>>LA Las Vegas. It's the cube covering AWS reinvent 2019 brought to you by Amazon web services and along with its ecosystem partners. >>It is so good to have you here on the cube. Once again as we kick off our coverage here live in Las Vegas at AWS, reinvent 2019 along with my a trusty sidekick, Justin Warren, John Walls here. I can't believe they put us back together again so I can't, I feel like I need a cake that actually I would be the trustee sidekick because you know he carries the water and I can wear this band. Andy Miller is going to wear the expert hat in this interview. He's the director of global public cloud at Sofo. So then you're good to see you. Thanks for joining us here on the cube. >>Thank you. It's great to be here. We're excited to be part of re-invent as a, I think this is our eighth year in a row of being part of the show and excited to be here on the cube. I uh, come bearing a couple of gifts. >>Do this every time I visited on the queue here. What do we have here at Sophos? Socks for ya. Soft Sofo songs. I love that look. That's very nice. Yeah. It's something we came up with a few years ago as part of the promotion for SIS admins day and it was so popular, it's never gone away after you're fired. You're hearing the cloud security, the security for the feet. Yes. Is what we have here. So, so your, your security, right. And it's all about the cloud these days. You just came out fairly recently with a, uh, a 2020 threat report. So once you give us kind of the high level and then we'll dig down a little deeper into that, but maybe the key takeaways from that report. >>Yeah, we, uh, we looked at a lot of different things, uh, in the threat report basically. Um, we do this every year, kind of look at trends in what we're seeing and so forth. And we saw a lot of interesting developments around ransomware, both in the cloud and in an on prem environments. But in the cloud, what we really saw was, you know, a continuation of the prevalence of, uh, the bad guys going after those assets, right? They know that there are some very large companies moving some very important data sets into the cloud and as such, they want to make sure that they can get at them as quickly as possible. So we see a very, uh, very, uh, prevalent and constant attack against, uh, those particular assets looking for data that they can steal. It seems that the, the bad act is here I just becoming more sophisticated every day and that they understand how to do cloud infrastructure really quite well. >>Are there specific things that are special to the cloud that are different from what you would have with an onsite environment that requires a different approach? Yeah, certainly when you move to the cloud, one of the things that's really important, and there was a talk about this in the keynote this morning, it's important to this idea of transformation rather than just transition. And the same is true with your security. You should use solutions that are specifically addressed and built for the cloud and that have very tight with a provider like AWS for instance. So it's important that those products integrate with the tools that are available to you through the provider as well as are again, specifically built for those solutions and can scale and move and so forth at the speed of the cloud. >>That seems like a no brainer, right? I mean that seems logical, but you're saying that that's not automatic, that there are those who are trying to cut on retrofit, if you will, a solutions that they've employed before that didn't go to work. >>Yeah. You know, for customers it's a challenge because oftentimes their journey to the cloud starts with a Andy Jassy referred to it today as toe dipping, and that is a very common way that people start in the cloud. And when you start out anything where you're just kind of dipping your toe in the water and then it gets a little further in and a little further in, that's an entire entirely different experience. Then we're not in the cloud and we're going to plan and plan our journey and go into the cloud. With a plan in place, you tend to evolve as you go. The other thing for customers is they may have security technologies that they've used for a long time that they're comfortable with and we all want to maintain a level of comfort, right? And so there are a lot of times you'll see them trying to see old a square peg round hole analogy, right? Trying to bang those technologies into the cloud even though they may not work really well for cloud deployment. >>Yeah, I mean it's a hard problem as well because security is such a difficult thing to solve. Even just all inside that if you add in the newness of cloud on top of that and then have to change the way that you address security, that that just adds a whole bunch of extra complexity into that. So what are some of the things that sofa is doing to help customers as they transition from, this is how you've done stuff in the past. This is how you're going to have to do things in the cloud. How are you helping customers to actually learn about what they need to do as they start to experiment with the way that they're using the cloud? >>Yeah. One of the first things, you know, we have a product that we introduced in April called Sophos cloud optics and one of the biggest challenges for customers as they move to cloud is maintaining visibility and control over their workloads. Uh, cloud deployments are very different in that a lot of times you have a development community that may not be as wired as tight with wired is tight with security as you'd like. And a lot of different people who are having input into deployments and changes to workloads. That's a different scenario a lot of times than on-prem. And so it creates situations where you may have new workloads introduced to the cloud or changes to workloads that happen on a constant and continuous basis. And customers need to be able to track that. And that's what Sophos cloud optics was designed to do, was to give them an idea of exactly what they will have running in the cloud at any time. And also what state of configuration that particular asset happens to be. >>I don't, I know one trend is actually tried to move that it's called shift left, which is to provide that visibility up, the stack of it towards the developers so that they can actually respond to what's happening in production or just to understand the security environment a bit better and then push that model, enable them to be able to make good and, and that stuff security being the, you know, the division of no way. You can't do anything at all, which business doesn't lie. The whole point of going to cloud is we want to go faster. We want to be able to do this with a more agile fashion. So it sounds like this is actually just providing that, that intelligence so that you can make those better decisions. >>Absolutely. In fact, a big part of the product is our infrastructures, a code scanning, uh, where we can scan a formation templates. Actually in the repositories before they're published and let the developers know, Hey, okay, you made some great changes to that, to that infrastructure. But in the process of doing that, you actually configure this out of out of the, uh, out of, uh, compliance with the policy that we have internally. So you need to make this change before you ever do it and really make that actually part of the dev ops loop so that, like you say, the department of no doesn't have to be, you know, big brother or daddy coming over the top and, and hammering on them, but instead making it part of their workflow and, um, and really buying, bringing them and buying them into the security process rather than just, you know, coming along behind. >>Yeah. I mean, this is on a bigger picture level. Um, there is some owners on the customer still, right? I mean, like, they can't just look at Sofo say, please take care of all my concerns and all my problems and, and button me up and let me focus. There is still some burden on their backs. Right. >>Absolutely. And, and, or ignore the provider. Right. And so it's, it's been an interesting journey. Um, when we first moved our, uh, our central platform and built our central platform into the cloud, um, in AWS cloud, there was a lot of resistance. I am not going to move security into cloud. This was a number of years ago. And now people sort of inherently trust cloud maybe a little too much in that they don't realize that while the AWS platform is very secure, what you put into the cloud is your responsibility and you need to apply all the controls that you would on prem to those workloads. And customers I think sometimes are a little bit confused about where does their responsibility lie versus what the vendor takes. And in this case, AWS takes care of, um, and what they need, what part they need to play in that. >>Yeah. And in their defense, some of the tools in cloud have kind of not really been there, but we had the announcement this morning where a Amazon announced all this S three access points. Yup. Which provides a, a bit of a, a better control mechanism for controlling S three bucket access, which is notorious for people leaving, you know, open buckets just sitting there on the internet and someone comes along and they suddenly, they have all of your data and that's, it's really easy with cloud to do that. Uh, so it's good to see those sorts of developments come along and, and we're, we're seeing more tooling being provided to customers that then helps them to make that kind of decision. That way they can take more responsibility. Otherwise it's like, well, you know, you want me to take more responsibility, but I, I kind of, how do I do it? >>Yeah, yeah. And, and it's important for us as well, and this is one of the things we, uh, we integrate with a number of services and you'll hear it first here on the cube. We're gonna announce a little later today. Um, some new additions to the optics platform, including integrations with things like Amazon detective. We have some new integrations in the AWS platform with our UTM offering as well. Um, so we continue to add those in, use those tools because essentially things like integrating with the, um, with the identity access management solution that Amazon's just announced that gives us information that we can use to populate along with all the other data that we gather in order to help keep customers secure. But we're really glad to see the, the, the new offering around S three buckets. Cause obviously that is a, uh, that is a very low hanging fruit for us. As you might say, it's not really difficult to detect, but it's been a huge problem for customers cause it's so easy to make that change to that control and cause a lot of damage with just a very small change that a perfectly well-meaning employee made and, and just made a mistake. So why, why is optics >>spend the home run for you? I mean, what, what, what gap did it feel? What service did it provide that, that um, I mean I know you always hope what you, >>we're all at works, but this has been, like I said, it's been a home, huh? Yeah. I, I think the biggest thing has been really helping customers to get their arms around what their cloud deployment looks like and what state it's in. So, you know, one of the things I frequently would, uh, would talk to customers when we first came out with the product was I would say, take out your cloud bill and if you can tell me every workload that is running on that cloud bell and who owns it and who's responsible for maintaining the security port or a profile of that, then we have nothing more to talk about. But the reality was, no one could. My own team, when we first got the optics product, we have our own really a playground environment for our security architects on our team to try out different things in AWS and so forth. We didn't even know everything that was running in the cloud belly. It turned out that we actually found some things that were running that were workloads that were fired up by employees that hadn't been with the company for two or more years and didn't even realize it and traced it back and were able to get rid of those and, and you know, essentially create a situation where we obviously spend less, but also that we don't have assets running that we're not aware of. Which is obviously a glaring hole for someone to take advantage of. >>Yeah, I mean there's lots of technology and advances coming out and there's a particularly advances in machine learning, for example, that that has a lot of promise for doing this, but yet a lot of the solution is security. It does seem to be just doing the basics and that just for a bit of discipline from customers, are they a customers really prepared to have that level of discipline and and take that responsibility to just do the hard work? >>I think to varying degrees. I think one of the things is you want to make it as easy for customers as humanly possible. You do not want to interrupt their flow of business for sure, but you also want to, you know, you want to make it so that they can implement the security controls that they need without as much with as little effort as humanly possible. And that's always been a big mantra for Sophos. We security made simple has been our, our tagline for, I dunno, four or five years and it's always been a guiding principle of the company because we feel like, you know, complex security is security that won't be implemented and not on a continuous basis for sure. We let off with ransomware and, and kind of left from there. I just want to get back to that if we can to close up. >>Is it, um, are there unique aspects to it in a cloud environment that, that create different kinds of complexity? So obviously this is not a new phenomenon, it's been around, right? But, but going into the shared source, the shared resource of what kind of difficulties does that bring and then what are you seeing that unique that you think you've really got are gonna need to ramp up your game to attack down the road? So I think there were some new, there were some new, uh, some changes to how people go about ransomware that are not unique to the cloud, that are the same across what is probably unique to the cloud is the prevalence at which people are constantly, the bad actors are constantly scanning it. So you talked earlier about, uh, their sophistication, their level of automation frankly is impressive. So we deployed earlier this year, we deployed in a a steady, uh, 10 workloads around the world. >>And in 10 different of AWS is most popular data centers. And what we found is, is I believe the first, uh, attempt to compromise happen in 52 seconds. The longest one was about 15 minutes. And then even more scary than that was the fact that once a, a server was, uh, discovered on the cloud, there was an on average and attempt every 13 seconds to compromise that it ended up totaling over 5 million in a 30 day period on 10 workloads. So the bad guys are out there, they're busy, they have an impressive level level of automation and a, I think they realize that the cloud is as good at target as any, but certainly going out at hard hardcore for sure. For sure. Well, Andy, thanks for the time. Uh, good to see you. And uh, more importantly, thanks for the socks now, right? Yes, exactly. Some more for the rest of the week. Let me know. We'll do. Thank you. Thank you. Thank you. Back with more coverage here live where AWS reinvent 20, 19, and you're watching this here on the queue.