>> Live from Barcelona, Spain, it's theCUBE! Covering Cisco Live! Europe, brought to you by Cisco and its ecosystem partners. >> Hey, welcome back everyone. We're live here in Barcelona, Spain, theCUBE's coverage of Cisco Live! Europe 2019. I'm John Furrier, Stu Miniman, and Dave Vellante all here this week getting all the action. Our next guests is Ron Sterbenz who's the marketing manager of Stealthwatch Cloud. Formerly is part of the acquisition the original team of observable networks. >> Correct, that's a good one. >> A small startup that was bought by Cisco in 2017. Now you're in the big company. Key part of the portfolio and security and cloud. Welcome to the cube again. Good to see you. >> Thank you John. >> So what's going on in Europe? What are the big trends obviously you here in Barcelona its a mirror, Europe, Middle east, Africa, and Russia. >> Yup. A lot of compliance, a lot of regulated industries across the board. >> Yup. >> A lot of security concerns, a lot of privacy concerns. >> That's right. >> Security is at the center of the values in the Cisco network approach. >> Yup. You know as of last year we were down in the front of this of the event. And I would say that traffic was pretty good. Now we're in the back, we're seeing a lot more interest, we're seeing actual customers come up, subscribers to our product, and service say "I've been with you now for a year, what's new?" So its nice to see that, that we didn't have right after the acquisition, which was where we were last year. >> So, in Europe, what are some of the trends, what's resonating? >> Kubernetes You know, you guys were out at KubeCon, for us that was a great show, lot of interesting kubernetes, and we're seeing the same thing here in the base, as well as the Cisco solution for it. >> And the definite zone which we're in has all these classrooms, I got to say, right next to us is Classroom One, the kubernetes session yesterday, >> Mhmm >> Was overflowing into our set. >> Yeah. >> Why don't we explain a little bit, what's exciting people about Kubernetes, do you have any guidance as to, you know, who they're using, cause I think back a year ago, a lot of the customers I talked to, they were like, building their own. Is kubernetes the hard way, as opposed to today, you know, Cisco's got a solution, you've got deep partnership with AWS, with Google and the like, so, yeah. >> We're seeing it all across the board. Lot of folks using Amazon to do it, we would always teach customers... Google was a natural for it, we are actually having customers come up to say, We're using the Cisco platform for it. So, for us it's the whole breath. What's also nice about it is we really simplify the deployment for kubernetes, so it doesn't matter whether any of those environments are going to be used from a security perspective. Real easy to inject it into the kubernetes environments, expand and contract, and feed the security solution that we offer. So, again, what's also really nice is the multi-cloud, so whether it's kubernetes, a little bit of AWS on the web servers, a little bit of the on PREM, any of the other Cisco kind of compute platforms, all of that data is coming in. >> I wonder if, when you look at security, it felt like a few years ago we got over the hump of the public cloud can be secure, but one of the challenges I have is if I'm in a multi-cloud environment, security is different in every one of those, so I've got different skill sets I have to match then, how are you helping customers? How are they sorting through that? >> Yeah, and then the other part of it is, they're used to what they would see on PREM in a physical network. So, by doing what we do into the cloud, allows the customer to have that traditional security perspective across all those environments of things that they're used to. So, if you look at it from the automation and simplicity, that's a great value prop. The other one that's a really interesting value prop is, I don't want to have to normalize for every data feed and element that comes out of those clouds, so, by for us doing it across all of our portfolio, when a feed changes with AWS, we're normalizing it and bringing it in as a security perspective for the customer, so you basically outsource a lot of the easy or hard lift of modifying those particular feeds into our solution or service. >> Talk about the cloud center service that you guys have as a suite now, gives a variety of, mentioned portfolio, certainly securities in there, stealth watch cloud, you mentioned kubernetes, you can't look at without containers being part of that, you've got the Cisco container service, Google and AWS, how do you guys fit into that? What's the key Stealthwatch Cloud value proposition? >> Yeah, so there is a reference architecture that Cisco has put out where we look at ACI anywhere, we look at the container platform, security on the top of it, we're able to integrate in other solutions, we're seeing a lot more interest in SD-WAN part of the house, being able to, again, simplify the security for all of those infrastructures back, so that's a really nice reference for architecture to go into an environment and try to leverage the whole portfolio for simplicity, broader breadth and depth. >> What are some of the conversations you're having with the customers around multi-cloud? Do they come in and say, Okay, give me some of that Stealthwatch Cloud, or, how do I architect it in, how does it fit in, what are some of those customer conversations? What do they look like? >> Well, the first one is simplicity, how difficult is this to do, how broad can I put it in a solution, and will it really do what you're forecasting or saying it will, with this thing called Endpoint Modeling, or Entity Modeling. What we also encourage free trial, so we allow customers to use the full service across all of those platforms, go as broad as they want during that trial period, and we prove out the value prop, in other words, you're able to see these devices in the real time, devices that you're normal and familiar with, the ability to again, to expand and contract in kubernetes, and see those whether you put an Apache server on a node, and that's the way it performs, and you expand out and get six of those, they will perform exactly the same way, and the expectation is that they will. But what we do in the demos in the booth is show the customer how easy it is to do that, and then encourage them to do it with their own environment in a trial, and that's where we solidify the customer into a sale. Into an ongoing subscriber. >> So, Ron, it's been interesting to watch this, we've got a lot of background and history with Cisco. Your solution, you're in the AWS marketplace, they buy you software, in the Google marketplace it's not boxes and that model, talk about how it's been coming into Cisco now, and kind of the go to market, how that, you know, we're watching a lot of Cisco change to go more towards where you were pre acquisition, even, so, how's that dynamic changing? >> We went from a team of 14, I think we're up to 21, 22 now, and then we've got the other partnership, our brothers and sisters of 70 thousand people, so it is one influencing that product, plus all the partners, and then getting them to encourage them to sell, the ability to sell on Cisco GPL, also the ability to transact, and Cisco is really supportive of whatever the customer wants to be, whether that's AWS, Azure, AWS marketplace, very easy to do a transaction there, and at the same time, we don't lose any of the internal compensation for Cisco employees or Cisco salers, so that's really nice, and it's simple for our customer. >> As you move from being a startup, which is nimble, you guys are small, you're in the front lines, you come into Cisco, what was your impression about how Cisco's portfolio was coming together, and where is it now, almost one year later, coming up on your one year anniversary >> Yeah, I think you can see that in the floor space here when you look at cloud. So, the first year that we were here, we were included in that whole piece, probably lighter traffic. This year we're seeing a lot more people with the interest in cloud, I think next year you will see more Cisco sellers, partners, buyers in that space, asking about what's coming next, I mean we're getting MSPs this year to say, Look, we're trying to do a kubernetes practice, is there a way that we can attach a security perspective to that? In a multi-tennancy, servicing our customers, being able to do the mediation, and we are and I don't think that's a conversation we had last year. >> Take a minute to explain, simply, the story for multi-cloud for Cisco from a security perspective. How would you describe to someone the multi-cloud story from Cisco? What is it? Take a minute to explain that. >> The multi-cloud story for Cisco for security is the ability to see and leverage intelligence, actionable insight across any one of those platforms. Normalizing it, bring it in, show me the interaction, whether that customer is sitting on a Cisco network, or this customer's sitting at the end point, outside of a web server on AWS. What can I see across that, what are my expectations of that interaction? >> Susie Wee was on yesterday, she's the champion of DevNet, this whole DevNet zone where we're located, lot of energy, lot of developers, Cisco app dynamics, which brings that app perspective, as the network becomes programmable, and you see the rise of kubernetes, great indicator that you mentioned that earlier, how should customers think about programmability with the security paradigm that's put forth from Cisco today? What's the guiding principals, what are some of the strategies they should take, what's your view on that? >> Intelligence and interoperability. So, whether we're looking at like an ICE integration, or a crypto threat analytics, or any of the other services that Cisco puts together, bringing all that intelligence back in, and putting it into usable fashion. Simplicity of integrating the products and suites services. >> Service providers you mentioned before, they're used to programmability, what I've seen over the last few years is they're embracing the multi-cloud message before. Five years ago it was, Oh my god, that's the enemy, I need to fight against them, now they're direct connecting into a lot of these public clouds, they're figuring out what of their services they keep vs offering services to customer and pass them through, seems like a great opportunity for you to help them expand, especially their security footprint across those environments. >> It definitely is. The ability for a customer to say, Hey, what is my real value at in this vs the pipe and the mechanics from behind the scene, so for us we focus on what we do really well, we allow our partners, look if you're going to do remediation, if you're going to do deployments into the web front end, or new applications, if you're going to look at portability across cube environments, whatever the cost benefit or ratio is, we let them focus on that, and we take the back end processing, which is the back end processing of alerts, back end processing of what we call observations, simplicity of bringing on partners for MSPs, and servicing 'em. >> I want to get your thoughts on a quote we heard on theCUBE yesterday from a practitioner, talking about multi-cloud, and cloud in general, as people move to SAS models and cloud, they don't really own the equipment, the quote was, "IT doesn't own the equipment, but owns the outcome." So the operating models changing a little bit, okay, I buy that, makes sense to me, and the quote was, "It moves from find and fix, to get evidence and escalate." How to handle the data becomes the core issue. Security data's a super important part of it, can you comment on your reaction to that quote, the positioning, cause certainly cloud is a rent vs buy, that's classic, you've still got the on premise, but security's dealing across the holistic environment where data and escalating, sharing data, big part of it, what's your thoughts on the role, how to handle the data? >> Well, if you look at security and look at SAS, what is our role? Our role is to normalize that data and be responsive every time a change is made in a cloud platform. The other thing what's great about a SAS service is upgrading, right, so upgrading is updates and everything else that comes at you from a security perspective, SAS is best to handle that, because we are looking at that, we're providing updates as well as changes to our platform almost daily, we publish that back to the customers, and as a subscriber, you don't renew if you're not happy. So, it continually puts us on the forefront of saying, look, we've got to innovate, we've got to be responsive to the customer, we've got to be able to address any other kind of... And it isn't always just malware or something that goes wrong, it could also be malfunction, it could also be left over assets that are sitting in AWS environment, or LAM defunctions that go awry, so we have multiple ways of providing value to the customer on those infastructures. >> Lot of moving parts, dependencies could be, >> That's right. >> We could move the availability zone, have some dependencies across the network, lot of things (laughs) at play here. >> Right, and what's really good about Stealthwatch Cloud is from the back end of it we're sitting out and addressing that, we're trying to put a human's touch to what we would find in an alert, and what would be important to a customer, and how we drive that value. >> So, Ron, we know that security's always an ongoing journey, so there's no end to where you need to go, you mentioned LAM defunctions, serverless something that your team's involved in, or are there other areas that we should be looking for throughout 2019 for some to maturation. >> I think there is, but I don't... As far as the road map goes, there's always integration, look, integration with Meraki, integration with other Cisco products, and the same thing goes with any other, I had just finished a meeting with Google about, what other data elements can we get to enrich that security perspective from Google, that would be the exact same thing with AWS functions, the team will look at all of those feeds, which ones are relative to things that we can provide from a security perspective, or generate value to the customer and integrate those first. >> This highlights the operating model for Cisco as a company, you mentioned Google, Amazon, these are real integrations, these are real partnerships, deep, meaningful, technical relationships. Share some insight into how that's going. >> There's a lot. There's always a lot from each of those platforms, so you do have to kind of pick and choose as to what you're going to address, I'm sure all of us on the team that are in the forefront of selling are saying, What about this? What about that? Can we incorporate it? >> Worth the backlog >> It's difficult, but, I would also say what's really big here in Europe is Azure. That's a real big potential customer base to address as well. >> We talked to the DNA center platform guys, and they're like, the backlog is huge and we're just going to work the backlog, to your point about SAS, you knock these things down one at a time, you go get you, prioritize, do the classic product management. But Ron, thanks for coming on, really appreciate the insight, final minute, just give a plug for what's going on at Stealthwatch Cloud. What are some of the highlights, what are some of the things you guys are promoting, what's the good news? Share with us. >> I would say probably the best news is adding all the cloud platforms, being able to truly be a multi-cloud story. Integration with other Cisco products that are coming in the forefront that we'll be announcing at other events, throughout I think RSA we've got some other announcements coming out, so if you'll be there, and then the part that we keep hitting home is meeting with the sales teams, starting the trial, and allowing us to kind of prove out the value of the product and service. >> Security portfolios expand, you get Tetracia and SAS coming around the corner, a lot of other interesting things happening in the Cisco world. >> Duo. >> Hey, thanks for coming on, we're here inside theCUBE in Barcelona, Spain for Cisco Live Europe, I'm John Furrier, stay with us for more Day Three coverage, after this short break.