>>Hi, everyone. This is L. A from Visa Research today. I would like to tell you about my work with Salim. Earlier. Took from Boston University about how to construct group with invisible inversion from heart problems on ice Arjuna graphs over I say model E eso Let me start this talk by tell you, uh, what is a group with invisible inversion? A group was invisible Inversion is defined by Hulkenberg and Mona In 2003 It says a representation off a group should satisfy two properties. The first is literally that inversion. It's heart. Namely that giving an including off group element X computing Uh, the including off its inverse his heart. The second is that the composition is still easy, namely given the including off X and Y computing the including off X plus y is easy here we're seeing. Plus, is the group operation. So let me explain this definition by going through our favorite example where discreet log it's hard, namely in the Multiplicity group of finance field. We include a group element A as G today, namely, put it into the exponents and more, uh, cute. So given G energy today finding a it's hard. So this group representation at least satisfy one way, as you mean this great look. It's hard. So let's look at at whether this a group satisfied group was invisible inversion. So it turns out it is not because given due to the A finding G to the minus A, it's still easy. So if we say this is the representation off the universe, then computing this reputation is simple. So this is a no example. Off group was invisible invasion. So the work off Falkenburg and Mona started by looking. How can we find group was invisible inversion? And what are the applications off such a group? Representation, >>It turns out, in their sisters. They did not find any group reputation representation that satisfy this property. But instead they find out that if you can find such a group and then they they have >>a cryptographic applications, namely building direct directed transitive signatures a year later in the work off Iraq at or they also find that if you can have this kind of group with invisible inversion there, you can also construct broadcast encryption with a small overhead, and this is before we know how to construct the broadcast encryption with small overhead over Terry's elliptic curve. Paris. So let's look at another attempt off constructing group with invisible inversion. So instead off defining. Still, let's look at a group where we put >>the including in the exponents and instead of defining due to the minus A as the inversion Let's define due to the one over a as the the inverse off do today. So it turns out you can also define that. And it happens that in many groups, minimally, if you more, uh, some special value a que then given G energy to the A, then competing due to the one over A is also conjectured to be hard. But if you define the group element in the experiment in that way, then multiplication in >>the group exponents is also hard, and so we cannot compose. So this is another no example where group inversion is actually difficult to compute. But composition is difficult to compute, uh, either. So for this kind of group, they cannot use this to build directly transitive signatures or broadcast encryption. So now let's make this attempt, uh, visible by allowing thio. So so thio have ability to compute composition. Namely, we represent the including off A as the follows. So first we help you today >>and then we also give an office Kate the circuit which contains a and n such that I take a group element X, and it can output due to the to a model end. So it turns out giving this circuit you have a feasibility off doing composition and in the work off yamakawa at all to show that if and that the underlying off station is io and assuming and it's an R s a moderately then Thistle >>is actually a good construction off group with invisible university. So technically, assuming I oh, we have already know candidates for group was in physical inversion. Uh, but that work still leaves the open problem off constructing group with invisible inversion without using general purpose sophistication. And in this talk, I would like to talk to tell you about a group was inversion candidate from some new certainly problems And the brief logic off this talk is the following. So elliptical insurgencies can be represented by graph, uh, and the graphs has a ship off volcanoes. For example, this one if you look imagine you're looking for a volcano from top to down and this is the Creator, and this is like the direction off going down the volcano. And arguably this is the reason which attracts me to looking to. I certainly problems, and also I certainly graphs can be an I certainly can be used to represent a group called Idea Class Group >>and then eventually we will find some group >>problems on this graph, which we conjecture to be hard. And they use map thes harness to the harness off inverting group elements in the ideal classroom. So this will be the high level overview off this talk. >>So what are a little bit curve? Assertiveness? So to talk about elliptic curve, I certainly okay spend the whole day talking about its mathematical definition and the many backgrounds off elliptic curve. But today we only have 15 minutes. So instead, let me just to give you a highlight help have overview off what I certain this and I certainly is a mapping from when a little bit of curve to another, and I certainly is an interesting equivalence relation between elliptic curves. It's interesting in its mathematical theory, over a finite field and elliptic curve can be identified by its J environment. And later, >>when we talk about elliptic, curve will think about their represented by their environment, which is a number in the finance field >>and given to elliptic curves and namely, given their environments, we can efficiently decide whether these two groups assertiveness, namely in polynomial time. And given these backgrounds, let me now jump to the exciting volcanoes. So it turns out >>the relation among I certainly occurred. Assertiveness curbs can be represented by the I certainly graphs, which looks like volcanoes. So let's first look at the graph on the left and let's fix a degree for that. I certainly so I certainly has different degrees. So let's for simplicity. Think about their crimes. So let's fix a degree Air say equals 23 >>and we will let each of the note in the graph to represent a different elliptic curve, namely a different Jane environment, and each is represent an air degree by certainly so if you fix the degree ill and I certainly is their religions, uh, they just look like what I said, like what kind of going from top to bottom and if, let's say, fix all the >>elliptic curve on the creator or, in general, all the elliptic curves on the same layer off the volcano, Then you allowed to have different degrees. So this is degree L and this is degree M, etcetera, etcetera. And then the graph actually looks like it's almost fully connected. Eso imagine all of them are connected by different degrees. And the graph structure is actually described not too long ago in the pH. Diseases off Davico Hell in 1996 and later it gets popularized in a paper in 2002 because they say, Hey, this looks like a volcano. So now the I certainly will. Kind of is they used in many reference by according the graph. >>So let me tell you a little bit more about the relation off. I certainly and the idea class group. So the short story is, if you fix a layer on the uncertainty graph, say the creator. So actually, all the notes has a 1 to 1 mapping to the group element in an ideal >>class group. The foremost Siri is the ideal class group acts on the, uh, set off a surgeon is which have the same in the more it is a Marine. But we will not go into their, uh in the talk today. So let me give you a simple example. So this is, ah, concrete representation off an ideal class group off seven group elements. And if we fix a J zero j environment off one off the grade curve, let's say this guy represents the identity in the idea class group. And then we let J one to represent one off the class group elements. Then it's inverse is just going one step back from the origin in the opposite direction S O. This is a very important picture we will use exactly the J environments to represent and the idea class group elements eso This is exactly the reputation we're gonna take, except we're gonna work with over the icy modeling. So after giving some mathematical background off elliptical by certainly in a certain graph now, let's talk about competition of problems >>and before jumping into I say model E, let me start from the, uh, more traditionally studied. I certainly problems over the finite field. The first problem is if I fix a degree, air and I give you a J environment off elliptic curve. Ast one off the note. That's first. Take an easy question. Is it easy to find all off? >>It's certainly neighbors off degree will say there is a polynomial. >>The answer is yes. And the technically there are two different ways. Uh, I will not go to the details off what they are, but what we need to know is they require serving, uh, polynomial off degree or air squares. Let's look at another problem that so imagine I select to random >>curves from an I certainly graph. So think about this. Uncertainty graph is defined over a large field, and they are super polynomial limited graphs off them. I'm choosing to random curves. >>The question is, can you find out an explicit I Certainly between them naming and Emily passed from one to the other. It turns out this >>problem is conjecture to be hard even for quantum computers, and this is exactly what was used in the post to quantum key exchange proposals in those works. So they have different structures could aside the seaside. They're just a different types off in the book is a Marine off the question is off the same nature finding and passed from one curve to the other. So these are not relevant to our work. But I would like to introduce them for for some background, off the history off. I certainly problems, >>So you have a work we need to >>study. I certainly problems over in, I say endogenous. And so the first question is even how to define. And I certainly, uh oh, and I certainly graph over the ring like, uh, over and I say modular. Same. So >>there is a general way off defining it in the special case. So in this talk, I will just talk about the special case because this is easier to understand. So think about I have the have the ability off peaking too. I certainly volcan als over multi and multi cube. That has exactly the same structure. And then I just use a C a c r T composition to stick them together. So namely a J >>zero. The value is the CRT off the J zero over. They're over the small fields P and the Cube and the N S equals to P times Q. And by the way, thes gene variants will be exactly the way to represent an ideal class group off such a size in this example is the ideal class group off, uh, with discriminate minus 250 bucks. Okay, so now let's look at what this magical over this representation. So let's look at back to the problem we start from namely, finding all the insurgents neighbors at this time over. And I see model E eso. I give you the J environment off easier and ask you to find a one off the its neighbors finding the J environment off one off its neighbors. So it turns out, even this problem is hard. And actually, we can prove this problem is as hard as factory and naive. Way off. Explaining off What's going on is that the two methods that work over the finite field that doesn't work anymore, since they both required to solve high degree polynomial model end, and that this is hard where when end is in, I certainly I say modelers. So to be useful for constructing a group off invisible inversion, we actually need to look at this called a joint neighbors. Such problems, namely, if I give you a curve zero, which represents the identity, then another crib, which represents a the group element. Your task is to find its inverse namely one off the E two candidate beneath zero. Yeah, eso it turns out this problem. We also conjectured to it to be hard and we don't know how to base it on how this a factoring, uh, again, the not even reason is the way to solve it over the finite field doesn't work because they both required to solve polynomial off degree higher than one over in i. C model is. And this is exactly the reason that we believe the group inversion is hard over deserve visitation Now. Finally, we also would like to remind the readers that for death according to the definition off group with invisible inversion, we would also like the group elements to be easy to compose. No, that's not. Make another observation that over. If you're finding the joint neighbor off, I certainly off different degree. Say, if I give you a J invent off Iwan and Jane Barrett off you to ask you to find the J environment off the three and they happened to off co prime degree I. Certainly then there is a way to find their joint neighbor because they're cold prime. And there's only one solution to solving the modular polynomial that I haven't defined out. But this is the way we make sure that composition is easy. Normally we output, including that are a cold prime so that they can be composed to summarize that we propose a group candidate group with invisible inversion from any particular I. Certainly it requires a chapter because you need to know the prime factors off. I seem odd early to set up the whole system and generated the including in our me assumption is that certain joint neighbors such problem on the I certainly graphs defined over S a moderately it's hard again group within physical inversion has the application of constructing broadcasting, corruption directed transitive signatures, and it's a very interesting problem to explore

absolutely I think if I were to net it out Jeff what I'm sensing is there is a whole movement to shift security left which is this whole idea of IT stepping up as the first line of defense reduce cyber exposure take care of patching multi-factor authentication reduce their tax surface intrinsic security right so you know DevOps active ops take care of it right up front with all the apps even get built right then there is another movement to shift things right which is take care of the new new aspects of the attack surface right what the hackers always take advantage of of other areas where in a sense we are unprepared and for a long time they've seen us being unprepared in terms of reducing the attack surface and then they go after the new aspects of the tak surface and what are those IT I ot ot data as as an attack surface and the edge right so so these are areas where there's a lot of activity a lot of innovation you know on the on the air on the floor here if you walk the corners shifting left shifting right as in all the new aspects of the tax F is I'm seeing a lot of conversations a lot of innovation in that area I think it also boils down to real-world examples we've been really understand the demographics that we're working for I think today it's the first time really in history that we have four generations working side-by-side in the workforce so we have to understand that people learn differently training should be adjusted to the type of people that we're teaching but phishing doesn't just oil down to clicking on links phishing teaches also it boils down to tricking somebody getting someone's trust and it can come in different forms for example think of social media how do people connect we're connecting across social media on many different platforms I'll give a very easy example LinkedIn LinkedIn is for business have form we're all connected on LinkedIn why we connect on LinkedIn because that's a social platform that people feel safe on because we're able to connect to each other in a business form I want to think of the person who's getting the first job with an organization their first job in maybe their project manager and they're working for Bank a excited to be working for Bank a hey I'm gonna list all the projects I'm working for so here's now my resume on LinkedIn I'm working on project ABCD and this is my manager I report to perfect there's some information sitting there on LinkedIn now what else I will tell you is that you might have somebody who's looking to get into that Bank what will they do let's look for the lowest hanging fruit who this new project manager oh I see they're working on these projects and they're reporting in to someone well I'm not a project manager I'm a senior project manager from a competing bank I'm gonna befriend them and tell them that I'm really excited about the work they're doing here there's social engineering their way into their friendship into the good graces into their trust once done the video becomes a trusted source people share information freely so people are putting too much information out there on social trusting too easily opening the door for more than a phishing attack and things are just rapidly going out of control right so my co-founder and I both came from the world of being practitioners and we saw how limited the space wasn't actually changing human behavior I was given some animated powerpoints that use this to keep the Russians out of your Network which is a practical joke unless your job is on the line I took a huge step back and I said there are other fields that have figured this out behavioral science being one of them they use positive reinforcement gamification marketing and advertisement has figured out how to engage this human element just look around the RSA floor and there are so many learnings of how we make decisions as human beings that can be applied into changing people's behaviors and security so that's what we did adventure so this is my first early stage company we're still seeking series a we're a young company but our mantras we are the data value company so they have had this very robust analytics engine that goes into the heart of data I can track it and map it and make it beautiful and Along Came McNeely who actually sits on our board Oh does he and they said we need someone who's this week it's all happening so they asked Scott McNealy who is the craziest person in privacy and data that you know and he said oh my god get the done any woman so they got the den of a woman and that's what I do now so I'm taking this analytics value engine I'm pointing it to the board as I've always said Grace Hopper said data value and data risk has to be on the corporate balance sheet and so that's what we're building is a data balance sheet for everyone to use to actually value data for me it starts with technology that takes look we've only got so many security practitioners in the company actually defend your email example we've got to defend every user from those kinds of problems and so how do I find technology solutions that help take that load off the security practitioners so they can focus on the niche examples that are really really well-crafted emails and and and help take that load off the user because users just you're not going to be able to handle that right it's not fair to ask them and like you said it was just poorly timed that helps protect it so how do we help make sure that we're taking that technology load off identify the threats in advance and and protect them and so I think one of the biggest things that Chris and I talk a lot about is how do our solutions help make it easier for people to secure themselves instead of just providing only a technology technology advantage so the virtual analyst is able to sit on premises so it's localized learning collector has to understand the nature of those strats collect to be able to look at the needles of the needles if you will make sense of that and then automatically generate reports based off of that right so it's really an assist tool that a network in min or a security analyst was able to pick up and virtually save hours and hours of time so we have this we call it a thread research group within the company and their job is to take all the data from the sensors we have I mean we have we look at about 25 petabytes of data every day all our solutions are cloud solutions as well as on forum so we get the benefit of basically seeing all the data's that are hitting our customers every day I mean we block about 1 million attacks every minutes like every minute 1 billion attacks every minute minute right we protect over 3 million databases and you know we've mitigated some of the largest DDoS attacks that's ever been reported so we have a lot of date right that we're seen and the interesting thing is that you're right we are having to always we're using that threat research data to see what's happening how the threat landscape is changing therefore guiding us on how we need to augment and add to our products to prevent that but interestingly we're also consuming AI and machine learning as well on our products because we're able to use those solutions to actually do a lot of attack analytics and do a lot of predictive and research for our customers that can kind of guide them about you know where things are happening because what's happening is that before a lot of the tacks were just sort of fast and furious now we're seeing a pattern towards snow snow and continuous if that makes sense we're seeing all these patterns and threats coming in so we're fighting against those technologies like AI Barossa using those technologies to help us soon you know decide where we need to continue to add capabilities to stop it you know the whole bad box thing wasn't a problem right a number of years ago and so it's it's ever-changing your world which frankly speaking makes it an interesting place to be yes who wants to be in a static in a boring place right well I mean we do you're a good package or a bad package you have to traverse the network to be interesting we've all you know put our phones in airplane mode at blackhat or events like that but we don't want to be on it they're really boring when they're offline but they're also really boring too attackers when they're offline as soon as you turn them on you have a problem or could have a problem but as things traverse the network what better place to see who and what's on your network and on the gear and end of the day we're able to provide that visibility we're able to provide that enforcement so as you mentioned 2020 is now the year of awareness for us so the threat aware network we're able to do things like look at encrypted traffic do heuristics and analysis to figure out should that even be on my network because as you bring it into a network and you have to decrypt it a there's privacy concerns of that in these times but also it's computationally expensive to do that so it becomes a challenge from a both a financial perspective as well as a compliance perspective so we're helping solve s even kind of offset that traffic and be able to ensure your network secure so when we started developing our cyber recovery solution about five years ago we used the NIST cybersecurity framework which is a very well known standard that defines really five pillars of how organizations can think about building a cyber resilience strategy a cyber resilience strategy really encompasses everything from perimeter threat detection and response all the way through incident response after an attack and everything that happens in between protecting the data and recovering the data right and critical systems so I think of cyber resilience is that holistic strategy of protecting an organization and its data from a cyberattack yeah I think the human element is the hardest part you know in mind of this conference and its theme the human element the hardest part about this job is that it's not just mechanical issues and routing issues and networking issues but is about dealing with all types of humans innocent humans that do strange and bad things unknowingly and it's in malicious people who do very bad things that is by design and so the research suggests that no matter what we do in security awareness training some four percent of our employee base will continually bail security awareness that's what we fished and actively and so one of the things that we need to do is use automation and intelligence so that you can comb through all of that data and make a better informed decision about what risks are going to mitigate right and for this four percent are habitually abusing the system and can't be retrained well you can isolate them right and make sure that they're separated and then they're not able to to do things that may harm the organization you

>> Narrator: Live from San Francisco it's theCUBE covering RSA Conference 2020 San Francisco brought to you by SiliconANGLE media. >> Welcome back, everybody. Jeff Frick here with theCUBE. We are at the RSA 2020, a really special segment. As you can tell it's really quiet here, it's not like normal CUBE action, we are here before the expo hall even opens on Thursday morning with a very special guest, we pulled them away from a crazy busy week if not more, it's Rohit Ghai the president of RSA, Rohit great to see you again. >> Always a pleasure, thanks Jeff. >> Absolutely, so I was really looking forward to this, I was really impressed by the opening keynotes, first it rolled out George Takei, that's a pretty bold move even more bold is to try to follow him up. >> Totally (laughing) >> So congratulations, and you know, that was pretty brave. >> I appreciate it, thank you. That was quite a, you know, quite a hurdle to got to follow George Takei. >> Right, and I just want to get kind of these other things that were kind of bubbling above the surface out of the way you know, a big piece of news, I think a week it came out before the show is that RSA was sold to Symphony I believe? >> Rohit: Symphony Technology Group. >> Right, so give us a little bit of the story there. >> Absolutely, so you know we entered into a definitive agreement, Symphony Technology Group acquiring RSA from Dell Technologies. What this does is this it basically clarifies the swim lanes for Dell Technologies to focus on intrinsic security and RSA can focus on managing digital and cyber risk, and you know, we are excited about the opportunity to become agile and independent and you know, kind of play in a smaller company setting to pursue our future, so we are super excited to be part of Symphony. >> Yeah, that's great, and the other thing that's kind of a pall, I mean just to put it out there is the corona virus thing. And you know, Mobile World Congress, a completely different show but a big show, probably the first big show of our industry this year was canceled. A hundred thousand plus people, so I just am just wondering if you can share kind of what were some of your thoughts and the team's thoughts 'cause we were all curious to see well how is this going to happen, there was a couple of drop outs but I think it's been a very good week. >> It has been a great week, you know what I'll say is it was a demonstration of resilience on part of the attendees, you know when we analyzed the situation what we noted was about 82 plus percent of our attendees are from the Americas right, so there was a core set of attendees that were perhaps not as impacted in terms of travel, et cetera, so we decided to move forward, we've been in close collaboration with the CDC and the mayor's office right here, Major London Breed's office right here is SF to make sure it's going to be a safe event for everyone and you know, the team put together a great kind of set of measures to make sure everyone has hand sanitizer. >> Great, great. >> And you know, we made sure we did what was needed to manage the risk and ensure resilience through this sort of you know very global risk that is playing out, so very proud of the team, and we garnered 40 thousand plus attendees despite you know, despite the coronavirus issue. >> You know, good job I am sure it was touch and go and a real sensitive situation and I can tell you a lot of other people and event organizers you know, were getting ready to head into a very busy event season, it's what we do and so, you know nice kind of lead indicator from you to execute with caution. >> I appreciate it, thank you. >> So let's jump into the fun stuff. So your key note was not really talking that much about bad guys and technology and this and that, you talked about story telling and you got very much into kind of the human element, which is the theme this year, but really the role of stories, the importance of stories, and most importantly for the security industry to take back their story and not let it get away from them. >> You summed it up really well Jeff, and you know what I said is hey if the theme of the conference is the human element, let's explore what intrinsically makes us human and the point, you know you've all know that it is stories that makes us human and I feel we've lost control of the narrative as an industry and as such we need to take that back and make sure we clarify the role of all the human characters in our story because until we do that, until we change our story we have no shot at changing our reality. >> Right, but you're kind of in a weird spot right, it's the classic spy dilemma. You can't necessarily tell people what you know because then they'll know that you know it and you might not be able to get more or better information down the road, so as you said in you keynote you don't necessarily have the ability to celebrate your wins, and a DDoS attack thwarted doesn't make the news. I keep thinking it's like ref in a game or like a offensive lineman in football you only hear about them on that one play when they get the holding call, not the 70 other plays were they did their job. >> Rohit: Totally, totally. >> So it's a unique challenge though >> It is, it is a challenge, it is not an easy problem and you know, there is a couple of recipes that I put out there for us to consider as an industry is you know, recipe one is we can celebrate our successes at a collective level right so, just like we put out breach reports, et cetera, in terms of what the statistics are, where the breaches are animating from we can talk about defensive strategies that are working at a collective level as an industry and share that sort of best practices recipes to win, that would be a fine start. I think another area, another point that I made was that we don't have to win for the hacker to lose. 71% of the breaches were motivated by financial gains, right, and as such if we, despite breaches, which is not a win for us, if we deny financial gain to the hackers we make them lose and they are subject to the same laws of economics, they have a profit and loss statement, they are spending resources for gain and when we deny them gain we make them lose, so those are a couple of ideas on how we can begin to change the narrative. >> Right. So the other piece of the human part is the rise of the bots, right, and the raise of AI and the rise of these increasingly smart and sophisticated machines. I think I saw one of those reports that we talk about on air was you know that people are an increasingly targeted group we hear it all the time, we hear about social engineering. As that gets more complicated, how does the role of people change? 'Cause clearly they can't monitor tens and tens and hundreds of thousands of concurrent attacks all the time. >> Absolutely, so you know the bad guys are using AI you know I cited the example of a deep fake audio clip that actually duped the CEO into initiating a wire transfer so they are using all these sophisticated attacks so to your point, we cannot rely on the end user to discern through these very sophisticates. It's unfair for us to think of them as the first line of defense, we have to on the IT side, we have to bring in technology, make the technology more usable, so you don't have to pay attention to this one millimeter by one millimeter lock at the corner of the browser to realize whether a web interaction is safe or not. We need to make more usable software, we need to do a better job of managing and reducing vulnerabilities to reduce the attack surface so IT has to step up in that regard, and then on the security teams I think they have to step up to use AI to detect bot initiated attacks so we are not leaning on the human to discern what is an anomalous interaction and what could be a phishing or a smishing attack, et cetera, you know we need to bring AI to fight the good fight on our behalf. >> Right. So the other kind of angle on that I thought was really interesting, Wendy's keynote, a couple of keynotes after yours from Cisco talked about, you know, a theme we see over and over in tech which is really kind of the democratization of security and get it out of just the hallowed halls of the super billion CSOCs and technologists that are just security and open it up to everybody so make them part of the solution and not those pesky people that keep clicking on links that they are not supposed to. >> Absolutely. She did a great job of kind of making that point and you know the way I think about it is again we need to move from a culture of elitism to a culture of inclusion. Until we really get the steaming going, not just within the security professionals which we are doing a better job of certainly in the industry, but we have to team with the user, the IT and the business teams in order to have a shot at tipping the balance in our favor. >> Yeah, it's really funny 'cause that kind of democratization theme is something that we see kind of across many levels of technology, whether it's in big data, can get away from the data scientists, in doing your own reports, in having access to your own marketing material and you know, so it's kind of funny that now we are just hearing it here I guess the last bastion of we're the smartest people in the room, no no, you need to use all the brain power. >> All the brain power. I use the phrase let's stop being STEM snobs and let's be more inclusive, and you know garner the entire spectrum of the diverse talent pool that we have available and you know making the point, perhaps a provocative point, that the cyber talent gap, a bit of it might be actually self-inflicted because we have been in this sort of elitism mindset. >> Right, and I think one of the themes that you talked about in you keynote was because of kind of the elite mindset we only want to focus on the elite challenges and in fact it's not the hardest challenges that are necessarily the most dangerous or the ones that are more frequently used, it doesn't have to be the craziest hardest way in. >> It absolutely does not. The point I made was preparing for the worse does not prepare you for the likely and the statistics are overwhelming. 60% of the breaches were on the back of six stolen credentials. That's a pretty table stakes basic issue that ought to be just taken off the table, and if we take care of the basics then we can focus our energy on the corner cases but let's first prepare for the likely before we get to the worst situations. >> Right. So Rohit I'm just curious to get your take as you have been here for the last couple of days, you know you did a whole lot of work getting into that keynote and getting this thing up and off the ground but you've had a couple of days to be here walked around, talked to a lot of customers and clients, partners, I wonder if there is anything that's kind of come up as a theme that you either didn't expect or kind of reinforced some of thoughts that you had coming into this week. >> Absolutely. I think if I would've net it out Jeff what I'm sensing is there is a whole movement to shift security left, which is this whole idea of IT stepping up as the first line of defense, reduce cyber exposure, take care of patching, multi-factor authentication, reduce the attack surface intrinsic security right so DevOps and SecDevOps take care of it right up front before the apps even get built right, then there is another movement to shift things right which is take care of the new aspects of the attack surface right, what the hacker always take advantage of are the areas where they sense we are unprepared and for a long time they've seen us being unprepared in terms of reducing the attack surface and then they go after the new aspects of the attack surface and what are those? IT, IoT, OT, data as an attack surface and the Edge right, so these are areas were there is a lot of activity, a lot of innovation, you know, on the floor here if you walk the corners shifting left shifting right as in all the new aspects of the attack surface. I am seeing a lot of conversations, a lot of innovation is that area. >> Yeah. Well, there's certainly no shortage of innovation in the companies here and in fact I think it's probably one of the biggest challenges that I think of from a virus perspective is to walk this floor and to figure it all out 'cause I don't know how many thousand of vendors there are but there's really big ones and there is lot's of little ones like you said tucked in the corner in kind of the cutting edge of the innovation. What advice do you give to people who is their first time coming to RSA? >> Yes, I think you know, it's a huge challenge for customers, there's 14 of every category. I think the customers what they have to see is they have to think about the recipe rather they have to focus not on the tool but the concept behind the tool, and think about the architecture right and they should seek out vendors that take this platform approach. It is, you know, the market hasn't consolidated that much where they can just go to a few vendors but when they build that architecture they should choose vendors that behave well as a puzzle piece in the jigsaw puzzle that our customers are having to assemble together right, that they are investing in the API integrations on the edges so they can slot in and be part of a broader solution. That's a key, key criteria that customers should utilize in their selection of the vendors. >> Yes, that's good. That's good advice, and they should be listening. So Rohit, thanks again for your time. Congratulations on a week and I hope you get that weekend of absolutely nothing coming up in just a couple of days that you talked about. >> I absolutely do. The joke I made was, you know, the only time I'm okay being labeled as useless is the weekend after RSA conference. So, I fully look forward to being useless over this weekend, it's been a great week and thank you again for having me. >> All right, two more days, 48 hours. All right, thanks again. He's Rohit, I'm Jeff, you're watching theCUBE. We're at RSA 2020, the year we're going to know everything with the benefit of hindsight. We're not quite there yet but we're trying yo get a little closer. Thanks for watching, we'll see you next time. (upbeat music)

>> From the SiliconANGLE Media office in Boston, Massachusetts, it's the cube. Now, here's your host, Dave Vellante. >> Hello everyone and welcome to this week's Wikibon cube insights powered by ETR. In this breaking analysis ahead of the RSA conference, we want to update you on the cyber security sector. This year's event is underlined by coronavirus fears, IBM has pulled out of the event and cited the epidemic as the reason and it's also brings to the front the sale of RSA by Dell to STG partners and private equity firm. Now in our last security drill down, we cited several mega trends in the security sector. These included the ever escalating sophistication of the attacker, the increased risk from the data economy, the expanded attack surface with the huge number of IP addresses that are that are exploding out there, and the lack of skills and the number of cyber tools that are coming to the market. Now, as you know, in these segments, we'd like to share insights from the cube. And I want you to listen to two American statesman and what they said, on The Cube. Here's general Keith Alexander, who's the former director of the NSA, along with Dr. Robert Gates, who's the former director of the CIA and former Secretary of Defense, play the clip. >> When you think about threats, you think about nation states, so you can go to Iran, Russia, China, North Korea, and then you think about criminal threats, and all the things like ransomware. Some of the nation state actors are also criminals at night, so they can use nation state tools and my concern about all the evolution of cyber threats is that the attacks are getting more destructive. >> I think cyber and the risks associated with cyber, and IT need to be a regular part of every board's agenda. >> So you hear General Alexander really underscore the danger, as well, Dr. Gates is articulating what we've said many times on the cube that cyber security is a board level agenda item. Now, the comments from both of these individuals represent what I would consider tailwinds for cyber technology companies. Now we're going to drill into some of those today. But it's not all frictionless. There are headwinds to in this market space, cloud migration, the shift from north south south to East West network traffic, its pressure traditional appliance based perimeter security solutions, increase complexity and lack of skills and other macro factors, including questions on ROI. CFO saying, hey, we spend all this cash, why aren't we more secure? Now, I want you to hear from two chief information security officers officers on both the challenges that they face and how they're dealing with them. Roll the clip. >> Lack of talent, I mean, we're starving for talent. Cybersecurity is the only field in the world with negative unemployment. We just don't have the actual bodies to actually fill the gaps that we have and in that lack of talent Cecil's are starving. >> I think that the public cloud offers us a really interesting opportunity to reinvent security right. So if you think about all of the technologies and processes and many of which are manual over the years, I think we have an opportunity to leverage automation to make our work easier in some ways. >> Now I featured Brian Lozada and Katie Jenkins before and breaking analysis segments, and you can hear it from the cyber leaders, we lack the talent, and cloud computing and automation are areas we're pursuing. So this challenges security companies to respond. But at the end of the day, companies have no no choice. In other words, organizations buying security solutions, the sophistication of the attacker is very high and the answer to my CFO and ROI is fear based. If you don't do this, you might lose billions in market cap. Now, I want you to take a listen to these cubilam talking about the attacker of sophistication and the importance of communication skills in order to fund cyber initiatives, really to keep up with the bad guys, please play the clip. >> The adversary is talented and they're patient, they're well funded okay, that's that's where it starts. And so, you know why why bring an interpreter to a host when there's already one there right? Why write all this complicated software distribution when I can just use yours. And so that's that's where the play the game starts. And and the most advanced threats aren't leaving footprints because the footprints already there, you know, they'll get on a machine and behaviorally they'll check the cash to see what's hot. And what's hot in the cash means that behaviorally, it's a fast they can go they're not cutting a new trail most of the time, right? So living off the land is not only the tools that they're using the automation, your automation they're using against you, but it's also behavioral. >> That's why the most the most important talent or skill that a security professional needs is communication skills. If you can't articulate technical risk into a business risk to fund your program, it's, you know, it's very hard for you to actually be successful in security. >> Now, the really insidious thing about what TK Keanini just said is the attackers are living off the land, meaning they're using your tools and your behaviors to sneak around your data unnoticed. And so as Brian Lozada said, as a security Pro, you need to be a great communicator in order to get the funding that you need to compete with the bad guys. Which brings me to the RSA conference. This is why you as a security practitioner attend, you want to learn more, you want to obtain new skills, you want to bring back ideas to the organization. Now one of the things I did to prepare for this segment is to read the RSA conference content agenda, which was co authored by Britta Glade and I read numerous blogs and articles about what to expect at the event and from all that I put together this word cloud, which conveys some of the key themes that I would expect you're going to hear at the shows. Look at skills jump right out, just like Brian was saying, the human element is going to be a big deal this year. IoT and the IT OT schism, everyone's talking about the Olympics, and seeing that as a watershed event for cyber, how to apply machine learning and AI is a big theme, as is cloud with containers and server less. phishing, zero trust and frameworks, framework for privacy, frameworks for governance and compliance, the 2020 election and weaponizing social media with deep fakes, and expect to hear a lot about the challenges of securing 5G networks, open source risks, supply chain risks, and of course, the need for automation. And it's no surprise there's going to be a lot of talk about cyber technology, the products and of course, the companies that sell them. So let's get into the market and unpack some of the ETR spending data and drill into some of these companies. The first chart I want to show you is spending on cyber relative to other initiatives. What this chart shows is the spending on cyber security highlighted in the green in relation to other sectors in the ETR taxonomy. Notice the blue dot. It shows the change in spending expected in 2020 versus 2019. Now, two points here. First, is that despite the top of my narrative that we always hear, the reality is that other initiatives compete for budget and you just can't keep throwing cash at the security problem. As I've said before, we spend like .014% percent of our global GDP on cyber, so we barely scratched the surface. The second point is there's there's there's a solid year on year growth quite high at 12% for a sector that's estimated at 100 to 150 billion dollars worldwide, according to many sources. Now let's take a look at some of the players in this space, who are going to be presenting at the RSA conference. You might remember to my 2020 predictions in that breaking analysis I focused on two ETR metrics, Net Score, which is a measure of spending velocity and Market Share, which measures pervasiveness in the data set. And I anointed nine security players as four star players. These were Microsoft, Cisco, Palo Alto Networks, Splunk, Proofpoint, Fortinet, Oka, Cyber Ark and CrowdStrike. What we're showing here is an update of that data with the January survey data. My four star companies were defined as those in the cyber security sector that demonstrate in both net scores or spending momentum, that's the left hand chart and market share or pervasiveness on the right hand chart. Within the top 22 companies, why did I pick 22? Well, seemed like a solid number and it fit nicely in the screen and allowed more folks. So a few takeaways here. One is that there are a lot of cyber security companies in the green from the standpoint of net score. Number two is that Fortinet and Cisco fell off the four star list because of their net scores. While still holding reasonably well, they dropped somewhat. Also, some other companies like Verona's and Vera code and Carbon Black jumped up on the net score rankings, but Cisco and Fortinet are still showing some strength in the market overall, I'ma talk about that. Cisco security businesses up 9% in the quarter, and Fortinet is breaking away from Palo Alto Networks from a valuation perspective, which I'm going to drill into a bit. So we're going to give Cisco and Fortinet two stars this survey period. But look at Zscaler. They made the cut this time their net score or spending momentum jumped from 38% last quarter to nearly 45% in the January survey, with a sizable shared in at 123. So we've added Zscaler to the four star list, they have momentum, and we're going to continue to watch that quarterly horse race. Now, I'd be remiss if I didn't point out that Microsoft continues to get stronger and stronger in many sectors including cyber. So that's something to really pay attention to. Okay, I want to talk about the valuations a bit. Valuations of cyber security space are really interesting and for reasons we've discussed before the market's hot right now, some people think it's overvalued, but I think the space is going to continue to perform quite well, relative to other areas and tech. Why do I say that? Because cyber continues to be a big priority for organizations, the software and annual recurring revenue contribution ARR continues to grow, M&A is going to continue to be robust in my view, which is going to fuel valuations. So Let's look at some of the public companies within cyber. What I've compiled in this chart is eight public companies that were cited as four star or two star firms, as I defined earlier, now ranked this by market value. In the columns, we show the market cap and trailing 12 month revenue in billions, the revenue multiple and the annual revenue growth. And I've highlighted Palo Alto Networks and Fortinet because I want to drill into those two firms, as there's a valuation divergence going on between those two names, and I'll come back to that in just a minute. But first, I want to make a few points about this data. Number one is there's definitely a proportional relationship between the growth rate and the revenue multiple or premium being paid for these companies. Generally growth ranges between one and a half to three times the revenue multiple being paid. CrowdStrike for example has a 39 x revenue multiple and is growing at 110%, so they're at the high end of that range with a growth at 2.8 times their revenue multiple today. Second, and related, as you can see a wide range of revenue multiples based on these growth rates with CrowdStrike, Okta and now Zscaler as the standouts in this regard. And I have to call at Splunk as well. They're both large, and they have high growth, although they are moving beyond, you know, security, they're going into adjacencies and big data analytics, but you you have to love the performance of Splunk. The third point is this is a lucrative market. You have several companies with valuations in the double digit billions, and many with multi billion dollar market values. Cyber chaos means cash for many of these companies, and, of course for their investors. Now, Palo Alto throw some of these ratios out of whack, ie, why the lower revenue multiple with that type of growth, and it's because they've had some execution issues lately. And this annual growth rate is really not the best reflection of the stock price today. That's really being driven by quarterly growth rates and less robust management guidance. So why don't we look into that a bit. What this chart shows is the one year relative stock prices of Palo Alto Networks in the blue and compared to Fortinet in the red. Look at the divergence in the two stocks, look at they traded in a range and then you saw the split when Palo Alto missed its quarter last year. So let me share what I think is happening. First, Palo Alto has been a very solid performance since an IPO in 2012. It's delivered more than four Rex returns to shareholders over that period. Now, what they're trying to do is cloud proof their business. They're trying to transition more to an AR model, and rely less on appliance centric firewalls, and firewalls are core part of the business and that has underperformed expectations lately. And you just take Legacy Tech and Cloud Wash and Cloud native competitors like Zscaler are taking advantage of this and setting the narrative there. Now Palo Alto Network has also had some very tough compares in 2019 relative to 2018, that should somewhat abate this year. Also, Palo Alto has said some execution issues during this transition, especially related to sales and sales incentives and aligning that with this new world of cloud. And finally, Palo Alto was in the process of digesting some acquisitions like Twistlock, PureSec and some others over the past year, and that could be a distraction. Fortinet on the other hand, is benefiting from a large portfolio refresh is capitalizing on the momentum that that's bringing, in fact, all the companies I listed you know, they may be undervalued despite, of all the company sorry that I listed Fortinet may be undervalued despite the drop off from the four star list that I mentioned earlier. Fortinet is one of those companies with a large solution set that can cover a lot of market space. And where Fortinet faces similar headwinds as Palo Alto, it seems to be executing better on the cloud transition. Now the last thing I want to share on this topic is some data from the ETR regression testing. What ETR does is their data scientists run regression models and fit a linear equation to determine whether Wall Street earnings consensus estimates are consistent with the ETR spending data, they started trying to line those up and see what the divergence is. What this chart shows is the results of that regression analysis for both Fortinet and Palo Alto. And you can see the ETR spending data suggests that both companies could outperform somewhat expectations. Now, I wouldn't run and buy the stock based on this data as there's a lot more to the story, but let's watch the earnings and see how this plays out. All right, I want to make a few comments about the sale of the RSA asset. EMC bought RSA for around the same number, roughly $2 billion that SDG is paying Dell. So I'm obviously not impressed with the return that RSA has delivered since 2006. The interesting takeaway is that Dell is choosing liquidity over the RSA cyber security asset. So it says to me that their ability to pay down debt is much more important to Dell and their go forward plan. Remember, for every $5 billion that Dell pays down in gross debt, it dropped 25 cents to EPS. This is important for Dell to get back to investment grade debt, which will further lower its cost. It's a lever that Dell can turn. Now and also in thinking about this, it's interesting that VMware, which the member is acquiring security assets like crazy and most recently purchased carbon black, and they're building out a Security Division, they obviously didn't paw on the table fighting to roll RSA into that division. You know maybe they did in the financial value of the cash to Dell was greater than the value of the RSA customers, the RSA product portfolio and of course, the RSA conference. But my guess is Gelsinger and VMware didn't want the legacy tech. Gelsinger said many times that security is broken, it's his mission to fix it or die trying. So I would bet that he and VMware didn't see RSA as a path to fixing security, it's more likely that they saw it as a non strategic shrinking asset that they didn't want any part of. Now for the record, and I'm even won't bother showing you the the data but RSA and the ETR data set is an unimpressive player in cyber security, their market share or pervasiveness is middle of the pack, so it's okay but their net score spending velocities in the red, and it's in the bottom 20th percentile of the data set. But it is a known brand, certainly within cyber. It's got a great conference and it's been it's probably better that a PE company owns them than being a misfit toy inside of Dell. All right, it's time to summarize, as we've been stressing in our breaking analysis segments and on the cube, the adversaries are very capable. And we should expect continued escalation. Venture capital is going to keep pouring into startups and that's going to lead to more fragmentation. But the market is going to remain right for M&A With valuations on the rise. The battle continues for best of breed tools from upstarts like CrowdStrike and Okta and Zscaler versus sweets from big players like Cisco, Palo Alto Networks and Fortinet. Growth is going to continue to drive valuations. And so let's keep our eyes on the cloud, remains disruptive and for some provides momentum for others provides friction. Security practitioners will continue to be well paid because there's a skill shortage and that's not going away despite the push toward automation. Got in talk about machine intelligence but AI and ML those tools, there are two edged sword as bad actors are leveraging installed infrastructure, both tools and behaviors to so called live off the land, upping the stakes in the arms race. Okay, this is Dave Vellante for Wikibon's CUBE Insights powered by ETR. Thanks for watching this breaking analysis. Remember, these episodes are all available as podcasted Spotfire or wherever you listen. Connect with me at david.vellante at siliconangle.com, or comment on my LinkedIn. I'm @dvellante on Twitter. Thanks for watching everybody. We'll see you next time. (upbeat music).

(upbeat music) >> Live from San Francisco, it's theCUBE covering RSA Conference 2019. Brought to you by Forescout. >> Hey, welcome back everybody. Jeff Frick here with theCUBE. We're at the RSA North American conference in Moscone. They finally finished the remodel. We're excited to be here. We're in the Forescout Booth and our next guest is here. He's Scott Stevens, the SVP Global Systems Engineering for Palo Alto Networks. How're you doing? >> I'm doing well. How you doing? >> Good, so first impressions of the show. I mean, it always amazes me when we come to RSA. We go to a lot of shows but just the size and the scale and the buzz and the activity here is second to none. >> It's incredibly crowded. I've been trying to walk the halls here, is a bit of a mess, so yes. (both laughing) >> Well plus nobody can find their way through the new Moscone. Small detail. >> Well they're connected different now so it's pretty confusing. >> Right, all right, let's jump into it. As I look over your shoulder I see zero trust, I see zero trust. Everybody's about zero trust. We had Chason from Forescout last year. He was talking about zero trust. >> Yep. You guys are talking about zero trust. What is exactly is zero trust? And how should people be thinking about zero trust? >> Yeah it's kind of, it's become buzzword bingo along the way, hasn't it? >> Right, right, it has. >> Yeah, so yeah we've been working with Forescout here for about six years now looking at zero trust architectures. The way, I think the fundamental way you look at zero trust is it's an architectural approach to how do you secure your network focused on what's most important and so you focus on the data that's most, that's key to your business, and you build your security framework from the data out. And so there's all kinds of buzzword bingo we can play about what zero trust means, but what it allows us to do is to create the right segmentation strategy starting in the data center of the cloud and moving back towards those accessing the data and how do you segment and control that traffic 'cause fundamentally what we're dealing with in security is two basic problems that we have to there's many problems but two big problems we have to deal with. >> Right, right. First is credential based attacks and so do we have somebody with stolen credential in the network stealing our data? Or do we have an insider who has credentials but they're malicious, they're actually stealing content from the company. The second big problem is software based attacks. Malware, exploits, scripts right? And so how do we segment the network where we can enforce user behavior and we can watch for malicious software so we can prevent both of those occurrences through one architectural framework and I think zero trust gives us that template building block absent of the buzzword, on how we build out those networks 'cause everybody's enterprise network is a little bit different. >> Right, so it really goes back to kind of roles and access and those types of things 'cause the first one you describe a credential one if it's somebody in there they have every right to be there but they're doing behavior that's not necessarily what you expect them to do, what you want them to do is atypical, right? >> Right. >> So it's a kind of identity and rights management or is this a different approach or the most sophisticated approach? How's it been different before? >> No that's a great question. And we have to build those things together. So on the Palo Alto Networks side what we do is we do enforcement. Layer 7 enforcement based on identity. So based on who the user is and what their rights are we are able to control what they're allowed access to or what they're not allowed access to and of course if you've got a malicious insider. Or somebody that's logged in with stolen credentials we can prevent them from doing what they're not allowed to do. And working here with Forescout, we've done a lot of really good integration with them on that identity mapping constructs. So how do they help us understand all the identities and all the devices in the network so we can then map that to that user posture and control at Layer 7 what they're allowed to do or not allowed to do. >> Right, and then on the micro-segmentation, it's always a, how far you segment? You can segment to one that doesn't really do you much good right? (Scott laughing) It's just one. So what are some of the things people should think about in their segmentation strategy? >> Well again I think you need to start with what's most important and so if I take a cloud or a data center, clouds and data centers as a starting point or generally all the same. (Jeff laughing) Well and how we segment is actually the same. And so we have this, sometimes we think that clouds are more difficult to secure than data centers, they are the same basically we've got north-south traffic, or east-west traffic, how do we, how do we inspect them how do we, how do we segment that? But if you start with what's most important and work your way. If you tell somebody that you need to micro-segment their network they're going to be done in 14 years, alright? So how do we focus on what's the most important, critical data to their business? And if we stratify their datasets and their applications that access that data and then move down, we may have 50% of the applications in their cloud or data center that we don't micro-segment at all because they're not critical to the business. They're useful to the employees, but if something goes wrong there, no big deal. >> Right. No impact to the business. >> Right. And so micro-segmentation isn't just a conversation of where we have to do things, but it's a conversation contextually in terms of what's relevant, where it is important to do that. >> Right. And then where do we, where do you do a much less robust job. >> Right. You always have to have inspection and visibility but there are parts of your network where you're going to be somewhat passive about it. But there're parts of your network you're going to be very aggressive, multi-factor authentication, tight user identity mapping, all of the different aspects. How do we watch for malware? How do we watch for exploits? >> Curious on doing that segmentation on the value of the dataset 'cause there's some obvious ones that jumps to the top of the list but I'm just curious if customers get into a situation where they really haven't thought about it once you get ten steps down the list from the top ones or if you do a force priority? >> Yep. >> And then the other thing I just think is really interesting the time we live today is that a lot of the hackers are not necessarily motivated by personal information or trying to suck a little bit of money out of your bank account, but other types of data that they want to use for other types of actions like we saw in the election and some of these other >> Right. >> kind of, I want to say softer, kind of softer uses of softer data for different types of activity than the traditional ransomware or malware. And how does that map back to, oh I didn't necessarily think that was an important piece of data but that's a shifting landscape in that part of organization . >> Certainly, yeah you need to take a look at what's most important. You can stratify into a couple tiers so you're going to have the top ten applications and datasets that are critical to the business. And we know if something happens there we have to publicly announce. Okay there, that you're going to do a really nice segmentation strategy and implement a full zero trust where we're controlling user access, doing full malware inspection, everything there. You're going to have a second tier of data which kind of gets into your soft target conversation where maybe we're a little less robust with some of the user segmentation and the application controls but we're as aggressively robust on the malware and software based threats. And frankly being able to inspect and control, find malware, find commander control, find exploits in, going in or out of those parts of the network, that is very simple to do and zero trust helps us to find where are those locations on the data center cloud side but also throughout the enterprise and where should we have those sensors that are enforcing that behavior. >> Right, just traffic is exploding right? Everything's connected. Billions of billions of devices, et cetera, et cetera. We don't need to go through the numbers It's big. So clearly automation is more and more important as we go forward. Lot of buzz about machine learning artificial intelligence applying it. Both the bad guys have it and the good guys have it. A lot of interesting kind of subtopics in terms of training models and how do you train models and the other right type of data. But as you kind of sit where you're sitting and net, net is just a lot more traffic going through the network >> Yep. >> whether it's good, bad, or otherwise. How do you guys kind of look at automation? How are you kind of looking forward for using artificial intelligence and some of these newer techniques to help just basically get through, get through the mass if you will? >> So I think there's two ways to think about artificial intelligence, machine learning, big data analytics, All those, >> All those good ones. >> Now we run another buzzword bingo right? >> Right, right (laughs) >> But the first is if we're looking at how are we dealing with malware and finding undone malware in blocking it, we've been doing that for years. And so the platform we have uses big data analytics and machine learning in the cloud to process and find all of the unknown malware, make it known and be able to block it. So we find 20 to 30 thousand brand new pieces of malware every day and within five minutes of finding them, >> finding 30,000 >> every day. So analyzing millions and millions of files every day to figure out which ones are malicious. And once we know within five minutes, we're updating the security posture for all of our connected security devices globally. So whether it's endpoint software or it's our inline next gen firewalls, we're updating all of our, all of our signatures so that the unknown is now known and the known can be blocked. And so that's whether we're watching the block the malware coming in, or the command-and-control it's using via DNS and URL to communicate and start whatever it's going to do, and you mentioned crypto lockers and all kinds of things that can happen. And so that's one vector of using ML, AI and ML, to prevent the ability for these attacks to succeed. Now the other side of it I think you're alluding to a little bit more is how do we then take some of the knowledge and the lessons we've learned for what we've been doing now for many years in discovering malware and apply that same AI and ML locally to that customer so that they can detect very creative attacks. Very evasive attacks. Or that insider threat, that employee who's behaving inappropriately but quietly. And so we've announced over the last week what we call the Cortex XDR set of offerings that involves allowing the customer to build an aggregated data lake which uses the zero trust framework which tells us how to segment, also put sensors and all the places of the network both network sensors and endpoint as we look at how do you secure the endpoint as well as how do you secure the network links, and using those together we're able to stitch those logs together in the data lake. That machine learning can now be applied to on a customer by customer basis, to find maybe somebody was able to evade 'cause they're very creative, or that insider threat again, who isn't breaking security rules but they're being evasive? We can now find them through machine learning. >> Right. >> And the cool thing about zero trust is the prevention architecture that we needed for zero trust becomes the sensor architecture for this machine learning engine. You get dual purpose use out of the architecture of zero trust to solve both the inline prevention and their response architecture that you need. >> Right. >> It's a long answer, I know. >> It's a crazy space, I mean, it's just fast. I mean the numbers in the mass of just throughput in this area is just fascinating. >> Yes. >> And so we're here in the Forescout booth and they've got a unique take on all the objects and everything is connected to the networks. We've heard from people earlier today is 50, 60, 70% more things connected than they ever even, than they ever even thought. Most of them not malicious but just people plug it in at various remote offices and that and that. >> Yeah, well IoT, the next buzzword bingo >> Right, right, right, there you go. We'll hit them all. (both laughing) what are we missing? So how are you guys working with Forescout, how do the two solutions work together to get a one plus one makes three? >> Yeah, as we were talking a little bit before getting that concept of what are all these connected devices. What is the device itself and who are the users attached to those devices? Forescout has that insight. So we don't do, I always look at that is identity assertion. Device aware identity assertion so how do we define what they are and who they are. What we do then is in working with Forescout we take that knowledge that they have and that turns into identity and device enforcement. And that's how we enforce those postures so that I know employee A isn't allowed to the intellectual property datasets. Employee B is. Well in the old world of security you just have a rule for how do you get to that. In what we do now with layers with user based and application controls, I can, on a user by user basis determine what they're allowed to do, and not allowed to do. Forescout gives us that insight so that we are able to enforce. They handle making sure they know exactly who it is so we enforce it properly. >> Right, and for the devices, right? 'cause you basically assigned almost like an identity and a role to a device. >> Exactly, and then you don't end up with this weird spaghetti network topology where okay, we have to put all of our IoT devices on these 14 VLANs and we're going to extend them all across our enterprise not, all that goes away. >> All kinds of natural acts. >> Right. All right, so Scott, I'll give you the last word before you sign off. As we look forward to 2019, and I can't believe it's March already, (Scott laughing) Scary. What's some of your priorities? What are you working on? What's the rest of the year look like for you? >> I think, you're back to buzzword bingo, we're spending a lot of time right now looking at how do we help our customers with that generating that data lake so they can help figure out what's happening within their infrastructure. And as you pivot from the security posture which of course is where we're always going to pay attention and you help them think about operationalizing that. And how do we help the Sec Ops, or the SOC, figure out what's going on in their network. The data they're dealing with is massive. And so they're looking at haystacks and haystacks and haystacks. >> Right. >> And part of the goal of what we're trying to do is help them burn down those haystacks and hand them needles 'cause in the end all they care about is the needles. The hay is getting in the way. And so there's a lot of work that we're doing around machine learning, around optimizing workloads and automation so that we can reduce that complexity. We've been doing it for the last 10 years for network security. How do we take the complexity of all the things we used to do separate and simplify them and automate so we've automated the feedback loops for network security, for the next gen firewall. We've simplified what you can do on the endpoint for traps and how we protect that. We've done with the integration with Forescout we're simplifying how you map that identity back and forth. And I think for the rest of the year it's really about simplifying operations and helping quickly determine when something is wrong in the network so you can fix it fast. >> Right. >> Before you're dealing with an exfiltration problem. >> Not 150 days or whatever the >> Way too long. >> crazy average stat is. >> |How about four hours. What if we try for four hours? >> Yeah that's better. more better, more better. (laughing) All right, Scott, thanks for sharing the insight. >> Thanks for your time. >> Let's go burn some haystacks. He's Scott, I'm Jeff. You're watching theCUBE. We're at RSA 2019 in San Francisco. Thanks for watching. We'll be right back. (upbeat music)

>> Live from San Francisco, it's theCUBE, covering RSA Conference 2019. Brought to you by Forescout. >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at RSA Conference in North America. The brand new reopened Moscone Center. They finally finished the remodel, which we're excited about, in the Forescout booth, and excited to have a returning Cube alum, I think we had him on last year at RSA, Dr. Chase Cunningham, principle analyst security and risk for Forester. >> Hey. >> Chase, great to see you again. >> Thanks for having me. >> So what's happened in the last year, since we last saw you? I'm sure you've been keeping busy, and running down lots of ... >> Yeah well, >> Crazy risk. >> It's been really pushing the sort of strategy set around zero trust. I mean if you look around the show floor, you can't go 75 feet without seeing somebody that's got zero trust on a booth, or hear it from somebody, so it's been really pushing that narrative and trying to get people to understand what we're talking about with it. >> And it's really important because it's a very different way of thinking about the world. >> Yeah. >> And you guys have been talking about it for a while. >> For a decade, basically. >> Right. >> Yeah. >> And then we've got all these new complexity that's thrown in that weren't there a decade ago. You've got IOT, you got OT, and then you've got hybrid cloud, right? 'cause everyone, well there's public cloud, but most big enterprises have some in the public cloud, some on their data center. So you've got these crazy hybrid environments; so how are you kind of adjusting the zero trust game, based on some of these new complexities? So really we flip the script a little bit and said, "Okay, if we were to try and fix this from the start, "where would we start?" And we'd obviously start around taking care of the the largest swath and sort of compromise area, which would probably start with users, followed closely by devices, because if we can take care of those two pieces, we can actually gain some ground and work our way going forward. If you've heard a lot of the stuff around micro-segmentation, our sort of approach to micro-segmentation means micro-segment everything. We mean users, accounts, devices, IOT, OT, wired, unwired, whatever it is, if you can apply control to it, and you can segment it away to gain ground, segment it. >> So how do you deal with the micro-segmentation? Because ultimately you could segment down to one, and then you haven't really accomplished much, right? >> Right, a network of one is no good, yeah. >> Exactly; so when you think about micro-segmentation architectures, how are you creating buckets? What are your logical buckets that you're putting things in? >> So really it should be based on the function that you're trying to allow to occur. If you look at the way we architected networks for the last 20-something years it's been around sort of use writ-large. What we're talking about micro-segmentation is, if I'm micro-segmenting devices, those devices should live in a micro-segment where devices do device stuff, and you can keep control of that, and you can see what's coming and leaving. Users should be segmented that way, networks, all of it should be built around function, rather than inter-operability. Inter-operability is a result of good micro-segmentation, not the other way around. >> Right, and that's interesting you say that, we're obviously, we're in the Forescout Booth, >> Yeah. >> and a big piece of what they're talking about is, identifying these devices, but then basically restricting their behavior to what they should be doing. So really following along in your zero trust philosophy. >> Well I said it last year, I'll say the same thing again, a key piece of this whole thing is knowing what's supposed to be occurring and being able to control it, and then respond to it. It's not really that we've changed the evolution of this whole thing, we've just looked at it a little more pragmatically, and applying fixes where you can actually start gaining ground. >> Right, and applying the fixes at all different points in the spectrum, as opposed to just trying to create that big giant wall and a moat. >> Well yeah, moving away from the perimeter model, like the perimeter model has categorically failed. Everyone around here seems to understand that that's a reality; and we're not saying you shouldn't have your defenses up, but your defenses should be much more granular and much more focused on the realities of what enables the business. >> Right, so I'm just curious to get your perspective, you've been doing this for a while, as you walk around the show floor here, and see so many vendors, and so many products, and so many solutions, and so many bright shiny objects; how do you make sense of it? How do you help you customers make sense of it? Because it's not a simple space, and I always just think of the poor CSO's, sitting there like "How am I supposed to absorb, "even just the inbound information "about knowing what's going on," much less get to the point of doing evaluation and making purchase decision and making implementation decision. >> So one of the things that we've been really pushing forward with is using virtualization solutions to build architectures, not PowerPoints, not drawing stuff on a whiteboard, like actually using virtualization to build virtual architectures, and test and design there. It's actually very similar to the way that we write applications, you iterate; you don't write an app and release it, and think you got it right and you're done, you write pieces of code, build the app, you iterate, you move on, because of virtualization, we can do the same thing with security tooling and with networks. So one of our major initiatives is pushing that capability set to our customers to say, "This is how you get there, and you design, "and then you build, and then you deploy," rather than, "Deploy it and hope you got it right." >> And know that it's not going to be right the first time you buy it, right? You just got to write a check and the problem goes away. >> And it's much better if you screw something up virtually to just nuke it and start over, than if you try and do it with a bunch of hardware that you can't actually rip and replace. >> That's interesting, right? 'Cause the digital twin concept has been around in the OT space for a long time. We talk to GE all the time and digital twin in terms of modeling behavior, and a turbine engine is something they've been talking about forever. At a healthcare conference they're talking about digital twinning people, which I thought was pretty interesting. >> Kind of creepy, but yeah >> Kind of creepy, but then you think, "Okay, so I can, "I can test medications, I can do these things," and to your point, if I screw it up, I'm screwing up the twin, I'm not necessarily screwing up the real thing. And you talked about in your last blog post, starting to create some of these environments and architectures to help people do some of this exploration. >> Yeah we launched our first one here at RSA on Tuesday night, we actually put out our own Forester branded virtual reference architecture; and the good thing is is the way that we're approaching it, we can actually have our clients build their own semblance of this, because something everybody forgets is, this is one of the few places where there are snowflakes, right? Everyone has their own individual build, so being able to have yours that you build, maybe different from mine, even though we both line with a strategic concept like zero trust. >> Right. >> So, we're building a library of those. >> So is the go to market on that that you've got an innovations space, and people do it within there? Or are you giving them the tools to build it on PRIM, how's the execution of it? >> So really it's about, we've published a lot of research that says, "This is the way to do it;" now we've got this platform and the capability to say, "This is where you can do it;" and then allowing them to go in there and follow that research to actually design and build it and see that it's actually do-able. >> Right, right; so as you're looking forward, 2019, I can't believe the calendar's flipped already to March. Crazy ... What are your top priorities? What're you working on as you go forward this calendar year? >> It's mostly about ground truth sort of use cases on this adoption of zero trust across the industry; and really getting people to understand that this is something that can be done. So we have write-ups going on customers that have deployed zero trust solutions; and sort of how they did it, why they did it, where they got benefit from, where they're going with it, because we remind people all the time that this a journey. This is not something I wake up in the morning, build a zero trust network, and walk away. This is multi-year in some cases. >> Well it's going multi-year forever right? Because the threats keep changing; and the thing I find really fascinating is that the value of what they're attacking is changing dramatically, right? It used to be maybe I just wanted to do some, crazy little hacks, or change a grade, maybe steal some money from your bank account; but now with some of the political stuff, and the state-sponsored stuff, there's a lot more complex and softer nuance information they the want to get for much softer nuanced objectives, so you're going to have to continue to reevaluate what needs to be locked in tighter and what needs to be less locked up, because you can't lock it all up to the same degree. >> Right, and it's really something that we remind our customers a lot on, that security is being done by the majority of organizations not because they actually want to do security, it's because security makes the customers have more faith and trust in you, they buy more stuff, your revenue goes up, and everyone benefits. >> Right. >> You know, some of these large organizations, they don't have SOC's and do security operations 'cause they want to be a security company, they're a company that has to do security to get more customers. >> Right, have they figured that out yet? The trust thing is such a big deal, and the Big Tech backlash that we're seeing that's going on. >> I had thought that they would have figure it out, but it comes up all the time, and you have to really wrap people's head around that you're not doing security because you think security is cool, or you need to do it, it's to get more customers to grow the business. This is a business enabler, not a tangential business thing. >> Right, it's such a high percentage of the interaction between a company and it's customers, or a company and it's suppliers, is electronic now anyway, whether it's via web browser or an API call, It's such an important piece 'cause that is the way people interact with companies now. They're not going to the bank branch too often. >> With the growth of GDPR and privacy and things like that, companies are being mandated by their clients, by their customers to be able to say, "How do you secure me?" And the business had better be able to answer that. >> Right right, but hopefully they're not, to your point, I thought you were going to say they're doing it for the compliance, but it's a lot more than just compliance, you shouldn't be doing it just for the compliance. >> Yeah, I mean I stand on the compliance is kind of a failed approach. If you chase compliance you will just be compliant. If you actually do security with a strategy in place you will achieve compliance; and that's the difference most people have to wrap their head around, but compliance is something you do, not something you strive to be. >> Love it, well Chase thanks for stopping by and sharing your insight and a lot of good work. Love keeping track of it, keeping an eye on the blog. >> Great, thanks for having me. >> All right, he's Chase, I'm Jeff, you're watching theCUBE, we're at the RSA conference in the Forescout Booth, thanks for watching, we'll see you next time. (low techno music)

>> Live from San Francisco. It's the Cube covering artists. A conference twenty nineteen Brought to You by Four Scout >> Welcome back, everybody, Geoffrey. Here with the cue, we're in North America and the newly refinished Mosconi Center Downtown San Francisco in the force Cow boo. Happy to be here first time and we have our next guest. She's Charlotte Wiley, chief of staff from Symantec. Great to meet you. >> Nice to meet you, teacher. Thanks for having >> absolutely so impressions of the show. This is a crazy show. Forty dollars, people. Aren't many shows like this >> it issue just a little overwhelming. It's my second year here, and it's no less overwhelming. Second year here. It's, uh it's just prolific. Everything that say the session, the keynotes all day, all the networking, the basis. Amazing. >> So I'm curious how your perception has changed. I >> was looking at your background, Your hearing a financial institution before your own kind of the purchaser side of the house. >> Now you're over on >> this side of the house. How's that kind of change your perception when you walk this crazy floor, I imagine before you're like, Yeah, how am I going to digest all this? >> Well, no one wants to be my friend anymore, which is interesting. So, um, you know, working on the vendor side of the defense is the dark side. It's It's a very different experience. When I came here a couple years go to bank. Everyone wants to talk to you. Or is this time? Is this a healthy, competitive nature going on between all the vendors, which is great. You want to see that? Yeah. It sze got the same enthusiasm. Same vase on the floor, which is wonderful. >> So semantics. Been a leader in the space for a very, very long time. One of the original, you know, kind of original security companies back in the day when we're just trying to protect that. You know, I guess our Web browser right from from some malicious activity. Wow. The world has changed. And one of the big new components now is his internet of things. In this tie of it with ot operations technology. You know something you've spent some time on a wonderful get your take on how that's increasing the threat surface, you know, increasing the complexity. And yet there's still a lot of value there if you can bring those systems together. >> Yeah, absolutely. So I think that Kate thing is this. You know, this simplicity here is, uh What? What you don't know, You can see. And what you can't see you can't monitor on DH. That's the key thing to remember when you think about t n OT so with Coyote specifically, if you, uh you've definitely got a nice routine, you network somewhere everyone has. But if you can't see that thing, it is incredibly vulnerable Throat vector for any organization. So really, it's it's a point of egress for any doubt of ex filtration. And if you've got someone compromised in the network already on your way, see it as being a very opportune ingress point to getting a lateral move. Right. So they are incredibly, inherently vulnerable. Right? These things are they're usually hard coded, authenticated. They are. They have massive under. Police often remain unpatched. When you cannot see, you don't know, Right? So some of the dirty side of the fence, right? The same problem exists. They typically were not built to connect to the Internet. Right. So this is something very new that we're trying to tackle right. And one of the key things I think about is that it's probably a little bit few tile to make these OT and I and I. A device is inherently secure. You think about in twenty twenty. We're going to see like twenty five billion devices proliferating our globe, which is incredible. So how do we how do we make it more school? Let's back off from becoming inherently secure. Let's up on the visibility. If you visualize you, Khun Segment, and you can enforce. And then you can take control of what has access to your network, right? A >> lot of interesting conversations about this today, obviously or in the force cow boo. But I think one of the people earlier said they had fifty percent more devices on the network than they anticipated. And it turns out his remote offices and people are plugging things in. Another little factoid is that maybe that hit no s on that device is actually windows in tea. Is it a tea? A little box. And nobody even knew because you knew that's an embedded in team. But then on the other side, we had a lease on, and she was talking about great example on security cameras and just that a lot of these newer devices that you can connect have a plethora of services packaged in on the assumption that you might use them. So rather than have not too many, they put them all in. But you don't necessarily need to turn all those things on. So again, you're just opening up this huge kind of exposure. >> Huge explosion. That's it. I think it's a really good conversation to have with your stakeholders about talking about the target breach. So when people start to understand that that really originated from a hate tax system, right compromise haystack system. So when you're talking about T initialization, that's a really good years case to say. Look, this is a huge bridge that was compromised from because we didn't They didn't have visibility over the anxiety. >> It's funny if you each Max keep coming up, over and over and over there. Obviously the biggest threat that way have I'm jacket to see if I could see like a movie with me. Nasty HBC think come until that munching up the company. But it's funny. Different topic. Shifting gears completely, really, about kind of diversity, diversity of opinion, diversity of perspective, diversity of thought and how that's a really important and effective tool use in trying to accomplish missions. In this really crazy, complex task, you can't abs single point of view, single point of reference, kind of a single pain that you think about. I know that's something that you've been in a lot of time on, >> so my role it's semantic because Chief of staff, I own the diversity agenda for the global security office. And it's bean aerial laser focus on me for the past twelve months, which is our industry has a systemic problem around attracting and retaining talent from diverse backgrounds. Right? We're gonna tackle it head on on We don't really successfully in semantics. Oh, wait. Give this fabulous mandate through to our leadership who got on board with laser focus around, making sure that we get a diverse slate of candidates when we bring in new people and that that translated incredibly well. So we saw a rise of interview to conversion. Foreign ft for females in six months off forty percent >> fourteen or forty four zero for zero. >> So just by making it part of the interviewing experience. Having a diverse slate of candidates, making sure that we're really giving a foreign opportunities coming right really has changed playing Plainfield. >> And then the other thing, of course, is the retention, which is a big problem for attention that we're, you know, women dropping out and not coming back. >> That's and this every organization has to step up to make sure that they're waiting, but their making a workforce that is flexible, that accommodates so some of that. Some of the mental load that women have, whether it's through a child, care whether it's to do with older parents. But also when we talk about diversity, it's nothing. You know just about the gender piece, right? We're going to accommodate for other people as well underrepresented minorities. Early Korea, Different people have different socio economic backgrounds, maybe haven't come from a typical university training course, right, Something that we've focused on heavily. We've been working with a large enough profits to bring in early career guys who have not had a university background who may have had a really rough time coming out of school, getting them in, training them up through internships, bringing them up to speed over six months and converting them into FDA, which I feel is really a way tio to build a diverse workforce and get people an opportunity that didn't have it >> now was someone spearheading that before you came on border was there Was there an effort that really kind of put a dedicated resource on it when you when you took it over? >> So I took over about a year ago and I double down on the effort. We were working with Europe before that. Had a fantastic colleague was doing a lot of work with Europe on. We're just seeing fabulous results with converted nearly thirty three percent of our internships into FT. >> Thirty three and you're not in those thirty three or not coming from, you know, kind of a classic. They're not coming pig population. >> Absolutely these air IGA passionate, enthusiastic young people who have a tenacity to just pick things up because they're so grateful to be there right there, so happy to be given the opportunity. And it's some It's an untapped resource that I think a lot of people who are looking to have solved aside the security talent shortages should be looking into great that we get programs in place for a Girl Scout middle school. But let's think about alternative ways of getting new talent in. And I think that they're not for profit right way after >> such a big problem. And like you say, it's a big problem, you know, from from little girls. And, you know, all the way up to mid mid career women that air dropping out and not coming back before you even get into the boardroom. We work with a ton of organization like Athena Alliance with towards that the boardroom level all the way down to Grace Hopper. You know, this working more kind of college graduate level girls intact? I mean, there's a lot of luckily, a lot of people are trying to focus on the problem, but unfortunately, the numbers or not turning in the correct direction, they're actually turning in the wrong direction. Yeah, >> so really, that's it for me. It's about laser focus. You really got it. If you make your party your agenda making party returned right? Don't give it. The nursery had not. Don't say that you will do the things actually commit to it and get it done right. I'm not a huge fan of talk. It's Qatargas work on. So, yeah, I think there's a lot of opportunity. The people they don't step up to the great doing enough >> to to your earlier first line, right? If you're not measuring it, you know, and tracking against it, how do you know if you're being silly and what it's under served? You have to give it a little juice, right? You can't just have to expect the status quo to suddenly change, right? >> Absolutely metrics. Incredibly employed. And start with you metrics. Dashboard record where your tracking, in terms of your representation of females, underrepresented minorities. Your bets. You're early Korea. Really? What you want to see is a huge influx or the interviewing stage into the into the FT conversion. You want to see an influx in your leadership. You want more women in your leadership team because that's the way to drive a better female pipeline, right? Same goes on because I'm are minority. Same guys. Early career. >> Yeah, so important that they look up and see somebody that looks like one hundred percent C. C an opportunity to be that person, something alright. Charlotte. Well, thanks for, uh, for taking a few minutes of your day. And great Teo learned about all your What you working on? That's >> great. Thanks. Having >> alright? She Charlotte? I'm Jeff. You're watching the Cube? Where are, say twenty nineteen in the force Cow booth. Thanks for watching. >> We'LL see you next time.

>> Live from San Francisco. It's the Cube covering artists. A conference twenty nineteen brought to you by for scout. >> Hey, Welcome back, everybody. Jefe Rick here with the Cube were in the force caboose that Arcee and Mosconi center forty thousand people walking around talking about security is by far the biggest security of it in the world. We're excited to be here. And welcome back a Cube. Alumni has been playing in the security space for a very long time. He's Bradman bury the GDP from Booz Allen >> Hamilton. Brad, great to see you. >> Hey, thanks for having me here today. Absolutely. Yeah. I've, uh I've already walked about seven miles today, and, uh, just glad to be here to have >> a conversation. Yeah, the fit bitten. The walking trackers love this place, right? You feel your circles in a very short period of time. >> I feel very fit fit after today. So thank >> you. But it's pretty interesting rights, >> and you're in it. You're in a position where you're >> advising companies, both government and and commercial companies, you know, to come into an environment like this and just be overwhelmed by so many options. Right? And you can't buy everything here, and you shouldn't buy everything here. So how do you help? How do you hope your client's kind of navigate this crazy landscape. >> It's interesting, so you mentioned forty thousand people. Aziz, you see on the show, should share room floor behind us, Thousands of product companies, and, frankly, our clients are confused. Um, you know, there's a lot of tools, lot technologies. There's no silver bullet, and our clients are asking a couple of fundamental problem. A couple of fundamental questions. One. How effective in mine and then once them effective, you know, how can I be more efficient with my cyber pretty spent? >> So it's funny, effective. So how are they measuring effective, Right? Because that's a that's a kind of a changing, amorphous thing to target as well. >> That's I mean, that's that's That's the that's the key question in cybersecurity is how effective my, you know, there's lots of tools and technologies. We do a lot of instant response, but commercially and federally and in general, when looking at past reaches, its not a problem. In most cases, everyone has the best of the best and tools and technologies. But either they're drowning in data on DH or the tools aren't configured properly, so you know we're spending a lot of time helping our client's baseline their current environment. Help them look at their tool configurations, help them look at their screw. The operation center helping them figure out Can they detect the most recent threats? And how quickly can we respond? >> Right? And then how did they prioritize? That's the thing that always amazes me, because then you can't do everything right. And and it's fascinating with, you know, the recent elections and, you know, kind of a state funded threats. Is that what the bad guys are going on going after? Excuse me? Isn't necessarily your personal identifying information or your bank account, but all kinds of things that you may not have thought were that valuable yesterday, >> right? I mean, you know, it's funny. We talk a lot about these black swan events, and so you look at not Petra and you know what? Not Pecchia. There was some companies that were really hit in a very significant way, and, you know, everyone, everyone is surprised, right and way. See it time after time, folks caught off guard by, you know, these unanticipated attack vectors. It's a big problem. But, you know, I think you know, our clients are getting better. They're starting to be more proactive. There start. They're starting to become more integrated communities where they're taking intelligence and using that to better tune and Taylor there screw the operation programs. And, you know, they're starting to also used take the tools and technologies in their environment, better tie them and integrate them with their operational processes and getting better. >> Right. So another big change in the landscape. You said you've been coming here for years. Society, right? And yeah. And it's just called Industrial. I owe to your Jean. Call it. Yeah. And other things. A lot more devices should or should not be connected. Well, are going to be connected. They were necessarily designed to be connected. And you also work on the military side as well. Right? And these have significant implications. These things do things, whether it's a turbine, whether it's something in the hospital, this monitoring that hard or whether it's, you know, something in a military scenarios. So >> how are you seeing >> the adoption of that? Obviously the benefits far out way you know, the potential downfalls. But you gotta protect for the downfall, >> you know? Yo, Tio, we've u o T is one of the most pressing cyber security challenges that our client's case today. And it's funny. When we first started engaging in the OT space, there was a big vocabulary mismatch. You had thesis, Oh, organizations that we're talking threat actors and attack vectors, and then you had head of manufacturing that we're talking up time, availability and reliability and they were talking past each other. I think now we're at an attorney point where both communities air coming together to recognize that this is a really an imminent threat to the survival of their organization and that they've got to protect they're ot environment. They're starting by making sure that they have segmentation in place. But that's not enough. And you know, it's interesting when we look into a lot of the OT environments, you know, I call it the Smithsonian of it. And so, you know, I was looking at one of our client environments and, you know, they had, Ah, lot of Windows and T devices like that's great. I'm a Windows NT expert. I was using that between nineteen ninety four in nineteen ninety six, and you know, I mean, it's everybody's favorite vulnerability. Right on Rodeo. I'm your guy. So, you know, one of the challenges that we're facing is how do you go into these legacy environments that have very mission critical operations and, you know, integrates cyber security to protect and ensure their mission. And so we're working with companies like for Scott, you know, that provide Asian agent lis capabilities, that that allow us to better no one understand what's in the environment and then be able to apply policies to be able to better protect and defend them. But certainly it's a major issue that everyone's facing. We spent a lot of time talking about issues in manufacturing, but but think about the utilities. Think about the power grid. Think about building control systems. H back. You know, I was talking to a client that has a very critical mission, and I asked them all like, what's your biggest challenge? You face today? And I was thinking for something. I was thinking they were going to be talking about their mission control system. Or, you know, some of some of the rial, you know, critical critical assets they have. But what he said, My biggest challenge is my, my age back, and I'm like, really, He's like my age back goes down, My operation's gonna be disrupted. I'm going out to Coop halfway across the country, and that could result in loss of life. It's a big issue. >> Yeah, it's wild. Triggered all kinds. I think Mike earlier today said that a lot of a lot of the devices you don't even know you're running in tea. Yeah, it's like a little tiny version of Inti that's running underneath this operating system that's running this device. You don't even know it. And it's funny. You talked about the HBC. There was a keynote earlier today where they talk about, you know, if a data center HBC goes down first. I think she said, sixty seconds stuff starts turning off, right? So, you know, depending on what that thing is powering, that's a pretty significant data point. >> Yeah, you know, I think where we are in the journey and the OT is, you know, we started by creating the burning platform, making sure that there was awareness around hate. There is a problem. There is a threat. I think we've moved beyond that. WeII then moved into, you know, segmenting the BOT environment, A lot of the major nation state attacks that we've seen started in the enterprise and move laterally into the OT environment. So we're starting to get better segmentation in place. Now we're getting to a point where we're moving into, you know, the shop floors, the manufacturing facilities, the utilities, and we're starting Teo understand what's on the network right in the world This has probably been struggling with for years and have started to overcome. But in the OT environment, it's still a problem. So understanding what's connected to the network and then building strategy for how we can really protecting defendant. And the difference is it's not just about protecting and defending, but it's insuring continuity of mission. It's about being resilient, >> right and being able to find if there's a problem down the problem. I mean, we're almost numb. Tow the data breach is right there in the paper every day. I mean, I think Michael is really the last big when everyone had a connection fit down. Okay, it's another another data breach. So it's a big It's a big issue. That's right. So >> one of the things you talked about last time we had >> John was continuous diagnostic and mitigation. I think it's a really interesting take that pretty clear in the wording that it's not. It's not by something, put it in and go on vacation. It was a constant, an ongoing process, and I have to really be committed to >> Yeah, you know, I think that, you know, our clients, the federally and commercially are moving beyond compliance. And if you rewind the clock many years ago, everyone was looking at these compliance scores and saying Good to go. And in reality, if you're if you're compliant, you're really looking in the rear view mirror. And it's really about, you know, putting in programs that's continually assessing risk, continuing to take a continues to look at your your environment so that you can better understand what are the risks, one of the threats and that you can prioritize activity in action. And I think the federal government is leading the way with some major programs. I got a VHS continuous diagnostic in mitigation where they're really looking Teo up armor dot gov and, you know, really take a more proactive approach. Teo, you know, securing critical infrastructure, right? Just >> curious because you you kind >> of split the fence between the federal clients and the commercial clients. Everybody's, you know, kind of points of view in packs away they see the world. >> What if you could share? >> Kind of, maybe what's more of a federal kind of centric view that wasn't necessarily shared on the commercial side of they prioritize. And what's kind of the one of the commercial side that the feds are missing? I assume you want to get him both kind of thinking about the same thing, but there's got to be a different set of priorities. >> Yeah, you know, I think after some of the major commercial breaches, Way saw the commercial entities go through a real focused effort. Teo, take the tools that they have in the infrastructure to make sure that they're better integrated. Because, you know, in this mass product landscape, there's lots of seems that the adversaries livin and then better tie the tooling in the infrastructure with security operations and on the security operation side, take more of an intelligence driven approach, meaning that you're looking at what's going on out in the wild, taking that information be able to enrich it and using that to be more proactive instead of waiting for an event to pop up on the screen hunt for adversaries in your network. Right now, we're seeing the commercial market really refining that approach. And now we're seeing our government clients start to adopt an embrace commercial. Best practices. >> Write some curious. I love that line. Adversaries live in the scene. Right? We're going to an all hybrid world, right? Public cloud is kicking tail. People have stuff in public, cloud their stuff in their own cloud. They have, you know, it's very kind of hybrid ecosystems that sounds like it's making a whole lot of scenes. >> Yeah, you know, it. You know, just went Just when we think we're getting getting there, you know, we're getting the enterprise under control. We've got asset management in place, You know. We're modernizing security operations. We're being Mohr Hunt driven. More proactive now the attacks services expanding. You know, earlier we talked about the OT environment that's introducing a much broader and new attack service. But now we're talking about cloud and it's not just a single cloud. There's multiple cloud providers, right? And now we're not. Now we're talking about software is a service and multiple software's of service providers. So you know, it's not just what's in your environment now. It's your extended enterprise that includes clouds. So far is the service. Excuse me, ot Io ti and the problem's getting much more complex. And so it's going to keep us busy for the next couple of years. I think job security's okay, I think where I think we're gonna be busy, all >> right, before I let you go, just kind of top trends that you're thinking about what you guys are looking at a za company as we had in twenty >> nineteen, you know, a couple of things. You know, Who's Alan being being deeply rooted in defense and intelligence were working, Teo, unlocking our tradecraft that we've gained through years of dealing with the adversary and working to figure out howto better apply that to cyber defense. Things like advanced threat hunting things like adversary red teaming things like being able to do base lining to assess the effectiveness of an organisation. And then last but not least, a i a. I is a big trend in the industry. It's probably become one of the most overused but buzzwords. But we're looking at specific use cases around artificial intelligence. How do you, you know better Accelerate. Tier one tier, two events triaging in a sock. How do you better detect, you know, adversary movement to enhance detection in your enterprise and, you know, eyes, you know, very, you know, a major major term that's being thrown out at this conference. But we're really looking at how to operationalize that over the next three to five years, >> right? Right. And the bad guys have it too, right? And never forget tomorrow's Law. One of my favorite, not quoted enough laws, right, tend to overestimate in the short term and underestimate in the long term, maybe today's buzzword. But three to five years A I's gonna be everywhere. Absolutely. Alright. Well, Brad, thanks for taking a few minutes of your day is done by. Good >> to see you again. All right, >> all right. He's Brad. I'm Jeff. You're watching. The Cube were in Arcee conference in downtown San Francisco. Thanks >> for watching. We'LL see you next time.

>> Live from San Francisco. It's the Cube covering artists. A conference twenty nineteen brought to you by for scout. >> Hey, Welcome back, everybody. Geoffrey here with the cue, We're at the arse. A >> conference in Mosconi. They finally finished The remodel. Looks beautiful in the rain is not coming in. Which is a good thing. We're excited. >> Have a next guests of many time Keep alumni. >> He's Sean Connery, the VP and GM of Security and Risk Business Unit at service now Song. Great to see you. It's great Sea again, Jeff. Thanks for having us. Absolutely. So it's been probably six months or so since we last talked What's been going on its service down the security space? >> Well, one of the things that's been most interesting is, as our customers have started to get into production now with the security capabilities as well as our risk capabilities there, realizing the benefits of having I t security and risk on the same platform. So when we were talking last time, we're talking a lot about, you know, security, hygiene, vulnerability, management, security incidents and that's all very much mainstream now on R and R install base. But now folks are saying, Wait a minute if I've got it. Data risk, data, compliance, data and security and vulnerability to it on the same platform. What kinds of things could I now do that >> I couldn't do before? Right? So what are they doing? >> Well, big thing they're doing is they're starting to manage risk in a holistic way by leveraging operational data on the platform. So if you think about the way risk tools have historically worked, you know, you're basically in what is essentially a glorified spreadsheet building dashboards for how to represent the various risks to your organisation. But if you think about what auditors and compliance people need to do there, essentially checking the state of all these compliance tasked throughout an organization. But it's essentially a survey. Like I'll ask you like, Hey, tell me about the data protection strategy for your application. You have to tell me while we're using crypto or we're not using krypto. The data is in this country. Well, all that date is already in service now. So how do you now automate? So we take all those mundane tasks around compliance and risk and be able to roll that up to clear, visible risk indicators manage that in a continuous way, what we call continuous monitoring for risk, which is just a brand new way to think about this problem, >> right? I'm curious how the changing of the assessment of the risk changes over time you've got the compliance stuff, which you just have to do, right? You have to check the box you've got, you know, kind of your business crown jewels. But then now we're seeing with kind of these nation state attacks and political attacks and sees things that aren't necessarily just trying to steal your personal information and not trying to steal your your your big money. But they're looking for other data that maybe you wouldn't have assigned an appropriate risk level in a time before because you were kind of really protecting the money and the and the and the obvious crown jewels. How >> does that >> how's that risk kind of profile continue to modify and change over time? >> I think that that's gonna be the state, uh, for you know, forever, right? The right profile. Going to continue to modify. I think what's important for security team's risk teams teams is to make sure they're actually using risk as we talked about last time. Is there North Star for guiding their security investments were here surrounded, like in the lion's den. All these security vendors, I was just walking the halls, all the startups that air, trying to do different things. And, you know, there's always gonna be another tool that somebody's going to want to sell you to solve a problem. But ultimately you need to be looking at the risks to your organisation. As you said, the evolving risk people shipped a cloud. You know, they deal with nation state attacks. They deal with, you know, whatever is going to come tomorrow. And how do you guide your security investments in favor of that? What we're seeing it service now is a renewed interest in hygiene and back to basics. How do I manage my vulnerabilities? Is my patch program effective? How am I dealing with exceptions and that? What's that channel to it? Because, as you know, almost everything about security was actually done by from an operational standpoint. So that channel of communication is something that we've been really heavily focused on. >> Yeah, it's a pretty state, As you say. We're surrounded by many shiny many bright, shiny lights, and people have something yourself. But you can't you can't buy your way out of this thing. You can't technology. You're way out of it. You can't hire out of it. So you really need to use a kind of a sophisticated strategy of integrated tools with the right amount of automation to help you get through this morass. >> Absolutely. And one of the ways we liketo help our customers think about >> this is, >> you know, your teams want to be focused on the interesting parts of their jobs. They came into the security industry because they want to help save the world right now, they watch some movie, they imagine some amazing role. And then when they get into the role, if they're dealing with mundane, you know, uh, fishing response. You know, vulnerability, prioritization. It just, you know, it takes the wind out of their sails, right? But if you can, if you can automate those mundane task using a digital work folk platform like service now, then suddenly free that time up so they could be focused on what you were just describing much more advanced attacks where you want creative humans. Sort >> of. This is so funny, right? It's almost like any type of a job like painting. You know the more time he spilled, spend prepping the house and sanding everything except painting better. The painting goes, and it's kind of the same thing here. It's the Boring is the mundane is applying the patches, as you said, but it's all of those things that make the exciting part when you get there. Now you can focus on real problems was just shoot, you know, we forgot to apply that match two weeks ago, >> you reminded me. I think my dad taught me a measure twice cut once that. S O s. Oh, it's absolutely right. So one way to think about that is that a concrete example is attack surface. So people, a lot of people on this hall are talking about your attack surface. What are the areas that can be attacked within your organization? Well, one of the best ways to reduce your attack surfaces to manage your vulnerability program in an effective way. Because if you can deal with patching much more efficiently patching the right assets the ones that have active exploits that are available, then suddenly you're inflow of incidents reduces, and then you automate the incidents that remain. And then suddenly you've got a mass the time savings versus If you just sort of scattershot said All right, T Max is going to work on vulnerabilities. Team wise, going toe workout incidents. They're really not gonna coordinate. And they're especially not gonna coordinate with tea. That's when things start to fall apart. >> Right. Right. So we're here in the Fourth Scout Booth. Um, so how long have you guys been working for Scout? How does how did the two systems work together? >> Yeah. So we've been working for Scott for awhile. We've actually got a number of integrations that are live on the surface now store. Uh, in fact, we have customers in production using for scout. So we really see, with force got in service now is a couple of things. First off, just on the asset management asset Discovery side of the house for Scott has a wealth of capabilities around giving us information about endpoint assets, whether they be traditional assets or coyote assets. And we can feed that directly into the seem to be our configuration management database. Right To help manage the overall assets within an organization that's sort of step one for Scout is a terrific partner to help pull that data in. And then the second thing we can do is we can men using the security capabilities inside service. Now we can trigger actions inside for scouts environment to then block re mediate, isolate. When we see something bad happening related to an incident or a vulnerability >> that we discover, right, I just can't help, but they're gonna know Asset management is eighty beady little piece of of the service now offering and all we hear about force. God just going in and finding out all kinds of stuff that you had out there that can. And I'm like, who found it first. You guys in the asset management or were the four scout sniffer? But I I imagine a lot of that stuff is not in your asset management system because it's things that people have just plugged in here and there and along the way. >> Yeah, well, we've got our we have a discovery capability is part of service now, which is which is fantastic. And that is primarily focused on server assets and the relationship between those server assets. So you want to understand, What is the total footprint of my AARP infrastructure? The load balancers, the network equipment, the servers. We can do that very, very well. What? What we really rely on coming like forced God to help us with is like you said, somebody plugged something in on the wireless network on the local network. You know, we don't know what it is. And for school can help us, you know? What is it? Where is it on DH that that information's changing so quickly that it really helped us out tohave having integrated solution. We've actually got Customersdata, Utah was in production now, with sixty thousand devices being managed with force got in service now working together, it's curious >> if you somehow integrate those back in and say, You know, it's not just me plugging in my phone, but it's actually something that needs to be more actively managed. If there's a discovery process there within service in ours, and it's mainly just temporary stuff, plug it in, plug it in and out, plug it in, plug it out. >> Yeah, I wouldn't think of the integrations with force got his temporary in anyway. It's just more. It's more dynamic environment so that our people are people are plugging systems in, you know, typically, you want to do that in an agent lis way, right? You don't want to have a heavyweight agent on the end point. And that's what force guys really known for discovering, analyzing what these devices are. And for us, the more incoming data we have into our CM, D B, the more valuable that is to our customers. And so we're really excited Team to do more with force. Go >> right. All right, I give you the last word. What priorities? For twenty nineteen. >> Prices for twenty nineteen is really to build on what we what we just announced. So Madrid are major service not released. Just hit today, right? Thanks. Thanks very much. We have exploit enrichments and our vulnerability system now so we can know, you know. Is there a phone? How How How critical is it? But also has it been exploited or not? Right. Is it publicly available? Exploit doesn't require local access, remote access so that we've done that on the security side. Wait. Did some continuous monitoring that we already talked about. But the big thing for us, that service now is mobile in twenty nineteen. Right? So big capability we announced, is native mobile capabilities. So essentially, we're positioning everyday work is the next killer out for mobile? Because, as you know, service now is all about Inter connecting all these various departments and making these classic processes digital work clothes. And now you can have that same sort of consumer grade mobile experience on your enterprise infrastructure. And so being able to build that out about all of our products and continue to drive Alodor customers are really excited about it. >> I just can't help But think of Fred coming out. I think it like twenty fifteen with, like, the first. I might be off by year to the first, You know, service now on mobile and the crowd went wild. >> It was awesome at the time. Right now, that was a that was a essentially a scaled down web capability. Right foot inside of a container. Now, this is Native mobile. So GPS face I d three d touch to use IOS. Examples are all capabilities you can expose in a code lis environment tio to developers so you could build a custom application custom workflow. And you don't have to know anything about how to code and the APC and get pushed down to users devices right away. >> Very good. Well, I think that's a good place to focus on. Right, Sean? Well, thanks for taking a few minutes to stop >> by course. Thanks, Tio. Pleasure. All right. He shot on. Jeff. You're watching the cube? Where are say in San Francisco? Thanks for watching. >> We'LL see you next time.

>> Live from San Francisco, its theCUBE. Covering RSA Conference 2019. Brought to you by Forescout. >> Hey welcome back everybody Jeff Frick here with theCUBE. We're at RSA Conference North America 2019. 40,000 plus people in the brand newly refinished. Moscone, they finally got it done and it looks great, we're excited to be here and the guy, one of the many people responsible for this whole event is joining us for a return visit. He's Rohit Ghai, the president of RSA. Rohit, congratulations on another incredible event. >> Thank you, it is incredible indeed and the scope of the conversation, the breadth of the conversation, amazing. >> Right, I was looking a couple of years ago I think it was Valentine's Day, thankfully you didn't do Valentine's Day this year 'cause I don't think Moscone was ready for you. >> That's right, I don't think that would have played out well, yes (laughs). >> So lets jump into it a little bit, kind of general impressions you know security is not getting any less in demand. We're seeing increased threats, we're getting dumbed down to breaches. Give me the facts, how many vendors are here displaying today, how many sponsors? What are are some of the basics? >> Yeah, so look 40,000 plus attendees you know we have 800 plus folks on the show floor. There is a total of 1,700 plus vendors in this industry so its a very fragmented industry and everybody whose anybody in cyber-security is actually here. The other stat that is interesting is in terms of shared voice and the media coverage that actually happens at the RSA conference, if you just put that together that's more than any of the social conversations throughout the year. So this one week will generate more shared voice around cyber-security than the entire year. >> It's the place to be. So let's jump into it, so one of the big issues that you've always talked about is using a really kind of business approach to assessing risk and some of the math behind making a good business decision on how much you invest and what do you protect. You've expanded that vision a little bit this year. Tell us a little more about that. >> We see our role as RSA to provide a safe passage of the world to its digital future state. As you know digital transformation is a buzz-word. Every company is trying to go digital but they don't know what they don't know. Technology is premiering things where its never been before. It's inside baby monitors, inside pace makers, inside cars. Companies that are adapting this technology don't have the competency to actually mitigate risk. The stat I use is one-trillion lines of code will be shipped over the next decade by companies that have shipped exactly zero lines of code. >> One trillion new marginal lines of code. >> So, the meta point is we face unprecedented digital risk, because of adoption of digital technology. So technology is a force for the good but you have to embrace it mindfully and pay attention to digital risk management and that's our role. The role of RSA is to help companies manage digital risk. >> Right, and how do they sort through it all? I just feel for all this between the number of threats, the number of solutions, the IOT is coming on board, 'Internet of Things'. The OT is now being connected to the IT, your head's got to be just spinning. >> It feels overwhelming doesn't it. What I say is anytime you feel overwhelmed you could do three things. You have to reduce the amount of work, you do that by designing security in, resilient infrastructure. Second is that you have to automate work. Which is basically using technology like artificial intelligence and machine learning. But as you know the bad guys have all the AI and ML we the good guys do. So the third recipe for success is business driven security. Which means you have to apply business contacts to your security posture, so you focus on the right problems. The right cyber incidents right here right now. And that's our unique advantage the good guys, the only advantage we the good guys have is our understanding of our business contacts. We call that business driven security. >> So an interesting piece of that is how the value proposition is changing. It used to be the young kid hacking the school site giving himself an A. Then it got to people getting into bank accounts and personal information. But now we're seeing with the nation's states, we're seeing political motivation. >> Exactly. >> There's a lot of different motivations so it gets into this whole evaluation of data, what is the data that they want and is it valuable? Because what they want or is valuable tomorrow might be different than what it was today. >> You're right, the clock speed of digital business is markedly enhanced. So you need solutions that can move at the pace of business. So its no longer about efficacy, its about speed, both on the risk side and security you need solutions that can process this vast ocean of data, make sense of it, to prioritize your response. To focus on the things that are most important right now. >> Yeah, its crazy. Then we have this other trend that's happening now, which is kind of Big-Tech like from Big-Oil meaning not a positive connotation in a blowback. Where people are kind of waking up to the fact that my data is important and people are using it for ways that I didn't necessarily want them to. So this trust issue is really really significant. >> It is significant because in fact the topic of my keynote yesterday. We call it the trust landscape in which we painted a story that we are at the beginning of an era which is a trust crisis. Where people are losing faith in technology as a force for good and unless we act now we will put humanity in harms way and get in the way of human progress. And I think there is some things we need to do, if you think about trust, trust is based on reputation. Trust is not perfection, I don't trust you because you're perfect. I trust you because I can count on how you're going to behave in certain circumstances. Its based on your reputation. >> Right. >> If you think about today we are inviting complete strangers into our cars and homes with platforms like Airbnb and Uber Lyft. Because there is a technology trust platform. We need that on the enterprise side and what we're doing in the cyber security world is, we are actually making withdrawals from our trust or reputation bank account because breaches and bad news is the only thing that's reported. We are not reporting good cyber incidents. So that's the place where we need to work toward, where we are able to not just take withdrawals from our reputation bank account but make deposits by reporting not just bad cyber news but good cyber news. >> Right. >> When we prevent breaches or when we mitigate business impact or cyber incidents. All of those things we need to be more transparent about that. >> But its kind of tricky right now because its the old spy dilemma, you don't want to tell them that you caught them because then you are not in a position to catch them the next time. >> Yes, I think there is solutions there though. I think the reason we have been guarded in cyber security to share good news is because again we don't want to reveal details of our security posture. And we don't want to taunt the bad guy and attract attention towards ourselves. Having said that I think there is a way to do that anonymously without compromising your security posture and having this quantified way to measure your reputation or your cyber capability. >> Right, its really interesting that you go down this trust angle because the whole fake news thing. Is protecting your reputation really of more significant value than necessarily, I don't know, make up some other kind of silly data breach but your reputation and the trust that comes from that or the relationship you have with your customer is really really important. >> Absolutely, your reputation ascertains how your company will live through any crisis incident, right? And in the past corporate reputations were based on things like corporate social responsibility. Your conduct in the physical world, environment, sustainability, corporate ethics, in terms of how you are treating your employees on a fair basis. In the digital world, just like you have corporate social responsibility, you have corporate digital responsibility. You need to demonstrate conduct in terms of how you deal with data, how you take care of consumer data and are a good custodian for it. How you participate in the ecosystem. The Facebook Cambridge analytica example, when you share data with partners you have to feel accountability to that. So in this hyper-connected economy, third-party risk is actually probably higher than first party risk. So you no longer just need to worry about your own data landscape and your own infrastructure landscape. You need to worry about your ecosystem as well. >> Right, and that's before you count in if its an API based economy and you've got stuff in the cloud, you've got stuff in your data center, you've got stuff at remote locations. So the complexity is significantly changed. >> Absolutely. The good news is there's a great recipe which is digital risk management. Risk and trust have to coexist right? If you don't take risks you can't make progress or innovate but in order to have trust you need to have predictability. And that comes through a risk management approach and that's why RSA is so excited about this idea of digital risk management. Its a great responsibility to chart the course to the digital future of the world. >> Well you've certainly got everybody's ear as you said everybody whose anybody is here and this is the place to be this week so congratulations again on a very big and successful show and we're excited that we got to sit down this time not standing in the hallway. >> Thank you, thank you. >> Alright thanks again. >> I enjoyed the conversation. >> Alrighty, he's Rohit, I'm Jeff, you're watching theCUBE. We're at RSA North American conference in Moscone. Thanks for watching we'll see you next time.

(funky music) >> Live from San Francisco, it's theCube, covering RSA Conference 2019 brought to you by Forescout. >> Hey welcome back everybody Jeff Frick here with theCUBE. We're at the RSA Conference at downtown San Francisco Moscone Center, they finally finished the remodel. We're excited to be in the Forescout booth, we've never been in the Forescout booth before, psyched that they invited us in. But we've got an old time CUBE alumni and a special company in my heart, was my very first CUBE event ever was Splunk.conf 2012. >> I did not know that Jeff. >> Yeah so we're live. We have Doug Merritt on he's a CEO of Splunk. Doug great to see you. >> Thanks Jeff, good to see you again also. >> Yeah so we've been doing Splunk.conf since 2012. >> The early days. The Cosmo Hotel and it was pouring rain that week. >> That was the third year. >> Probably the third year? >> Second year, yeah long time ago, it's grown. >> 2012 wasn't that big but this is a crazy show. You've been coming here for a while. Security is such an important part of the Splunk value proposition, just general impressions of RSA as you've been here for a couple of days. >> Yeah, it's amazing to see how the show has grown over the years, security's gone from this, kind of backwater thing that a few weird people did in the corner, that only understood the cyber landscape, to something that boards care about now. And that, obviously has helped with this show, I don't know what the attendee numbers are like, but tens of thousands of people. >> Oh yeah. >> You can't walk down a hallway without bumping into 10 brand new companies that were launched in the past year, and the security space and make the biggest challenge people that I have, and I think that other people have is, how do you tell different, where's the wheat from the chaff? What is really important in security and how do you tell different companies and different trends apart, so you can actually focus on what matters? >> Right, I just feel for the seed-sows, right, I mean, you guys have a big ecosystem at .conf, but those are all kind of complimentary things around the core Splunk solution. This is, you've got co-opetition, competition, how does somebody navigate so many options? 'Cause at the end of the day you don't have unlimited resources, you don't have unlimited people to try to figure all these pieces of the puzzle out. >> Yeah, and the CSOs have got a really tough job, the average CSO has got well over a hundred different vendors you're dealing with, and with Splunk what we're very focused on, and where I think we add value is that we become, if done right, we become the abstraction layer that creates a brain and nervous system that allows all those different products, and all of them have got unique capabilities. When you think about the complexity of all the networking, all the compute, all the storage, all the end point landscapes that's only getting worse for the cloud, because now there's more services with more varieties across more cloud vendors. How do you get visibility on that? >> Right, right. >> And you need products at those different junctures, 'cause protect and prevent and defend is still an important function for CSOs, but when we know that you can't prevent everything. >> Right. >> And things will go wrong, how do you know that, that is actually occurring? And what the splunk value prop is, we are the, we don't have as much of a point of view on any one product, we aggregate data from all the products, which is why so many people are partners, and then help companies with both raw investigations, given that if something goes wrong with our schema less data structure, but then also with effective monitoring and analytics that's correlating data across those tens, hundreds or thousands of different technologies. So you can get a better feel for what are the patterns that make sense to pay attention to. >> I think you just gave me like 10 questions to ask just in that answer, you covered it all. 'Cause the other thing, you know, there's also IoT now and OT and all these connected devices so, you know the end points, the surface area, the throughput is only going up by orders of magnitude. >> Without a doubt. >> It's crazy. >> I saw some stats the other day that, globally at this point there's, I may get these off by one digit, but lets say there's 80,000 servers that are the backbone of the entire internet. There's already over 11 billion connected devices, going back to that IoT theme. So the ramifications at the edge and what that means are so profound and companies like Forescout, as a key partner of Splunk's, help make sure that you're aware of; what are all the different elements that are ever hitting my network in a way. And what do they look like and what, what should I be doing, as different things pop on and pop off and, again, we're trying to be the interpretation and brain layer for that, so that they are more and more intelligent to the actions they're taking, given their depth of domain, their deep knowledge of what a camera should look like, or what a windows PC should look like or what a firewall should look like given the configurations that are important to that company. >> Before we turned on the cameras you made an interesting comment. We used to talk about schema on read versus schema on write, that was the big, kind of big data theme, and you guys are sitting on a huge data flow, but you had a really kind of different take, because you never really know, even with schema on read it seems you know what the schema is but in today's changing environment you're not really sure what it is you're going to be looking for next right? And that can evolve and change over time, so you guys have kind of modified that approach a little bit. >> Yeah, I think we are this year you'll see us really reemphasizing that core of Splunk. That the reason you'd have an investigative lake, and I don't think most people know what a schema is period, much less read or write so my new terminology is hey you need a very thorough investigative lake. Going back to the discussion we were having, with so much surface area, so many network devices, so many servers, so many end points, what tool do you have that's reading in data from all of those, and they all are going to have crazy formats. The logs around those are not manageable. To say you can manage logs and centralize. Centralized logs I get, manage those words don't work together. >> Right. Logs are chaotic by nature, you're not going to manage them, you're not going to force every developer and every device to adhere to a certain data structure so it can neatly fit into your structured database. >> Right. >> It is too chaotic, but more importantly, even if you could you're going to miss a point, which is, once you structure data, you're limited with the types of questions you can ask, which means you had to visualize what the questions would be in the first place. In this chaotic environment you don't know what the questions going to be. The dynamics are changing way to quickly, so the investigative lake is truly, our index is not schematized in any way, so you can ask a million questions once versus a schematized data store where it is; I ask one question >> A million times. a million times. And that's super efficient for that, but, the uniqueness of Splunk is, the investigative lake is the fabric of what we do, and where I think our customers, almost have forgotten about Splunk is, read all that data in. I know we've got a volume based licensing model that we're working on customers, were working to solve that for you, that's not the, I'm not trying to get data in so that we can charge more, I'm trying to get data in so that everybody has got the capacity to investigate, 'cause we cannot fail in answering what, why, when, where, how, and stuff'll go wrong, if you can't answer that, man you're in big trouble. And then on top of that let's make sure you've got right monitoring capability, the right predictive analytics capability; and now with tools like Phantom, and we bought a company called victorOps, which is a beautiful collaboration tool, let's make sure you've got the right automation and action frameworks so that you can actually leverage peoples skills across the investigative, monitoring and analytical data stores that at Splunk we help with all four of those. >> Right, right, again, you touch on a lot of good stuff. We could go for hours but we don't have you all day. But I want to follow up on a couple of things, because one of the things that we hear over and over and over is the time to even know that you've been breached. The time to know that you have a problem, and again, by having all that data there you can now start adjusting your questions based on that way you now know. But I think what's even more kind of intriguing to me is, as nation states have become more active, as we've seen the politicalization of a lot of things, you know, what is valuable today is a much varied, much more varied answer than just tapping into a bank account or trying to steal credit card numbers. So it really supports, kind of this notion that you're saying, which you don't have a clue what the question is that you're going to need to ask tomorrow. So how do you make sure you're in a position, when you find out what the question is, that you can ask it? >> And that's the design architecture I like about splunk as a company is that our orientation is, if you're dealing with a world of chaos, allow that chaos to exist and then find the needles in the haystack, the meaning from that chaos, and then when you find the meaning, now you know that a monitor is worthwhile, because you've validated root cause and it exists. And when your monitor is kicked a few times, and you know it's legit, build a predictive routine, because you now know it's worth trying to predict, because you've seen this thing trip a number of times, which inverts the way that most people, that all of us were taught. Which is start with the end in mind, because garbage in equals garbage out, so be really thoughtful in what you want and then you can structure everything, it's like well, that's not the way the world works. What if the question we asked 15 years ago was, what if you couldn't start with the end in mind, what would you have to do? Well you'd have to have a schema less storage vehicle and a language that allows you to ask any question you want and get structure on the question, but then you still need a structure. So you're going to structure them one way or the other, how do you make sure you've got high quality structure, and in our dynamic landscape that's always going to change. >> Right, well the good news is 2020 next year so we'll all know everything right? >> Yeah, exactly. >> We'll have the hindsight. So the last thing before I let you go is really to talk about automation, and just the quantity and volume and throughput of these systems. Again, one, escalating, just 'cause it's always escalating, but two, now adding this whole connected devices and IoT, and this whole world of operational technology devices, you just, you can't buy your way out of it, you can't hire your way out of it, you have to have an increasing level of automation. So how are you kind of seeing that future evolve over the next couple of years? >> I've been meeting with a lot of customers obviously this week, and one of them said, the interesting part about where we are now is, you can't unsee what you've seen. And where we were five years ago, as most people in security and IT; which are natively digitized, they still didn't know how to wrap there arms around the data. So they just didn't see it, they were like the ostrich. Now with tools like Splunk they can actually see the data, but now, what do I do with it? When I've got a billion potential events per day, how do I deal with that? And even if I could find enough manpower, the skills are going to be changing at such a constant basis, so I think this security, orchestration, automation, response; SOAR, area and we were fortunate enough to form a great relationship with phantom a couple of years ago and add them to the Splunk fold, exactly a year ago, as, I think, the best of the SOAR vendors, but it's a brand new category. Because companies have not yet had that unseeing moment of, holy cow, what do I do, how do I even deal with this amount of information? And adding in automation, intelligent automation, dynamic automation, with the right orchestration layer is an absolute imperative for these shops going forward, and when I look at a combination of phantom and their competitors there's still less then a thousand companies in a sea of a million plus corporate entities, globally, that have licensed these products. So we're at the very beginning of this portion of the wave. But there's no way that companies will be able to be successful without beginning to understand what that means, and wrapping their minds around how to use it. What we're so excited about with Splunk, is traversing investigate, monitor, analyze and automate up and down continuously, we think is the key to getting the best value from this really, really diverse and chaotic landscape and then having phantom as part of the fold helps a lot, because you can get signal on, did I do the right automation? Did It actually achieve the goal that my brain told me to do, or not? And if not, what do I adjust in the brain? Do I go after different data, do I structure the data a different way? But that up and down the chain of check and balance, am I doing the right stuff is something that-- >> And do it continuously. >> It's got to be continuous. >> It's got to be continuous. So we're sitting in the Forescout booth, so talk about how Forescout plays. I mean you guys have been sitting on those (mumbles), really fundamental core date, they're really kind of been opening up a whole different set of data, so how is that kind of working out? >> Yeah, so I'm really thankful for the relationship, mostly because they're a great company and I love their CEO, but mostly, if you go customer back, it's a very important relationship. Which is the proliferation of devices, developments continues to grow, and most companies aren't even aware of the number of devices that exist in their sphere, much less how they should look, and then what vulnerabilities might exist because of changes in those devices. So the information flow of, here's what's in the eco-sphere of a customer into Splunk is really helpful, and then the correlation that Splunk drives, so that Forescout gets even more intelligent on what corrective actions to what type of actions period do I take across this sea of devices is a really important and beneficial relationship for our customers. >> Excellent, so I'll give you the last word, little plug for Splunk.conf coming up in October. >> Yeah, I'm really excited about conf, excited to have you guys there again. We've been on a really intense innovation march for the past few years. This last conf we introduced 20 products at conf, which was a record. We're trying to keep the same pace for conf 2019 and I hope that everyone gets a chance to come, because we're going to both be, moving forward those products that we talked about, but, I think really surprising people, with some of the directions that were taking, the investigate, monitor, analyze and act capabilities both as a platform and for security IT and our other key buy-in centers. >> Alright, well we'll see you there Doug, thanks for stopping by. >> Thank you, Jeff. >> Great seeing you. >> He's Doug, I'm Jeff, you're watching theCUBE, we're in the Forescout booth at RSA Conference 2019, thanks for watching we'll see ya next time. >> Thank you. (electronic music)

(upbeat music) >> Live from San Francisco it's theCUBE, covering RSA Conference 2019. Brought to you by Forescout. >> Hey welcome back everybody Jeff Frick here with theCUBE, we're at the RSA Conference in Moscone in San Francisco, they finally got the conversion done it looks beautiful, it's keeping the atmospheric river out (laughs) it didn't do that last week, but that's a different story for another day. We're excited to have our very next guest he's Joe Cardamone, he's the Senior Information & Security Analyst and North America Privacy Officer for Haworth. Joe great to meet you. >> Thank you, thanks for having me. >> So for the people that don't know Haworth, give us kind of the quick overview on Haworth. >> Well Haworth is a global leader in commercial office interiors. They create seating, desks, dynamic work spaces, raise floors and movable walls. >> Okay, so really outfitting beyond the shell when people move into a space. >> That's correct. >> So what are your security, that sounds like, like mobile walls and desks and the like, what are some of the security issues that you have to deal with? >> Well obviously intellectual property is a big concern, protection of our, we call our employees members. So the protection of our employee member data is important to us, customer data, supplier data, so protection of those key data elements and our assets is a priority in my role. >> Okay, so we're in a Forescout booth, you're using their solution, you come in and Mike tells us you're connected to the network, it crawls out and tells us all the devices. How did that go? How well did it work for you guys? >> It was a fantastic experience for us to be honest with you. From the point that we deployed the ISO onto a virtual instance, about seven hours later we had gotten 97% visibility on our network. And not just data, actionable data which was really important in our use case, >> Yeah keep going, So, well I was just going to say how many surprises did you get after those hours when you got to report back? >> Oh we had quite a number. We were anticipating about 8,000 IPs we landed at about 13,000, so there was quite a bit more end points that we discovered, after implementing the product. One of the bigger pieces that we found was that our showrooms out in global sectors like Asia and Europe, had a bunch of APs that were stood up, you know some sales people thought that they wanted to plug them into a network jack and stand up their own wireless networks, we had found them and we were able to squash them pretty quickly, and that was within 24 hours of implementing the product. >> So you're expecting 8,000 you got 13,000 more than a 50% increase over what you thought? >> Quick math, correct, yes. >> I'm no quick and dirty math guy. I'm not a data scientist. >> I'm not either. >> Okay, so and then how many things did you have that were custom that needed to be added to the library? >> I'm going to say about 10 or 15 units, we have some that we produce. Haworth creates a unit called the Workwear unit which is a screen presentation casting device, and what that device does, it sits on our production network and in order for us to be able to demo that device we had to punch holes in our firewall. Very manual process, those devices move around very often and it was really hard for our IT teams to keep up with. How those devices move, how dynamic they are and you know code revisions, we're living showrooms so nothing stays in one spot at one time. The Forescout was able to very easily identify them using a couple of pieces of information that it gathered, and by using the Palo Alto Networks plugin, we were able to then dynamically punch holes through our firewall to our guest network for just those IPs, in just those services, and just those ports to enable our guests coming in who are looking to purchase the product to actually test drive it, and really have a good use with the product before purchasing it. >> So the guests that you're talking about are your customers, right? >> Our customers, correct yes. >> And when you say they wanted to test drive it, were they, do you let them go test drive it at their local office? Or are you let them drive their own content on it back at your like, executive briefing center? >> How does that mean, cause you're talking about punching a holes, right so that doesn't just happen without some thought. >> No it doesn't, exactly, and the thought was we can't sell a product if we can't demo it, and you come into Haworth, you're my guest. I want you to see the power of my product. I want you to use your laptop, your content on my screens and my space. How can we do that while protecting my digital network? And that's what the Forescout enables us to be able to do as part of our microsegmentation strategy with the Forescout. >> And then you said that that was tied to sub-functionality in a Palo Alto Networks device. >> That's correct. Like I mentioned earlier, the ability to have actionable data was one of our key points in purchasing employing the Forescout unit. We're experiencing a lot of growth, and the way we're treating our growth is, we're treating these companies like they are BYOD. We want, we're buying their brand, we're buying their ability to sell their product. They know their product, they have passion about their product. >> So these are new product lines within your guys total offering? >> Correct, yes. >> Okay. >> And what we wanted to do when we started to integrate the IT side of the world, we wanted to be able to keep them operating on their own. So, we're using the Forescout to be able to look into their network, and looking at a couple of key variables on their machines, say, do you meet this criteria? If you do then we're going to allow you to egress through our Palo Alto firewall using the Palo Alto Networks module on the Forescout, to be able to egress into our environment. If you don't meet that criteria, then you're just not getting in period. So we're able to provide a measure of control, trust but verify to the other networks that we have before their devices come into ours. >> So you're doing that you're adding all these, all these devices, you talk a lot about stuff that's actionable. What did you have before, or did you have anything before? What types of stuff that is actionable, how do you define actionable and I wonder if you could give a couple of examples. >> Sure that's actually really easy. When I say actionable data, I'm able to look at let's just say your laptop sitting here, with the Forescout, I can gather any multitude of data off of it, patch levels, OS levels, software installed, processes running, what switch port you're on, what wireless AP you're on, and off of all that information, I can make any number of decisions. I could move you to another VLAN, I could move you to another security group, I can tag your machine, I can send a trap to my SIM, and be able to record whatever data I need to record. In our use case, using the data that we're gathering from the affiliate networks and from the work wears we're able to then take action to say, yes this device meets our criteria, we can now send that data up into the Palo Alto and then tie it to a rule that exists to allow or disallow traffic. You know, with the fact that it's a single pane of glass, the fact that I can have my help desk go in and make decisions based on data that they're getting, based on actionable data, based on other pieces of data that are getting fed in through my environment, like indicators of compromise. I can enable my level one staff to be able to make level three decisions without giving them keys to the kingdom. Which I think is a big value with the Forescout. >> That's pretty impressive, cause that really helps you leverage your resources in a major major way. >> Correct, I'm a team of three. >> You're a team of three. >> Yes. >> (laughs) So more specifically I guess generally you know, talk about the role of automation because I don't know how many transactions are going through your system and how many pings are coming in but you said 13,000 devices just on the initial, on the initial ping, so how are you leveraging automation? What what's kind of the future do you see in terms of AI, machine learning and all these things we hear about because you can't hire you're way out of the problem, you've only got three people. >> Correct, correct right now we have limited staff but our skill set's fantastic. I'm blessed to have a team of really fantastic engineers that I work with. That being said, how the Forescout's helped us is being able to take some of the load off of them by automating tasks and some of that might be we have a machine that is not patched. We can identify that machine, put it into a group. Our servers are actually being patched by the Forescout right now, we're using that as a way to identify vulnerabilities, missing patches and then stage them into groups using the policies within the Forescout to be able to push down patches and you mentioned earlier one of the products that we had they gave us this visibility. We didn't really have anything. We had Forescout a number of years ago but we had some administration changes and we revamped our entire tool set. We came back and repurchased and re put in the Forescout in 2015, and that's where we've really been able to develop our current use cases and the strength behind the Forescout implementation that we have now. >> Right. And I'm just curious before we close are you, are you putting more IP connectivity on all of your kind of core SKUs? Are you seeing a potential benefit to put an IP address on a, on a wall, on a cube, on a desk, on all that stuff? How do you kind of see that evolving? >> I honestly see IoT being, you know, it's evolving very quickly obviously. We've got, we have IP addresses on our window blinds, you know. >> On your window blinds. >> Yeah, on our window blinds, so that they can control the amount of sunlight coming and we're LEED certified building. So we have all of these different IoT devices that control sunlight, control climate control in the building and obviously our production facilities have a lot of IoT devices as well and the Forescout helps us to be able to segment them into the correct VLANs, apply virtual firewalls, apply different changes to their own network. It gives us a lot of visibility and gives us a lot of control because of the granularity that it just natively collects. >> Right right. Well Joe, it's such a cool story you know. IP on shades that's my, that's my lesson of the day. (laughs) That it just shows that there's just so many opportunities to leverage this new technology in a very special way, but the complexity grows even faster right? >> It certainly does. >> Alright well thanks for taking a few minutes and I really enjoyed it. >> Awesome. >> Alright he's Joe, I'm Jeff, you're watching theCUBE. We're in the Forescout booth at RSA North America in Moscone Center thanks for watching we'll see you next time. (upbeat music)

>> Live from San Francisco, it's theCUBE, covering RSA Conference 2019. Brought to you by Forescout. >> Hey, welcome back everybody, Jeff Frick here with theCUBE, we're at the RSA Conference in downtown San Francisco, it's crazy, 40,000 plus people, we'll get the number later today. We're in the Forescout booth for our first time, we're really excited to be here, and, you know, part of the whole Forescout story is the convergence of IT and OT, operations technology, and those things are coming together, which is such a critical piece of smart things, and smart cities, and smart cars. We're excited to have our next guest, Elisa Costante, on. She is the OT technology and innovation lead at Forescout. Elisa, great to see you. >> Great to see you, thank for having me. >> Absolutely. So you've got a PhD in this space, you picked a field that is pretty hot, so as you think back and look at the convergence of OT and IT, what are some of the top-level things that people are thinking about, but what are some of the top-level things that they're just missing? >> Well, when you speak about OT, typically you refer to critical infrastructure and the technology that operates things. So it's cyber-physical systems, right? And when you think of IT, you think about computer and you think about the web, and you're like, okay, when the two things meet? And then you put in the recipe, you put something like an IoT device, like an IP camera, or a sensor for the number of people in a room. Now these whole things are coming together. And they're coming together because they come with a lot of interesting use cases. You can have all the data and information to configure, for instance, your building, to be as smart as possible, and to have. >> They need smart wheels on that cart, my goodness. >> Of course. And you have a clear picture of how much energy you consume and then you can basically have the energy that is cheaper, because it just arrives in the moment that you need it. Now all of these things are IT and OT convergence. And all of these things make our cities and our world smarter today. >> Right, now one of the interesting things I saw in a talk getting ready for this is, you talked about, there's always been a lot of OT systems, they've been around for a while, >> Yeah. >> But they've always been siloed, you know, they haven't been connected to other OT systems and much less being connected to IT systems. >> Yeah >> So they weren't architected for that from the first point of view. So how does that get implemented? Are they re-architecting 'em? Are you guys overlaying a different kind of control plane? How do you take these siloed applications around, say, elevator operation, and then integrate it in with all these other things? >> So what happens is that those systems are legacy systems. That's why. There are like, 60% of the modern buildings, of the buildings today, they have, they are controlled and managed by system that are 20 years old. So what does it mean? That you make an investment and you don't want to change that investment. You are not going to renew all the backbones of your buildings, or of your manufacturing and operation factories. So what do you do on top of these legacy system that have been developed without security in mind, you put the IT systems, to monitor, to control, to have remote access and remote control. And this is where, like, things can go wrong, because if this is not done properly, and by having in mind, for instance, the threat landscape, that's where you will have the controller for your HVAC exposed to the internet, and can pull down all the air conditioning in a hospital, for instance. And that's why WannaCry can come and heat and put down tons and tons of hospitals. >> Right. It's pretty interesting, you know, I think it's a pretty common concept in security for people that you should only have access, you know, to the information you need around a particular project or particular dataset. But you talked about, in some of your other talks that I saw, about a lot of these devices come out of the box with all kinds of capabilities, right? 'Cause they're built for kind of the Nth degree, the maximum use, but there may be a whole bunch of stuff that's turned on out of the box that you probably need to turn off. >> Yeah, that's actually super interesting. If you look at IP cameras, now IP cameras, they should do one thing, record stuff that they see on the screen. But actually they come with a bunch of protocols indeed, like FTPs, Samba protocols, SSDP, that announce the camera on the network, and reveal a lot of information about those camera on the network that if RPCed by an attacker or by someone with not-good intentions, might actually be leveraged to turn the camera against the owner of the camera itself. >> Right, right. And do weird things that the camera should not. And that's really part of what the Forescout solution is, is making sure that the devices are profiled and acting in the way that they're supposed to act. And not doing stuff that they shouldn't be doing. >> Yeah, Forescout is a leader in device visibility. So what we do is we enter into a network, and we give full visibility of all the IP devices that are there, and that's most of the times is a wow effect, like, the asset owner has no ideas that they had a camera that was directly connected to the internet. Or they'd have a thermostat that communicates with the servers. So all of these things, we bring basically light on the dark sides of the network. >> Right. So excited to talk to you 'cause I think the smart cities and smart buildings is such an interesting concept and going to be so important as we get denser populations and smaller areas that connected to transportation. I wonder if you could share some examples that you see out in the field where the ROI on putting these things in, the good part, is way higher than maybe people expect. That because you're combining, you know, a one plus one equals three kind of an opportunity. >> Right, so actually, one example of a very useful and smart use case is, is happening in Amsterdam right now. The Bijlmer Arena, is basically all the walls are made of solar panels, which means it gets the energy and is able to basically self-sustain the arena. The arena is one of the biggest stadiums in the Netherlands. >> Ajax plays there probably? >> Exactly. >> Alright. >> Now what they do if they have collected more energy than they are able to consume, they provide that same energy to the neighbors. Which means that you have basically a small ecosystem that thanks to the collection of data, knowing what neighbor needs how much light and energy in a certain time, you can actually even improve sustainability and going green initiatives. >> I love the innovation that comes out of the Netherlands. We interviewed a company a long time ago, and they were basically doing segmented data centers, where you would have a piece of the data center in your house and they were selling it as free heating. And I'm like, is it free heating, or is it distributed data center? But I mean, the creativity is terrific. So as you look forward, you know, what are you excited about in 2019? What are some of your top initiatives that you're working on? >> So we are working on a lot of IT and OT convergence, and especially on the IoT part. So we are looking at all those tiny devices that you would not expect to be on your network, and what they can do, and how these old systems that have been conceived to be standalone are now starting to communicate, and what kind of threats this communication can bring, and what we can do to actually defend our customers from the threats that can be arised. >> Going to be a good year. Excited to watch the developments unfold. >> Yeah, thanks. >> All right Elisa, thanks for taking a few minutes of your day, I know you said you had early meetings, you're calling Europe, calling all over the world, so thanks for taking a few. >> Thank you for having me. >> All right, she's Elisa, I'm Jeff, you're watching theCUBE. We're at RSA Conference, RSAC is the hashtag, in the Forescout booth. I'm Jeff Frick, thanks for watching. >> Thank you. (upbeat music)

>> Live from San Francisco, it's theCUBE! Covering the RSA Conference 2019. Brought to you by ForeScout. >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at RSA at Moscone at downtown San Francisco. We're in the ForeScout booth, our first time in the ForeScout booth, we're really excited to be here and we're talking about cyber security, I don't know what the official number is this year, probably 45 thousand professionals walkin' around, talkin' about security. And we've got our next guest on, he is Russell Jones, partner on cyber risk services for Deloitte. Russell, great to meet you! >> Same to meet you as well. >> So, I asked him before we turned on, what's getting you excited these days and he said, everything! So, this is a crazy busy space. What have you been working on lately, what's kind of your take away from the first couple days at the show? >> Yeah, it is a crazy, busy space and if you look at the cyber landscape, everything's moving at the speed of the internet, so it's this cat and mouse game in terms of attackers trying to find new ways to get into systems that is driving the industry. When you talk about health care though, the issue is these systems, like medical devices, often times are connected to people. >> Right. >> And so, the implications of a hack against, let's say, a MRI machine or a fusion pump, could be devastating to an actual person connected to it. And that's really what's driving a lot of innovation in terms of some of the technologies you see, like ForeScout, and also, a lot of what's going on from a regulatory perspective, and also the hospitals and the health care system themselves. >> Right. >> Trying to solve that problem, managing cyber risk as it relates to clinical technology. >> And a lot of that stuff wasn't connected before, right? There weren't IP addresses on every MRI machine or all these pump machines or, you know, you have a pacemaker, all these things. How are they looking at kind of the risk reward from a connected device that gives you all kinds of benefits-- >> Yeah. >> but it does open up this attack surface that previously had maybe an air gap there? >> That's a great point, bottom line is the life saving, life extending attributes of these medical technologies and medical devices far outweighs the risk of cyber, however, we got to be smart about managing that risk. So, we're going to see more connectivity, not less. Train's left the station, in terms of what's coming and in the future of the healthcare, connecting more of, not only the medical devices, but the information in them and being able to share that and then bring it together and aggregate it in ways that, you know, with analytics on top of it allows doctors and researchers in the clinical community to connect dots in ways that solve cancer, solve some different maladies that have plagued us forever. >> Right. >> So I think, on the one hand, it's great, this connectivity is extending healthcare out to people in rural locations and it's also bringing together a lot of different data from everything from your Fitbit to your pacemaker to apps that you have on your phone in a way that's going to benefit us. >> Right, right, so, one of the things about healthcare is they're way out in front of, kind of, not healthcare in terms of regulations. >> Yeah. >> You know, and HIPAA's been around for a long time, GDPR just went into place in Europe last year, so when you look at it from a regulatory environment, which people have to consider, there's not only the complexity of the machines, there's not only the complexity of the security, but you also have regulatory environment. >> Yeah. >> How is the cyber security in healthcare, with their very unique regulations, kind of impacting the way people should think about the problem, the way they should implement solutions? >> That's a good question, I think we've thought about, in the cyber community, forever. We talk about confidentiality, integrity, availability, right, the triangle. When you think about healthcare and clinical technology and medical devices, you need to flip that triangle upside down and the focus is integrity and availability, those things together equal patient safety. So, in other words, as we're connecting more of these devices to each other, to electronic health record systems, to the cloud, the integrity of the information in there, which is being used by doctors and other folks to make decisions about treatment, about surgical procedures, about medicines, it's crucial that that information and the integrity of it is maintained. And then the availability of the device is critical, right? If you're going in to get an MRI and it's down because it's been hacked, there's usually not a spare MRI and so there's a profound impact for patients that are scheduled back to back to back to back to go get that procedure, that MRI that's going to be used by a doctor to do some surgery or some other kind of a treatment plan >> Right. >> So integrity and availability are huge in the cyber world. And, if you look at the regulations, depending on which one we're talking and which part of the world, right? You mentioned HIPAA, we've got security and privacy, you've got GDPR, you've got the FDA that have guidance around what they want the manufacturers to do, building security into the devices. >> Right. >> They all have an impact on cyber and how it's going to be addressed, how we're going to manage cyber risk in the healthcare world. >> Right. >> In that environment. >> And then there's this whole new thing, I went to the Wall Street Journal Health Conference a couple weeks back, I don't know if you were there, but there was two people up where you now you can take your genetic footprint, right? >> Yeah. >> You can take your 23andMe results and after you figure out where your family's from, you can actually sell it back into a research market-- >> Yeah. >> so that doctors and clinicians and people doing trials on new drugs can now take your data in kind of a marketplace, back into a whole nother application so it's kind of outside of the core healthcare system, if you will. >> That's right. >> But I mean, it's basically, it's me, right? (laughs) In the form of my DNA footprint. >> Yup. >> It's crazy, crazy amounts of strange data that now is potentially exposed to a hack. >> That's right, and so the implications there, obviously, privacy, right? That's a huge issue, I think, that we're going to have to address and that's why you see GDPR and that's why you see the California Consumer Privacy Act. >> Right. >> There's a recognition that, again, the train's left the station, there's a lot of good things that come out of sharing data and sharing information, there's a lot benefits that can come out of it for the consumers, patients. There's a dark side as well and that has to be managed. That's why we have the privacy regulations that we have, we're probably going to see more, probably going to see more things like the California Consumer Privacy Act. >> Right. >> More states and eventually-- >> Right. >> probably a federal act for the US. >> Do you think that the healthcare industry is better equipped to deal with GDPR and the California Healthcare Act because of things like HIPAA and they kind of come from that world? Or is this just a whole new level of regulation that they now have to account for? >> I think it's probably a mixed bag. On the one hand, healthcare has been dealing with privacy for a long time, even before HIPAA, right. And then HIPAA has very specific requirements around how you have to manage that information and consent and notifying the patient of their rights. On your other hand, you look at some of the new things, like GDPR, it goes way beyond HIPAA, and I think-- >> It goes way beyond HIPAA? >> Goes way behind HIPAA, like for example, this whole notion of the right to be forgotten. >> Right. >> Right, that's a requirement on the GDPR. That means, me as a patient, if I tell my doctor, I want you to get rid of all my medical records, everything in your system everywhere about me, I want it gone. Not that it makes sense-- >> Right, right. >> but, at least in Europe, if they ask to do that, you have to be able to comply. From a technology perspective and a medical device perspective, some of these devices are very complex, ecosystem of devices, components that make up the product. >> Right >> That's a very difficult thing to do. There's no one delete button-- >> Right. >> that you hit that can delete you from all different instances, downstream from where you came into the healthcare system. >> Right. >> And so, when you think about it from a cyber perspective, it gets to be very challenging. >> The other thing, right, is health care's always under tremendous kind of price pressure from the insurers and the consumers and a bad medical event can wipe-- >> Yeah. >> people out, right? >> Yeah. >> Especially when they're later in life and they're not properly insured, when they're making kind of an ROI analysis on cyber investments versus all the other things they can spend their money on, and they can't spend it all on security, that's not possible, how are they factoring in kind of the cyber investment, it's kind of this new layer of investment that they have to make because all these things are invested versus just investing in better beds and better machines and better people? >> That's the million dollar question. (laughs) I would say, some hospitals and health systems are doing it better than others, so maybe a little bit more further along and mature about thinking about the total cost of ownership and also, the patient factor, right? What has to be balanced, obviously, is not just the costs, but at the end of the day, what's best for the patient. And you hear this term, patient centricity, a lot today. And there's a recognition from all the players in the echo system, it's all about the patient. >> I'm so glad you say that 'cause I think a lot of people probably think that the patient sometimes gets lost in this whole thing, but you're saying no. >> There is an acknowledgement over the last few years and it's called patient centricity, it's an acknowledgement that the way we're going into the future of healthcare and the kinds of medical devices and technology and cloud solutions that are becoming part of the healthcare fabric, they're all being built and geared towards the patient being the center of the equation, not the doctor, not the hospital, it's the patient. >> Right, right, right, that's good to hear. >> And so, to answer your original question, we're in early days and really trying to balance the patient and patient centricity versus we've got vulnerabilities in our environment that could impact the patient and we've only got limited people and costs. >> Right, right. >> Making decisions that kind of balance all of those things. >> Right, alright Russell, last question, we're sitting here in the ForeScout booth. >> Yes. >> Obviously you have a relationship with them, talk about kind of what their solution adds to some of the stuff that you're workin' on. >> So, ForeScout, one of the reasons that we're working closely with ForeScout, their solution, really, they've taken an approach that's holistic around these issues that we're talking about, right, managing cyber risk, complex environment, a lot of different devices that are connected to each other and to the cloud and to the internet. They have built a solution that focuses on ability to have visibility into those devices that are on your network, some of which you may not even know exists, and then being able to kind of build an asset inventory around that visibility that allows you to do things like detect, based on policy, activity that suggests that you might be hacked or there might be some internal processes or players that are doing things that are going to put patients at risk or have you in non-compliance with GDPR, HIPAA and the rest. >> Right. >> And then their solution goes beyond ability to kind of visibility and detect, but to actually do something actionable, right? Security controls and orchestration with other technologies, like Simp Solutions and SOAR Solutions. Being able to orchestrate, hey, I know that I detected some activity on this infusion pump that suggests that we may being hacked, let me send an alert out, but then let me also, maybe, quarantine that part of the network. So, it's the ability to orchestrate between different security technologies that exist in a hospital environment, that's what we like about ForeScout. >> I'm just curious, when they run their first kind of crawl, if you will-- >> Yeah. >> are people surprised at the results of what's on there, that they had no clue? >> I mean, yes and no. >> Yes and no, okay. >> I think, most of the big hospitals that we work with, they know that, what they don't know, and especially when-- >> They know what they don't know. >> you're talkin' about a health system that maybe has a 100 thousand connected medical devices across the health system, they know what they don't know. They're looking for solutions to help them better manage and understand the things that they don't know, that they don't know. >> Right. >> Versus what they do know about. >> Right. >> And I think that's what we bring to the table in terms of kind of cyber risk services Deloitte brings, and then that's what ForeScout brings with their solution to be able to kind of help solve those problems. >> Well Russell, thanks for taking a few minutes out of your day to share those stories, super-- >> Thank you. >> super important work, you know, it's one thing to steal a few bucks out of the bank account, like you said. >> Yeah. >> It's another thing to start taking down machines at the hospital, not a good thing. >> Not a good thing. >> Alright >> Thank you. >> He's Russell, I'm Jeff, you're watchin' theCUBE, we're at RSA in Moscone in the ForeScout booth, thanks for watching, we'll see you next time. (techno music)

(upbeat music) >> Live from San Francisco. It's theCUBE covering RSA Conference 2019, brought to you by Forescout. >> Hey welcome back everybody. Jeff Frick here with theCUBE. We're at RSA North America at the newly opened and finally finished Moscone Center. We're here in the Forescout booth, excited to be here. And we've got our next guest who's been coming to this show for a long, long time. He's Dan Burns, the CEO of Optiv. Dan, great to see you. >> Great to see you too, Jeff. Appreciate you having me on the show. >> So you said this is your 23rd RSA. >> Yeah, somewhere right around there. It's got to be and I don't think I've missed any in between. I've missed some Black Hats in there now and again but RSA is just one of those that that I feel like you got to go to. >> Right, right, so obviously the landscape has changed dramatically so we won't go all the way back 23 years. But in the last couple of years as things have really accelerated with the internet and IoT and OT and all these connected devices, autonomous cars. From a threat perspective and from where you sit in the captain's seat, what are you seeing? What are your, kind of your impressions? How are you helping people navigate this? >> Yeah I appreciate that question, Jeff. So it has changed dramatically. There's no doubt about it. So I got into security in 1996. And that was a long time ago so it's really in the infancy of security. And back in '96 when I remember really studying what security was, and by the way back then it was called information security. Now it's cyber security. But it was really straightforward and simple. There were probably two or three threats and vulnerabilities out there right? Some of the early on one so that's one part of the equation. The second part there were probably two or three regulations and standards out there. No more than that. And then when you went over to kind of the third part of the triad and you talk about vendors and technology there were maybe five or six right? You have McAfee, you have Check Point and you had some of the early, early stage companies that were really addressing kind of simplistic things, right? >> Right. >> Firewalling, URL filtering and things like that. And now you fast-forward to today and it's night and day, so much different. So today when we talk about threats and vulnerabilities there are hundreds of millions, if not billions, of threats and vulnerabilities. Number one, big problem. Number two, regulations standards. There's hundreds of them globally. And number three when you look at our great technology partners here and I think there's probably about 3,500 technology partners here on the floor today. Night and day >> Right. >> Nigh and day from '96 to 2019. And that's created a lot of issues, right? A lot of issues which I'm happy to talk about. >> Yeah, complexity and but you've been a great quote of one of the other things I saw doing the research for this interview. You talked about rationalization >> Yeah. >> and how does a CSO rationalize the world in which you just described because they can't hire their way out of it. They can't buy their way out of it. And at some point you're going to have to make trade-off decisions 'cause you can't use all the company's resources just for security. At the same time, you don't want to be in the cover of the Wall Street Journal tomorrow because you have a big breach that you just discovered. >> Yeah >> How do you help >> it's a balancing act >> How do you help them figure this, navigate these choppy waters? >> Yeah so we think Optiv is in a prime space to do that and place to do that. No doubt about it. So let's talk about the complexity that's out there. Now you look at the landscape. You look at the 25, 35 hundred different technology companies out there today. And when we talk to a typical client and we ask a question. How many vendors, how many OEMs do you have to deal with on an annual basis and the response, of course, depending on the size of the organization but let's just take your average small, mid-sized, enterprise client, the response is somewhere between 75 and 90 partners. And then of course we've got shot on our face. >> Just on the security side? >> Just on the security >> That's not counting all their CRM and all their >> That's not IT, that's not anything. That is just to solve >> 75? >> and build their own security programs. And the next response we get from them is we can't do it, we just can't do it. We spend about 90% of our time acting as if I'm the CSO right now, 90 plus percent of our time working with all of these wonderful, great technologies and partners just to establish those relationships and make sure we're going the right things by them and then by us. And so given this complexity in the marketplace, everything that's going on, it's just a prime scenario for what we call ourselves is a global cyber security solutions integrator, right? Being able to, for a lack of a better term, be the gatekeeper for our clients and help them navigate this complexity that's out there in the space. And so the value that we bring, I talk about it in terms of an equation, right? We're all mathematical in nature, typically people in cyber and so when I think about cyber, I think about equations. And the first equation I think abut is a very simplistic one. It's people, it's process and technology. And you need equal focus on all three of those parts of the equation to truly balance things in a matter where you're building a very effective security program. And historically CSOs have really leaned towards the technology side of that equation. >> Right. And now what we're seeing is a balance like we've got to worry about people, right? We've got to find people with that intelligence and knowledge and know-how and wherewithal, right? And we've got to find companies that have that process expertise, the processes, a means to an end. How do I get to a certain outcome? And so what we bring is the people process and technology. All sides of the equation with the ability in masses to help clients plan, build and run their entire security program or parts of it. >> So how, how is it changed with a couple things like cloud computing. >> Yeah. >> So now I'm sure the bad guys use the cloud just like the good guys use the cloud. So the type of scale and resources that they can bring to bear are significantly higher. Just the pure quantity of and variability using AI and machine learning and as we saw in the election really kind of simple Facebook targeting methods that most marketers use, that work at REI to get you to buy a sleeping bag if you looked at tents on your last way in. So how is the role of AI and machine learning now going to impact this balance? And then of course the other thing is all we see is so many open security jobs. You just can't hire enough people. They're just not there. So that's a whole kind of different level of pressure on the CSO. >> Yeah definitely no doubt about it. And there are few companies that can truly build that have enough budget to address cyber on their own. And those today are typically the large financial right? They're typically given massive budgets. >> Right. >> They have massive teams and they're able to minimize the partnerships and really handle a lot of their own stuff internally and go out for special things. But you look at the typical company, small, mid, even some of the large enterprise companies. No, they can't find the resources. They can't get the budget. They can't address everything. And to your point around digital transformation and what's going on in the world there. And that's probably what continues to support 3,500 technology companies out here. >> Right. >> Right? It's the continuous change >> Right. >> That we see in the industry every single day and of course cloud is one of the most recent transformations and obviously a real one which opens up other threat factors and other scenarios that create new vulnerabilities, and new threats and so that the problem just keeps getting bigger exponentially >> So you come in for another 20 years? Is that what you're saying? (laughing) >> How you're, come for another 20 years. I think though eventually, Jeff, I can remember I kind of poke fun at this a little bit. I can remember I think it was Palo Alto, there was a first company that said, hey we're a platform company. And I think that started happening whatever, it was roughly seven years ago. We're a platform company. And I can remember so many people kind of pooh-poohing that. Right, you're not a, nobody's a platform company. Fair enough, fair enough back then. But I'm going to say, fast-forward to today and that's what it's going to happen, have to happen in this industry, Jeff. >> Right, right. >> Eventually we will have to have some large platform companies that can address multiple things within a client's environment, right? And then there will always be the need to to fill gaps with some of the other great new emerging technologies out there so maybe we won't have 3,500 vendors in ten years. Maybe it's 2,000 so there will be consolidation. There will be the platform play >> Right. >> that happens. >> But then you have the addition of public cloud, right? So now a lot of, a lot of infrastructures, they've got some stuff in public cloud. They still have some stuff on their data center, right? So this is kind of hybrid world. Then you add the IoT thing and the OT connectivity back to the IT which is relatively new. So now if you've got this whole other threat factors that you never had to deal with before at all. It's the machines down on the factory floor. You had been pumping out widgets for a long time that are suddenly connected the infrastructure. So the environment that you're trying to apply security to is really evolving at a crazy pace. >> That is, it's a great industry to be in. (Jeff laughs) Every day I wake up, pitch myself I think all our guys do. >> Right. >> What's amazing, I don't see that slowing down, right? So I think that's why some of that balance continues to be there in the future. One of the things that we're seeing in our industry is companies really trying to take this inside-out approach as opposed to this outside-in approach. And I'll tell you the difference. The outside-in approach is it's all of this chaos, right? It's all the chaos that's behind us and we see it right here. It's everybody telling you what you need >> Right. >> and you build it, you building a security program around what's being fed to you externally as opposed to really taking a step back looking at your organization understanding what your company's initiatives and priorities are, right? And your own company's vision, mission and strategy. And I tell people all the time, I don't care if they're part of our company or any company, first thing you should do is understand the vision and the mission and the strategy of the organization you work for. And so that's part of the inside-out approach. Understanding what your company is trying to accomplish and is a security practitioner really wrapping your arms in your mind around that and supporting those initiatives and aligning your security initiatives to the business initiatives >> Right. >> And then doing it through a risk management type of program and feeding that risk management dashboard and information directly to the board >> Right. >> So. >> So I'm curious how the how you approach the kind of the changes now we have state-sponsored attackers. And how, what they're trying to get and why they're trying to get it has maybe changed and the value equation on your assets, that clearly some assets are super valuable and for some information and some things that are kind of classical but now we're seeing different motivations, political motivations, other types of motivations. So they're probably attacking different repositories of data that you maybe didn't think carry that type of value. Are you seeing >> Yeah. >> kind of a change in that both in the way the attacks are executed and what they're trying to get and the value they're trying to extract then just kind of a classic commercial ransomware or I'm just going to grab some money out of your account. >> Yeah I think, I think you are right. And it kind of goes back to the earlier part of the conversation, the number of devices that the attackers can attack are almost infinite right? >> Right. And especially with the edge right? With IoT it's created this thing we call the edge. Devices on street lights. Devices on meters. Devices here, devices there. >> Right, right. >> So the number of devices they can go for is ever increasing, right? which continues to support the need >> Right. and the cause that we all are a part of. And in the ways they're going to do that is going to change as well. There's no question about it. Yeah, so we've seen different ways of doing it. Yes there's no question about it. Back to the state-sponsored it's kind of stuff the way I look at cyber and probably one of my biggest personal concerns is I think about us, people and family right? We all have family is that cyber and ultimately cyber warfare has created this levity, or equalness in terms of countries, right? Where a country like the U.S. or Russia or somebody with massive resources around physical weapons are now no longer necessarily as powerful as they were. So brevity it's just created this field, leveling playing field. So countries like North Korea, countries like Afghanistan and others have a new opportunity to create a pretty bad situation. >> Right, right. And we haven't seen cyber warfare quote and unquote yet. We would call it something a little because they haven't really used it as a mass weapon of destruction but the threat of that being there >> Right. is creating a more of a even playing field. >> Right. >> And that's one of my biggest concerns like what's the next step there. >> Right, and the other thing is really the financial implications. If you don't do it right, it's beyond being embarrassed on the Wall Street Journal. But right GDPR regulations went into place last year. It's now the California data privacy law that's coming into place. >> Yeah. >> People are calling it kind of the GDPR of California. And that may take more of a national footprint as time moves on. It's weird on one hand we're kind of desensitized 'cause there's so many data breaches right? You can't keep track. We don't actually flip past that page on the wall. >> I can't keep track. But on the other hand there is this kind of this renewed, kind of consumer protection of my data that's now being codified into law with significant penalties. So I wonder how that plays into your kind of risk portfolio strategy of deciding how much to invest. How much you need to put into this effort because if you get in trouble, it's expensive. >> Yeah it is. So can be and it will be and it will get even more expensive. And we're still waiting for the lawmakers to levy some pretty heavy fines. We've seen a few but I think there's going to be more and I think you do have to pay more attention to regulations and compliance. But I think it is a balancing act. Back to our inside-out approach that I was talking about. A lot of companies when PCI came out, as you know, Jeff, a lot of companies were guiding their security program by PCI specifically >> Right. >> and only, and that's a very outside-in approach, right? That's not really accounting for the assets that you were talking about earlier. Not all of them. >> Right. >> Some of them. And so I think that's a great point, right? As a CSO, the first thing you've got to understand is what are your assets? What are you trying to protect? >> Right. And our friends here at Forescout do a great job of giving you the visualization of your network, understanding what your assets are. And then I think the next step is placing a dollar value on that. And not many people do that, right. They're, oh here's my assets. >> You're paying >> This one's kind of important >> This one's kind of important. But to get buy-in from the rest of your organization, you need to force the conversation with your counterparts, with your CFO, with your CMO, with anyone who's a partial owner of those assets >> Right. and make them put a dollar amount on. How much do you think that the data on the server is worth? How much do you think the data on this server, how much do you think, and inventory that is part of the asset inventory. And then I think you've got a much better argument as it relates to getting budget and getting buy-in. >> Right. >> Getting buy-in. And I see it a lot where CSOs tend to be, most tend to be a little bit introverted right? >> Right. >> They'd rather hang out there on the second floor and be there with their team. Take a look at the latest threats. Take a look at what's going on, with their (coughs) logs and their data and trying to solve really critical problems. But my recommendations to CSOs is man, build tight relationships across the entire organization and get out there, be out there, be visible. Get buy-in. Do lunch and learns on why cyber is so critical and how our employees can help us on this journey. >> Right, right. Dan you trip into a whole other category that we'll have to leave for next time which is, what is the value of that data 'cause I think that's changed quite a bit over the last little while. But thanks for taking a few minutes >> Absolutely, Jeff. and hopefully have a good 23rd RSA. >> Thank you very much. >> All right. >> I appreciate it. >> He's Dan, I'm Jeff. You're watching theCUBE. We're at RSA in North America at Moscone at the Forescout booth. Thanks for watching. See you next time. (upbeat music)