>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented, They are. There just aren't enough of them to go around and the adversary is also talented and very creative, and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years, we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents, >>Right? What is that is exactly right, right? Breachers are bound to happen and given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry, but we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized so they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach and that's where Dell pays a lot of attention into assuring the security approach approaching and it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it and bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube, your leader in enterprise and emerging tech coverage. We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome, good to see you. >>Hey, good morning Dell's, nice to meet, meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so few years ago IT security and an enterprise was primarily putting a wrapper around data center out because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the environment and data small enough control today with the distributed data, intelligent software, different systems, multi-cloud environment and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure In today's, you know, data driven world, it operates everywhere and data has created and accessed everywhere so far from, you know, the centralized monolithic data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a rapper around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic, they need to be integrated, scalable, one that span the entire enterprise and with a co and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing changing best destroy or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you think about securing network infrastructure, when you're looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say roles for that matter in a role based access control, whether you are a security admin or a network admin or a storage admin. >>And it's imperative that logging is enable because any of the change to the configuration is actually logged and monitored as that. Talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get UND desire results in terms of say validation of the images. It's, it needs to be done through say digital signature. So, so it's important that when you're talking about say, software integrity, a, you are ensuring that the platform is not compromised, you know, is not compromised and be that any upgrades, you know, that happens to the platform is happening through say validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i I think response, but please continue. >>Yeah, so you know, the third one is about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different, you know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And these are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It provides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging off any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like segmentation isolated segments and via VRF or, or some micro segmentation via partners, this allows various level of security for each of those segments. So it's important you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? >>You know, there are multiple layer of defense, you know, both at the edge and in the network in this hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. If you look at say that you know the different pillars of a zero trust architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trust platform in a trusted platform models tpms on certain offer products and you know, the physical security know plain, simple old one love port enable from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. >>If you look at say a transport and decision trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain hotel net or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or is certificate authority based certification. And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the b g peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here, you know, you know, it's, it's typical that if you don't have a control plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. >>From an application test perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. And I did talk about, say the digital signature and the cryptographic check that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about sales multi 10 aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift the vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz scop teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our >>Portfolio, it enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the fabric and you know, from a deployment and you know, the management of the network infrastructure that are simplicities, you know, using like Ansible s for Sonic for example are, you know, for a better sit and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and Avan has and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic no is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center, you know, right up to the edge. Now if you look at our north from a smart traffic OS 10 perspective, you know, as I mentioned, we do have smart traffic services which essentially, you know, simplifies the deployment day zero, I mean rather day one, day two deployment expansion plans and the lifecycle management of our conversion infrastructure and hyper and hyper conversion infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick, just pitch me, what can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned, we're talking about the physical security for examples, say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is data for the digital signature, you know, prior to any upgrade process. And if you are looking at secure access control, we do have things like role based access control, SSH to the switches, control plane access control that pre do tags and say access control from multifactor authentication. >>We do have various tech ads for entry control to the network and things like CSE and PRV support, you know, from a federal perspective we do have say logging wherein, you know, any event, any auditing capabilities can be possible by say looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say network segment, you know, say network separation and you know, these, you know, separation, you know, ensures that are, that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone and, you know, just can be implemented by a, a micro segmentation, you know, just a plain old wheel or using virtual route of framework VR for example. >>A lot there. I mean I think frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you could be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the cube, your leader in enterprise and emerging tech coverage, your own west product management security lead at for HCI at Dell Technologies hyper-converged infrastructure. Jerome, welcome. >>Thank you Dave. >>Hey Jerome, in this series of blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? >>So what's unique about hyper-converge infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system. So like a server or storage system or a virtualization piece of software, software. I mean HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft, and internal partners like the Dell Power Edge team, the Dell storage team, the Dell networking team, and on and on. These partnerships in these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short term solutions and we need long term solutions as well. >>So for the short term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio. We build our software on VMware, so we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily VX rail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle so that VMware would produce a patch and within 14 days we will integrate our own code with the VMware release we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VHA had over 40 releases of software updates last year for a longer term solution. We're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co engineer with effective collaborations with our, with our partners. >>Great, thank you for that. That description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, and to me my takeaway was you gotta have a short term instant patch solution and then you gotta do an integration in a very short time, you know, two weeks to then have that integration done. And then longer term you have to have a software bill of materials so that you can ensure the providence of all the components help us. Is that a right way to think about cybersecurity resilience? Do you have, you know, a additives to that definition? >>I do. I really think that's site cybersecurity and resilience for hci because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me, let me give you an example. So hci, it's a, basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtual virtualizing hardware functionality, like say a storage controller, you could implement it in hardware, but for hci, for example, in our VX rail portfolio, we, our Vxl product, we integrated it into a product called vsan, which is provided by our partner VMware. So that portfolio of strength is still, you know, through our, through our partnerships. >>So what we do, we integrate these, these security functionality and features in into our product. So our partnership grows to our ecosystem through products like VMware, products like nsx, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware and we also leverage VMware's software, part software partnerships on top of that. So for example, VX supports multifactor authentication through vSphere integration with something called Active Directory Federation services for adfs. So there's a lot of providers that support adfs including Microsoft Azure. So now we can support a wide array of identity providers such as Off Zero or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >>Great, I mean that's super helpful. You've mentioned nsx, Horizon, Carbon Black, all the, you know, the VMware component OTH zero, which the developers are gonna love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway cuz you've got this software defined environment and you're managing servers and networking and storage with this software led approach, how do you ensure that the entire system is secure end to end? >>That's a really great question. So the, the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, VxRail is the market's only co engineered solution with VMware, other vendors sell VMware as a hyper converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development life cycle, which other products might talk about in their discussions with you that we integrate into our engineering life cycle. So because we follow the same framework, all of the, all of the codes should interoperate from a security standpoint. And so when we do our final validation testing when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >>That's great. All right, let's, let's close pitch me, what would you say is the strong suit summarize the, the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio specifically from a security perspective? Jerome? >>So I talked about how hyper hyper-converged infrastructure simplifies security management because basically you're gonna take all of these features that are abstracted in in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be, say, you know, in for VX rail would be b be center, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the, the key to making it to hci. Now, what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co engineered, it's not bolted on. So I gave the example of spo, I gave the example of how we, we modify our software release process with VMware to make it very responsive. >>A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell that's not done through a partnership. So we digitally signed our software updates so the user can be sure that the, the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own a specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for, for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage it all comes in a package. So it, it can be all managed through vCenter, for example, or, and then the specific hyper, hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few pains of glass that the, the administrator or user ever has to worry about. It's all self contained and manageable. >>That makes a lot of sense. So you've got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, you know, they gotta deal with cloud security, they gotta deal with multiple clouds. Now they have their shared responsibility model going across multiple cl. They got all this other stuff that they have to worry, they gotta secure the containers and the run time and and, and, and, and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the, the securities is gonna get worse. So what my takeaway is, you're removing that infrastructure piece and saying, Okay guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners to and your own teams to really nail that. Is that a fair summary? >>I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define, to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because we are, our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I, I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and, and other highly regulated environments and we're very successful there. >>Excellent. Okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry and so would appreciate that. >>I would look forward to it. Thank you very much, Dave. >>You're really welcome. In a moment I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I wanna thank our guests for their contributions in helping us understand how investments by a company like Dell can both reduce the need for dev sec up teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality providence and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, on prem or at the edge, you are responsible for your own security. But vendor r and d and vendor process must play an important role in easing the burden faced by security devs and operation teams. And on behalf of the cube production content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember part one of this series as well as all the videos associated with this program and of course today's program are available on demand@thecube.net with additional coverage@siliconangle.com. And you can go to dell.com/security solutions dell.com/security solutions to learn more about Dell's approach to securing infrastructure. And there's tons of additional resources that can help you on your journey. This is Dave Valante for the Cube, your leader in enterprise and emerging tech coverage. We'll see you next time.

>> Announcer: From Las Vegas, it's theCUBE. Covering Qualys Security Conference 2019, brought to you by Qualys. >> Hey welcome back everybody, Jeff Frick here with theCUBE, we're in Las Vegas at the Bellagio, at the Qualys Security Conference, pretty amazing, it's been going on for 19 years, we heard in the keynote. It's our first time here, and we're excited to have our first guest, he was a keynote earlier this morning, the author of nine books, Richard Clarke, National Security and Cyber Risk expert, and author most recently of "The Fifth Domain." Dick, great to see you. >> Great to be with you. >> Absolutely. So you've been in this space for a very long time. >> I started doing cybersecurity in about 1996 or 1997. >> So early days. And preparing for this, I've watched some of your other stuff, and one of the things you said early on was before there was really nothing to buy. How ironic to think about that, that first there was a firewall, and basic kind of threat protection. Compare and contrast that to walking into RSA, which will be in a couple of months in Moscone, 50,000 people, more vendors than I can count on one hand, now there's too much stuff to buy. Do you look at this evolution? What's your take? And from a perspective of the CIO and the people responsible for protecting us, how should they work through this morass? >> Well, the CIO and the CFO, got used to thinking cyber security costs a little bit, 'cause you can only buy, this is 1997, you can only buy antivirus, firewall, and maybe, in 1997, you could buy an intrusion detection system. Didn't do anything, it just went "beep," but you could buy that too. So you had three things in 1997. And so that resulted in the IT budget having to take a tiny little bit of it, and put it aside for security, maybe 2%, 3% of the budget. Well, now, if you're only spending 2 or 3% of your IT budget on security, somebody owns your company, and it's not you (laughs). >> And that's 2 or 3% of the IT budget, that's not the whole budget. >> No, that's the IT budget. What we found in researching the book, is that secure companies, and there are some, there's companies that don't get hacked, or they get hacked, but the hack gets in, immediately contained, identified, quarantined. The damage is done, but it's easily repaired. Companies that are like that, the resilient companies, are spending 8%, 10%, we found companies at 12 and 17%, of their IT budget on security, and to your point, how many devices do you have to buy? You look at the floor at any of these RSA Conventions, Black Hat, or something, now there are 2000 companies at RSA, and they're all selling something, but their marketing message is all the same. So pity the poor CSO as she goes around trying to figure out, "Well, do I want to talk to that company? "What does it do?" We found that the big banks, and the big corporations, that are secure, have not three, anymore, but 75, 80, different, discreet cybersecurity products on their network, most of it software, some of it hardware. But if you've got 80 products, that's probably 60 vendors, and so you got to, for yourself, there's the big challenge, for a CSO, she's got to figure out, "What are the best products? "How do they integrate? "What are my priorities?" And, that's a tough task, I understand why a lot of the people want to outsource it, because it's daunting, especially for the small and medium-size business, you got to outsource it. >> Right, right. So the good news is, there's a silver lining. So traditionally, and you've talked about this, we talk about it all the time too, there's people that have been hacked and know it, and people that have been hacked and just don't know it yet, and the statistics are all over the map, anywhere you grab it, it used to be hundreds of days before intrusions were detected. Kind of the silver lining in your message is, with proper investments, with proper diligence and governance, you can be in that group, some they're trying to get in all the time, but you can actually stop it, you can actually contain it, you can actually minimize the damage. >> What we're saying is, used to be two kinds of companies, those that are hacked and knew it, and those that are hacked that don't, that didn't know it. Now there's a third kind of company. The company that's stopping the hack successfully, and the average, I think, is a 175 days to figure it out, now it's 175 minutes, or less. The attack gets in, there's all the five or six stages, of what's called "the attack killchain," and gets out very, very quickly. Human beings watching glass, looking at alerts, are not going to detect that and respond in time, it's got to be automated. Everybody says they got AI, but some people really do (laughs), and machine learning is absolutely necessary, to detect things out of the sea of data, 75 different kinds of devices giving you data, all of them alarming, and trying to figure out what's going on, and figure out in time, to stop that attack, quarantine it, you got to move very, very quickly, so you've got to trust machine learning and AI, you got to let them do some of the work. >> It's so funny 'cause people still are peeved when they get a false positive from their credit card company, and it's like (laughs), do you realize how many of those things are going through the system before one elevates to the level that you are actually getting an alert? >> So the problem has always been reducing the number of false positives, and identifying which are the real risks, and prioritizing, and humans can't do that anymore. >> Right, right, there's just too much data. So let's shift gears a little bit about in terms of how this has changed, and again, we hear about it over and over, right, the hacker used to be some malicious kid living in his mom's basement, being mischievous, maybe, actually doing some damage, or stealing a little money. Now it's government-funded, it's state attacks, for much more significant threats, and much more significant opportunities, targets of opportunity. You've made some interesting comments in some of your prior stuff, what's the role of the government? What's the role of the government helping businesses? What's the role of business? And then it also begs the question, all these multinational business, they don't even necessarily just exist in one place, but now, I've got to defend myself against a nation state, with, arguably, unlimited resources, that they can assign to this task. How should corporate CIOs be thinking about that, and what is the role, do you think, of the government? >> Let's say you're right. 20 years ago we actually used to see the number of cyber attacks go up on a Friday night and a Saturday night, because it was boys in their mother's basement who couldn't get a date, you know, and they were down there having fun with the computer. Now, it's not individuals who are doing the attacks. It is, as you say, nation states. It's the Russian Army, Russian Intelligence, Russian Military Intelligence, the GRU. The North Korean Army is funding its development of nuclear weapons by hacking companies and stealing money, all over the world, including central banks, in some cases. So, yeah, the threat has changed, and obviously, a nation state is going to be far more capable of attacking, military is going to be far more capable of attacking, so, CISOs say to me, "I'm being attacked by a foreign military, "isn't that the role of the Pentagon "to defend Americans, American companies?" And General Keith Alexander, who used to run Cyber Command, talks about, if a Russian bomber goes overhead, and drops a bomb on your plant, you expect the United States Air Force to intercept that Russian bomber, that's why you pay your taxes, assuming you pay taxes. What's the difference? General Alexander says, whether that's a Russian bomber attacking your plant, or a Russian cyber attack, attacking your plant, and he says, therefore, people should assume the Pentagon will protect them from foreign militaries. That sounds nice. There's a real ring of truth to that, right? But it doesn't work. I mean, how could the Pentagon defend your regional bank? How could the Pentagon defend the telephone company, or a retail store? It can't. It can barely defend itself, and they're not doing a great job of that either, defending the federal government. So, do you really want the Pentagon putting sensors on your network? Looking at your data? No, you don't. Moreover, they can't. They don't have enough people, they don't have enough skills. At the end of the day, whatever the analogy is about how the Defense Department should defend us from foreign military attack, they can't. And they shouldn't, by the way, in my view. The conclusion that that gets you to, is you got to defend yourself, and you can, right now, if you use the technology that exists. The government has a role, sure. It can provide you warnings, it can provide the community with intelligence, it can fund development and stuff, can train people, but it cannot defend your network, you have to defend your network. >> And you have municipalities, I think it's Atlanta, is the one that keeps getting hit, there's-- >> Well Louisiana, just the other night, the whole state of Louisiana government unplugged from the internet, because it was being hit by a ransomware attack. The whole city of Baltimore's been down, the whole city of Atlanta, as you said. There's a real problem here, because people, many of them are paying the ransom, and they pay the ransom, and they get their network back right away. People ask me, "Can I trust these criminals?" Well you can trust them to give you your network back, because they have a reputation to maintain. Think about that. This whole thing about ransomware depends on their reputation, the bad guys' reputation. If they get a reputation for not giving you your network back when you pay, no one's ever going to pay, so they do give it back, and sometimes that's a lot quicker, and a lot cheaper, than saying no and rebuilding your network. But if we give them the money, what are they doing with it? Yeah, they're buying Ferraris to drive round the streets of Moscow, but some of that money is going back into R&D, so they can develop more effective attacks. >> So it's an interesting take, right, so most people, I think, would say that the cybersecurity war is completely always going to be kind of cat and mouse, whack-a-mole, that the bad guys are always a little step ahead, and you're always trying to catch up, just the way the innovation cycle works. You specifically say no, that's not necessarily always true, that there are specific things you can do to, not necessarily have an impenetrable wall, but to really minimize the impact and neutralize these threats, like a super white blood cell, if you will. So what are those things that companies should be doing, to better increase their probability, their chance, of, I don't know, blocking-- >> Depends on the size of the company. >> Absorbing. >> Depends on the size of the company. But I think whether you're a small-to-medium business, or you're an enterprise, you begin in the same place. And I do this with all of my consulting contracts, I sit down with the leadership of the company individually, and I ask every one of them, "What are you worried about? "What could happen? "What could a bad guy do to you "that matters to your company?" 'Cause what matters to one company may not matter to another company. And you can't spend your entire budget defending the network, so let's figure out exactly what risk we're worried about, and what risk we're just kind of willing to tolerate. And then, we can design security around that, and sometimes that security will be outsourced, to a managed security provider. A lot of it means getting into the cloud, because if you're in Amazon or Microsoft's cloud, you've got some security automatically built in, they've got thousands of people doing the security of the cloud, and if your server's in your basement, good luck. (laughs) >> So, as you look forward, now you said you finished the book earlier in the year, it gets published, and it's out, and that's great, but as you said, it's a fast-moving train, and the spaces develops. 10 years from now, we don't want to look at 10 years from now, it's way too long. But as you look forward the next couple, two, three years, what are you keeping an eye on, that's going to be, again, another sea change of both challenge and opportunity in this space? >> The three technologies we talk about in the book, for the three-year time horizon, 'cause I can't get beyond three years, more machine learning on the defense, but also more machine learning on the offense, and where does that balance work out? To whose advantage? Secondly, quantum computing, which, we don't know how rapidly quantum computing will come onto the market, but we do know it's a risk for some people, in that it might break encryption, if the bad guys get their hands on the quantum computer, so that's a worry. But one I think most immediately, is 5G. What 5G allows people to do, is connect millions of things, at high speed, to the internet. And a lot of those things that will be connected are not defended right now, and are outside firewalls, and don't have end-point protection, and aren't really built into networks on a secure network. So I worry about 5G empowering the Internet of Things, and doing what we call expanding the attack surface, I worry about that. >> Right, Richard, well thank you for taking a few minutes, and congrats on the book, and I'm sure within a couple of years the gears will start turning and you'll put pen to paper and kick another one out for us. >> Number 10. >> All right. He's Richard, I'm Jeff, you're watching theCUBE, we're at the Qualys Security Conference at the Bellagio in Las Vegas, thanks for watching, we'll see you next time. (upbeat music)

>> Live from San Francisco. It's the Cube covering artists. A conference twenty nineteen brought to you by for scout. >> Hey, Welcome back, everybody. Geoffrey here with the cue, We're at the arse. A >> conference in Mosconi. They finally finished The remodel. Looks beautiful in the rain is not coming in. Which is a good thing. We're excited. >> Have a next guests of many time Keep alumni. >> He's Sean Connery, the VP and GM of Security and Risk Business Unit at service now Song. Great to see you. It's great Sea again, Jeff. Thanks for having us. Absolutely. So it's been probably six months or so since we last talked What's been going on its service down the security space? >> Well, one of the things that's been most interesting is, as our customers have started to get into production now with the security capabilities as well as our risk capabilities there, realizing the benefits of having I t security and risk on the same platform. So when we were talking last time, we're talking a lot about, you know, security, hygiene, vulnerability, management, security incidents and that's all very much mainstream now on R and R install base. But now folks are saying, Wait a minute if I've got it. Data risk, data, compliance, data and security and vulnerability to it on the same platform. What kinds of things could I now do that >> I couldn't do before? Right? So what are they doing? >> Well, big thing they're doing is they're starting to manage risk in a holistic way by leveraging operational data on the platform. So if you think about the way risk tools have historically worked, you know, you're basically in what is essentially a glorified spreadsheet building dashboards for how to represent the various risks to your organisation. But if you think about what auditors and compliance people need to do there, essentially checking the state of all these compliance tasked throughout an organization. But it's essentially a survey. Like I'll ask you like, Hey, tell me about the data protection strategy for your application. You have to tell me while we're using crypto or we're not using krypto. The data is in this country. Well, all that date is already in service now. So how do you now automate? So we take all those mundane tasks around compliance and risk and be able to roll that up to clear, visible risk indicators manage that in a continuous way, what we call continuous monitoring for risk, which is just a brand new way to think about this problem, >> right? I'm curious how the changing of the assessment of the risk changes over time you've got the compliance stuff, which you just have to do, right? You have to check the box you've got, you know, kind of your business crown jewels. But then now we're seeing with kind of these nation state attacks and political attacks and sees things that aren't necessarily just trying to steal your personal information and not trying to steal your your your big money. But they're looking for other data that maybe you wouldn't have assigned an appropriate risk level in a time before because you were kind of really protecting the money and the and the and the obvious crown jewels. How >> does that >> how's that risk kind of profile continue to modify and change over time? >> I think that that's gonna be the state, uh, for you know, forever, right? The right profile. Going to continue to modify. I think what's important for security team's risk teams teams is to make sure they're actually using risk as we talked about last time. Is there North Star for guiding their security investments were here surrounded, like in the lion's den. All these security vendors, I was just walking the halls, all the startups that air, trying to do different things. And, you know, there's always gonna be another tool that somebody's going to want to sell you to solve a problem. But ultimately you need to be looking at the risks to your organisation. As you said, the evolving risk people shipped a cloud. You know, they deal with nation state attacks. They deal with, you know, whatever is going to come tomorrow. And how do you guide your security investments in favor of that? What we're seeing it service now is a renewed interest in hygiene and back to basics. How do I manage my vulnerabilities? Is my patch program effective? How am I dealing with exceptions and that? What's that channel to it? Because, as you know, almost everything about security was actually done by from an operational standpoint. So that channel of communication is something that we've been really heavily focused on. >> Yeah, it's a pretty state, As you say. We're surrounded by many shiny many bright, shiny lights, and people have something yourself. But you can't you can't buy your way out of this thing. You can't technology. You're way out of it. You can't hire out of it. So you really need to use a kind of a sophisticated strategy of integrated tools with the right amount of automation to help you get through this morass. >> Absolutely. And one of the ways we liketo help our customers think about >> this is, >> you know, your teams want to be focused on the interesting parts of their jobs. They came into the security industry because they want to help save the world right now, they watch some movie, they imagine some amazing role. And then when they get into the role, if they're dealing with mundane, you know, uh, fishing response. You know, vulnerability, prioritization. It just, you know, it takes the wind out of their sails, right? But if you can, if you can automate those mundane task using a digital work folk platform like service now, then suddenly free that time up so they could be focused on what you were just describing much more advanced attacks where you want creative humans. Sort >> of. This is so funny, right? It's almost like any type of a job like painting. You know the more time he spilled, spend prepping the house and sanding everything except painting better. The painting goes, and it's kind of the same thing here. It's the Boring is the mundane is applying the patches, as you said, but it's all of those things that make the exciting part when you get there. Now you can focus on real problems was just shoot, you know, we forgot to apply that match two weeks ago, >> you reminded me. I think my dad taught me a measure twice cut once that. S O s. Oh, it's absolutely right. So one way to think about that is that a concrete example is attack surface. So people, a lot of people on this hall are talking about your attack surface. What are the areas that can be attacked within your organization? Well, one of the best ways to reduce your attack surfaces to manage your vulnerability program in an effective way. Because if you can deal with patching much more efficiently patching the right assets the ones that have active exploits that are available, then suddenly you're inflow of incidents reduces, and then you automate the incidents that remain. And then suddenly you've got a mass the time savings versus If you just sort of scattershot said All right, T Max is going to work on vulnerabilities. Team wise, going toe workout incidents. They're really not gonna coordinate. And they're especially not gonna coordinate with tea. That's when things start to fall apart. >> Right. Right. So we're here in the Fourth Scout Booth. Um, so how long have you guys been working for Scout? How does how did the two systems work together? >> Yeah. So we've been working for Scott for awhile. We've actually got a number of integrations that are live on the surface now store. Uh, in fact, we have customers in production using for scout. So we really see, with force got in service now is a couple of things. First off, just on the asset management asset Discovery side of the house for Scott has a wealth of capabilities around giving us information about endpoint assets, whether they be traditional assets or coyote assets. And we can feed that directly into the seem to be our configuration management database. Right To help manage the overall assets within an organization that's sort of step one for Scout is a terrific partner to help pull that data in. And then the second thing we can do is we can men using the security capabilities inside service. Now we can trigger actions inside for scouts environment to then block re mediate, isolate. When we see something bad happening related to an incident or a vulnerability >> that we discover, right, I just can't help, but they're gonna know Asset management is eighty beady little piece of of the service now offering and all we hear about force. God just going in and finding out all kinds of stuff that you had out there that can. And I'm like, who found it first. You guys in the asset management or were the four scout sniffer? But I I imagine a lot of that stuff is not in your asset management system because it's things that people have just plugged in here and there and along the way. >> Yeah, well, we've got our we have a discovery capability is part of service now, which is which is fantastic. And that is primarily focused on server assets and the relationship between those server assets. So you want to understand, What is the total footprint of my AARP infrastructure? The load balancers, the network equipment, the servers. We can do that very, very well. What? What we really rely on coming like forced God to help us with is like you said, somebody plugged something in on the wireless network on the local network. You know, we don't know what it is. And for school can help us, you know? What is it? Where is it on DH that that information's changing so quickly that it really helped us out tohave having integrated solution. We've actually got Customersdata, Utah was in production now, with sixty thousand devices being managed with force got in service now working together, it's curious >> if you somehow integrate those back in and say, You know, it's not just me plugging in my phone, but it's actually something that needs to be more actively managed. If there's a discovery process there within service in ours, and it's mainly just temporary stuff, plug it in, plug it in and out, plug it in, plug it out. >> Yeah, I wouldn't think of the integrations with force got his temporary in anyway. It's just more. It's more dynamic environment so that our people are people are plugging systems in, you know, typically, you want to do that in an agent lis way, right? You don't want to have a heavyweight agent on the end point. And that's what force guys really known for discovering, analyzing what these devices are. And for us, the more incoming data we have into our CM, D B, the more valuable that is to our customers. And so we're really excited Team to do more with force. Go >> right. All right, I give you the last word. What priorities? For twenty nineteen. >> Prices for twenty nineteen is really to build on what we what we just announced. So Madrid are major service not released. Just hit today, right? Thanks. Thanks very much. We have exploit enrichments and our vulnerability system now so we can know, you know. Is there a phone? How How How critical is it? But also has it been exploited or not? Right. Is it publicly available? Exploit doesn't require local access, remote access so that we've done that on the security side. Wait. Did some continuous monitoring that we already talked about. But the big thing for us, that service now is mobile in twenty nineteen. Right? So big capability we announced, is native mobile capabilities. So essentially, we're positioning everyday work is the next killer out for mobile? Because, as you know, service now is all about Inter connecting all these various departments and making these classic processes digital work clothes. And now you can have that same sort of consumer grade mobile experience on your enterprise infrastructure. And so being able to build that out about all of our products and continue to drive Alodor customers are really excited about it. >> I just can't help But think of Fred coming out. I think it like twenty fifteen with, like, the first. I might be off by year to the first, You know, service now on mobile and the crowd went wild. >> It was awesome at the time. Right now, that was a that was a essentially a scaled down web capability. Right foot inside of a container. Now, this is Native mobile. So GPS face I d three d touch to use IOS. Examples are all capabilities you can expose in a code lis environment tio to developers so you could build a custom application custom workflow. And you don't have to know anything about how to code and the APC and get pushed down to users devices right away. >> Very good. Well, I think that's a good place to focus on. Right, Sean? Well, thanks for taking a few minutes to stop >> by course. Thanks, Tio. Pleasure. All right. He shot on. Jeff. You're watching the cube? Where are say in San Francisco? Thanks for watching. >> We'LL see you next time.