>> Narrator: From around the globe, It's the Cube. With digital coverage of AWS reinvent 2020. Sponsored by Intel, AWS, and our commudity partners. >> Okay, Welcome back. You're ready. Jeff Frick here with the cube. We are, coming to you from our Palo Alto studio with our continuing coverage of AWS reinvent 2020 digital this year, like everything in 2020 but we're excited to welcome back to The Cube. He's been on a number of times, he's Russ Currie. The vice president enterprise strategy for Netscout systems. Russ great to see you. >> Great to see you, Jeff. Thank you. >> Absolutely. So before we jump into there's so(laughs), so many things going on in 2020. What I do want to do is, is reflect back a little bit. You were first on The Cube at AWS reinvent 2017. So it's been about three years. And I remember, one of the lines you had said, I believe that was your guys' first, AWS show as well. So I wonder if you could reflect on kind of how the world has changed in terms of your business, and the importance of AWS and public cloud within the infrastructure systems of your clients. >> Yeah, well, it was interesting, right? We were just getting our feet wet at that point, and had just introduced some of our technology for use in AWS, and it was kind of a interesting little adventure. So we were looking at it and saying, okay where's this going to lead us? And ultimately now we're just really waist deep in it, and really having a great partnership with AWS, and delivering new technologies, new capabilities, and our customer base also is becoming so much more reliant on public cloud in particular AWS and the services that they can provide. So as we've gone and they've gone it's been a journey that we've taken together, and it's been quite, fruitful and exciting. >> Right, right. And it really reinforces this concept of I think you'd mentioned it before, a blended, you know kind of a blended infrastructure approach. So there's a lot of conversations about public cloud, hybrid cloud, multicloud, et cetera, et cetera. But at the, at the end of the day from a customer perspective, as you've mentioned it's really kind of a blended network, right. And it's really application centric, and you put the applications where those applications need to be to be the most appropriate, and that might even change over time from, from test dev to really roll out to, to scale. So you're seeing that consistency. Consistency, >> Absolutely. Yeah. The, the blended environment that in it it's so incredibly complex of our customers. As they take a look at the way that the world has changed, right? When we take a look at what has happened with people working remotely, working from home and having to come into access services in such a, a completely blended and hybrid environment as you say, not only the move to the cloud, but the move to Colo, and bringing all of this together for interconnect, it's definitely a complex environment that they have to have their fingers on the pulse of. Right? >> Yep, yep. And then of course there was this little thing that happened this year with COVID. And really right in March, April timeframe light switch moment, everybody worked from home, whether you're ready or not. And that was a very different kind of situation. Cause we had to get people secure and safe, and get them up and operating. So I'm sure you(laugh) saw a lot of interesting stuff at your business there, but I'm even more interested in how that's evolved over time. Here we are at the end of 2020, there's going to be you know, some version of this for the foreseeable future. And a lot of companies are saying that, you know there'll be a lot of, kind of work from anywhere pieces that continue forward. So again, with your customers and looking kind of the change between what happened in the spring, and now what's happening as they really of kind of put in the systems that'll enable them to continue to support, you know people working from anywhere, not even really working from home, but working from anywhere. >> Right. Exactly. I mean, as our customers had to bring up more connectivity, new connectivity, and start to add licenses for virtual desktop or for their VPN connectivity ultimately how they got it done, most of our customers said, you know we're running hot, but stable. And I think that that was, that was great for most folks. But now they're leaning into it and saying, okay how do we continue to make this happen? And how do we provide the visibility that we need to ensure that the services that we're delivering are, making it possible for their users to be productive and successful. A user doesn't want to feel that they're not contributing as much as someone else that may be able to make it into the office. And, it's a, it's a challenging time, but with that being said, technology has really stepped up, and in particular, the way that they're able to stand up services in the cloud, and the automation, and potential cost savings that they get from standing up in the cloud has really been a bood for most of our users. And some of the users, you know, the high end enterprise that we're a little bit slow to adopt, now are just turning it on as fast as they possibly can. >> Yeah, it's pretty wild. And then, we had another representative from Netscout on earlier this year. One of the, the kind of recurring themes that we've seen is you know, changes in the threat landscape. So clearly the increased attack surfaces as more and more people are working from home. They're not working from the secure environment at the office. But you guys notice some interesting things about what's happening, and we've, we've seen a little bit too in terms of kind of, ransomware and the increase in ransomware as a particular type of attack that, that seems to be growing in popularity. And these, these people are a little bit more thorough in the badness that they caused before they, they throw in the ransom request, and that they're looking for a little bit more fundamental disruption to enable them to basically extract that ransom is which they hope to do. >> Yeah. I mean the amount of DDoS attacks that we've seen has just grown incredibly over the past several months. And these extortion attacks they come in and they often hit the customer quickly and hard, and then say, turn it back for a bit and say, pay us, or we're going to shut you down. And they're really coming in more towards the back office aspects of things. So, going in and attacking that part of the business is kind of a new environment for a lot of folks. But one of the other interesting(laughs) challenges here with us is that, oftentimes those extortion notes don't make it through to the people that really need to act on them because they get caught in spam filters or they like so they're finding these DDoS attacks, and don't necessarily understand that they're under an extortion attack. So it's a real challenge for folks. And we've seen a good uptake with our on-prem capabilities to provide that kind of protection, right at the top of the security stack with our Arbor edge defense products. So it's been something that we're trying to get out there and help our customers as much as we can. And even that new, folks. >> Yeah. It's a, it's an interesting environment. And we found out from somebody too that sometimes if you actually pay the bad guys you can be breaking other rules for doing business with countries >> Yeah. >> Or people that we're not supposed to be doing business with. Like, that's the last thing you need to think about when you're trying to get all your data, and your company back online. >> Right, yeah, I mean, are you trying to make sure that you're keeping yourself stood up right? And, it's tough and you know kind of the rule one is never pay the extortion right? But you kind of got to take a look at it and say, hey, you know, what do I do? >> Right, right. So, you guys been around for a while. I wonder if we could dive in a little bit, we're at reinvent. Some of the things you guys are doing specifically on the product side to, basically increase your, your AWS capabilities. >> Sure. Thanks, yeah. We've been working really closely with AWS as they start to roll out new technologies. Last year, we were fundamental in the VPC ingress routing announcement that they have. We've been working with them with their traffic mirroring capabilities. So technology-wise, we keep in close touch with them in terms of everything that they are delivering. But also on the business side of it, we have our networking competency and just last week got our migration competency. So what we're really doing is, trying to both work the technical and the business relationship, as much as we can to try and expand our overall capabilities of book print with AWS. And, having that visibility and being able to kind of provide that same level of control and capability that you had, on-prem in your enterprise network as you move into the public cloud is a great benefit to a lot of our customers. They really have the ability now, to deliver services the way they have been delivering it for years and years. >> Now, what do you mean specifically, when you say migration competency or networking competency? >> So, they have these different competency programs for their technology partners. And the networking competency is, that you've demonstrated capabilities in your ability to provide network monitoring, or network management capabilities, or network connectivity. In the applica--, migration side you've really provided the ability to show that you have the tools, and solution set to drive, and help people become successful migrations into AWS. As you can imagine right now, a lot of folks are just lifting and shifting, putting stuff into AWS as quickly as they can to try and take advantage of the automation and the operational efficiencies that you get when you move into public cloud settings. As you make those migrations, you want to ensure that you're not either leaving something behind, that needed to move with it, or building a dependency onto something that's in the background that's going to have an adverse effect on, user experience. And ultimately, it really all comes down to the user experience that are, delivering to your customers and or your user base. Right? >> Right. Right. So what are the things you talked about in a prior interview was kind of the shifting dynamic in terms of network traffic. As there's more and more, you know kind of SAS based applications, and there's more kind of an application centric, and in this kind of API interface between all the applications that, you know the North-south is still significant, but the growth in the East-west traffic, meaning, you know kind of inside, if you will. And that some of the unique challenges that come from that from kind of a network monitoring. I wonder if you can share a little bit more color on that, as to, and are you continuing to see this increase in East West relative to North-south, and what kind of special opportunities and challenges that that presents? >> Yeah, absolu--. There is an absolute growth in terms of the East-west connectivity and, traffic that exists out there. In particular, when we take a look at the way that people are implementing software defined networks, NSX, for example NSXT has now provided the ability to blend your environment whether you're going to any cloud, any vendor as you move between these environments having that ability to deliver network services under the same framework is really beneficial to our customer base. And we've also been partnering very closely with VM-ware, and a lot of our customers are implementing VMware cloud on AWS. So, they have that ability to stand up services in a consistent manner whether it be in their legacy environments, or into the public cloud environments, and have that same ability to provide visibility down into the East-west traffic so that you can see that. So when you're part of the NSX framework, what you're able to do is really leverage the service framework that they have the service and search it, and be part of the clusters and host groups that are exchanging traffic East-west. And our ability to see into that really exposes chall--, not, exposes challenges but exposes potential issues that(laughs) our customers might be having in delivering high quality services. So that visibility is really what we've been keying on. >> Right. I'm just curious to get your take, you know as people kind of, as you said, make this move to public cloud, and, you know, you talked about wholesale migrations, and wholesale lifts and shifts. You know, there, there's kind of a couple trains of thought. One is, you know, using cloud for just pure economics, and trying to save money, and the flexibility. The second one is, is to is to add this automation as things grow in this, these great opportunities to automate, and try to reduce air. But the third one, right, the big one is to drive innovation, and to unlock innovation enable better innovation, and speed of delivery, and, you know, moving at the speed of business, pick your favorite buzzword. I'm curious whether your customers, as you have you seen them all jumping in? How much of it is still, you know, to save money or to, or to, you know, kind of use the basic, you know cost saving economics versus people really embracing the opportunity to use this as a method to drive innovation, and change within their own business? >> So I, I think the realities of 2020 have been forcing people to look at primarily from operational and cost efficiency perspectives, however with an eye towards innovation, and as they start to get themselves into a, zone where they're comfortable, they look to see how they can leverage the cloud to provide new services, and new ways in which they provide their services, and avail themselves of, the underlying technologies that are there to build something that's new and exciting in their overall portfolio. So, I think that 2021 is probably going to be a little bit more of where can I innovate as opposed to, how do I get there? (Jeff laughs) >> It's probably an unfair question here at 2020 cause priorities certainly got turned upside down in the middle of the year. So maybe, maybe innovation got pushed down a little bit from, you know, let's get people up, let's get people safe, and let's make sure they can access all the systems and all this crazy stuff that we've got available to them from wherever they are. >> Yeah, yeah. >> Not just within the, within the home office. >> I was listening to a, panel from federal government a couple of weeks ago, and it was really the way the they've adopted kind of commercial cha-- commercial capabilities to meet some of these challenges things that they wouldn't normally look at. But now it's a set of innovation that they're looking at, to try and make sure that they can avail themselves of the services that are out there and available in the public cloud. >> Yeah. Well, that's great, Russ. It's great to catch up. I'm sure you must be as amazed as anybody as the rapid acceleration of this, you know since the short time you went to your first re-invent and, >> Yeah. >> And clearly AWS and Amazon generally is an execution we're seeing. So, I think they'll keep doing it. So I think you're, you're probably sitting in a good spot. >> I think so. (Jeff laughs) Thank you. (Russ laughs) >> All right. Thank you Russ for, for stopping by and sharing your insight. Look forward to catching up next time. >> Thanks a lot, Jeff. Really appreciate it. >> Alrighty. He's Russ, I'm Jeff. You're watching The Cube's, continuous coverage of AWS reinvent 2020, the virtual event. Thanks for watching and we'll see you next time. (bright music)

>> Announcer: Live from Las Vegas, it's theCUBE. Covering AWS re:Invent 2019, brought to you by Amazon Web Services, and Intel, along with its ecosystem partners. >> Welcome back, this is theCUBE seventh year of coverage of the mega AWS re:Invent show, here in Las Vegas. Somewhere between 60 and 65,000, up and down the street. We are here in the Sands Convention Center. I am Stu Miniman, my cohost for this segment is Justin Warren. And happy to welcome back to the program, one of our CUBE alumni Jesse Rothstein, who is the co-founder and CTO of ExtraHop, Jesse, great to see you. >> Thank you for having me again. >> So, we caught up with you at AWS re:Inforce-- >> We did. >> Not that long ago, in Boston. Where, it rains more often in Boston than it does in Vegas and it's raining here in Vegas, which is a little odd. >> Strangely it is raining here in Vegas, but re:Inforce at the end of June in Boston was the first AWS security conference. Great energy, great size, we had a lot of fun at that show. >> Yeah, so Dave Vellante, who was one of the ones at re:Inforce, and he actually came out of the three-hour keynote yesterday with Andy Jassy and said, "I'm a little surprised there wasn't as much security talk." You know, it's not like we can remove security from the discussion of cloud, it is you know one of the top issues here. So I want to get your viewpoint, were we missing something? Is it just there, what grabbed you? >> I know this thing as well. I think, perhaps, they're saving some announcements for, you know, re:Inforce coming again in June in Houston this year. There was at least one announcement around IAM Access Analyzer as I recall. But generally the announcements seem to focus in some other areas. You know some big announcements around data warehousing, you know for federated red shift queries I think. And some big announcements around machine learning tooling, like the SageMaker Studio. But I noticed that as well, not as many security announcements. >> You never know, Werner still has his keynote tomorrow. So we're sure there'll still be another 50 or 100 announcements before the week is done. ExtraHop also has something new this week, so why don't we make sure-- >> Well first I can assure you that cloud security is not solved. It's not a solved problem, in fact, unfortunately despite record spend year after year after year, we still continue to see record numbers of compromises and data breaches that are published. I think cloud security in particular remains a challenge. There's a lot of energy there and I think a lot of attention, people recognize it's a problem. But we're dealing with massive cyber security skill shortages. It's very hard to find people with the expertise needed to really secure these workloads. We're dealing with more sophisticated attackers. I think in many cases, attackers with nation state sponsorship. Which is scary, you know five or 10 years ago we didn't see that quite as much. More cyber criminals, fewer nation states. And of course, we're seeing an ever increasing attack surface. So ExtraHop's right in the mix here, and we focus on network detection and response. I'm a huge believer in the power of network security, and I'll talk more about that. At re:Inforce last June, we announced ExtraHop Reveal(x) Cloud, which is a SaaS offering using AWS's recent VPC Traffic Mirroring capability. So the idea is, all you do is you mirror a copy of the traffic, using VPC Traffic Mirroring, to our SaaS, and then we provide all of the sophisticated detection, investigation and response capabilities, as a product. So that's hosted, you still do the work of investigating it, but you know we provide the entire offering around that. Very low TCO, very turnkey capabilities. And of course, it wouldn't be a modern day security offering if we didn't leverage very sophisticated machine learning, to detect suspicious behaviors and potential threats. But this is something I think we do better than anybody else in the world. >> So walk us through some of what the machine learning actually does. 'Cause I feel that the machine learning and AI is kind of hitting peak hype cycle maybe. >> You know I almost can't say it with a straight face because it's so overused. But, it is absolutely real, that's where the state of the art is. Machine learning allows us to recognize behaviors, and behaviors are very important because we're looking for post-breach behaviors and indicators of compromise. So there are a million ways that you can be breached. The attack surface is absolutely enormous. But there's actually a relatively small number, and a relatively tractable set of post-breach behaviors that attackers will do once you're compromised. And I think more and more organizations are realizing that it's a matter of when and not if. So what we've done is we've built the machine learning behavioral model so that we can detect these suspicious behaviors. In some cases we have an entire team of threat researchers that are simulating attacks, simulating pen testing tools, lateral movement, exfiltration so we can train our models on these behaviors. In some cases, we're looking for very specific indicators of compromise. But in just about all cases, this results in very high quality detections. And because just detections alone are completely insufficient, ExtraHop is built on top of an entire analytics platform, so that you're always one or two clicks away from being able to determine, is this something that requires immediate attention and requires kind of an incident response scenario? One of the capabilities that we announced here at this show, is automated response. So we integrate with the AWS API, so that we can automatically isolate and quarantine a workload that's behaving suspiciously. You know in cyber security, some attacks are low and slow but some are very fast and destructive. And for the fast and destructive ones, you move faster than a human's ability to respond, so we need that automated response. And we also announced a continuous packet capture capability for forensics, because sometimes you need the packets. >> That's a response, a lot of different things that we'd actually like to bring the capability a little bit earlier than that so that we don't actually get breached. It's great that we can detect it and say, great we've got the indication of compromise and we can react very, very quickly to that. Are you able to help us get one step ahead of the cyber crimes? >> So I'll actually be a little contrarian on that. I'm going to say that organizations have really been investing in protection and prevention, for the last decade or two. You know this strategy's called defense and depth, and you should do it, everybody should, that's a best practice. But, you know, with defense and depth, you have lots of layers of defense at the perimeters. You know keep the attackers out of the perimeter, gateways, firewalls, proxies. Lots of layers of defense at the end point, you know keep attackers off of my workstations, my instances, my laptops, things like that. But, you know, I think again, organizations have learned that attackers can fire, you know, 1,000 arrows, or 100,000 arrows, or 100 million arrows and only one needs to land. So the pendulum is really swung toward detection response. How do I know if I'm breached right now? How can I detect it quickly? The industry average dwell time is over three months, which is unacceptably long, and we always hear about cases in the news that are three years or more. And what I like to say is if it were three weeks, that would be too long. If it were three days, that would be too long, if it were three hours, I think you could do a lot of damage in three hours. If you can start getting this down to three minutes, well maybe, you know, we can limit the blast radius in three minutes. >> So Jesse, you brought up the ever growing surface area of attack and one of the big themes we've seen at the show is AWS is pushing the boundaries of where they touch customers. You know I said if Amazon is the everything store, AWS is becoming the everywhere cloud. Outposts, from Amazon's perspective, they said Outposts just extends their security models. I see and hear a lot of the ecosystem talking about how they're leveraging that and integrating with that. Does Outposts or any of their other Edge solutions impact what your customers and your solutions are doing? >> So it's funny you say that, I was wondering that myself. My expectation is that Outposts are a good thing because they the have same security controls that we expect to see in any AWS kind of VPC enabled environment. Where I haven't gotten full clarification is do we have the full capabilities that we expect with VPCs? In particular, you know VPC Traffic Mirroring, which is the capability that was announced at re:Inforce, that I'm so excited about, because it allows us to actually analyze and inspect that traffic. Another capability that I think slipped in under the radar but it was announced yesterday is VPC Ingress Routing. This doesn't really effect ExtraHop that much, but as a network head, I like seeing Amazon enable organizations to kind of make their own choices around how they want to inspect and control traffic. And with VPC Ingress Routing, it actually allows you to run in-line devices between your VPCs, which previously you were unable to do. So I think that one slipped in under the radar, maybe you have to be a network head like me to really appreciate it. But I'm seeing more flexibility and not less and that's something that I'm really pleased with. >> That one thing that we definitely see with cloud is that explosion of customer choice, and all of these different methods that are available. And Amazon just keeps pushing the boundaries on how quickly they can release new features. What does that mean for ExtraHop in being able to keep up with the pace of change that customers are using all of these different features? >> That's a good question, I think that's just the reality, so I don't think about what it means or doesn't mean, that's just the way it is. In general though, I've seen this trend toward more flexibility. You know VPC Traffic Mirroring, to use that example again, was one of the few examples I could point to a year ago as something really useful and valuable that I could do on-premises, you know for diagnostic purposes, for forensics purposes, that for some reason wasn't available in public cloud, at least not easily. And, you know, with this announcement six months ago, and going to general availability, Amazon finally ticked that one off. And we're starting to see the rest of the public cloud ecosystem move that way as well. So I'm seeing more flexibility, and more control. Maybe that comes with a pace of innovation, but I think that's just the world we live in. >> You do mention that the customers are having to adopt this new regime, of look we need to look at compromise, can we detect if we've been compromised, and can we do it quickly. We have a lot of tools that are now being made available, like Igress Routing, but, sorry Ingress Routing. But what does that mean for customers in changing their mindset? One of the themes that we had from the keynote yesterday was transformation, so do customers need to just transform the way they think about security? >> Yes and no. You know certainly customers who are used to a certain set of on-prem tool set, tool chain can't necessarily just shoehorn that into their public cloud workloads. But on the other hand, I think that public cloud workloads have really suffered from an opacity problem, it's very difficult to see what's going on, you know its hard to sift through all those logs, it's hard to get the visibility that you expect. And I think that the cyber security tool set, tool chain, has been pretty fragmented. There are a lot of vulnerability scanners, there are a lot of kind of like API inspectors and recommendation engines. But I think the industry is still really trying to figure out what this means. So I'm seeing a lot of innovation, and I'm seeing kind of a rapid maturing of that kind of cloud security ecosystem. And for products like ExtraHop, I'm just a huge believer in the power of the network for security, because it's got these great properties that other sources of data don't have. It's as close to ground truth as you could possibly get, very hard to tamper with and impossible to turn off. With VPC Traffic Mirroring, we get the full power of network security and it's really designed with the controls and kind of the IAM roles and such that you would expect for these security use cases, which, I just, great, great advance. >> So along the discussion of transformation, one of the things Andy Jassy talked about is the you know, the senior leadership, the CEOs need to be involved. Something we've been saying in the security industry for years. Not only CEOs, the board is you know, talking about this and it's there, so you know, what are you seeing? You stated before that we haven't solved security yet, but so, bring us inside the mindset of your customers today, and what's the angst and you know, where are we making progress? >> That's a very interesting question. I'll probably be a little contrarian here as well, maybe not but I think we see a lot of pressure is regulatory pressure. You know were seeing a lot of new regulations come out around data privacy and security, GDPR was you know pretty transformative in terms of how organizations thought about that. I also think it's important that there are consequences. I was worried that for a few years data breaches were becoming so commonplace that people were getting kind of desensitized to it. Like, there was once a time that if, when there was a massive data breach kind of heads would roll. And there was a sense of consequences all the way up into the C-suite. But a few years ago I was starting to get concerned that people were getting a little lackadaisical like, "Oh just another data breach." My perception is that the pendulum's swinging back again. I think for truly massive data breaches, there really is a sense of brand. And I'm seeing the industry starting to demand better privacy. The consumer industry is perhaps leading the way. I think Apple's doing a very good job of actually selling privacy. So when you see the economics, I mean we're, it's a capitalist system. And when you see kind of the market economics align with the incentives, then that's when you actually see change. So I'm very encouraged by the alignment of kind of the market economics for paying greater attention to privacy and security. >> All right, want to give you a final word here, you said you'd like to have some contrarian viewpoints. So you know, the last question is just you know, what would you like to kind of just educate the marketplace on that maybe goes against the common perception when it comes to security in general, maybe network security specifically? >> Well, I'll probably just reiterate what I said earlier. Network security is a fundamental capability, and a fundamental source of data. I think organizations pay a lot of attention to their log files. I think organizations do invest in protection and prevention. But I think the ability to observe all of the network communications, and then the ability to detect suspicious behaviors and potential threats, bring it to your attention, take you through an investigative workflow, make sure that you're one click away from determining you know, whether this requires an actual incident response, and in some cases take an automated response. I think that is a very powerful solution and one that drastically increases an organization's cyber security posture. So I would always encourage organizations to invest there regardless of whether it's our solution or somebody else's. I'm a huge believer in the space. >> All right so, Jesse, thank you so much for sharing. We know that the security industry still has lots of work to do. So we look forward to catching ExtraHop soon at another event. And we have lots of work to do to cover all of the angles of this sprawling ecosystem here at AWS re:Invent. For Justin Warren, I'm Stu Miniman, be back with lots more right after this, and thank you for watching theCUBE. (bouncy electronic music)