absolutely I think if I were to net it out Jeff what I'm sensing is there is a whole movement to shift security left which is this whole idea of IT stepping up as the first line of defense reduce cyber exposure take care of patching multi-factor authentication reduce their tax surface intrinsic security right so you know DevOps active ops take care of it right up front with all the apps even get built right then there is another movement to shift things right which is take care of the new new aspects of the attack surface right what the hackers always take advantage of of other areas where in a sense we are unprepared and for a long time they've seen us being unprepared in terms of reducing the attack surface and then they go after the new aspects of the tak surface and what are those IT I ot ot data as as an attack surface and the edge right so so these are areas where there's a lot of activity a lot of innovation you know on the on the air on the floor here if you walk the corners shifting left shifting right as in all the new aspects of the tax F is I'm seeing a lot of conversations a lot of innovation in that area I think it also boils down to real-world examples we've been really understand the demographics that we're working for I think today it's the first time really in history that we have four generations working side-by-side in the workforce so we have to understand that people learn differently training should be adjusted to the type of people that we're teaching but phishing doesn't just oil down to clicking on links phishing teaches also it boils down to tricking somebody getting someone's trust and it can come in different forms for example think of social media how do people connect we're connecting across social media on many different platforms I'll give a very easy example LinkedIn LinkedIn is for business have form we're all connected on LinkedIn why we connect on LinkedIn because that's a social platform that people feel safe on because we're able to connect to each other in a business form I want to think of the person who's getting the first job with an organization their first job in maybe their project manager and they're working for Bank a excited to be working for Bank a hey I'm gonna list all the projects I'm working for so here's now my resume on LinkedIn I'm working on project ABCD and this is my manager I report to perfect there's some information sitting there on LinkedIn now what else I will tell you is that you might have somebody who's looking to get into that Bank what will they do let's look for the lowest hanging fruit who this new project manager oh I see they're working on these projects and they're reporting in to someone well I'm not a project manager I'm a senior project manager from a competing bank I'm gonna befriend them and tell them that I'm really excited about the work they're doing here there's social engineering their way into their friendship into the good graces into their trust once done the video becomes a trusted source people share information freely so people are putting too much information out there on social trusting too easily opening the door for more than a phishing attack and things are just rapidly going out of control right so my co-founder and I both came from the world of being practitioners and we saw how limited the space wasn't actually changing human behavior I was given some animated powerpoints that use this to keep the Russians out of your Network which is a practical joke unless your job is on the line I took a huge step back and I said there are other fields that have figured this out behavioral science being one of them they use positive reinforcement gamification marketing and advertisement has figured out how to engage this human element just look around the RSA floor and there are so many learnings of how we make decisions as human beings that can be applied into changing people's behaviors and security so that's what we did adventure so this is my first early stage company we're still seeking series a we're a young company but our mantras we are the data value company so they have had this very robust analytics engine that goes into the heart of data I can track it and map it and make it beautiful and Along Came McNeely who actually sits on our board Oh does he and they said we need someone who's this week it's all happening so they asked Scott McNealy who is the craziest person in privacy and data that you know and he said oh my god get the done any woman so they got the den of a woman and that's what I do now so I'm taking this analytics value engine I'm pointing it to the board as I've always said Grace Hopper said data value and data risk has to be on the corporate balance sheet and so that's what we're building is a data balance sheet for everyone to use to actually value data for me it starts with technology that takes look we've only got so many security practitioners in the company actually defend your email example we've got to defend every user from those kinds of problems and so how do I find technology solutions that help take that load off the security practitioners so they can focus on the niche examples that are really really well-crafted emails and and and help take that load off the user because users just you're not going to be able to handle that right it's not fair to ask them and like you said it was just poorly timed that helps protect it so how do we help make sure that we're taking that technology load off identify the threats in advance and and protect them and so I think one of the biggest things that Chris and I talk a lot about is how do our solutions help make it easier for people to secure themselves instead of just providing only a technology technology advantage so the virtual analyst is able to sit on premises so it's localized learning collector has to understand the nature of those strats collect to be able to look at the needles of the needles if you will make sense of that and then automatically generate reports based off of that right so it's really an assist tool that a network in min or a security analyst was able to pick up and virtually save hours and hours of time so we have this we call it a thread research group within the company and their job is to take all the data from the sensors we have I mean we have we look at about 25 petabytes of data every day all our solutions are cloud solutions as well as on forum so we get the benefit of basically seeing all the data's that are hitting our customers every day I mean we block about 1 million attacks every minutes like every minute 1 billion attacks every minute minute right we protect over 3 million databases and you know we've mitigated some of the largest DDoS attacks that's ever been reported so we have a lot of date right that we're seen and the interesting thing is that you're right we are having to always we're using that threat research data to see what's happening how the threat landscape is changing therefore guiding us on how we need to augment and add to our products to prevent that but interestingly we're also consuming AI and machine learning as well on our products because we're able to use those solutions to actually do a lot of attack analytics and do a lot of predictive and research for our customers that can kind of guide them about you know where things are happening because what's happening is that before a lot of the tacks were just sort of fast and furious now we're seeing a pattern towards snow snow and continuous if that makes sense we're seeing all these patterns and threats coming in so we're fighting against those technologies like AI Barossa using those technologies to help us soon you know decide where we need to continue to add capabilities to stop it you know the whole bad box thing wasn't a problem right a number of years ago and so it's it's ever-changing your world which frankly speaking makes it an interesting place to be yes who wants to be in a static in a boring place right well I mean we do you're a good package or a bad package you have to traverse the network to be interesting we've all you know put our phones in airplane mode at blackhat or events like that but we don't want to be on it they're really boring when they're offline but they're also really boring too attackers when they're offline as soon as you turn them on you have a problem or could have a problem but as things traverse the network what better place to see who and what's on your network and on the gear and end of the day we're able to provide that visibility we're able to provide that enforcement so as you mentioned 2020 is now the year of awareness for us so the threat aware network we're able to do things like look at encrypted traffic do heuristics and analysis to figure out should that even be on my network because as you bring it into a network and you have to decrypt it a there's privacy concerns of that in these times but also it's computationally expensive to do that so it becomes a challenge from a both a financial perspective as well as a compliance perspective so we're helping solve s even kind of offset that traffic and be able to ensure your network secure so when we started developing our cyber recovery solution about five years ago we used the NIST cybersecurity framework which is a very well known standard that defines really five pillars of how organizations can think about building a cyber resilience strategy a cyber resilience strategy really encompasses everything from perimeter threat detection and response all the way through incident response after an attack and everything that happens in between protecting the data and recovering the data right and critical systems so I think of cyber resilience is that holistic strategy of protecting an organization and its data from a cyberattack yeah I think the human element is the hardest part you know in mind of this conference and its theme the human element the hardest part about this job is that it's not just mechanical issues and routing issues and networking issues but is about dealing with all types of humans innocent humans that do strange and bad things unknowingly and it's in malicious people who do very bad things that is by design and so the research suggests that no matter what we do in security awareness training some four percent of our employee base will continually bail security awareness that's what we fished and actively and so one of the things that we need to do is use automation and intelligence so that you can comb through all of that data and make a better informed decision about what risks are going to mitigate right and for this four percent are habitually abusing the system and can't be retrained well you can isolate them right and make sure that they're separated and then they're not able to to do things that may harm the organization you

>> Live from San Francisco, it's theCUBE, covering RSA Conference 2019. Brought to you by Forescout. >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at RSA Conference in North America. The brand new reopened Moscone Center. They finally finished the remodel, which we're excited about, in the Forescout booth, and excited to have a returning Cube alum, I think we had him on last year at RSA, Dr. Chase Cunningham, principle analyst security and risk for Forester. >> Hey. >> Chase, great to see you again. >> Thanks for having me. >> So what's happened in the last year, since we last saw you? I'm sure you've been keeping busy, and running down lots of ... >> Yeah well, >> Crazy risk. >> It's been really pushing the sort of strategy set around zero trust. I mean if you look around the show floor, you can't go 75 feet without seeing somebody that's got zero trust on a booth, or hear it from somebody, so it's been really pushing that narrative and trying to get people to understand what we're talking about with it. >> And it's really important because it's a very different way of thinking about the world. >> Yeah. >> And you guys have been talking about it for a while. >> For a decade, basically. >> Right. >> Yeah. >> And then we've got all these new complexity that's thrown in that weren't there a decade ago. You've got IOT, you got OT, and then you've got hybrid cloud, right? 'cause everyone, well there's public cloud, but most big enterprises have some in the public cloud, some on their data center. So you've got these crazy hybrid environments; so how are you kind of adjusting the zero trust game, based on some of these new complexities? So really we flip the script a little bit and said, "Okay, if we were to try and fix this from the start, "where would we start?" And we'd obviously start around taking care of the the largest swath and sort of compromise area, which would probably start with users, followed closely by devices, because if we can take care of those two pieces, we can actually gain some ground and work our way going forward. If you've heard a lot of the stuff around micro-segmentation, our sort of approach to micro-segmentation means micro-segment everything. We mean users, accounts, devices, IOT, OT, wired, unwired, whatever it is, if you can apply control to it, and you can segment it away to gain ground, segment it. >> So how do you deal with the micro-segmentation? Because ultimately you could segment down to one, and then you haven't really accomplished much, right? >> Right, a network of one is no good, yeah. >> Exactly; so when you think about micro-segmentation architectures, how are you creating buckets? What are your logical buckets that you're putting things in? >> So really it should be based on the function that you're trying to allow to occur. If you look at the way we architected networks for the last 20-something years it's been around sort of use writ-large. What we're talking about micro-segmentation is, if I'm micro-segmenting devices, those devices should live in a micro-segment where devices do device stuff, and you can keep control of that, and you can see what's coming and leaving. Users should be segmented that way, networks, all of it should be built around function, rather than inter-operability. Inter-operability is a result of good micro-segmentation, not the other way around. >> Right, and that's interesting you say that, we're obviously, we're in the Forescout Booth, >> Yeah. >> and a big piece of what they're talking about is, identifying these devices, but then basically restricting their behavior to what they should be doing. So really following along in your zero trust philosophy. >> Well I said it last year, I'll say the same thing again, a key piece of this whole thing is knowing what's supposed to be occurring and being able to control it, and then respond to it. It's not really that we've changed the evolution of this whole thing, we've just looked at it a little more pragmatically, and applying fixes where you can actually start gaining ground. >> Right, and applying the fixes at all different points in the spectrum, as opposed to just trying to create that big giant wall and a moat. >> Well yeah, moving away from the perimeter model, like the perimeter model has categorically failed. Everyone around here seems to understand that that's a reality; and we're not saying you shouldn't have your defenses up, but your defenses should be much more granular and much more focused on the realities of what enables the business. >> Right, so I'm just curious to get your perspective, you've been doing this for a while, as you walk around the show floor here, and see so many vendors, and so many products, and so many solutions, and so many bright shiny objects; how do you make sense of it? How do you help you customers make sense of it? Because it's not a simple space, and I always just think of the poor CSO's, sitting there like "How am I supposed to absorb, "even just the inbound information "about knowing what's going on," much less get to the point of doing evaluation and making purchase decision and making implementation decision. >> So one of the things that we've been really pushing forward with is using virtualization solutions to build architectures, not PowerPoints, not drawing stuff on a whiteboard, like actually using virtualization to build virtual architectures, and test and design there. It's actually very similar to the way that we write applications, you iterate; you don't write an app and release it, and think you got it right and you're done, you write pieces of code, build the app, you iterate, you move on, because of virtualization, we can do the same thing with security tooling and with networks. So one of our major initiatives is pushing that capability set to our customers to say, "This is how you get there, and you design, "and then you build, and then you deploy," rather than, "Deploy it and hope you got it right." >> And know that it's not going to be right the first time you buy it, right? You just got to write a check and the problem goes away. >> And it's much better if you screw something up virtually to just nuke it and start over, than if you try and do it with a bunch of hardware that you can't actually rip and replace. >> That's interesting, right? 'Cause the digital twin concept has been around in the OT space for a long time. We talk to GE all the time and digital twin in terms of modeling behavior, and a turbine engine is something they've been talking about forever. At a healthcare conference they're talking about digital twinning people, which I thought was pretty interesting. >> Kind of creepy, but yeah >> Kind of creepy, but then you think, "Okay, so I can, "I can test medications, I can do these things," and to your point, if I screw it up, I'm screwing up the twin, I'm not necessarily screwing up the real thing. And you talked about in your last blog post, starting to create some of these environments and architectures to help people do some of this exploration. >> Yeah we launched our first one here at RSA on Tuesday night, we actually put out our own Forester branded virtual reference architecture; and the good thing is is the way that we're approaching it, we can actually have our clients build their own semblance of this, because something everybody forgets is, this is one of the few places where there are snowflakes, right? Everyone has their own individual build, so being able to have yours that you build, maybe different from mine, even though we both line with a strategic concept like zero trust. >> Right. >> So, we're building a library of those. >> So is the go to market on that that you've got an innovations space, and people do it within there? Or are you giving them the tools to build it on PRIM, how's the execution of it? >> So really it's about, we've published a lot of research that says, "This is the way to do it;" now we've got this platform and the capability to say, "This is where you can do it;" and then allowing them to go in there and follow that research to actually design and build it and see that it's actually do-able. >> Right, right; so as you're looking forward, 2019, I can't believe the calendar's flipped already to March. Crazy ... What are your top priorities? What're you working on as you go forward this calendar year? >> It's mostly about ground truth sort of use cases on this adoption of zero trust across the industry; and really getting people to understand that this is something that can be done. So we have write-ups going on customers that have deployed zero trust solutions; and sort of how they did it, why they did it, where they got benefit from, where they're going with it, because we remind people all the time that this a journey. This is not something I wake up in the morning, build a zero trust network, and walk away. This is multi-year in some cases. >> Well it's going multi-year forever right? Because the threats keep changing; and the thing I find really fascinating is that the value of what they're attacking is changing dramatically, right? It used to be maybe I just wanted to do some, crazy little hacks, or change a grade, maybe steal some money from your bank account; but now with some of the political stuff, and the state-sponsored stuff, there's a lot more complex and softer nuance information they the want to get for much softer nuanced objectives, so you're going to have to continue to reevaluate what needs to be locked in tighter and what needs to be less locked up, because you can't lock it all up to the same degree. >> Right, and it's really something that we remind our customers a lot on, that security is being done by the majority of organizations not because they actually want to do security, it's because security makes the customers have more faith and trust in you, they buy more stuff, your revenue goes up, and everyone benefits. >> Right. >> You know, some of these large organizations, they don't have SOC's and do security operations 'cause they want to be a security company, they're a company that has to do security to get more customers. >> Right, have they figured that out yet? The trust thing is such a big deal, and the Big Tech backlash that we're seeing that's going on. >> I had thought that they would have figure it out, but it comes up all the time, and you have to really wrap people's head around that you're not doing security because you think security is cool, or you need to do it, it's to get more customers to grow the business. This is a business enabler, not a tangential business thing. >> Right, it's such a high percentage of the interaction between a company and it's customers, or a company and it's suppliers, is electronic now anyway, whether it's via web browser or an API call, It's such an important piece 'cause that is the way people interact with companies now. They're not going to the bank branch too often. >> With the growth of GDPR and privacy and things like that, companies are being mandated by their clients, by their customers to be able to say, "How do you secure me?" And the business had better be able to answer that. >> Right right, but hopefully they're not, to your point, I thought you were going to say they're doing it for the compliance, but it's a lot more than just compliance, you shouldn't be doing it just for the compliance. >> Yeah, I mean I stand on the compliance is kind of a failed approach. If you chase compliance you will just be compliant. If you actually do security with a strategy in place you will achieve compliance; and that's the difference most people have to wrap their head around, but compliance is something you do, not something you strive to be. >> Love it, well Chase thanks for stopping by and sharing your insight and a lot of good work. Love keeping track of it, keeping an eye on the blog. >> Great, thanks for having me. >> All right, he's Chase, I'm Jeff, you're watching theCUBE, we're at the RSA conference in the Forescout Booth, thanks for watching, we'll see you next time. (low techno music)

(upbeat music) >> Hey welcome back everybody, Jeff Frick here with theCUBE. We are live at Moscone Center at the RSA Convention. 40,000 security professionals are here, talking about security. This thing grows every single year. We're happy to be here and excited for our next guest, Ajay Gupta. He's the Global Director, Product Marketing and Management from Huawei. Welcome. >> Oh thank you, Jeff. Pleasure to be here. Thanks for your time. >> Absolutely, so you've been coming here for years. You laughed at me when I asked how long you've been coming here. >> Oh it's been ages, you can look at me and you can imagine. >> No, look, all hairs still dark. >> Oh come on, you're being too nice to me. >> So what's really changed, as you've been coming for years. Kind of at a global perspective? >> Yeah, yeah I think we've seen the nature of security change, the nature of threats change. The different companies have changed actually over the years. The crowd has gone up and swelled like 40,000 you mentioned. So, we really think this show has really become the gold standard for the trade shows when it comes to security. We weren't there at RSA but last few years we have made it a point to be here every year to talk to the customers here. >> Yeah. >> And you meet all the people from all over the world. That's the best part, customers, partners, everybody. >> It's interesting because a big part of the theme here is collaboration and ecosystem. And nobody can do it alone. Everyone covers different pieces of the puzzle. I know you guys are trying to grow your ecosystem. What does ecosystem mean to Huawei? >> Absolutely. I think we do believe from a security perspective no single vendor can offer the best of the breach security to their customers. We really need partners, the ecosystem. Huawei has something called being integrated. That is, bringing the partners onboard to offer different pieces of the puzzle. In fact it's a good point to mention. We are announcing two announcements this morning actually. The first one what we'll talk about is Avira. It's the best AV engine company in Germany. Huawei really recognizes the importance of the AV. So we are bringing their AV engine on the Huawei's next generation firewall. It really brings two things. Performance and accuracy. That's what people need from a AV point of view. The second announcement we're going to make really is what's called the Huawei USG9000V. It's a security gateway actually. So as the cloud's proliferation, as people are moving to the cloud, as people are using more and more SAS applications, you're going to see lot more security building from the cloud perspective. Our USG9000V is actually the perfect gateway to combat the security threats in the cloud. So virtual data centers, the cloud data centers, the OTT's, we really bring all the different kinds of security in the USG9000V. The announcement we are making is really an upgraded version of the existing security appliance that we call 6000V. Again, it's a software security. Works with different VMs whether it's KVM, whether it's zen, whether MS6. Huawei's own virtual system. Huawei's FushionSphere. The performance is in terabit so you can actually go in and read some of the specs from the Huawei's perspective. One of the best of the V products for virtual security. >> Right. And the cloud's changed everything, right? So many applications are delivered via the cloud now. And even if it's not a cloud and it's an internal cloud people want the flexibility of cloud. They want to scalability of cloud. They really want the way the cloud works for them to deliver the applications to their customers and their employees. >> Definitely. So three things I'm going to mention here from a cloud perspective. What people are looking for from a cloud security perspective is on demand. How do you scale in, scale out as the demands of the bandwidth goes up. You got to make sure your network security is able to keep up with that demand. People are looking for visibility. You've got this multitude of appliances, boxes, cloud boxes, cloud security all over the place. How do you make sense out of it? How do you really bring all of those thresholds, all of those unloads come together into the form of CIO or CSO can really understand. >> Right. >> And the last thing I'm going to make it easy to configure. PLug and play. Some of the automation feature. Automation people are starting to move in the security but you got to be careful when you bring automation from a security perspective. You need to automate task that are not that mission critical. But as we more and more trust, you're going to see more security automation in the industry. >> Yeah. Because when it's cloud it just needs to work, right. Everybody just expects, I can add more capacity, I can spin it down. And it just needs to work. It's somebody else's problem, it's somebody else's data center. >> I don't know what's going on behind the scenes, I just know it works. >> Yeah. >> I pick up my phone, it's going to kick. That's exactly the concept of security. But you got to be really careful when it comes to security because you got to make sure that when, suppose the positive threats and positive and negative threats actually. How do you combat and make sure you automate from the positive point of view and not from a negative point of view. >> But there's one thing that hasn't changed, cloud or no cloud. And they talked about it in the keynote and that great line was every company has at least one person that will click on anything. (laughs) >> Oh, I love it. I love it actually. >> How do we get past, I mean, they're still getting the email from the African king who needs some dollar >> Nigeria, Nigeria >> For Nigeria. >> Let me put I this way. I would say hackers are getting smarter and smarter. How do you keep up with the threats from the hackers who are one step ahead of you. How do you really combat threats, unknown threats, in the future? So I think things we have seen in 2016, the phishing attacks are back on the rise actually. Always do you see Ransomware. Form the point of Ransomware I should mention there's something called par pon ton from Ransomware that I'm going to let you off the hook if you infect two other computers actually. I don't need the money from you. So hackers are coming with those innovations to really go and hack more people actually. You seen what happened with the collected costs. Chrysler had a recall on 1.4 million vehicles in the past. Do you see what's happened with the camera, the surveillance camera. So I think two things we really need to watch out in 2017. One is Ransomware and the number two thing which is extremely, extremely important is industrial IOT actually. >> Absolutely. >> As the sensors get deployed more and more around the world you've got to make sure those sensors are able to keep up with the threat, it's not easy. So what Huawei provides to the table is really end to end security. Two things in security; multi-layered security and security indifference. Those are the principles from the bottom, not from the top down. >> Right. It's funny, the funniest, it's not funny really. The Ransomware story was fake Ransomware. I didn't really put Ransomware on your machine I just told you that I did so go ahead and pay me anyway. And the other thought is really the ability for them to build a business because of Bitcoin as a way to collect anonymous money from people. That enabled a rise in the escalation in Ransomware. It's a complicated world. They give you the last take as people drive away, leave RSA 2017, really what should be the top of mind as they think about what's going to happen and what we'll be talking about when we come back a year from now? >> I think two things I would really suggest people to really take away from the RSA this year. First of all, what's happening in the industry? What's happening in the market? Keep updated with the latest threat. See what vendors had a very comprehensive solution from an end to end perspective. Really go do their own research, making sure that security is not an after thought. Security it needs to be proactive. Security needs to be built up from ground up. Don't regard security as something secondary actually. As long as people put premium on security, that's going to save their face rather than to be appearing on the Wall Street front page or have been hacked. They say there are two kinds of companies. 50% claim that they have been hacked. 50% know they just don't admit it. That's all. >> Alright, very good. Well Ajay thanks for stopping by and congrats on a great show. >> My pleasure, thanks Jeff. Thank you very much. >> He's Ajay Gupta, I'm Jeff Frick. You're watching theCUBE from RSA conference in downtown San Francisco. Thanks for watching. (upbeat music)

(upbeat techno music) (upbeat techno music) >> Hey welcome back everybody, Jeff Frick here with the Cube, We're in downtown, San Francisco at the RSA Conference. It's like 40,000 people, security people, talking about security. It's a new age in security, with all the things that happened with the election, and all types of interesting phishing attacks, and a lot of professionals here trying to stop the problem. So we're excited to be joined by our next guest, Ian Foo. He's the Director of Product Marketing from Hauwei, Ian welcome. >> Thank you, thank you Jeff, it's good to be here. Glad to join everyone here, it's pretty exciting, very busy. >> Yeah, it's very busy. >> Yep we're here showing what Hauwei has to offer in the market, and what we're highlighting this year at RSA. There are three main areas that we're trying to bring attention to. One of those is the latest in terms of our functional capabilities and offerings in our network security portfolio. So our network security devices. The other is what we're doing in our ecosystem partnership. We're expanding our partnerships, trying to build an ecosystem with industry leading partners. So it'll be well to bring better value to the end users and to our customers. And the third is what we're offering in terms of new platforms and capabilities in technologies, in our innovation in cloud infrastructure security. Helping cloud providers or enterprisers add security to their private cloud, or their cloud service infrastructure. >> Alright so let's unpack those a little bit. >> Sure. >> So the first one is really the cloud. >> Ian: Yes. >> You know, ovbiously with the rise of AWS really driving public cloud. >> [Ian} Yep. >> There's no longer a question and apps like Sales Force. >> Ian: Right. The enterprise is pretty comfortable with cloud. >> Ian: Right. >> How has that really changed your world from a security perspective, supporting public cloud providers? >> Ian: Yep. >> Private cloud providers, and then of course hybrid cloud inside the enterprise that still want to deliver kind of cloud agility, cloud flexibility? Right, so it's actually changed the landscape in quite a few ways. When we move from traditional security within the enterprise, and expand that to cloud service providers, and enterprisers trying to build private cloud, we're looking at a few things that have evolved. We're looking at scale, first and foremost. That's the one that pops into most people's mind. Now, especially in a cloud service provider environment, we're providing services to potentially thousands of customers. Scale reliability, availability becomes critical. Those are areas that we've traditionally excelled in. But what's evolving is the way threats are addressed and recognized, and the way policy is pushed within those environments. So for their customers, cloud service providers are looking for ways to be able to provide policy capabilities that match what the enterpriser is used to in their environment. So we tried to build the technologies and tools that enable cloud service providers to do exactly that. >> Right. >> Provide enterprise class-compliant security capabilities, defense against DDoS attacks within their cloud infrastructure for those enterprisers. >> Yeah it's interesting in the keynote, they talked about every company has at least one person that will click on anything. >> Ian: Right. >> Right. And they also talked about kind of the increased attack area of people's homes. >> Ian: Right. >> Because a lot more people now work from homes. >> Ian: Correct. >> Right? They're accessing the corporate networks. >> Ian: Yep. >> The corporate application. >> That's right. >> From their home, from the coffee shop on their phone. >> Absolutely. >> So that's changed the... >> From their cars. >> The landscape quite a bit. >> Right from yeah... >> And not to mention the cars. >> Yeah so that absolutely has. Again it goes back to what I mentioned earlier. Scale, so now we're looking at a widened threat base, or a widened threat surface, if you will. Especially when it comes to not just consumers, from mobile devices, home access, but now IoT. And when we expand IoT to both, to the industrial Iot as well as consumer Iot, what we're seeing is many more entrance points into what we consider the enterprise space. >> Right. >> And so now securing all of those points of presence, and applying a multi-layered approach to security, becomes much more complicated. And that's where we try to develop the technologies and innovations driven by our customers to help them solve those problems. >> Right, which also kind of drives into one of your other points, is ecosystem. >> Ian: Right. >> Right so we cover a lot of tech shows. >> Ian: Absolutely. >> We got 100 shows a year. And everyone is trying to build an ecosystem because you can't just do it alone. >> Ian: That's right. >> And one of the big themes that came out again, out of the keynote, is this idea of yes we compete, yes there's 40,000 people here. I don't even know how many companies, but we compete on different places. But if we share bad guy information... >> Ian: That's correct. >> ...Effectively, efficiently, it helps us all out in keeping our customers safe. >> Absolutely, absolutely so it's all about ecosystems, because, I think, for a true multi-layered approach, multi-perspective approach to security, it's all about teamwork. Right and as you said, we cant be an expert at everything. We have to recognize, each vendor has to recognize where they're strengths lie, where their fortes are, where their expertise is, and then partner to complement that to provide that multi-layered approach that the end user is looking for. >> Right. >> And that's what we're trying to do. Here we have announced quite a few partnerships. We have aligned with notable names in the industry. Such as, Intel-McAfee, Avira, AlgoSec, and we're working with companies like FireMon, to help build that ecosystem partnership to create that team effect. >> Right >> In providing multi-layered approach, best in breed, multi-layered approach to security in the enterprise. >> Interesting this morning I don't know if that was breaking news, or I just was behind the news, that McAfee is actually going to spin out of Intel and be a wholly-owned company. >> Yeah I heard a little bit about that. Yeah, it's interesting, it's a very dynamic industry. It constantly changes, ongoing here and there. >> Right. That can be great, it allows people to focus in certain ways. But yeah, not surprising there is constant changes in this industry. >> Right, but then the one thing that's stayed the same but is still growing in importance even with cloud, you still have the enterprise data center. >> Ian: Absolutely. Right and those things continue to grow and are very, very important. >> Right. >> And there's just a lot of stuff that's not going to make it to cloud. So how have you seen kind of the enterprise data center kind of situation change? >> Ian: Yep. >> With these new threats, with clouds, with hybrid? >> Right, well so what we're seeing, especially in the enterprise data center is, we're seeing an evolution from traditional fireball security, which is still necessary. But we're seeing that, the attacks and the access points are becoming more sophisticated. We're seeing progression in ransomware and advanced persistent threats. It goes back to what you said before, a component is that there's always going to be that guy that clicks on anything. >> Right. >> And it could, who knows that thing could be? So what we're seeing there is an evolution of security and awareness to the point of customers asking for awareness to applications, to files, to contents. So to that notion, some of the things we're announcing here and sharing with our customers and potential customers, our technologies to help prevent ransomware, our platform like our Firehunter, a sandboxing technology, which provides defenses against advanced persistent threats, as well inline, streaming-based, security capabilities, where we partnered for example with Avira. We complement our network-based security, for streaming inspection of files and contents and streams. We complement that with their abilities in malware and signature-based recognition, to provide a multi-layered, comprehensive approach to dealing with the new types of security threats we're seeing. >> Right, so Ian you been comin to the show for awhile, you've been in the industry for long time. >> Ian: Yep, it's been a bit. >> There's 40,000 people, what's kind of your take, kind of take it a step back from the specifics, >> Ian: Right. >> Like kind of the evolution of the security industry I think... >> Ian: Yep. >> One of the stats I heard the other day is like, 1.5% of the IT spend was for security. Now that's up to like five or ten. >> Ian: Right, right. >> It's growing in importance, but the technology out in front of the security is just rockin and rollin. >> Ian: Right. >> And IoT and 5G is just the next kind of big wave comin. >> Correct >> So, what's kind of your perspective as you look back and kind of look forward? >> Well it's obvious, it's very obvious, from just the numbers you sharing that, rather than be peripheral to the business, security is now core to the business. Instead of just supporting business, it's become a key piece to being able to deliver business reliably. And I think that enterprisers have recognized that. What's happening is that we're seeing an acceleration in the evolution of threats, in the entrance vectors in the various areas. Because of the adoption rate and snowballing effect that we're seeing in technology in general. And I think that security has become better at trying to keep up with that pace, rather than falling behind the curve as we have in the past. Mainly because enterprisers recognized the relevance and importance of it. So we're no longer selling insurance, when we sell security, we're selling business-enabling value, and how we protect brand recognition and brand capabilities for our end users and customers. >> It's a whole nother kettle a fish. >> Ian: Right. >> That we don't have time to get into right now but we went to a presentation last night about the whole insurance angle on... >> Ian: Right. >> On security, which is, like I said, is a whole different kettle a fish. We'll save that for next time so Ian... >> Sounds good. >> Thanks for stoppin by. >> Great well thanks for having us. Great being here with you and enjoy the show. >> Absolutely, he's Ian Foo, I'm Jeff Frick, you're watching The Cube from RSA Conference in San Franciso. (quiet techno music) (upbeat techno music) (upbeat techno music)

(upbeat electronic music) >> Hey, welcome back everybody. Jeff Frick here with theCUBE. We are live in downtown San Francisco, Moscone Center at the RSA conference. It's one of the biggest conferences, I think after like Salesforce and Oracle that they have in Moscone on the tech scene. Over 40,000 professionals here talking about security, I think it was 34,000 last year. It's so busy they can't find a space for theCUBE, so we just have to make our way in. We're really excited by our next guest, Ted Julian from IBM Resistance, Resilience, excuse me. >> Thank you, it's alright. >> And you are the co-founder of VP Product Management. >> That's right. >> Welcome. >> Thanks, good to be here Jeff, thanks. >> And you said IBM actually purchased a company, >> Ted: A year ago. >> A year ago. So happy anniversary. >> Ted: Yeah, thanks. >> So how is that going? >> It's great. Business is really going well, it's been thrilling to get our product in place and a lot more customers and really see it help make a difference for them. >> Yeah we, Jesse Proudman is a many time CUBE alumni, his company is Blue Box, also bought by IBM. >> Ted: Yes. >> A little while ago, also had a really good experience of, kind of bringing all that horse power. >> They know what they are doing. >> To what his situation was. So let's jump into it. >> Sure. >> Security, it's kind of a dark and ominous keynote this morning. The attack's surface is growing with our homes and IOT. The bad guys are getting smarter, the governments are getting involved, there's just not necessarily bad guys. What's kind of your perspective as you see it year after year acquisition? 40,000 professionals here focused on this problem. >> We are not winning. >> We are not winning? >> Unfortunately, I mean, I guess as a species. Again, what is it? We saw a survey recently from the Ponemon Institute. 70% of organizations acknowledge they didn't have an incident response plan. So you talk about that stuff in the keynote where sort of a breach was inevitable. What are you going to do? Well the thing you'd need to have is a response plan to deal with it, and 70% don't. Cost of a breach also, according to Ponemon Institute is up to $4 million on average, obviously they can be a lot larger than that. >> Right. >> So there's a lot of work to be done to do better. >> And then you hook up a new device, and they are on that new device as soon as it plugs into the internet. They say within an hour, they ran a test today. So is the, I mean where are we winning, Where are we getting better? I mean, I've heard crazy stats that people don't even know they've been breached for like 245 days. >> Ted: Yeah. >> Is that coming down? Are we getting better? >> Certainly the best in the business are, and really the challenge I think as an industry is to percolate that down through the rest of the marketplace. Everybody is going to be breached, so it's not whether or not you are breached, it's how you deal with it come the day, that's really going to differentiate the good organizations from the bad ones. And that's where we've been able to help our customers quite a bit by using our platform to help them get a consistence and repeatable process for how they deal with that inevitable breach when it happens. >> That's interesting. So how much if it is you know kind of building a process for when these things happen versus just the cool, sexy technology that people like to talk about? >> Oh, it's everything. I mean one of the hottest trends that you're going to be seeing all over the show is automation and orchestration. Which is critically important as part of the sort of you get an alert and how do you enrich that to understand that, once you understand that how can you quickly come to sort of a course of action that you want to take. How can you implement that course of action very efficiently? Those things are all important. Computers can help a lot with that but at the end of the day it's smart people making good decisions that are going to be the success factor that determines how well you do. >> Right, right. Another kind of theme that we are hearing over and over is really collaboration amongst the companies amongst the competitors, sharing information about the threat profiles, about the threats that are coming in to kind of enable everybody to actually kind of be on the same team. That didn't always used to be the case, was it? >> Well, people have been working on this for a while but I think what's been a challenge is getting people to feel comfortable contributing their data into that data set. Naturally they are very sensitive about that, right? >> Right. >> This is some of our most confidential information that we've had a security issue and we're really not you know, dying to give that out to the general public. And so I think it's been, the industry's been trying to figure out how can we show enough value back when that information's contributed to some kind of a forum to make people feel more comfortable about doing that? So I think we've seen a little bit of progress over this last year and they'll be more going forward, but this is a, It's marathon not a sprint, I think to solve that problem. But, it is crucial because if we can get to that point that's what ultimately allows us to turn the tables on the bad guys. Because they cooperate, big time, they are sharing vulnerabilities, they are sharing tactics, they are sharing information about targets, and it's only when the good guys similarly share what they're experiencing that we'll have that opportunity to turn the table on them. >> It's funny we had a Verizon thing the other night and the guy said if you are from the investigator point of view, it's probably like a police investigator. They see the same pattern over and over and over and over and over it's only when it's the first time it's happen to you that's it's unique and different. So really the way to kind of short-circuit the whole response. >> How do you find out you've been breached? There is short list. One, Brian Crebs, very famous reporter happens to find out, he tells you. Number two, FBI. >> They tell you. >> Unfortunately, that's usually, it's usually external sources like that as oppose to organization internal systems that tip them off to a breach. Another example of how we are doing better but we need to do a lot better. >> And then there's this whole thing coming up called IOT, right. And 5G and all these connected device in the home, our cars, our nest, So the attacks surface gets giant. Like I said, they said in the keynote, you plug something in the internet they are on it within an hour. How does that really change the way that you kind of think about the problem? >> It makes it a lot harder. The attack surface gets harder, gets bigger, the potential risks go up quite a bit, right. I mean you are talking about heart implants, or things like that which may have connectivity to some degree, then obviously the stakes are severe. But the thing that makes those devices even trickier is so often they're embedded systems, and so unlike your Windows PC's or your Mac where, I mean it's updating itself all the time. >> Right, right. >> And you barely even think about it, you turn it on one morning and there is a new update. A little harder to make those update happen on IOT kinds of devices, either because they're harder to get to or the system's aren't as open or people aren't use to allowing those updates to occur. So even though we may know about the vulnerabilities patching them up is even harder in an IOT environment typically than in a traditional. >> It's crazy. Alright, so give us a little update on Resilient. What exactly is do you guys do inside this crazy eco-system of protecting us all? >> Sure. So five or six years ago, myself and my co-founder John started the company and it was really was acknowledging that we've gone through the era of prevention, to detection and now it's all about response. And at the end of the day when organizations were trying to deal with that we saw them using ticketing systems, spreadsheet, email, chat I mean a mess. And so we built our platform, the Resilient IRP from the ground up specifically to help them tie together the people processing in technology around incident response. And that's gone amazing. I mean the growth that we've seen even before the IBM acquisition but afterwards has been breath taking. And more recently we been adding more and more intelligence in automation and orchestration into the platform, to help not only advise people what to do, which we've done forever, but help them do it, click a bottom and we'll deploy that patch or we'll revoke that user's privileges or what have you. >> Right. Yeah a lot of conversation about kind of evolution of big data, evolution of things like Sparks so that you know can react in real time as opposed to kind of looking back after the fact and then trying to go and sell something. >> For sure. And for us it's really empowering that human. It's either the enrichment activity where they'd normally go to 10 different screens, to look up different data about a malware thread or about vulnerabilities, we just spoon feed that to them right within the platforms so they don't have to have those 10 tabs opened in the browser. And after they'd had a chance to evaluate that, and they want to know what to do, again they don't have to go to another tool and make that action happen, they can as click a button within Resilient and we'll do that for them. >> Alright. Ted Julian, we are rooting for you. >> Ted: Thanks, yeah. >> IBM, give him some more recourses. He's Ted Julian and I'm Jeff Frick. You're watching theCUBE at RSA Conference 2017, at Moscone Center, San Francisco. Thanks for watching.

(upbeat music) >> Hey welcome back everybody, Jeff Frick here with theCUBE. We are live in downtown San Francisco at the RSA conference, RSAC is the hashtag. 40,000 security professionals talking about how to keep us all safe from the bad guys out there and we're excited to be joined by a long time industry veteran, Tom Corn. He's the SVP Security Products from VMware. Tom, welcome. >> Thank you. >> So you've been coming to this show for a while? You've been in the business >> Five years. >> For a while. >> Yes. >> What's kind of your take on the vibe of how this this industry is changing? >> You know it's funny the thing that strikes me when you come to the RSA Conference is at once, how big the industry is and how small the industry is, right? Massive amount of people and it's incredible you walk through the floor if you've been around the industry for any amount of time. How many people you actually you know. It's a small world and a very small community. >> 'Cause they're all here. >> Yeah. >> All 40,000 of them are here. >> They are. They are. >> So big thing that's changed over the last couple of years is Cloud, right? >> Yes. >> And the adoption of cloud in really AWS kind of drive in the public Cloud piece and Salesforce really driving kind of the-- I'm happy with an enterprise application for a Cloudbase application. That wasn't the way before. So how has kind of Cloud impacted the way you think about security? >> Well, I think most of the dialog in Cloud has been how do we secure the Cloud? And I think that's a very valid set of questions in any environment. How am I going to secure this environment? I think the interesting thing that hasn't been talked about as much is is there a way to use the unique properties of the Cloud to secure things? Right? We look to the Cloud and we say, there's all these interesting unique properties automation, a single fabric across a virtualization layer in between applications that are sitting above and the infrastructure, the below. There isn't a lot of dialog until the last maybe year or so in could we use the Cloud and could we use virtualization to secure things? And I think that's actually an enormous opportunity and I'll tell you why. I think that one of the biggest gaps we have in security now is actually an architectural one, right? We're trying to protect applications and data. We're doing it by putting controls of products from around this show floor on machines and on network links. >> Right. >> Right? And those are not the same thing. Aligning controls to the infrastructure is not helping us align them to the applications and data we're trying to protect. And there's, I think, an enormous opportunity to leverage Cloud and virtualization which is actually a translation layer between the two. To really solve this problem in a very very meaningful way. >> So if I'm hearing you right, it's really virtualizing the protection of the data, virtualizing the protection of the-- I don't know if even devices is the right word, right? 'Cause you want to virtualize the devices. You're not really protecting devices. You're protecting the image of a device, I guess. >> Yeah, it's actually allowing us to create, for example, logical boundaries around critical applications and critical data to allow us to align controls to the thing we're protecting. And that's the whole idea behind, for example, micro segmentation which is a very very big move today. This is maybe the best analogy I've heard so far which is-- >> Okay. >> If you think of a data center as a city, when we used to have monolithic stack applications, it was kind of like having an entire application in a skyscraper and it was the only tenant, right? And when you have that, the front of that building, no one in the city could touch any part of that application without going through that door. So access policy was very simple and if I wanted to look at-- well, what looks weird here? If it look normal or weird, someone passing through this door or activity happening there, there's only one tenant. It was a very simple picture. Applications don't look like that. Applications are distributed systems. It's like-- >> Right, right. >> Parts of floors of different buildings in different parts of the city. We've lost-- >> And they're all API based too, right? They're all connected to one another. >> Right, absolutely, absolutely. So that, more than anything, has changed the equation making it despite the fantastic innovation we have across this show floor makes it very difficult for them to do the great job they're capable of doing which is we need somehow to put them in a position to focus 'em, to create a skyscraper, a virtual skyscraper if you will around these critical applications and data. That's one of the biggest opportunities of using the Cloud, of using virtualization to secure things and frankly, what a lot of this whole movement towards micro segmentation is doing. >> So what does that look like? Extending your skyscraper analogy. >> Yeah. >> If it was skyscraper before, what's it going to look like in the future? >> Well as an example, it's about saying this critical application, SAP or some, you know, 3rd gen application is composed of these pieces, these machines, these containers. It's about using the fabric, the overlay, the virtualization or Cloud fabric to create a logical boundary around those. A logical boundary that moves with it, that expands with it, that shrinks with it. If it changes Clouds, it moves with it and it allows you to then say, I want to take the products, whatever security products they want and align them around that boundary. I create a skyscraper again, not by changing my network, not by changing my servers but by creating sort of using just the virtualization layer to create that logical boundary and it's really it's having a really significant impact. It's one of the reasons, I think, as we look to the coming year, this notion of aligning security to applications and the notion of more security innovation coming out of not security companies but infrastructure players and Cloud players, I think it's going to be a thing we're going to see a lot of. >> Alright well I look forward to diggin' more into this because it's always a great innovation when you kind of turn the lens. >> Yeah. >> Right, and reshape the problem in a different-- from a different point of view and that's when you can really see some new opportunies but I know you got to get to your booth. (laughs) So he's Tom Corn. I'm Jeff Frick. You're theCUBE from RSA. Thanks for stopping by Tom. >> My pleasure. >> Alright. See you next time. (upbeat music) (inspirational music)

(sleek electronic music) >> Hey, welcome back, everybody. Jeff Frick here with the Cube at the RSA Conference in downtown San Francisco. And we got a really special guest that we grabbed out of the hallway, out of the airplanes, Tamara McCleary, the CEO of Thulium. She's the only person I know that goes to more conferences than me and Ray Wang together, I think. (laughs) Tamara, great to see you. >> Oh my goodness, it is so awesome to find you here! >> Absolutely. So, what do you think of the show? 40,000 people. >> It is absolutely bloody freaking crazy right now. And it is, the show has grown just immensely year after year. And there's so much going on. It's absolute craziness. In fact, it's so busy, I had hard time finding you. >> I know. (laughs) So do you feel more secure with all these fine professionals looking out for you? >> You know what? I actually think right here, right now, we are in the midst of geeks with capes. These are the new superheroes. My cybersecurity superheroes right here. >> Well I'm glad. Because the keynote was a little dark this morning. (laughs) John Lithgow got up there and basically said everything is going to fall apart, except for the heroes with capes that are going to keep our cars running, hospitals up, TV stations going, the lights on. >> Wait a minute, you're not suggesting that fear is being used as a motivator for cybersecurity, are you? >> Well, yeah, we don't want to get into that. I mean, the whole, you know, governments like to influence other government's elections. That's never happened before either. >> Well, you know, the other this is, it would be very scary if you didn't follow you on the Cube because you've got the cutting edge in the know information. >> That's right. We have all the tech-athletes like you. (laughs) >> A tech-athlete! So, what have you see so far? Who are you working for here? What have you kind of seen? What's the, uh, what's the vibe? >> Well I am here on a press pass, so I am covering and talking about what's going on here at the conference. And lots of new cool things that I'm interested in and that is, you know we're talking a lot about the internet of things, we're talking a lot about threats. And you're looking at AI, right? What's AI got to do with security? And what I find interesting is that we have to future forward into, all right, with this machine to machine, machines talking to machines. Machines really are going to be the new cyber attacker. Right? >> Right, right. >> So it's machines having to combat other machines who are posing cyber threats. So I think that's, I don't know. I really geek out on the futuristic stuff. So I'm very interested in seeing how companies are harnessing AI in the cybersecurity space. >> Right. Well we just had an instant guest said, you know, you can be a bad guy on AWS, launch your threat against a customer on AWS, and get paid through AWS. >> What? >> I mean, the whole thing happens inside of the cloud in Seattle. It's amazing. >> Wait a minute. That sounds like a show on Mr. Robot. Right, with Evil Corp! >> It could be. And that's before, no, then they flash to the nest, right? The dark shadow on the nest. >> Ooh! >> As they cut to commercial. (laughs) So what else you got going on this year? I mean, you are literally all over the place. We love to keep track of you on Twitter. We see your airplane pictures taking off and landing in cities all around the world. What do you have on the agenda? What's coming up next? >> Next is Mobile World Congress in Barcelona. >> In Barcelona? >> I'm really excited to be there. >> 'Cause 5G is all the rage, right? >> Yes. >> Big part of IOT. >> Yes, and there's going to be a lot of unveiling going on at Barcelona and I'm excited. >> Spanish ham, which is always good. (laughs) Olives. >> Are you going to be there? >> We are going to cover it from Palo Alto for the people that don't want to go on the airplane ride. So we're going to cover Mobile World Congress from the Palo Alto studio. It'll be kind of that follow the sun thing. You guys will cover it early in the morning, we'll pick up the coverage as you guys are out having good ham, red wine, and olives. >> So I got to remember that I shouldn't be tweeting you after a certain hour, because you're going to know. >> We'll definitely pick them up and retweet them. All right, Tamara, well, thanks. I know you're a busy lady. Thanks for taking a few minutes to stop by and say hi. >> Thank you. >> And find us in this big sea of people. >> Woo! Awesome! >> All right, she's Tamara McClearl. I'm Jeff Rick. And you're watching the Cube. Thanks for watching. (sleek electronic music) (upbeat electronic music)

(instrumental electronic music) (crowd) >> Hey welcome back everybody, Jeff Frick, here with The Cube. We are live in Moscone Center, with 40,000 security experts at the RSA Conference, the biggest conference of its size, and one of the biggest tech conferences in the industry, second maybe only to Salesforce and Oracle's. So, there's a lot people here, a lot of action-- >> Absolutely. >> We're excited to be joined by the president of RSA, Rohit Ghai. Welcome. >> Thank you. Thank you. >> So first thing, kind of impressions of the show, we were here briefly last year, this thing was 34,000. This year, they're saying it's 40. >> Forty thousand, yeah. Look, RSA has the great burden and privilege of bringing the cyber security community together, and it's a true testimonial to the caliber of the people that this year we are able to attract 40,000 people. We have almost 500 plus, 550-something, I believe vendors and exhibitors. And the level of the conversation, in terms of the CEOs from different countries, the CEOs from all the mega corporations, public sector participants, the entire gamut of cyber security stakeholders are here today. >> That's an interesting kind of take because on one hand, you think there's so many people, but as a few people had mentioned earlier, really they're all here so, and on the grand scheme of things, it's not that many people. It's really this group of people-- >> Exactly. >> And they all know each other. People are all giving each other hugs, as they're walking up and down the booth, so this really is it. >> This is a community, and it's a tight-knit community. It's all the good guys and some linked together (laughing), and figured out what to do about the bad guys (laughing). >> I know, I just hope they all don't go to the bad side at the same time, we'd be in trouble. >> Absolutely. >> One of the things that comes up over and over at tech conferences specifically, and at here, too, is the ecosystem. >> Rohit: Yeah. >> Right? Nobody can do it alone-- >> Rohit: Yep. >> You've got to have an ecosystem-- >> Rohit: Yep. >> And there's a lot of conversations about sharing information-- >> Yep. >> More broadly-- >> Yep. Yep. >> More automated, faster-- >> Rohit: Yep. >> Really an important part of the strategy to fight the bad guys. >> Absolutely. In fact, that was a recurring theme from all the keynote speakers this morning, the notion of working together. The only shot we have of beating the bad guys is if we collaborate and share the information that we have, and go at it together. So, the ecosystem is super important to your point. >> Yep. So, what are some that are accounted for the people that aren't here-- >> Rohit: Yep. Kind of the key themes, some of the big announcement that RSA's make-- >> Rohit: Yeah. >> And I know the press release feed is full (laughing) this morning-- >> Rohit: Yeah. >> But what are you guys excited about for this year? >> Look, what I'm most excited about is a new approach. And here's the way I tee it up, the bad guys are getting really good, right? Every company is going digital, and digital companies are really juicy targets. We don't have enough good guys to fight on our behalf, enough trained good guys, which means we ought to bring technology to assist use, all the things like advanced, artificial intelligence, machine learning, data science, all those things have great capabilities, but the reality is we have to realize the bad guys have all the same technology that we do. So, it's not a technology problem anymore-- >> Right, right. >> We have to play to our strengths, play to our advantage, so this new approach, we call it business-driven security, which means take the security incidents and apply business context to it, enabling customers to take command of their cyber risk, and secure and protect what matters most. >> Right, right. >> So, it's a sense of prioritization, and if we do that successfully, then we are able to keep the bad guys, they're only inside the door, but we can curtail the damage and we can detect the breaches, and respond in a much more expedient manner. >> Right, always the problems within arm's race, right? Both people have the same amount of weapons, so it's how to use those weapons-- >> Rohit: It's how to use the weapons. >> More effectively. >> Absolutely. And therein the context is super important if you're going to apply business context to the way you apply that information-- >> Right. >> With those tools, that's how you win. >> Now, another theme that keeps coming up is kind of state-sponsored threats-- >> Rohit: Yep, yep. >> Which are different than, maybe, kind of commercially, or just-- >> Rohit: Yep, Yep. >> Kind of activists. >> Rohit: Yep. >> That's really changing the game because-- >> Rohit: It is. >> The resources behind those folks significantly bigger. >> Indeed. So, there's new kind of bad guys, like the nation state threat actors, and their objectives are totally different, right? Their objective is not just to steal data, but to tamper with data, and change the conversations as we saw in the case of the election-- >> Right, right. this year, the presidential elections. By tampering data you can actually shift conversations and influence outcomes, so it's a whole new ball game, in terms of the new types of threats and new types of threat actors like nation states, who are getting into the game. >> Yeah, I thought one of the interesting points that came up earlier in the keynote today-- >> Rohit: Yeah. >> I think they called it salting or spiking the algorithm-- >> Rohit: Yep. >> With intentional bad data to send the algorithm on a path, in which it really shouldn't go. >> Exactly, exactly. And the way you respond to that is, again, to back to my point around business-driven security. If you have data, and if you understand the business context around how that data ought to be used, then you're able to protect it and secure it, and make sure it doesn't get weaponized, or used against you. >> Right, right. And another theme that came up at another session I attended is kind of the unique role that companies are in versus-- >> Rohit: Yep. >> The government-- >> Rohit: Yep. >> Because even if there is state-sponsored-- >> Rohit: Yep. >> Issues going on-- >> Rohit: Yep. >> Because many of the companies, RSA included-- >> Rohit: Yeah. >> Operate globally across the number of geos. >> Yep. >> They potentially have even more data, different data, to fight the threat than any one government does on its own. >> Indeed, and this is where sharing of information is vital, and along those lines, RSA is excited to announce this year that we've joined the Cyber Threat Alliance, which is a consortium of private companies who have decided that it's not the threat intel data, it's how you use it that's going to be the differentiating factor. >> Right. >> So, in the spirit and vein of working together, we are sharing threat data with each other, so that we can respond to the bad guys. >> Right. So, give you the last word-- >> Rohit: Yeah. >> It's February 14th, Happy Valentine's Day. Start of the new year, what are some of your priorities as you look down the other road, what are we going to be talking about a year from now? >> Yeah. >> What's things that are on your plate that you're really thinking about? >> Yeah, yeah. Look, so, in the vein of Valentine's Day, I totally love cyber security (laughing). Let me say that, and in terms of what we're looking forward to. Look, RSA is in the game to innovate and set the table, and set the agenda for the cyber security market. We play the role of bringing the cyber security community together, but it's our innovation along the axis of business-driven security. We want to take that conversation, drive that into the industry because we believe that without that, we don't have a shot of beating the bad guys. >> Right. Alright, well, we're all rooting for you (laughing)-- >> Thank you. I appreciate that. >> And everybody else in this building, alright. >> I appreciate that. Thanks. >> He's Rohit. I'm Jeff. You're watching The Cube, live from RSA 2017, in downtown San Francisco. Thanks for watching. >> Thank you. (instrumental electronic music) (upbeat instrumental music)

(upbeat techno music) >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at the RSA conference in downtown San Francsisco. 40,000 security professionals talking about how to keep the bad guys out, especially with IOT and 5G coming right around the corner. Joined by the many time CUBE alumnae, always great to catch up with Mark. Mark Nunnikhoven from Trend Micro, what's your title now? >> VP... >> Cloud research? >> VP Cloud research, that's good. >> Welcome! >> Thank you for having me, I appreciate it. >> So it's always good to see that the booth, you guys always have kind of the craziest, wackiest booths. I was wondering though, if you fell out of the rocket ship and that's how you busted your arm. >> That's definitely a better story, so I think we can go with that, or a transporter malfunction, something like that will be a much better story than the sad truth. >> Okay. >> So you've been coming to this show for a while, we see you at all the AWS events, how is the kind of evolution of cloud and the ongoing expansion of cloud kind of change the game in the world of security? >> Yeah, I think cloud has enabled us to do a lot of things that we've been trying to do for a long time, and you know, so we've talked about enabling granular security throughout the enterprise for years, and it's always been hard because we've had a lot of different vendors, a lot of different systems. When we moved to cloud, it's getting a lot more homogenized, and everything's accessible via an API. So we're seeing a lot of maturity in that space where people are embracing that fact, and starting to enable some things that we've been trying to do, like that solid identity in axis management, you know, that's been really difficult in the enterprise, it's far simpler in a cloud space. >> That's interesting, because the other fact is all these things are now all connected via APIs, right? And there are a whole lot of SAS applications in the enterprise >> Yeah! >> So the attack surface is growing significantly and as was pointed out in the keynote this morning, a lot of people work from home, they plug in their desks, you know, it's just, it's growing very very quickly. >> It is! >> So how do you look at some of these challenges? >> Yeah, and it's funny because it is significant and you look at IOT alone, right? There's billions and billions of devices that are being connected and the devices themselves aren't necessarily so much of a threat, though we did see that this year with the Miray bot net and you know some massive d-dos attacks, but it's the data that's going in the back end that's more of a danger to consumers. And we see that with sas services as well. As a security practitioner, you lose the ability to apply the traditional controls that we're used to. And now you're relying on your service provider to do that for you. But it's still your data. So you're sort of forced to construct this balance of, you know, making sure you're leveraging the controls and options the provider has, but also looking out for things like, you know, people effecting the data going in, and sort of manipulating and gaming the system more, and I think you mentioned they said that this morning too. >> Right, the other thing they said this morning is that every company has at least one person that's trying to connect with a Nigerian prince. >> Yeah! >> Who's going to click on these? >> Well he needs money! He needs money, right? >> Yeah, got to give him a little money. >> Yeah! >> I mean it's funny, as far as we've evolved, you know, every, you know, my wife will say "Oh, I got this weird email", so like don't click it, don't click it! >> Mark: Yeah! >> It's the same old techniques! >> It is, and, you know, I've been doing a lot of research in serverless security lately, and that's driven me to a really weird question. Because it's a collection of services where you don't have the ability to apply any controls directly. And it's sort of started me down this path of what is security mean? And it ties to what you were saying in that at the end of the day, users need to be able to use these systems. And sort of a pet peeve of mine is we tell people not to click on these links, but that's the sole purpose of a link is to be clicked on. So we need to find a better balance of educating people and giving them the context in which to make these decisions and having better reputation systems and better automated controls, so that they don't have the option of clicking or not clicking, they just never see bad links in the first place. >> Right, that's a good strategy. The other theme that's coming in, over and over, is really collaboration within the ecosystem here. To share facts, share knowledge, share data, so that you can pick up patterns faster, you can see notes, really the same thing over and over and over. And really, being the kind of co-op-itician, which is what makes Silicon Valley Silicon Valley. >> It is. And it's nice to see it increasing, I think it's gaining pace. And we're not just seeing it with the vendors, we're also seeing it where competitors in different industries are getting together. So a lot of financial CSOs are collaborating because they have a common enemy. And they realize they can't beat them alone, so if they're sharing threat intelligence amongst themselves, that they all sort of win because if one of them goes down, you know that attack's coming to the next door, right? >> Jeff: Right. >> You know, the next day. And we're doing the same thing in the vendor space, we're being more open to collaboration, and we're sharing research analysis, you know. A lot of vendors are launching bug bounty programs. You know, responsible disclosure is becoming a little more standardized. So not only within the community of vendors, but also within the research community. I think the more we talk, the better off we are because we see it in the underground where criminals are selling services to each other. They go "don't worry about setting up a bot net, Jeff I'll rent you one," so that miray bot net of IOT devices, we found that available for sale, you could lease it for 7500 US would get you almost a gigabyte of d-dos attack. And, you know, that's a really low barrier of entry for criminals, >> Jeff: Yeah. >> We need to make sure that we're making it easy for defenders to defend against that kind of thing. >> Still my favorite is the fake ransomware, where I didn't actually put ransomware in your machine but I told you I did, so go ahead and send the money to the Nigerian guy, and I promise I won't turn it on. >> Well, so that one's one of my favorites, but also sort of the super evil one that we saw this year was okay, I've encrypted your files, and I'll give you the key not for money, but if you encrypt two of your friends. So the pyramid scheme in spreading the attack. And that one was just super evil, cause it's mainly the social side, like, what kind of guy are you? Are you going to encrypt, like, you know? >> Which friends get it, right? >> Exactly, you know. >> Ones at the bottom of the list from Facebook. >> Yeah, but ransomware is a great example of attackers realizing that they can do this at scale, they can be insanely profitable, because even if you don't think you have a lot of valuable data, you probably got personal photos and videos that are really important to you, and if you're not taking basic preventative steps like backing up or patching your systems, then they're going to be able to get 500 bucks out of you, and that doesn't sound like much, but when you multiply that times, you know, 50, 60,000 people, because they just need to click a button or add people to a list, that's a huge amount of cash that's flowing in their coffers. >> Right. The other big change in scale that keeps getting talked about here is government, you know, kind of backed. >> Cyber... >> The nation state? >> Yeah, the nation state, thank you. Totally changing the game again, and as we talked about off air, it's good to know who you're fighting with. At least you can see 'em, but at the same time the scale of resources that they can bring to bare significantly bigger. >> Yeah, and that's the challenge. If you're not a nation state against a nation state, you know, it's David versus Goliath, without a good ending. Yeah, without the rock. You just got a piece of cloth, you're like "I hope I can throw somethin' at ya!" You know, but there is some advantage in knowing your adversary, especially when you're talking about, you know, nation state versus nation state, because everybody's got signature moves, they've got go-to work, you know, and you can kind of track them over time. And we've seen that with some research available, which is a great example of, you know, community participation, places like Mandy sharing information, you know, we do it at Trend Micro, bunch of the community players share like "hey, we found this ABT, we're associating it with, you know, probably a nation state, we're not sure who," but even the government, GHS just had a great release on grizzly stat, which was a very good campaign done, but very detailed analysis. Which we didn't see that three years ago, so helping people out to understand what they're up against, and if you're, you know, a smaller enterprise, or even a larger enterprise, you might not have the resources, but you can still take steps to make it harder. >> Right. >> And that's sort of the name of the game. Make it harder so that you get a better chance at protecting your data and at least being aware when you have been breached. >> Alright Mark, I'm going to give you the last word before we sign off here. What are your kind of priorities for 2017? You know, we talk a year from now, what are we going to talk about that you guys worked on this year? >> Yeah, hopefully, you know, a lot of the same, we're still pushing hard in cloud security around servers and containers, but a lot of my personal research has been pushing more towards teams and security professionals, and what we need to do to adjust to be educators in the space as opposed to being a silo team that's just telling you, saying "hey, you really should do this better." And I think that's a space that as an industry, we're ranking up to, that we have the expertise and we need to make sure the rest of business gets it too. >> I love it. We're hearing about big data all the time, it's a team sport, security is a team sport too. >> It is. It's a great way to put it. >> Alright, Mark Nunnikhoven, I'm Jeff Frick. You're watching theCUBE. We're at RSA, downtown San Francisco. Thanks for watching. (upbeat techno music) (gentle techno music)

(upbeat music) >> Hey, welcome back, everybody. Jeff Frick here with The Cube. We're at the RSA Convention in downtown San Francisco. 40,000 people talking security, trying to keep you safe. Keep your car safe, your nest safe, microwave safe, refrigerator safe. >> Everything safe. >> Oh my gosh. Jason Porter, VP, Security Solutions from AT&T, welcome. >> Very good, thanks for having me, Jeff. >> So what are your impressions of the show? This is a crazy event. >> It is crazy, I mean look at all the people. It's the crowds, it's a lot of fun. The best part is just walking the hallways, getting to connect with friends and network and really create new solutions to help our customers. >> It seems to be a reoccurring theme. Everybody sees everybody who's involved in this space is here today. >> Absolutely, yeah, for the next couple of days it's just all in all the time. >> AT&T, obviously, big network, you guys are carrying all this crazy IP traffic that's got good stuff and bad stuff, a lot of fast-moving parts, a ton more data flying through the system. What's kind of your step-back view of what's going on and how are you guys addressing new challenges with 5G and IoT and an ever-increasing amount of data-flow through the network? >> Absolutely, so you're right, at AT&T, we see a ton of traffic. We see 130 petabytes of traffic everyday across our network, so our threat-platform, we pull in five billion threat events every 10 minutes. So-- >> Wait, one more time. Five billion with a B? >> Five billion events every 10 minutes. >> Every 10 minutes. >> So, that's what our big data platform is analyzing with our data scientists and our math, so, lots of volume and activity going on. We have 200 million inpoints, all feeding that threat-platform as well. What are we seeing? We're seeing threats continuing to to grow. Obviously, everybody here at this show knows it, but give you some concrete examples, we've seen a 4,000% increase in IoT vulnerability scanning. IoT is something as a community, as a group here, we definitely need to go solve and that's why we launched our IoT Security Alliance last week. We formed an alliance with some big names out there, like Palo Alto Networks and IBM and Trustonic and others that really, we all have a passion in going out and solving IoT security. It's the number one barrier or concern for adopting IoT. >> You touched on all kinds of stuff there. >> A whole ton of stuff, sorry. >> Let's go to the big data. >> Yeah. >> What's interesting about big data and I always tell kids, right? Every coin has two sides. >> Absolutely. >> The bad part is you've got that much more data to sort through, but the good news is you can use a lot of those same tools. Obviously, it's not a guy sitting with a pager waiting for a red light to go off. >> That's right. >> Analyzing that. How has the big data tools helped you guys to be able to see the threats faster, to react to them faster? >> Yeah. >> To really be more proactive? >> That's a great point, so cyber security is a zero percent unemployment field, right? >> People, you can't get enough people to come work in Cyber security who have the right talent. We had to really evolve. A few years ago, we had to make a big shift that we were not going to just put platforms and people watching screens, looking for blinking red lights, right? We made the shift to a big data threat platform that's basically doing the work of identifying the threats without the people, so we're able to analyze at machine-speed instead of people-speed, which allows us to, as I said, get through many more events. >> Right. >> Much more quickly and allows us to eliminate false-positives and keep our people working really at that, looking at those new threats, those things that we want the people analyzing. >> Right, so the next thing you talked about is IoT. >> Yep. >> My favorite part of Iot is autonomous vehicles just cause I live in Palo Alto. >> Absolutely. >> We see the Google Cars and they're coming soon, right? >> Absolutely. >> But, now you're talking about moving in a 3,000 pound vehicle. >> Yeah. >> Potentially, somebody takes control, so security's so important for IoT. The good news for you guys, 5G's got to be a big part of it. >> Absolutely. >> Not necessarily just for security, but enablement, so you guys are right the heart of IoT. >> Yeah, we are, we have one of the largest IoT deployments in the world. We have the most connected devices and so, what we see is really a need for a layered approach to security. You mentioned 5G, 5G's certainly a part of getting capacity to that, but when you moved to IoT with connected cars and things, you move beyond data harm to physical harm for people and so we've got to be able to up our game and so a layered approach, securing that device, us putting malware detection, but even threat and monitoring what's going on between the hardware and the operating system and the user and then segmenting, say, in a car, telematics from infotainment right? You want to really segment the telematics so that the controls of driving and stopping that car are separate from the infotainment, the internet traffic, the video watching for my kids. >> Right, Spotify, or whatever, right, right right. >> Absolutely and so we do that through SMS, private SMS user groups, private APNs, VPNs, those kinds of things and then of course, you want to build that castle around your data. Your control unit that's managing that car. Make sure you do full UTM threat capabilities. Throw everything you can at that. We've even got some specialized solutions that we've built with some three-letter agencies to really monitor that control point. >> Right, then the last thing you touched on is really partnership. >> Okay. >> And coopetition. >> Yep. >> And sharing which has to be done at a scale that it wasn't before-- >> Absolutely. >> To keep up with the bad guys because apparently, they're sharing all their stuff amongst each other all the time. >> Yeah, absolutely. >> And here we are, 40,000 people, it's an eco-system. How is that evolving in terms of kind of the way that you share data that maybe you wouldn't have wanted to share before for the benefit of the whole? >> Yeah, so, our threat platform, we built it with that in mind with sharing, so it's all, it's surrounded by an API layer, so that we can actually extract data for our customers. Our customers can give us their date. It's interesting, I thought they would want to pull data, but our biggest customers said, no, you know what? We want your data scientists and your math looking at our environment too, so they wanted to push data, but speaking about alliances overall, it's got to be a community as you said. And our IoT Security Alliance is a great example of that. We've got some big suppliers in there, like Palo Alto, but we also have IBM. IBM and AT&T are two of the largest manage-security companies in the planet, so you would think competition, but we came together in this situation because we feel like IoT's one of those things we got to get right as a community. >> Right, right, all right, Jason. I'll give you the last words. >> Okay. >> 2017, we're just getting started, what are kind of your priorities for this year, what will we be talking about a year from now at RSA 2018? >> You're going to continue to hear more about attack types, different attack types, the expanding threats surface of IoT but I think you're going to continue to hear more about our critical infrastructure being targeted. You saw with the dying attack, you're starting to take out major pieces that are impacting people's lives and so you think about power grids and moving into some more critical infrastructure, I think that's going to be more and more the flavor of the day as you continue to progress through the year. >> All right, well hopefully you get good night's sleep. We want you working hard, we're all rooting for ya. >> Absolutely, we're all working on it >> All right, he's Jason Porter from AT&T. I'm Jeff Frick with The Cube. You're watching The Cube from RSA Conference San Francisco. Thanks for watching. (melodic music) (soothing beat)

(energetic techno) >> Hey, welcome back everybody, Jeff Frick here with the cube. We're at the RSA conference in downtown San Francisco, Moscone Center. 40 thousand people talking about security, especially with things like IoT, and 5G coming, just right around the corner, so it's important, and we're excited to be joined by industry veteran, George Gerchow. He's VP Security and Compliances at Sumo Logic. George, welcome. >> Thanks, great to be here! Having a fantastic show so far, so thank you. >> So it's funny, before you came on, you knew our last guest, and he even commented. (George laughs) He has a big role, there's 40 thousand people, but this is like, all the world's security experts at one building. >> They're all right here, right now. So if you wanted to plan a massive terrorist attack? >> Don't say that! >> (laughs) We'll be right here, right now! >> Well, and they have a lot of security, it's funny you're laughing, but there's guard dogs, and I got my bag checked a bunch of times. I guess it makes sense. >> (laughs) It absolutely makes sense, but yes, everyone's here, all the who's who, and it was great to see Tom before me. >> And the uh, and the challenges just keep continuing right? With IoT, it's coming right around the corner. Connected devices, sensors. It's funny, in your goodie bag here at RSA, they even give you a little, the little thing to hide the camera on your, on your laptop, right? >> Yeah, they really do, I mean, everything's connected, right? I mean, there is no more hard-shell, soft-center perimeter to security anymore, it's all out there. It's a hostile world, and uh, you just got to do your best to protect yourself. >> Alright, well, hopefully you guys are all staying on the light side, and don't go to the dark side. >> (laughs) Yeah, absolutely. >> So we were talking a lot about threats, and threat intelligence. >> Yeah. >> Can you give us a kind of an update on what you're working on, you know, kind of what your top-of-the-mind of this area? >> Yeah, yeah, absolutely. And so you know, at Sumo Logic, we have a security analytics platform, built that scale, multi-tenant, in the cloud, native-born. Part of my job responsibility is to secure that platform. But one of the things that we were missing, quite honestly, was threat intelligence feeds coming into that platform to be able to do deeper forensics on malicious IPs, indicators of compromise around URLs and domain names, so now we're offering to our customers integrated threat intelligence, intersecurity analytics, for free, (chuckles) and now it's here at RSA to be able to do deeper forensics around some of those indicators of compromise and the bad guys that you were talking about. >> (chuckles) So now that with the, with the security analytics, hopefully you guys can see things faster, you can pick up patterns quicker, you know, you can use real-time streaming things like Spark to actually get ahead of the curve instead of the, what we always hear, spend 250 days since you knew, (chuckles) that you were, uh, compromised. >> Yeah, you're exactly right, it's getting to the root cause much faster, you know? Because you have so many different things that focus on a security team. Like, my team alone is constantly getting things flagged up all the time that we may or may not want to pay attention to. But those things that are really critical, that needle in the haystack that you have to dive into that's a potential threat or vulnerability right away, we want to surface those up very very quickly. So we drink our own champagne, we're running it internally, and now we're offering it externally to our customers as well, too. >> And you just can't do that without machines and automation, right? It's just not possible to keep up with the volume of activity, and to find that needle within just a mass of things that you guys are keeping an eye on. >> You're exactly right. Especially being in the cloud, right? Think about the dynamic, you know, things are taking place, you know, IPs constantly changing. What's my system today might be your system tomorrow. >> Right. >> So having that, more real-time, deeper visibility, into what's taking place on those high threat items, that's even more critical once you're moving out to the cloud for sure. >> Right, and you guys have been involved in the AWS biz, I think we interviewed Sumo Logic like, AWS summit 2013. >> Yep, right. >> In this very building. >> Right! We're native-born, and AWS, >> There you go. >> So great memory! >> So how, so how does kind of the cloud impact, to just more of a general security point of view? People's expectations of behavior of their applications and their data? >> Oh my gosh. >> And it's just like, it's like the dial tone, right? It's almost like (mumbles). >> Right. >> It's just supposed to be there, flex up, flex down as ever I need it. Obviously you got to worry about keeping that real, keeping it safe. How has that impacted the way, uh, that customers expect security? >> Right, so, well, customers now, it's actually behaving a different way too. They're so scared, some of them, of "oh my gosh, my data is leaving beyond my control." but the reality is, I can use some of that scale, and some of those automated systems in the cloud to make the data more secure, once it moves out there. I can leverage the power of code to really lock down how that data is protected against both inside sources and external sources. So it's really, to us, it's been an advantage point. Being native-born, understanding how the cloud works and how to secure data in the cloud, and then now, sharing that with our customers, has really put us ahead of the curve. Like the industry's just now catching up to where we're at. You said 2013, we were here talking about cloud, and now here we are, right? >> Right, right. >> Where other people were like, we're never going to move our stuff out there. Well, guess what? >> Right. >> You're moving out there now. (chuckles) >> And you guys can leverage cloud yourself in terms of your own applications, right? To grow and scale, I mean. >> Absolutely. >> It was amazing, AWS reinvented the Tuesday Night with James Hamilton, which uh, >> Right, yes. >> You probably went through, it's like a rock-star show. But when he goes through the scale of the way, of the infrastructure that AWS can deploy because they have such mass scale, I mean to try to compete with that as an individual company? Pretty tough. >> It's not going to happen, you know? And it's the same thing with us, you know. So if you're really going to do security analytics at scale, well, it's about scale, multiple data sources. I want to be able to go from 10 terabytes to 20 terabytes overnight, and then start looking for the security threats. Well, that's what we do. We built our platform in the cloud to scale at that rate, but now we're just heavily focused on security content and solving problems as people start moving their workloads out to the cloud. We've been there for a while, so we're helping people. And look, we're learning like everyone else every day. Things change, as you've mentioned before. But we have a pretty good approach as to how we lock down our own environment, and we're just sharing it externally now. >> So the other big theme that we keep hearing over and over at the show is collaboration, and companies, kind of coop-petition, which is the Silicon Valley way, has always been, >> Absolutely, no question. >> You know, to share threat information with your, partners in the industry, to try to help get a leg up on the, on the bad guys. Have you seen that kind of collaboration. kind of environment, change over the last several years? >> I am so glad you brought that up, because it is an ecosystem. Like for us, we're taking the threat feeds from Crowdstrike, who's, you know, one of the leaders in the threat feed space. We're also partnering up with WinLogin at this show to really start locking down people's credentials when they come in. And then also great partners like Trend Micro. It takes an ecosystem, there is no silver bullet. There is no one company, one solution that solves a problem. It takes a collaboration of vendors and partners to really be able to get this done, and I feel it and live it internally. >> Right, right. Alright, I'm going to give you last word, George. >> Alright. >> So it's February. What are your top priorities for 2017? What are we going to be talking about a year from now at this show? >> Okay, so one of the top priorities for me is definitely the DDoS attacks in the cloud? You know, so people being able to launch a DDoS attack within AWS at AWS, and have an AWS eat itself. (both chuckle) Like, literally, this keeps me up at night, you know? So, that's one of my -- >> Where's Scott? >> Top priorities. >> Scott, did you hear that? (both laugh) >> Alright, it could happen, so anyway, that's one of the things I'm focused on right now. >> Alright, excellent. >> Sure. >> Well, I know you got to run to the booth, it's a busy show, >> Great show. >> I know you probably have meetings with 39,995 of these other people. (George laughs) He's George Gerchow, I'm Jeff Frick, you're watching The Cube. Thanks for watching. >> Thanks guys, 'preciate it, thanks Jeff. (energetic techno) (sedate synths)

(upbeat instrumental music) >> Hey welcome back everybody. Jeff Frick here with the Cube. We're at the RSA Conference in downtown San Francisco. 40,000 security professionals here talking about how to keep us all safe, especially when we're in autonomous vehicles, especially when we have connected nest devices. It's a crazy wild world. We're excited to be joined by Derek Manky, the global security strategist for Fortinet. Welcome. >> Hey thanks, pleasure to be here. >> Absolutely. >> We'll talk security right? >> Well I hope so. So for folks that aren't familiar with Fortinet, give us kind of the overview of what you guys are doing. >> Sure I mean tons of different things. So, you know, my department, I work directly with our global threat intelligence team and our labs. So for over 15 years now, we've been building up our labs. We have over 200 threat analysts and researchers worldwide combing through data at any given minute. But the problem is, the data. We live in a big data world now. There's so much, it's very easy to become overwhelmed with data. So we've taken an approach where we have a very intelligent human expertise team, but we've invested a lot into automation, machine learning, artificial intelligence, that you're going to find that's a very important thing moving forward because we need to be able to stay on par with the bad guys. >> Right right. >> The bad guys are very good at automation. They don't have anything holding them down. They're flying full-force, so we're trying to keep up to them. And, you know there's a lot of great initiatives like cyber threat alliance, of course, so we made a big announcement this week on that too. >> Right. So really as things have evolved over those 10 years, I mean the bad news is the amount of data that you guys have to keep track of is growing exponentially. The good news is the tools like machine learning and AI and Spark and Hadoop and, you know the tools that you have to use are much more sophisticated as well. It kind of works both sides of the coin at the same time. >> Yeah but you know what? One thing that we found is that there is a lot of information here, there is a lot of data being thrown out there. You have to make sense of the data. So a big theme and a big focus of ours is making data actionable. So threat intelligence actionable. How do you cross what we call the last mile? How do you take data and information and put it into transparent security controls so the end users, like all of our customers, don't have to do that manually. The manual work is what's killing a lot of people out there. There's a huge gap in cyber security professionals out there. People like network administrators, by the time they receive, say, a PDF document or something manual that they have to plug in an IP address or an update, it's often too late. A lot of this information is very perishable, very fluid. So, we're trying to automate that into the security controls. That comes from a lot of that big data, analytics on the back end. We call it a security fabric. So this is where we can weave in that information into all of our different products. End point, from end point all the way up to the cloud. And the cyber threat alliance is a very big initiative. So we're a founding member of that along with the other founding members I mentioned this week. We're working together to share information. And the goal of that is to share information on a platform and then as a member of the CTA founding member take that information in and push that out into those controls in near real time. That's the big thing. >> That was the big thing right? Because people have shared data before. But it's really kind of this real time emphasis to get it in real time. You know using things like Spark and streaming data. So that you're not reacting after the fact. In the old stat they used to quote us, you know people didn't even know for like 250 days. >> Derek: Yeah. >> Or whatever it was. >> We're bringing a lot of illumination to intelligence as well. Visibility's a big thing. Speed is a very big thing right? How can we get that information out very quickly because like I said the bad guys are moving a million miles a minute. So it's a really important initiative what we're doing with that. The other thing is the quality of information. A lot of information is too hastily shared and I think humans we're at that tipping point right now. Where humans can't fully trust automation. It's like autonomous vehicles. >> Right right. >> You're not going to put it fully in control right? You have to start getting a trust exercise with it and that's what we're trying to do, a lot of this intelligence. >> What was interesting in the keynote this morning one of the new threads they highlighted is people actually feeding the algorithms bad information. >> Poisoning yeah, yeah. Absolutely, yeah, yeah. >> Salting the algorithm is what they call it. To send it down a different path than it should be going. >> I mean the bad guys will put all this thought throughout and evasion techniques. But that's another really nice thing about the cyber threat alliance. Is that we're all collaborating. So we're giving confidence ratings to this. So it's also a quality of sharing system which the industry very badly needs in my opinion too. >> So what's next? Looking at 2017, we're getting started this February. Oh it's Valentine's Day February 14. >> Happy Valentine's Day. >> Happy Valentine's. So a year from now and we talk, what's the top of my priorities? What are you working on for the next little while? >> Yeah absolutely. Again we're going down the CMO automation. You're going to see a lot on the security fabric that we have. So this is how we can have machines automatically learning about environments. Automatically adapting to environments. You look at a lot of security problems out there a lot of the times it's security 101. It's people misconfiguring firewalls, misconfiguring policies and devices. Not having a proper security device in front of their crown jewels or their asset, their digital asset. So that is a big theme that we're doing, it's taking that intelligence and starting to empower our products and solutions to make intelligence decisions on their own. >> Right. >> That's a very big leap forward and we've made significant progress with that. >> It's interesting that you mention that. There's still a lot of 101 work that people aren't doing to the degree that they should. There was a great line in the keynote this morning that every company has at least one person that will click on anything. >> Weakest link in the chain right? Yeah. >> Absolutely. Alright well Derek thanks for stopping by. And congrats on a great show. And really some exciting stuff with that cyber threat alliance. >> Great yeah thanks, a pleasure. >> Alright he's Derek Manky I'm Jeff Frick. You're watching the Cube from RSA in downtown San Francisco. Thanks for watching. (instrumental music)

(upbeat music) >> Hey welcome back everybody, Jeff Frick here with theCUBE. We are live at Moscone Center at the RSA Convention. 40,000 security professionals are here, talking about security. This thing grows every single year. We're happy to be here and excited for our next guest, Ajay Gupta. He's the Global Director, Product Marketing and Management from Huawei. Welcome. >> Oh thank you, Jeff. Pleasure to be here. Thanks for your time. >> Absolutely, so you've been coming here for years. You laughed at me when I asked how long you've been coming here. >> Oh it's been ages, you can look at me and you can imagine. >> No, look, all hairs still dark. >> Oh come on, you're being too nice to me. >> So what's really changed, as you've been coming for years. Kind of at a global perspective? >> Yeah, yeah I think we've seen the nature of security change, the nature of threats change. The different companies have changed actually over the years. The crowd has gone up and swelled like 40,000 you mentioned. So, we really think this show has really become the gold standard for the trade shows when it comes to security. We weren't there at RSA but last few years we have made it a point to be here every year to talk to the customers here. >> Yeah. >> And you meet all the people from all over the world. That's the best part, customers, partners, everybody. >> It's interesting because a big part of the theme here is collaboration and ecosystem. And nobody can do it alone. Everyone covers different pieces of the puzzle. I know you guys are trying to grow your ecosystem. What does ecosystem mean to Huawei? >> Absolutely. I think we do believe from a security perspective no single vendor can offer the best of the breach security to their customers. We really need partners, the ecosystem. Huawei has something called being integrated. That is, bringing the partners onboard to offer different pieces of the puzzle. In fact it's a good point to mention. We are announcing two announcements this morning actually. The first one what we'll talk about is Avira. It's the best AV engine company in Germany. Huawei really recognizes the importance of the AV. So we are bringing their AV engine on the Huawei's next generation firewall. It really brings two things. Performance and accuracy. That's what people need from a AV point of view. The second announcement we're going to make really is what's called the Huawei USG9000V. It's a security gateway actually. So as the cloud's proliferation, as people are moving to the cloud, as people are using more and more SAS applications, you're going to see lot more security building from the cloud perspective. Our USG9000V is actually the perfect gateway to combat the security threats in the cloud. So virtual data centers, the cloud data centers, the OTT's, we really bring all the different kinds of security in the USG9000V. The announcement we are making is really an upgraded version of the existing security appliance that we call 6000V. Again, it's a software security. Works with different VMs whether it's KVM, whether it's zen, whether MS6. Huawei's own virtual system. Huawei's FushionSphere. The performance is in terabit so you can actually go in and read some of the specs from the Huawei's perspective. One of the best of the V products for virtual security. >> Right. And the cloud's changed everything, right? So many applications are delivered via the cloud now. And even if it's not a cloud and it's an internal cloud people want the flexibility of cloud. They want to scalability of cloud. They really want the way the cloud works for them to deliver the applications to their customers and their employees. >> Definitely. So three things I'm going to mention here from a cloud perspective. What people are looking for from a cloud security perspective is on demand. How do you scale in, scale out as the demands of the bandwidth goes up. You got to make sure your network security is able to keep up with that demand. People are looking for visibility. You've got this multitude of appliances, boxes, cloud boxes, cloud security all over the place. How do you make sense out of it? How do you really bring all of those thresholds, all of those unloads come together into the form of CIO or CSO can really understand. >> Right. >> And the last thing I'm going to make it easy to configure. PLug and play. Some of the automation feature. Automation people are starting to move in the security but you got to be careful when you bring automation from a security perspective. You need to automate task that are not that mission critical. But as we more and more trust, you're going to see more security automation in the industry. >> Yeah. Because when it's cloud it just needs to work, right. Everybody just expects, I can add more capacity, I can spin it down. And it just needs to work. It's somebody else's problem, it's somebody else's data center. >> I don't know what's going on behind the scenes, I just know it works. >> Yeah. >> I pick up my phone, it's going to kick. That's exactly the concept of security. But you got to be really careful when it comes to security because you got to make sure that when, suppose the positive threats and positive and negative threats actually. How do you combat and make sure you automate from the positive point of view and not from a negative point of view. >> But there's one thing that hasn't changed, cloud or no cloud. And they talked about it in the keynote and that great line was every company has at least one person that will click on anything. (laughs) >> Oh, I love it. I love it actually. >> How do we get past, I mean, they're still getting the email from the African king who needs some dollar >> Nigeria, Nigeria >> For Nigeria. >> Let me put I this way. I would say hackers are getting smarter and smarter. How do you keep up with the threats from the hackers who are one step ahead of you. How do you really combat threats, unknown threats, in the future? So I think things we have seen in 2016, the phishing attacks are back on the rise actually. Always do you see Ransomware. Form the point of Ransomware I should mention there's something called par pon ton from Ransomware that I'm going to let you off the hook if you infect two other computers actually. I don't need the money from you. So hackers are coming with those innovations to really go and hack more people actually. You seen what happened with the collected costs. Chrysler had a recall on 1.4 million vehicles in the past. Do you see what's happened with the camera, the surveillance camera. So I think two things we really need to watch out in 2017. One is Ransomware and the number two thing which is extremely, extremely important is industrial IOT actually. >> Absolutely. >> As the sensors get deployed more and more around the world you've got to make sure those sensors are able to keep up with the threat, it's not easy. So what Huawei provides to the table is really end to end security. Two things in security; multi-layered security and security indifference. Those are the principles from the bottom, not from the top down. >> Right. It's funny, the funniest, it's not funny really. The Ransomware story was fake Ransomware. I didn't really put Ransomware on your machine I just told you that I did so go ahead and pay me anyway. And the other thought is really the ability for them to build a business because of Bitcoin as a way to collect anonymous money from people. That enabled a rise in the escalation in Ransomware. It's a complicated world. They give you the last take as people drive away, leave RSA 2017, really what should be the top of mind as they think about what's going to happen and what we'll be talking about when we come back a year from now? >> I think two things I would really suggest people to really take away from the RSA this year. First of all, what's happening in the industry? What's happening in the market? Keep updated with the latest threat. See what vendors had a very comprehensive solution from an end to end perspective. Really go do their own research, making sure that security is not an after thought. Security it needs to be proactive. Security needs to be built up from ground up. Don't regard security as something secondary actually. As long as people put premium on security, that's going to save their face rather than to be appearing on the Wall Street front page or have been hacked. They say there are two kinds of companies. 50% claim that they have been hacked. 50% know they just don't admit it. That's all. >> Alright, very good. Well Ajay thanks for stopping by and congrats on a great show. >> My pleasure, thanks Jeff. Thank you very much. >> He's Ajay Gupta, I'm Jeff Frick. You're watching theCUBE from RSA conference in downtown San Francisco. Thanks for watching. (upbeat music)

>>Good afternoon, friends. My name is Savannah Peterson here in the Cube Studios live from Detroit, Michigan, where we're at Cuban and Cloud Native Foundation, Cloud Native Con all week. Our last interview of the day served me a real treat and one that I wasn't expecting. It turns out that I am in the presence of two caddies. It's a literal episode of Caddy Shack up here on Cube. John Furrier. I don't think the audience knows that you were a caddy. Tell us about your caddy days. >>I used to caddy when I was a kid at the local country club every weekend. This is amazing. Double loops every weekend. Make some bang, two bags on each shoulder. Caddying for the members where you're going. Now I'm >>On show. Just, just really impressive >>Now. Now I'm caddying for the cube where I caddy all this great content out to the audience. >>He's carrying the story of emerging brands and established companies on their cloud journey. I love it. John, well played. I don't wanna waste any more of this really wonderful individual's time, but since we now have a new trend of talking about everyone's Twitter handle here on the cube, this may be my favorite one of the day, if not Q4 so far. Drew, not reply. AKA Drew ne Drew Nielsen, excuse me, there is here with us from Teleport. Drew, thanks so much for being here. >>Oh, thanks for having me. It's great to be here. >>And so you were a caddy on a whole different level. Can you tell us >>About that? Yeah, so I was in university and I got tired after two years and didn't have a car in LA and met a pro golfer at a golf course and took two years off and traveled around caddying for him and tried to get 'em through Q School. >>This is, this is fantastic. So if you're in school and your parents are telling you to continue going to school, know that you can drop out and be a caddy and still be a very successful television personality. Like both of the gentlemen at some point. >>Well, I never said my parents like >>That decision, but we'll keep our day jobs. Yeah, exactly. And one of them is Cloud Native Security. The hottest topic here at the show. Yep. I want to get into it. You guys are doing some really cool things. Are we? We hear Zero Trust, you know, ransomware and we even, I even talked with the CEO of Dockets morning about container security issues. Sure. There's a lot going on. So you guys are in the middle of teleport. You guys have a unique solution. Tell us what you guys got going on. What do you guys do? What's the solution and what's the problem you solve? >>So Teleport is the first and only identity native infrastructure access solution in the market. So breaking that down, what that really means is identity native being the combination of secret list, getting rid of passwords, Pam Vaults, Key Vaults, Yeah. Passwords written down. Basically the number one source of breach. And 50 to 80% of breaches, depending on whose numbers you want to believe are how organizations get hacked. >>But it's not password 1 23 isn't protecting >>Cisco >>Right >>Now. Well, if you think about when you're securing infrastructure and the second component being zero trust, which assumes the network is completely insecure, right? But everything is validated. Resource to resource security is validated, You know, it assumes work from anywhere. It assumes the security comes back to that resource. And we take the combination of those two into identity, native access where we cryptographically ev, validate identity, but more importantly, we make an absolutely frictionless experience. So engineers can access infrastructure from anywhere at any time. >>I'm just flashing on my roommates, checking their little code, changing Bob login, you know, dongle essentially, and how frustrating that always was. I mean, talk about interrupting workflow was something that's obviously necessary, but >>Well, I mean, talk about frustration if I'm an engineer. Yeah, absolutely. You know, back in the day when you had these three tier monolithic applications, it was kind of simple. But now as you've got modern application development environments Yeah, multi-cloud, hybrid cloud, whatever marketing term around how you talk about this, expanding sort of disparate infrastructure. Engineers are sitting there going from system to system to machine to database to application. I mean, not even a conversation on Kubernetes yet. Yeah. And it's just, you know, every time you pull an engineer or a developer to go to a vault to pull something out, you're pulling them out for 10 minutes. Now, applications today have hundreds of systems, hundreds of microservices. I mean 30 of these a day and nine minutes, 270 minutes times 60. And they also >>Do the math. Well, there's not only that, there's also the breach from manual error. I forgot to change the password. What is that password? I left it open, I left it on >>Cognitive load. >>I mean, it's the manual piece. But even think about it, TR security has to be transparent and engineers are really smart people. And I've talked to a number of organizations who are like, yeah, we've tried to implement security solutions and they fail. Why? They're too disruptive. They're not transparent. And engineers will work their way around them. They'll write it down, they'll do a workaround, they'll backdoor it something. >>All right. So talk about how it works. But I, I mean, I'm getting the big picture here. I love this. Breaking down the silos, making engineers lives easier, more productive. Clearly the theme, everyone they want, they be gonna need. Whoever does that will win it all. How's it work? I mean, you deploying something, is it code, is it in line? It's, >>It's two binaries that you download and really it starts with the core being the identity native access proxy. Okay. So that proxy, I mean, if you look at like the zero trust principles, it all starts with a proxy. Everything connects into that proxy where all the access is gated, it's validated. And you know, from there we have an authorization engine. So we will be the single source of truth for all access across your entire infrastructure. So we bring machines, engineers, databases, applications, Kubernetes, Linux, Windows, we don't care. And we basically take that into a single architecture and single access platform that essentially secures your entire infrastructure. But more importantly, you can do audit. So for all of the organizations that are dealing with FedRAMP, pci, hipaa, we have a complete audit trail down to a YouTube style playback. >>Oh, interesting. We're we're California and ccpa. >>Oh, gdpr. >>Yeah, exactly. It, it, it's, it's a whole shebang. So I, I love, and John, maybe you've heard this term a lot more than I have, but identity native is relatively new to me as as a term. And I suspect you have a very distinct way of defining identity. How do you guys define identity internally? >>So identity is something that is cryptographically validated. It is something you have. So it's not enough. If you look at, you know, credentials today, everyone's like, Oh, I log into my computer, but that's my identity. No, it's not. Right. Those are attributes. Those are something that is secret for a period of time until you write it down. But I can't change my fingerprint. Right. And now I >>Was just >>Thinking of, well no, perfect case in point with touch ID on your meth there. Yeah. It's like when we deliver that cryptographically validated identity, we use these secure modules in like modern laptops or servers. Yeah. To store that identity so that even if you're sitting in front of your computer, you can't get to it. But more importantly, if somebody were to take that and try to be you and try to log in with your fingerprint, it's >>Not, I'm not gonna lie, I love the apple finger thing, you know, it's like, you know, space recognition, like it's really awesome. >>It save me a lot of time. I mean, even when you go through customs and they do the face scan now it actually knows who you are, which is pretty wild in the last time you wanna provide ones. But it just shifted over like maybe three months ago. Well, >>As long as no one chops your finger off like they do in the James Bond movies. >>I mean, we try and keep it a light and fluffy here on the queue, but you know, do a finger teams, we can talk about that >>Too. >>Gabby, I was thinking more minority report, >>But you >>Knows that's exactly what I, what I think of >>Hit that one outta bounds. So I gotta ask, because you said you're targeting engineers, not IT departments. What's, is that, because I in your mind it is now the engineers or what's the, is always the solution more >>Targeted? Well, if you really look at who's dealing with infrastructure on a day-to-day basis, those are DevOps individuals. Those are infrastructure teams, Those are site reliability engineering. And when it, they're the ones who are not only managing the infrastructure, but they're also dealing with the code on it and everything else. And for us, that is who is our primary customer and that's who's doing >>It. What's the biggest problem that you're solving in this use case? Because you guys are nailing it. What's the problem that your identity native solution solves? >>You know, right out of the backs we remove the number one source of breach. And that is taking passwords, secrets and, and keys off the board. That deals with most of the problem right there. But there are really two problems that organizations face. One is scaling. So as you scale, you get more secrets, you get more keys, you get all these things that is all increasing your attack vector in real time. Oh >>Yeah. Across teams locations. I can't even >>Take your pick. Yeah, it's across clouds, right? Any of it >>On-prem doesn't. >>Yeah. Any of it. We, and we allow you to scale, but do it securely and the security is transparent and your engineers will absolutely love it. What's the most important thing about this product Engineers. Absolutely. >>What are they saying? What are some of those examples? Anecdotally, pull boats out from engineering. >>You're too, we should have invent, we should have invented this ourselves. Or you know, we have run into a lot of customers who have tried to home brew this and they're like, you know, we spend an in nor not of hours on it >>And IT or they got legacy from like Microsoft or other solutions. >>Sure, yeah. Any, but a lot of 'em is just like, I wish I had done it myself. Or you know, this is what security should be. >>It makes so much sense and it gives that the team such a peace of mind. I mean, you never know when a breach is gonna come, especially >>It's peace of mind. But I think for engineers, a lot of times it deals with the security problem. Yeah. Takes it off the table so they can do their jobs. Yeah. With zero friction. Yeah. And you know, it's all about speed. It's all about velocity. You know, go fast, go fast, go fast. And that's what we enable >>Some of the benefits to them is they get to save time, focus more on, on task that they need to work on. >>Exactly. >>And get the >>Job done. And on top of it, they answer the audit and compliance mail every time it comes. >>Yeah. Why are people huge? Honestly, why are people doing this? Because, I mean, identity is just such an hard nut to crack. Everyone's got their silos, Vendors having clouds have 'em. Identity is the most fragmented thing on >>The planet. And it has been fragmented ever since my first RSA conference. >>I know. So will we ever get this do over? Is there a driver? Is there a market force? Is this the time? >>I think the move to modern applications and to multi-cloud is driving this because as those application stacks get more verticalized, you just, you cannot deal with the productivity >>Here. And of course the next big thing is super cloud and that's coming fast. Savannah, you know, You know that's Rocket. >>John is gonna be the thought leader and keyword leader of the word super cloud. >>Super Cloud is enabling super services as the cloud cast. Brian Gracely pointed out on his Sunday podcast of which if that happens, Super Cloud will enable super apps in a new architectural >>List. Please don't, and it'll be super, just don't. >>Okay. Right. So what are you guys up to next? What's the big hot spot for the company? What are you guys doing? What are you guys, What's the idea guys hiring? You put the plug in. >>You know, right now we are focused on delivering the best identity, native access platform that we can. And we will continue to support our customers that want to use Kubernetes, that want to use any different type of infrastructure. Whether that's Linux, Windows applications or databases. Wherever they are. >>Are, are your customers all of a similar DNA or are you >>No, they're all over the map. They range everything from tech companies to financial services to, you know, fractional property. >>You seem like someone everyone would need. >>Absolutely. >>And I'm not just saying that to be a really clean endorsement from the Cube, but >>If you were doing DevOps Yeah. And any type of forward-leaning shift, left engineering, you need us because we are basically making security as code a reality across your entire infrastructure. >>Love this. What about the team dna? Are you in a scale growth stage right now? What's going on? Absolutely. Sounds I was gonna say, but I feel like you would have >>To be. Yeah, we're doing, we're, we have a very positive outlook and you know, even though the economic time is what it is, we're doing very well meeting. >>How's the location? Where's the location of the headquarters now? With remote work is pretty much virtual. >>Probably. We're based in downtown Oakland, California. >>Woohoo. Bay area representing on this stage right now. >>Nice. Yeah, we have a beautiful office right in downtown Oakland and yeah, it's been great. Awesome. >>Love that. And are you hiring right now? I bet people might be. I feel like some of our cube watchers are here waiting to figure out their next big play. So love to hear that. Absolutely love to hear that. Besides Drew, not reply, if people want to join your team or say hello to you and tell you how brilliant you looked up here, or ask about your caddy days and maybe venture a guest to who that golfer may have been that you were CAD Inc. For, what are the best ways for them to get in touch with you? >>You can find me on LinkedIn. >>Great. Fantastic. John, anything else >>From you? Yeah, I mean, I just think security is paramount. This is just another example of where the innovation has to kind of break through without good identity, everything could cripple. Then you start getting into the silos and you can start getting into, you know, tracking it. You got error user errors, you got, you know, one of the biggest security risks. People just leave systems open, they don't even know it's there. So like, I mean this is just, just identity is the critical linchpin to, to solve for in security to me. And that's totally >>Agree. We even have a lot of customers who use us just to access basic cloud consoles. Yeah. >>So I was actually just gonna drive there a little bit because I think that, I'm curious, it feels like a solution for obviously complex systems and stacks, but given the utility and what sounds like an extreme ease of use, I would imagine people use this for day-to-day stuff within their, >>We have customers who use it to access their AWS consoles. We have customers who use it to access Grafana dashboards. You know, for, since we're sitting here at coupon accessing a Lens Rancher, all of the amazing DevOps tools that are out there. >>Well, I mean true. I mean, you think about all the reasons why people don't adopt this new federated approach or is because the IT guys did it and the world we're moving into, the developers are in charge. And so we're seeing the trend where developers are taking the DevOps and the data and the security teams are now starting to reset the guardrails. What's your >>Reaction to that? Well, you know, I would say that >>Over the top, >>Well I would say that you know, your DevOps teams and your infrastructure teams and your engineers, they are the new king makers. Yeah. Straight up. Full stop. >>You heard it first folks. >>And that's >>A headline right >>There. That is a headline. I mean, they are the new king makers and, but they are being forced to do it as securely as possible. And our job is really to make that as easy and as frictionless as possible. >>Awesome. >>And it sounds like you're absolutely nailing it. Drew, thank you so much for being on the show. Thanks for having today. This has been an absolute pleasure, John, as usual a joy. And thank all of you for tuning in to the Cube Live here at CU Con from Detroit, Michigan. We look forward to catching you for day two tomorrow.

(bright upbeat music) >> Welcome, everyone, to this Cube conversation. It's part of our season two, episode four of the ongoing AWS Startup Showcase Series. Today's theme, "Cybersecurity: Detect and Protect Against Threats." I'm your host, Lisa Martin. I've got one of our alumni back with us. Rakesh Narasimhan joins me, President and CEO of Anitian. Rakesh, it's great to have you back on the program. >> Thank you very much. Pleasure to be here. >> So some congratulations are in order. I see that Anitian was recently awarded nine global InfoSec awards at RSA conference just this year including couple great titles here hot company and security company of the year. Talk to the audience who knows Anitian what is it doing to enable and empower the digital transformation for enterprises that are, I mean, we've been talking about the acceleration of digital transformation. How is Anitian an enabler of that? >> Thank you again for the opportunity. I think the big change that we brought to the table in Anitian is really what is typically a very manual, complex time consuming and quite expensive process. We've just brought software innovations to it and really that's customers who are trying to do compliance or security in the cloud which just provide a platform that basically accelerates a customer's application migration to cloud. And so that ability is the software innovation that we were able to bring to the space and that just wasn't there before. And so we're just happy that we took the opportunity to innovate there and just bring it to the customers. >> So let's now talk to and address those AWS customers. When you're talking to prospects, existing AWS customers what do you say are the differentiators that makes Anitian so unique when in AWS. >> That's a great question. I think the biggest innovation, the biggest thing that we bring to the table is really an acceleration and timeline and completion of their application. So if you're a customer and you're trying to get into a new market for compliance, for example or you're trying to basically get a new application up and running in a secure environment in either one of those cases, we have a product offering a platform offering that enables you to quickly get up and running and get to production. And that's been the reason why we've enjoyed enormous success in the marketplace in the AWS customer base. >> One of the areas where I see that an Anitian has been very successful is in helping cloud software vendors get FedRAMP compliance and be able to access what is a huge federal market. How are you able to do that? >> Yeah, I think the big thing that we focused on was you have a complete class of SaaS vendors out there who provide enormous innovation that they bring to the marketplace but the government market in general has not been able to participate in it because it again, like I said, it's very complex. It takes time and it's very expensive. And so we focused on that opportunity to really make it easier for all these cloud service providers to be able to bring their innovations to the government market, for example, with FedRAMP and so we help with the automation and the acceleration with our platform offering on top of cloud providers like AWS, and that enables the SaaS provider to offer that opportunity that hitherto is not available to now make it available in the government marketplace. And that's a huge buyer, if you will their budgets are huge. They're still buying even on a downturn in the market even as commercial vendors, who look at that, that market everybody's nervous about it. But if you look at the government market they have budget, they're buying and that needs to be provided to the install base. And so we help make that happen. >> How does that make you unique from a competitive perspective to be able to accelerate veteran for AWS customers in particular? >> I think the biggest issue has always been three things, right? It's complex, it's time consuming but most importantly, how quickly can a company make their software innovations available to a large market has always been sort of the challenge especially in the federal market. So we basically pre-engineering a platform taking care of all the requirements of the standard in compliance and security and then essentially help the customer bring that innovation on top of the AWS environment and making that available to the customers and record time. That's the reason why we're able to enjoy the success. Historically, the space has been very very focused on a lot of consulting folks really providing consulting on an hourly basis. We thought of actually bringing a software oriented approach just like people buy email, they buy service and then all the innovations that come along with it for the subscription that you pay. It's a very similar concept we brought to this space prior to this, either people did it themselves or they hired a lot of consulting folks to tell them what to do. And that could take a long time and then not just time and expense but every single time they made a change they would still, again, have to go redo all that work. We just brought a platform approach which is well understood by now in the industry you pay a subscription, you buy a platform and all the innovations come along for them. So that's huge productivity, time to market but most importantly it enables them to achieve their revenue goals because they're trying to get to market and service the customer, right? So we help them accomplish that in record time. >> So you are really impacting your customer's bottom line. You've been very successful in helping AWS public sector customers to accelerate FedRAMP. As you talked about FedRAMP compliance how are you now switching gears to focus on the AWS commercial customers and even enterprise DevOps teams to be able to accelerate cloud application security? >> Yeah, I think, again we started from a place of humility, if you will. You know, there's a lot of vendors a lot of folks make a lot of claims. We wanted to make sure that we first we're very good at doing something. And that's something was really go after the federal market and the success we achieved in that marketplace had a few insights for ourselves which was people really struggle in all kinds of environments, not just public sector. And what we found is that commercial customers are also trying to go to cloud. They're also dealing with the issues of security in securing their environments. And it's really the DevOps and DevSecOps folks on whom this burden falls. And they have to answer to so many different constituencies in an enterprise company. And so we time and time again while we did the work in FedRAMP we learned that, you know it's not just about compliance. It's also about securing on a base of standards. So how could we provide the same pre-engineered environment for DevOps and DevSecops teams to be able to run that environment for their applications that became an 'aha' for us because we were running into it all the time in the public sector side. So we went and talked to a few customers and said, 'Hey, how about we do the same thing on the commercial side for you?' And I wish I could take credit for this but it's actually not true. It's actually customers who came to us and said, 'Hey you did this really well for us in public sector side. Could you provide the same thing for us in the commercial side?' where it's not about all the documentation and all the audits and things that happen on the compliance side of the house. I just want you to provide an environment so that our DevOps teams could just operate in that environment and Devs can work on it. Can you do that? And we'll pay you. And that was born really our idea of secure cloud enterprise. Our primary offering historically has been secure cloud compliance with a compliance business if you will, where people could go into market and have a completely new market to go after. Whereas in the enterprise side we brought those innovations, those learnings and brought it to a commercial market. And so that's the new product, if you will, that we're launching to service that customer base, if you will. >> So if I'm an AWS customer when do I know it's time to contact Anitian and say, 'Guys we need help and we think you're the right ones to help us accelerate.' >> Yeah, I think it's re really straightforward if you are a customer commercial SaaS vendor, if you will, that runs an AWS and you want to go after a new market then you come to us and we can help you quickly get to all the compliance standards so that you can go sell in the government marketplace. That's an offering we already have, or you are a a brand new company and B2B company and you're developing an application and you want a pre-engineered environment that passes all the security standards so that you don't have to worry about it. You have a subscription to AWS and you have a subscription to us. And then that basically provides you a secure environment in which you can start developing your applications and start developing, deploying them much like your DevOps cycle would work. So we provide that basis already for you. So if you're a customer on the B2B side and you're going to cloud to get your applications to the marketplace on AWS, we're a great solution for you to actually have that engineered platform in place already. So those are the two areas where you can contact us and we can help you out. >> And talk to me about when you are in customer conversations especially as we've had such challenging times the last couple of years, how have those customer conversations changed and evolved? Are you seeing an acceleration up the C-suite stack? Is this a key priority for the CEO and his or her team? >> Yeah, I think it's a phenomenal point. I think security's always been top of mind for folks, not just the C-suite, but in boardrooms as well. But you know, the key thing we found is that even in a down market, sometimes in the environment that is playing out in the macro environment. I think the thing that has not changed is people are still trying to figure out how to make their dollar go further. And how do I get a better return on investment? So if you look at our compliance business that growth is all about that market is growing. There's still opportunity, and people are still having budgets and spending. So commercial companies are still trying to figure out how can I extend my market reach into new markets? So that's an area that the C-suite is really interested in. Funny enough, you would think in the cyber world it's a CSOs who are the ones who actually are looking for solutions from us that certainly an audience but CEOs and CROs are the folks who really clamor for our solution because it is their ability to enter a new market and go after a new budget that can grow their business and have an ROI pretty quickly. That's the ability for them to make that decision. So it's very pertinent to their buying behavior that we have aligned ourselves to very simply put by engaging us. They get to go after a new market to establish a new line of revenue they didn't have before. So that's always interesting to any C-suite member as you can imagine. And that's the compliance side. >> Absolutely establishing new revenue streams is huge and that's a big competitive differentiator. We've seen a lot of customers that weren't able in any industry to do that during the challenging pandemic times. And that is a game changer for organizations across industries. >> Exactly, exactly. And wishing that play out, not just on that side, but even on the commercial side where people are also trying to figure out how do I basically make sure it's pre-done so that it's one less thing for me to have to worry about so that I can be more productive. I can get to market pretty quickly which means I can, again, deliver to my customers quickly which means revenue for them as well. So we are the security business, but really if you notice we're solving a business problem for our customers and we're aligned to their ROI so that it's relatively easier for them to make a decision. They certainly get security in compliance but the bigger benefit for them is to grow their business itself. So we are trying to accelerate that momentum for them. >> That's critical, and I'm sure your customers really appreciate the impact that you're having on their growth, their ability to deliver to what I can only presume is their demanding customers. As one of the things I know that's been in short supply the last couple of years, is patience and tolerance. Is there Rakesh a customer story that you think really articulates the value of what Anitian is delivering? Maybe a favorite customer story that you mentioned when you're giving talks? >> Sure, sure. We really have a very customer base across the landscape. If you think about our compliance business, Smartsheet is a great example who partnered early. They were not even in the cloud before. And then that's a great example with AWS where the three of us work together to offer Smartsheet the collaboration software public SaaS company, if you will, who really established themselves and differentiated themselves in the marketplace by offering that on AWS. And we helped them accomplish their FedRAMP itself not just for once, but you know they've been great customers of ours multiple renewals over the years and every single year that the business that they get on the federal sizes increased because of the work that they did first with us. And so, you know, we've look for more opportunities with them, certainly on that part. And increasingly we start thinking about where else can we help them grow? Because typically most customers have a thing to solve on a compliance standard, but it turns out that the compliance journey is, you know some companies are trying to do Socto to be able to even sell. Then you want to do electronic commerce. You might have to do PCI or you want to sell under the federal government. You'll have to do FedRAMP and FedRAMP has moderate, high but depending on the customers you have, including DOD and once you get to DOD, they'll ask for IL4 and IL5. So these are different compliance regimes. If you will think of them as a journey and we want to be the company that provides a seamless progression for customers as they're on that journey so that we can actually deliver something of value. We're not interested in nickel and diamond customers and charging them by the hour, we're a platform player. We want to make sure that they use it to basically get their ROI and growth happening. And we just take care of the hard part of making sure that they're in compliance, right? And similarly, we're bringing the same idea like Smartsheet. I told you about to a commercial marketplace of customers who can do the same thing for commercial apps in the cloud. And so that gives us a very clean way for customers to really become not just productive, but satisfy their customers quickly and hence grow their business. And we celebrate that collaboration and all of that happens because of AWS and our ability to focus on those customers >> Sounds like a great partnership and definite synergy there on I know, and, you know as well, how customer obsessed in their own words AWS. Speaking of customers one more question for you in terms of being on that journey that compliance journey, which isn't a destination, right? It's probably a zigzaggy path. Do you work with customers that both haven't started the process to FedRAMP plans or those that maybe have with a competitor are running into roadblocks? Are those both routes to market for you? >> Yeah, we interestingly enough historically we used to see a lot of folks who have tried to do it themselves and found it hard or for a variety of reasons they just gave up. And so they would come to us. We have also examples of customers who have tried to go down the consulting path and has not worked and come to us so that it's sort of a broken project. We start from there, but a majority of our business is people who've gotten a contract from one of the agencies. Then they're like, 'oh now what!' We need to get this done before September. And so what's the quickest way to get there. And generally that's where we can help you because we are the best, fastest way to get there. And so we get that mix of customers people who have already tried hasn't worked out people who have tried with other folks hasn't worked out, but a majority of the folks are people who don't even know, you know how to go about doing it, but they know they have to do it in order for them to keep the customer that they've won one of the agencies, if you will. So that has given us a very healthy perspective on how to help customers of different kinds in that journey. The other thing is, you know, we've grown tremendously in the last couple of years. And the other thing we learned is every customer is different. And we tried to bring a very common approach to addressing this problem. Even though customers come in all shapes and forms we have startup companies in, you know early forms of maturity. And we have like really iconic, you know unicorn companies who we've helped go through FedRAMP. So the gamut is large, but you know we're learning a lot by doing this. And I think that's the key thing for me. I want our company to be one that is growing with innovation, but at the same time keeping flexibility in our approach so that we are not just learning new things, we're delivering on the harder problems our customers are facing. Cause I think that's where software innovation can really play a big differentiating role. And that's the reason why I always enjoyed being at Anitian and growing the business and keeping the company really, fast moving and innovative. >> Speaking of being fast moving and innovative here we are coming up on the fourth quarter of calendar year 22, what's next for Anitian? What are some of the exciting things that have you pumped up? Have you mojo going for what's next for the rest of the year? >> Yeah, I think a big portion of my enthusiasm for the company and the road ahead is I think it's rare if you look at the industry, oftentimes you see companies that start out with a single solution and then are able to grow from there. One of the best advantages Anitian has is this platform centric approach to do compliance on the journey I talked about. So if you think about that journey every customer that is going to cloud has this challenge that, they either have to comply do a bunch of standards, one or many. And then how do I do that in a platform approach in a common way so that I don't have to worry about it. I play a subscription and I am just protected by that. And I actually get the marketplace. So that's a tremendous journey we are on. We've only done a few of them and we have a whole new set of compliance standards coming on our platform. So that's one way, look forward to that. The other one I'm really looking forward to is the commercial customers. There's a huge opportunity for people to really know that they're sitting on top of a very secure environment in AWS. And how do I quickly propel myself into the marketplace so that I can be differentiated. I can get to market quickly but I can also make sure my innovations are getting to the marketplace as a customer, right? So I think I'm really excited about the things we are bringing to market just not just this year, but next year early next year on the compliance side, as well as the commercial side, that'll actually differentiate us and make it a lasting part of a customer's journey. And that's, I think the best thing you can hope for building a lasting company where your innovations are powering the productivity of your customers in a meaningful manner. And I always feel proud of the team. You mentioned the awards, but honestly more than anything else, we've put together a great team. And the team does a tremendous job with a very good ecosystem of partners. And our humility is it's not just us it's the ecosystem together. And the partnership with Amazon that helps us be the company we are able to be. We live in really story times and we're lucky to be part of this opportunity if you will. >> Yeah better together. That ecosystem is incredibly powerful. Thank you so much Rakesh for talking about what's going on at Anition, how you're helping customers, accelerate FedRAMP compliance, what you're doing in the commercial space and how you're helping your customers really improve their bottom line. We thank you so much for partnering with the Cube for season two, episode four of the AWS startup showcase. >> My pleasure. Thank you very much. >> And we want to thank you for watching but keep it right here for more action on the Cube which as you know, is your leader in tech coverage. I'm Lisa Martin. See you next time. (lively music)

(upbeat music) >> Okay, welcome back everyone. CUBE's coverage here in Boston, Massachusetts, AWS re:inforce 22, security conference. It's AWS' big security conference. Of course, theCUBE's here, all the reinvent, reese, remars, reinforced. We cover 'em all now and the summits. I'm John Furrier, my host Dave Vellante. We have IDC weighing in here with their analysts. We've got some great guests here, Jay Bretzmann research VP at IDC and Philip Bues research manager for Cloud security. Gentlemen, thanks for coming on. >> Thank you. >> Appreciate it. Great to be here. >> Appreciate coming. >> Got a full circle, right? (all laughing) Security's more interesting than storage, isn't it? (all laughing) >> Dave and Jay worked together. This is a great segment. I'm psyched that you guys are here. We had Crawford and Matt Eastwood on at HPE Discover a while back and really the data you guys are getting and the insights are fantastic. So congratulations to IDC. You guys doing great work. We appreciate your time. I want to get your reaction to the event and the keynotes. AWS has got some posture and they're very aggressive on some tones. Some things that we didn't hear. What's your reaction to the keynote? Share your assessment. >> So, you know, I manage two different research services at IDC right now. They are both Cloud security and identity and digital security, right? And what was really interesting is the intersection between the two this morning, because every one of those speakers that came on had something to say about identity or least privileged access, or enable MFA, or make sure that you control who gets access to what and deny explicitly. And it's always been a challenge a little bit in the identity world because a lot of people don't use MFA. And in RSA, that was another big theme at the RSA conference, MFA everywhere. Why don't they use it? Because it introduces friction and all of a sudden people can't get their jobs done. And the whole point of a network is letting people on to get that data they want to get to. So that was kind of interesting, but as we have in the industry, this shared responsibility model for Cloud computing, we've got shared responsibility for between Philip and I. (Philip laughing) I have done in the past more security of the Cloud and Philip is more security in the Cloud. >> So yeah. >> And now with Cloud operation Super Cloud, as we call it, you have on premises, private Cloud coming back, or hasn't really gone anywhere, all that on premises, Cloud operations, public Cloud, and now edge exploding with new requirements. It's really an ops challenge right now. Not so much dev. So the sec and op side is hot right now. >> Yeah, well, we've made this move from monolithic to microservices based applications. And so during the keynote this morning, the announcement around the GuardDuty Malware Protection component, and that being built into the pricing of current GuardDuty, I thought was really key. And there was also a lot of talk about partnering in security certifications, which is also so very important. So we're seeing this move towards filling in that talent gap, which I think we're all aware of in the security industry. >> So Jake, square the circle for me. So Kirk Coofell talked about Amazon AWS identity, where does AWS leave off, and companies like Okta or Ping identity or Cybertruck pickup, how are they working together? Does it just create more confusion and more tools for customers? We know the overused word of seamless. >> Yeah, yeah. >> It's never seamless, so how should we think about that? >> So, identity has been around for 35 years or something like that. Started with the mainframes and all that. And if you understand the history of it, you make more sense to the current market. You have to know where people came from and the baggage they're carrying, 'cause they're still carrying a lot of that baggage. Now, when it comes to the Cloud Service providers, they're more an accommodation from the identity standpoint. Let's make it easy inside of AWS to let you single sign on to anything in the Cloud that they have, right? Let's also introduce an additional MFA capability to keep people safer whenever we can and provide people with tools, to get into those applications somewhat easily, while leveraging identities that may live somewhere else. So there's a whole lot of the world that is still active, directory-centric, right? There's another portion of companies that were born in the Cloud that were able to jump on things like Okta and some of the other providers of these universal identities in the Cloud. So, like I said, if you understand where people came from in the beginning, you start to say, "Yeah, this makes sense." >> It's interesting you talk about mainframe. I always think about Rack F, you know. And I say, "Okay, who did what, when, where?" And you hear about a lot of those themes. So what's the best practice for MFA, that's non-SMS-based? Is it you got to wear something around your neck, is it to have sort of a third party authenticator? What are people doing that you guys would recommend? >> Yeah, one quick comment about adoption of MFA. If you ask different suppliers, what percent of your base that does SSO also does MFA, one of the biggest suppliers out there, Microsoft will tell you it's under 25%. That's pretty shocking. All the messaging that's come out about it. So another big player in the market was called Duo, Cisco bought them. >> Yep. >> And because they provide networks, a lot of people buy their MFA. They have probably the most prevalent type of MFA, it's called Push. And Push can be a red X and a green check mark to your phone, it can be a QR code, somewhere, it can be an email push as well. So that is the next easiest thing to adopt after SMS. And as you know, SMS has been denigrated by NIST and others saying, it's susceptible to man and middle attacks. It's built on a telephony protocol called SS7. Predates anything, there's no certification either side. The other real dynamic and identity is the whole adoption of PKI infrastructure. As you know, certificates are used for all kinds of things, network sessions, data encryption, well, identity increasingly. And a lot of the consumers and especially the work from anywhere, people these days have access through smart devices. And what you can do there, is you can have an agent on that smart device, generate your private key and then push out a public key and so the private key never leaves your device. That's one of the most secure ways to- >> So if our SIM card gets hacked, you're not going to be as vulnerable? >> Yeah, well, the SIM card is another challenge associated with the older ways, but yeah. >> So what do you guys think about the open source connection and they mentioned it up top. Don't bolt on security, implying shift left, which is embedding it in like sneak companies, like sneak do that. Very container oriented, a lot of Kubernetes kind of Cloud native services. So I want to get your reaction to that. And then also this reasoning angle they brought up. Kind of a higher level AI reasoning decisions. So open source, and this notion of AI reasoning. or AI reason. >> And you see more open source discussion happening, so you have your building maintaining and vetting of the upstream open source code, which is critical. And so I think AWS talking about that today, they're certainly hitting on a nerve, as you know, open source continues to proliferate. Around the automated reasoning, I think that makes sense. You want to provide guide rails and you want to provide roadmaps and you want to have sort of that guidance as to, okay, what's a correlation analysis of different tools and products? And so I think that's going to go over really well, yeah. >> One of the other key points about open source is, everybody's in a multi-cloud world, right? >> Yeah. >> And so they're worried about vendor lock in. They want an open source code base, so that they don't experience that. >> Yeah, and they can move the code around, and make sure it works well on each system. Dave and I were just talking about some of the dynamics around data control planes. So they mentioned encrypt everything which is great and I message by the way, I love that one. But oh, and he mentioned data at rest. I'm like, "What about data in flight? "Didn't hear that one." So one of the things we're seeing with SuperCloud, and now multi-cloud kind of as destinations of that, is that in digital transformation, customers are leaning into owning their data flows. >> Yeah. >> Independent of say the control plane aspects of what could come in. This is huge implications for security, where sharing data is huge, even Schmidt on stage said, we have billions and billions of things happening that we see things that no one else sees. So that implies, they're sharing- >> Quad trillion. >> Trillion, 15 zeros. (Jay laughs) >> 15 zeros. >> So that implies they're sharing that or using that pushing that into something. So sharing is huge with cyber security. So that implies open data, data flows. How do you guys see this evolving? I know it's kind of emerging, but it's becoming a nuanced point, that's critical to the architecture. >> Well, yeah, I think another way to look at that is the sharing of intelligence and some of the recent directives, from the executive branch, making it easier for private companies to share data and intelligence, which I think strengthens the cyber community overall. >> Depending upon the supplier, it's either an aggregate level of intelligence that has been anonymized or it's specific intelligence for your environment that everybody's got a threat feed, maybe two or three, right? (John laughs) But back to the encryption point, I mean, I was working for an encryption startup for a little while after I left IBM, and the thing is that people are scared of it. They're scared of key management and rotation. And so when you provide- >> Because they might lose the key. >> Exactly. >> Yeah. >> It's like shooting yourself in the foot, right? So that's when you have things like, KMS services from Amazon and stuff that really help out a lot. And help people understand, okay, I'm not alone in this. >> Yeah, crypto owners- >> They call that hybrid, the hybrid key, they don't know how they call the data, they call it the hybrid. What was that? >> Key management service? >> The hybrid- >> Oh, hybrid HSM, correct? >> Yeah, what is that? What is that? I didn't get that. I didn't understand what he meant by the hybrid post quantum key agreement. >> Hybrid post quantum key exchange. >> AWS never made a product name that didn't have four words in it. (John laughs) >> But he did reference the new NIST algos. And I think I inferred that they were quantum proof or they claim to be, and AWS was testing those. >> Correct, yeah. >> So that was kind of interesting, but I want to come back to identity for a second. So, this idea of bringing traditional IAM and Privileged Access Management together, is that a pipe dream, is that something that is actually going to happen? What's the timeframe, what's your take on that? >> So, there are aspects of privilege in every sort of identity. Back when it was only the back office that used computers for calculations, right? Then you were able to control how many people had access. There were two types of users, admins and users. These days, everybody has some aspect of- >> It's a real spectrum, really. >> Yeah. >> Granular. >> You got the C-suite, the finance people, the DevOps people, even partners and whatever. They all need some sort of privileged access, and the term you hear so much is least-privileged access, right? Shut it down, control it. So, in some of my research, I've been saying that vendors who are in the PAM space, Privilege Access Management space, will probably be growing their suites, playing a bigger role, building out a stack, because they have the expertise and the perspective that says, "We should control this better." How do we do that, right? And we've been seeing that recently. >> Is that a combination of old kind of antiquated systems meets for proprietary hyper scale, or kind of like build your own? 'Cause I mean, Amazon, these guys, Facebook, they all build their own stuff. >> Yes, they do. >> Then enterprises buy services from general purpose identity management systems. >> So as we were talking about knowing the past and whatever, Privileged Access Management used to be about compliance reporting. Just making sure that I knew who accessed what? And could prove it, so I didn't fail at all. >> It wasn't a critical infrastructure item. >> No, and now these days, what it's transitioning into, is much more risk management, okay. I know what our risk is, I'm ahead of it. And the other thing in the PAM space, was really session monitor. Everybody wanted to watch every keystroke, every screen's scrape, all that kind of stuff. A lot of the new Privileged Access Management, doesn't really require that. It's a nice to have feature. You kind of need it on the list, but is anybody really going to implement it? That's the question, right. And then if you do all that session monitoring, does anybody ever go back and look at it? There's only so many hours in the day. >> How about passwordless access? (Jay laughs) I've heard people talk about that. I mean, that's as a user, I can't wait but- >> Well, it's somewhere we want to all go. We all want identity security to just disappear and be recognized when we log in. So the thing with passwordless is, there's always a password somewhere. And it's usually part of a registration action. I'm going to register my device with a username password, and then beyond that I can use my biometrics, right? I want to register my device and get a private key, that I can put in my enclave, and I'll use that in the future. Maybe it's got to touch ID, maybe it doesn't, right? So even though there's been a lot of progress made, it's not quote, unquote, truly passwordless. There's a group, industry standards group called Fido. Which is Fast Identity Online. And what they realized was, these whole registration passwords, that's really a single point of failure. 'Cause if I can't recover my device, I'm in trouble. So they just did new extension to sort of what they were doing, which provides you with much more of like an iCloud vault that you can register that device in and other devices associated with that same identity. >> Get you to it if you have to. >> Exactly. >> I'm all over the place here, but I want to ask about ransomware. It may not be your wheelhouse. But back in the day, Jay, remember you used to cover tape. All the backup guys now are talking about ransomware. AWS mentioned it today and they showed a bunch of best practices and things you can do. Air gaps wasn't one of them. I was really surprised 'cause that's all every anybody ever talks about is air gaps and a lot of times that air gap could be a guess to the Cloud, I guess, I'm not sure. What are you guys seeing on ransomware apps? >> We've done a lot of great research around ransomware as a service and ransomware, and we just had some data come out recently, that I think in terms of spending and spend, and as a result of the Ukraine-Russia war, that ransomware assessments rate number one. And so it's something that we encourage, when we talk to vendors and in our services, in our publications that we write about taking advantage of those free strategic ransomware assessments, vulnerability assessments, as well and then security and training ranked very highly as well. So, we want to make sure that all of these areas are being funded well to try and stay ahead of the curve. >> Yeah, I was surprised to not see air gaps on the list, that's all everybody talks about. >> Well, the old model for air gaping in the land days, the novel days, you took your tapes home and put them in the sock drawer. (all laughing) >> Well, it's a form of air gap. (all laughing) >> Security and no one's going to go there and clean out. >> And then the internet came around and ruined it. >> Guys, final question we want to ask you, guys, we kind of zoom out, great commentary by the way. Appreciate it. We've seen this in many markets, a collection of tools emerge and then there's its tool sprawl. So cyber we're seeing the trend now where mon goes up on stage of all the ecosystems, probably other vendors doing the same thing where they're organizing a platform on top of AWS to be this super platform, for super Cloud capability by building a more platform thing. So we're saying there's a platform war going on, 'cause customers don't want the complexity. I got a tool but it's actually making it more complex if I buy the other tool. So the tool sprawl becomes a problem. How do you guys see this? Do you guys see this platform emerging? I mean tools won't go away, but they have to be easier. >> Yeah, we do see a consolidation of functionality and services. And we've been seeing that, I think through a 2020 Cloud security survey that we released that was definitely a trend. And that certainly happened for many companies over the last six to 24 months, I would say. And then platformization absolutely is something we talk and write about all the time so... >> Couple of years ago, I called the Amazon tool set an erector set because it really required assembly. And you see the emphasis on training here too, right? You definitely need to go to AWS University to be competent. >> It wasn't Lego blocks yet. >> No. >> It was erector set. >> Yeah. >> Very good distinction. >> Loose. >> And you lose a few. (chuckles) >> But still too many tools, right? You see, we need more consolidation. It's getting interesting because a lot of these companies have runway and you look at sale point at stock prices held up 'cause of the Thoma Bravo acquisition, but all the rest of the cyber stocks have been crushed especially the high flyers, like a Sentinel-1 one or a CrowdStrike, but just still M and A opportunity. >> So platform wars. Okay, final thoughts. What do you, think is happening next? What's your outlook for the next year or so? >> So, in the identity space, I'll talk about, Philip can cover Cloud for us. It really is more consolidation and more adoption of things that are beyond simple SSO. It was, just getting on the systems and now we really need to control what you're able to get to and who you are. And do it as transparently as we possibly can, because otherwise, people are going to lose productivity. They're not going to be able to get to what they want. And that's what causes the C-suite to say, "Wait a minute," DevOps, they want to update the product every day. Make it better. Can they do that or did security get in the way? People, every once in a while call security, the Department of No, right? >> They ditch it on stage. They want to be the Department of Yes. >> Exactly. >> Yeah. >> And the department that creates additional value. If you look at what's going on with B2C or CIAM, consumer oriented identity, that is all about opening up new direct channels and treating people like their old friends, not like you don't know them, you have to challenge them. >> We always say, you want to be in the boat together, it sinks or not. >> Yeah. Exactly. >> Philip I'm glad- >> Okay, what's your take? What's your outlook for the year? >> Yeah, I think, something that we've been seeing as consolidation and integration, and so companies looking at from built time to run time, investing in shift left infrastructure is code. And then also in the runtime detection, makes perfect sense to have both the agent and agent lists so that you're covering any of the gaps that might exist. >> Awesome, Jay Phillip, thanks for coming on "theCUBE" with IDC and sharing your- >> Oh, our pleasure- >> Perspective, commentary and insights and outlook. Appreciate it. >> You bet. >> Thank you. >> Okay, we've got the great direction here from IDC analyst here on the queue. I'm John Furrier, Dave Vellante. Be back more after this short break. (bright upbeat music)

>>Okay, welcome back everyone. Cube's coverage here in Boston, Massachusetts, AWS reinforced 22, the security conference. It's ADOS big security conference. Of course, the cubes here, all the reinvent res re Mars reinforce. We cover 'em all now and the summits. I'm John. Very my host, Dave ante have IDC weighing in here with their analysis. We've got some great guests here, Jay Brisbane, research VP at IDC and Philip who research managed for cloud security. Gentlemen, thanks for coming on. Thank you. Appreciate it. Great >>To, to be here. I appreciate the got the full >>Circle, right? Just, security's more interesting >>Than storage. Isn't it? >>Dave, Dave and Jay worked together. This is a, a great segment. I'm psyched that you guys are here. We had Crawford and Matt Eastwood on at HPE discover a while back and really the, the, the data you guys are getting and the insights are fantastic. So congratulations to IDC. You guys doing great work. We appreciate your time. I wanna get your reaction to the event and the keynotes. AWS has got some posture and they're very aggressive on some tones. Some things that they didn't, we didn't hear. What's your reaction to the keynote, share your, your assessment. >>So, you know, I managed two different research services at IDC right now. They are both cloud security and identity and, and digital security. Right. And what was really interesting is the intersection between the two this morning, because every one of those speakers that came on had something to say about identity or least privileged access, or, you know, enable MFA, or make sure that you, you know, control who gets access to what and deny explicitly. Right? And it's always been a challenge a little bit in the identity world because a lot of people don't use MFA. And in RSA, that was another big theme at the RSA conference, right? MFA everywhere. Why don't they use it because it introduces friction and all of a sudden people can't get their jobs done. Right. And the whole point of a network is letting people on to get that data they want to get to. So that was kind of interesting, but, you know, as we have in the industry, this shared responsibility model for cloud computing, we've got shared responsibility for between Philip and I, I have done in the ke past more security of the cloud and Philip is more security in the cloud, >>So yeah. And it's, and now with cloud operation, super cloud, as we call it, you have on premises, private cloud coming back, or hasn't really gone anywhere, all that on premises, cloud operations, public cloud, and now edge exploding with new requirements. Yeah. It's really an ops challenge right now. Not so much dev. So the sick and op side is hot right now. >>Yeah. Well, we've made this move from monolithic to microservices based applications. And so during the keynote this morning, the announcement around the guard duty malware protection component, and that being built into the pricing of current guard duty, I thought was, was really key. And there was also a lot of talk about partnering in security certifications. Yeah. Which is also so very important. So we're seeing this move towards filling in that talent gap, which I think we're all aware of in the security industry. >>So Jake square, the circle for me. So Kirk, Coel talked about Amazon AWS identity, where does AWS leave off and, and companies like Okta or ping identity or crock pickup, how are they working together? Does it just create more confusion and more tools for customers? We, we have, we know the over word overused word of seamless. Yeah. Yeah. It's never seamless. So how should we think about that? >>So, you know, identity has been around for 35 years or something like that started with the mainframes and all that. And if you understand the history of it, you make more sense to the current market. You have to know where people came from and the baggage they're carrying, cuz they're still carrying a lot of that baggage. Now, when it comes to the cloud service providers, they're more an accommodation from the identity standpoint, let's make it easy inside of AWS to let you single sign on to anything in the cloud that they have. Right. Let's also introduce an additional MFA capability to keep people safer whenever we can and, you know, provide people the tools to, to get into those applications somewhat easily, right. While leveraging identities that may live somewhere else. So, you know, there's a whole lot of the world that is still active directory centric, right? There's another portion of companies that were born in the cloud that were able to jump on things like Okta and some of the other providers of these universal identities in the cloud. So, you know, like I said, you, if you understand where people came from in the beginning, you start to, to say, yeah, this makes sense. >>It's, it's interesting. You talk about mainframe. I, I always think about rack F you know, and I say, okay, who did what, when, where, yeah. And you hear about a lot of those themes. What, so what's the best practice for MFA? That's, that's non SMS based. Is it, you gotta wear something around your neck, is it to have sort of a third party authenticator? What are people doing that is that, that, that you guys would recommend? >>Yeah. One quick comment about adoption of MFA. You know, if you ask different suppliers, what percent of your base that does SSO also does MFA one of the biggest suppliers out there Microsoft will tell you it's under 25%. That's pretty shocking. Right? All the messaging that's come out about it. So another big player in the market was called duo. Cisco bought them. Yep. Right. And because they provide networks, a lot of people buy their MFA. They have probably the most prevalent type of MFA it's called push. Right. And push can be, you know, a red X and a green check mark to your phone. It can be a QR code, you know, somewhere, it can be an email push as well. So that is the next easiest thing to adopt after SMS. And as you know, SMS has been denigrated by N and others saying, you know, it's susceptible to man and middle attacks. >>It's built on a telephony protocol called SS seven. Yep. You know, predates anything. There's no certification, either side. The other real dynamic and identity is the whole adoption of PKI infrastructure. As you know, certificates are used for all kinds of things, network sessions, data encryption, well identity increasingly, and a lot of the, you know, consumers and especially the work from anywhere, people these days have access through smart devices. Right. And what you can do there is you can have an agent on that smart device, generate your private key and then push out a public key. And so the private key never leaves your device. That's one of the most secure ways to, so if your >>SIM card gets hacked, you're not gonna be as at vulnerable >>Or as vulnerable. Well, the SIM card is another, you know, challenge associated with the, the older waste. But yeah. Yeah. >>So what do you guys think about the open source connection and, and they, they mentioned it up top don't bolt on security implying shift left, which is embedding it in like sneak companies, like sneak do that, right. Container oriented, a lot of Kubernetes kind of cloud native services. So I wanna get your reaction to that. And then also this reasoning angle, they brought up kind of a higher level AI reasoning decisions. So open source and this notion of AI reasoning >>Automation. Yeah. And, and you see more open source discussion happening, right. So you, you know, you have your building maintaining and vetting of the upstream open source code, which is critical. And so I think AWS talking about that today, they're certainly hitting on a nerve as, you know, open source continues to proliferate around the automated reasoning. I think that makes sense. You know, you want to provide guiderails and you want to provide roadmaps and you wanna have sort of that guidance as to okay. What's the, you know, a correlation analysis of different tools and products. And so I think that's gonna go over really well. >>Yeah. One of the other, you know, key points of what open source is, everybody's in a multi-cloud world, right? Yeah. And so they're worried about vendor lockin, they want an open source code base so that they don't experience that. >>Yeah. And they can move the code around and make sure it works well on each system. Dave and I were just talking about some of the dynamics around data control planes. So yeah. They mentioned encrypt everything, which is great. And I message, by the way, I love that one, but oh. And he mentioned data at rest. I'm like, what about data in flight? Didn't hear that one. So one of the things we're seeing with super cloud, and now multi-cloud kind of, as destinations of that, is that in digital transformation, customers are leaning into owning their data flows. >>Yeah. >>Independent of say the control plane aspects of what could come in. This is huge implications for security, where sharing data is huge. Even Schmidt on Steve said we have billions and billions of things happening that we see things that no one else else sees. So that implies, they're >>Sharing quad trillion, >>Trillion, 15 zeros trillion. Yeah. 15 >>Zeros, 15 zeros. Yeah. >>So that implies, they're sharing that or using that, pushing that into something. So sharing's huge with cyber security. So that implies open data, data flows. What do, how do you guys see this evolving? I know it's kind of emerging, but it's becoming a, a nuanced point that's critical to the architecture. >>Well, I, yeah, I think another way to look at that is the sharing of intelligence and some of the recent directives, you know, from the executive branch, making it easier for private companies to share data and intelligence, which I think strengthens the cyber community overall, >>Depending upon the supplier. Right? Yeah. It's either an aggregate level of intelligence that has been, you know, anonymized or it's specific intelligence for your environment that, you know, everybody's got a threat feed, maybe two or three, right. Yeah. But back to the encryption point, I mean, I was working for an encryption startup for a little while. Right after I left IBM. And the thing is that people are scared of it. Right. They're scared of key management and rotation. And so when you provide, >>Because they might lose the key. >>Exactly. Yeah. It's like shooting yourself in the foot. Right. So that's when you have things like, you know, KMS services from Amazon and stuff, they really help out a lot and help people understand, okay, I'm not alone in this. >>Yeah. Crypto >>Owners, they call that hybrid, the hybrid key, they call the, what they call the, today. They call it the hybrid. >>What was that? The management service. Yeah. The hybrid. So hybrid HSM, correct. >>Yeah. What is that? What is that? I didn't, I didn't get that. I didn't understand what he meant by the hybrid post hybrid, post quantum key agreement. Right. That still notes >>Hybrid, post quantum key exchange, >>You know, AWS never made a product name that didn't have four words in it, >>But he did, but he did reference the, the new N algos. And I think I inferred that they were quantum proof or the claim it be. Yeah. And AWS was testing those. Correct. >>Yeah. >>So that was kind of interesting, but I wanna come back to identity for a second. Okay. So, so this idea of bringing traditional IAM and, and privilege access management together, is that a pipe dream, is that something that is actually gonna happen? What's the timeframe, what's your take on that? >>So, you know, there are aspects of privilege in every sort of identity back when, you know, it was only the back office that used computers for calculations, right? Then you were able to control how many people had access. There were two types of users, admins, and users, right? These days, everybody has some aspect of, >>It's a real spectrum, really >>Granular. You got the, you know, the C suite, the finance people, the DevOps, people, you know, even partners and whatever, they all need some sort of privileged access. And the, the term you hear so much is least privileged access. Right? Shut it down, control it. So, you know, in some of my research, I've been saying that vendors who are in the Pam space privilege access management space will probably be growing their suites, playing a bigger role, building out a stack because they have, you know, the, the expertise and the, and the perspective that says we should control this better. How do we do that? Right. And we've been seeing that recently, >>Is that a combination of old kind of antiquated systems meets for proprietary hyperscale or kind of like build your own? Cause I mean, Amazon, these guys, they Facebook, they all build their own stuff. >>Yes. They >>Do enterprises buy services from general purpose identity management systems. >>So as we were talking about, you know, knowing the past and whatever privileged access management used to be about compliance reporting. Yeah. Right. Just making sure that I knew who accessed what and could prove it. So I didn't fail in art. It wasn't >>A critical infrastructure item. >>No. And now these days, what it's transitioning into is much more risk management. Okay. I know what our risk is. I'm ahead of it. And the other thing in the Pam space was really session monitor. Right. Everybody wanted to watch every keystroke, every screen's scrape, all that kind of stuff. A lot of the new privilege access Mon management doesn't really require that it's nice to have feature. You kind of need it on the list, but is anybody really gonna implement it? That's the question. Right. And then, you know, if, if you do all that session monitor, does anybody ever go back and look at it? There's only so many hours in the day. >>How about passwordless access? You know? Right. I've heard people talk about that. Yeah. I mean, that's as a user, I can't wait, but >>It's somewhere we want to all go. Yeah. Right. We all want identity security to just disappear and be recognized when we log in. So the, the thing with password list is there's always a password somewhere and it's usually part of a registration, you know, action. I'm gonna register my device with a username password. And then beyond that, I can use my biometrics. Right. I wanna register my device and get a private key that I can put in my enclave. And I'll use that in the future. Maybe it's gotta touch ID. Maybe it doesn't. Right. So even though there's been a lot of progress made, it's not quote unquote, truly passwordless, there's a group industry standards group called Fido. Right. Which is fast identity online. And what they realized was these whole registration passwords. That's really a single point of failure. Cuz if I can't recover my device, I'm in trouble. Yeah. So they just did a, a new extension to sort of what they were doing, which provides you with much more of a, like an iCloud vault, right. That you can register that device in and other devices associated with that same iPad that you can >>Get you to it. If you >>Have to. Exactly. I had >>Another have all over the place here, but I, I want to ask about ransomware. It may not be your wheelhouse. Yeah. But back in the day, Jay, remember you used to cover tape. All the, all the backup guys now are talking about ransomware. AWS mentioned it today and they showed a bunch of best practices and things you can do air gaps. Wasn't one, one of 'em. Right. I was really surprised cuz that's all, every anybody ever talks about is air gaps. And a lot of times that air gaps that air gap could be a guess to the cloud. I guess I'm not sure. What are you guys seeing on ransomware >>Apps? You know, we've done a lot of great research around ransomware as a service and ransomware and, and you know, we just had some data come out recently that I think in terms of spending and, and spend and in as a result of the Ukraine, Russia war, that ransomware assessments rate number one. And so it's something that we encourage, you know, when we talk to vendors and in our services, in our publications that we write about taking advantage of those free strategic ransomware assessments, vulnerability assessments, right. As well, and then security and training ranked very highly as well. So we wanna make sure that all of these areas are being funded well to try and stay ahead of the curve. >>Yeah. I was surprised that not the air gaps on the list, that's all everybody >>Talks about. Well, you know, the, the old model for air gaping in the, the land days, the Noel days, you took your tapes home and put 'em in the sock drawer. >>Well, it's a form of air gap security and no one's gonna go there >>Clean. And then the internet came around >>Guys. Final question. I want to ask you guys, we kind zoom out. Great, great commentary by the way. Appreciate it. As the, we've seen this in many markets, a collection of tools emerge and then there's it's tool sprawl. Oh yeah. Right? Yeah. So cyber we're seeing trend now where Mon goes up on stage of all the E probably other vendors doing the same thing where they're organizing a platform on top of AWS to be this super platform. If you super cloud ability by building more platform thing. So we're saying there's a platform war going on, cuz customers don't want the complexity. Yeah. I got a tool, but it's actually making it more complex if I buy the other tool. So the tool sprawl becomes a problem. How do you guys see this? Do you guys see this platform emerging? I mean, tools won't go away, but they have to be >>Easier. Yeah. We do see a, a consolidation of functionality and services. And we've been seeing that, I think through a 20, 20 flat security survey that we released, that that was definitely a trend. And you know, that certainly happened for many companies over the last six to 24 months, I would say. And then platformization absolutely is something we talk 'em right. About all the time. So >>More M and a couple of years ago, I called the, the Amazon tool set in rector set. Yeah. Because it really required assembly. Yeah. And you see the emphasis on training here too, right? Yeah. You definitely need to go to AWS university to be competent. It >>Wasn't Lego blocks yet. No, it was a rector set. Very good distinction rules, you know, and, and you lose a few. It's >>True. Still too many tools. Right. You see, we need more consolidation. That's getting interesting because a lot of these companies have runway and you look, you look at sale point, its stock prices held up cuz of the Toma Bravo acquisition, but all the rest of the cyber stocks have been crushed. Yeah. You know, especially the high flyers, like a Senti, a one or a crowd strike, but yeah, just still M and a opportunity >>Itself. So platform wars. Okay. Final thoughts. What do you thinks happening next? What's what's your outlook for the, the next year or so? >>So in the, in the identity space, I'll talk about Phillip can cover cloud force. You know, it really is more consolidation and more adoption of things that are beyond simple SSO, right. It was, you know, just getting on the systems and now we really need to control what you're able to get to and who you are and do it as transparently as we possibly can because otherwise, you know, people are gonna lose productivity, right. They're not gonna be able to get to what they want. And that's what causes the C-suite to say, wait a minute, you know, DevOps, they want to update the product every day. Right. Make it better. Can they do that? Or did security get in the way people every once in a while I'll call security, the department of no, right? Yeah. Well, >>Yeah. They did it on stage. Yeah. They wanna be the department of yes, >>Exactly. And the department that creates additional value. If you look at what's going on with B to C or C IAM, consumer identity, that is all about opening up new direct channels and treating people like, you know, they're old friends, right. Not like you don't know 'em you have to challenge >>'em we always say you wanna be in the boat together. It sinks or not. Yeah. Right. Exactly. >>Phillip, >>Okay. What's your take? What's your outlook for the year? >>Yeah. I think, you know, something that we've been seeing as consolidation and integration, and so, you know, companies looking at from built time to run time investing in shift left infrastructure is code. And then also in the runtime detection makes perfect sense to have both the agent and agentless so that you're covering any of the gaps that might exist. >>Awesome. Jerry, Phillip, thanks for coming on the queue with IDC and sharing >>Your oh our pleasure perspective. >>Commentary, have any insights and outlook. Appreciate it. You bet. Thank you. Okay. We've got the great direction here from IDC analyst here on the queue. I'm John for a Dave, we're back more after this shirt break.