my co-host Keith Townsend and we're excited to have Cube alumni Sanjay Poonen who's the chief operating officer for VMware. Sanjay great to see you, of course a good friend with Andy Jassy, you went to Harvard Business School together, both Mavericks, welcome to theCube. >> Thank you and you know what I loved about the keynote this morning? Andy and I both love music. And he had all these musical stuff man. He had Tom Petty, he had Eric Clapton. I an not sure I like all of his picks but at least those two, loved it man. >> The music thing really speaks to the artists, artists inside of this industry. >> Yes. >> And we were talking on theCube earlier that, we're in a time now where and I think Tom Siebel said it when he was on, that there's going to be a mass, just extinction of companies that don't make it on the digital transformation and he cited some. You're at VMware you guys are transforming and continue to do well, you've a relationship with Amazon Web Services, talk about the challenge that's in front of business executives right now around this transformation because possibly looking at extinction for some big brands potentially big companies in IT. >> It's interesting that Tom Siebel would say that in terms of where Siebel ended up and where salespersons now I respect him, he's obviously doing good things at C3. But listen that's I think what every company has got to ask itself, how do you build longevity? How do you make yourself sustainable? Next year will be our 20 year anniversary of VMware's founding. The story could have been written about VMware that you were the last good company and then you were a legacy company because you were relevant to yesterday's part of the world which was the data center. And I think the key thing that kept us awake the last two or three years was how do you make them relevant to the other side of history which is the public cloud? What we've really been able to do over the last two or three years is build a story of the company that's not just relevant to the data center and private cloud, which is not going away guys as you know but build a bridge into the public cloud and this partnership has been a key part of that and then of course the third part of that is our end user computing story. So I think cloud mobile security have become the pillars of the new VMware and we're very excited about that and this show, I mean if you combine the momentum of this show and VMworld, collectively at VMworld we have probably about 70, 80,000 people who come to VMworld and Vforums, there's 45,000 people here with all the other summits, there's probably have another 40,000 people, this is collectively about a 100, 150,000 people are coming to the largest infrastructure shows on the planet great momentum. >> And as an infrastructure show that's turning into a developer show line get your thoughts and I want to just clarify something 'cause we pointed this out at VMworld this year because it's pretty obvious what happened. The announcement that you guys did that Ragu and your team did with Ragu with AWS was instrumental. The proof was at VMworld where you saw clarity in the messaging. Everyone can see what's going on. I now know what's happening, my operations are gonna be secure, I can run VSphere on the cloud or on Prem, everything could be called what it is. But the reality was is that you guys have the operators, IT operations and Amazon has a robust cloud native developer community, not that they're conflicting in any way, they're coming together so it was a smart move so I got to ask you, as you guys continue your relationship with AWS, how are you guys tying the new ops role, ops teams with the dev teams because with IoT, this is where it's coming together you can see it right there? Your thoughts? >> I mean listen, the partnership is going great. I just saw Andy Jassy after his exec summit session, gave him a hug. We're very excited about it and I think of any of the technology vendors he mentioned on stage, we were on several slides there, mentioned a few times. I think we're probably one of the top tech partners of his and reality is, there's two aspects to the story. One is the developer and operations come together which you, you eloquently articulated. The other aspect is, we're the king of the private cloud and they're the king of the public cloud, when you can bring these together, you don't have to make it a choice between one or the other, we want to make sure that the private cloud is maximized to its full extent and then you build a bridge into the public cloud. I think those two factors, bringing developer and operations together and marrying the private and public cloud, what we call hybrid cloud computing, a term we coined and now of course many others-- >> I think-- >> On top of the term. Well whoever did. >> I think HP might have coined it. >> But nonetheless, we feel very good about the future about developer and operations and hybrid cloud computing being a good part of the world's future. >> Sanjay, I actually interviewed you 2016 VMworld and you said something very interesting that now I look back on it I'm like, "Oh of course." Which is that, you gave your developers the tools they needed to do their jobs which at the time included AWS before the announcement of VMware and AWS partnership. AWS doesn't change their data center for anyone so the value that obviously you guys are bringing to them and their customers speaks volumes. AWS has also said, Andy on stage says, he tries to go out and talk to customers every week. I joked that before the start of this that every LinkedIn request I get, you're already a connection of that LinkedIn request. How important is it for you to talk to your internal staff as well as your external customers to get the pulse of this operations and developer movement going and infused into the culture of VMware. >> Well Keith I appreciate the kind words. When we decided who to partner with and how to partner with them, when we had made the announcement last year, we went and talked to our customers. We're very customer and client focused as are they. And we began to hear a very proportional to the market share stats, AWS most prominently and every one of our customers were telling us the same thing that both Andy and us were asking which is "Why couldn't you get the best of both worlds? "You're making a choice." Now we had a little bit of an impediment in the sense that we had tried to build a public cloud with vCloud air but once we made the decision that we were getting out of that business, divested it, took care of those clients, the door really opened up and we started to test pulse with a couple of customers under NDA. What if you were to imagine a partnership between us and Amazon, what would you think? And man, I can tell you, a couple of these customers some of who are on stage at the time of the announcement, fell off their chair. This would be huge. This is going to be like a, one customer said it's gonna be like a Berlin Wall moment, the US and the Soviet Union getting together. I mean the momentum building up to it. So now what we've got to do, it's been a year later, we've shipped, released, the momentum still is pretty high there, we've gotta now start to really make this actionable, get customers excited. Most of my meetings here have been with customers. System integrators that came from one of the largest SIs in the world. They're seeing this as a big part of the momentum. Our booth here is pretty crowded. We've got to make sure now that the customers can start realizing the value of VMware and AWS as a build. The other thing that as you mentioned that both sides did very explicitly in the design of this was to ensure that each other's engineering teams were closely embedded. So it's almost like having an engineering team of VMware embedded inside Amazon and an engineering team of Amazon embedded inside VMware. That's how closely we work together. Never done before in the history of both companies. I don't think they've ever done it with anybody else, certainly the level of trying. That represents the trust we had with each other. >> Sanjay, I gotta ask you, we were talking with some folks last night, I was saying that you were coming on theCube and I said, "What should I ask Sanjay? "I want to get him a zinger, "I want to get him off as messaging." Hard to do but we'll try. They said, "Ask him about security." So I gotta ask you, because security has been Amazon's kryptonite for many years. They've done the work in the public sector, they've done the work in the cloud with security and it's paying off for them. Security still needs to get solved. It's a solvable problem. What is your stance on security now that you got the private and hybrid going on with the public? Anything change? I know you got the AirWatch, you're proud of that but what else is going on? >> I think quietly, VMware has become one of the prominent brands that have been talked about in security. We had a CIO survey that I saw recently in network security where increasingly, customers are talking about VMware because of NSX. When I go to the AirWatch conference I look at the business cards of people and they're all in the security domain of endpoint security. What we're finding is that, security requires a new view of it where, it can't be 6000 vendors. It feels like a strip mall where every little shop has got its boutique little thing that you ought to buy and when you buy a car you expect a lot of the things to be solved in the core aspects of the car as opposed to buying a lot of add-ons. So our point of view first off is that security needs to baked into the infrastructure, and we're gonna do that. With products like NSX that bake it into the data center, with products like AirWatch and Workspace ONE that bake it into the endpoint and with products like App Defence that even take it deeper into the core of the hypervisor. Given that we've begun to also really focus our education of customers on higher level terms, I was talking to a CIO yesterday who was educating his board on what are some of the key things in cyber security they need to worry about. And the CIO said this to me, the magic word that he is training all of his board members on, is segmentation. Micro segmentation segmentation is a very simple concept that NSX sort of pioneered. We'll finding that now to become very relevant. Same-- >> So that's paying off? >> Paying up big time. WannaCry and Petya taught us that, patching probably is a very important aspect of what people need to do. Encryption, you could argue a lot of what happened in the Equifax may have been mitigated if the data been encrypted. Identity, multi-factor authentication. We're seeing a couple of these key things being hygiene that we can educate people better on in security, it really is becoming a key part to our stories now. >> And you consider yourself top-tier security provider-- >> We are part of an ecosystem but our point of view in security now is very well informed in helping people on the data center to the endpoint to the cloud and helping them with some of these key areas. And because we're so customer focused, we don't come in at this from the way a traditional security players providing access to and we don't necessarily have a brand there but increasingly we're finding with the success of NSX, Workspace ONE and the introduction of new products like App Defense, we're building a point of security that's highly differentiated and unique. >> Sanjay big acquisition in SD-WAN space. Tell us how does that high stress security player and this acquisition in SD-WAN, the edge, the cloud plays into VMware which is traditionally a data center company, SD-wAN, help us understand that acquisition. >> Good question. >> As we saw the data center and the cloud starting to develop that people understand pretty well. We began to also hear and see another aspect of what people were starting to see happen which was the edge and increasingly IoT is one driver of that. And our customers started to say to us, "Listen if you're driving NSX and its success "in the data center, wouldn't it be good "to also have a software-defined wide area network strategy "that allows us to take that benefit of networking, "software-defined networking to the branch, to the edge?" So increasingly we had a choice. Do we build that ourselves on top of NSX and build out an SD-WAN capability which we could have done or do we go and look at our customers? For example we went and talked to telcos like AT&T and they said the best solution out there is a company that can develop cloud. We start to talk to customers who were using them and we analyzed the space and we felt it would be much faster for us to buy rather than build a story of a software-defined networking story that goes from the data center to the branch. And VeloCloud was well-regarded, I would view this, it's early and we haven't closed the acquisition as yet but once we close this, this has all the potential to have the type of transformative effect like in AirWatch or in nai-si-ra-hat in a different way at the edge. And we think the idea of edge core which is the data center and cloud become very key aspects of where infrastructure play. And it becomes a partnership opportunity. VeloCloud will become a partnership opportunity with the telcos, with the AWSs of the world and with the traditional enterprises. >> So bring it all together for us. Data center, NSX, Edge SD-WAN, AirWatch capability, IOT, how does all of that connect together? >> You should look at IoT and Edge being kind of related topics. Data center and the core being related topics, cloud being a third and then of course the end-user landscape and the endpoint being where it is, those would be the four areas. Data center being the core of where VMware started, that's always gonna be and our stick there so to speak is that we're gonna take what was done in hardware and do it in software significantly cheaper, less complex and make a lot of money there. But then we will help people bridge into the cloud and bridge into the edge, that's the core part of our strategy. Data center first, cloud, edge. And then the end user world sits on top of all of that because every device today is either a phone, a tablet or a laptop and there's no vendor that can manage the heterogeneous landscape today of Apple devices, Google devices, Apple being iOS and Mac, Android, Chrome in the case of Google, or Windows 10 in the case of Microsoft. That heterogeneous landscape, managing and securing that which is what AirWatch and Workspace ONE does is uniquely ours. So we think this proposition of data center, cloud, edge and end-user computing, huge opportunity for VMware. >> Can we expect to see NSX as the core of that? >> Absolutely. NSX becomes to us as important as ESX was, in fact that's kind of why we like the name. It becomes the backbone and platform for everything we do that connects the data center to the cloud, it's a key part of BMC for example. It connects the data center to the edge hence what we've done with SD-WAN and it's also a key part to what connects to the end user world. When you connect network security with what we're doing with AirWatch which we announced two years ago, you get magic. We think NSX becomes a fundamental and we're only in the first or second or third inning of software-defined networking. We have a few thousand customers okay of NSX, that's a fraction of the 500,000 customers of VMware. We think we can take that in and the networking market is an 80 billion dollar market ripe for a lot of innovation. >> Sanjay, I want to get your perspective on the industry landscape. Amazon announcing results, I laid it out on my Forbes story and in Silicon Angle all the coverage, go check it out but basically is, Amazon is going so fast the developers are voting with their workloads so their cloud thing is the elastic cloud, they check, they're winning and winning. You guys own the enterprised data center operating model which is private cloud I buy that but it's all still one cloud IoT, I like that. The question is how do you explain it to the people that don't know what's going on? Share your color on what's happening here because this is a historic moment. It's a renaissance-- >> I think listen, when I'm describing this to my wife or to my mother or somebody who's not and say "There's a world of tech companies "that applies to the consumer." In fact when I look at my ticker list, I divide them on consumer and enterprise. These are companies like Apple and Google and Facebook. They may have aspirations in enterprise but they're primarily consumer companies and those are actually what most people can relate to and those are now some of the biggest market cap companies in the world. When you look at the enterprise, typically you can divide them into applications companies, companies like Salesforce, SAP and parts of Oracle and others, Workday and then companies in infrastructure which is where companies like VMware and AWS and so on fit. I think what's happening is, there's a significant shift because of the cloud to a whole new avenue of spending where every company has to think about themselves as a technology company. And the same thing's happening with mobile devices. Cloud mobile security ties many of those conversations together. And there are companies that are innovators and there companies that you described earlier John at the start of this show that's going to become extinct. >> My thesis is this, I want to get your reaction to this. I believe a software renaissance is coming and it's gonna be operated differently and you guys are already kind of telegraphing your move so if that's the case, then a whole new guard is gonna be developing, he calls it the new garden. Old guard he refers to kind of the older guards. My criticism of him was is that he put a Gartner slide up there, that is as says old guard as you get. Andy's promoting this whole new guard thing yet he puts up the Gartner Magic Quadrant for infrastructure as a service, that's irrelevant to his entire presentation, hold on, the question is about you know I'm a Gardner-- >> Before I defend him. >> They're all guard, don't defend him too fast. I know the buyers see if they trust Gartner, maybe not. The point is, what are the new metrics? We need new metrics because the cloud is horizontally scalable. It's integrated. You got software driving decision making, it's not about a category, it's about a fabric. >> I'm not here to... I'm a friend of Andy, I love what he talked about and I'm not here to defend or criticize Gartner but what I liked about his presentation was, he showed the Gartner slide probably about 20 minutes into the presentation. He started off by his metrics of revenue and number of customers. >> I get that, show momentum, Gartner gives you like the number one-- >> But the number of customers is what counts the most. The most important metric is adoption and last year he said there was about a million customers this year he said several million. And if it's true that both startups and enterprises are adopting this, adopting, I don't mean just buying, there is momentum here. Irrespective, the analysts talking about this should be, hopefully-- >> Alright so I buy the customer and I've said that on theCube before, of course and Microsoft could say, "We listen to customers too and we have a zillion customers "running Office 365." Is that really cloud or fake cloud? >> At the end of the day, at the end of the day, it's not a winner take all market to one player. I think all of these companies will be successful. They have different strategies. Microsoft's strategy is driven from Office 365 and some of what they can do in Windows into Azure. These folks have come up from the bottom up. Oracle's trying to come at it from a different angle, Google's trying to come at a different angle and the good news is, all of these companies have deep pockets and will invest. Amazon does have a head start. They are number one in the market. >> Let me rephrase it. Modern applications could be, I'll by the customer workload argument if it's defined as a modern app. Because Oracle could say I got a zillion customers too and they win on that, those numbers are pretty strong so is Microsoft. But to me the cloud is showing a new model. >> Absolutely. >> So what is in your mind good metric to saying that's a modern app, that is not. >> I think when you can look at the modern companies like the Airbnb, the Pinterest, the Slacks and whoever. Some of them are going to make a decision to do their own infrastructure. Facebook does not put their IaaS on top of AWS or Azure or Google, they built their own data is because they can afford to do and want to do it. That's their competitive advantage. But for companies who can't, if they are building their apps on these platforms that's one element. And then the traditional enterprises, they think about their evolution. If they're starting to adopt these platforms not just to migrate old applications to new ones where VMware fits in, all building new cloud native applications on there, I think that momentum is clear. When was the last time you saw a company go from zero to 18 billion in 10 years, 10, 12 years that he's been around? Or VMware or Salesforce go from zero to eight billion in the last 18 years? This phenomenon of companies like Salesforce, VMware and AWS-- >> It's all the scale guys, you gotta get to scale, you gotta have value. >> This is unprecedented in the last five to 10 years, unprecedented. These companies I believe are going to be the companies of the tech future. I'm not saying that the old guard, but if they don't change, they won't be the companies that people talk about. The phenomenon of AWS just going from zero to 18 is, I personally think-- >> And growing 40% on that baseline. >> Andy's probably one of the greatest leaders of our modern time for his role in making that happen but I think these are the companies that we watch carefully. The companies that are growing rapidly, that our customers are adopting them in the hundreds of thousands if not millions, there's true momentum there. >> So Sanjay, data has gravity, data is also the new oil. We look at what Andy has in his arsenal, all of the date of that's in S3 that he can run, all his MI and AI services against, that's some great honey for this audience. When I look at VMware, there's not much of a data strategy, there's a security the data in transit but there's not a data strategy. What does VMware's data strategy to help customers take math without oil? >> We've talked about it in terms of our data analytics what we're doing machine learning and AI. We felt this year given so much of what we had to announce around security software-defined networking, the branch, the edge, putting more of that into VMworld which is usually our big event where we announce this stuff would have just crowded our people. But we began to lay the seeds of what you'll start to hear a lot more in 2018. Not trying to make a spoiler alert for but we acquired this company Wavefront that does, next-generation cloud native metrics and analytics. Think of it as like, you did that with AppDynamics in the old world, you're doing this with Wavefront in the new world of cloud native. We have really rethought through how, all the data we collect, whether it's on the data center or in the endpoint could be mined and become a telemetry that we actually use. We bought another company Apteligent, formerly called Criticism, that's allowing us to do that type of analytics on the endpoint. You're gonna see a couple of these moves that are the breadcrumbs of what we'll start announcing a lot more of a comprehensive analytics strategy in 2018, which I think we're very exciting. I think the other thing we've been cautious to do is not AI wash, there's a lot of cloud washing and machine learning washing that happened to companies-- >> They're stopping a wave on-- >> Now it's authentic, now I think it's out there when, when Andy talks about all they're doing in AI and machine learning, there's an authenticity to it. We want to be in the same way, have a measured, careful strategy and you will absolutely hear from us a lot more. Thank you for bringing it up because it's something that's on our radar. >> Sanjay we gotta go but thanks for coming and stopping by theCube. I know you're super busy and great to drop in and see you. >> Always a pleasure and thanks-- >> Congratulations-- >> And Keith good to talk to you again. >> Congratulations, all the success you're having with the show. >> We're doing our work, getting the reports out there, reporting here on theCube, we have two sets, 45,000 people, exclusive coverage on siliconangle.com, more data coming, every day, we have another whole day tomorrow, big night tonight, the Pub Crawl, meetings, VCs, I'll be out there, we'll be out there, grinding it out, ear to the ground, go get those stories and bring it to you. It's theCube live coverage from AWS reInvent 2017, we're back with more after this short break.

>> Hey, welcome back everybody. Jeff Frick here with theCube. We're in Palo Alto, California, at one of the Chertoff events. It's called Security in the Boardroom. They have these events all over the country, and this is really kind of elevating the security conversation beyond the edge, and beyond CISOs to really the boardroom, which is really where the conversation needs to happen. And our next guest, really excited to have We've got Chad Sweet, he's the co-founder and CEO of the Chertoff Group. Welcome Chad. >> Great to be here. >> And with him also Reggie Brothers, he's the principal at the Chertoff Group, and spent a lot of time in Washington. Again you can check his LinkedIn and find out his whole history. I won't go through it here. First off, welcome gentlemen. >> Thank you. >> Thank you. >> So, before we jump in a little bit of-- What are these events about? Why should people come? >> Well, basically they're a form in which we bring together both practitioners and consumers of security. Often it's around a pragmatic issue that the industry or government's facing, and this one, as you just said, priority of security, cyber screening in particular, in the boardroom, which is obviously what we're reading about everyday in the papers with the Petya and NotPetya and the WannaCry attacks, these are basically, I think, teachable moments that are affecting the whole nation. And so this is a great opportunity for folks to come together in a intimate form, and we welcome everybody who wants to come. Check out our website at chertoffgroup.com >> Okay, great, and the other kind of theme here, that we're hearing over and over is the AI theme, right? >> Yeah. >> We hear about AI and machine learning all over the place and we're in Mountain View and there's self-driving cars driving all over the place and Google tells me, like, "you're home now." And I'm like, "Ah, that's great." But there's much bigger fish to fry with AI and there's a much higher level. And Reggie you just came off a panel talking about some much higher level-- I don't know if issues is the right word, maybe issues is the right word, around AI for security. So, I wonder if you can share some of those insights. >> I think issues, challenges, are the right words. >> Challenges, that's probably a better word. >> Those are good words, because particularly you're talking about security application. Whether it's corporate or government the issue becomes trust. How do you trust that this machine has made the right kind of decision, how do you make it traceable. One of the challenges with the current AI technology is it's mostly based on machine-learning. Machine-learning tends to be kind of a black box where you know know what goes in and you train what comes out. That doesn't necessarily mean you understand what's going inside the box. >> Right. >> So then if you have a situation where you really need to be able to trust this decision this machine's making How do you trust it? What's the traceability? So, in the panel we started discussing that. Why is it so important to have this level of trust? You brought up autonomous-vehicles, well of course, you want to make sure that you can trust your vehicle to make the right decision if it has to make a decision at an intersection. Who's it going to save? How do you trust that machine becomes a really big issue. I think it's something that in the machine-learning community, as we learn in the panel, is really starting to grapple with and face that challenge. So I think there's good news, but I think it's a question that when think about what we have to ask when we're adopting these kind of machine-learning AI solutions we have to make sure we do ourself. >> So, it's really interesting, the trust issue, because there's so many layers to it, right? We all get on airplanes and fly across country all the time, right? And those planes are being flown by machines, for the most part. And at the same time if you start to unpack some of these crazy algorithms, even if you could open up the black box, unless you're a data scientist and you have a PhD, in some of these statistical analysis could you really understand it anyway? So how do you balance it? We're talking about the boardroom. What's the level of discovery? What's the level of knowledge that's appropriate without necessarily being a full-fledged data scientist who are the ones that are actually writing those algorithms? >> So I think that's a challenge, right, because I think when you look at the types of ways that people are addressing this trust challenge it is highly technical, alright. People are making hybrid systems where you can do some type of traceability but that's highly technical for the boardroom. I think what's important is that the-- and one thing that we did talk about on the panel and even prior to panel was on cybersecurity and governance, we talked about the importance of being able to speak in a language that everyone-- that the laborers can understand. You can't just speak in a computer science jargon kind of manner. You have to be able to speak to the person that's actually making the decision. Which means you have to really understand the problem, because I think my experience the people that can speak in the plainest language understand the problem the best. So these problems are things that can be explained they just tend not to be explained, because they're in this super technical domain. >> But you know, Reggie is being very humble. He's got a PhD from MIT and worked at the defense advanced research-- >> Well he can open the box. >> He can open the box. I'm a simple guy from Beaumont, Texas, so I can kind of dumb it down for the average person. I think on the trust issue over time whether, and you just mentioned some of it, if you use the analogy of a car or the board room or a war scenario, it's the result. So you get comfortable, you know the first time, I have a Tesla, the first time I let go of the wheel and let it drive it's self was a scary experience but then when you actually see the result and get to enjoy and experience the actual performance of the vehicle that's when the trust can begin. And I think in a similar vein, in the military context, you know, we're seeing automation start to take hold. The big issue will be in that moment of ultimate trust, i.e. do you allow a weapon actually to have lethal decision-making authority, and we just talked about that on the panel, which is the ultimate trust is-- is not really today in the military something that we're prepared to trust yet. I think we've seen in, there's only a couple places, like the DMZ in North Korea where we actually do have a few systems that are, if they actually detect an attack because there's such a short response time, those are the rare exceptions of where lethal authority is at least being considered. I think Elon Musk has talked about how the threat of AI, and how this could, if it's not, we don't have some norms put around it then that trust could not be developed, cause there wouldn't be this checks and balances. So, in the boardroom that last scenario, I think, the boards are going to be facing these cyber attacks and the more that they experience once the attack happens how the AI is providing some immediate response in mitigation and hopefully even prevention, that's where the trust will begin. >> The interesting thing, though, is that the sophistication of the attacks is going up dramatically, right? >> Chad: Yep. >> Why do we have machine-learning in AI? Because it's fast. It can react to a ton of data and move at speeds that we as people can't, such as your self-driving car. And now we're seeing an increase in state-sponsored threats that are coming in, it's not just the crazy kid in the basement, you know, hacking away to show his friend, but you know, now they're trying to get much more significant information, trying to go after much more significant systems. So, it almost begs then that you have to have the North Korean example when your time windows are shorter, when the assets are more valuable and when the sophistication of the attacking party goes up, can people manage it, you know, I would assume that the people role, you know, will continue to get further and further up the stack where the automation takes an increasing piece of it. >> So let's pull on that, right. So if you talk to the Air Force, cause the Air Force does a lot of work on autonomy, DoD General does, but the Air Force has this chart where they show that over time the resource that will be dedicated by a machine, autonomous machine, will increase and resources to a human decrease, to a certain level, to a certain level. And that level is really governed by policy issues, compliance issues. So there's some level over which because of policy and compliance the human will always be in the loop. You just don't let the machine run totally open loop, but the point is it has to run at machine speed. So let's go back to your example, with the high speed cyber attacks. You need to have some type of defensive mechanism that can react at machine speed, which means at some level the humans are out of that part of the loop, but you still have to have the corporate board person, as Chad said, have trust in that machine to operate at this machine speed, out of the loop. >> In that human oversight one of the things that was discussed on on the panel was that interestingly AI can actually be used in training of humans to upgrade their own skills, and so right now in the Department of Defense, they do these exercises on cyber ranges and there's about a 4 month waiting period just to get on the ranges, that's how congested they are. And even if you get on it, if you think about it, right now there's a limited number of human talent, human instructors that can simulate the adversary and oversee that, and so actually using AI to create a simulated adversary and being able to do it in a gamified environment is something that's increasingly going to be necessary to make it, to keep everyone's skills, and to do it real-time 24/7 against active threats that are being morphed over time. That's really where we have to get our game up to. So, watch for companies like Circadence, which are doing this right now with the Air Force, Army, DISA, and also see them applying this, as Reggie said, in the corporate sphere where a lot of the folks who will tell you today they're facing this asymmetric threat, they have a lot of tools, but they don't necessarily trust or have the confidence that when the balloon goes up, when the attack is happening, is my team ready? And so being able to use AI to help simulate these attacks against their own teams so they can show the board actually our guys are at this level of tested-ness and readiness. >> It's interesting Hal's talking to me in the background as you're talking about the cyber threat, but there's another twist on that, right, which is where machines aren't tired, they didn't have a bad day, they didn't have a fight with the kids in the morning. So you've got that kind of human frailty which machines don't have, right, that's not part of the algorithm generally. But it's interesting to me that it usually comes down to, as most things of any importance, right, it's not really a technical decision. The technical pieces was actually pretty easy. The hard part is what are the moral considerations, what are the legal considerations, what are the governance considerations, and those are what really ultimately drive the decision to go or no-go. >> I absolutely agree. One of the challenges that we face is what is our level of interaction between the machine and the human, and how does that evolve over time. You know, people talk about the centaur model, where the centaur, the mythical horse and human, where you have this same kind of thing with the machine and human, right? You want this seamless type of interaction, but what does that really mean, and who does what? What they've found is you've got machines have beaten, obviously, our human chest masters, they've beaten our goal masters. But the things that seems to work best is when there's some level of teaming between the human and the machine. What does that mean? And I think that's going to be a challenge going forward is how we start understanding what that frontier is where the human and machine have to have this really seamless interaction. How do we train for that, how do we build for that? >> So, give your last thoughts before I let you go. The chime is running, they want you back. As you look down the road, just a couple years, I would never say more than a couple years, and, you know, Moore's Law is not slowing down people argue will argue they're crazy, you know, chips are getting faster, networks are getting faster, data systems are getting faster, computers are getting faster, we're all carrying around mobile phones and just blowing off tons of digital exhaust as our systems. What do you tell people, how do boards react in this rapidly evolving, you know, on like an exponential curve environment in which we're living, how do they not just freeze? >> Well if you look at it, I think, to use a financial analogy and almost every board knows the basic foundational formula for accounting which is assets equals liabilities plus equity. I think in the future because no business today is immune from the digital economy every business is being disrupted by the digital economy and it's-- there are businesses that are underpinned by the trust of the digital economy. So, every board I think going forward has to become literate on cybersecurity and Artificial Intelligence will be part of that board conversation, and they'll need to learn that fundamental formula of risk, which is risk equals threat, times vulnerability, times consequence. So in the months ahead part of what the Chertoff Group will be doing is playing a key role in helping to be an educator of those boards and a facilitator in these important strategic discussions. >> Alright, we'll leave it there. Chad Sweet, Reggie Brothers thanks for stopping by. >> Thank you. >> Thank you, appreciate it. >> Alright, I'm Jeff Frick, you're watching theCube. We're at the Chertoff event, it's security in the boardroom. Think about it, we'll catch ya next time.