>>Welcome to this cube conversation. I'm Dave Nicholson and we're having this conversation in advance of cube con cloud native con north America, 2021. Uh, we are going to be talking specifically about a subject near and dear to my heart, and that is security. We have a very special guest from red hat, the security lead from the office of the CTO. New kinds. Welcome. Welcome to the cube Luke. >>Oh, it's great to be here. Thank you, David. Really looking forward to this conversation. >>So you have a session, uh, at a CubeCon slash cloud native con this year. And, uh, frankly, I look at the title and based on everything that's going on in the world today, I'm going to accuse you of clickbait because the title of your session is a secure supply chain vision. Sure. What other than supply chain has is in the news today, all of these things going on, but you're talking about the software supply chain. Aren't you tell, tell us about, tell us about this vision, where it came from Phyllis in. >>Yes, very much. So I do agree. It is a bit of a buzzword at the moment, and there is a lot of attention. It is the hot topic, secure supply chains, thanks to things such as the executive order. And we're starting to see an increase in attacks as well. So there's a recent statistic came out that was 620%. I believe increase since last year of supply chain attacks involving the open source ecosystem. So things are certainly ramping up. And so there is a bit of clickbait. You got me there. And um, so supply chains, um, so it's predominantly let's consider what is a supply chain. Okay. And we'll, we'll do this within the context of cloud native technology. Okay. Cause there's many supply chains, you know, many, many different software supply chains. But if we look at a cloud native one predominantly it's a mix of people and machines. >>Okay. So you'll have your developers, uh, they will then write code. They will change code and they'll typically use our, a code revision control system, like get, okay, so they'll make their changes there. Then push those changes up to some sort of repository, typically a get Harbor or get level, something like that. Then another human will then engage and they will review the code. So somebody that's perhaps a maintain will look at the code and they'll improve that a code. And then at the same time, the machine start to get involved. So you have your build servers that run tests and integration tests and they check the code is linted correctly. Okay. And then you have this sort of chain of events that start to happen. These machines, these various actors that start to play their parts in the chain. Okay. So your build system might generate a container image is a very common thing within a cloud native supply chain. >>Okay. And then that image is typically deployed to production or it's hosted on a registry, a container registry, and then somebody else might utilize that container image because it has software that you've packaged within that container. Okay. And then this sort of prolific expansion of use of coasts where people start to rely on other software projects for their own dependencies within their code. Okay. And you've got this kind of a big spaghetti of actors that are dependent on each other and feed him from each other. Okay. And then eventually that is deployed into production. Okay. So these machines are a lot of them non open source code. Okay. Even if there is a commercial vendor that manages that as a service, it's all based on predominantly open source code. Okay. And the security aspects with the supply chain is there's many junctures where you can exploit that supply chain. >>So you can exploit the human, or you could be a net ferrous human in the first place you could steal somebody's identity. Okay. And then there's the build systems themselves where they generate these artifacts and they run jobs. Okay. And then there are the production system, which pulls these down. Okay. And then there's the element of which we touched upon around libraries and dependencies. So if you look at a lot of projects, they will have approximately around a hundred, perhaps 500 dependencies that they all pull in from. Okay. So then you have the supply chains within each one of those, they've got their own set of humans and machines. And so it's a very large spaghetti beast of, of, of sort of dependence and actors and various identities that make up. >>Yeah. You're, you're describing a nightmarish, uh, scenario here. So, uh, so, so I definitely appreciate the setup there. It's a chain of custody nightmare. Yeah. >>Yes. Yeah. But it's also a wonderful thing because it's allowed us to develop in the paradigms that we have now very fast, you know, you can, you can, you can prototype and design and build and ship very fast, thanks to these tools. So they're wonderful. It's not to say that they're, you know, that there is a gift there, but security has arguably been left as a bit of an afterthought essentially. Okay. So security is always trying to it's at the back of the race. It's always trying to catch up with you. See what I mean? So >>Well, so is there a specific reason why this is particularly timely? Um, in, you know, when we, when we talk about deployment of cloud native applications, uh, something like 75% of what we think of is it is still on premesis, but definitely moving in the direction of what we loosely call cloud. Um, is why is this particularly timely? >>I think really because of the rampant adoption that we see. So, I mean, as you rightly say, a lot of, uh, it companies are still running on a, sort of a, more of a legacy model okay. Where deployments are more monolithic and statics. I mean, we've both been around for a while when we started, you would, you know, somebody would rack a server, they plug a network cable and you'd spend a week deploying the app, getting it to run, and then you'd walk away and leave it to a degree. Whereas now obviously that's really been turned on its head. So there is a, an element of not everybody has adopted this new paradigm that we have in development, but it is increasing, there is rapid adoption here. And, and many that aren't many that rather haven't made that change yet to, to migrate to a sort of a cloud type infrastructure. >>They certainly intend to, well, they certainly wished to, I mean, there's challenges there in itself, but it, I would say it's a safe bet to say that the prolific use of cloud technologies is certainly increasing as we see in all the time. So that also means the attack vectors are increasing as we're starting to see different verticals come into this landscape that we have. So it's not just your kind of a sort of web developer that are running some sort of web two.site. We have telcos that are starting to utilize cloud technology with virtual network functions. Uh, we have, um, health banking, FinTech, all of these sort of large verticals are starting to come into cloud and to utilize the cloud infrastructure model that that can save them money, you know, and it can make them, can make their develop more agile and, you know, there's many benefits. So I guess that's the main thing is really, there's a convergence of industries coming into this space, which is starting to increase the security risks as well. Because I mean, the security risks to a telco are a very different group to somebody that's developing a web platform, for example. >>Yeah. Yeah. Now you, you, uh, you mentioned, um, the sort of obvious perspective from the open source perspective, which is that a lot of this code is open source code. Um, and then I also, I assume that it makes a lot of sense for the open source community to attack this problem, because you're talking about so many things in that chain of custody that you described where one individual private enterprise is not likely to be able to come up with something that handles all of it. So, so what's your, what's your vision for how we address this issue? I know I've seen in, um, uh, some of the content that you've produced an allusion to this idea that it's very similar to the concept of a secure HTTP. And, uh, and so, you know, imagine a world where HTTP is not secure at any time. It's something we can't imagine yet. We're living in this parallel world where, where code, which is one of the four CS and cloud security, uh, isn't secure. So what do we do about that? And, and, and as you share that with us, I want to dive in as much as we can on six store explain exactly what that is and, uh, how you came up with this. >>Yes, yes. So, so the HTTP story's incredibly apt for where we are. So around the open source ecosystem. Okay. We are at the HTTP stage. Okay. So a majority of code is pulled in on trusted. I'm not talking about so much here, somebody like a red hat or, or a large sort of distributor that has their own sign-in infrastructure, but more sort of in the, kind of the wide open source ecosystem. Okay. The, um, amount of code that's pulled in on tested is it's the majority. Okay. So, so it is like going to a website, which is HTTP. Okay. And we sort of use this as a vision related to six store and other projects that are operating in this space where what happened effectively was it was very common for sites to run on HTTP. So even the likes of Amazon and some of the e-commerce giants, they used to run on HTTP. >>Okay. And obviously they were some of the first to, to, uh, deploy TLS and to utilize TLS, but many sites got left behind. Okay. Because it was cumbersome to get the TLS certificate. I remember doing this myself, you would have to sort of, you'd have to generate some keys, the certificate signing request, you'd have to work out how to run open SSL. Okay. You would then go to an, uh, a commercial entity and you'd probably have to scan your passport and send it to them. And there'll be this kind of back and forth. Then you'll have to learn how to configure it on your machine. And it was cumbersome. Okay. So a majority just didn't bother. They just, you know, they continue to run their, their websites on protected. What effectively happened was let's encrypt came along. Okay. And they disrupted that whole paradigm okay. >>Where they made it free and easy to generate, procure, and set up TLS certificates. So what happened then was there was a, a very large change that the kind of the zeitgeists changed around TLS and the expectations of TLS. So it became common that most sites would run HTTPS. So that allowed the browsers to sort of ring fence effectively and start to have controls where if you're not running HTTPS, as it stands today, as it is today is kind of socially unacceptable to run a site on HTTP is a bit kind of, if you go to HTTP site, it feels a bit, yeah. You know, it's kind of, am I going to catch a virus here? It's kind of, it's not accepted anymore, you know, and, and it needed that disruptor to make that happen. So we want to kind of replicate that sort of change and movement and perception around software signing where a lot of software and code is, is not signed. And the reason it's not signed is because of the tools. It's the same story. Again, they're incredibly cumbersome to use. And the adoption is very poor as well. >>So SIG stores specifically, where did this, where did this come from? And, uh, and, uh, what's your vision for the future with six? >>Sure. So six door, six doors, a lockdown project. Okay. It started last year, July, 2020 approximately. And, uh, a few people have been looking at secure supply chain. Okay. Around that time, we really started to look at it. So there was various people looking at this. So it's been speaking to people, um, various people at Purdue university in Google and, and other, other sort of people trying to address this space. And I'd had this idea kicking around for quite a while about a transparency log. Okay. Now transparency logs are actually, we're going back to HTTPS again. They're heavily utilized there. Okay. So when somebody signs a HTTPS certificate as a root CA, that's captured in this thing called a transparency log. Okay. And a transparency log is effectively what we call an immutable tamper proof ledger. Okay. So it's, it's kind of like a blockchain, but it's different. >>Okay. And I had this idea of what, if we could leverage this technology okay. For secure supply chain so that we could capture the provenance of code and artifacts and containers, all of these actions, these actors that I described at the beginning in the supply chain, could we utilize that to provide a tamper resistant publicly or DePaul record of the supply chain? Okay. So I worked on a prototype wherever, uh, you know, some, uh, a week or two and got something basic happening. And it was a kind of a typical open source story there. So I wouldn't feel right to take all of the glory here. It was a bit like, kind of, you look at Linux when he created a Linux itself, Linus, Torvalds, he had an idea and he shared it out and then others started to jump in and collaborate. So it's a similar thing. >>I, um, shared it with an engineer from Google's open source security team called Dan Lawrence. Somebody that I know of been prolific in this space as well. And he said, I'd love to contribute to this, you know, so can I work this? And I was like, yeah, sure though, you know, the, the more, the better. And then there was also Santiago professor from Purdue university took an interest. So a small group of people started to work on this technology. So we built this project that's called Rico, and that was effectively the transparency log. So we started to approach projects to see if they would like to, to utilize this technology. Okay. And then we realized there was another problem. Okay. Which was, we now have a storage for signed artifacts. Okay. A signed record, a Providence record, but nobody's signing anything. So how are we going to get people to sign things so that we can then leverage this transparency log to fulfill its purpose of providing a public record? >>So then we had to look at the signing tools. Okay. So that's where we came up with this really sort of clever technology where we've managed to create something called ephemeral keys. Okay. So we're talking about a cryptographic key pair here. Okay. And what we could do we found was that we could utilize other technologies so that somebody wouldn't have to manage the private key and they could generate keys almost point and click. So it was an incredibly simple user experience. So then we realized, okay, now we've got an approach for getting people to sign things. And we've also got this immutable, publicly audited for record of people signing code and containers and artifacts. And that was the birth of six store. Then. So six store was created as this umbrella project of all of these different tools that were catering towards adoption of signing. And then being able to provide guarantees and protections by having this transparency log, this sort of blockchain type technology. So that was where we really sort of hit the killer application there. And things started to really lift off. And the adoption started to really gather steam then. >>So where are we now? And where does this go into the future? One of the, one of the wonderful things about the open source community is there's a sense of freedom in the creativity of coming up with a vision and then collaborating with others. Eventually you run headlong into expectations. So look, is this going to be available for purchase in Q1? What's the, >>Yeah, I, I will, uh, I will fill you in there. Okay. So, so with six door there's, um, there's several different models that are at play. Okay. I'll give you the, the two predominant ones. So one, we plan, we plan to run a public service. Okay. So this will be under the Linux foundation and it'll be very similar to let's encrypt. So you as a developer, if you want to sign your container, okay. And you want to use six door tooling that will be available to you. There'll be non-profit three to use. There's no specialties for anybody. It's, it's there for everybody to use. Okay. And that's to get everybody doing the right thing in signing things. Okay. The, the other model for six stories, this can be run behind a firewall as well. So an enterprise can stand up their own six store infrastructure. >>Okay. So the transparency log or code signing certificates, system, client tools, and then they can sign their own artifacts and secure, better materials, all of these sorts of things and have their own tamper-proof record of everything that's happened. So that if anything, untoward happens such as a key compromise or somebody's identity stolen, then you've got a credible source of truth because you've got that immutable record then. So we're seeing, um, adoption around both models. We've seen a lot of open source projects starting to utilize six store. So predominantly key, um, Kubernetes is a key one to mention here they are now using six store to sign and verify their release images. Okay. And, uh, there's many other open-source projects that are looking to leverage this as well. Okay. And then at the same time, various people are starting to consider six door as being a, sort of an enterprise signing solution. So within red hat, our expectations are that we're going to leverage this in open shift. So open shift customers who wish to sign their images. Okay. Uh, they want to sign their conflicts that they're using to deploy within Kubernetes and OpenShift. Rather they can start to leverage this technology as open shift customers. So we're looking to help the open source ecosystem here and also dog food, this, and make it available and useful to our own customers at red hat. >>Fantastic. You know, um, I noticed the red hat in the background and, uh, and, uh, you know, I just a little little historical note, um, red hat has been there from the beginning of cloud before, before cloud was cloud before there was anything credible from an enterprise perspective in cloud. Uh, I, I remember in the early two thousands, uh, doing work with tree AWS and, uh, there was a team of red hat folks who would work through the night to do kernel level changes for the, you know, for the Linux that was being used at the time. Uh, and so a lot of, a lot of what you and your collaborators do often falls into the category of, uh, toiling in obscurity, uh, to a certain degree. Uh, we hope to shine light on the amazing work that you're doing. And, um, and I, for one appreciate it, uh, I've uh, I've, I've suffered things like identity theft and, you know, we've all had brushes with experiences where compromise insecurity is not a good thing. So, um, this has been a very interesting conversation. And again, X for the work that you do, uh, do you have any other, do you have any other final thoughts or, or, uh, you know, points that we didn't cover on this subject that come to mind, >>There is something that you touched upon that I'd like to illustrate. Okay. You mentioned that, you know, identity theft and these things, well, the supply chain, this is critical infrastructure. Okay. So I like to think of this as you know, there's, sir, they're serving, you know, they're solving technical challenges and, you know, and the kind of that aspect of software development, but with the supply chain, we rely on these systems. When we wake up each morning, we rely on them to stay in touch with our loved ones. You know, we are our emergency services, our military, our police force, they rely on these supply chains, you know, so I sort of see this as there's a, there's a bigger vision here really in protecting the supply chain is, is for the good of our society, because, you know, a supply chain attack can go very much to the heart of our society. You know, it can, it can be an attack against our democracies. So I, you know, I see this as being something that's, there's a humanistic aspect to this as well. So that really gets me fired up to work on this technology., >>it's really important that we always keep that perspective. This isn't just about folks who will be attending CubeCon and, uh, uh, uh, cloud con uh, this is really something that's relevant to all of us. So, so with that, uh, fantastic conversation, Luke, it's been a pleasure to meet you. Pleasure to talk to you, David. I look forward to, uh, hanging out in person at some point, whatever that gets me. Uh, so with that, uh, we will sign off from this cube conversation in anticipation of cloud con cube con 2021, north America. I'm Dave Nicholson. Thanks for joining us.

>> from the Silicon Angle Media Office in Boston, Massachusetts. It's the queue. Now here's your host. Still minimum. >> Hi, I'm student men and welcome to a special edition of Cube conversations here in our Boston area studio. Habito. Welcome to the program. First of all, to my right, a first time guests on the program Drew Clark, Who's the chief strategy officer? A click and welcome back to the program tomorrow on Carryon. Who's a senior vice president of enterprise data integration now with Click but new title to to the acquisition of Eternity. So thanks so much for joining us, gentlemen. >> Great to be here. >> All right, True, You know, to Nitti we've had on the program anytime we haven't click on the program, but maybe for audience just give us a quick level set on Click. And you know the acquisition, you know, is some exciting news. So let's start there and we'LL get into it. >> Sure, thanks. Teo and Click were a twenty five year old company and the business analytics space. A lot of people know about our products. Clint View, Click Sense. We have fifty thousand customers around the world and from large companies, too kind of small organizations. >> Yeah. Alright. Eso you No way. Talk a lot about data on our program. You know, I looked through some of the clique documentation. It resonated with me a bit because when we talk about digital transformation on our program, the key thing that different to the most between the old way of doing things the modern is I need to be data driven. They need to make my decision the the analytics piece of that s o it. Tomorrow, let's start there and talk about, you know, other than you know, that the logo on your card changes. You know what's the same? What's different going forward for you? >> Well, first, we were excited about that about this merger and the opportunity that we see in the market because there's a huge demand for data, presumably for doing new types of analytics business intelligence. They they's fueling the transformation. And part of the main challenge customers have organizations have is making more data available faster and putting it in the hands of the people who need it. So, on our part of the coming from eternity, we spend the last few years innovating and creating technology that they helped car organizations and modernize how they create new day. The architecture's to support faster data, more agility in terms ofthe enabling data for analytics. And now, together with Click, we can continue to expand that and then the end of the day, provide more data out to more people. >> S o. You know, Drew, it's interesting, you know that there's been no shortage of data out there. You know, we've for decades been talking about the data growth, but actually getting access store data. It's in silos more than ever. It's, you know, spread out all over the day. We say, you know, the challenge of our time is really building distributed architectures and data is really all over the place and, you know, customers. You know, their stats all over the places to how much a searchable how much is available. You know how much is usable? So, you know, explain a little bit, you know, kind of the challenge you're facing. And you know how you're helping move customers along that journey? >> Well, what you bring up stew is thie kind of the idea of kind of data and analytics for decision making and really, it's about that decision making to go faster, and you're going to get into that right kind of language into the right individuals. And we really believe in his concept of data literacy and data literacy was said, I think, well, between two professors who co authored a white paper. One professor was from M I t. The other one's from ever sin college, a communication school. Data literacy is the kind of the ability to read, understand, analyze and argue with data. And the more you can actually get that working inside an organization, the better you have from a decision making and the better competitive advantage you have your evening or wind, you're going to accomplish a mission. And now with what you said, the proliferation of data, it gets harder. And where do you find it? And you need it in real time, and that's where the acquisition of opportunity comes in. >> Okay, I need to ask a follow up on that. So when a favorite events I ever did with two other Emmett professors, yes, where Boston area. We're putting a lot >> of the >> mighty professors here, but any McAfee and Erik Nilsson talked about racing with the machine because, you know, it's so great, you know? You know who's the best chess player out there? Was it you know, the the human grandmaster, or was that the computer? And, you know, the studies were actually is if you put the grandmaster with the computer, they could actually beat either the best computer or the best person. So when you talk about, you know, the data and analytics everybody's looking at, you know, the guy in the ML pieces is like, OK, you know, how do these pieces go together? How does that fit into the data literacy piece? You know, the people and, you know, the machine learning >> well where you bring up is the idea of kind of augmenting the human, and we believe very much around a cognitive kind of interface of kind of the technology, the software with kind of a person and that decision making point. And so what you'LL see around our own kind of perspective is that we were part of a second generation be eye of like self service, and we've moved rapidly into this third generation, which is the cognitive kind of augmentation and the decision maker, right? And so you say this data literacy is arguing with data. Well, how do you argue and actually have the updated machine learning kind of recommendations? But it's still human making that decision. And that's an important kind of component of our kind of, like, our own kind of technology that we bring to the table. But with the two nitti, that's the data side needs to be there faster and more effective. >> Yeah. So, Itamar, please. You know Phyllis in on that. That data is the, you know, we would in big data, we talk about the three V's. So, you know, where are we today? How dowe I be ableto you know, get in leverage all of that data. >> So that's exactly where we've been focused over the last few years and worked with customers that were focused on building new data lakes, new data warehouses, looking at the clouds, building basically more than new foundations for enabling the organization to use way more data than every before. So it goes back to the volume at least one V out of the previous you mentioned. And the other one, of course, is the velocity. And how fast it is, and I've actually come to see that there are, in a sense, two dimensions velocity that come come together. One is how timely is the data you're using. And one of the big changes we're seeing in the market is that the user expectation and the business need for real time data is becoming ever more critical. If we used to talkto customers and talk about real time data because when they asked her data, they get a response very quickly. But it's last week's data. Well, that's not That doesn't cut it. So what we're seeing is that, first of all, the dimension of getting data that Israel Time Day that represents the data is it's currently second one is how quickly you can actually make that happen. So because business dynamics change match much faster now, this speed of change in the industry accelerates. Customers need the ability to put solutions together, make data available to answer business questions really faster. They cannot do it in the order ofthe month and years. They need to do it indoors off days, sometimes even hours. And that's where our solutions coming. >> Yeah, it's interesting. You know, my backgrounds. On the infrastructure side, I spent a lot of time in the cloud world. And, you know, you talk about, you know, health what we need for real time. Well, you know, used to be, you know, rolled out a server. You know, that took me in a week or month and a V m it reduced in time. Now we're, you know, containerized in communities world. And you know what? We're now talking much sort of time frame, and it's like, Oh, if you show me the way something was, you know, an hour ago. Oh, my gosh, That's not the way the world is. And I think, you know, for years we talked to the Duke world. You know what Israel time and how do I really define that? And the answer. We usually came up. It is getting the right information, you know, in the right place, into the right person. Or in the sales standpoint, it's like I need that information to save that client. They get what they need. So we still, you know, some of those terms, you know, scale in real time, short of require context. But you know what? Where does that fit into your customer discussions. >> Well, >> to part says, you bring up. You know, I think what you're saying is absolutely still true. You know, right? Data, right person, right time. It gets harder, though, with just the volumes of data. Where is it? How do you find it? How do you make sure that it's It's the the right pieces to the right place and you brought up the evolution of just the computer infrastructure and analytics likes to be close to the data. But if you have data everywhere, how do you make sure that part works? And we've been investing in a lot of our own Cloud Analytics infrastructure is now done on a micro services basis. So is running on Cuban eighties. Clusters it Khun work in whatever cloud compute infrastructure you want, be it Amazon or zur or Google or kind of your local kind of platform data centers. But you need that kind of small piece tied to the right kind of did on the side. And so that's where you see a great match between the two solutions and when you in the second part is the response from our customer's on DH after the acquisition was announced was tremendous. We II have more customer who works in a manufacturing space was I think this is exactly what I was looking to do from an analytic spaces I needed. Mohr did a real time and I was looking at a variety of solutions. She said, Thank you very much. You made my kind of life a little easier. I can narrow down Teo. One particular platform s so we have manufacturing companies. We have military kind of units and organizations. Teo Healthcare organizations. I've had just countless kind of feedback coming in along that same kind of questions. All >> right, Amaar, you know, for for for the eternity. Customers, What does this mean for them coming into the click family? >> Well, first of all, it means for them that we have a much broader opportunity to serve them. Click is a much, much bigger company. We have more resources. We can put a bear to both continuing enhance The opportunity. Offering is well as creating integrations with other products, such as collecting the click Data catalyst, which are click acquired several months ago. And there's a great synergy between those the products to the product and the collected a catalyst to provide a much more comprehensive, more an enterprise data integration platform, then beyond there to create, also see energies with other, uh, click analytic product. So again, while the click their integration platform consisting Opportunity and Click the catalyst will be independent and provide solutions for any data platform Analytic platform Cloud platform is it already does. Today we'LL continue to investigate. There's also opportunities to create unique see energies with some afar clicks technologies such as the associative Big Data Index and some others to provide more value, especially its scale. >> All right, eso drew, please expand on that a little bit if you can. There's so many pieces I know we're going to spend a little bit. I'm going deeper and some some of the other ones. But when you talk to your customers when you talk to your partners, what do you want to make sure there their key takeaways are >> right. So there is a couple of important points Itamar you made on the data integration platform, and so that's a combination of the eternity products plus the data catalysts, which was, you know, ca wired through podium data. Both of those kind of components are available and will continue to be available for our customers to use on whatever analytics platform. So we have customers who use the data for data science, and they want to work in our python and their own kind of machine learning or working with platforms like data robots. And they'LL be able to continue to do that with that same speed. They also could be using another kind of analytical visualization tool. And you know, we actually have a number of customers to do that, and we'LL continue to support that. So that's the first point, and I think you made up, which is the important one. The second is, while we do think there is some value with using Click Sense with the platform, and we've been investing on a platform called the Associative Big Data Index, and that sounds like a very complicated piece. But it's what we've done is taken are kind of unique kind of value. Proposition is an analytical company which is thehe, bility, toe work with data and ask questions of it and have the answers come to you very quickly is to be able to take that same associative experience, uh, that people use in our product and bring it down to the Data Lake. And that's where you start to see that same kind of what people love about click, view and click sense and brought into the Data Lake. And that's where Tamara was bringing up from a scale kind of perspective. So you have both kind of opportunities, >> Drew, and I really appreciate you sharing the importance of these coming together. We're going to spend some more time digging into the individual pieces there. I might be able to say, OK, are we passed the Data Lakes? Has it got to a data swamp or a data ocean? Because, you know, there are lots of sources of data and you know the like I always say Is that seems a little bit more pristine than the average environment. Eso But thank you so much and look forward to having more conversations with thanks to all right, you. And be sure to, uh, check out the cute dot net for all our videos on stew minimum. Thanks so much for watching

>> live from Orlando, Florida It's the que covering accelerate nineteen. Brought to you by important >> Hey, welcome back to the Cube. We are live at forty nine. Accelerate nineteen in Orlando, Florida I am Lisa Martin with Peter Births, and Peter and I are pleased to welcome one of our alumni back to the program during Mickey, the chief of security insights for forty nine. Derek. It's great to have you back on the program, >> so it's always a pleasure to be here. It's tze always good conversations. I really look forward to it and it's It's never a boring day in my office, so we're than happy to talk about this. >> Fantastic. Excellent. Well, we've been here for a few hours, talking with a lot of your leaders. Partners as well. The keynote this morning was energetic. Talked a lot about the evocation, talked a lot about the evolution of not just security and threat, but obviously of infrastructure, multi cloud hybrid environment in which we live. You have been with forty girl lives for a long time. Talk to us about the evolution that you've seen of the threat landscape and where we are today. >> Sure, Yeah, so you know? Yeah, I've been fifteen years now, forty guards. So I flashed back. Even a two thousand, for it was a vastly different landscape back there and Internet and even in terms of our security technology in terms of what the attack surface was like back then, you know, Ken Kennedy was talking about EJ computing, right? Because that's what you know. Seventy percent of data is not going to be making it to the cloud in the future. A lot of processing is happening on the edge on DH. Threats are migrating that way as well, right? But there's always this mirror image that we see with the threat landscape again. Threat landscape. Back in nineteen eighty nine, we started with the Morris Worm is very simple instructions. It took down about eighty percent of the Internet at the time, but he was It is very simple. It wasn't to quote unquote intelligence, right? Of course, if we look through the two thousands, we had a lot of these big worms that hit the scene like Conficker. I love you, Anna Kournikova. Blaster slammer. All these famous rooms I started Teo become peer to peer, right? So they were able to actually spread from network to network throughout organizations take down critical services and so forth. That was a big evolutionary piece at the time. Of course, we saw fake anti virus ransomware. Come on stage last. Whereas I called it, which was destructive Mauer That was a big shift that we saw, right? So actually physically wiping out data on systems these air typically in like star but warfare based attacks. And that takes us up to today, right? And what we're seeing today, of course, we're still seeing a lot of ransom attacks, but we're starting to see a big shift in technology because of this edge computing used case. So we're seeing now things like Swarm networks have talked about before us. So these are not only like we saw in the two thousand's threats that could shift very quickly from network to network talk to each other, right? In terms of worms and so forth. We're also seeing now in intelligence baked in. And that's a key difference in technology because these threats are actually able, just like machine to machine. Communication happens through a pea eye's protocols and so forth threats are able to do this a swell. So they ableto understand their own local environment and how to adapt to that local environment and capitalized on that effort on DH. That's a very, very big shift in terms of technology that we're seeing now the threat landscape. >> So a lot of those old threats were depending upon the action of a human being, right? So in many respects, the creativity was a combination of Can you spook somebody make it interesting so that they'll do something that was always creativity in the actual threat itself. What you're describing today is a world where it's almost like automated risk. We're just as we're trying to do automation to dramatically increase the speed of things, reduce the amount of manual intervention. The bad guy's doing the same thing with the swarms there, introducing technology that is almost an automated attack and reconfigures itself based on whatever environment, conditions of encounters. >> Yeah, and the interesting thing is, what's happening here is we're seeing a reduction in what I call a t t be a time to breach. So if you look at the attack lifecycle, everything does doesn't happen in the blink of an instant it's moving towards that right? But if you look at the good, this's what's to come. I mean, we're seeing a lot of indications of this already. So we work very closely with Miter, the minor attack framework. It describes different steps for the attack life cycle, right? You start with reconnaissance weaponization and how do you penetrator system moving the system? Collect data monetize out as a cyber criminal. So even things like reconnaissance and weaponization. So if you look at fishing campaigns, right, people trying to fish people using social engineering, understanding data points about them that's becoming automated, that you sought to be a human tryingto understand their target, try toe fish them so they could get access to their network. There's tool kits now that will actually do that on their own by learning about data points. So it's scary, yes, but we are seeing indications of that. And and look, the endgame to this is that the attacks were happening much, much quicker. So you've got to be on your game. You have to be that much quicker from the defensive point of view, of course, because otherwise, if successful breach happens, you know we're talking about some of these attacks. They could. They could be successful in matter of seconds or or minutes instead of days or hours like before. You know, we're talking about potentially millions dollars of revenue loss, you know, services. They're being taken out flying intellectual properties being reached. So far, >> though. And this is, you know, I think of health care alone and literally life and death situations. Absolutely. How is Fortinet, with your ecosystem of partners poised to help customers mitigate some of these impending risk changing risk >> coverage? Strengthen numbers. Right. So we have, ah, strong ecosystem, of course, through our public ready program. So that's a technology piece, right? And to end security, how we can integrate how we can use automation to, you know, push security policies instead of having an administrator having to do that. Humans are slow a lot of the time, so you need machine to machine speed. It's our fabric ready program. You know, we have over fifty seven partners there. It's very strong ecosystem. From my side of the House on Threat Intelligence. I had up our global threat alliances, right? So we are working with other security experts around the World Cyberthreat Alliance is a good example. We've created intelligence sharing platforms so that we can share what we call indicators of compromise. So basically, blueprints are fingerprints. You can call them of attacks as they're happening in real time. We can share that world wide on a platform so that we can actually get a heads up from other security vendors of something that we might not see on. We can integrate that into our security fabric in terms of adding new, new, you know, intelligence definitions, security packages and so forth. And that's a very powerful thing. Beyond that, I've also created other alliances with law enforcement. So we're working with Interpol that's attribution Base work right that's going after the source of the problem. Our end game is to make it more expensive for cyber criminals to operate. And so we're doing that through working with Interpol on law enforcement. As an example, we're also working with national computer emergency response, so ripping malicious infrastructure off line, that's all about partnership, right? So that's what I mean strengthen numbers collaboration. It's It's a very powerful thing, something close to my heart that I've been building up over over ten years. And, you know, we're seeing a lot of success and impact from it, I think. >> But some of the, uh if you go back and look at some of the old threats that were very invasive, very problematic moved relatively fast, but they were still somewhat slow. Now we're talking about a new class of threat that happens like that. It suggests that the arrangement of assets but a company like Ford and that requires to respond and provide valued customers has to change. Yes, talk a little about how not just the investment product, but also the investment in four guard labs is evolving. You talked about partnerships, for example, to ensure that you have the right set of resources able to be engaged in the right time and applied to the right place with the right automation. Talk about about that. >> Sure, sure. So because of the criticality of this nature way have to be on point every day. As you said, you mentioned health care. Operational technology is a big thing as well. You know, Phyllis talking about sci fi, a swell right. The cyber physical convergence so way have to be on our game and on point and how do we do that? A couple of things. One we need. People still way. Can't you know Ken was talking about his his speech in Davos at the World Economic Forum with three to four million people shortage in cyber security of professionals There's never going to be enough people. So what we've done strategically is actually repositioned our experts of forty guard labs. We have over two hundred thirty five people in forty guard lab. So as a network security vendor, it's the largest security operation center in the world. But two hundred thirty five people alone are going to be able to battle one hundred billion threat events that we process today. Forty guard lab. So so what we've done, of course, is take up over the last five years. Machine learning, artificial intelligence. We have real practical applications of a I and machine learning. We use a supervised learning set so we actually have our machines learning about threats, and we have our human experts. Instead of tackling the threat's one on one themselves on the front lines, they let them in. The machine learning models do that and their training the machine. Just it's It's like a parent and child relationship. It takes time to learn a CZ machines learn. Over time they started to become more and more accurate. The only way they become more accurate is by our human experts literally being embedded with these machines and training them >> apart for suspended training. But also, there's assortment ation side, right? Yeah, we're increasing. The machines are providing are recognizing something and then providing a range of options. Thie security, professional in particular, doesn't have to go through the process of discovery and forensics to figure out everything. Absolution is presenting that, but also presenting potential remedial remediation options. Are you starting to see that become a regular feature? Absolutely, and especially in concert with your two hundred thirty five experts? >> Yeah, absolutely. And that's that's a necessity. So in my world, that's what I refer to is actionable intelligence, right? There's a lot of data out there. There's a lot of intelligence that the world's becoming data centric right now, but sometimes we don't have too much data. Askew Mons, a CZ analysts administrators so absolutely remediation suggestions and actually enforcement of that is the next step is well, we've already out of some features in in forty six two in our fabric to be able to deal with this. So where I think we're innovating and pioneering in the space, sir, it's it's ah, matter of trust. If you have the machines O R. You know, security technology that's making decisions on its own. You really have to trust that trust doesn't happen overnight. That's why for us, we have been investing in this for over six years now for our machine learning models that we can very accurate. It's been a good success story for us. I think. The other thing going back to your original question. How do we stack up against this? Of course, that whole edge computing use case, right? So we're starting to take that machine learning from the cloud environment also into local environments, right? Because a lot of that data is unique, its local environments and stays there. It stays there, and it has to be processed that such too. So that's another shift in technology as we move towards edge computing machine learning an artificial intelligence is absolutely part of that story, too. >> You mentioned strengthen numbers and we were talking about. You know, the opportunity for Fortinet to help customers really beat successful here. I wanted to go back to forty guard labs for a second because it's a very large numbers. One hundred billion security events. Forty Guard labs ingests and analyzes daily. Really? Yes, that is a differentiator. >> Okay, that that's a huge huge differentiator. So, again, if I look back to when I started in two thousand four, that number would have been about five hundred thousand events today, compared to one hundred billion today. In fact, even just a year ago, we were sitting about seventy five to eighty billion, so that numbers increased twenty billion and say twenty percent right in in just a year. So that's that's going to continue to happen. But it's that absolutely huge number, and it's a huge number because we have very big visibility, right. We have our four hundred thousand customers worldwide. We have built a core intelligence network for almost twenty years now, since for Deena was founded, you know, we we worked together with with customers. So if customers wish to share data about attacks that are happening because attackers are always coming knocking on doors. Uh, we can digest that. We can learn about the attacks. We know you know what weapons that these cybercriminals they're trying to use where the cybercriminals are. We learned more about the cyber criminals, so we're doing a lot of big data processing. I have a date, a science team that's doing this, in fact, and what we do is processes data. We understand the threat, and then we take a multi pronged approach. So we're consuming that data from automation were pushing that out first and foremost to our customers. So that's that automated use case of pushing protection from new threats that we're learning about were contextualizing the threat. So we're creating playbooks, so that playbook is much like football, right? You have to know your your your offense, right? And you have to know how to best understand their tactics. And so we're doing that right. We're mapping these playbooks understanding, tactics, understanding where these guys are, how they operate. We take that to law enforcement. As I was saying earlier as an example, we take that to the Cyber Threat Alliance to tow our other partners. And the more that we learn about this attack surface, the more that we can do in terms of protection as well. But it's it's a huge number. We've had a scale and our data center massively to be able to support this over the years. But we are poised for scale, ability for the future to be able to consume this on our anti. So it's it's, um it's what I said You know the start. It's never a boring day in my office. >> How can it be? But it sounds like, you know, really the potential there to enable customers. Any industry too convert Transport sees for transform Since we talked about digital transformation transformed from being reactive, to being proactive, to eventually predictive and >> cost effective to write, this's another thing without cybersecurity skills gap. You know this. The solution shouldn't be for any given customer to try. Toe have two hundred and thirty people in their security center, right? This is our working relationship where we can do a lot of that proactive automation for them, you know, by the fabric by the all this stuff that we're doing through our investment in efforts on the back end. I think it's really important to and yeah, at the end of the day, the other thing that we're doing with that data is generating human readable reports. So we're actually helping our customers at a high level understand the threat, right? So that they can actually create policies on their end to be able to respond to this right hard in their own security. I deal with things like inside of threats for their, you know, networks. These air all suggestions that we give them based off of our experience. You know, we issue our quarterly threat landscape report as an example, >> come into cubes. Some of your people come in the Cuban >> talk about absolutely so That's one product of that hundred billion events that were processing every day. But like I said, it's a multi pronged approach. We're doing a lot with that data, which, which is a great story. I think >> it is. I wish we had more time. Derek, Thank you so much for coming by. And never a dull moment. Never a dull interview when you're here. We appreciate your time. I can't wait to see what that one hundred billion number is. Next year. A forty nine twenty twenty. >> It will be more. I can get you. >> I sound like a well, Derek. Thank you so much. We appreciate it for Peter Burress. I'm Lisa Martin. You're watching the Cube?