(upbeat music) >> Hey welcome back everybody, Jeff Frick here with theCUBE. We are live at Moscone Center at the RSA Convention. 40,000 security professionals are here, talking about security. This thing grows every single year. We're happy to be here and excited for our next guest, Ajay Gupta. He's the Global Director, Product Marketing and Management from Huawei. Welcome. >> Oh thank you, Jeff. Pleasure to be here. Thanks for your time. >> Absolutely, so you've been coming here for years. You laughed at me when I asked how long you've been coming here. >> Oh it's been ages, you can look at me and you can imagine. >> No, look, all hairs still dark. >> Oh come on, you're being too nice to me. >> So what's really changed, as you've been coming for years. Kind of at a global perspective? >> Yeah, yeah I think we've seen the nature of security change, the nature of threats change. The different companies have changed actually over the years. The crowd has gone up and swelled like 40,000 you mentioned. So, we really think this show has really become the gold standard for the trade shows when it comes to security. We weren't there at RSA but last few years we have made it a point to be here every year to talk to the customers here. >> Yeah. >> And you meet all the people from all over the world. That's the best part, customers, partners, everybody. >> It's interesting because a big part of the theme here is collaboration and ecosystem. And nobody can do it alone. Everyone covers different pieces of the puzzle. I know you guys are trying to grow your ecosystem. What does ecosystem mean to Huawei? >> Absolutely. I think we do believe from a security perspective no single vendor can offer the best of the breach security to their customers. We really need partners, the ecosystem. Huawei has something called being integrated. That is, bringing the partners onboard to offer different pieces of the puzzle. In fact it's a good point to mention. We are announcing two announcements this morning actually. The first one what we'll talk about is Avira. It's the best AV engine company in Germany. Huawei really recognizes the importance of the AV. So we are bringing their AV engine on the Huawei's next generation firewall. It really brings two things. Performance and accuracy. That's what people need from a AV point of view. The second announcement we're going to make really is what's called the Huawei USG9000V. It's a security gateway actually. So as the cloud's proliferation, as people are moving to the cloud, as people are using more and more SAS applications, you're going to see lot more security building from the cloud perspective. Our USG9000V is actually the perfect gateway to combat the security threats in the cloud. So virtual data centers, the cloud data centers, the OTT's, we really bring all the different kinds of security in the USG9000V. The announcement we are making is really an upgraded version of the existing security appliance that we call 6000V. Again, it's a software security. Works with different VMs whether it's KVM, whether it's zen, whether MS6. Huawei's own virtual system. Huawei's FushionSphere. The performance is in terabit so you can actually go in and read some of the specs from the Huawei's perspective. One of the best of the V products for virtual security. >> Right. And the cloud's changed everything, right? So many applications are delivered via the cloud now. And even if it's not a cloud and it's an internal cloud people want the flexibility of cloud. They want to scalability of cloud. They really want the way the cloud works for them to deliver the applications to their customers and their employees. >> Definitely. So three things I'm going to mention here from a cloud perspective. What people are looking for from a cloud security perspective is on demand. How do you scale in, scale out as the demands of the bandwidth goes up. You got to make sure your network security is able to keep up with that demand. People are looking for visibility. You've got this multitude of appliances, boxes, cloud boxes, cloud security all over the place. How do you make sense out of it? How do you really bring all of those thresholds, all of those unloads come together into the form of CIO or CSO can really understand. >> Right. >> And the last thing I'm going to make it easy to configure. PLug and play. Some of the automation feature. Automation people are starting to move in the security but you got to be careful when you bring automation from a security perspective. You need to automate task that are not that mission critical. But as we more and more trust, you're going to see more security automation in the industry. >> Yeah. Because when it's cloud it just needs to work, right. Everybody just expects, I can add more capacity, I can spin it down. And it just needs to work. It's somebody else's problem, it's somebody else's data center. >> I don't know what's going on behind the scenes, I just know it works. >> Yeah. >> I pick up my phone, it's going to kick. That's exactly the concept of security. But you got to be really careful when it comes to security because you got to make sure that when, suppose the positive threats and positive and negative threats actually. How do you combat and make sure you automate from the positive point of view and not from a negative point of view. >> But there's one thing that hasn't changed, cloud or no cloud. And they talked about it in the keynote and that great line was every company has at least one person that will click on anything. (laughs) >> Oh, I love it. I love it actually. >> How do we get past, I mean, they're still getting the email from the African king who needs some dollar >> Nigeria, Nigeria >> For Nigeria. >> Let me put I this way. I would say hackers are getting smarter and smarter. How do you keep up with the threats from the hackers who are one step ahead of you. How do you really combat threats, unknown threats, in the future? So I think things we have seen in 2016, the phishing attacks are back on the rise actually. Always do you see Ransomware. Form the point of Ransomware I should mention there's something called par pon ton from Ransomware that I'm going to let you off the hook if you infect two other computers actually. I don't need the money from you. So hackers are coming with those innovations to really go and hack more people actually. You seen what happened with the collected costs. Chrysler had a recall on 1.4 million vehicles in the past. Do you see what's happened with the camera, the surveillance camera. So I think two things we really need to watch out in 2017. One is Ransomware and the number two thing which is extremely, extremely important is industrial IOT actually. >> Absolutely. >> As the sensors get deployed more and more around the world you've got to make sure those sensors are able to keep up with the threat, it's not easy. So what Huawei provides to the table is really end to end security. Two things in security; multi-layered security and security indifference. Those are the principles from the bottom, not from the top down. >> Right. It's funny, the funniest, it's not funny really. The Ransomware story was fake Ransomware. I didn't really put Ransomware on your machine I just told you that I did so go ahead and pay me anyway. And the other thought is really the ability for them to build a business because of Bitcoin as a way to collect anonymous money from people. That enabled a rise in the escalation in Ransomware. It's a complicated world. They give you the last take as people drive away, leave RSA 2017, really what should be the top of mind as they think about what's going to happen and what we'll be talking about when we come back a year from now? >> I think two things I would really suggest people to really take away from the RSA this year. First of all, what's happening in the industry? What's happening in the market? Keep updated with the latest threat. See what vendors had a very comprehensive solution from an end to end perspective. Really go do their own research, making sure that security is not an after thought. Security it needs to be proactive. Security needs to be built up from ground up. Don't regard security as something secondary actually. As long as people put premium on security, that's going to save their face rather than to be appearing on the Wall Street front page or have been hacked. They say there are two kinds of companies. 50% claim that they have been hacked. 50% know they just don't admit it. That's all. >> Alright, very good. Well Ajay thanks for stopping by and congrats on a great show. >> My pleasure, thanks Jeff. Thank you very much. >> He's Ajay Gupta, I'm Jeff Frick. You're watching theCUBE from RSA conference in downtown San Francisco. Thanks for watching. (upbeat music)

(upbeat techno music) (upbeat techno music) >> Hey welcome back everybody, Jeff Frick here with the Cube, We're in downtown, San Francisco at the RSA Conference. It's like 40,000 people, security people, talking about security. It's a new age in security, with all the things that happened with the election, and all types of interesting phishing attacks, and a lot of professionals here trying to stop the problem. So we're excited to be joined by our next guest, Ian Foo. He's the Director of Product Marketing from Hauwei, Ian welcome. >> Thank you, thank you Jeff, it's good to be here. Glad to join everyone here, it's pretty exciting, very busy. >> Yeah, it's very busy. >> Yep we're here showing what Hauwei has to offer in the market, and what we're highlighting this year at RSA. There are three main areas that we're trying to bring attention to. One of those is the latest in terms of our functional capabilities and offerings in our network security portfolio. So our network security devices. The other is what we're doing in our ecosystem partnership. We're expanding our partnerships, trying to build an ecosystem with industry leading partners. So it'll be well to bring better value to the end users and to our customers. And the third is what we're offering in terms of new platforms and capabilities in technologies, in our innovation in cloud infrastructure security. Helping cloud providers or enterprisers add security to their private cloud, or their cloud service infrastructure. >> Alright so let's unpack those a little bit. >> Sure. >> So the first one is really the cloud. >> Ian: Yes. >> You know, ovbiously with the rise of AWS really driving public cloud. >> [Ian} Yep. >> There's no longer a question and apps like Sales Force. >> Ian: Right. The enterprise is pretty comfortable with cloud. >> Ian: Right. >> How has that really changed your world from a security perspective, supporting public cloud providers? >> Ian: Yep. >> Private cloud providers, and then of course hybrid cloud inside the enterprise that still want to deliver kind of cloud agility, cloud flexibility? Right, so it's actually changed the landscape in quite a few ways. When we move from traditional security within the enterprise, and expand that to cloud service providers, and enterprisers trying to build private cloud, we're looking at a few things that have evolved. We're looking at scale, first and foremost. That's the one that pops into most people's mind. Now, especially in a cloud service provider environment, we're providing services to potentially thousands of customers. Scale reliability, availability becomes critical. Those are areas that we've traditionally excelled in. But what's evolving is the way threats are addressed and recognized, and the way policy is pushed within those environments. So for their customers, cloud service providers are looking for ways to be able to provide policy capabilities that match what the enterpriser is used to in their environment. So we tried to build the technologies and tools that enable cloud service providers to do exactly that. >> Right. >> Provide enterprise class-compliant security capabilities, defense against DDoS attacks within their cloud infrastructure for those enterprisers. >> Yeah it's interesting in the keynote, they talked about every company has at least one person that will click on anything. >> Ian: Right. >> Right. And they also talked about kind of the increased attack area of people's homes. >> Ian: Right. >> Because a lot more people now work from homes. >> Ian: Correct. >> Right? They're accessing the corporate networks. >> Ian: Yep. >> The corporate application. >> That's right. >> From their home, from the coffee shop on their phone. >> Absolutely. >> So that's changed the... >> From their cars. >> The landscape quite a bit. >> Right from yeah... >> And not to mention the cars. >> Yeah so that absolutely has. Again it goes back to what I mentioned earlier. Scale, so now we're looking at a widened threat base, or a widened threat surface, if you will. Especially when it comes to not just consumers, from mobile devices, home access, but now IoT. And when we expand IoT to both, to the industrial Iot as well as consumer Iot, what we're seeing is many more entrance points into what we consider the enterprise space. >> Right. >> And so now securing all of those points of presence, and applying a multi-layered approach to security, becomes much more complicated. And that's where we try to develop the technologies and innovations driven by our customers to help them solve those problems. >> Right, which also kind of drives into one of your other points, is ecosystem. >> Ian: Right. >> Right so we cover a lot of tech shows. >> Ian: Absolutely. >> We got 100 shows a year. And everyone is trying to build an ecosystem because you can't just do it alone. >> Ian: That's right. >> And one of the big themes that came out again, out of the keynote, is this idea of yes we compete, yes there's 40,000 people here. I don't even know how many companies, but we compete on different places. But if we share bad guy information... >> Ian: That's correct. >> ...Effectively, efficiently, it helps us all out in keeping our customers safe. >> Absolutely, absolutely so it's all about ecosystems, because, I think, for a true multi-layered approach, multi-perspective approach to security, it's all about teamwork. Right and as you said, we cant be an expert at everything. We have to recognize, each vendor has to recognize where they're strengths lie, where their fortes are, where their expertise is, and then partner to complement that to provide that multi-layered approach that the end user is looking for. >> Right. >> And that's what we're trying to do. Here we have announced quite a few partnerships. We have aligned with notable names in the industry. Such as, Intel-McAfee, Avira, AlgoSec, and we're working with companies like FireMon, to help build that ecosystem partnership to create that team effect. >> Right >> In providing multi-layered approach, best in breed, multi-layered approach to security in the enterprise. >> Interesting this morning I don't know if that was breaking news, or I just was behind the news, that McAfee is actually going to spin out of Intel and be a wholly-owned company. >> Yeah I heard a little bit about that. Yeah, it's interesting, it's a very dynamic industry. It constantly changes, ongoing here and there. >> Right. That can be great, it allows people to focus in certain ways. But yeah, not surprising there is constant changes in this industry. >> Right, but then the one thing that's stayed the same but is still growing in importance even with cloud, you still have the enterprise data center. >> Ian: Absolutely. Right and those things continue to grow and are very, very important. >> Right. >> And there's just a lot of stuff that's not going to make it to cloud. So how have you seen kind of the enterprise data center kind of situation change? >> Ian: Yep. >> With these new threats, with clouds, with hybrid? >> Right, well so what we're seeing, especially in the enterprise data center is, we're seeing an evolution from traditional fireball security, which is still necessary. But we're seeing that, the attacks and the access points are becoming more sophisticated. We're seeing progression in ransomware and advanced persistent threats. It goes back to what you said before, a component is that there's always going to be that guy that clicks on anything. >> Right. >> And it could, who knows that thing could be? So what we're seeing there is an evolution of security and awareness to the point of customers asking for awareness to applications, to files, to contents. So to that notion, some of the things we're announcing here and sharing with our customers and potential customers, our technologies to help prevent ransomware, our platform like our Firehunter, a sandboxing technology, which provides defenses against advanced persistent threats, as well inline, streaming-based, security capabilities, where we partnered for example with Avira. We complement our network-based security, for streaming inspection of files and contents and streams. We complement that with their abilities in malware and signature-based recognition, to provide a multi-layered, comprehensive approach to dealing with the new types of security threats we're seeing. >> Right, so Ian you been comin to the show for awhile, you've been in the industry for long time. >> Ian: Yep, it's been a bit. >> There's 40,000 people, what's kind of your take, kind of take it a step back from the specifics, >> Ian: Right. >> Like kind of the evolution of the security industry I think... >> Ian: Yep. >> One of the stats I heard the other day is like, 1.5% of the IT spend was for security. Now that's up to like five or ten. >> Ian: Right, right. >> It's growing in importance, but the technology out in front of the security is just rockin and rollin. >> Ian: Right. >> And IoT and 5G is just the next kind of big wave comin. >> Correct >> So, what's kind of your perspective as you look back and kind of look forward? >> Well it's obvious, it's very obvious, from just the numbers you sharing that, rather than be peripheral to the business, security is now core to the business. Instead of just supporting business, it's become a key piece to being able to deliver business reliably. And I think that enterprisers have recognized that. What's happening is that we're seeing an acceleration in the evolution of threats, in the entrance vectors in the various areas. Because of the adoption rate and snowballing effect that we're seeing in technology in general. And I think that security has become better at trying to keep up with that pace, rather than falling behind the curve as we have in the past. Mainly because enterprisers recognized the relevance and importance of it. So we're no longer selling insurance, when we sell security, we're selling business-enabling value, and how we protect brand recognition and brand capabilities for our end users and customers. >> It's a whole nother kettle a fish. >> Ian: Right. >> That we don't have time to get into right now but we went to a presentation last night about the whole insurance angle on... >> Ian: Right. >> On security, which is, like I said, is a whole different kettle a fish. We'll save that for next time so Ian... >> Sounds good. >> Thanks for stoppin by. >> Great well thanks for having us. Great being here with you and enjoy the show. >> Absolutely, he's Ian Foo, I'm Jeff Frick, you're watching The Cube from RSA Conference in San Franciso. (quiet techno music) (upbeat techno music) (upbeat techno music)

>> Welcome back to the Cuban Peterborough's chief research officer of Silicon Angle and general manager of Wicked Bond. We're as part of our continuing coverage of the arse a show. We have a great guest Z scaler amid sin. Ha! Welcome to the Cube. >> Thank you for having me here. It's a pleasure to be here. >> So, um, it what exactly does Z scaler? D'oh >> Z's killer is in the business of providing the entire security stack as a service for large enterprises. We sit in between enterprise users and the Internet and various destinations they want to goto, and we want to make sure that they have a fast, nimble Internet experience without compromising any security. >> So if I can interpret what that means, that means that as Maur companies are trying to serve their employees that Air Mobile or customers who aren't part of their corporate network they're moving more. That communication in the Cloud Z scale is making it possible for them to get the same quality of security on that communication in the cloud is he would get on premise. >> Absolutely. If you look at some of the big business transformations that are happening, work lords for enterprises are moving to the cloud. For example, enterprises are adopting Office 3 65 instead, off traditional exchange based email and on your desktop applications. They might be adopting sales force for CR M Net suite for finance box for storage. So as these workloads are moving to the cloud and employees are becoming more and more mobile, you know they might be at a coffee shop. They might be on an iPad. Um, and they might be anywhere in the world. That begs the basic security question. Where should that enterprise DMC the security stack be sitting back in the day? Enterprises had a hub and spokes model, right? They might have 50 branch offices across the world. A few mobile workers, all of them, came back over private networks to a central hub, and that hub was where racks and racks of security appliances were deployed. Maybe they started off with a firewall. Later on, they added a proxy. You are l filtering some d e l P er down the road. People realized that you need to inspect us to sell. So they added some SSL offload devices. Someone said, Hey, we need to do some sand boxing for behavioral analysis. People started adding sandboxes. And so, over time the D. M. Z got cluttered and complicated and fast forward to Today. Users have become mobile. Workloads have moved to the cloud. So if I'm sitting in a San Francisco office on my laptop trying to do my regular work, my email is in the cloud. My my court applications are sitting in the cloud. Why should I have to vpn back to my headquarters in Cincinnati over a private network, you know, incurring all the Leighton see and the delays just so that I can get inspected by some legacy appliances that are sitting in that DMC, right? So we looked at that network transformation on We started this journey at Ze scale or eight years ago, and we said, Look, if users are going to be mobile and workloads are going to be in the cloud, the entire security stack should be as close as possible to where the users are. In that example, I described, I'm sitting here. I'm going to Salesforce. We're probably going to the same data center in San Francisco. Shouldn't my entire security stag be available right where I am, um, and my administrators should have full visibility, full control from a single pane of glass. I get a fast, nimble user experience. The enterprise doesn't have to compromise in any security, and that's sort of the vision that we have executing towards. >> But it's not just for some of the newer applications or some of the newer were close. We're also seeing businesses acknowledge that the least secure member of their community has an impact on overall security. So the whole concept of even the legacy has to become increasingly a part of this broad story. So if anybody accesses anything from anywhere through the cloud that those other workloads increasing, they're gonna have to come under the scrutiny of a cloud based security option. >> Absolutely. I mean, that's a brilliant point, Peter. >> I >> think of >> it this way. Despite all those security appliances that have been deployed over time, they're still security breach is happening. And why is that? That is because users are the weakest link, right? If I'm a mobile work user, I'm sitting in a branch office. It's just painful for me to go back to those headquarter facilities just for additional scanning so two things happen either I have a painful user experience. What? I bypassed security, right? Um, and more and more of the attacks that we see leverage the user as the weakest link. I send you a phishing email. It looks like it came from HR. It has a excel sheet attached to it to update some information. But, you know, inside is lurking a macro, right? You open it. It is from a squatter domain that looks very similar to the company you work for. You click on it and your machine is infected. And then that leads to further malware being downloaded, data being expatriated out. So the Z scaler solution is very, very simple. Conceptually, we want to sit between users and the destinations they goto all across the world. And we built this network of 100 data centers. Why? Because you cannot travel faster than the speed of light. So if you're in San Francisco, you better go through our San Francisco facility. All your policies will show up here. All the latest and greatest security protections will be available. We serve 5000 large enterprises. So if we discover a new security threat because of an employee from, let's say, a General Electric. Then someone from United Airlines automatically gets protection simply because the cloud is live all the time. You're not waiting for your security boxes to get, you know, the weekly patch updates for new malware indicators and so on. Right, So, um, you get your stack right where you are. It's always up to date. User experience is not compromised. Your security administrators get a global view off things. And one >> of the >> things that that I that we haven't talked about here it is the dramatic cost savings that this sort of network transformation brings for enterprises. To put that in perspective, let's say you're a Fortune 100 organization with 100,000 employees worldwide in that, huh? Been spoke model. You are forcing all those workloads to come toe a few choke points, right? That is coming over. Very expensive. NPLs circuits private circuits from service providers. You're double trombone in traffic, back and forth. You know, you and I are in a branch. We might be on. Ah, Skype session. Ah, Google Hangout session. All our traffic goes to H Q. Goes to the cloud comeback comes back to h. Q comes back to you, there's this is too much back and forth, and you're paying for those expensive circuits and getting a poor user experience. Wouldn't it be great if you and I could go straight to the Internet? And that can only be enabled if we can provide that pervasive security stack wherever you are? And for that, we built this network of 100 data centers worldwide. Always live, always up to date you. You get routed to the closest the scaler facility. All your policy show up. They're automatically and you get the latest and greatest protection. >> So it seems as though you end up with three basic benefits. One is you get the cost benefit of being able to, uh, have being able to leverage a broader network of talent, skills and resources You reduce. Your risk is not the least of which is that the cost and the challenges configuring a whole bunch of appliances has not gotten any easier over the last. No, it hasn't cheaters. And so not only do you have user error, but you also Administrator Erin, absolutely benign, but nonetheless it's there, and then finally and this is what I want to talk about. Increasingly, the clot is acknowledged as the way that companies are going to improve their portfolio through digital assets. Absolutely. Which means new opportunities, new competition, new ways of improving customer experience. But security has become the function of no within a lot of organizations. Absolutely. So How does how does AE scaler facilitate the introduction of new business capabilities that can attack these opportunities in a much more timely way by reducing doesn't reduce some of those some of those traditional security constraints. >> Absolutely right, and we call it the Department of No right. We've talked to most people in the industry. They view their I t folks there, security forces, the department of Know Why? Because there's this big push from users to adopt newer, nimble, faster cloud based ah solutions that that improved productivity. But often I t comes in the way. No, If you look at what Izzy's killer is doing, it's trying to transform the adoption of these Cloud service. Is that do improve business productivity? In fact, there is no debate now because there are many, many industries that ever doubt adopted a cloud first strategy. Well, that means is, as they think of the network and their security, they want to make sure that cloud is front and center. Words E scaler does is it enables that cloud for a strategy without any security compromise. I'll give you some specific examples. Eight out of 10 c I ose that we talk to our thinking about office 3 65 or they have already deployed it right. One of the first challenge is that happens when you try to adopt office. 3 65 is that your legacy network and security infrastructure starts to come crumble. Very simple things happen. You have your laptop. Suddenly, that laptop has many, many persistent SSL connections to the clothes. Because exchange is moved to the cloudy directory, service is are moving to the cloud. If you have a small branch office with 2000 users, each of them having 30 40 persistent connections to the cloud will your edge firewall chokes. Why? Because it cannot maintain so many active ports at the same time, we talked about the double trombone ing of traffic back and forth. If you try to not go direct to the Internet but force everyone to go through a couple of hubs. So you pay for all the excessive band with your traditional network infrastructure, and your security infrastructure might need a forklift upgrades. So a cloud transformation project quickly becomes a network in a security transformation project. And this is where you nosy scaler helps tremendously because we were born and bred in the cloud. Many of these traditional limitations that you have with appliance based security or networking, you know, in the traditional sense don't exist for the scaler, right? We can enable your branch officers to go directly to the cloud. In fact, we've started doing some very clever things. For example, we peer with Microsoft in about 20 sites worldwide. So what that means is, when you come to the scaler for security, there's a very high likelihood that Microsoft has a presence in the same data center. We might be one or two or three millisecond hops away because we're in the same equinox facility in New York or San Jose. And so not only are you getting your full security stack where you are, you're getting the superfast peered connections to the end Cloud service is that you want to goto. You don't have to work. Worry about you know your edge Firewalls not keeping up. You don't have to worry about a massive 30 40% increase in back hole costs because you were now shipping all this extra traffic to those couple of hubs. And more importantly, you know, you've adopted these transformative technologies on your users don't have to complain about how slow they are because you know, most of the millennials hitting the workforce. I used to a very fast, nimble experience on their mobile phones with consumer APS. And then they come into the enterprise and they quickly realize that, well, this is all cumbersome and old and legacy stuff >> in me s. So let's talk a little bit about Let's talk a bit about this notion of security being everywhere and increasingly is removed to a digital business or digital orientation. With digital assets being the basis for the value proposition, which is certainly happening on a broad scale right now, it means it's security going back to the idea of security being department. No security has to move from an orientation of limiting access to appropriately sharing. Security becomes the basis for defining the digital brand. So talk to us a little bit about how the how you look out, how you see the world, that you think security's gonna be playing in ultimately defining this notion of digital brand digital perimeters from a not a iittie standpoint. But from a business value standpoint, >> absolutely. I would love to talk about that. So Izzy's killer Our cloud today sees about 30,000,000,000 transactions a day from about 5000 enterprises. So we have a very, very good pulse on what is happening in large enterprises, from from a cloud at perspective or just what users are doing on the Internet. So here are some of the things that we see. Number one. We see that about 50 60% of the threats are coming inside SSL, so it's very important to inspect SSL. The second thing that we observe is without visibility. It is very different, very difficult for your security guys to come up with a Chris policy, right? If you cannot see what is happening inside an SSL connection, how are you going to have a date? A leakage policy, right? Maybe your policy is no P I information should leak out. No source code should leak out. How can you make sure that an engineer is not dropping something in this folder, which is sinking to Google Drive or drop box in an in an SSL tano, Right. How do you prioritize mission Critical business applications like office 3 65 over streaming media, Right. So for step two, crafting good policy is 100% real time visibility. And that's what happens when you adopt the Siskel a network. You can see what any user is doing anywhere in the world within seconds. And once you have that kind of visibility, you can start formulating policies, both security and otherwise that strike a good balance between business productivity that you want to achieve without compromising security. >> That's the policy's been 10 more net. You can also end that decisions. >> Yes, right. So, for example, you can you can have a more relaxed social media policy, right? You can say Well, you know, everyone is allowed access, but they can. Maybe streaming media is restricted to one hour a day. You know, after hours, or you can say, I want to adopt um, storage applications in the clothes here are some sanctioned APS These other raps were not going to allow right. You can do policies by users, by locations by departments, right? And once you have the visibility, you can. You can be very, very precise and say, Well, boxes, my sanction story, Jap other APS are not allowed right and hear other things that a particular group of users can do on box. Or they cannot do because we were seeing every transaction between the user on going to the destination and as a result, begin, you know, we can enable the enterprise administrator to come up with very, very specific policies that are tailored for that. >> You said something really interesting. I'm gonna ask you one more question, but I'm gonna make a common here. And that common is that the power of digital technology is that it can be configured and copied and changed, and it's very mutable. It's very plastic, but at the end of the day it has to be precise, and I've never heard anybody talk about the idea of precise and security, and I think it's a very, very powerful concept. But what are what's What's the scale are talking about in our say this year. >> Well, we're going to talk about a bunch of very interesting things. First, we'll talk about the scale of private access. This is a new offering on the scale of platform. We believe that VP ends have become irrelevant because of all the discussions we just had, um, Enterprises are treating their Internet as though it was the Internet, right? You know, sort of a zero trust model. They're moving the crown jewel applications to either private cloud offerings are, you know, sort of restricting that in a very micro segmented way. And the question is, how do you access those applications? Right? And the sea skill immortal is very straightforward. You have a pervasive cloud users authenticate to the cloud and based on policies, we can allow them to go to the Internet to sites that have been sanctioned and allowed. We make sure nothing good is leaking out. Nothing bad is coming in, and that same cloud model can be leveraged for private access to crown jewel applications that traditionally would have required a full blown vpn right. And the difference between a VPN and the skill of private access is VP ends basically give you full network access keys to the kingdom, right? Whether it's a contractor with, it's an employee just so that you could access, you know, Internet application. You allow full network access, and we're just gonna getting rid of that whole notion. That's one thing we're gonna stroke ISS lots of cloud white analytics, As I mentioned, you know, we process 30,000,000,000 transactions a day. To put that in perspective, Salesforce reports about four and 1 30,000,000,000 4 1/2 to 5,000,000,000 transactions. They're about three and 1/2 1,000,000,000 Google searches done daily, right? So it is truly a tin Internet scale. We're blocking over 100,000,000 threats every day for, ah, for all our enterprise user. So we have a very good pulse on you know what's what's an average enterprise user doing? And you're going to see some interesting cloud? Wait, Analytics. Just where we talk about a one of the top prevalent Claude APs, what are the top threats? You know, by vertical buy by geography, ese? And then, you know, we as a platform has emerged. We started off as a as a sort of a proxy in the cloud, and we've added sand boxing capabilities. Firewall capabilities, you know, in our overall vision, as I said, is to be that entire security stack that sits in your inbound and outbound gateway in that DMC as a pure service. So everything from firewall at layer three to a proxy at Layer seven, everything from inline navy scanning right to full sand. Boxing everything from DLP to cloud application control. Right? And all of that is possible because, you know, we have this very scalable architecture that allows you to to do sort of single scan multiple action right in that appliance model that I describe. What ends up happening is that you have many bumps in the wire. One of the examples we use is if you wanted to build a utility company, you don't start off with small portable generators and stack them in a warehouse, right? That's inefficient. It requires individual maintenance. It doesn't scale properly. Imagine if you build a turbine and ah, and then started your utility company. You can scale better. You can do things that traditional appliance vendors cannot think about. So we build this scalable, elastic security platform, and on that platform it's very easy for us to add. You know, here's a firewall. Here's a sandbox. And what does it mean for end users? You know, you don't need to deploy new boxes. You just go and say, I want to add sand boxing capabilities or I want to add private access or I want to add DLP. And it is as simple as enabling askew, which is what a cloud service offering should be. >> Right. So we're >> hardly know software. >> So we're talking about we're talking about lower cost, less likelihood of human error, which improves the quality, security, greater plasticity and ultimately, better experience, especially for your non employees. Absolutely. All right, so we are closing up this particular moment I want Thank you very much for coming down to our Pallotta studio is part of our coverage on Peter Boris. And we've been talking to the scanner amidst, huh? Thank you very much. And back to Dio Cube.

(upbeat electronic music) >> Hey, welcome back everybody. Jeff Frick here with theCUBE. We are live in downtown San Francisco, Moscone Center at the RSA conference. It's one of the biggest conferences, I think after like Salesforce and Oracle that they have in Moscone on the tech scene. Over 40,000 professionals here talking about security, I think it was 34,000 last year. It's so busy they can't find a space for theCUBE, so we just have to make our way in. We're really excited by our next guest, Ted Julian from IBM Resistance, Resilience, excuse me. >> Thank you, it's alright. >> And you are the co-founder of VP Product Management. >> That's right. >> Welcome. >> Thanks, good to be here Jeff, thanks. >> And you said IBM actually purchased a company, >> Ted: A year ago. >> A year ago. So happy anniversary. >> Ted: Yeah, thanks. >> So how is that going? >> It's great. Business is really going well, it's been thrilling to get our product in place and a lot more customers and really see it help make a difference for them. >> Yeah we, Jesse Proudman is a many time CUBE alumni, his company is Blue Box, also bought by IBM. >> Ted: Yes. >> A little while ago, also had a really good experience of, kind of bringing all that horse power. >> They know what they are doing. >> To what his situation was. So let's jump into it. >> Sure. >> Security, it's kind of a dark and ominous keynote this morning. The attack's surface is growing with our homes and IOT. The bad guys are getting smarter, the governments are getting involved, there's just not necessarily bad guys. What's kind of your perspective as you see it year after year acquisition? 40,000 professionals here focused on this problem. >> We are not winning. >> We are not winning? >> Unfortunately, I mean, I guess as a species. Again, what is it? We saw a survey recently from the Ponemon Institute. 70% of organizations acknowledge they didn't have an incident response plan. So you talk about that stuff in the keynote where sort of a breach was inevitable. What are you going to do? Well the thing you'd need to have is a response plan to deal with it, and 70% don't. Cost of a breach also, according to Ponemon Institute is up to $4 million on average, obviously they can be a lot larger than that. >> Right. >> So there's a lot of work to be done to do better. >> And then you hook up a new device, and they are on that new device as soon as it plugs into the internet. They say within an hour, they ran a test today. So is the, I mean where are we winning, Where are we getting better? I mean, I've heard crazy stats that people don't even know they've been breached for like 245 days. >> Ted: Yeah. >> Is that coming down? Are we getting better? >> Certainly the best in the business are, and really the challenge I think as an industry is to percolate that down through the rest of the marketplace. Everybody is going to be breached, so it's not whether or not you are breached, it's how you deal with it come the day, that's really going to differentiate the good organizations from the bad ones. And that's where we've been able to help our customers quite a bit by using our platform to help them get a consistence and repeatable process for how they deal with that inevitable breach when it happens. >> That's interesting. So how much if it is you know kind of building a process for when these things happen versus just the cool, sexy technology that people like to talk about? >> Oh, it's everything. I mean one of the hottest trends that you're going to be seeing all over the show is automation and orchestration. Which is critically important as part of the sort of you get an alert and how do you enrich that to understand that, once you understand that how can you quickly come to sort of a course of action that you want to take. How can you implement that course of action very efficiently? Those things are all important. Computers can help a lot with that but at the end of the day it's smart people making good decisions that are going to be the success factor that determines how well you do. >> Right, right. Another kind of theme that we are hearing over and over is really collaboration amongst the companies amongst the competitors, sharing information about the threat profiles, about the threats that are coming in to kind of enable everybody to actually kind of be on the same team. That didn't always used to be the case, was it? >> Well, people have been working on this for a while but I think what's been a challenge is getting people to feel comfortable contributing their data into that data set. Naturally they are very sensitive about that, right? >> Right. >> This is some of our most confidential information that we've had a security issue and we're really not you know, dying to give that out to the general public. And so I think it's been, the industry's been trying to figure out how can we show enough value back when that information's contributed to some kind of a forum to make people feel more comfortable about doing that? So I think we've seen a little bit of progress over this last year and they'll be more going forward, but this is a, It's marathon not a sprint, I think to solve that problem. But, it is crucial because if we can get to that point that's what ultimately allows us to turn the tables on the bad guys. Because they cooperate, big time, they are sharing vulnerabilities, they are sharing tactics, they are sharing information about targets, and it's only when the good guys similarly share what they're experiencing that we'll have that opportunity to turn the table on them. >> It's funny we had a Verizon thing the other night and the guy said if you are from the investigator point of view, it's probably like a police investigator. They see the same pattern over and over and over and over and over it's only when it's the first time it's happen to you that's it's unique and different. So really the way to kind of short-circuit the whole response. >> How do you find out you've been breached? There is short list. One, Brian Crebs, very famous reporter happens to find out, he tells you. Number two, FBI. >> They tell you. >> Unfortunately, that's usually, it's usually external sources like that as oppose to organization internal systems that tip them off to a breach. Another example of how we are doing better but we need to do a lot better. >> And then there's this whole thing coming up called IOT, right. And 5G and all these connected device in the home, our cars, our nest, So the attacks surface gets giant. Like I said, they said in the keynote, you plug something in the internet they are on it within an hour. How does that really change the way that you kind of think about the problem? >> It makes it a lot harder. The attack surface gets harder, gets bigger, the potential risks go up quite a bit, right. I mean you are talking about heart implants, or things like that which may have connectivity to some degree, then obviously the stakes are severe. But the thing that makes those devices even trickier is so often they're embedded systems, and so unlike your Windows PC's or your Mac where, I mean it's updating itself all the time. >> Right, right. >> And you barely even think about it, you turn it on one morning and there is a new update. A little harder to make those update happen on IOT kinds of devices, either because they're harder to get to or the system's aren't as open or people aren't use to allowing those updates to occur. So even though we may know about the vulnerabilities patching them up is even harder in an IOT environment typically than in a traditional. >> It's crazy. Alright, so give us a little update on Resilient. What exactly is do you guys do inside this crazy eco-system of protecting us all? >> Sure. So five or six years ago, myself and my co-founder John started the company and it was really was acknowledging that we've gone through the era of prevention, to detection and now it's all about response. And at the end of the day when organizations were trying to deal with that we saw them using ticketing systems, spreadsheet, email, chat I mean a mess. And so we built our platform, the Resilient IRP from the ground up specifically to help them tie together the people processing in technology around incident response. And that's gone amazing. I mean the growth that we've seen even before the IBM acquisition but afterwards has been breath taking. And more recently we been adding more and more intelligence in automation and orchestration into the platform, to help not only advise people what to do, which we've done forever, but help them do it, click a bottom and we'll deploy that patch or we'll revoke that user's privileges or what have you. >> Right. Yeah a lot of conversation about kind of evolution of big data, evolution of things like Sparks so that you know can react in real time as opposed to kind of looking back after the fact and then trying to go and sell something. >> For sure. And for us it's really empowering that human. It's either the enrichment activity where they'd normally go to 10 different screens, to look up different data about a malware thread or about vulnerabilities, we just spoon feed that to them right within the platforms so they don't have to have those 10 tabs opened in the browser. And after they'd had a chance to evaluate that, and they want to know what to do, again they don't have to go to another tool and make that action happen, they can as click a button within Resilient and we'll do that for them. >> Alright. Ted Julian, we are rooting for you. >> Ted: Thanks, yeah. >> IBM, give him some more recourses. He's Ted Julian and I'm Jeff Frick. You're watching theCUBE at RSA Conference 2017, at Moscone Center, San Francisco. Thanks for watching.

(upbeat music) >> Hey welcome back everybody, Jeff Frick here with theCUBE. We are live in downtown San Francisco at the RSA conference, RSAC is the hashtag. 40,000 security professionals talking about how to keep us all safe from the bad guys out there and we're excited to be joined by a long time industry veteran, Tom Corn. He's the SVP Security Products from VMware. Tom, welcome. >> Thank you. >> So you've been coming to this show for a while? You've been in the business >> Five years. >> For a while. >> Yes. >> What's kind of your take on the vibe of how this this industry is changing? >> You know it's funny the thing that strikes me when you come to the RSA Conference is at once, how big the industry is and how small the industry is, right? Massive amount of people and it's incredible you walk through the floor if you've been around the industry for any amount of time. How many people you actually you know. It's a small world and a very small community. >> 'Cause they're all here. >> Yeah. >> All 40,000 of them are here. >> They are. They are. >> So big thing that's changed over the last couple of years is Cloud, right? >> Yes. >> And the adoption of cloud in really AWS kind of drive in the public Cloud piece and Salesforce really driving kind of the-- I'm happy with an enterprise application for a Cloudbase application. That wasn't the way before. So how has kind of Cloud impacted the way you think about security? >> Well, I think most of the dialog in Cloud has been how do we secure the Cloud? And I think that's a very valid set of questions in any environment. How am I going to secure this environment? I think the interesting thing that hasn't been talked about as much is is there a way to use the unique properties of the Cloud to secure things? Right? We look to the Cloud and we say, there's all these interesting unique properties automation, a single fabric across a virtualization layer in between applications that are sitting above and the infrastructure, the below. There isn't a lot of dialog until the last maybe year or so in could we use the Cloud and could we use virtualization to secure things? And I think that's actually an enormous opportunity and I'll tell you why. I think that one of the biggest gaps we have in security now is actually an architectural one, right? We're trying to protect applications and data. We're doing it by putting controls of products from around this show floor on machines and on network links. >> Right. >> Right? And those are not the same thing. Aligning controls to the infrastructure is not helping us align them to the applications and data we're trying to protect. And there's, I think, an enormous opportunity to leverage Cloud and virtualization which is actually a translation layer between the two. To really solve this problem in a very very meaningful way. >> So if I'm hearing you right, it's really virtualizing the protection of the data, virtualizing the protection of the-- I don't know if even devices is the right word, right? 'Cause you want to virtualize the devices. You're not really protecting devices. You're protecting the image of a device, I guess. >> Yeah, it's actually allowing us to create, for example, logical boundaries around critical applications and critical data to allow us to align controls to the thing we're protecting. And that's the whole idea behind, for example, micro segmentation which is a very very big move today. This is maybe the best analogy I've heard so far which is-- >> Okay. >> If you think of a data center as a city, when we used to have monolithic stack applications, it was kind of like having an entire application in a skyscraper and it was the only tenant, right? And when you have that, the front of that building, no one in the city could touch any part of that application without going through that door. So access policy was very simple and if I wanted to look at-- well, what looks weird here? If it look normal or weird, someone passing through this door or activity happening there, there's only one tenant. It was a very simple picture. Applications don't look like that. Applications are distributed systems. It's like-- >> Right, right. >> Parts of floors of different buildings in different parts of the city. We've lost-- >> And they're all API based too, right? They're all connected to one another. >> Right, absolutely, absolutely. So that, more than anything, has changed the equation making it despite the fantastic innovation we have across this show floor makes it very difficult for them to do the great job they're capable of doing which is we need somehow to put them in a position to focus 'em, to create a skyscraper, a virtual skyscraper if you will around these critical applications and data. That's one of the biggest opportunities of using the Cloud, of using virtualization to secure things and frankly, what a lot of this whole movement towards micro segmentation is doing. >> So what does that look like? Extending your skyscraper analogy. >> Yeah. >> If it was skyscraper before, what's it going to look like in the future? >> Well as an example, it's about saying this critical application, SAP or some, you know, 3rd gen application is composed of these pieces, these machines, these containers. It's about using the fabric, the overlay, the virtualization or Cloud fabric to create a logical boundary around those. A logical boundary that moves with it, that expands with it, that shrinks with it. If it changes Clouds, it moves with it and it allows you to then say, I want to take the products, whatever security products they want and align them around that boundary. I create a skyscraper again, not by changing my network, not by changing my servers but by creating sort of using just the virtualization layer to create that logical boundary and it's really it's having a really significant impact. It's one of the reasons, I think, as we look to the coming year, this notion of aligning security to applications and the notion of more security innovation coming out of not security companies but infrastructure players and Cloud players, I think it's going to be a thing we're going to see a lot of. >> Alright well I look forward to diggin' more into this because it's always a great innovation when you kind of turn the lens. >> Yeah. >> Right, and reshape the problem in a different-- from a different point of view and that's when you can really see some new opportunies but I know you got to get to your booth. (laughs) So he's Tom Corn. I'm Jeff Frick. You're theCUBE from RSA. Thanks for stopping by Tom. >> My pleasure. >> Alright. See you next time. (upbeat music) (inspirational music)

(sleek electronic music) >> Hey, welcome back, everybody. Jeff Frick here with the Cube at the RSA Conference in downtown San Francisco. And we got a really special guest that we grabbed out of the hallway, out of the airplanes, Tamara McCleary, the CEO of Thulium. She's the only person I know that goes to more conferences than me and Ray Wang together, I think. (laughs) Tamara, great to see you. >> Oh my goodness, it is so awesome to find you here! >> Absolutely. So, what do you think of the show? 40,000 people. >> It is absolutely bloody freaking crazy right now. And it is, the show has grown just immensely year after year. And there's so much going on. It's absolute craziness. In fact, it's so busy, I had hard time finding you. >> I know. (laughs) So do you feel more secure with all these fine professionals looking out for you? >> You know what? I actually think right here, right now, we are in the midst of geeks with capes. These are the new superheroes. My cybersecurity superheroes right here. >> Well I'm glad. Because the keynote was a little dark this morning. (laughs) John Lithgow got up there and basically said everything is going to fall apart, except for the heroes with capes that are going to keep our cars running, hospitals up, TV stations going, the lights on. >> Wait a minute, you're not suggesting that fear is being used as a motivator for cybersecurity, are you? >> Well, yeah, we don't want to get into that. I mean, the whole, you know, governments like to influence other government's elections. That's never happened before either. >> Well, you know, the other this is, it would be very scary if you didn't follow you on the Cube because you've got the cutting edge in the know information. >> That's right. We have all the tech-athletes like you. (laughs) >> A tech-athlete! So, what have you see so far? Who are you working for here? What have you kind of seen? What's the, uh, what's the vibe? >> Well I am here on a press pass, so I am covering and talking about what's going on here at the conference. And lots of new cool things that I'm interested in and that is, you know we're talking a lot about the internet of things, we're talking a lot about threats. And you're looking at AI, right? What's AI got to do with security? And what I find interesting is that we have to future forward into, all right, with this machine to machine, machines talking to machines. Machines really are going to be the new cyber attacker. Right? >> Right, right. >> So it's machines having to combat other machines who are posing cyber threats. So I think that's, I don't know. I really geek out on the futuristic stuff. So I'm very interested in seeing how companies are harnessing AI in the cybersecurity space. >> Right. Well we just had an instant guest said, you know, you can be a bad guy on AWS, launch your threat against a customer on AWS, and get paid through AWS. >> What? >> I mean, the whole thing happens inside of the cloud in Seattle. It's amazing. >> Wait a minute. That sounds like a show on Mr. Robot. Right, with Evil Corp! >> It could be. And that's before, no, then they flash to the nest, right? The dark shadow on the nest. >> Ooh! >> As they cut to commercial. (laughs) So what else you got going on this year? I mean, you are literally all over the place. We love to keep track of you on Twitter. We see your airplane pictures taking off and landing in cities all around the world. What do you have on the agenda? What's coming up next? >> Next is Mobile World Congress in Barcelona. >> In Barcelona? >> I'm really excited to be there. >> 'Cause 5G is all the rage, right? >> Yes. >> Big part of IOT. >> Yes, and there's going to be a lot of unveiling going on at Barcelona and I'm excited. >> Spanish ham, which is always good. (laughs) Olives. >> Are you going to be there? >> We are going to cover it from Palo Alto for the people that don't want to go on the airplane ride. So we're going to cover Mobile World Congress from the Palo Alto studio. It'll be kind of that follow the sun thing. You guys will cover it early in the morning, we'll pick up the coverage as you guys are out having good ham, red wine, and olives. >> So I got to remember that I shouldn't be tweeting you after a certain hour, because you're going to know. >> We'll definitely pick them up and retweet them. All right, Tamara, well, thanks. I know you're a busy lady. Thanks for taking a few minutes to stop by and say hi. >> Thank you. >> And find us in this big sea of people. >> Woo! Awesome! >> All right, she's Tamara McClearl. I'm Jeff Rick. And you're watching the Cube. Thanks for watching. (sleek electronic music) (upbeat electronic music)

(instrumental electronic music) (crowd) >> Hey welcome back everybody, Jeff Frick, here with The Cube. We are live in Moscone Center, with 40,000 security experts at the RSA Conference, the biggest conference of its size, and one of the biggest tech conferences in the industry, second maybe only to Salesforce and Oracle's. So, there's a lot people here, a lot of action-- >> Absolutely. >> We're excited to be joined by the president of RSA, Rohit Ghai. Welcome. >> Thank you. Thank you. >> So first thing, kind of impressions of the show, we were here briefly last year, this thing was 34,000. This year, they're saying it's 40. >> Forty thousand, yeah. Look, RSA has the great burden and privilege of bringing the cyber security community together, and it's a true testimonial to the caliber of the people that this year we are able to attract 40,000 people. We have almost 500 plus, 550-something, I believe vendors and exhibitors. And the level of the conversation, in terms of the CEOs from different countries, the CEOs from all the mega corporations, public sector participants, the entire gamut of cyber security stakeholders are here today. >> That's an interesting kind of take because on one hand, you think there's so many people, but as a few people had mentioned earlier, really they're all here so, and on the grand scheme of things, it's not that many people. It's really this group of people-- >> Exactly. >> And they all know each other. People are all giving each other hugs, as they're walking up and down the booth, so this really is it. >> This is a community, and it's a tight-knit community. It's all the good guys and some linked together (laughing), and figured out what to do about the bad guys (laughing). >> I know, I just hope they all don't go to the bad side at the same time, we'd be in trouble. >> Absolutely. >> One of the things that comes up over and over at tech conferences specifically, and at here, too, is the ecosystem. >> Rohit: Yeah. >> Right? Nobody can do it alone-- >> Rohit: Yep. >> You've got to have an ecosystem-- >> Rohit: Yep. >> And there's a lot of conversations about sharing information-- >> Yep. >> More broadly-- >> Yep. Yep. >> More automated, faster-- >> Rohit: Yep. >> Really an important part of the strategy to fight the bad guys. >> Absolutely. In fact, that was a recurring theme from all the keynote speakers this morning, the notion of working together. The only shot we have of beating the bad guys is if we collaborate and share the information that we have, and go at it together. So, the ecosystem is super important to your point. >> Yep. So, what are some that are accounted for the people that aren't here-- >> Rohit: Yep. Kind of the key themes, some of the big announcement that RSA's make-- >> Rohit: Yeah. >> And I know the press release feed is full (laughing) this morning-- >> Rohit: Yeah. >> But what are you guys excited about for this year? >> Look, what I'm most excited about is a new approach. And here's the way I tee it up, the bad guys are getting really good, right? Every company is going digital, and digital companies are really juicy targets. We don't have enough good guys to fight on our behalf, enough trained good guys, which means we ought to bring technology to assist use, all the things like advanced, artificial intelligence, machine learning, data science, all those things have great capabilities, but the reality is we have to realize the bad guys have all the same technology that we do. So, it's not a technology problem anymore-- >> Right, right. >> We have to play to our strengths, play to our advantage, so this new approach, we call it business-driven security, which means take the security incidents and apply business context to it, enabling customers to take command of their cyber risk, and secure and protect what matters most. >> Right, right. >> So, it's a sense of prioritization, and if we do that successfully, then we are able to keep the bad guys, they're only inside the door, but we can curtail the damage and we can detect the breaches, and respond in a much more expedient manner. >> Right, always the problems within arm's race, right? Both people have the same amount of weapons, so it's how to use those weapons-- >> Rohit: It's how to use the weapons. >> More effectively. >> Absolutely. And therein the context is super important if you're going to apply business context to the way you apply that information-- >> Right. >> With those tools, that's how you win. >> Now, another theme that keeps coming up is kind of state-sponsored threats-- >> Rohit: Yep, yep. >> Which are different than, maybe, kind of commercially, or just-- >> Rohit: Yep, Yep. >> Kind of activists. >> Rohit: Yep. >> That's really changing the game because-- >> Rohit: It is. >> The resources behind those folks significantly bigger. >> Indeed. So, there's new kind of bad guys, like the nation state threat actors, and their objectives are totally different, right? Their objective is not just to steal data, but to tamper with data, and change the conversations as we saw in the case of the election-- >> Right, right. this year, the presidential elections. By tampering data you can actually shift conversations and influence outcomes, so it's a whole new ball game, in terms of the new types of threats and new types of threat actors like nation states, who are getting into the game. >> Yeah, I thought one of the interesting points that came up earlier in the keynote today-- >> Rohit: Yeah. >> I think they called it salting or spiking the algorithm-- >> Rohit: Yep. >> With intentional bad data to send the algorithm on a path, in which it really shouldn't go. >> Exactly, exactly. And the way you respond to that is, again, to back to my point around business-driven security. If you have data, and if you understand the business context around how that data ought to be used, then you're able to protect it and secure it, and make sure it doesn't get weaponized, or used against you. >> Right, right. And another theme that came up at another session I attended is kind of the unique role that companies are in versus-- >> Rohit: Yep. >> The government-- >> Rohit: Yep. >> Because even if there is state-sponsored-- >> Rohit: Yep. >> Issues going on-- >> Rohit: Yep. >> Because many of the companies, RSA included-- >> Rohit: Yeah. >> Operate globally across the number of geos. >> Yep. >> They potentially have even more data, different data, to fight the threat than any one government does on its own. >> Indeed, and this is where sharing of information is vital, and along those lines, RSA is excited to announce this year that we've joined the Cyber Threat Alliance, which is a consortium of private companies who have decided that it's not the threat intel data, it's how you use it that's going to be the differentiating factor. >> Right. >> So, in the spirit and vein of working together, we are sharing threat data with each other, so that we can respond to the bad guys. >> Right. So, give you the last word-- >> Rohit: Yeah. >> It's February 14th, Happy Valentine's Day. Start of the new year, what are some of your priorities as you look down the other road, what are we going to be talking about a year from now? >> Yeah. >> What's things that are on your plate that you're really thinking about? >> Yeah, yeah. Look, so, in the vein of Valentine's Day, I totally love cyber security (laughing). Let me say that, and in terms of what we're looking forward to. Look, RSA is in the game to innovate and set the table, and set the agenda for the cyber security market. We play the role of bringing the cyber security community together, but it's our innovation along the axis of business-driven security. We want to take that conversation, drive that into the industry because we believe that without that, we don't have a shot of beating the bad guys. >> Right. Alright, well, we're all rooting for you (laughing)-- >> Thank you. I appreciate that. >> And everybody else in this building, alright. >> I appreciate that. Thanks. >> He's Rohit. I'm Jeff. You're watching The Cube, live from RSA 2017, in downtown San Francisco. Thanks for watching. >> Thank you. (instrumental electronic music) (upbeat instrumental music)

(upbeat techno music) >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at the RSA conference in downtown San Francsisco. 40,000 security professionals talking about how to keep the bad guys out, especially with IOT and 5G coming right around the corner. Joined by the many time CUBE alumnae, always great to catch up with Mark. Mark Nunnikhoven from Trend Micro, what's your title now? >> VP... >> Cloud research? >> VP Cloud research, that's good. >> Welcome! >> Thank you for having me, I appreciate it. >> So it's always good to see that the booth, you guys always have kind of the craziest, wackiest booths. I was wondering though, if you fell out of the rocket ship and that's how you busted your arm. >> That's definitely a better story, so I think we can go with that, or a transporter malfunction, something like that will be a much better story than the sad truth. >> Okay. >> So you've been coming to this show for a while, we see you at all the AWS events, how is the kind of evolution of cloud and the ongoing expansion of cloud kind of change the game in the world of security? >> Yeah, I think cloud has enabled us to do a lot of things that we've been trying to do for a long time, and you know, so we've talked about enabling granular security throughout the enterprise for years, and it's always been hard because we've had a lot of different vendors, a lot of different systems. When we moved to cloud, it's getting a lot more homogenized, and everything's accessible via an API. So we're seeing a lot of maturity in that space where people are embracing that fact, and starting to enable some things that we've been trying to do, like that solid identity in axis management, you know, that's been really difficult in the enterprise, it's far simpler in a cloud space. >> That's interesting, because the other fact is all these things are now all connected via APIs, right? And there are a whole lot of SAS applications in the enterprise >> Yeah! >> So the attack surface is growing significantly and as was pointed out in the keynote this morning, a lot of people work from home, they plug in their desks, you know, it's just, it's growing very very quickly. >> It is! >> So how do you look at some of these challenges? >> Yeah, and it's funny because it is significant and you look at IOT alone, right? There's billions and billions of devices that are being connected and the devices themselves aren't necessarily so much of a threat, though we did see that this year with the Miray bot net and you know some massive d-dos attacks, but it's the data that's going in the back end that's more of a danger to consumers. And we see that with sas services as well. As a security practitioner, you lose the ability to apply the traditional controls that we're used to. And now you're relying on your service provider to do that for you. But it's still your data. So you're sort of forced to construct this balance of, you know, making sure you're leveraging the controls and options the provider has, but also looking out for things like, you know, people effecting the data going in, and sort of manipulating and gaming the system more, and I think you mentioned they said that this morning too. >> Right, the other thing they said this morning is that every company has at least one person that's trying to connect with a Nigerian prince. >> Yeah! >> Who's going to click on these? >> Well he needs money! He needs money, right? >> Yeah, got to give him a little money. >> Yeah! >> I mean it's funny, as far as we've evolved, you know, every, you know, my wife will say "Oh, I got this weird email", so like don't click it, don't click it! >> Mark: Yeah! >> It's the same old techniques! >> It is, and, you know, I've been doing a lot of research in serverless security lately, and that's driven me to a really weird question. Because it's a collection of services where you don't have the ability to apply any controls directly. And it's sort of started me down this path of what is security mean? And it ties to what you were saying in that at the end of the day, users need to be able to use these systems. And sort of a pet peeve of mine is we tell people not to click on these links, but that's the sole purpose of a link is to be clicked on. So we need to find a better balance of educating people and giving them the context in which to make these decisions and having better reputation systems and better automated controls, so that they don't have the option of clicking or not clicking, they just never see bad links in the first place. >> Right, that's a good strategy. The other theme that's coming in, over and over, is really collaboration within the ecosystem here. To share facts, share knowledge, share data, so that you can pick up patterns faster, you can see notes, really the same thing over and over and over. And really, being the kind of co-op-itician, which is what makes Silicon Valley Silicon Valley. >> It is. And it's nice to see it increasing, I think it's gaining pace. And we're not just seeing it with the vendors, we're also seeing it where competitors in different industries are getting together. So a lot of financial CSOs are collaborating because they have a common enemy. And they realize they can't beat them alone, so if they're sharing threat intelligence amongst themselves, that they all sort of win because if one of them goes down, you know that attack's coming to the next door, right? >> Jeff: Right. >> You know, the next day. And we're doing the same thing in the vendor space, we're being more open to collaboration, and we're sharing research analysis, you know. A lot of vendors are launching bug bounty programs. You know, responsible disclosure is becoming a little more standardized. So not only within the community of vendors, but also within the research community. I think the more we talk, the better off we are because we see it in the underground where criminals are selling services to each other. They go "don't worry about setting up a bot net, Jeff I'll rent you one," so that miray bot net of IOT devices, we found that available for sale, you could lease it for 7500 US would get you almost a gigabyte of d-dos attack. And, you know, that's a really low barrier of entry for criminals, >> Jeff: Yeah. >> We need to make sure that we're making it easy for defenders to defend against that kind of thing. >> Still my favorite is the fake ransomware, where I didn't actually put ransomware in your machine but I told you I did, so go ahead and send the money to the Nigerian guy, and I promise I won't turn it on. >> Well, so that one's one of my favorites, but also sort of the super evil one that we saw this year was okay, I've encrypted your files, and I'll give you the key not for money, but if you encrypt two of your friends. So the pyramid scheme in spreading the attack. And that one was just super evil, cause it's mainly the social side, like, what kind of guy are you? Are you going to encrypt, like, you know? >> Which friends get it, right? >> Exactly, you know. >> Ones at the bottom of the list from Facebook. >> Yeah, but ransomware is a great example of attackers realizing that they can do this at scale, they can be insanely profitable, because even if you don't think you have a lot of valuable data, you probably got personal photos and videos that are really important to you, and if you're not taking basic preventative steps like backing up or patching your systems, then they're going to be able to get 500 bucks out of you, and that doesn't sound like much, but when you multiply that times, you know, 50, 60,000 people, because they just need to click a button or add people to a list, that's a huge amount of cash that's flowing in their coffers. >> Right. The other big change in scale that keeps getting talked about here is government, you know, kind of backed. >> Cyber... >> The nation state? >> Yeah, the nation state, thank you. Totally changing the game again, and as we talked about off air, it's good to know who you're fighting with. At least you can see 'em, but at the same time the scale of resources that they can bring to bare significantly bigger. >> Yeah, and that's the challenge. If you're not a nation state against a nation state, you know, it's David versus Goliath, without a good ending. Yeah, without the rock. You just got a piece of cloth, you're like "I hope I can throw somethin' at ya!" You know, but there is some advantage in knowing your adversary, especially when you're talking about, you know, nation state versus nation state, because everybody's got signature moves, they've got go-to work, you know, and you can kind of track them over time. And we've seen that with some research available, which is a great example of, you know, community participation, places like Mandy sharing information, you know, we do it at Trend Micro, bunch of the community players share like "hey, we found this ABT, we're associating it with, you know, probably a nation state, we're not sure who," but even the government, GHS just had a great release on grizzly stat, which was a very good campaign done, but very detailed analysis. Which we didn't see that three years ago, so helping people out to understand what they're up against, and if you're, you know, a smaller enterprise, or even a larger enterprise, you might not have the resources, but you can still take steps to make it harder. >> Right. >> And that's sort of the name of the game. Make it harder so that you get a better chance at protecting your data and at least being aware when you have been breached. >> Alright Mark, I'm going to give you the last word before we sign off here. What are your kind of priorities for 2017? You know, we talk a year from now, what are we going to talk about that you guys worked on this year? >> Yeah, hopefully, you know, a lot of the same, we're still pushing hard in cloud security around servers and containers, but a lot of my personal research has been pushing more towards teams and security professionals, and what we need to do to adjust to be educators in the space as opposed to being a silo team that's just telling you, saying "hey, you really should do this better." And I think that's a space that as an industry, we're ranking up to, that we have the expertise and we need to make sure the rest of business gets it too. >> I love it. We're hearing about big data all the time, it's a team sport, security is a team sport too. >> It is. It's a great way to put it. >> Alright, Mark Nunnikhoven, I'm Jeff Frick. You're watching theCUBE. We're at RSA, downtown San Francisco. Thanks for watching. (upbeat techno music) (gentle techno music)

(upbeat music) >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're in downtown San Francisco, at the RSA Conference, 40,000 people, the place is packed. North, south, east, west, I've never seen so many people at Moscone since Oracle OpenWorld, but they're all here helping us, keep us safe and we're excited for and we're all rooting for the good guys. We're excited for our next guest, Kapil Raina. He's the VP Product Marketing for HyTrust. Kapil, welcome. >> Hi, thank you, thank you very much. >> So for people that aren't familiar with HyTrust, give us kind of the quick overview. >> Sure, sure. HyTrust, we're a company that provides security compliance solutions for multi workload cloud environments and what that means is, companies that have say, infrastructure in one data center or two data centers of their own, different geographies, maybe they've moved to The Cloud, AWS, Microsoft etc. And what we do, is we make it easier for them to provide security, which means protection against data breaches or insider threats and compliance, being able to prove to an auditor, or to their customers, that their infrastructure, no matter where it lives, is secure. >> Right, so the cloud world is interesting, right. AWS obviously showed that Public Cloud is good, enterprises are happy to adopt a Public Cloud. Sales foreshow that a cloud based application SAAS service also works for the enterprise, but then you still have old data centers, you have private data centers and you have hybrid data centers and then, oh by the way, a lot of times, workloads move between the two, so it's a complicated enough world, before you even add over the security layer. >> Yeah, that's a great point. It's really fascinating, when you look back, you would have never thought that the general tenants of your data center, your infrastructure would ever be up for discussion. It is now. What you're seeing is, that CIOs are struggling with, is okay, which cloud provider do I choose, right. Amazon Web Services, great for certain things, but there's also a drawback. Then you have IBM Cloud, you have Google stepping into the game. You have a number of these vendors. Overlay on top of that, the geographical concerns, so for example, your GDPR in Europe, right and even in the US, you have things HIPPA, and other things that keep changing. So one is, you have the players changing on the infrastructure side, you have the regulatory complaints changing on a potentially, per country or per region basis, and you have to keep all that secure and compliant, while your own admins don't always know necessarily what they're doing, because you went from compute, storage and now network virtualization. Everything is an object and anyone can touch anything at any time, but as a CIO or the CISO, you're still responsible for all of that. >> Right, and then you've got all these APIs, so you're tying together a bunch of applications, you've got DevOps, so you're actually pushing out new code, many, many times a day and everybody's working off their iPhone, or work it out of their home home, which was part of the topic of Keynote today. You have this whole new threat surface, called your house, which increasingly has more connected devices and you're probably working on your laptop, you know, on the kitchen table, now and then. >> Yeah, you know, HyTrust, it's interesting, you know, we have been around for eight plus years, developing expertise in the security space, compliance and infrastructure and we've seen from, we have some very big federal government customers, some of the biggest banks, retail, health organization in the world. What we learned from our customers, is that yes, there is hope, right. >> I'm glad, you're like the first optimist we've had on the show. >> There is hope, there is definitely hope. >> The bad guys are still winning, okay, good. >> So where the hope comes in is, not tying your security compliance needs to your infrastructure, otherwise once you change infrastructure, you have to relearn all those tools, all those skills, it could be different people you have to bring in. That, itself, is an issue. If you can sort, if you will separate your security and compliance needs from your infrastructure, in other words, wherever your workload goes, you pick your Public Cloud, you've picked your Private Cloud. If you can secure it, you can prove compliance, you're in good shape and that's what really HyTrust is bringing to the table, saying as a customer, you know already what your security policy is. Don't do bad stuff, do good stuff, follow the rules. But it gets complicated when you change workloads, change environments and change people. And so we simplify a lot of that, so yes there is hope. >> And you keep saying security and compliance together, yet those are two very different challenges that are related but not the same, so how do people prioritize what sometimes maybe falls off the table doesn't get the attention that it should, or does one really drive the other? >> So what's interesting is if you look at over time for enterprise organizations, the number of individuals, and the number of departments involved in a particular purchase decision has increased. Why? Because the consolidation of infrastructure, virtualization for example, has now forced security, compliance and infrastructure all to work together. They have to come together to decide how to do a certain deployment, how to do a certain set of policy changes, and so, the reason I say that, is because they actually have to work together. It's no longer the days where security goes in the corner, chooses some five products, they're happy, compliance sets up a set of rules, they're happy, they all have to work together now and so, in large part, that coming together's happening now. So there is some initial pinpoint, but the other end of that is you'll have a much more streamlined compliance process. Everyone will know what they're supposed to do. There's not this, "Oh, I've got another audit coming", they won't be spending so much money on it, and on the security side, you've actually reduced your tax service by not relying on specific point solutions. You're creating a single policy that gets implemented regardless of the infrastructure. >> Right, and then you get to see it across GEOS, across data centers, across-- >> Absolutely. >> So it's an interesting kind of, point of view, where we've got kind of this state-sponsored stuff going on, but it's the companies that operate in many countries, that in some ways have maybe better visibility into the variety of different types of threats. >> Yeah, and you know, what's interesting is, you can look it at two levels. One, there's obviously a policy level, right. A lot of large customers say, "Look, what can I", even if we have some of the largest retailers in the world, largest banks in the world, "What can I, even as a CEO of these large companies do, for a state-sponsored attack." And then you have, sort of the technology approach, which is, "Well I got to do something, right". Targeting all of these breaches have showed that regardless of how it happens, you're still responsible at the end of the day for your customers' safety and what our response to that is, Look, you can influence policy to a degree and you should, right. From a technology point of view, be independent of your provided suppliers. Be able to say, "I have a security policy, I have compliance needs, but if I need to, I will switch infrastructure to ensure that both my business runs and my customers are safe", and that ability, that agility, is only now becoming sort of, more mainstream, and people are asking for it. >> But it's interesting, one of topics in the Keynote today, was you know, you don't need to employ every single person that's got a boot on the floor. I mean, at some point in time, there's some rationalization on you know, who are the partners that you choose, to go to war with, in this fight and it's, you know, I can see from a CIO perspective, you got to walk 'round this floor and the other floor at west and north and you just go, "Oh my gosh, where do I start". >> Well you know, I'll layer on one long more complexity. If you're the CIO, this here, this shows one fraction of what you're worried about, which is security. Right, it doesn't even get you kudos, you just don't screw it up, right. But you're worried about your business. How do I expand into other markets? How do I open up another branch? How do I do it quickly? Right. So from that point of view, I think what you'll see here, is a lot of consolidation and the consolidation will happen, not just because you have the best technology, but because the company provides, the vendor provides to the CIO, both an understanding, how do these pieces fit together. Even if you're a company in the stack, can you explain to the customer where you fit in the stack and make their life easier, 'cause if they're already saying, "Hey, I'm thinking agility like DevOps", you already have to be thinking about how you fit into their environment, not the other way around, right. >> Alright, Kapil, I'll give you the last word. What are you priorities for 2017? If we meet again here a year from today, what are we going to be talking about that 2017 was all about? >> Sure, absolutely, so HyTrust's main mission really, is to simplify this idea of multi-cloud workload security compliance and so, our focus in 2017 is to expand that ability across all the public and private clouds and make it much easier, and then from a company point of view, we're heavily involved with various organizations to communicate that knowledge out, to share the learnings that we have out to all of you out there, whether you're at the C level, the director level or even if you're a practitioner, we're here for you. >> Alright, well nice summary. Thanks for stopping by. >> Thank you. >> Alright, he's Kapil, I'm Jeff. You're watching theCUBE from RSA 2017 in downtown San Francisco. Thanks for watching. (upbeat tune) (ambient music)

(upbeat music) >> Hey, welcome back everybody. Jeff Frick here with theCUBE. We're at the RSA Conference in downtown San Francisco. We're live, it's 40,000 people all talking about security, and we're excited for a first-time attendee of RSA. We're joined by John Smith, a solutions architect from ExtraHop Networks. Welcome, John. >> Hey, thanks for having me. >> Absolutely. So you said it's your first time to the RSA Conference? I'm just curious, kind of first impressions of the show? >> Wow. Well, there's certainly a lot of people here. It's the biggest show I've ever been to. We've been to Synergy, HIMSS, a couple of them. I think HIMSS might have more people, but it certainly seems more crowded. People are more involved in the booths here, asking a lot of really good questions. A lot of ones and zeros people at the booth, so you really got to be on your toes (laughs) when you're talking to folks. (Jeff laughs) >> All right, for the people that aren't familiar with ExtraHop, give us kind of the overview, what you guys are all about. >> So we're a real-time IT analytics product that uses wire data to provide, at least in the security space, the biggest play we have is more around surveillance and invisibility. One of the first two controls that SANS recognizes as being, that you need to secure your environment, is asset inventory and the ability to see what applications are running on those assets. A lot of the tools in the security industry try to engineer down to that, to try to give you that. That's one of the, a lot of security people will kind of name that as one of the more difficult things to get. We start there. So we are a wire data analytics, that's kind of the core of what we do, so we don't require any IP addresses, we don't, or, I'm sorry, we don't require any agents, we don't require any SNMP, any ping sweeps or anything like that. If it has an IP address, it can't hide from us. So that means whether it's an IOT device or a medical device that's been compromised, if it's someone who wants to work in the dark and they've got a NACL that's blocking people, the minute they communicate with someone else, they're made and they can't hide from us. So what we've seen in our, with our customer base, is kind of a burgeoning security practice where people are actually using the appliance more in a security use case, and that's probably our fastest-growing use case right now. >> So what was the core of the business before? You said ExtraHop's been around for 10 years, but you're new here. What was kind of the core business before your security practice really grew? >> So the core of the business, and, you know, there's three kind of major areas. There's, we generally use the wire as a data source. So we position the customer to interact directly with the wire and the data that's coming across it. So that can be break, fix, and performance of your different web applications from layer two up to layer seven. A lot of that is business intelligence. We had an online retailer that wanted to know, you know, the average of income of people who filled out their credit app by ZIP code so that they could adjust pricing. That used to be a complicated OLAP job on the back end. We were able to give that to them in real time so that they could see, "Hey, people in this ZIP code make $300 a month more "than people in this ZIP code, we can raise prices here." So business intelligence and break, fix, and performance are big ones, and then of course in the security place, or the security space, where we're able to provide full accountability for every single IP address on the network, has been very powerful. >> Interesting. So you said you had some announcements that you guys are making here at the show? >> Yeah, so we have, are announcing our SaaS offering, which is another, it's basically a machine-learning, a cloud-based machine-learning platform that allows us to do some anomaly detection without the need to, you know, a lot of your cloud-based anomaly detection tools require you to forward terabytes of data so that then they can look at it, analyze it, and then maybe an hour later you get some information that you've been breached or that there's a problem-- >> That, or a day. >> Yeah, or, maybe, yeah. >> Months and months and months. >> Exactly. We're kind of unique in that we're able to, you know, what our Atlas program is able to essentially interrogate systems that are deployed around the world, currently around the U.S., it's a U.S. offering today, but basically we can interrogate those systems for any types of anomalies that happen. Actually, in the run up to the offering, we had a customer that was able to reroute some traffic because they were able to see the mirai botnet was starting to meddle with some of the performance of different parts of their infrastructure. So having the ability to be able to provide customers visibility into what's going on on their networks without the burden of making them FTP data up to you so that then you can evaluate it, one, you don't have the infrastructure burden of sending the data to you and the delay with that, but in addition to that, you're able to provide some real-time visibility. One of the things we've noticed is that the people who have the ability to interpret the data and to kind of parse and tell you when there is an anomaly, they're very overworked and they're spread really thin in a lot of their organizations. We augment that capability by doing some of that heavy lifting for them so that we can say, "Hey, did you know you have 1,000% increase in, you know, "DNS traffic from this particular host?" >> Right. >> That type of visibility that you can do in real time, so that if you have multiple branches around the country, we can provide that visibility from one centralized location. >> Yeah, it's all about the real time, right? Real time is in time, hopefully. >> Real time, and really, the money is in the mash-up, right? We've had a lot of really, one of the things I've noticed over the years is thread intelligence has really matured, and I think that's great, but if you can't marry that with some of your own intelligence that's going on on your own networks, you know, the value is really a lot tougher to realize. If you can ad hoc or if you can engage in some ad hoc thread intelligence by leveraging a platform like ExtraHop that can do the evaluation and thread things like anomalous behavior, that makes your agility to deal with today's threats really, really, a lot more effective. Most threats, as you're probably aware, happen, I think 93% of them happen within a minute. Dealing with that with humans, dealing with that with logs, is, it's really, really tough to do. I love logs and I love humans, but if you can position yourself to engage in programmatically dealing with that, we see orchestration is becoming, you know, kind of an emerging technology, and we're uniquely positioned to be able to interact with any sort of orchestration engines, something like a phantom, you know, things like that, where we can observe some actionable data, and then we have an open platform that can then integrate with the orchestration they're after. >> All right. Well, John, that was a great summary. We're going to leave it there, thanks for stopping by. The money's in the mash-up, did I get it right? >> John And Jeff: The money's in the mash-up. >> Baby. >> All right. >> All right. >> He's John Smith, I'm Jeff Frick. You're watching theCUBE from RSA. >> Thank you. >> Thanks for watching. (upbeat music)

(upbeat music) >> Hey, welcome back, everybody. Jeff Frick here with The Cube. We're at the RSA Convention in downtown San Francisco. 40,000 people talking security, trying to keep you safe. Keep your car safe, your nest safe, microwave safe, refrigerator safe. >> Everything safe. >> Oh my gosh. Jason Porter, VP, Security Solutions from AT&T, welcome. >> Very good, thanks for having me, Jeff. >> So what are your impressions of the show? This is a crazy event. >> It is crazy, I mean look at all the people. It's the crowds, it's a lot of fun. The best part is just walking the hallways, getting to connect with friends and network and really create new solutions to help our customers. >> It seems to be a reoccurring theme. Everybody sees everybody who's involved in this space is here today. >> Absolutely, yeah, for the next couple of days it's just all in all the time. >> AT&T, obviously, big network, you guys are carrying all this crazy IP traffic that's got good stuff and bad stuff, a lot of fast-moving parts, a ton more data flying through the system. What's kind of your step-back view of what's going on and how are you guys addressing new challenges with 5G and IoT and an ever-increasing amount of data-flow through the network? >> Absolutely, so you're right, at AT&T, we see a ton of traffic. We see 130 petabytes of traffic everyday across our network, so our threat-platform, we pull in five billion threat events every 10 minutes. So-- >> Wait, one more time. Five billion with a B? >> Five billion events every 10 minutes. >> Every 10 minutes. >> So, that's what our big data platform is analyzing with our data scientists and our math, so, lots of volume and activity going on. We have 200 million inpoints, all feeding that threat-platform as well. What are we seeing? We're seeing threats continuing to to grow. Obviously, everybody here at this show knows it, but give you some concrete examples, we've seen a 4,000% increase in IoT vulnerability scanning. IoT is something as a community, as a group here, we definitely need to go solve and that's why we launched our IoT Security Alliance last week. We formed an alliance with some big names out there, like Palo Alto Networks and IBM and Trustonic and others that really, we all have a passion in going out and solving IoT security. It's the number one barrier or concern for adopting IoT. >> You touched on all kinds of stuff there. >> A whole ton of stuff, sorry. >> Let's go to the big data. >> Yeah. >> What's interesting about big data and I always tell kids, right? Every coin has two sides. >> Absolutely. >> The bad part is you've got that much more data to sort through, but the good news is you can use a lot of those same tools. Obviously, it's not a guy sitting with a pager waiting for a red light to go off. >> That's right. >> Analyzing that. How has the big data tools helped you guys to be able to see the threats faster, to react to them faster? >> Yeah. >> To really be more proactive? >> That's a great point, so cyber security is a zero percent unemployment field, right? >> People, you can't get enough people to come work in Cyber security who have the right talent. We had to really evolve. A few years ago, we had to make a big shift that we were not going to just put platforms and people watching screens, looking for blinking red lights, right? We made the shift to a big data threat platform that's basically doing the work of identifying the threats without the people, so we're able to analyze at machine-speed instead of people-speed, which allows us to, as I said, get through many more events. >> Right. >> Much more quickly and allows us to eliminate false-positives and keep our people working really at that, looking at those new threats, those things that we want the people analyzing. >> Right, so the next thing you talked about is IoT. >> Yep. >> My favorite part of Iot is autonomous vehicles just cause I live in Palo Alto. >> Absolutely. >> We see the Google Cars and they're coming soon, right? >> Absolutely. >> But, now you're talking about moving in a 3,000 pound vehicle. >> Yeah. >> Potentially, somebody takes control, so security's so important for IoT. The good news for you guys, 5G's got to be a big part of it. >> Absolutely. >> Not necessarily just for security, but enablement, so you guys are right the heart of IoT. >> Yeah, we are, we have one of the largest IoT deployments in the world. We have the most connected devices and so, what we see is really a need for a layered approach to security. You mentioned 5G, 5G's certainly a part of getting capacity to that, but when you moved to IoT with connected cars and things, you move beyond data harm to physical harm for people and so we've got to be able to up our game and so a layered approach, securing that device, us putting malware detection, but even threat and monitoring what's going on between the hardware and the operating system and the user and then segmenting, say, in a car, telematics from infotainment right? You want to really segment the telematics so that the controls of driving and stopping that car are separate from the infotainment, the internet traffic, the video watching for my kids. >> Right, Spotify, or whatever, right, right right. >> Absolutely and so we do that through SMS, private SMS user groups, private APNs, VPNs, those kinds of things and then of course, you want to build that castle around your data. Your control unit that's managing that car. Make sure you do full UTM threat capabilities. Throw everything you can at that. We've even got some specialized solutions that we've built with some three-letter agencies to really monitor that control point. >> Right, then the last thing you touched on is really partnership. >> Okay. >> And coopetition. >> Yep. >> And sharing which has to be done at a scale that it wasn't before-- >> Absolutely. >> To keep up with the bad guys because apparently, they're sharing all their stuff amongst each other all the time. >> Yeah, absolutely. >> And here we are, 40,000 people, it's an eco-system. How is that evolving in terms of kind of the way that you share data that maybe you wouldn't have wanted to share before for the benefit of the whole? >> Yeah, so, our threat platform, we built it with that in mind with sharing, so it's all, it's surrounded by an API layer, so that we can actually extract data for our customers. Our customers can give us their date. It's interesting, I thought they would want to pull data, but our biggest customers said, no, you know what? We want your data scientists and your math looking at our environment too, so they wanted to push data, but speaking about alliances overall, it's got to be a community as you said. And our IoT Security Alliance is a great example of that. We've got some big suppliers in there, like Palo Alto, but we also have IBM. IBM and AT&T are two of the largest manage-security companies in the planet, so you would think competition, but we came together in this situation because we feel like IoT's one of those things we got to get right as a community. >> Right, right, all right, Jason. I'll give you the last words. >> Okay. >> 2017, we're just getting started, what are kind of your priorities for this year, what will we be talking about a year from now at RSA 2018? >> You're going to continue to hear more about attack types, different attack types, the expanding threats surface of IoT but I think you're going to continue to hear more about our critical infrastructure being targeted. You saw with the dying attack, you're starting to take out major pieces that are impacting people's lives and so you think about power grids and moving into some more critical infrastructure, I think that's going to be more and more the flavor of the day as you continue to progress through the year. >> All right, well hopefully you get good night's sleep. We want you working hard, we're all rooting for ya. >> Absolutely, we're all working on it >> All right, he's Jason Porter from AT&T. I'm Jeff Frick with The Cube. You're watching The Cube from RSA Conference San Francisco. Thanks for watching. (melodic music) (soothing beat)

(energetic techno) >> Hey, welcome back everybody, Jeff Frick here with the cube. We're at the RSA conference in downtown San Francisco, Moscone Center. 40 thousand people talking about security, especially with things like IoT, and 5G coming, just right around the corner, so it's important, and we're excited to be joined by industry veteran, George Gerchow. He's VP Security and Compliances at Sumo Logic. George, welcome. >> Thanks, great to be here! Having a fantastic show so far, so thank you. >> So it's funny, before you came on, you knew our last guest, and he even commented. (George laughs) He has a big role, there's 40 thousand people, but this is like, all the world's security experts at one building. >> They're all right here, right now. So if you wanted to plan a massive terrorist attack? >> Don't say that! >> (laughs) We'll be right here, right now! >> Well, and they have a lot of security, it's funny you're laughing, but there's guard dogs, and I got my bag checked a bunch of times. I guess it makes sense. >> (laughs) It absolutely makes sense, but yes, everyone's here, all the who's who, and it was great to see Tom before me. >> And the uh, and the challenges just keep continuing right? With IoT, it's coming right around the corner. Connected devices, sensors. It's funny, in your goodie bag here at RSA, they even give you a little, the little thing to hide the camera on your, on your laptop, right? >> Yeah, they really do, I mean, everything's connected, right? I mean, there is no more hard-shell, soft-center perimeter to security anymore, it's all out there. It's a hostile world, and uh, you just got to do your best to protect yourself. >> Alright, well, hopefully you guys are all staying on the light side, and don't go to the dark side. >> (laughs) Yeah, absolutely. >> So we were talking a lot about threats, and threat intelligence. >> Yeah. >> Can you give us a kind of an update on what you're working on, you know, kind of what your top-of-the-mind of this area? >> Yeah, yeah, absolutely. And so you know, at Sumo Logic, we have a security analytics platform, built that scale, multi-tenant, in the cloud, native-born. Part of my job responsibility is to secure that platform. But one of the things that we were missing, quite honestly, was threat intelligence feeds coming into that platform to be able to do deeper forensics on malicious IPs, indicators of compromise around URLs and domain names, so now we're offering to our customers integrated threat intelligence, intersecurity analytics, for free, (chuckles) and now it's here at RSA to be able to do deeper forensics around some of those indicators of compromise and the bad guys that you were talking about. >> (chuckles) So now that with the, with the security analytics, hopefully you guys can see things faster, you can pick up patterns quicker, you know, you can use real-time streaming things like Spark to actually get ahead of the curve instead of the, what we always hear, spend 250 days since you knew, (chuckles) that you were, uh, compromised. >> Yeah, you're exactly right, it's getting to the root cause much faster, you know? Because you have so many different things that focus on a security team. Like, my team alone is constantly getting things flagged up all the time that we may or may not want to pay attention to. But those things that are really critical, that needle in the haystack that you have to dive into that's a potential threat or vulnerability right away, we want to surface those up very very quickly. So we drink our own champagne, we're running it internally, and now we're offering it externally to our customers as well, too. >> And you just can't do that without machines and automation, right? It's just not possible to keep up with the volume of activity, and to find that needle within just a mass of things that you guys are keeping an eye on. >> You're exactly right. Especially being in the cloud, right? Think about the dynamic, you know, things are taking place, you know, IPs constantly changing. What's my system today might be your system tomorrow. >> Right. >> So having that, more real-time, deeper visibility, into what's taking place on those high threat items, that's even more critical once you're moving out to the cloud for sure. >> Right, and you guys have been involved in the AWS biz, I think we interviewed Sumo Logic like, AWS summit 2013. >> Yep, right. >> In this very building. >> Right! We're native-born, and AWS, >> There you go. >> So great memory! >> So how, so how does kind of the cloud impact, to just more of a general security point of view? People's expectations of behavior of their applications and their data? >> Oh my gosh. >> And it's just like, it's like the dial tone, right? It's almost like (mumbles). >> Right. >> It's just supposed to be there, flex up, flex down as ever I need it. Obviously you got to worry about keeping that real, keeping it safe. How has that impacted the way, uh, that customers expect security? >> Right, so, well, customers now, it's actually behaving a different way too. They're so scared, some of them, of "oh my gosh, my data is leaving beyond my control." but the reality is, I can use some of that scale, and some of those automated systems in the cloud to make the data more secure, once it moves out there. I can leverage the power of code to really lock down how that data is protected against both inside sources and external sources. So it's really, to us, it's been an advantage point. Being native-born, understanding how the cloud works and how to secure data in the cloud, and then now, sharing that with our customers, has really put us ahead of the curve. Like the industry's just now catching up to where we're at. You said 2013, we were here talking about cloud, and now here we are, right? >> Right, right. >> Where other people were like, we're never going to move our stuff out there. Well, guess what? >> Right. >> You're moving out there now. (chuckles) >> And you guys can leverage cloud yourself in terms of your own applications, right? To grow and scale, I mean. >> Absolutely. >> It was amazing, AWS reinvented the Tuesday Night with James Hamilton, which uh, >> Right, yes. >> You probably went through, it's like a rock-star show. But when he goes through the scale of the way, of the infrastructure that AWS can deploy because they have such mass scale, I mean to try to compete with that as an individual company? Pretty tough. >> It's not going to happen, you know? And it's the same thing with us, you know. So if you're really going to do security analytics at scale, well, it's about scale, multiple data sources. I want to be able to go from 10 terabytes to 20 terabytes overnight, and then start looking for the security threats. Well, that's what we do. We built our platform in the cloud to scale at that rate, but now we're just heavily focused on security content and solving problems as people start moving their workloads out to the cloud. We've been there for a while, so we're helping people. And look, we're learning like everyone else every day. Things change, as you've mentioned before. But we have a pretty good approach as to how we lock down our own environment, and we're just sharing it externally now. >> So the other big theme that we keep hearing over and over at the show is collaboration, and companies, kind of coop-petition, which is the Silicon Valley way, has always been, >> Absolutely, no question. >> You know, to share threat information with your, partners in the industry, to try to help get a leg up on the, on the bad guys. Have you seen that kind of collaboration. kind of environment, change over the last several years? >> I am so glad you brought that up, because it is an ecosystem. Like for us, we're taking the threat feeds from Crowdstrike, who's, you know, one of the leaders in the threat feed space. We're also partnering up with WinLogin at this show to really start locking down people's credentials when they come in. And then also great partners like Trend Micro. It takes an ecosystem, there is no silver bullet. There is no one company, one solution that solves a problem. It takes a collaboration of vendors and partners to really be able to get this done, and I feel it and live it internally. >> Right, right. Alright, I'm going to give you last word, George. >> Alright. >> So it's February. What are your top priorities for 2017? What are we going to be talking about a year from now at this show? >> Okay, so one of the top priorities for me is definitely the DDoS attacks in the cloud? You know, so people being able to launch a DDoS attack within AWS at AWS, and have an AWS eat itself. (both chuckle) Like, literally, this keeps me up at night, you know? So, that's one of my -- >> Where's Scott? >> Top priorities. >> Scott, did you hear that? (both laugh) >> Alright, it could happen, so anyway, that's one of the things I'm focused on right now. >> Alright, excellent. >> Sure. >> Well, I know you got to run to the booth, it's a busy show, >> Great show. >> I know you probably have meetings with 39,995 of these other people. (George laughs) He's George Gerchow, I'm Jeff Frick, you're watching The Cube. Thanks for watching. >> Thanks guys, 'preciate it, thanks Jeff. (energetic techno) (sedate synths)

(upbeat instrumental music) >> Hey welcome back everybody. Jeff Frick here with the Cube. We're at the RSA Conference in downtown San Francisco. 40,000 security professionals here talking about how to keep us all safe, especially when we're in autonomous vehicles, especially when we have connected nest devices. It's a crazy wild world. We're excited to be joined by Derek Manky, the global security strategist for Fortinet. Welcome. >> Hey thanks, pleasure to be here. >> Absolutely. >> We'll talk security right? >> Well I hope so. So for folks that aren't familiar with Fortinet, give us kind of the overview of what you guys are doing. >> Sure I mean tons of different things. So, you know, my department, I work directly with our global threat intelligence team and our labs. So for over 15 years now, we've been building up our labs. We have over 200 threat analysts and researchers worldwide combing through data at any given minute. But the problem is, the data. We live in a big data world now. There's so much, it's very easy to become overwhelmed with data. So we've taken an approach where we have a very intelligent human expertise team, but we've invested a lot into automation, machine learning, artificial intelligence, that you're going to find that's a very important thing moving forward because we need to be able to stay on par with the bad guys. >> Right right. >> The bad guys are very good at automation. They don't have anything holding them down. They're flying full-force, so we're trying to keep up to them. And, you know there's a lot of great initiatives like cyber threat alliance, of course, so we made a big announcement this week on that too. >> Right. So really as things have evolved over those 10 years, I mean the bad news is the amount of data that you guys have to keep track of is growing exponentially. The good news is the tools like machine learning and AI and Spark and Hadoop and, you know the tools that you have to use are much more sophisticated as well. It kind of works both sides of the coin at the same time. >> Yeah but you know what? One thing that we found is that there is a lot of information here, there is a lot of data being thrown out there. You have to make sense of the data. So a big theme and a big focus of ours is making data actionable. So threat intelligence actionable. How do you cross what we call the last mile? How do you take data and information and put it into transparent security controls so the end users, like all of our customers, don't have to do that manually. The manual work is what's killing a lot of people out there. There's a huge gap in cyber security professionals out there. People like network administrators, by the time they receive, say, a PDF document or something manual that they have to plug in an IP address or an update, it's often too late. A lot of this information is very perishable, very fluid. So, we're trying to automate that into the security controls. That comes from a lot of that big data, analytics on the back end. We call it a security fabric. So this is where we can weave in that information into all of our different products. End point, from end point all the way up to the cloud. And the cyber threat alliance is a very big initiative. So we're a founding member of that along with the other founding members I mentioned this week. We're working together to share information. And the goal of that is to share information on a platform and then as a member of the CTA founding member take that information in and push that out into those controls in near real time. That's the big thing. >> That was the big thing right? Because people have shared data before. But it's really kind of this real time emphasis to get it in real time. You know using things like Spark and streaming data. So that you're not reacting after the fact. In the old stat they used to quote us, you know people didn't even know for like 250 days. >> Derek: Yeah. >> Or whatever it was. >> We're bringing a lot of illumination to intelligence as well. Visibility's a big thing. Speed is a very big thing right? How can we get that information out very quickly because like I said the bad guys are moving a million miles a minute. So it's a really important initiative what we're doing with that. The other thing is the quality of information. A lot of information is too hastily shared and I think humans we're at that tipping point right now. Where humans can't fully trust automation. It's like autonomous vehicles. >> Right right. >> You're not going to put it fully in control right? You have to start getting a trust exercise with it and that's what we're trying to do, a lot of this intelligence. >> What was interesting in the keynote this morning one of the new threads they highlighted is people actually feeding the algorithms bad information. >> Poisoning yeah, yeah. Absolutely, yeah, yeah. >> Salting the algorithm is what they call it. To send it down a different path than it should be going. >> I mean the bad guys will put all this thought throughout and evasion techniques. But that's another really nice thing about the cyber threat alliance. Is that we're all collaborating. So we're giving confidence ratings to this. So it's also a quality of sharing system which the industry very badly needs in my opinion too. >> So what's next? Looking at 2017, we're getting started this February. Oh it's Valentine's Day February 14. >> Happy Valentine's Day. >> Happy Valentine's. So a year from now and we talk, what's the top of my priorities? What are you working on for the next little while? >> Yeah absolutely. Again we're going down the CMO automation. You're going to see a lot on the security fabric that we have. So this is how we can have machines automatically learning about environments. Automatically adapting to environments. You look at a lot of security problems out there a lot of the times it's security 101. It's people misconfiguring firewalls, misconfiguring policies and devices. Not having a proper security device in front of their crown jewels or their asset, their digital asset. So that is a big theme that we're doing, it's taking that intelligence and starting to empower our products and solutions to make intelligence decisions on their own. >> Right. >> That's a very big leap forward and we've made significant progress with that. >> It's interesting that you mention that. There's still a lot of 101 work that people aren't doing to the degree that they should. There was a great line in the keynote this morning that every company has at least one person that will click on anything. >> Weakest link in the chain right? Yeah. >> Absolutely. Alright well Derek thanks for stopping by. And congrats on a great show. And really some exciting stuff with that cyber threat alliance. >> Great yeah thanks, a pleasure. >> Alright he's Derek Manky I'm Jeff Frick. You're watching the Cube from RSA in downtown San Francisco. Thanks for watching. (instrumental music)

(upbeat music) >> Hey welcome back everybody, Jeff Frick here with theCUBE. We are live at Moscone Center at the RSA Convention. 40,000 security professionals are here, talking about security. This thing grows every single year. We're happy to be here and excited for our next guest, Ajay Gupta. He's the Global Director, Product Marketing and Management from Huawei. Welcome. >> Oh thank you, Jeff. Pleasure to be here. Thanks for your time. >> Absolutely, so you've been coming here for years. You laughed at me when I asked how long you've been coming here. >> Oh it's been ages, you can look at me and you can imagine. >> No, look, all hairs still dark. >> Oh come on, you're being too nice to me. >> So what's really changed, as you've been coming for years. Kind of at a global perspective? >> Yeah, yeah I think we've seen the nature of security change, the nature of threats change. The different companies have changed actually over the years. The crowd has gone up and swelled like 40,000 you mentioned. So, we really think this show has really become the gold standard for the trade shows when it comes to security. We weren't there at RSA but last few years we have made it a point to be here every year to talk to the customers here. >> Yeah. >> And you meet all the people from all over the world. That's the best part, customers, partners, everybody. >> It's interesting because a big part of the theme here is collaboration and ecosystem. And nobody can do it alone. Everyone covers different pieces of the puzzle. I know you guys are trying to grow your ecosystem. What does ecosystem mean to Huawei? >> Absolutely. I think we do believe from a security perspective no single vendor can offer the best of the breach security to their customers. We really need partners, the ecosystem. Huawei has something called being integrated. That is, bringing the partners onboard to offer different pieces of the puzzle. In fact it's a good point to mention. We are announcing two announcements this morning actually. The first one what we'll talk about is Avira. It's the best AV engine company in Germany. Huawei really recognizes the importance of the AV. So we are bringing their AV engine on the Huawei's next generation firewall. It really brings two things. Performance and accuracy. That's what people need from a AV point of view. The second announcement we're going to make really is what's called the Huawei USG9000V. It's a security gateway actually. So as the cloud's proliferation, as people are moving to the cloud, as people are using more and more SAS applications, you're going to see lot more security building from the cloud perspective. Our USG9000V is actually the perfect gateway to combat the security threats in the cloud. So virtual data centers, the cloud data centers, the OTT's, we really bring all the different kinds of security in the USG9000V. The announcement we are making is really an upgraded version of the existing security appliance that we call 6000V. Again, it's a software security. Works with different VMs whether it's KVM, whether it's zen, whether MS6. Huawei's own virtual system. Huawei's FushionSphere. The performance is in terabit so you can actually go in and read some of the specs from the Huawei's perspective. One of the best of the V products for virtual security. >> Right. And the cloud's changed everything, right? So many applications are delivered via the cloud now. And even if it's not a cloud and it's an internal cloud people want the flexibility of cloud. They want to scalability of cloud. They really want the way the cloud works for them to deliver the applications to their customers and their employees. >> Definitely. So three things I'm going to mention here from a cloud perspective. What people are looking for from a cloud security perspective is on demand. How do you scale in, scale out as the demands of the bandwidth goes up. You got to make sure your network security is able to keep up with that demand. People are looking for visibility. You've got this multitude of appliances, boxes, cloud boxes, cloud security all over the place. How do you make sense out of it? How do you really bring all of those thresholds, all of those unloads come together into the form of CIO or CSO can really understand. >> Right. >> And the last thing I'm going to make it easy to configure. PLug and play. Some of the automation feature. Automation people are starting to move in the security but you got to be careful when you bring automation from a security perspective. You need to automate task that are not that mission critical. But as we more and more trust, you're going to see more security automation in the industry. >> Yeah. Because when it's cloud it just needs to work, right. Everybody just expects, I can add more capacity, I can spin it down. And it just needs to work. It's somebody else's problem, it's somebody else's data center. >> I don't know what's going on behind the scenes, I just know it works. >> Yeah. >> I pick up my phone, it's going to kick. That's exactly the concept of security. But you got to be really careful when it comes to security because you got to make sure that when, suppose the positive threats and positive and negative threats actually. How do you combat and make sure you automate from the positive point of view and not from a negative point of view. >> But there's one thing that hasn't changed, cloud or no cloud. And they talked about it in the keynote and that great line was every company has at least one person that will click on anything. (laughs) >> Oh, I love it. I love it actually. >> How do we get past, I mean, they're still getting the email from the African king who needs some dollar >> Nigeria, Nigeria >> For Nigeria. >> Let me put I this way. I would say hackers are getting smarter and smarter. How do you keep up with the threats from the hackers who are one step ahead of you. How do you really combat threats, unknown threats, in the future? So I think things we have seen in 2016, the phishing attacks are back on the rise actually. Always do you see Ransomware. Form the point of Ransomware I should mention there's something called par pon ton from Ransomware that I'm going to let you off the hook if you infect two other computers actually. I don't need the money from you. So hackers are coming with those innovations to really go and hack more people actually. You seen what happened with the collected costs. Chrysler had a recall on 1.4 million vehicles in the past. Do you see what's happened with the camera, the surveillance camera. So I think two things we really need to watch out in 2017. One is Ransomware and the number two thing which is extremely, extremely important is industrial IOT actually. >> Absolutely. >> As the sensors get deployed more and more around the world you've got to make sure those sensors are able to keep up with the threat, it's not easy. So what Huawei provides to the table is really end to end security. Two things in security; multi-layered security and security indifference. Those are the principles from the bottom, not from the top down. >> Right. It's funny, the funniest, it's not funny really. The Ransomware story was fake Ransomware. I didn't really put Ransomware on your machine I just told you that I did so go ahead and pay me anyway. And the other thought is really the ability for them to build a business because of Bitcoin as a way to collect anonymous money from people. That enabled a rise in the escalation in Ransomware. It's a complicated world. They give you the last take as people drive away, leave RSA 2017, really what should be the top of mind as they think about what's going to happen and what we'll be talking about when we come back a year from now? >> I think two things I would really suggest people to really take away from the RSA this year. First of all, what's happening in the industry? What's happening in the market? Keep updated with the latest threat. See what vendors had a very comprehensive solution from an end to end perspective. Really go do their own research, making sure that security is not an after thought. Security it needs to be proactive. Security needs to be built up from ground up. Don't regard security as something secondary actually. As long as people put premium on security, that's going to save their face rather than to be appearing on the Wall Street front page or have been hacked. They say there are two kinds of companies. 50% claim that they have been hacked. 50% know they just don't admit it. That's all. >> Alright, very good. Well Ajay thanks for stopping by and congrats on a great show. >> My pleasure, thanks Jeff. Thank you very much. >> He's Ajay Gupta, I'm Jeff Frick. You're watching theCUBE from RSA conference in downtown San Francisco. Thanks for watching. (upbeat music)