(light music) (airy white noise rumbling) >> Hey everyone, welcome back to Las Vegas. It's theCUBE. We're here, day four of our coverage of AWS re:Invent 22. There's been about, we've heard, north of 55,000 folks here in person. We're seeing only a fraction of that but it's packed in the expo center. We're at the Venetian Expo, Lisa Martin, Dave Vellante. Dave, we've had such great conversations as we always do on theCUBE. With the AWS ecosystem, we're going to be talking with another partner on that ecosystem and what they're doing to innovate together next. >> Well, we know security is the number one topic on IT practitioners, mine, CIOs, CISOs. We also know that they don't have the bench strength, that's why they look to manage service providers, manage service security providers. It's a growing topic, we've talked about it. We talked about it at re:Inforce earlier this year. I think it was July, actually, and August, believe it or not, not everybody was at the Cape. It was pretty well attended conference and that's their security focus conference, exclusive on security. But there's a lot of security here too. >> Lot of security, we're going to be talking about that next. We have two guests from Capgemini joining us. Mike Wasielewski, the head of cloud security, and NextGen secure architectures, welcome Mike. Anne Saunders also joins us, the Director of Cybersecurity Technology Partnerships at Capgemini, welcome Anne. >> Thank you. >> Dave: Hey guys. >> So, day four of the show, how you feeling? >> Anne: Pretty good. >> Mike: It's a long show. >> It is a long, and it's still jamming in here. Normally on the last day, it dwindles down. Not here. >> No, the foot traffic around the booth and around the totality of this expo floor has been amazing, I think. >> It really has. Anne, I want to start with you. Capgemini making some moves in the waves in the cloud and cloud security spaces. Talk to us about what Cap's got going on there. >> Well, we actually have a variety of things going on. Very much partner driven. The SOC Essentials offering that Mike's going to talk about shortly is the kind of the starter offer where we're going to build from and build out from. SOC Essentials is definitely critical for establishing that foundation. A lot of good stuff coming along with partners. Since I manage the partners, I'm kind of keen on who we get involved with and how we work with them to build out value and focus on our overall cloud security strategy. Mike, you want to talk about SOC Essentials? >> Yeah, well, no, I mean, I think at Capgemini, we really say cybersecurity is part of our DNA and so as we look at what we do in the cloud, you'll find that security has always been an underpinning to a lot of what we deliver, whether it's on the DevSecOps services, migration services, stuff like that. But what we're really trying to do is be intentional about how we approach the security piece of the cloud in different ways, right? Traditional infrastructure, you mentioned the totality of security vendors here and at re:Inforce. We're really seeing that you have to approach it differently. So we're bringing together the right partners. We're using what's part of our DNA to really be able to drive the next generation of security inside those clouds for our clients and customers. So as Anne was talking about, we have a new service called the Capgemini Cloud SOC Essentials, and we've really brought our partners to bear, in this case Trend Micro, really bringing a lot of their intelligence and building off of what they do so that we can help customers. Services can be pretty expensive, right, when you go for the high end, or if you have to try to run one yourself, there's a lot of time, I think you mentioned earlier, right, the people's benches. It's really hard to have a really good cybersecurity people in those smaller businesses. So what we're trying to do is we're really trying to help companies, whether you're the really big buyers of the world or some of the smaller ones, right? We want to be able to give you the visibility and ability to deliver to your customers securely. So that's how we're approaching security now and we're cloud SOC Essentials, the new thing that we're announcing while we were here is really driving out of. >> When I came out of re:Invent, when you do these events, you get this Kool-Aid injection and after a while you're like hm, what did I learn? And one of the things that struck me in talking to people is you've got the shared responsibility model that the cloud has sort of created and I know there's complexities across cloud but let's just keep it at cloud generically for a moment. And then you've got the CISO, the AppDev, AppSecDev group is being asked to do a lot. They're kind of being dragged into security that's really not their wheelhouse and then you've got audit which is like the last line of defense. And so one of the things that struck me at re:Inforce is like, okay, Amazon, great job for their portion of the shared responsibility model but I didn't hear a lot in terms of making the CISO's life easier and I'm guessing that's where you guys come in. I wonder if you could talk about that trend, that conceptual layers that I just laid out and where you guys fit. >> Mike: Sure, so I think first and foremost, I always go back to a quote from, I think it's attributed to Peter Drucker, whether that's right or wrong, who knows? But culture eats strategy for breakfast, right? And I think what we've seen in our conversations with whether you're talking to the CISO, the application team, the AppDev team, wherever throughout the organization, we really see that culture is what's going to drive success or failure of security in the org, and so what we do is we really do bring that totality of perspective. We're not just cloud, not just security, not just AppDev. We can really bring across the totality of the Capgemini estate. So that when we go, and you're right, a CISO says, I'm having a hard time getting the app people to deliver what I need. If you just come from a security perspective, you're right, that's what's going to happen. So what we try to do is so, we've got a great DevSecOps service, for example in the cloud where we do that. We bring all the perspectives together, how do we align KPIs? That's a big problem, I think, for what you're seeing, making CISO's lives easier, is about making sure that the app team KPIs are aligned with the CISO's but also the CISO's KPIs are aligned with the app teams. And by doing that, we have had really great success in a number of organizations by giving them the tools then and the people on our side to be able to make those alignments at the business level, to drive the right business outcome, to drive the right security outcome, the right application outcome. That's where I think we've really come to play. >> Absolutely, and I will say from a partnering perspective, what's key in supporting that strategy is we will learn from our partners, we lean on our partners to understand what the trends they're seeing and where they're having an impact with regards to supporting the CISO and supporting the overall security strategy within a company. I mean, they're on the cutting edge. We do a lot to track their technology roadmaps. We do a lot to track how they build their buyer personas and what issues they're dealing with and what issues they're prepared to deal with regards to where they're investing and who's investing in them. A lot of strategy around which partner to bring in and support, how we're going to address the challenges, the CISO and the IT teams are having to kind of support that overall. Security is a part of everything, DNA kind of strategy. >> Yeah, do you have a favorite example, Anne, of a partner that came in with Capgemini, helped a customer really be able to do what Capgemini is doing and that is, have cybersecurity be actually part of their DNA when there's so many challenges, the skills gap. Any favorite example that really you think articulates how you're able to enable organizations to achieve just that? >> Anne: Well, actually the SOC Essentials offering that we're rolling out is a prime example of that. I mean, we work very, very closely with Trend on all fronts with regards to developing it. It's one of those completely collaborative from day one to going to the customer and that it's almost that seamless connectivity and just partnering at such a strategic level is a great example of how it's done right, and when it's done right, how successful it can be. >> Dave: Why Trend Micro? Because I mean, I'm sure you've seen, I think that's Optiv, has the eye test with all the tools and you talk to CISOs, they're like really trying to consolidate those tools. So I presume there's a portfolio play there, but tell us, tell the audience a little bit more about why Trend Micro and I mean your branding with them, why those guys? >> Well, it goes towards the technology, of course, and all the development they've done and their position within AWS and how they address assuring security for our clients who are moving onto and running their estates on AWS. There's such a long heritage with regards to their technology platform and what they've developed, that deep experience, that kind of the strength of the technology because of the longevity they've had and where they sit within their domain. I try to call partners out by their domain and their area of expertise is part of the reason, I mean. >> Yeah, I think another big part of it is Gartner is expecting, I think they published this out in the next three years, we expect to see another consolidation both inside of the enterprises as well as, I look back a couple years, when Palo Alto went on a very nice spending spree, right? And put together a lot of really great companies that built their Prisma platform. So what I think one of the reasons we picked Trend in this particular case is as we look forward for our customers and our clients, not just having point solutions, right? This isn't just about endpoint protection, this isn't just about security posture management. This is really who can take the totality of the customer's problems and deliver on the right outcomes from a single platform, and so when we look at companies like Trend, like Palo, some of the bigger partners for us, that's where we try to focus. They're definitely best in breed and we bring those to our customers too for certain things. But as we look to the future, I think really finding those partners that are going to be able to solve a swath of problems at the right price point for their customers, that is where I think we see the industry moving. >> Dave: And maybe be around as an independent company. Was that a factor as well? I mean, you see Thoma Bravo buying up all his hiring companies and right, so, and maybe they're trying to create something that could be competitive, but you're saying Trend Micros there, so. >> Well I think as Anne mentioned, the 30 year heritage, I think, of Trend Micro really driving this and I've done work with them in various past things. There's also a big part of just the people you like, the people that are good to work with, that are really trying to be customer obsessed, going back right, at an AWS event, the ones that get the cloud tend to be able to follow those Amazon LPs as well, right, just kind of naturally, and so I think when you look at the Trend Micros of the world, that's where that kind of cloud native piece comes out and I like working with that. >> In this environment, the macro environment, lets talk a bit, earning season, it's really mixed. I mean you're seeing some really good earnings, some mixed earnings, some good earnings with cautious guidance. So nobody really (indistinct), and it was for a period time there was a thinking that security was non-discretionary and it's clearly non-discretionary, but the CISO, she or he, doesn't have unlimited budgets, right? So what are you seeing in terms of how are customers dealing with this challenging macro environment? Is it through tools consolidation? Is that a play that's going on? What are you seeing in the customer base? >> Anne: I see ways, and we're working through this right now where we're actually weaving cybersecurity in at the very beginning of how we're designing offers across our entire offer portfolio, not just the cybersecurity business. So taking that approach in the long run will help contain costs and our hope, and we're already seeing it, is it's actually helping change the perception that security's that cost center and that final obstacle you have to get over and it's going to throw your margins off and all that sort of stuff. >> Dave: I like that, its at least is like a security cover charge. You're not getting in unless we do the security thing. >> Exactly, a security cover charge, that's what you should call it. >> Yeah. >> Like it. >> Another piece though, you mentioned earlier about making CISO's life easier, right? And I think, as Anne did a really absolutely true about building it in, not to the security stack but application developers, they want visibility they want observability, they want to do it right. They want CI/CD pipeline that can give them confidence in their security. So should the CISO have a budget issue, right? And they can't necessarily afford, but the application team as they're looking at what products they want to purchase, can I get a SaaS or a DaaS, right? The static or dynamic application security testing in my product up front and if the app team buys into that methodology, the CISO convinces them, yes, this is important. Now I've got two budgets to pull from, and in the end I end up with a cheaper, a lower cost of a service. So I think that's another way that we see with like DevSecOps and a few other services, that building in on day one that you mentioned. >> Lisa: Yeah. >> Getting both teams involved. >> Dave: That's interesting, Mike, because that's the alignment that you were talking about earlier in the KPIs and you're not a tech vendor saying, buy my product, you guys have deep consultancy backgrounds. >> Anne: And the customer appreciates that. >> Yeah. >> Anne: They see us as looking out for their best interest when we're trying to support them and help them and bringing it to the table at the very beginning as something that is there and we're conscientious of, just helps them in the long run and I think, they're seeing that, they appreciate that. >> Dave: Yeah, you can bring best practice around measurements, alignment, business process, stuff like that. Maybe even some industry expertise which you're not typically going to get from a product company. >> Well, one thing you just mentioned that I love talking about with Capgemini is the industry expertise, right? So when you look at systems integrators, there are a lot of really, really good ones. To say otherwise would be foolish. But Capgemini with our acquisition of Altran, a couple years ago, I think think it was, right? How many other GSIs or SIs are actually building silicon for IoT chips? So IoT's huge right now, the intelligent industry moving forward is going to drive a lot of those business outcomes that people are looking for. Who else can say we've built an autonomous vehicle, Capgemini can. Who can say that we've built the IoT devices from the ground up? We know not just how to integrate them into AWS, into the IoT services in the cloud, but to build and have that secure development for the firmware and all and that's where I think our customers really look to us as being those industry experts and being able to bring that totality of our business to bear for what they need to do to achieve their objectives to deliver to their customer. >> Dave: That's interesting. I mean, using silicon as a differentiator to drive a lot of business outcomes and security. >> Mike: Absolutely. >> I mean you see what Amazon's doing in silicon, Look at Apple. Look at what Tesla's doing with silicon. >> Dave: That's where you're seeing a lot of people start focusing 'cause not everybody can do it. >> Yeah. >> It's hard. >> Right. >> It's hard. >> And you'll see some interesting announcements from us and some interesting information and trends that we'll be driving because of where we're placed and what we have going around security and intelligent industry overall. We have a lot of investment going on there right now and again, from the partner perspective, it's an ecosystem of key partners that collectively work together to kind of create a seamless security posture for an intelligent industry initiative with these companies that we're working with. >> So last question, probably toughest question, and that's to give us a 30 second like elevator pitch or a billboard and I'm going to ask you, Anne, specifically about the SOC Essentials program powered by Trend Micro. Why should organizations look to that? >> Organizations should move to it or work with us on it because we have the expertise, we have the width and breadth to help them fill the gaps, be those eyes, be that team, the police behind it all, so to speak, and be the team behind them to make sure we're giving them the right information they need to actually act effectively on maintaining their security posture. >> Nice and then last question for you, Mike is that billboard, why should organizations in any industry work with Capgemini to help become an intelligent industrial player. >> Mike: Sure, so if you look at our board up top, right, we've got our tagline that says, "get the future you want." And that's what you're going to get with Capgemini. It's not just about selling a service, it's not just about what partners' right in reselling. We don't want that to be why you come to us. You, as a company have a vision and we will help you achieve that vision in a way that nobody else can because of our depth, because of the breadth that we have that's very hard to replicate. >> Awesome guys, that was great answers. Mike, Anne, thank you for spending some time with Dave and me on the program today talking about what's new with Capgemini. We'll be following this space. >> All right, thank you very much. >> For our guests and for Dave Vellante, I'm Lisa Martin, you're watching theCUBE, the leader in live enterprise and emerging tech coverage. (gentle light music)

(intense orchestral music) >> Hello everyone and welcome to theCUBE Conversation here in Palo Alto, at theCUBE studios. I'm John Furrier, we're here with a special conversation with Fortinet's John Maddison, senior vice president of products and solutions with Fortinet. Welcome to theCUBE Conversation. >> Good to be here again. >> So you guys have some hard new today hitting, it's called the FortiNAC, Forti, like Fortinet, Forti, N-A-C, network access control. >> Right. >> Significant announcement for your guys, take a minute to explain the announcement. >> Yeah, so about two months ago we acquired a company called Bradford Networks. They compete, provide products in the network access control arena. Other companies in that space, so people like ForeScout or Cisco or HP. We think it's a very important space because it's going to be the foundations for IOT security. You probably heard a lot of buzz around IOT security. And there's different levels of IOT security. There's that for the enterprise, there's that for cloud, et cetera and so, for us, this is an important announcement because it gives us that added visibility now to IOT devices via the fabric. >> And the product, is it an appliance? Is it software? What's the product making? >> It's both. You can do a virtual machine version. It's also an appliance. It comes in different levels. The key for it though is the scalability because with IOT devices, we're not talking 100 devices anymore, we're talking millions of devices so what it's able to do is look across many different protocols and devices and provide that visibility of just about any device attaching to your network. >> Who's the target audience for FortiNAC? Is it the data center? Is it the cloud? Is it the remote? Where's the product actually sit? >> Well it's more by industry, so certain industries will have lots more of these types of devices attaching. So think of manufacturing for example. The medical industry as well. And so those are the real, education's another one, so it's more by vertical and it's really focused on campuses, large campuses or remote offices or even manufacturing plants where, again, these devices are attaching to your network. >> And they'll sit at the edge, monitoring what's coming in and out? Is that the purpose? >> Well that's the neat thing about it, it doesn't have to sit at the edge and see all the traffic. What it does is interrogate existing devices at the edge. It could be a switch, it could be a router, it could be an access point, and from that information it can make an assessment of what the device is attaching and then apply a policy. >> So this is part of a bigger holistic picture? We've have conversations with Fortinet in the past, a few conversations certainly around security, with cloud it's the top conversation, on premise it's the top conversation. You guys also have some complimentary products involved like the security fabric and the connectors. Does this fit into that? Take a minute to explain the relevance of how FortiNAC works with the security fabric and the connectors? >> Yeah, last time I was here I explained our fabric and so the fabric is basically something, is a set of Fortinet products, solutions in a way, that are very tightly integrated into the network or into the customer's ecosystem, and then once you've built that you then provide automation systems across for protection, detection and response. And the whole idea is to make sure you're covering what we call the digital attack surface. The digital attack surface now includes, obviously IOT devices, so gaining this visibility from FortiNAC, making sure the information is available to our fabric is crucial for us to make sure we can protect the digital attack surface. >> And for customer's the fabric is a holistic view, the NAC is a product that sits in the campuses or within the network that kind of communicates in the fabric? Is that right? >> Right. So the NAC can see all the IOT devices attaching and then it integrates back into the fabric. The fabric can then apply a policy, so the fabric can see everything now From IOT to the campus, to the WAN, to the data center, to the cloud and if, for example, those IOT devices are communicating with something in the cloud the fabric can see end to end and apply, for example, a segmentation policy, end to end, all the way through the infrastructure. >> You know what I love about having conversations with Fortinet is that you guys spark two types of conversations, use cases and then product technology conversation. This obviously is an IOT kind of product. It makes a lot of sense, you got a little SD-WAN in there. This is the top conversation around enterprises and people looking at cloud an/or looking at re-platforming around cloud operations, it's the cloud architect, it's the network architect. >> Yeah. >> These guys are really being asked to redo things, so how does the IOT fit into this? What is the product? What is the FortiNAC do for IOT from a use case standpoint and then product and technology? >> That's a good conversation because recently, maybe the last 18 months, instead of talking about a point solution, instead of talking about a specific use case, customers want to put all those use cases together and then produce a longer term, more holistic architecture. So now they have a cyber security architect, security architects as well as networking architects. And they want to look at their infrastructure, because that's the things that's changing the most right now. Sure, the threat landscape's out there and the cyber criminals are changing and stuff, et cetera but it's really that infrastructure that's changing the most because they've moving to flexible WAN systems or cloud and so they want it integrated, end to end, over a long time period. So what they want to be able to do is to automate, that's the key word, is automation. It's to make sure all these devices attaching are part of the security automation architecture and then they comply that security policy automatically to that device. >> You know one of the things that's a big trend in the industry is having network guys and people who are managing infrastructure, move from a command line interface, DLI, to automation. >> Mm. >> You mentioned that. How does the FortiNAC extend the security fabric? Because you guys essentially have that holistic view with the fabric. So now you have this IOT capability. How is that device extending the security fabric and what's the benefits to the buyer? >> Yeah, so the fabric has visibility obviously at the next generation firewall, we also have deployment of access points and switches. But obviously there are other companies with vast deployments of switches, I can name a few, and access points and so if they weren't our switches we couldn't necessarily see those devices attaching. And so what FortiNAC does, it comes in and provides us that now complete visibility. It doesn't matter if it's our infrastructure switches and APs, it can be somebody else's. FortiNAC can interrogate and talk to those devices and not only gain that visibility but if we decide there's a certain security posture we want to apply to some IOT device, we don't know what it is, we want it segmented, restrict it's access. Then the fabric can then tell the FortiNAC device to provide control and segmentation back to it. >> So they're working together? >> Working together and it gives us now complete visibility of the IOT devices. >> Let's talk about some the trends around segmentation. We heard, certainly recently at VMworld about micro segmentation's been one of the key things. A lot of top architects, both network and cloud and software are looking at micro segmentation or segmentation in general around the network. Why is it important and what are some of the use cases that you guys are seeing around segmentation? >> It's extremely important but it's a very complex problem in that even though our customer's have bought a lot of different security products from different vendors and different infrastructure, one of the things they don't always realize is they bought a lot of different orchestration systems, a lot of command and control systems and those are key in the future because those systems determine what the infrastructure looks like. You NAC system is kind of an orchestration system, allowing different devices to come on/off the network. SD-WAN has it's own orchestration system. You talked about micro segmentation, things like VMware and NSX and Cisco ACI, all the clouds have their own orchestration systems as well. AWS, Azure, and so what's interesting is none of them really talk to each other. They're more focused on looking after their part of the infrastructure. Now to do segmentation end to end you really need to have end to end orchestration across all those systems. If I want to orchestrate, as I said, that IOT communication with a select application in the cloud, I need to orchestrate all the way through those orchestration systems. >> You need an orchestration or the orchestration system that you have in the cloud. (laughing) >> You need a mother of all orchestrators in some way but I don't think that's ever going to happen and so what's going to happen, really, is your security architecture and segmentation will be specific to a platform or fabric as we're building and then your fabric has to connect into the orchestration systems to tell it what's going on within that section of the orchestration. Again, if it's a NAC system, I can just explain, I know these IOT devices are attaching, let me apply a policy to those. If I know the WAN links are a certain type then I apply that policy. >> And this is the benefit of a holistic fabric because that's kind of where it ties together, right? >> It is, so you build a holistic security fabric and then you let the different infrastructure orchestrators, like VMware, or an SD-WAN vendor or a NAC vendor, do their job, really focus on the infrastructure. >> And you guys help those guys out, big time, with the orchestration side of it? >> Well we can connect into the orchestration systems and we just use it to make sure the security component is doing well. They're more focused on making sure the infrastructure delivers the applications to the end user. >> They do their job, you do your job. >> Exactly. >> Take a minute to explain for the folks out there, explain segmentation and what it is and why is it important for networks? >> A very simple example of segmentation, a couple of years ago there was a bank that got hacked in one of the countries, I think it was the Philippines or something like that, and what they found out was that in that particular country they didn't have the same security infrastructure in place so they got in through that particular branch and came all the way back into the core network and so a very simple segmentation policy they put in place was that, I'm going to segment by countries. So I'm not going to let this country's network access the core data center, if I give it a certain trust level. Segmentation can mean physical countries. It can mean I'm going to segment my intellectual property off. I could be segmenting by functions. Don't let those sales people anywhere near the intellectual property. You can also segment by identity. So segmentation means many different things, you have to apply, I think different levels of segmentation depending on your applications. >> And this is proven, too? We've heard this in many conversations in theCUBE. We had one guy from the US government saying, "We have these critical infrastructure pieces in the United States, why would we let anyone outside the United States access it?" >> Yeah. >> That's a great example. >> I mean if you go to critical infrastructure, you're even more dangerous. I mean most of the infrastructure's been air gapped. It's been totally air gapped, you can't get at it but that's changing as more of those devices become IOT and you have to let some access that. >> And this is where IOT is a challenge that we're seeing. This is one of the problems? >> It's IOT. You know that category is often referred to these days as OT, operational technology. >> Talk about end points, we're hearing endpoints being discussed, like hey, you connect the endpoints, your endpoint strategy, network strategy. Kind of elusive for some, describe why networking the endpoints is an important feature or is it? When people think of the endpoint of the network what are they really talking about? >> Well I think it's become more important. It's interesting if you go back 10 years or so even 15 years, you have a lot of endpoint vendors. Semantics, MacAfees, Trend Micros, Microsoft, I think, is now the largest endpoint security vendor. Then you have a different set of networking vendors, ourselves and some other names out there I can't remember. But, they're totally separated and so to look at your network, give you visibility to policy and segment, you need to be able to see the endpoints and the network together. The security fabric makes sure that you can at least see the endpoint. You may not provide the full stack of security, you may leave that to your endpoint vendor still but your network should be able to see your endpoint and vice versa, and you should be able to see what's communicating between the two. >> I'd like to talk about SD-WAN, but before we go there, just to kind of close out IOT, talk about Fortinet's differentiation and advantages when you talk about convergence between IOT and access technology. >> So the base technology's NAC, network access control, which is in place there but our advantage really is now scale, we can see huge amounts of IOT devices which are attaching and then take action not only at the access level but all the way into the cloud. >> SD-WAN has become a really hot topic. It's a huge market. >> Yeah. >> It's in the billions in terms of spend, it connects devices, campuses and devices but cloud's had a big renaissance within the SD-WAN market. Talk about what's going on with SD-WAN and how the security fabric and the FortiNAC fit into that because it's not your grandfather's SD-WAN market anymore as the expression goes. >> No. Well it's in that class of everything's being software defined, fair enough. But I think this marketplace, if you go even three years ago, was dominated because all the, you've got two marketplaces. You've got what I call the retail, which is distribute enterprise, thousands and thousands inside which already went to a UTM infrastructure. And then you had the branch office, which was more connected, in fact, it just had a simple router in there, it was connected back to the data center which then would go into the internet. And so what's happened is these branch offices they need more and more access to the cloud, more cloud applications are running. You need to provider QOS against those applications and then also these large corporations have decided they don't want to pay, it's a lot of money to get certain, high quality EPLS circuits, when they can get faster circuits through DSL and other mechanisms and so they wanted more flexibility around the wide area network. >> So commodity network access which is, you know, cloud non and EPLS, were high priced, secure. You get now more cloud access, this is translating to more traffic or is it? Is that the driver in all this? >> Well that's what happens and then you get more traffic going through there, it's the same with the next gen firewall right now and people saying, "There's a refresh going, we don't know why." the reason for it is, when you're in your office you're more than likely communicating with the cloud versus your local databases and so the same for the branch office, there's more traffic going through there, it's more encrypted, they want flexibility, they want HA modes, if that goes down now, you've got a big productivity problem with your employees there. And so this whole market sprung from nowhere only three or four years ago and is already in, as you say, in the billions of dollars. There's a lot of acquisition's already happened, consolidation. In our mind it's very important but what's just a important as all those elements is security. If I open up my branch office now to an internet connection, I need best of breed securities on that device and so we've been building SD-WAN, what I call core functionality, for some time, inside our fabric. It's quite a natural integration now of security into that. In fact some recent tests we did with SS Labs, we got highly recommended, for not only the SD-WAN features but that core security. Today SD-WAN vendors will say, well I'll just go and get some security solution from somewhere and bolt it on or attach it on, provide it through the cloud and that's fine but longterm, again, if you come back to that coordination, that orchestration, across two different systems, it's going to become hard. >> And the other complicating factor in this, aside from the infrastructure component, is that a lot of the SAS applications that people are buying, whether it's shadow IT or just off the shelf, or there's Dropbox or any of these services that are SAS based, cloud based, that's creating less of a perimeter. >> Yeah, when it all comes back, technology called CASB is providing that interface into that world through APIs and it all comes back to making sure that all your mechanisms of protection, detection, control are available to all your systems. If I've got some SD-WAN device somewhere and I need to check where this is going, I can use my application database or if I need to check if I'm going to this cloud, I use my CASB API. And so it comes back to a platform approach, a fabric approach. >> John, what's the SD-WAN approach for Fortinet? How do you guys do it? Why should people care? What's the differentiation? Why Fortinet for SD-WAN? What's the approach? >> Integrated in one word. That is, you don't need two boxes, you don't need two VMs, you don't need a box plus a cloud, it's all integrated on the system, best of breed SD-WAN functionality, best of breed tested by third party security which allows you then to have a much more cost effective solution. I think our TCO in the test as a 10th, or a 100th of some of the leading vendors outside there because you're bringing two vendors together and it's gets very costly. >> Alright, I'm going to put you on spot, I'm going to put my cynical hat on. So you're saying integrate security with SD-WAN? I'm going to say, hey, why not just keep it separate? Why integrate? >> Because the two functions need to work together. Where's the firewall going to go? Is it going to go in the cloud or is it going to go here? Who decides on the policy? If something happens, segmentation, who's deciding on segmentation policy? Usually two different companies, they don't really talk apart from maybe, there's an API leak in the security capabilities but to our mind, again, it comes back to that end to end segmentation and that's what a lot of the, I would say, the larger infrastructure vendors are trying to do. I want infrastructure all the way to devices being added, through my campus, through my SD-WAN, data center and cloud and if you've got multiple vendors, again, all over the place, there's no way you're going to be able to coordinate that. >> Alright, so I'll put my IT practitioner hat on. Okay, so I get that, so probably less security manual risk for human error, but I really want to automate. My goal is to automate some of these IT functions, get better security end to end, does this fit that requirement? >> Yeah, so from an automation perspective, we're building in some tools of our own but what we're finding more and more is that from an IT, as you said, they've gone out and built some dev ops capability. Ansible's a good example there. So what we're doing is making sure that, in fact, a lot of our partners and our SEs have already built these scripts and put them on GitHub, well now Microsoft Hub or whatever you want to call it. So we're taking those in and we're QAing them, making sure they're a high quality and then making them available to our customers and our partners through there. So this dev ops world, especially with cloud moving so fast, has become very important and to us it's a very important area we want to make available to our partners and customers. >> One of the things that's talked about a lot is SSL inspection, is that important? What do you guys do there? >> I think it's extremely important in that, a lot of enterprises have switched it off. The reason they switched it off is because when you switch it on it almost kills your performance. There was a recent, again an SS Labs test that was doing next gen firewall testing for SSL and some vendors' performance decreased by 90% and basically it was useless, you had to turn it off. A lot of enterprises want to switch it on. To switch it on, you need a system that has the performance capabilities. I think we decreased around 15%. The law of physics say you've got to decrease in some way but 15%'s a lot better than 90%. And you've got to switch that on because otherwise it's just a giant hole in your firewall. >> John, talk about the cloud because cloud now has multiple tracks to it. Used to be straight public cloud. Obviously on premise is this hot hybrid cloud, multi cloud is the center of the controversies, it's been validated. We see Amazon Web Services announcing something with VMware validation that you're going to start to see an on premises and cloud and some cloud native, born in the cloud companies will be out there. How do you guys extend the security fabric for those two cloud use cases? How does the Fortinet products scale to the cloud? >> Yeah, two good points. Again, a few years ago, I'd ask customers about cloud and say, "Yeah we're going to takes some steps in AWS." Now it's I've got four clouds, what's the next cloud I'm going to put inside there? I've got global clouds around the world. It's kind of interesting that there is this mad rush and it's still going on into public cloud but then I still see some people trying to do hybrid cloud and put some stuff inside their data centers. Some customers don't want that data leaving, regardless. Some people can't move mainframe applications out there so there's always going to be a hybrid world for some time but the key is multi cloud security in that, more than likely, your AWS security systems are not going to work inside a Google cloud, are not going to work inside your Azure cloud, are not going to work inside some of the data center pieces. And so hybrid cloud and multi cloud security Are really important, so for us the ability to support all those clouds, and it's not just saying, well I can put my firewall VM inside AWS. There's a whole set of deep integrations you need to do, to make sure you're inside their automation systems, you can see visibility, there's a lot of practices around compliance, et cetera, so it's actually a big task for each of us to make sure that we're compliant across the set of functions for each of those clouds. >> My final question is going to be around customer impact. If we zoom out, look at the marketplace and I'm a CIO or CXO, I'm a big time, busy enterprise architect or CIO, I'm so busy, I've got all this stuff going on, why Fortinet? Explain to me why are you important in my world? What should I be thinking about? What are some of the opportunities and challenges that I might face? What should I look at? I want to go to the cloud as much as possible because there's some benefits there. I want on premises to be as seamless as possible to the public cloud. I want rock solid security. I want to have the ability to use SAS apps. >> Right. >> Have programmable networks and have a great development team building top line revenue for my business. How can you help me? >> Is that all? (laughing) I think CIOs and CXOs are happier dealing with less vendors. The trouble is with some very large vendors, they just slow down the development side. I think what we bring to the table and by the way we're not the third largest cyber security company out there, what we try and bring is a broad approach, a broad product set so you can have different things from us as well at integrate into your current set but we try to keep very agile and fast with our developments because otherwise you'll fall behind the infrastructure, you'll fall behind the cyber threats. You know, GDPR, for example, over the last year, you've got to keep up with that. What we bring to the table is now a reasonably large company, we're five and a half thousand employees. A very large R and D budget, we try and move very fast. A large product set, all integrated through our fabric but again, we try and stay as agile and as fast moving as possible. Where we can't do it organically, we try and do it organically so our system integrate very well, where we can't do it, then we'll go and make smaller acquisitions, Bradford Networks was an example of that for IOT but I think we're building now a much better relationship with the CIO and CXO level and becoming one of their strategic partners going forward. >> Talk about the community that you guys have built because I've noticed, and I've seen you guys, certainly over the past couple years, that RSA I think a year and half, two years ago, you're working with a lot of industry partners. It's not just Fortinet by themselves, you work within the industry itself. >> Yeah, because people are building their ecosystem and they've made some decisions and hey want you to integrate inside those so we have about 50 partners now where they use our API to provide integration so they built our API and although we've mentioned FortiNAC today, we have APIs, for example, for ForeScout and other NAC vendors so if they've chosen that specific vendor, then we're fine, we'll integrate that inside our fabric. Will it have the level of integration that we have? Probably not, but at least you can see, have visibility, for example. I think the technology we've been building in the last year or so is something called fabric connectors which is a much, much deeper integration into the platforms so we have connectors for VMware NSX, for Cisco ACI, for AWS, and this provides a two way communication and that two way communication is important for one word, and that's automation. So once you can see things, once you direct policy backwards then you can start stitching together these objects and provide that end to end automation. >> Final question for you, a lot of the leading enterprises and businesses out there that are using technology to build digital business, whether it's from developers all the way down under the hood into the network, are all betting on multi cloud. Clearly that's obvious to us and that's pretty much being picked up by mainstream now. So early adopters that are leading the charge are multi cloud. If I'm betting on multi cloud, why Fortinet? Why should I be working with you guys? >> Because we're committed to supporting all those clouds. And as I said, it's no easy task to support, I think we support six clouds now, to go through all the different items and integrations across that, we're committed to that. We've got probably the most expansive integration across the most security products inside the industry and we'll continue to do that going forward. >> John, thanks for spending the time. John Maddison, senior vice president products and solutions at Fortinet here inside the special CUBE Conversation with the big news today, the FortiNAC new product integrating with the security fabric, IOT, SD-WAN, cloud solutions for multi cloud and IT. As automation comes down the road really fast, we're here in theCUBE bringing it to you. I'm John Furrier, thanks for watching. (intense orchestral music)