>> from our studios in the heart of Silicon Valley. HOLLOWAY ALTO, California It is a cube conversation. >> Hi, and welcome to the Cube studios for another cube conversation where we go in depth with thought leaders driving innovation across the tech industry. I'm your host today, Peter Boris. One of the biggest challenges that every enterprise faces is how best to focus attention on the most important assets that are driving or facilitating that drive the digital business and digital business transformation. There's been a lot of emphasis over the last 50 years in tech on the hardware assets, but increasingly we need to look at the elements of it that are actually creating net new value within a business now, maybe the people, the services and the data that make digital business possible. And that requires that we rethink our approach is to how we actually manage, conceive of and monitor those key assets and is likely to lead to some very interesting unification Tze over the next few years, especially in SEC ups and neck cops now and have that conversation got a great guest today. Sanjay Moon. She is the vice president, product management, that net scout Technologies. Sanjay, welcome to the >> Cube. Thank you, Peter. Thank you. >> So, Sanjay, I said a lot upfront. But before we get into that, tell us a little bit about Net Scout. >> Thank you, Peter, for the introduction. Net Scout is a smart data company. Net Scout has three decades of leadership and innovation in troubleshooting monitoring and securing it based networks. We are deployed in 90% off the Fortune 500 companies and 90% off the top communication service providers. World White. We have 50% market teacher In each of the three segments that we playing. Where is the next biggest competitor? We have has less than 5%. Those three areas are number one network and application performance monitoring for hybrid cloud infrastructure for enterprises, D does and on security for enterprise and service providers and service assurance for service providers, which includes mobile operators, cable providers as well as I speak. Today we operate in 50 plus countries worldwide. We have 25 100 plus employees and 500 plus pattern store credit. >> Impressive story. Let's get right to the issue, though, and how Net scout is actually participating in some of these crucial transformations. I mentioned upfront that one of the biggest challenges that every enterprise has is to focus Maura their attention on those digital assets that are actually driving change and new sources of value named of the data, the services and the devices and the people, the applications or people that use those. So one >> of >> the challenges that we've had is that, ah, focus on devices leads to a focus on certain classes of data that are mainly improved or focus on improving the productivity of devices. Give us a background and how that's what that means. >> Let me in to do the concept of smart data that's that's born out ofthe nets, calibrated with smart data. Next called Pioneer. The leverage off Wired ate our package data three decades back that drives over ingenious portfolio that drives net ops and cloud tops. S i r. Adapt to service intelligence. This is a smart data that comes out ofthe packets with S I smart data. We uniquely converge application and network performance monitoring you are customers Toro visibility across application tears and two and networks and diverse data center locations. >> So just toe pick up on that moving away from a log focus, which is again mainly, Let's improve the productivity of the device. We're moving in a sigh, which is focus on Let's improve the productivity of the connection in the application. >> Absolutely absolute. And we'll talk a little bit more about long. Let's talk about Log and Net flew other sources of data that folks have gravitated towards, which is not there, not there, not authority to by any means. Let's say log data, for example, this log data, you know, as soon as a threat actor, for example, gets access to your systems. The first thing the protector will do is to turn off flogging are doing verse changed the log days, change the cyst, log messaging itself. Let's take a look at net flow data. For example, Net flow data number one Problem is, it's not Doesn't have layers. Seven. Intelligence, innit? Number two. It's not generated by all the devices in the network. For example, the Coyote devices do not generate any kind of flow data, so only data that authoritative and that comes with high fidelity is packet or wire data. That's one element off of smart data that we have the other element of smart data comes from our arbor portfolio. Arbor products are deployed in 400 plus tier one operators, mobile operators and service providers worldwide. And as such, we see 1/3 of the Internet traffic to our strategically located. Sensors in the service provider corps were able to generate another type of smart data that we call Atlas Intelligence feed R A F in sharp air for it. Plus intelligence Feed essentially tracks cyber reputation across domains across joe locations and across user identities. The combination of the A S I smart data that is generated from the core of the hybrid cloud infrastructure. Let's call it intranet and F Smart data that is generated from the Internet Corps gives Net Scout a unique data set combination that's unparalleled in the marketplace and makes us perhaps Lee, one of the food vendors who can drive a consolidated visibility architectures across net ops, cloud ups and second >> Okay, So let's turn that into against very practical things for folks, because what it has historically done is by focusing on individual devices or classes of devices and the data that those devices generate, they end up with a panoply Ah, wide arrangement of security tools that are each good at optimizing those devices with those, he said, they may not necessarily be a forte tive, but it's difficult to weave that into a consolidated, unified SEC ops Net ops overall, not just architecture but platform for performing the work crucial work of sustaining your digital business infrastructure. How does smart data translate into unified operation >> is appoint Peter? Thank you. That's a very good point. So let me give an example and talk about the customers that we have deployed our smart data, our hybrid cloud infrastructure. This is a typical Fortune 500 where we are deployed. Next card is deployed as the hybrid cloud monitoring infrastructure, and the networks in the club cloud upside. Typically, you will see this type of organization has one tool to cover the entire hybrid cloud monitoring infrastructure across their entire portfolio, whether it is on Prem, whether it's in the cloud, whether it's in the core location facility. But when you look at the SEC locks and the security side, the story is completely different. The same organization, the same Enterprise customer, has 25 to 30 different disparate display tools As a matter of fact, analysts are saying today that a typical Fortune 500 the US has 70 disparate security tools. Why is that the case? Why is it that on the net tops and cloud upside, they need 11 tool net scout, for example? But in the second up there, 70 different products. The reason is not only smart data but also smart architecture. So what? We have seen what we have done over the past three decades, We have designed this two tier architecture that generates Margarita. The dear one is our distributed instrumentation of sense of framework, which we call in Finnish Stream or the Stream. This is the distributor sensor framework that is deployed in the hybrid cloud infrastructure that generates the smart data. And then we had the centralized Analytics layer, which is our ingenious platform that essentially correlates data across the hybrid cloud infrastructure and provide customers complete visibility across the portfolio off the data centers. On the second upside, security side security is roughly 1 10 to 15 years old. Security tried to emulate the studio model as well, but the security industry failed. In doing that, nobody could design this distributed sensor instrumentation cost effectively tto make violate our feasible for analytics with the result they migrated to. As you said, this subpar sources of data like CeCe log like net flow. And today they put all the emphasis on the analytics layer with the result. They need one tool for use case or one vendor per use case on the second offside. And that's why you see the two proliferation because they don't have this distributed sensor framework that will make violate our package data feasible for the analytics lately. >> And I want I want to build on something you're saying because, uh, the it's a It's a misperception that all resources and all work of digital business and technology is going to end up in a central crowd location. The cloud really is an architecture form or broad distribution of data and work, which means, ultimately, that if we don't deal with this proliferation security tools now we're going tow. Probably have an even greater explosion in the number of security tools, which will mohr radically diminish or ability to establish new classes of options and digital business. >> Very good point. As a matter of fact, just a couple of years back, the average number of tools was 40 in in a SEC cops portfolio on enterprise has in the U. S. To date 70 it could go 200. But if you look at the risk profile, well, this profile has stayed the same, are in and make mint. Many cases deteriorated, right? What we found is the tool that a number of tools is going up. The cost of breaches going up the third. The number of breaches are going up, and at the same time, the number of analysts is always and Earth. So in short, high investments on the security side failed to reduce risk. So the risk and investment factor both are going in the north bound go, both are going up. So how do you control that? How do you make them come down? The only way? Smart data on a smart platform on a smart analytics later. >> Yeah. Again, let me emphasize this crucial point because it's one of things that we've seen in our conversation with clients is, ah, proliferation of tools. Proliferation of data leads to a proliferation of tasks and response responsibilities within a business, and you end up with more human failures of consequence. So by bringing all these things together, you end up with smarter data, smarter platform, simpler operations, more unified operations and get greater leverage. So so, let's talk then about ultimately, how should a business What's the road map? What's the next two or three things that an enterprise needs to do to start bringing these to start unifying these resources and generating the simplicity so that you open up greater strategic options for how you configure your digital business? >> That's a very good point. So >> two things we talked about already one is smart data relying on smart data, which comes from wide ate our package data. And the second is smart, smart architecture, which comprises of this two tier architecture with distributed instrumentation and centralized analytics. What happens when you do that is the first thing is early warning detection. What we have realized, Peter, is that if you look at the traditional kill chain in Lockheed Martin's kill chain, our miter mortal that people are using now traditional reconnaissance weaponization shin as well as ex filtration, we have seen that if you rely, if you generate analytics based on packet date are smart data, which we do as a net scow. You can detect these phases much earlier than if you rely on device data. Net floor, sis log. So what I call day minus not day zero, but day minus so leveraging the smart data and smart architecture. Er, we're able tto detect these threats or compromises much earlier than a traditional kill chain more than lot of miter models, >> but But again, the reason why is because we're looking at patterns in the traffic. >> We're looking at behavioral patterns in the traffic. That's correct. Let me go little bit more technical, if you will, were looking at transactions at the DNA's level, transactions at the CP level or at the active directly level that happened much earlier than when electoral movement or a reconnaissance is detected. This happens much earlier because we have the smart data, the wide ADA that enables us to do this early warning detection, >> get more visibility to source as opposed to the target. >> That's correct. The second thing that happens with US smart architecture, the two tier architecture is the consolidation of fuse case. We talked about it a little bit, so today if you want in our in our hybrid cloud scenario that we the next card is deployed in Fortune five hundreds. Over the past 23 decades, our customers have moved from private cloud infrastructure. First they had the core righty. Then they moved Private cloud. You know, I am Francisco. Then they moved echolocation clinics and others. And then they moved also to public cloud. All the workloads are migrating and everywhere we did not make any change to our instrumentation there. Can you believe it? No changes You only changes we made was in the analytics layer to take care of the news cases. So with the result, we could consolidate multiple whose case is in the cloud monitoring in tow. One platform, the smart platform that smart data. Now we're building that value into security with the smart platform and smart data that we talked about. So the consolidation of use cases on the security side is the second advantage other than the early warning detection that we talked about. >> So this has got to improve. Detection has got intrude. Management's gonna improve. Forensics. If I got that right, >> made a good point. And forensics we should talk about a little bit more. Perhaps the second set of things that we're doing is we have done is consolidate in the SEC upside forensics and detection. So let me explain that a little bit more. If you look at a typical enterprise today, they use Seymour security information and even management platforms to correlate data from multiple sources. So in the event off a seam alert, off alert generated best SIM platform forensics teams need to determine what happened and what systems were impacted. Essentially the what when, how, where off, the off the alert or the compromise that has been detected today. As we said, security teams are not using packet data at all but foreign. 16. In orderto validate that alert, they need toe access sessions. They need to access packets belonging to that Ellen, but they cannot today because none of the devices none of the security platforms is using violator in the first place. So what the security teams are doing? Forensic analysts. They're leveraging devices like via shark and tracking investigations with spreadsheets. This is delaying the investigation time. As you know today, it's well known that this cause is alert, fatigue and 50% of the alerts that are going to the seam today are disregarded by the security analysts. With the result, the real threats are getting unabated, and enterprises come to know about a security breach from the media rather than from their own IT department. >> Sanjay. So we've had a great conversation talking about how smart data smart platform is going to lead to greater unification of tasks, people, responsibilities and set ups and net tops and some of the it impacts on eh enterprises Overall response stance both from a detection, management and forensic standpoint. So what's going on? Thank you very much for being on the cue. Sanjay Moon. She Thank you. Thank you. And thanks again for joining us for the Cube conversation. We've been Sanjay Moon, she of Net scout technology. I'm Peter Burke's. See you next time