>> From the CUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE conversation. Welcome to this CUBE conversation. I'm Lisa Martin, and today I'm talking with Ivanti again, Nayaki Nayyar, their Chief Product Officer EVP is back with us, as is another Cube alumni, Sumedh Thakar, the President and Chief Product Officer of Qualys. Nayaki, sweet, great to have you guys both back on the program. >> Great to be back here, Lisa. I think it's becoming a habit for me to be here, talking to you almost... >> I like it. >> every week. >> Good to be here, thank you for inviting me. >> So, let's go right into some exciting news here, so Ivanti has had a lot of momentum in the last week or so, Nayaki with launch announcements, talk to us about what you're announcing today in terms of an expansion with the Ivanti-Qualys partnership. >> So Lisa, as you remember, this week we had a great week this week with the launch of our Ivanti neurons platform, that really helps our customers address end-to-end management of their endpoints and security of those endpoints. How we can help them, would be called self fuel, self secure and self service the endpoints. And one of the key strengths Ivanti has, in our portfolio, is our ability to manage all the patches. Today, with our Ivanti patch management solution, we patch approximately 1.2 billion patches on an annual basis. So that's a pretty big volume, and we are extremely excited as a part of this launch announcement, to also share the partnership we have with Qualys and how we are extending and helping Qualys with their overall vision for VMDR. >> So Sumedh, let's go right into that, talk to us about the VMDR, vulnerability management has been around for a while, what is VMDR and Qualys perspective? And what are you looking to do with your partnership with Ivanti? >> I should know about vulnerability management being around for a while, I've been 18 years at Qualys, so we've been doing for a long time, and, what's happened is with the hybrid infrastructure exploding and a lot more devices being added and focus shifting from just servers to endpoint, I think that is just a need to be able to do vulnerability management, in addition, also have the ability to do assessment of your devices in terms of inventory, etcetera, so, discovering your devices, being able to do vulnerability assessment, configuration assessment, but also be able to prioritize those vulnerabilities on which one do you really need to patch because you just have way too many vulnerabilities. And then at the end, all of this vulnerability management is not useful if we can't do something about it, and that's where, you need the ability to patch and fix those issues, and this is where VMDR really brings that workflow in a single platform end-to-end, So instead of just throwing a big report of CVEs, we provide the ability to go from detection of the device, to the patching, and this is where Ivanti partnership has been something that has really helped our customers because they bring in that patching piece, and this is one of the most complicated things you do, and because taking a vulnerability and mapping it to a particular patch is very complex to do and that's where the Ivanti partnership is helping us. >> And so, this is an expansion Sumedh, you guys have been doing this for Windows and Linux, and now this is adding Mac support and others. Tell me a little bit more about the additional capabilities that you're enabling. >> What's interesting is that, when we started working on this, this was before the pandemic hit, and COVID has certainly added a very interesting twist to the patching challenge, and the ability for the system admins to suddenly patch 100,000 to 200,000 devices, which are not in your office with a high speed internet anymore, they are sitting in little apartments all over the world with low bandwidth, WiFi connections, etcetera, how do you patch those endpoints? And so when, while the focus of the beginning was a lot more on Windows and Linux, which are more on the server side, with the pandemic hitting, there is a big need now for people also to be able to do their Macs and other endpoints that are now remote and at people's homes, and so obviously, with the success of the patch management capabilities on Windows that we got with Ivanti, they are a natural partner for us to also expand that into being able to do it for the Macs as well, and so, now we're working together to get this done for the Macs. >> So Nayaki, in terms of the announcements from Ivanti that they've been coming out the last week or so, we talked with Jeff Abbott last week about the partnerships and the GTM, talk to me about from a strategic perspective, how does the expansion of the Qualys partnership dial up Ivanti's vision? >> Lisa, when you take a look at what's really happening across every enterprise, every large company, especially during COVID, and post COVID, is what we call this explosive growth of remote workers, as everyone is trying to manage what the transformation to remote working means, the explosive growth of devices that now have to be managed by every IT organization, not to mention how to secure those devices, which is where this partnership with Qualys becomes extremely strategic for us. Now we can extend that overall vision that we have with our Ivanti neurons to discover every device we have, the customers' have, sense any security vulnerabilities, anomalies that are on those devices, prioritize those based on risk-based priority of it and going through priority as we embed more and more AI Amal into it, and get into what we call this auto remediation, remediating all those vulnerabilities, which nicely fits into Qualys's, or our VMDR vision and strategy. So, this truly helps our customers, go beyond just managing the endpoints to now what we call sub securing those endpoints, being able to automatically detect all security vulnerabilities and issues and get closer and closer to the self remediation of those vulnerabilities, and that's why this partnership makes, a great strategic benefit for all of our customers and large enterprise. >> So Sumedh, talk to us about the VMDR lifecycle, give us a picture of where your customers are and that how does this really going to help them deal with the new normal of even more devices going to be remote for a long period of time? >> what's happening now is that, this is being extended to home devices, customers in the past were only looking at enterprise devices that were owned by the organization, and we continuously now see, we can't get a new laptop to the user, or they're using their home device, home desktop, because it's bigger screen, more powerful, whatever it is, so people are starting to do that, and you can't really stop them from doing that if you want to get work done, and so, essentially VMDR is four things, which is, continuous asset inventory discovery, Second is, detection of all security issues, including vulnerabilities and misconfigurations. Third is the prioritization based on the knowledge of the device, and what's running on the device just because you have a severity, five vulnerability or highly exploitable vulnerability does not mean that you need to prioritize that as the first one to patch, and then you need to be able to patch it, and so that's the four elements that make up the VMDR lifecycle, and as customers have no good way to detect what devices are there, what is connecting to the VPN, because now they don't actually, physically see the devices, the traditional network devices that were... office firewalls that are sitting in the office, that were detecting devices are now not useful because everybody's outside the firewall. And so that entire life cycle, is something that customers want to do, because at the end, you want to reduce your risk quickly. And having a single platform that does all of that, is the key benefit that we get from there. >> Talk to me a little about the go-to market, in terms of how are your customers, joint customers buying the solution? >> I think what we've really worked on is typically what happens today is the customers'... different vendors are providing individual pieces, you have to go buy a different inventory solution, a different vulnerability solution, a different prioritization, a different patch solution, so, working with Ivanti, we've really worked on creating a single platform, and this took us a quite a bit of time to really make that engineering integration work, to be able to have Ivanti patch management directly embedded into the Qualys' agent. So that way, customers don't have to deploy another agent, and they don't have to buy different solutions for different consoles, so, from a go-to market perspective, we keep it very simple for our customers, they essentially have a one price for the entire asset and then if they choose to do the patch management, this is something that we sell as a capability that is directly available through Qualys and Ivanti has done a huge amount of work to integrate seamlessly in the back end to help the customer so that they don't have to, buy from one, buy from another and try to integrate it themselves. >> And Lisa if you look at it, it's really a way for customers to handle heterogeneous landscape, patching of heterogeneous landscape that they have, in their environment all the way from the data centers to those endpoints, the Windows devices, Mac devices, Linux devices, and in future, we'll also be supporting multiple other devices and platforms through Qualys VMDR, absolutely. >> Let's talk about the target audience and really understanding, from a security perspective, it's top of mind for the C-suite all the way up to the board, now with COVID and the increase in ransomware, and some of the things, the device spread, that's probably only going to spread even more, Nayaki, starting with you, how are you seeing the customer conversations change? Are you now not just talking to ITs elevated up the stack? Is this a CEO, board level concern that you're helping them to remediate? >> Absolutely, Lisa, this conversation about cyber security challenges, especially as organizations are trying to figure out what this transformation to remote working means, this is really not just limited to an IT organization or a CIO level conversation, this is a C-suite conversation at the CEO level, and in most cases, I'm also seeing this becoming a board conversation and I'm on a couple of boards myself, and this is truly a board conversation where discussing how we help enterprises transform to remote working and cyber security challenges as more and more workers are working from home, securing those devices is top of mind, for pretty much CEOs and the boards, and helping them through the transition is a number one priority. So, this is between the partnership with Qualys and Ivanti, for us to offer this joint solution, and really make it available where they can address the security concerns that they have, in their environment. >> And Sumedh, in terms of target market, we talked with Nayaki and Jeff last week about, from a vertical perspective, they've got a lot of strengths in healthcare and retail, for example, are you looking at any leading edge markets right now, verticals that really are at most risk? Or are you attacking us from a GTM perspective, or in a horizontal way? >> It's not even our choice anymore, because what's happened with remote working in no matter what industry you are in, everybody's workers are working from home essentially, and using laptops and the number of attacks have significantly multiplied because now that this endpoint is outside of your traditional defenses that you have in an office environment, these endpoints are a lot more vulnerable, and they are in a home network, I have devices in my home network for my kids that are running all kinds of fortnight and things like that, that now actually could have access to my work laptop, so that is becoming a big concern and the other realization that you cannot really use enterprise solutions as you have in the past, for patching and securing your endpoint that's not inside the enterprise, because if a single SMB goes vulnerability patches 350 Megs for one device, if you have that patch 1000 devices trying to download that over VPN, it's just not going to work, and it kills the VPN, so that is this big push towards moving into a cloud based method of deploying these patches, So you going to actually get these patches deployed without hitting your VPN environments, and this is really the big thing, and the other day I read something that that asked like, what is accelerating the digital transformation to the cloud for your enterprise? And, there was a CEO and the Sea So and then COVID, so unfortunately, the pandemic has been bad in many ways, but in other ways, it has really helped organizations move more quickly, to get approvals from the board and the management because the other option is just not a choice anymore, which is trying to use on-prem solution so that resistance to cloud based solutions is significantly decreasing because, today, we're all sitting in different locations and meeting every day on video, etcetera and that's really powered by that cloud-based platforms that we have today. >> I call it the COVID catalysts, there are a lot of interesting things that are positive, that are being catalyzed as a result of this massive change. One more question Sumedh for you, in terms of, this enabling VMDR to become a category, a target market for endpoint security, how does this help? >> I think, the more we can provide the customer ability to reduce the number of different steps that they have to go through and the different tools that they have to purchase and multiple agents and multiple consoles that they have to put together, then it just becomes a category in itself because you kind of have that ability to do detection, prioritization and response in a single solution, which is something that nobody else offers today because everybody is focused on just one aspect of it, and so, today the response from our customers has been absolutely tremendous, they are extremely happy to have this ability to very quickly figure out what's wrong, one of the things we didn't talk a lot about, but I would say in patch management process, the biggest challenge and where most time is spent is mapping a CVE to a specific patch that needs to be deployed on a specific machine, because of 64-bit architecture, 32-bit architecture, so, the Ivanti catalog helps us tremendously to help bring the knowledge that we have on the CVEs to that catalog, and then give our customers a way to be able to get those patches deployed in a very, very quick way, and so that essentially is just created this new category, when you have this end-to-end ability on a single platform. So whether it comes from Qualys or somebody else, I think the need is there to say, when I'm looking at patch management, I want the discovery of vulnerability and patching all of that to be done together. >> And that speed is absolutely critical. So in terms of the general availability, Sumedh, is this available now, when do customers get access? >> So with the partnership with Ivanti, VMDR in general has been available now for our customers for a couple of months, but now with the enhanced partnership, it was available for Windows or is currently available for Windows and now we are working with Ivanti for the next few months to get the Mac version out, so, we would think about in the next couple of quarters, we will have that available through Qualys VMDR, the ability to patch the Macs as well. >> Excellent. Nayaki let's go ahead and take this home with you, in terms of give me kind of an overall, round this out, the expansion of the partnership, the importance of helping customers in these disparate environments, and the momentum that this gives Ivanti for the rest of the year and going into 2021? >> This really rounds our entire Ivanti's vision and strategy, reservoir, our ability to discover every asset customers have on their endpoints and point assets as devices, being able to manage those devices holistically and to secure those devices, and also do service management of those devices and I had mentioned this, we are the only vendor in the market, that can do all of this end-to-end all the way from discovery, to security, to service managing the devices which... and the partnership with Qualys really helps as round it off across the board is full lifecycle of endpoint management, device management, and also enables us to extend to the natural adjacencies of IoT with Ivanti neurons, vision and strategy and truly get into a world of what we call self healing and self securing, the autonomous edge that we really strive to in the longer term. >> Congratulations both of you on this expansion of the partnership, we thank you for taking the time to explain to us the value in it, the challenges that this going to solve for your customers, Nayaki it's always great to have you on the program, thank you for joining me. >> Thank you, thank you Lisa and Sumedh, absolutely a great pleasure talking to all of you. >> Thank you for inviting me and good seeing both of you and I look forward to seeing you guys again. Have a good day >> Yeah, Sumedh. Great to meet you as well. For my guests, I'm Lisa Martin, you're watching this CUBE conversation. (upbeat music)

>>from Las Vegas. It's the Q covering quality security conference 2019. You >>bike, Wallace. Hey, Welcome back. You're ready. Geoffrey here with the Cube were in Las >>Vegas at the Kuala Security Conference here at the Bellagio. 19 years they've been doing this conference star first time here, But we've got a real veteran. Has been here for 16 years who can really add some depth and perspective for happy to welcome submit to car. He's a president and chief product officer for cause like >>to see you. Thank you, >>Jeff. Thanks for having me. >>Pleasure. So just, uh, don't lorry before getting ready for this. Um, this day, listening to the earnings call. And you got a really nice shout out in the nights in the Last Rings call and your promotion just to let everybody know what submits got underneath his plate. R and D. Q A ops, product marketing and customer support and adding worldwide field sales ops. You're busy, guy. >>Yeah, you know. But the good thing is, >>no matter who you are, you only have 24 hours in the >>day. That's true. Just as Leo. But I am curious because you've been here for a >>while, you've seen a lot of technology, you know, kind of waves. And yet here you guys still are. You've got an architecture that's built to take advantage of things like open source to take advantage of things. My cloud is you kind of take a breath between customer meetings and running from panel the panel and you think about kind of the journey. You know what? What kind of strikes you that you know, that you guys are still here, Still successful, Still have a founding CEO. It's >>your position. Yeah, It's actually very interesting >>being here for 16 years. Started a software engineer. And, you know, I've been doing a lot of stuff doing a product management now, engineering and all of that. And I think one thing that's really part of the DNA for us and which is really helped us keep growing, is being innovative continuously, right, because five years ago, nobody would have said container technology docker eso, as new security knew in for sexual pattern times have come about. We've just been on our toes and making sure that we are addressing all these different newer areas. And so the key is not so much about what new technology is going to come, because two years from now there was something that we don't even know about right now. What's key is that we build a platform that we keep adding additional capabilities that continue to quickly and nimbly be able to address customer's needs. From that perspective. >>Yeah, we just had Laureano. She talked quite a bit about your kind of customer engagement model being different than the traditional ones, really trying to build a long lasting relationship and to collect that data from the customers to know what their prairies are all about. >>Yeah, >>and, you know, it's because we've been subscription based since day one. You know, this is the not we're not incentivized to go and try to sell our customers big fact, multimillion dollar deals. Then we don't disappear like enterprise sales usually does on perpetual licenses. So we have to earn our keep, and we want to make sure customers are we understand their needs so that they actually buy and purchase only what they are going to use so we can go back and they can grow more. We show the value. Uh, so that's a very different model on, you know, at the end of the day, that is a model of the cloud. So everybody who was in this consumption based model has to ensure that they are every year, going back and showing the value and earning their subscription back. So in that sense, security. Not a lot of vendors have done that for a long time. We've been the ones since the beginning to kind of follow this model, and it's worked very well for us. It's a great model. Customers were happy as we had more solutions. We showed the value, and it's very easy for them to upgrade and get additional value of quality at a very reasonable of you. No cost to them. >>It's interesting. Feli talked about an early conversation that he had with Marc Benioff details Horse and and I would argue that it was really sales force. That kind of cracked the code in terms of enterprising, being comfortable with a cloud based system and, you know, kind of past the security and the trust in this in that, so to make that gamble on the cloud so early, very, very fortunate and for two days. Thea Other thing I think that does not get enough play which you just touched on is a subscription business model forces you to deliver every month they're paying every month you gotta deliver Your mother is a very different relationship than a once a year. You know, not even once year to go get that big lump sum to get the renewal cause you're in bed with them. Every single say absolutely. Yeah, >>so that's really a very interesting model. >>So as you look forward, I know you're just given Ah, talk on, you know, kind of starting to look at the next big wave of trends. How do you get out ahead of it? What are you thinking about? What keeps you up at night would be excited about. >>So the very cool part about that about my job is that I also heard engineering and product Fork Wallace and Security. So we're living that digital transformation that our customers are going through as well. So we have a massive black farm. We have, like, three trillion data points. Every index, we have one million rights per second on Cassandra Clusters. So we are dealing with the same infrastructure innovation that our customers are doing and so died is helping us also learn how the secular own platform what our customers are thinking. Because as they are moving into Dev ops, we have already moved into that. We have learned our lessons, so we relate to what they're going through. And that's really the next big thing is hard to be enabled. Security tools to really be built into the develops stool chain so that we eliminate a lot of the issues upfront before they ever even become an issue. And, you know, my talk this morning was about started with the notion of t t R, which is the time to remediate, and the best time to the mediator is the time of zero, right? If you don't ever let the issue get into your production environment, you never have to worry about fixing it. And that's really the next big thing for us is how do we create a platform that helps customer not the look at security in multiple silos, but to have a single platform where they can go all the way from develops to production to remediation to response all orchestrated to the same platform, >>right? It's pretty interesting, because that was, uh, Richard Clarke. Keynote the author. You know, we used to always break cos down into two buckets. You know, either those that had that have been breached and those that have been breached just don't know about it yet. Yeah. Yeah. And then, you know, he introduced his third concept, which is those that got breached but actually got on it. Remediated it. Maybe not the time, zero, but in a way that it did not become a big issue. Because, let's face it, you're going to get breached at some level. It's How do you keep it from becoming a big, big nightmare? >>Exactly. And that is really the only measure off effectiveness off your security, right? It's not about how many people you have, how many dollars you spend on security, how big your security team is. Harmony renders you have How quickly can you get in there, find and fix any issue that comes up? That's that. That's the living matter. If you can't do that with no people and no, uh, you know, re sources that are being put to it with automation, then that's great. If you do that with 50 people, that's great. We just need to be able to get to that point. And today, off course with hybrid infrastructure, we are realizing quickly, throwing more people that the problem is not really solving the problem. We just cannot keep going. We need to leverage that seem scalable technology that has been used in the digital transformation to provide that similar stuff from a security perspective through the customers as well, >>right? And even if you even if you wanted to hire the people, there aren't enough people, >>and that's another just our people, right? So the other >>thing that you must be really excited about is on the artificial intelligence of machine learning site and a lot of buzz in the press. Talk about robots and machines and this type of stuff. But, as you know, is we know where that robber really hits. The road is applied a I and bring in the power of that technology to specific problems. Complete game changer, I would assume for which you guys could do looking forward. >>Yeah. I mean, uh, you can really only >>have good machine learning and gold. Aye aye, if you really have a massive historic data that you can really mind to find out trends and understand how patterns have evolved, right, so only cloud based solutions can actually do that because they have a large amount of customer telemetry that they can understand and do that. So from that sense, Wallace Black form is absolutely suited for that. But having said that again, all of these have there specific application. So there's vendors were coming out and claiming that machine learning's going to solve world hunger and everything's gonna be great just because your machine learning but no machine learning and the prediction that comes with that on the privatization is one element off your tool kit. You still have to do your devil options still have to fix things. You still have to do a lot of things. But then how do you predict out of all the chaos, how can you try to focus on some things that may become a real problem, which are not now? So that's really the exciting part is to be able to bring that as an additional tool kit for the customer in their arsenal to be ableto respond to threats much faster and better than they have in the past, >>right? It is a cloud based platform. You guys are sitting in the catbird seat for that. What about on the other side? The on the ed side, Another kind of new thing that's coming rapidly. Edges are are messy. They don't have nice, pristine data. Center your environments. There's connectivity, problems, power problems, all types of issues as you look at kind of edge and an I A. T more generally, you know, increasing the threat surface dramatically. How do you How do you kind of think about that? How do you approach it to make it not necessarily a problem, but really an opportunity for follows? >>I mean, that's Ah, that's a great question because there is no magic pill for that, right? It's like you just have to be able to leverage continuous telemetry collection and the collection to be able to see these devices CDs, patterns on. So that's works really well for us because that to be able to do that right in a global organization to almost every organization is global. Global organization has multiple infrastructure, multiple people in different locations, multiple offices. And, uh, if you look at the eye ot architecture, it is about sensors that are pushing down the one common platform which controls them and which updates them and all of that. That's the platform that Wallace's build since the beginning is multiple of these different sensors that are continuously collecting later, pushing it back into our platform. And that's the only way you can get the visibility across your global infrastructure. So in many ways, we are well suited to do that. And which is the big reason why we gave out of a global ideas and then 20 product for free for customers, because we truly believe that that's the first step for them to start to get secure. And because we have the architecture and the platform and become significantly easier for us to be able to give them that gave every day, which is truly wide and not just say I have visibly in my cloudy here. But then container visibly, somewhere there and I ot visibly somewhere else, we bring all of that together in one place. >>All right, Spencer, I know you've got Thio run off >>to your next commitment. We >>could we could keep going, but I think we have to leave it there again. Congrats on your promotion >>and thank you. All right. He submit. I'm Jeff. You're watching the Cuba Think >>Wallace Security conference in Las Vegas. Thanks for watching. We'll see you next time. Thanks.