>>Welcome back to the cubes coverage of splunk.com 21. Finally, some Arten twenty-nine next word Holloway, the director of technology alliances at Z scaler ward. Welcome to the program. >>Thanks for having me great to be here. >>Talk to me a little bit about Zscaler and Splunk working together. How are you helping companies to improve their security posture? >>Yeah, I think, um, you know, we're each, uh, market leaders in our respective areas as these scale are the market leader for cloud delivered security as a service and Splunk is really the market leader in log monitoring and correlation across the entire security environment, uh, really providing their customers deeper insights through zero trust analytics and orchestration, and together our integrated solution protects enterprises from threat campaigns, reduces security operations burdens through automation, and really provides our customers with actionable data much faster than they could do, uh, on their own. >>That actionable data at speed is, is incredibly important. You mentioned zero trust. That's a hot topic right now. Let's dig more into how Z scaler and Splunk handle zero trust. >>Yeah, well, I think first and foremost, um, our integration is cloud native. Um, so you're getting that data in real time and not requiring any on-premise appliances or infrastructure. Um, and that's a real key thing in this cloud enabled cloud-first world that we're all operating in. And by getting that data in quickly to Splunk really enabled, uh, our customers to do some interesting things. Um, we have some prebuilt dashboards, VRR Splunk application, uh, that allows customers to very quickly leverage our data and logs on and give insights into what exactly is going on. And they can view usage, uh, applications threats all immediately. And that data that we're sending to Splunk is, uh, natively configured in splints SIM, uh, logging, uh, protocol. So it natively and easily is, um, leveraged by our users, uh, when they deploy out the Splunk app from Zscaler. >>So what are some of the things that differentiate how's the scalar delivers zero trust network access compared to some of the other guys? >>Well, I think first and foremost, um, zero trust has to enable zero network access. It requires zero access to the network. So you only connect to a particular application, really eliminating the possibility for lateral movement. It's really, uh, like the difference between letting a guest in your office wander around your headquarters on escorted, uh, versus escorting a guest to a meeting room, and then it's scoring them out once the meeting is over. I think the second key really is then also having a zero attack surface. Anything that resolves on the open internet today can be discovered exploited, um, denial of service. This means traditional solutions like firewalls, VPNs, uh, any web portal will that are visible on the internet are ultimately an attack surface, which is really a security risk. Um, if they can find it, if they can discover it, they can attack it. >>If they can't find your application, they can attack it. So that's really the key about a zero trust approach. That's Zscaler takes a, we don't expose anything on the internet and finally we have zero pass-through. So our zero trust exchange, doesn't go through a pass through connection, if utilize as a proxy architecture, which allows you to hold the data, inspect it, and then making a verdict before allowing it to pass. This is really a fundamental key for zero trust, ensure that all connections are secure from threats and data loss, and only allowing things in based on the context of the actual data itself. >>We've seen a massive change in the threat landscape in the last 18, 19 months. I'm wondering what, if you can kind of elaborate on some of the trends from a security perspective, a threat perspective that Zscaler has seen? >>Yeah, I think, um, you know, with the pandemic, obviously, um, it's greatly accelerated, uh, work from home work from anywhere. Um, so users are no longer on their company's corporate networks. Uh, they're working from their homes, they're working from traveling around wherever they might be, uh, in the country. And I think that really has increased, um, the threat attack surface. Um, it's not protected by the traditional security infrastructure that companies have spent years putting in place in their networks because everyone is remote. And we think things like a 500 and 500% increase in ransomware delivered over encrypted channels, for example, uh, and 30% of malware delivered through trusted apps, such as file sharing and collaboration tools. Um, and so ultimately the largest risk is really lateral movement inside of the corporate networks. Uh, once these things get in because traditional approaches such as VPNs are placing the users on the network, uh, and ultimately exposing them to risk. >>You said a 500% increase in ransomware delivered over encrypted channels. That's huge. And that is what, one of the things that we've seen just this year alone is ransomware becoming a household word, everyone understanding what happened with the colonial pipeline, the executive order, that's a huge threat there. And of course, ransomware is also getting more personal. Are you seeing that as well? >>Yeah, definitely. Um, I think again with all of the remote workforce being distributed, um, and no longer protected by the traditional security approaches, um, it's exposing them to this ransomware and it's what attackers are really kind of leaning on to go after, um, these remote users in order to gain access into the corporate infrastructures and ultimately deploy ransomware within those infrastructures. And that's really why zero trust is so important. Zero trust is really the idea of kind of putting an exchange, uh, in the, the cloud itself, so that security is buy all of your users wherever they may be. So regardless of where those users are working, whether it's remotely from home, whether it's traveling at a hotel, uh, whether they've decided to sell everything and get an RV and travel around the country, uh, by placing a zero trust cloud exchange, uh, in place to secure your assets and secure the connections, uh, you're protecting those users wherever they are, and ultimately protecting against that ransomware threat. >>And that's going to be key as this work from anywhere persist for a while. And then eventually there'll be probably some hybrid environment with a good amount of people working remotely and that the need to secure that landscape and deliver that zero trust. Is this going to be table stakes for businesses in any industry? Talk to me about, uh, about digital transformation. We've been talking about that for years now, but what are, how are some of the ways that Z scaler helps your customers? And then what are some of the things that you've seen perhaps accelerate in the last 18, 19 months? >>Yeah, I think we touched on it already. Obviously the pandemic really accelerated the work from anywhere work from our remote, um, dynamic. Um, and I think, uh, you know, that combined with, um, most corporations moving towards embracing the cloud and, uh, software as a service has really accelerated this whole digital transformation movement. Um, and the pandemic has just made it, you know, come to us exceptionally faster. So now that, um, users are working remotely anywhere, and now that your assets are no longer in data centers, but sitting in the cloud, whether it's things like, you know, Workday or Microsoft office 365 or Salesforce or whatever application that you're using, you know, the traditional castle and moat approach to security that we used to take, doesn't really work in this cloud first world. Um, you know, corporations spend a lot of years deploying firewalls, VPNs. DLPs things of that nature in all of the data centers that they physically controlled. >>Uh, and that was great when all of the users were physically at the office and going through that physical infrastructure. But now that the pandemic has accelerated this remote work from anywhere, uh, dynamic, uh, that old castle and load approach doesn't work anymore. So you have these users scattered around, not connecting through your data centers, not connecting through your infrastructure. And the pandemic also really explodes, um, the weakness of that, that model as well. Uh, when everybody got sent home, initially, they were leveraging those VPNs to try to connect back through those legacy data centers and then out the cloud. And we're really experiencing a terrible, uh, experience working in that environment. Uh, the VPNs were overwhelmed. They fell over and a lot of users started just going directly to the cloud themselves. And that's really where you risk this exposure. And this problem with ransomware as they were bypassing traditional security measures, if you had in place and exposing you to a much greater risk. And that's why the zero trust approach that Zscaler takes was much more effective and combined with what we're doing with Splunk really needed to do to get full visibility across that deployed disparate infrastructure, that you have an insight into what those users are doing and the ability to automatically react to it with the integration that we have with Splunk, sor >>That insight is absolutely critical. You talked about that rapid scatter to work from home that occurred 18, 19 months ago. And of course we all, all of us workers that were remote and are still remote we're are reliant on SAS tools, collaboration tools, video conferencing. And of course you mentioned a step now 30% of malware is delivered through trusted apps, like collaboration tools. Talk to me about how Zscaler and Splunk are helping customers combat challenges like that as they still are in this dynamic work from anywhere environment. >>Yeah, I think, um, we've got a couple of interesting integrations. Again, first we're automatically sitting the data from, uh, all of our ZScaler's zero trust infrastructure to Splunk, uh, automatically normalized and their SIM format. So it is natively and easily ingested into Splunk. And you start getting actionable insight from that. Uh, once that data is in Splunk and start doing an analysis, um, and seeing what is going on with those users, looking at things like, uh, most hits sites sites that are blocked, uh, any suspicious information that they're starting to see through their analysis and correlation engine. Uh, and they can even take action on that. If they suddenly see users going to known bad malware sites, for example, they can use the Splunk soar integration that we have to call the endpoint detection and response system that they may have in place and block that user from connecting it. So we're giving users full insight into what their user base is doing and the ability to automatically react to that and even block and prevent a bad actions that can ultimately expose them to risk >>The customer example that you can share of how you guys are doing this together. >>Uh, I mean, we have many examples through multiple verticals, be it financial healthcare, uh, manufacturing, uh, there's one insurance company in particular that I can think of that, uh, has integrated the solutions together. And really, as soon as they put the two integrations in place, we're able to identify a number of users that were hitting malicious sites and automatically block and protect those users from going to those sites and eliminating that risk from their environment. >>Excellent. Talk to me about some of the key, uh, pain points that you're solving for and some of the business outcomes that customers can expect working with Zscaler and Splunk. >>Uh, great question. Uh, I think one of the first is the zero trust exchange. The vScaler Habs enables really the much needed modern workplace, um, that COVID is further accelerated. Um, users really can work anywhere, uh, so that they can safely access any application from any network. Uh, whether that location is external, internal on any device. And the exchange really provides consistent security by being the inline policy enforcement point between all devices and services. The other thing that I think is key is users really require a great experience. And so if something goes wrong, you need to be able to quickly figure out what that is. Um, so we're constantly collecting a huge amount of telemetry, uh, to really understand and see exactly what that user experience is like, uh, and what issues they may be having, and really giving you the ability to see those issues before they arise and cause a problem. >>So you can proactively identify them and eliminate them. So they don't cause a problem. Uh, we've been able to allow our customers to roll the solution out and days and even over the weekend in order to get started. And this really allows them to accelerate, implementing zero trust for their organization by ensuring that all traffic for the internet goes through the zero trust exchange first, where it's fully did prepped it in inspected for any threats or data loss. And that's really key. Uh, I think one of the things that's so important in differentiating about what ZScaler's does is we're able to inspect traffic at scale. Uh, we have over 150 points of presence around the world that allows us to inspect all traffic, including SSL, encrypted traffic. So I think that's really a key point to focus on is that, you know, most of the threats that you and I were talking about earlier, especially around ransomware, tend to try to hide themselves, uh, and SSL, encrypted traffic. So whatever solution you want to deploy for CR trust it's imperative, that it has the ability to fully expect SSL traffic at scale, not just a limited subset of that traffic, but all of it, because so much of the threats today are coming, uh, in an encrypted format. >>And that's probably something that I I'm wondering if you, if you're seeing that those threats in terms of the increase and the, and the significance is only going to persist as this work from any more environment does. So how can customers get started with these scaler and Splunk? Where would, where would they start? >>Well, I think, uh, the great thing is, um, if they are a Z scaler customer or a Splunk customer, uh, it's very easy for them just to go to the Splunk app store and download the Zscaler app, uh, to allow them to very quickly and easily integrate the two solutions together. Uh, once they've made that connection, uh, we start automatically sending all of our logging and telemetry data into Splunk, and then they're able to leverage to the Splunk, the infrastructure and the dashboards that we've created to automatically start getting that insight into what's going on within their user community to see what threats are spooling up and to leverage Splunk, soar, to take automated action, to protect and eliminate those threats from their environment. So it's very easy for our users and our customers to get the application up and running quickly and start realizing value from the deployment itself. >>Yeah. You mentioned a stat a minute ago in terms of being able to deploy over the weekend, not fast time to value in this dynamic, uh, landscape where the threats are constantly changing, that that fast time to value is critical for businesses in any industry. >>Yeah, absolutely. Uh, I think that's the key again in this cloud world where you no longer have, uh, everything in your data center, and it's not a very simple and easy process. Just someone down to the data center to deploy a new solution, the solutions that you do choose need to be able to spin up quickly and easily. And that's really what we've built together with our integration with Splunk. Um, it was designed to be easy, quick to deploy and quick to re leverage value from. >>Excellent. Thank you for joining me talking about what Z scaler and Splunk are doing together, how you're helping customers to solve key pain points and that fast time to value that you're delivering. We appreciate your insights and your time. >>Thank you >>For ward Holloway. I'm Lisa Martin. You're watching the cubes coverage of splunk.com 21.