>> Narrator: TheCUBE presents Ignite 22, brought to you by Palo Alto Networks. >> Good afternoon guys and gals. We're so glad you're here with us. Welcome back to the MGM Grand, Las Vegas. This is day two of theCUBE's coverage of Palo Alto Networks Ignite22. Lisa Martin here with Dave Valante. Dave, as I mentioned, our second day of coverage. We've learned a lot about cybersecurity, the complexity, the challenges, but also the opportunities. We've had some great conversations, really dissecting some recent survey data. We know that every industry, no industry is immune from this but healthcare is one of the ones that's quite vulnerable. We're going to be talking about that next, in part. >> Yeah. Cause we always talk about the super cloud and connecting hybrid across clouds and you know, on-prem, but also now out to the edge. >> Yes. >> You know, and nobody wants a separate stove pipe, but we saw this during the pandemic. We saw the pivot, work from home, to end point and cloud security rearchitecting the network, identity and you know, more stove pipes. Right? So, but that's not what the industry wants or needs, so. >> Right. >> Yeah. >> Well I never would think about, you know you go to the doctor's office, you go to a hospital, X-ray machines, CT scanners, all these proliferation of medical IoT devices. Great for the patient, great for the providers, but a lot of opportunities for the attackers, as well. We're going to be talking about that, in part, in our next conversation with an alumni that's coming back to the program. Anand Oswal is here. The SVP and GM of network security at Palo Alto Networks. Great to have you back. >> Great to have me. Thank you. >> It's been a few years. >> Oswal: Yeah. It's been a time. >> So, I was looking at some of the unit 42 research: medical devices are the weakest link on the hospital network. >> Oswal: Yeah. >> But, so great for patient care, for doctors, providers, et cetera. But, a challenge and an opportunity for the adversaries. >> Oswal: Yeah. >> What are some of the things that you guys are seeing? I know you have some news on the medical IoT front. >> Yeah. Thanks for having me by the way. So, if you look at every industry has benefited from connected devices. Changes the outcome and the experiences, both for the end users, as well as the businesses. And healthcare is no different. If you look at the experience that we had as patients over the last decade has changed dramatically. And in the pandemic, even more changes happened, right? This is really ushering in a new era of patient care. It's connected devices. You know, I have a family member of mine who has diabetes. And, as you know, you got to check the blood glucose level periodically. It's usually pricking, it's cumbersome, it can hurt you. But now, with this new IoT based glucose margin systems, you can monitor these levels in real time, constantly. If it drops, can inject the right amount of insulins. So, changing the experience and the outcome for patients. Taking data from this devices to ensure that you have different outcomes. So, really, changing how you experience as patient. But, like you said, along with all of this is adding increased cybersecurity. Right? And we've seen over the last, I don't know, year or so, a 200% increase in cyber attacks on healthcare organizations. And, in the next couple of years, you're going to see 1.3 billion, yes, the "B," billion, new connected devices come to healthcare. So, that's including the attack surface. So, we've got to stay vigilant. There's a lot of great things you get from connected devices. It has cyber risk, just plan it properly. >> But, it's hard just to secure a medical IoT devices. Why is it so challenging? And how do you help? >> Yeah. Look, you can only secure what you see, first of all, right? So, it's very important to understand what devices you have on your network. And these can't be done statically, right? Because you're, they're made by different manufacturers and you're adding so many every day. So, you need to use machine learning to identify what these devices are. But just not what are devices, who's the manufacturer? What's the make, what's the model? What's the unpatched vulnerabilities? That's one part. I tell people that having visibility is good, but just that's not enough. It's like me telling you, you have a leak in your house. I don't give you any information on where the leak is. How do I call the plumber? What's the home warranty? Home insurance coverage? So you got visibility. Then you need to do segmentation. Segmentation all about who can talk to whom. Should your CT scan machine or MRI machine be talking to a server in the corporate environment? Should be talking to your point of sale terminal in the hospital? Maybe not. Right? So you need to define those policies. Again, those can be manual. They have to be automated because you're adding new devices every day. After you do that, it's around the data that is transporting on those devices. Do they have threats? Are they command controlled connections? Because threats can move laterally and need to inspect this in real time every day, constantly. Not just one time. Right? That's the whole notion of zero trust, which is no notion of implied trust. You want to have least privilege access. And the most important is that, look, we talked about this before. Majority of healthcare organizations have legacy security architectures. You can't have it solved better, the point product a new sensor, a partial solution. You need to get fully integrated because you need to reduce their operational cost. You need to ensure that they have better security. Right? I tell people what do organization want? Make more money, save money, and steer out trouble. Right? In simple ways. >> Valante: Yeah. >> I need to ensure that they're able to get this done securely. That's very important. >> So, a lot of the devices, so you think about oT, a lot of the devices been naturally air gaped. That was sort of the safety. What's it like in healthcare? Is the MRI machine, was it historically net-, you know, fenced off from the network and how is that changing? >> Yeah. I'll give an example. I talked to a customer, this is a few months ago. And this happened before the pandemic, luckily. They were doing, a doctor was doing a surgery on a patient at roughly two in the morning, on a, and using a ventilator. And guess what happened? The ventilator rebooted and said: firmware upgrading. >> Yeah. >> Right? >> Wow. >> And luckily when I doctor, their customer, they said they had another ventilator that they could quickly do. This ventilator was connected to an ethernet cable, in this case. And somebody decided that two AM is the right time to upgrade things. Like, you know, you have windows of when you upgrade things. But, you need to be able to manage a lifecycle of these devices more intelligently. When is it being used? When it's upgraded? There's a life of a device, and then there's a cyber life. Now we have too many devices with end of life operating systems. We all remember the 2017 WannaCry attack. That was an end of life operating system. So, you have a shelf life and you have a cyber life. Need to be able to manage the life cycle of these devices and easily onboard new devices, but also have, be able to sunset devices as needed. >> Okay. So the business generally stays ahead, you know, of cyber, but are those worlds coming together? I mean, I feel like with digital transformation we're beginning to see that everybody talks about, you know, cyber can't just be a bolt on. >> Oswal: Yes. >> But it oftentimes is. So what's the state of play in healthcare? >> I think it's changing. If you think about the healthcare organizations or generally even oT environments, the decision maker is not just the CIO and CISO, it's also your plant manager, the hospital owner, or manager of the operations of the hospital. They have to be taken into account. The other, the other stakeholders: the clinical and biomed engineer who operates these devices, right? I was talking to a healthcare customer that said that asset utilization or devices important. Many times you find nurses or doctors will keep an infusion pump with them in their room because they want easy to use. And then they say, I want five more or 10 more, right? We all living in an environment where budget will be more and more important. So how do you get a full inventory of what's using what, how often are they used? For example, MRI machines are many times preset for scanning certain parts of the body. Now you can change it, but it takes time. It's effort. So if you know the actual utilization of what you're doing, you can be more efficient and have a much more efficient organization. >> And so how do they do that? Is that some kind of predictive analytics that they're using? Is it... >> Yes. It's the whole lifecycle of a zero trust architecture. It is the whole lifecycle of managing these devices effectively and then simplifying your operations. The three things that we have to do. >> How can zero trust be really tailored to healthcare specifically? >> Yeah. Let me tell you, first of all, when I talk of zero trust, I have a simple way of talking about it. Which is no notion of implied trust, right? Just because I'm in an environment doesn't mean have access to a device and application, et cetera. And when we think of medical device, it's like, who's the user who's accessing it? How do you authenticate that user? And that can be the things the organization has: password, an MFA, et cetera. That's, that's good. That's not enough. If you're accessing some, if I authentic authenticated you from this device, but what if this device itself is infected with malware? So, I need to know that it's the state of your device. Then what are you trying to access? Medical records, healthcare records, you'd like permission sets to access it. Are they read only, write only? Do you have confidential information about it? And when you're exchanging this information, is there malware in that data? You need to do this on a continuous basis. So, user, endpoint, access, and transaction. These four constructs have to be done continuously. That's the whole notion of zero trust. >> So, okay. Cause you had, we were talking off camera, you said, you know, get, say ask somebody what zero trust is, you get 10 different answers. 10 people, 10 different answers. So, I always would used to think unless a device or a person has been explicitly authorized and authenticated, they don't get access. But, you just added something more. It also has to be clean essentially. >> Yes. >> Right? And you've got the technology to do that? >> Absolutely. And we can, if you think about it, we can do this across all facets, all use cases. If you think of traditional network security, right? It doesn't secure the network. Like I said, it secures everything on the network. The users, the IoT devices, and the applications they access. Now I can be in the office, I can be on the road, or I can be home. I may use different notions of stacks. I may use a hardware-centric firewall for accessing data center based applications in my private data center. I may use a software firewall application for accessing things in the public cloud. I may use a cloud deliver SASE architecture from home or for remote branches. I wanted consistent security. The way I do threat, the way I do phishing protection, ransomware protection, IoT security. It should be consistent no matter where the user is, no matter where the data is, no matter where the applications is. And that's really what we can do with a consistent platform approach. >> So on-prem. In... >> The cloud, yes. >> In all the clouds, at the edge. >> Yes. >> Not only healthcare, but operational technologies? The factory? >> You want to make sure that it's not only the best in class security, it's also consistent security and consistent manageability. Right? Which means that the experience I have as an admin, from day minus one to day n. And it can be for any use case I have, it could be for securing my applications in my private data center, my application is the public cloud, or remote access from home or remote branch. I want that consistent security. I want that consistent policy. So, what is the treatment for you, the user, when you are in the office, on the go, or somewhere else? You don't want different experience. >> Valante: Yeah. >> You want same experience. >> Right? That goes... >> It should be optimal. It can be slow, it can be like, it takes you a long time to access your application either. Cause all of us are, we spoiled, we want it right away. >> Yeah. It can't be a blocker to productivity. >> Exactly. >> I was looking at some of the unit 42 data about, just the, all the vulnerabilities in different machines. We talk about cyber resilience a lot. How and, as I mentioned, and I think even the survey that Palo Alto Networks released yesterday, "What's Next in Cyber", was even demonstrating healthcare being one of the most vulnerable. >> Yes. >> And we talk about, you know, it being one of the weakest links. How can Palo Alto Networks work with healthcare organizations, large and small, across the globe to help them really dial up cyber resilience. >> Oswal: Yeah. >> And start reducing the vulnerabilities that are there as device proliferation is just going to happen. >> Yeah, absolutely. I think you hit a very good point. We have data which says that 83% of imaging systems run end of life operating system stacks, right? And you remember in 2017, the WannaCry attack started with an end of life operating system device. Right? It affected 150 countries in the UK alone. 70,000 devices, 30,000 patient cancellations. We know that, if you think about infusion pumps, three out of four have unpatched vulnerabilities. Which means that you can patch it. But it's very hard for the biomed or clinical engineer to understand what to do and what not to do. Healthcare organization have lot of compliance requirements. Right? They have HIPAA compliance, they have other regulations. So, you need to make them audit ready: inventory of the devices, status of each device, make it audit ready, compliance ready. So, they're able to do what they do best in serving patients versus worrying about other things that they, that we can automate for themselves. Lastly, I'll say is that, you also want to simplify the operations of the health environment, right? Having more point products, more point solutions, that's solving only a certain aspect of what you do. Like only visibility, telling you have a leak, but not putting the end solution. Adds more and more complexity to organizations. >> So it's a different dynamic in this world, healthcare world, because you got to all these devices and they're not, you know, I think about Patch Tuesday, Right? I mean Microsoft's always putting out patches. And so, that tells the hackers, Hey, you know, go in on Wednesday. >> Yeah. >> And hack away. It's probably different in healthcare. They're probably not as frequent patches published or maybe there are, I don't know. I'll be curious as to whether they are. But I mean the, the device manufacturers, they're not, you know, the biggest software company in the world. >> Yeah. >> You know, so they're probably not as on top of it. >> Yeah. >> So I'm not saying it's better or worse, it's just a different environment. >> The patches to the end devices may not be as frequent, but patches that you can apply on from a security perspective on a security stack are like happening continuously in real time. The second things that you also want to ensure that the capabilities of your security product itself are able to stop attacks inline, in real time. For example, 95% of all malware in the world is MORF malware, which means it's variations of existing malware. You can stop this inline real time, right? Attackers are using more and more sophisticated techniques today, to evade traditional sand boxing techniques. So, you have to out-innovate them. And that's what we've done by all our cloud services. We move them very early on to the cloud to get the agility and scale that we get. But we invested a lot in machine learning and deep learning to stop these day-zero threats in line, real time. Attackers are using that window of opportunity, like you mentioned, between the time when a breach is announced or detected, and patched. And that breach could, that time window could be a minute. They're going to exploit that time. You want to reduce that to almost zero, which means that you need to stop it in line, in real time, continuously. >> So, take the sandbox example. >> Yeah. >> So, what do you say? So, if I'm doing a sandbox on-prem, one of the vulnerabilities is if my capacity is out of 10,000 files, they're just going to overwhelm me with a hundred thousand and then I'm going to be trying to figure out what's going on. And while I'm doing that, they're going to be sneaking in. And is that an example of... >> No. >> Valante: That you address because you're in the cloud, or...? >> Yeah, that's one. But, think about examples where attackers are devising malware, are creating malware that will basically evade traditional sand boxing techniques. So, if I do a memory lookup on the register, that malware will diffuse. It only detonates on an end user on a device or a database. So, now you need to do intelligent techniques. So, we built this, lot of infrastructure for intelligent realtime memory analysis to ensure that we are able to stay ahead of the competition. And we did that for phishing, we did that for command control connections, we did for software exploits, we did data for malware, for DNS. We're able to stop about 11 to 12 million additional phishing sites than anybody else. We're able to have our sand boxing more effective than anybody else. We're able to stop 26% more malicious sessions than others in the industry. >> Valante: Why? Architecture? >> Architecture. Couple of things. First, architecture. Second is that, through a lot of innovation that we've done in both machine learning and deep learning, to be able to look at unstructured data and be able to stop the attacks inline, real time. Think about it, the traditional way of doing URL filtering has always been to build a database of URLs in the world. And you categorize as URLs into groups of categories: news, adult. And then you say, what's my risk profile for each of these? And you put a score and you say, I want to have this tolerance. That doesn't work anymore. The reason is because attackers are sophisticated. Websites come in, up and down, in seconds. Before I build a database, it's gone. I can't do this old way of doing things, signature and databases. I've got to use the power of machine learning. I've got to use the power of deep learning and data. >> And it's, are healthcare leaders, do they have an appetite for that? >> I think healthcare data looking for outcomes. They're looking, when I talk to healthcare professionals, they want to basically do what they do best. Serve patients, right? Give them optimal care. They want someone to take care of all these things holistically, end to end. Simplify all the things that they have to do from a compliance perspective, architectural perspective, reduce their cost, give them a better outcome. That's what they want. >> It's all about outcomes. >> Oswal: It's all about outcomes. >> And we know you cover much more than healthcare, but we obviously used most of our time on that. It's such an interesting, fascinating industry. Obviously, a lot of opportunities there for organizations to work with companies like Palo Alto to really dial up their cyber resilience. >> Absolutely. >> And ultimately, to your point, deliver the outcomes that they are there to do. >> Absolutely, yes. >> We'll have to have you back cause we just, I feel like we just scratched the surface. Right? >> Oswal: Happy to come back. >> Valante: Thank you. >> Oswal: Thank you. >> Awesome. >> Oswal: Thank you so much. >> Our pleasure to have you on the program. For Anand Oswald and Dave Valante, I'm Lisa Martin. You're watching theCUBE, the leader in live and emerging tech coverage. [Pedantic Music Fades]

(upbeat music) >> Welcome back. We're winding down theCUBE's coverage of Red Hat Summit 2022. We're here at the Seaport in Boston. It's been two days of a little different Red Hat Summit. We're used to eight, 9,000 people. It's much smaller event this year, fewer developers or actually in terms of the mix, a lot more suits this year, which is kind of interesting to see that evolution and a big virtual audience. And I love the way, the keynotes we've noticed are a lot tighter. They're pithy, on time, they're not keeping us in the hall for three hours. So we appreciate that kind of catering to the virtual audience. Dave Vellante here with my co-host, Paul Gillin. As to say things are winding down, there was an analyst event here today, that's ended, but luckily we have Jim Mercer here as a research director at IDC. He's going to share maybe some of the learnings from that event today and this event overall, we're going to talk about DevSecOps. And Kirsten Newcomer is director of security, product management and hybrid platforms at Red Hat. Folks, welcome. >> Thank you. >> Thank you. >> Great to see you. >> Great to be here. >> Security's everywhere, right? You and I have spoken about the supply chain hacks, we've done some sort of interesting work around that and reporting around that. I feel like SolarWinds created a new awareness. You see these moments, it's Stuxnet, or WannaCry and now is SolarWinds very insidious, but security, Red Hat, it's everywhere in your portfolio. Maybe talk about the strategy. >> Sure, absolutely. We feel strongly that it's really important that security be something that is managed in a holistic way present throughout the application stack, starting with the operating system and also throughout the life cycle, which is partly where DevSecOps comes in. So Red Hat has kind of had a long history here, right? Think SELinux and Red Hat Enterprise Linux for mandatory access control. That's been a key component of securing containers in a Kubernetes environment. SELinux has demonstrated the ability to prevent or mitigate container escapes to the file system. And we just have continued to work up the stack as we go, our acquisition of stack rocks a little over a year ago, now known as Red Hat Advanced Cluster Security, gives us the opportunity to really deliver on that DevSecOps component. So Kubernetes native security solution with the ability to both help shift security left for the developers by integrating in the supply chain, but also providing a SecOps perspective for the operations and the security team and feeding information between the two to really try and do that closed infinity loop and then an additional investment more recently in sigstore and some technologies. >> Interesting. >> Yeah, is interesting. >> Go ahead. >> But Shift Left, explain to people what you mean by Shift Left for people might not be familiar with that term. >> Fair enough. For many, many years, right, IT security has been something that's largely been part of an operations environment and not something that developers tended to need to be engaged in with the exception of say source code static analysis tools. We started to see vulnerability management tools get added, but even then they tend to come after the application has been built. And I even ran a few years ago, I ran into a customer who said my security team won't let me get this information early. So Shift Left is all about making sure that there are security gates in the app dev process and information provided to the developer as early as possible. In fact, even in the IDE, Red Hat code ready dependency analytics does that, so that the developers are part of the solution and don't have to wait and get their apps stalled just before it's ready to go into deployment. >> Thank you. You've also been advocating for supply chain security, software supply chain. First of all, explain what a software supply chain is and then, what is unique about the security needs of that environment? >> Sure. And the SolarWinds example, as Dave said, really kind of has raised awareness around this. So just like we use the term supply chain, most people given kind of what's been happening with the pandemic, they've started hearing that term a lot more than they used to, right? So there's a supply chain to get your groceries, to the grocery store, food to the grocery store. There's a supply chain for manufacturing, where do the parts come for the laptops that we're all using, right? And where do they get assembled? Software has a supply chain also, right? So for years and even more so now, developers have been including open source components into the applications they build. So some of the supplies for the applications, the components of those applications, they can come from anywhere in the world. They can come from a wide range of open source projects. Developers are adding their custom code to that. All of this needs to be built together, delivered together and so when we think about a supply chain and the SolarWinds hack, right, there are a couple of elements of supply chain security that are particularly key. The executive order from May of last year, I think was partly in direct response to the SolarWinds hack. And it calls out that we need a software bill of materials. Now again, in manufacturing that's something folks are used to, I actually had the opportunity to contribute to the software package data exchange format, SPDX when it was first started, I've lost track of when that was. But an S-bomb is all about saying, what are all of those components that I'm delivering in my solution? It might be an application layer. It might be the host operating system layer, but at every layer. And if I know what's in what I'm delivering, I have the opportunity to learn more information about those components to track where does Log4Shell, right? When the Log4j or Spring4Shell, which followed shortly thereafter. When those hit, how do I find out which solutions that I'm running have the vulnerable components in them and where are they? The software bill of materials helps with that but you also have to know where, right. And that's the Ops side. I feel like I missed a piece of your question. >> No, it's not a silver bullet though, to your point and Log4j very widely used, but let's bring Jim into the conversation. So Jim, we've been talking about some of these trends, what's your focus area of research? What are you seeing as some of the mega trends in this space? >> I mean, I focus in DevOps and DevSecOps and it's interesting just talking about trends. Kirsten was mentioning the open source and if you look back five, six, seven years ago and you went to any major financial institution, you asked them if they use an open source. Oh, no. >> True. >> We don't use that, right. We wrote it all here. It's all from our developers-- >> Witchcraft. >> Yeah, right, exactly. But the reality is, they probably use a little open source back then but they didn't realize it. >> It's exactly true. >> However, today, not only are they not on versed to open source, they're seeking it out, right. So we have survey data that kind of indicates... A survey that was run kind of in late 2021 that shows that 70% of those who responded said that within the next two years 90% of their applications will be made up of open source. In other words, the content of an application, 10% will be written by themselves and 90% will come from other sources. So we're seeing these more kind of composite applications. Not, everybody's kind of, if you will, at that 90%, but applications are much more composite than they were before. So I'm pulling in pieces, but I'm taking the innovation of the community. So I not only have the innovation of my developers, but I can expand that. I can take the innovation to the community and bring that in and do things much quicker. I can also not have my developers worry about things that, maybe just kind of common stuff that's out there that might have already been written. In other words, just focus on the business logic, don't focus on, how to get orders or how to move widgets and those types of things that everybody does 'cause that's out there in open source. I'll just take that, right. I'll take it, somebody's perfected it, better than I'll ever do. I'll take that in and then I'll just focus and build my business logic on top of that. So open source has been a boom for growth. And I think we've heard a little bit of that (Kirsten laughs) in the last two days-- >> In the Keynotes. >> From Red Hat, right. But talking about the software bill of materials, and then you think about now I taking all that stuff in, I have my first level open source that I took in, it's called it component A. But behind component A is all these transitive dependencies. In other words, open source also uses open source, right? So there's this kind of this, if you will, web or nest, if you want to call it that, of transitive dependencies that need to be understood. And if I have five, six layers deep, I have a vulnerability in another component and I'm over here. Well, guess what? I picked up that vulnerability, right. Even though I didn't explicitly go for that component. So that's where understanding that software bill of materials is really important. I like to explain it as, during the pandemic, we've all experienced, there was all this contact tracing. It was a term where all came to mind. The software bill of materials is like the contact tracing for your open source, right. >> Good analogy. >> Anything that I've come in contact with, just because I came in contact with it, even though I didn't explicitly go looking for COVID, if you will, I got it, right. So in the same regard, that's how I do the contact tracing for my software. >> That 90% figure is really striking. 90% open source use is really striking, considering that it wasn't that long ago that one of the wraps on open source was it's insecure because anybody can see the code, therefore anybody can see the vulnerabilities. What changed? >> I'll say that, what changed is kind of first, the understanding that I can leapfrog and innovate with open source, right? There's more open source content out there. So as organizations had to digitally transform themselves and we've all heard the terminology around, well, hey, with the pandemic, we've leapfrog up five years of digital transformation or something along those lines, right? Open source is part of what helps those teams to do that type of leapfrog and do that type of innovation. You had to develop all of that natively, it just takes too long, or you might not have the talent to do it, right. And to find that talent to do it. So it kind of gives you that benefit. The interesting thing about what you mentioned there was, now we're hearing about all these vulnerabilities, right, in open source, that we need to contend with because the bad guys realize that I'm taking a lot of open source and they're saying, geez, that's a great way to get myself into applications. If I get myself into this one open source component, I'll get into thousands or more applications. So it's a fast path into the supply chain. And that's why it's so important that you understand where your vulnerabilities are in the software-- >> I think the visibility cuts two ways though. So when people say, it's insecure because it's visible. In fact, actually the visibility helps with security. The reality that I can go see the code, that there is a community working on finding and fixing vulnerabilities in that code. Whereas in code that is not open source it's a little bit more security by obscurity, which isn't really security. And there could well be vulnerabilities that a good hacker is going to find, but are not disclosed. So one of the other things we feel strongly about at Red Hat, frankly, is if there is a CVE that affects our code, we disclose that publicly, we have a public CVE database. And it's actually really important to us that we share that, we think we share way more information about issues in our code than most other users or consumers of open source and we work that through the broad community as well. And then also for our enterprise customers, if an issue needs to be fixed, we don't just fix it in the most recent version of the open source. We will backport that fix. And one of the challenges, if you're only addressing the most recent version, that may not be well tested, it might have other bugs, it might have other issues. When we backport a security vulnerability fix, we're able to do that to a stable version, give the customers the benefit of all the testing and use that's gone on while also fixing. >> Kirsten, can you talk about the announcements 'cause everybody's wondering, okay, now what do I do about this? What technology is there to help me? Obviously this framework, you got to follow the right processes, skill sets, all that, not to dismiss that, that's the most important part, but the announcements that you made at Red Hat Summit and how does the StackRox acquisition fit into those? >> Sure. So in particular, if we stick with DevSecOps a minute, but again, I'll do. Again for me, DevSecOps is the full life cycle and many people think of it as just that Shift Left piece. But for me, it's the whole thing. So StackRox ACS has had the ability to integrate into the CI/CD pipeline before we bought them. That continues. They don't just assess for vulnerabilities, but also for application misconfigurations, excess proof requests and helm charts, deployment YAML. So kind of the big, there are two sort of major things in the DevSecOps angle of the announcement or the supply chain angle of the announcement, which is the investment that we've been making in sigstore, signing, getting integrity of the components, the elements you're deploying is important. I have been asked for years about the ability to sign container images. The reality is that the signing technology and Red Hat signs everything we ship and always have, but the signing technology wasn't designed to be used in a CI/CD pipeline and sigstore is explicitly designed for that use case to make it easy for developers, as well as you can back it with full CO, you can back it with an OIDC based signing, keyless signing, throw away the key. Or if you want that enterprise CA, you can have that backing there too. >> And you can establish that as a protocol where you must. >> You can, right. So our pattern-- >> So that would've helped with SolarWinds. >> Absolutely. >> Because they were putting in malware and then taking it out, seeing what happened. My question was, could sigstore help? I always evaluate now everything and I'm not a security expert, but would this have helped with SolarWinds? A lot of times the answer is no. >> It's a combination. So a combination of sigstore integrated with Tekton Chains. So we ship Tekton, which is a Kubernetes supply chain pipeline. As OpenShift pipelines, we added chains to that. Chains allows you to attest every step in your pipeline. And you're doing that attestation by signing those steps so that you can validate that those steps have not changed. And in fact, the folks at SolarWinds are using Tekton Chains. They did a great talk in October at KubeCon North America on the changes they've made to their supply chain. So they're using both Tekton Chains and sigstore as part of their updated pipeline. Our pattern will allow our customers to deploy OpenShift, advanced cluster manager, advanced cluster security and Quay with security gates in place. And that include a pipeline built on Tekton with Tekton Chains there to sign those steps in the pipeline to enable signing of the code that's moving through that pipeline to store that signature in Quay and to validate the image signature upon deployment with advanced cluster security. >> So Jim, your perspective on this, Red Hat's, I mean, you care about security, security's everywhere, but you're not a security company. You follow security companies. There's like far too many of them. CISOs all say my number one challenge is lack of talent, but I have all these tools to deal with. You see new emerging companies that are doing pretty well. And then you see a company that's highly respected, like an Okta screw up the communications on a pretty benign hack. Actually, when you peel the onion on that, it's just this mess (chuckles) and it doesn't seem like it's going to get any simpler. Maybe the answer is companies like Red Hat kind of absorbing that and taking care of it. What do you see there? I mean, maybe it's great for business 'cause you've got so many companies. >> There's a lot of companies and there's certainly a lot of innovation out there and unique ways to make security easier, right. I mean, one of the keys here is to be able to make security easier for developers, right. One of the challenges with adopting DevSecOps is if DevSecOps creates a lot of friction in the process, it's hard to really... I can do it once, but I can't keep doing that and get the same kind of velocity. So I need to take the friction out of the process. And one of the challenges a lot of organizations have, and I've heard this from the development side, but I've also heard it from the InfoSec side, right. Because I take inquiry for people on InfoSec, and they're like, how do I get these developers to do what I want? And part of the challenge they have is like, I got these teams using these tools. I got those teams using those tools. And it's a similar challenge that we saw on DevOps where there's just too many, if you will, too many dang tools, right. So that is a challenge for organizations is, they're trying to kind of normalize the tools. Interestingly, we did a survey, I think around last August or something. And one of the questions was around, where do you want your security? Where do you want to get your DevSecOps security from, do you want to get it from individual vendors? Or do you want to get it from like, your platforms that you're using and deploying changes in Kubernetes. >> Great question. What did they say? >> The majority of them, they're hoping they can get it built into the platform. That's really what they want. And you see a lot of the security vendors are trying to build security platforms. Like we're not just assess tool, we're desk, we're this, whatever. And they're building platforms to kind of be that end-to-end security platform, trying to solve that problem, right, to make it easier to kind of consume the product overall, without a bunch of individual tools along the way. But certainly tool sprawl is definitely a challenge out there. Just one other point around the sigstore stuff which I love. Because that goes back to the supply chain and talking about digital providence, right. Understanding where things... How do I validate that what I gave you is what you thought it was, right. And what I like about it with Tekton Chains is because there's a couple things. Well, first of all, I don't want to just sign things after I built the binary. Well, I mean, I do want to sign it, but I want to just sign things once, right. Because all through the process, I think of it as a manufacturing plant, right. I'm making automobiles. If I check the quality of the automobile at one stage and I don't check it to the other, things have changed, right. How do I know that I did something wasn't compromised, right. So with sigstore kind of tied in with Tekton Chains, kind of gives me that view. And the other aspect I like it about is, this kind of transparency in the log, right-- >> The report component. >> Exactly. So I can see what was going on. So there is some this kind of like public scrutiny, like if something bad happened, you could go back and see what happened there and it wasn't as you were expected. >> As with most discussions on this topic, we could go for an hour because it's really important. And thank you guys for coming on and sharing your perspectives, the data. >> Our pleasure. >> And keep up the good work. Kirsten, it's on you. >> Thanks so much. >> The IDC survey said it, they want it in platforms. You're up. >> (laughs) That's right. >> All right. Good luck to both you. >> Thank you both so much. >> All right. And thank you for watching. We're back to wrap right after this short break. This is Dave Vellante for Paul Gill. You're watching theCUBE. (upbeat music)

>> The CUBE presents Dell technologies world brought to you by Dell. >> Hey everyone. Welcome back to theCube's live coverage of Dell technologies World 2022 from the Venetian in Las Vegas. Lisa Martin here with Dave Vellante, Dave this is our second day, lots of conversations. We've been talking a lot about APEX, Multi-cloud, edge, resilience, cyber resilience. >> I guess the number one topic actually. I mean, a lot of Multi-cloud talk obviously too, but I think security is the hot topic at the event. >> It is a hot topic, and we've got two guests joining us from Dell technologies. We're going to unpack that and talk about some of the great new things they are enabling. Please welcome. One of our alumni, Mihir Maniar our vice president at Dell technologies and Aaron Krishnmoorthy, global strategy resiliency and security at Dell technologies. Guys, welcome to the program. >> Pleasure meeting you Lisa and Dave. >> So ransomware, it's a household term. I'm pretty sure my mom even knows what ransomware is. >> Exactly. >> Legitimately. But I mean, if you look at the numbers, a ransomware attack is happening once every 11 seconds, the numbers, the stats say, an estimated 75% of organizations are going to face an attack, 75%, by 2025, it's around the corner. So it's no longer a matter of are we going to get hit? If we get hit? It's when? And that resiliency, and that recovery is absolutely critical. Talk about some of the things there, Dell's comprehensive approach to helping organizations really build resiliency. >> That's a great point. So if you go to see organizations are going to get hit, if not already 75% already out there. And then we find that through research, a lot of our customers need a lot of help. They need help because security is really complex. I mean, they have a tough job, because there's so many attacks happening at the same time. One single ransomware incident can cost them on an average $13 million. They have to integrate 50 plus different security vendors to go and build a secured defense in depth, kind of for mechanism, they're liable to the board, at the same time they have lines of business that are talking about, hey, can you provide me, you know, security, but make sure productivity doesn't get impacted. So it's a tough role for them, And that's where Dell services comes in, where our Dell Managed Security Services. We have a full comprehensive suite of offers for our customers to help them to remain secure. And we have focused on the services based on a NEST framework, so I can talk more about the NEST framework as a hobby about, go about doing that. >> There's a lot of talk in the community about should I pay the ransom? Should they not pay the ransom? And I suppose your advice would be, well pay up front and avoid the ransom if you can. >> Absolutely. Yeah. Dave, what we've seen is the ransomware payment has been very unreliable. We know of many, many examples where either they paid the ransom and they were not able to recover data, or they got the decryption keys and the recover process was too slow. So we are all about helping customers understand the risks that they have today, and giving them some pragmatic technology solutions. >> Talk about that conversation. Where is it happening at the customer level, as security is a board level conversation. Are you still talking with the CIOs lines of business, who else is involved in really understanding where all these vulnerabilities are within an organization? >> Yeah. So that's a great question. So we work with CIOs, we work with CSOs a lot more and the CSOs actually are facing the skills shortage problem. >> Yes. >> That's where they need actually help from vendors like Dell. And talking about ransomware, if you go to see a NEST framework, it goes all the way from identification of threats to prevention, creating measures with defense in depth. How do you detect and respond to threats in time? Because time is critical actually. And recovering from threats. So in that whole process, it's better for customers to have the full suite of security services installed, so that they don't end up paying the ransomware eventually. To provide the whole defense mechanism. >> So the adversary is, very, they're motivated. They're well funded, incredibly sophisticated these days. So how do you not lose if you're a customer? What's the playbook that you're helping your customers proceed with? >> Yeah, it's a great, so in the NEST framework as I mentioned before, services are evolving around, how do you identify the threats that exist in the customer's network? So we provide advisory services and we provide assessment of the customer's vulnerabilities that exist, so we can detect those vulnerabilities, and then we can build the prevention mechanisms once we detect those vulnerabilities. It's all about what you cannot see, you can't really defend against. So that's where the whole assessment comes in, where you can go and do a zero trust assessment for the customers entire infrastructure, and then figure out where those issues lie. So we can go and block those loopholes, with the prevention mechanisms. In the prevention mechanisms, actually we have a whole zero trust prevention mechanism. So you can actually go and build out, end to end defense in depth, kind of security. >> Arun, before the pandemic, the term zero trust people would roll their eyes. It was kind of a buzzword, and it's becoming sort of a mandate. What does zero trust mean to your customers? How are you helping them achieve it? >> Yeah. So great question, Dave. A lot of customers think zero trust is a product. It's not, it's a framework, it's a mindset. It helps customer think through, what kind of access do I want to give my users, my third party, my customers? Where does my data sit in my environment? Have I configured the right network policies? Have I segmented my network? So it is a collection of different strategies that work across cloud, across data, across network, across applications that interact with each other and what we are helping customers with understand what that zero trust actually means and how they can translate into actionable technology implementations. >> What do you help customers do that when we know that, I mean, the average customer has what? Seven different backup protection solutions alone, if we're talking about like data protection. How do you help them understand what's in their environment now? If they're talking about protecting applications, users, data, network, what's that conversation? And what's that process like to simplify their protection so that they really can achieve cyber resilience? >> That's correct. That's a great question, Lisa. One of the big issues we see with customers, is they don't know what they don't know. There's data across multi-cloud, which is great, it enables productivity, but it also is not within the four walls of a data center. So one of the first things we do is identify where customer's data is, where is their application live? And then we look for blind spots. Are you protecting your SaaS workloads? Are you protecting your endpoints? And we give them a holistic strategy on data protection and you bring up a great point. A lot of customers have had accidental growth over the years. They started off with one tool and then different business needs drove them to different tools. Maybe now is a good time to evaluate what is your tool set, can we consolidate it and reduce the risk in the environment. >> Yeah, I dunno if you guys are probably familiar with that. I use it a lot when I write, it's an Optive chart and it's this eye test and it says here's this security landscape that taxonomy it's got to be the most complicated of any in the business. And so my question is ecosystem, you've got to have partners. But there's so many choices, how are you helping to solve that problem of consolidating choices and tools? >> That's a great point. So if you look at the zero trust framework which Lisa you talked about, in the zero trust framework, we have few things we look at, that is through Dell's technologies and partner technologies. So we can provide things like secure access, context based. So which users can access which applications. Identity based, the second one is which applications can talk to which applications for micro segmentation. Again, identity based. And then you have encryption everywhere, encryption with data and motion data and rest. Encryption is super important to prevent hacks. So, and then you have cloud workloads, we have cloud workload protection. So some of those things, we rely on our partners and some of them actually we have technologies in house I was like Arun talked about the cyber resilience and the world that we have in house. So we provide the end-to-end framework for our customer for zero trust, where we can go and identify, we can assess, we can go build it out for them. We can detect and respond with our excellent MDR service that we came out with last, just last year. So that MDR service allows you to detect attacks and respond automatically using our AI and ML platform, that reduces the signal from the noise and allows to prevent these attacks from happening. >> Arun, question for you as we've seen the proliferation of cyber attacks during the pandemic, we've seen the sophistication increasing, the personalization is increasing. Ransomware as a service is making it, there is no barrier to entry these days. How has Dell technologies overall cyber resilience strategy evolved in the last couple of years? I imagine that there's been some silver linings and some accelerations there. >> Yeah, absolutely Lisa. One of the things we recognized very early on when big cyber attacks going on five years ago, we knew that at as much as customers had great technologies to prevent a cyber attack, it was a matter of when, not if. So we created the first purpose built solution to help customers respond and recover from a cyber attack. We created innovative technologies to isolate the data in a cyber wall. We have imutable technologies that lock the data, so they can't be tampered with. And we also build some great intelligence based on IML. In fact, this is the first and only product in the world that looks at backup data, does full content indexing, and it's able to look for behaviors or patterns in your environment that you could normally not find with signature based detection systems. So it's very revolutionary and we want to help customers not only on the prevention side, which is proactive. We want them to be equally, have a sound strategy on how they would respond and recover from a cyber attack. >> So there's two pieces there, proactive, and then if, and when you get hit, how do you react? And I think about moments in cyber, I mean Stuxnet was obviously a huge turning point. And then of course the solar winds. And you see that the supply chain hacks, you see the island hopping and the living off the land and the stealth moves. So, it's almost like wow, some of these techniques have even being proactive, you're not going to catch 'em. So you've got to have this, you talked about the NEST framework multi-level, but I mean customers are aware, obviously everybody customer you talk to the solar winds, blah, blah. But it seems like they're still sleeping with one eye open. Like they're really nervous. And like we haven't figured it out as an industry yet. And so that's where solutions like this are so critical because you're almost resigning yourself to the fact that, well, you may not find it being proactive. >> Yeah, right. >> But you've got to have, the last, it's like putting tapes in a truck and driving them somewhere. What do you? Do you sense that it was a major milestone in the industry, milestone, negative milestone and that was a turning point and it was kind of a wake up call for the industry, a new wake up call. What's your sense of how the industry is responding? >> Yeah, I think that's a great point. So if you go to see the verbiages that it's not, if you're going to get attacked, it's when you're going to get attacked. So the attacks are going to happen no matter what. So that's the reason why the defense in depth and the zero test framework comes into play, where customers have to have an end-to-end holistic framework, so that they can have not just an defensive mechanisms, but also detect and respond when the attacks happen. And then as you mentioned, some of them, you just can't catch all of them. So we have excellent incident response and recovery mechanisms. So if the attack happened, it will cause damage. We can do forensics analysis. And on top of that, we can go and recover like the cyber recovery wall. We can recover that data and them production again, ready. >> I guess, I'm sorry. What I was trying to ask is, do you think we've understand solar winds, have the industry figured it out? >> Yeah, great question. I think this is where customers have to take a pragmatic approach on how they do security. And we talk about concepts like intrinsic security. So in other words, you can do a certain activity in your environment and punt the ball to some other team to figure out security. Part of what Dell does, you asked the question, there's a lot of tools, where do customers start? One of the big values we bring to customers is the initial awareness and just educating customers. Hey, what happened in these water-shed moment, in with these different attacks. Wannacry, Stuxnet, and how did those customers respond and where did they fail? So let's do some lessons learned with past attacks and let's move forward with some pragmatic solutions. And, we usually don't overwhelm our customers with a lot of tools. Let's have a roadmap, let's do an incremental build of your security posture. And over time, let's get your enter organization to play with it. >> You talk about awareness, obviously that's critical, but one of the other things that's critical with the cyber threats and the what's going on today is the biggest threat venture still is people. >> Exactly. >> So talk to us about some of the things that you help organizations do. When you're talking about the from an awareness perspective, it's training the people not to open certain links if they look suspicious, that sort of thing. How involved is Dell technologies with your customers from a strategic perspective about really drilling this into the end users that they've got a lot of responsibility here? >> Yeah, if you go to see phishing is one of the most common attack vectors to go and infiltrate these attacks. So Dell has a whole employee education program that they rolled out. So we all are aware of the fact, that clicking on links and phishing is a risk factor. And we are trying to take that same message to our customers through an employee awareness training service. So we can actually provide education for the employees from getting these phishing attacks happening. >> Yeah, that's really critical because as I mentioned, we talked about the sophistication, but the personalization, the social engineering is off the charts these days. And it's so easy for someone to, especially with with all this distractions that we have going on, if you're working from home and you've got kids at home or dogs barking and whatnot, it's easy to be fooled into something that looks incredibly legitimate. >> You bring another great point. You can keep tell people in your environment don't do things, don't do it. You create a friction. We want people to be productive. We want them to use different access to different applications, both inhouse and in the cloud. So this is where technology comes into play. There are some modern malware defenses that will help customers identify some of these email phishing, spear phishing. So they are in a better prepared position. And we don't want to curb productivity, but we want to also make, a very secure environment where people can. >> That's a great point is it has to be frictionless. I do have a question for you guys with respect to SaaS applications. I talk to a lot of customers using certain SaaS applications who have this sort of, there's a, a dual responsibility model there, where the SaaS vendors responsible for the application protection. But Mr. and Miss customer, you're responsible for the data, we are. Are you finding that a lot of organizations are going help. We've got, Google workspace, Microsoft 365, Salesforce, that, and it's really incredibly business critical to data. Dell technologies help us protect this, because this is on vulnerability that we were not aware of. >> Absolutely, and that's why we have the backup service with APEX, where we can actually have stats, data which is backed up using IEX solution for backup recovery. So, yes, that's very critical. We have the end to end portfolio for backing it up, having the vault, which is a air gap solution, recovering from it when you have an attack. And I think the value prop that Dell brings to the table is we have the client side and we have the data center side, With the Multi-cloud. So we provide a completely hardened infrastructure, where we all the way from supply chain to secure OS, secure boot and secure image. Everything is kind of hardened with stick hardening on top of that. And then we have the services layer to go and make sure we can assess the risks, we can detect and respond, we can recover. So that we can keep our customers completely secure. That's the value prop that we bring to the table with unmatched scale of Dell services. In terms of the scale that we bring to the table to our customers and help them out. >> It's an interesting opportunity. And it's certainly from a threats perspective, one that's going to persist. Obviously we know that, great that there's been such a focus from Dell on cyber resiliency for its customers, whether we're talking about multi-cloud OnPrem, public cloud, SaaS applications, it's critical. It's a techno, it's a solution that every industry has to take advantage of guys. Thank you so much for joining us. I wish we had more time. I could talk about this all day. >> Thank you. >> Great work going on there. Congratulations on what was going on with APEX and the announcement, and I'm sure we'll be hearing more from you in the future. >> Excellent. Thank you, Lisa. We are super excited about Dell services and what we can bring for managed security services for our customers. >> Excellent. >> Appreciate it. >> Thanks guys. >> Thank you. >> For our guests and for Dave Vellante. I'm Lisa Martin, you're watching theCube live from day two of our coverage of Dell technologies World, live from Las Vegas. Dave and I will be right back with our last guest of the day. (gentle music)

(bright music) >> Welcome back to HPE Discover 2021. My name is Dave Vellante and you're watching theCUBE's virtual coverage of HPE's big customer event. Of course, the virtual edition and we're going to dig into transformations, the role of technology and the role of senior technology leadership. Look, let's face it, HPE has gone through a pretty dramatic transformation itself in the past few years so it makes a great example in case study and with me is Rashmi Kumar who is the senior vice president and CIO at HPE, Rashmi welcome come on inside theCUBE. >> Hi Dave nice to be here. >> Well it's been almost a year since COVID you know changed the world as we know it. How would you say the role of the CIO specifically in generally IT has changed? I mean you got digital, zero trust has gone from buzzword to mandate, digital, everybody was you know complacent about digital in many ways and now it's really accelerated, remote work, hybrid, how do you see it? >> Absolutely, as I said in the last Discover that COVID has been the biggest reason to accelerate digital transformation in the companies. I see CIO's role has changed tremendously in the last 15 months. It's no more just keep the operations running, that's become a table stake. Our roles have become not only to create digital customer experience, engage with our customers in different ways, but also to transform the company operations from inside out to be able to give that digital experience from beginning to end of the customer engagement going forward. We have also become responsible for switching our strategies around the companies as the COVID hit in different parts of the world at different times and how companies structured their operations to go from one region to another, a global company like HPE had to look into its supply chain differently, had to look into strategies to mitigate the risk that was created because of the supply chain disruptions, as well as you go to taking care of our employees. How do you create this digital collaboration experience where teams can still come together and make the work happen for our end customers? How do we think about future employee engagement when people are not coming into these big buildings and offices and working together, but how do you create the same level of collaboration, coordination, as well as delivery of faster, good and services which is enabled by technology going forward. So CIO and IT's role has gone from giving a different level of customer experience to different level of employee experience, as well as enabling day-to-day operations of the companies. CEOs have realized that digital is the way to go forward, it does not matter what industry you are in and now CIOs have their seat at the table to define what the future of every company now which is a technology company irrespective you are in oil and gas, or mining, or a technical product, or a car or a mobility company, end of the day you have to act and behave like a technology company. >> So I want to ask you about that because you've been a CIO at a leading technology provider now for the last three years and you've had previous roles and were, you know non-technical, technology, you know, selling to IT companies and as you point out those worlds are coming together. Everybody's a technology company today. How do you think that changes the role of the CIO because it would always seem to me that there was a difference between a CIO at a tech company you know what I mean by that and a CIO at sort of every other company is, are those two worlds converging? >> Absolutely and it's interesting you pointed out that I have worked in many different industries from healthcare and pharma, to entertainment, to utilities and now at a technology company. End of the day the issues that IT deals with are pretty similar across the organization. What is different here is now my customers are people like me in other industries and I have little bit of an advantage because just having the experience across various ecosystem even that HPE look I was fortunate at HPE because of Antonio's leadership we had top-down mandate to transform how we did business and I talked about my NextGEN IT program in last year's CUBE interview. But at the same time while we were changing our customer, partner's experience from ordering, to order processing, to supply chain, to finance, we decided this pivot of becoming as a service company. And if you think about that pivot, it's pretty common. If it was a technology company or non-technology company. At HPE we were very used to selling a product and coming back three years later at the time of refresh of infrastructure or hardware. That's no more true for us. Now we are becoming an as a service or a subscription company and IT played a major role to enable that quote-to-cash experience which is very different than the traditional experience, around how we stay connected with our customer, how we proactively understand their behavior. I always talk about this term digital exhaust which results into data, which can result into better insight and you can not only upsell, cross-sell because now you have more data about your product usage, but first and foremost give what your customer wants in a much better way because you can proactively understand their needs and wants because you are providing a digital product versus a physical product. So this is the change that most of the companies are now going through. If you look at Domino's transition, they are pizza sellers but they did better because they had better digital experience. If you look at Chipotle, these are food service companies. Ikea which is a furniture manufacturer, across the board we have helped our customers and industries to understand how to become a more digital provider. And remember when HPE says edge to cloud platform as a service, edge is the product, the customers is what we deal with and how do we get that, help them get that data, understand how the product is behaving and then get the information to cloud for further analysis and understanding from the data that comes out of the products that they sell. >> I think you've been at HPE now I think around three years and I've been watching of course for decades, you know HPE, well HP then HPE is, I feel like it's entering now that sort of third phase of its transformation, your phase one was okay we got to figure out how to deal or operate as separate companies, okay, that took some time and then it was okay, now how do we align our resources? And you know what are the waves that we're going to ride? And how do we take our human capital, our investments and what bets do we place? And you're all in on as a service and now it's like okay, you know how do we deliver on all those promises? So pretty massive transformations. You talked about edge to cloud as a service so you've got this huge pivot in your business. What's the technology strategy to support that transformation? >> Yeah, that's a great question. So as I mentioned first, your second phase which was becoming a stand-alone company was the NextGEN IT program where we brought in S4 and 60 related ecosystem application where even in the traditional business there was a realization that we were 120 billion company, we are a 30 billion company, we need different types of technologies as well as more integrated across our product line, across the globe and we, I'm very happy to report that we are the last leg of NextGEN IT transformation. Where we have brought in new customer experience through low-touch or no-touch order processing, a very strong S4 capabilities where we are now able to run all global orders across all our hardware and services business together and I'm happy to report that we have been able to successfully run through the transformation which a typical company of our size would take five or six years to do in around close to three years. But at the same time while we were building this foundation and the capabilities to be able to do order management supply chain and data and analytics platforms, we also made the pivot to go to as a service. Now for as a service and subscription selling, it needs a very different quote-to-cash experience for our customers. And that's where we had bring in platforms like BRIM to do subscription billing, convergent charging and a whole different way to address. But we were lucky to have this transformation completed on which we could bolt on this new capability and we had the data analytics platform built which now these as a service products can also use to drive better insight into our customer behavior as well as how they're using our product real time for our operations teams. >> Well they say follow the money, in theCUBE we love to say follow the data. I mean data is obviously a crucial component of competitive advantage, business value, so talk a little bit more about the role of data, I'm interested in where IT fits. You know a lot of companies they'll have a chief data officer, or a CIO, sometimes they're separate sometimes they work, you know for each other, or CDO works for CIO, how do you guys approach the whole data conversation? >> Yeah that's a great question and has been top of the mind of a lot of CEOs, CIOs, chief digital officers in many different companies. The way we have set it up here is we do have a chief data officer and we do have a head of technology and platform and data lake within IT. Look the way I see is that I call the term data torture. If they have multiple data lakes, if they have multiple data locations and the data is not coming together at one place at the first time that it comes out to the source system, we end up with data swamps and it's very difficult to drive insights, it's very difficult to have single version of truth. So HPE had two-pronged approach. First one was as part of this NextGEN IT transformation we embarked upon the journey first of all to define our customers and products in a very uniform way across the globe. It's called entity master data and product master data program. These were very, very difficult program. We are now happy to report that we can understand the customer from cold stage to servicing stage beginning to end across all our system. It's been a tough journey but it was effort well spent. At the same time while we were building this master data capability we also invested time in our analytics platform. Because we are generating so much data now globally as one footprint, how do we link our data lake to our SAP and Salesforce and all these systems where our customer data flows through and create analytics and insight from it from our customers or our operations team. At the same time we also created a chief data officer role where the responsibility is really to drive business from understanding what decision making and analytics they need around product, around customer, around their usage around their experience to be able to drive better alignment with our customers and products going forward. So this creates efficiencies in the organization. If you have a leader who is taking care of your platforms and data, building single source of truth and you have a leader who is propagating this mature notion of handling data as enterprise data and driving that focus on understanding the metrics and the insight that the businesses need to drive better customer alignment, that's when we gain those efficiencies and behind the scenes the chief data officer and the data leader within my organization work very, very closely to understand each other needs, sometimes art of the possible, where do we need the data processing? Is it at the edge? Is it in the cloud? What's the best way to drive the technology and the platform forward? And they kind of rely on each other's knowledge and intelligence to give us superior results. And I have done data analytics in many different companies, this model works. Where you have focus on insight and analytics without, because data without insight is of no value. But at the same time you need clean data, you need efficient, fast platforms to process that insight at the functional non-functional requirement that our business partners have. And that's how we have established in here and we have seen many successes recently as of now. >> I want to ask you a kind of a harder, maybe it's not a harder question it's a weird question around single version of the truth. 'Cause it's clearly a challenge for organizations and there's many applications, workloads that require that single version of the truth, the operational systems, the transaction systems, the HR, the Salesforce and clearly you have to have a single version of the truth. I feel like, however we're on the cusp of a new era where business lines see an opportunity for whatever, their own truth to work with a partner to create some kind of new data product. And it's early days in that but I wonder, maybe not the right question for HPE but I wonder if you see it with in your ecosystems where it's yes, single version of truth is sort of one class of data and analytics got to have that nailed down, data quality, everything else. But then there's this sort of artistic version of the data where business people need more freedom, they need more latitude to create. Are you seeing that? Maybe you can help me put that into context. >> That's a great question Dave and I'm glad you asked it so. I think Tom Davenport, who is known in the data space talks about the offensive and the defensive use cases of leveraging data. I think the piece that you talked about where it's clean, it's pristine, it's quality, it's all that, most of those offer the offensive use cases where you are improving companies' operations incrementally because you have very clean data, you have very good understanding of how my territories are doing, how my customers are doing, how my products are doing, how am I meeting my SLAs or how my financials are looking, there's no room for failure in that area. The other area is though which works on the same set of data. It's not a different set of data but the need is more around finding needles in the haystack to come up with new needs, new wants in customers or new business models that we go with. The way we have done it is we do take this data, take out what's not allowed for everybody to be seen and then what we call is a private space but that's this entire data available to our business leader not real time, because the need is not as real time because they are doing more, what we call this predictive analytics to be able to leverage the same data set and run their analytics. And we work very closely with business units, we educate them, we tell them how to leverage this data set and use it and gather their feedback to understand what they need in that space to continue to run with their analytics. I think as we talk about hindsight, insight and foresight, hindsight and insight happens more from this clean data lakes where you have authenticity, you have quality and then most of the foresight happens in a different space where the users have more leverage to use data in many different ways to drive analytics and insights which is not readily available. >> Great thank you for that. That's an interesting discussion. You know digital transformation it's a journey and it's going to take you know many years. I know a lot of ways, not a lot of ways, 2020 was a forced march to digital you know. If you weren't a digital business you were out of business and so you really didn't have much time to plan. So now organizations are stepping back saying, okay, let's really lean into our strategy, the journey and along the way, there's going to be blind spots, there's bumps in the road, when you look out what are the potential disruptions that you see maybe in terms of how companies are currently approaching their digital transformations? >> That's a great question Dave and I'm going to take a little bit more longer-term view on this topic, right? And what's top of my mind recently is the whole topic of ESG, environmental, social and governance. Most of the companies have governance in place right? Because they are either public companies, or they're under some kind of scrutiny from different regulatory bodies or whatnot even if you're a startup you need to do things with our customers and whatnot. It has been there for companies, it continues to be there. We the public companies are very good at making sure that we have the right compliance, right privacy, right governance in place. Now we'll talk about cybersecurity I think that creates a whole new challenge in that governance space, however we have the setup within our companies to be able to handle that challenge. Now, when we go to social, what happened last year was really important. And now as each and every company we need to think about what are we doing from our perspective to play our part in that and not only the bigger companies, leaders at our level I would say that between last March and this year I have hired more than 400 people during pandemic which was all virtual, but me and my team have made sure that we are doing the right thing to drive inclusion and diversity which is also very big objective for HPE and Antonio himself has been very active in various round tables in US at the World Economic Forum level and I think it's really important for companies to create that opportunity, remove that disparity that's there for the underserved communities. If we want to continue to be successful in this world to create innovative product and services we need to sell it to the broader cross section of populations and to be able to do that we need to bring them in our fold and enable them to create that equal consumption capabilities across different sets of people. HPE has taken many initiatives and so are many companies. I feel like the momentum that companies have now created around the topic of equality is very important. I'm also very excited to see that a lot of startups are now coming up to serve that 99% versus just the shiny ones as you know in the Bay Area to create better delivery methods of food or products right? But the third piece which is environmental is extremely important as well. As we have seen recently in many companies and where even the dollar or the economic value is flowing are around the companies which are serious about environmental. HPE recently published it's a Living Progress Report, we have been in the forefront of innovation to reduce carbon emissions, we help our customers through those processes. Again, if we don't, if our planet is on fire none of us will exist right? So we all have to do that every little part to be able to do better. And I'm happy to report I myself as a person solar panels, battery, electric cars, whatever I can do. But I think something more needs to happen right? Where as an individual I need to pitch in but maybe utilities will be so green in the future that I don't need to put panels on my roof which again creates a different kind of race going forward. So when you ask me about disruptions, I personally feel that successful company like ours have to have ESG top of their mind and think of product and services from that perspective, which creates equal opportunity for people, which creates better environment sustainability going forward and you know our customers, our investors are very interested in seeing what we are doing to be able to serve that cause for bigger cross section of companies. And I'm most of the time very happy to share with my CIO cohort around how our HPEFS capabilities creates or feeds into the circular economy, how much e-waste we have recycled or kept it off of landfills, our green lake capabilities, how it reduces the e-waste going forward, as well as our sustainability initiatives which can help other CIOs to be more carbon neutral going forward as well. >> You know that's a great answer Rashmi thank you for that 'cause I got to tell you I hear a lot of mumbo jumbo about ESG but that was a very substantive, thoughtful response that I think tech companies in particular are, have to lead and are leading in this area. So I really appreciate that sentiment. I want to end with a very important topic which is cyber it's, obviously you know escalated in the news the last several months, it's always in the news but, you know 10 or 15 years ago there was this mentality of failure equals fire. And now we realize, hey they're going to get in, it's how you handle it. Cyber has become a board-level topic. You know years ago there was a lot of discussion, oh you can't have the SecOps team working for the CIO because that's like the fox watching the hen house that's changed. It's been a real awakening, a kind of a rude awakening so the world is now more virtual, you've got a secure physical assets. I mean any knucklehead can now become a ransomware attacker, they can buy ransomware as a service in the dark web so that's something we've never seen before. You're seeing supply chains get hacked and self-forming malware I mean it's a really scary time. So you've got these intellectual assets it's a top priority for organizations. Are you seeing a convergence of the CISO role, the CIO role, the line of business roles relative to sort of prior years in terms of driving security throughout organizations? >> Yeah this is a great question and this was a big discussion at my public board meeting a couple of days ago. It's, as I talk about many topics, if you think digital, if you think data, if you think ESG, it's no more one organization's business, it's now everybody's responsibility. I saw a Wall Street Journal article a couple of days ago where somebody has compared cyber to 9/11 type scenario that if it happens for a company that's the level of impact you feel on your operations. So, you know all models are going to change where CISO reports to CIO, at HPE we are also into product security and that's why CISO is a peer of mine who I work with very closely, who also worked with product teams where we are saving our customers from lot of pain in this space going forward and HPE itself is investing enormous amount of efforts and time in coming out of products which are secure and are not vulnerable to these types of attacks. The way I see it is CISO role has become extremely critical in every company and a big part of that role is to make people understand that cybersecurity is also everybody's responsibility. That's why an IT we propagate DevSecOps, as we talk about it we are very, very careful about picking the right products and services. This is one area where companies cannot shy away from investing. You have to continuously looking at cybersecurity architecture, you have to continuously look at and understand where the gaps are and how do we switch our product or service that we use from the providers to make sure our companies stay secure. The training not only for individual employees around anti-phishing or what does cybersecurity mean, but also to the executive committee and to the board around what cyber security means, what zero trust means, but at the same time doing drive-ins. We did it for business continuity and disaster recovery before, now it is time we do it for a ransomware attack and stay prepared. As you mentioned and we all say in tech community, it's always if not when. No company can take them their chest and say, "oh we are fully secure," because something can happen going forward. But what is the readiness for something that can happen? It has to be handled at the same risk level as a pandemic, or a earthquake, or a natural disaster and assume that it's going to happen and how as a company we will behave when something like this happens. So I'm huge believer in the framework of protect, detect, govern and respond as these things happen. So we need to have exercises within the company to ensure that everybody's aware of the part that they play day to day but at the same time when some event happen and making sure we do very periodic reviews of IT and cyber practices across the company, there is no more differentiation between IT and OT. That was 10 years ago. I remember working with different industries where OT was totally out of reach of IT and guess what happened? WannaCry and Petya and XP machines were still running your supply chains and they were not protected. So, if it's a technology it needs to be protected. That's the mindset people need to go with. Invest in education, training, awareness of your employees, your management committee, your board and do frequent exercises to understand how to respond when something like this happen. See it's a big responsibility to protect our customer data, our customer's operations and we all need to be responsible and accountable to be able to provide all our product and services to our customers when something unforeseen like this happens. >> Rashmi you're very generous with your time thank you so much for coming back in theCUBE it was great to have you again. >> Thank you Dave, it was really nice chatting with you. >> And thanks for being with us for our ongoing coverage of HPE Discover '21. This is Dave Vellante you're watching the virtual CUBE, the leader in digital tech coverage we'll be right back. (bright music)

>> Announcer: From Las Vegas, it's theCUBE. Covering Qualys Security Conference 2019. Brought to you by Qualys. >> Hey, welcome back everybody. Jeff Frick here with theCUBE. We're at the Bellagio Hotel in Las Vegas, at the Qualys Security Conference. This conference has been going on for 19 years. It's our first time to be here. We're excited to be here, but it's amazing that they've just been clipping along through wave after wave after wave. They've got some new announcements today and we're excited to get the full rundown here. Our next guest is Chris Carlson, the VP of Strategy from Qualys. Chris, great to meet you. >> Great, thanks, great to be here. >> Yeah, so you just got out of your session. How did your session go? >> Yeah, it was fantastic. In fact, that's the great thing about a Qualys Security Conference, because we have the ability to not only interact with our customers and partners, but actually showcase what's new, but also what we're working on coming in the future. >> Jeff: Right. >> And that's really important for us at Qualys because we get the feedback from the customers early, and we can work very closely with them to find the right set of solutions and the right products for their use in their environment and programs. >> Now, the security landscape has changed quite a bit over the last two decades, and Phillipe's keynote, I mean he is right on the edge in terms of really appreciating cloud and the benefits of cloud. You guys have a lot of great integration partners. You know, did you have to re-architect this thing, at some point down the road? I mean it's pretty amazing that you've been at it for two decades and still really sitting in a good spot here as kind of the cloud and IOT and 5G and this next big wave of innovation starts to hit. >> Well that's right, and I think that's why it starts with that vision, but it's not just a vision of where the market is going, but the vision of where technology is going. So when Qualys started, they started in the cloud, and they started with the cloud delivered architecture. And that was really, maybe early for a lot of first customers. 20 years ago security was maybe not as much, and put security in the cloud, that's where all the bad guys are. But it's really that architecture vision technology that allowed us to not only innovate quickly on a platform, but as our customers grew, as our customers moved to the cloud, as our customers moved to IOT and OT and mobile computing and those aspects, we're already there. >> Jeff: Right, right. >> We're already there. So and that is what really the advantage for us is, we don't have to re-architect our platform, we can layer on new capabilities and new services, new products leveraging the existing architecture that we've developed in the cloud. >> Yeah, it's really little bit of good fortune, a little bit of luck, a little bit of smarts, right. >> I think it's maybe a lot of experience and smarts from that. >> Well, it's just funny right, 'cause we had John Chambers on not that long ago, and his kind of computing waves, he was using kind of 10 year waves as kind of the starting points. And Phillipe's were a little bit longer, but it's the same kind of story with mainframes and minis and client server and now cloud, but as he said, and as you've reinforced, if you don't architect it to be able to do that at the beginning, you can't necessary repurpose it for this new application. It's really architecture-specific, and without that kind of vision, you're not going to be able to take advantage. >> That's right. >> Of these kind of new waves. >> Exactly, and I think that architecture breaks down into different levels. So one is systems architecture, but there's also the design architecture. So the technologies that we're using on our platform today aren't the same 20 years ago. We've swapped out those technologies. We use new modern technologies. Technically, like Kafka streaming blasts to do real-time event streaming. Cassandra for object data store. Those did not exist five or six years ago. But from our architecture that we're collecting lightweight data from our customers, and analyzing it in our cloud platform. Doesn't matter if we have one million events, a billion events, a hundred billion events, the platform can scale the process of those. >> Right. The other piece clearly that you've mentioned two or three vocabulary words right there is the open source component. You know, the open source has grown dramatically since the early days of Linux, both in terms of market acceptance as well as kind of new opportunities for things like Kafka to be able to grab that type of , integrate it into your product set and really drive a whole bunch of extra value. >> Yeah, that's right. I think we benefit as Qualys is using some of these open source technologies and we do contribute back, because we work with those teams. If there's any defects or performance enhancements, we do that. But while we've benefited from some of the open source technologies, our customers have benefited as well. Now they've benefited from new technology architectures, but in some cases they've benefited from new security problems. So if you get commercial off-the-shelf software, the vendor produces a security patch, they test that patch and they can apply the patch. In many cases with some open source software it's not like that. The customer has to get the software, compile it, make sure it works. Maybe it doesn't fix the vulnerability, and that's why in that case for them open-source technology can improve some of their IT systems and their business initiatives, but it puts a challenge on security to keep up with all the security risks that are happening across the board. >> Right. So one of the big announcements today was the VMDR. >> That's right. >> Tell us all about it. >> Great, so VMDR stands for Vulnerability Management Detection and Response, and that really is a capability that we've actually had in the platform itself, but the feedback from our customers were that internally their own people, their own process and their own tools created these artificial silos that prevented them from actually doing security detection and remediation at scale quickly. We have all these capabilities in the Qualys platform anyway, but with this new VMDR bundle we're bringing it together with new automation, new workflow, new orchestration, new user interfaces that actually reduce the time to remediate down to near zero in some cases. So, we had an example of a live attack that happened two years ago, WannaCry with EternalBlue, and many companies did nothing for two months. So they had the right tools, but maybe the data silos to go from one application to another application, to one team to another team just increased that length of when they could remediate. Our customers that had Qualys already had that data within the Qualys platform. We can tell them what assets they have, what the vulnerabilities were, that WannaCry was a big thing happening. And then with our patch management they can click one button and then just fix those assets easily. >> Jeff: Right, right. >> That was two years ago. Now this summer something called Blue Key. So Blue Key and Deja Blue is another attack that's happening, is going on right now. People don't know about it. Well, maybe not you. (laughing) Maybe if you're a Windows. >> I got nothing, I got nothing. >> Maybe if he has a Windows Operating System he's being attacked right now, I don't know about that. But a lot of our customers here, they're struggling with that every day. Not that Qualys can't tell them where it is, but they have to rely on another team to actually fix it. And that's what's so exciting about VMDR, Vulnerability Management Detection and Response, is the D and the R, the detection and the response allow them to remediate in a full life-cycle very quickly, very effectively, and with a high confidence that it has actually corrected those issues. >> Yeah, it's really interesting. You know, kind of the application versus platform conversation. You guys are integration partners with ServiceNow. Fred Luddy's been on many, many times, and tells a great story. You know, he wanted to build a platform, but you can't go to market with a platform. You got to go to market with an application, hopefully get some traction, and over time he started adding more applications, and it was pretty interesting listening to you guys. >> Well, I was actually going to stop you right there if you don't mind. >> No. >> The marketing people go to market with the platform. The marketing people say, "Hey version one is a platform." >> To their customers? But nobody's got a line-item to buy a new platform today, right. >> Exactly, and that's sort of the disconnect. >> Right. >> Really with normal enterprise sales models and technology. The marketing sales disconnect versus the technical reality that customers depend on for their environment. >> But if you do it right, then you can build that application stack, and I think in their earnings call, your guys last earnings call, you defined seven specific applications that sit on this platform that enabled in you to bundle and have kind of multi-application integration in the new VDMR. >> Yes, that's right, and I think that the difference with Qualys is they knew that the architecture was important. So our vulnerability management was an application on the architecture when it first launched 20 years ago. >> Right. >> And that really helped us going forward. So from the earnings call it's seven product capabilities on our lightweight agent, but the entire Qualys platform has 19 different product capabilities, in the same platform using the same user interface model and the VMDR takes many of those and bring it together in that single bundle on a per asset basis. >> Okay great, thanks for that clarification. Slight shift of focus. Another thing that came up in Philippe's keynote was kind of re-architecting the sales side and the market bundles that you guys are going to go to market with over time. And he broke it down into really only four big buckets of categories. Cloud providers, I think managed security service providers, enterprises, and I can't remember what the the last one was. Oh, OT and IOT vendors. >> Chris: IOT, correct, yes. >> So as you kind of look forward in the way that you're going to develop your products to go to market, how is that impacting your strategy, and are you seeing that start to play out in the marketplace? >> Yes, when we look at security technology and actually part of his keynote, he had this slide that had, you couldn't zoom in, because there's a million logos on this slide, security companies. And you go to some of the security shows, there's 800 vendors in the exhibit hall. >> Jeff: Oh yeah, we go to RSAC. I mean that that's why, it's chaos, right. >> So it's crazy, it's crazy. And there was an analyst that actually said a couple years ago that whenever there's a new threat, there's a new tech. Here's a new threat vector, now there's five new startups. And is that new threat vector super narrow, and it's only a feature, or is it a product, but our view of Qualys was a little bit different in that while the buying centers may be different, while some of the assets may be different, an OT asset versus a cloud asset versus the endpoint asset, the ability to discover it, identify it, categorize it, assess it, prioritize and remediate it is the same. That is the same. So whether it is a PLC on a shop floor from a car manufacturing, or a ecommerce web server that's running in a public cloud, or an end-user machine, the process to identify assess and remediate is exactly the same through us at Qualys with their platform. Different sensors for different asset types, normalized security data and different remediation approaches for different asset types, but all the same platform. >> But it sounds like you're doing some special stuff with Azure. >> Chris: Yes. >> So, tell us a little bit about kind of what's special about that relationship, what's special about that solution. >> Yeah, and that integration was announced two weeks ago at Microsoft Ignite, which is a big Microsoft show, and that really is a close partnership that we have with Microsoft. We actually did an early integration with them four years ago, but this is a lot deeper. And that really is Phillipe's and Qualys vision that security needs to be built in and not bolted on. >> Jeff: Right. >> That if you take, let's take a car for example. When you buy a car, you don't buy the car without a seat belt, an airbag, maybe a radio. You don't buy it without tires, it all comes together. You don't buy a car, then go to the seatbelt shop, and then buy a car and then go to the airbag shop. It all comes together, and that's what we're very excited about this announcement with Microsoft and Azure is that the vulnerability assessment is powered by Qualys already built into Azure. So there may be a whole set of customers that know nothing about Qualys, know nothing about our 20-year history, know nothing about our conference. they go to Microsoft Azure's, the security center, and it goes, "Assess your vulnerabilities," click a button and there's the vulnerability information. So this opens up a new capability for customers that they may not have used, but more importantly bringing security into IT without them knowing that they're doing security. And that is very powerful. >> So is it like a white label, under the covers or? >> So, it's not a white label, it's a joint integration. >> Chris: Okay. >> And it's a Microsoft Azure. >> Chris: So they eventually have, probably is in the bottom of the report. >> Powered by Qualys, powered by Qualys, right, so we got to have that name in there. >> Right, right, right, good. >> And what's exciting about Microsoft Ignite is that we had a lot of Microsoft IT and dev people come up to our Qualys booth and say, hey I don't know much about Qualys, but I get this report of things that I need to fix, tell me more about what you're doing and how can we help that fix faster. >> Chris: Right. >> And it's really about speed. Time to market, time to acquire customers, time to service customers, but more importantly time to produce new technology, time to secure the new technology, and lastly, unfortunately, time to respond to security events that may have happened in your network. >> And I presume they can buy more of the suite through the, and run it on the Azure stack. >> Yes, that's right. In fact, all of our capabilities can go on there from it, and that really is a strong partnership. In fact the group product manager for Azure is speaking at Qualys Security Conference just later today. That really shows a testament of the deep integration of partnership that we have with them. >> All right, Chris, before I let you go, you're the strategy guy. So as you look down the road in your crystal ball, I won't say more than three years, two years, three years, four years. What are some of the things you're keeping an eye on, what are the things you're excited about, what are the things you're a little concerned about? >> Well, I think that the things that we're excited about is a vision that Philippe and of course Ahmet has painted for it, is that the computing environment is accelerating dramatically, it's fragmenting dramatically. 5g might be a complete game-changer across the board. We have some of our large customers that have a project that they call Data Center Zero. 17 data centers, in two years, no data centers at all. I say that in their corporate offices they have laptops and printers, that's it. How do you secure and assess an environment that is ephemeral and that is virtual and that is remote, and that's where the Qualys platform architecture can move along with those customers. Our very largest customers are the ones leading the charge, not only developing new capabilities, but also using them as they come out. So I think that's what we're very excited about. I think that's some areas that we're working deeper with our customers on, is at the end of the day, it's people, process, and tools. And we're working on the technology capability and stack that can also influence and make the process better, but ultimately the people have to come in and understand that security has to be built in, we have to shift left, integrate it into the dev cycle to really reduce that attack surface and have a stronger, more secure enterprise. >> All right Chris, well, think you're going to be busy for the next couple years. >> It's a exciting time, it's an exciting time for Qualys. >> All right, well again, congrats on the event. >> Thanks very much. >> Thanks for having us. Can't believe it's been here for 19 years and we haven't been here yet. So again, thanks for having us and congrats on all your success. >> Great, fantastic Jeff. >> All right, he's Chris, I'm Jeff. You're watching theCUBE. We're at the Qualys Security Conference in Las Vegas. Thanks for watching. We'll see you next time. (upbeat music)

(upbeat intro) >> From our studios in the heart of Silicon Valley, Palo Alto California, this is a CUBE conversation. >> Hello everyone, welcome to the Palo Alto studios of theCUBE, I'm John Furrier host of theCUBE, we're here with a special power panel on industrial IOT, also known as IIOT, industrial IOT, and cybersecurity, with the theme being apocalypse now or later, when will the rug be pulled out from everyone, when will people have to make a move on making sure that the network and security are all teed up and all locked down, as IOT increases the surface area of networks, industrial IOT, where critical equipment or infrastructure is being run for businesses. Got a great panel here, we got Gabe Lowy who's the founder and CEO of Tectonic Advisors, and author of an upcoming research paper on this particular topic. Bryan Skene, vice president of product development at Tempered Networks, and Greg Ness, the CMO, who happened to be available to join us from Tempered Networks as well. Guys, thanks for spending the time to come on this power panel. >> Great to be here. >> So, convergence is a theme we've heard every wave of innovation, the convergence of this, the convergence of networks and apps. Now more than ever, there's a confluence of multiple waves of convergence happening, you're seeing it right now, infrastructure turned into cloud, big data turned into machine learning and AI, you've got future infrastructure like Blockchain around the corner, but in the middle of all this, the security, data, networking, this is kind of the beginning of a cloud 2.0 dynamic, where pure cloud is great for computing network, you native born in the cloud, you scale it up, it's great. Still got challenges but if you're a large company, and you want to actually operate cloud scale anything, and have instrumentation, internet of things, devices, sensors, in factory's, in plants, in cars, your game is changing, if it's connected to the network, it's got power and connectivity, a terrorist, a hacker, a digital terrorist can come in and do all kinds of damage. This is the topic. So Greg, we talked about this panel, what was the motivation for this, what's your thoughts? >> Well, it occurred to us that you know, as you look at all the connectivity that's you know, underway, billions of devices being connected, the level of scale, complexity, and the porosity of what's being connected, is just really incomprehensible, to the people that developed the internet, and it's raising a lot of issues. All around, basically, the number of devices the inability to protect and secure and update those devices, and the sheer amount of money and effort that would have to be applied to protect them is beyond the scope of current IT security stuff. IT's not ready. >> IT, certainly, you and I talk about this all the time, but you know, I love the hype and you know, digital transformation's going to save the world Gabe, talk about the dynamics because the title of this panel, really the subtitle is apocalypse now or later, and this seems to be the modus operandus is that you know, you know what has to hit the fan before any action is taken, you see Capital One, there isn't a day gone by where there's some major breach, major hack, it's a firewall for Capital One, going to an open S3 bucket from some girl whose bragging about it on Twitter, wasn't really a serious hacker, then you've got adversaries that are organized, whether it's state sponsored and or real money making underbelly activities happening, you know there are digital terrorists out there, there are digital thieves, the surface area with IOT is absolutely opened up, we kind of know that, but industrial IOT, just talking about industrial equipment, industrial activities, whether it's critical infrastructure or planting equipment for a company, this is a huge digital problem. What's your take, what's your thesis? >> Yes it is, and building on what Greg said, there's an interesting gap from both sides. The first is that this industrial equipment or critical infrastructure, some of it goes back 20, 25 years. It was not architected to be connected to the internet, but yet with this digital transformation that you eluded to, companies want to find ways of getting that data, putting it into various analytics engines to improve cost efficiencies or decision outcomes. But how do you do that with a lot of equipment out there that runs on different operating systems and really was not built for internet connections. The other side of the gap is that your traditional IT security technologies, firewalls, intrusion protection, VPN's, they in turn were not built or architected to secure this IIOT infrastructure. And that gap creates the vulnerability that opens the door for cyber criminals to come in, or state sponsored cyber attackers to come in and do some serious damage. >> Bryan, I want you to weight in here. You're a network guy, you've been around the block, you've seen the networks evolve, the primitives were clear, the building blocks internet were, the DNS ran, most of what the internet right now, whether you're talking about from the marketing to routing, it's all DNS based, it's IP addresses as well under that. So you've got the IP address, you've got DNS, what else is there? What can be done? Why aren't these problems being solved by traditional firewalls and traditional players out there, is it just the limitation of the infrastructure? Or is there just more cultural DNA, you've got to evolve, what's your take on this? >> Yeah, um the way I think about this is that the internet that we know and we use was mostly built for human beings, I mean, it's been built for humans to use it, humans have discriminating tastes, they decide what to click on, for the most part they are skeptical, they learn through trial and error what's happened with- when people try to fool other people, a machine or you know, you've got a webpage and it's got something misleading, you learn that, you don't click on that any more. And the infrastructure we have today is built to help people avoid these problems, as well as drop packets when they can detect that something is just absolutely wrong. But machines, they don't know any of that, they're not discriminating, they've been built to, well if it's going to be on a network, to trust everything that's talking to them, and to send data and assume that the other side is also trusting them and just acting on the data. So it's just a fundamentally different problem, you know what traditionally the machine networks have had air gaps, they've been air gapped away from any other kinds of data or potential threat. And those air gaps are gone. >> So air gaps were supposed to save us, weren't they? But they're not are they? >> Well, they kept us going as Gabe alluded, for 20 -25 years, machines have been operating, operating critical infrastructure, but you know, with digitalization, with the opportunity to look at that data in the cloud, and do machine learning, and by the way machine learning's being done in the cloud just for scale, so the problem with getting the data from machines, or other things back into the cloud is a huge issue, and if there's an air gap between say the cloud and the thing, we might be somewhere. >> So a lot of incompatible architectures relative to what everyone's doing with cloud, and say hybrid and multi cloud. Gabe, you know the two worlds of information technology or IT people, and operational technology people, that tend to run the IOT world, you know you do sensors to factory floors to whatever, called OT people, operational technologies. I've always said that's a train wreck between those two cultures, they kind of don't like each other. You got IT guys, they're stacking and racking equipment, OT guys, stay out of my world I run propietary stacks, it's lockdown. Pretty locked down from a security standpoint, IT are pretty promiscuous just in the nature of it. As those two worlds collide, is that the thesis of the catastrophe model, as you see that world coming together, what's your thoughts on this? >> Yes, good question. That world has to come together, and I'll give you an analogy to this. About 10, 12 years ago, a lot of people were doubtful that Devops would ever take off, 'cause development guys really didn't like operations guys, they didn't like dealing with them. Here we are 10 years or so later, and everyone's pretty much adopted it, and they're seeing the benefits of it. This OT IT convergence takes it to a much higher level, because the stakes are so much higher, because a cyber attack can cause catastrophic damage. And as a result, these two teams are not only going to have to work together in harmony, but they're going to have to learn each other's stacks in the case of the OT guys, it's their traditional OSI networking stack for IT networks. And for the IT guys, they're going to have to learn the Purdue model, which was the model that's principally used in architecting these OT systems. And unless these two teams do work together, the vulnerabilities and probabilities for a catastrophic event increases significantly. >> That's a great example, Devops was poo-pooed on earlier on, I mean Greg, we were back in 2008 riffing on this, now it's the mainstream. Agilities come from it, the Lean startup, all kinds of cool things, people are talking about, we love cloud, great. Now we bring the OT world together, and IT world together, Gabe, what is the benefit, what is the key ethos around operating technologies and IT guys coming together? Because you know, dev ops would simply abstract away the complexity so developers don't have to do configuration and management, all that provisioning stuff, and still have the reliability. They called it infrastructure as code, so Devops was infrastructure as code, what's the ethos of the two worlds coming together from IT and OT? >> I think the ethos is at a very high level, it's risk management. Because the stakes are so high that the types of losses that could be incurred, you know you mentioned Capital One at the top of the program, yes those are financial losses, but imagine if the losses resulted in thousands or tens of thousands of people getting infected, or perhaps dying. So the need for these two teams to work together is absolutely critical, and so I'd say the key strategic approach to this, both from the IT and the OT side, is to go into it- into strategy or cyber strategy with the premise that the company has already been compromised. And so that starts to get your thinking away from legacy types of technologies that were not architected to prevent these new threats, or defend against them, and now these teams have to start working together from a totally different standpoint, to try and prevent the risks of those catastrophic losses. >> Greg, I want to get your thoughts, you've been in the IT businesses for a long time, you've been a major player in it, historian as well as us in IT, what do you see as contrast between the two cultures of IT and OT, because you got to lock down these networks, you got to have the teamwork between the two, because the surface area with IOT and industrial IOT is so massive, it's so complicated yet it's an opportunity at the same time it's an exposure, I mean just people working at home in IT, I mean the home is a great place to target people because all you got to do is get that light bulb from nest and you're at a fully threaded processor, you could run malware and get all the passwords from the person working at home. So again, from home to industrial, does IT even have the chops to get there? >> Not the way they're architected today around the TCP- IP stack, and that's the challenge, right? So from the 90's to this era, whether it's the mainframes to the networks to the internet to the enterprise web et cetera, compared to this we've had relatively incremental change, as surprising as that sounds. You know, devices being added and every year, every other year, every three years, people are upgrading those endpoints, they're adding more sophisticated security. But this world that you referred to, the world's in collision. It's not evolving at all in parallel. So, you've got devices with no security in mind they're being connected, and you know, calling it the industrial internet of things almost underwhelms what the risk is, it should be the internet of places or spaces, because what these devices can control, control of a factory, a hospital, et cetera, and you think back you know, yes you've got historical perspective, you don't have to go back very far when the Russians were attacking Ukraine, you know, WannaCry, NotPetya, you know they spread all over the place in a matter of weeks, UK hospitals were running on carbon paper, postponing procedures, Maersk shipping had they're shipping- they lost control of their ships at sea, and now you've got VxWorks coming along, saying you know, you're going to have to update that, because there's some serious vulnerabilities here, VxWorks is deployed to cross billions of devices, so I don't think historically there's really a precedent, I mean, if you want to tap into a common interest with military history, you don't even have the semblance of a Maginot Line, and that was a pretty imperfect protection scheme. >> I mean, the opportunity to infect governments, take 'em down within misinformation to actually harming people say through hospital hacks for instance, you know, people could- lives were in danger. And there's also other threats, I mean, you mentioned, it takes one device to be penetrated, at home or at work, I saw an article, came across my desk I saw IBM did some research, this concept of war shipping, where hackers ship their exploits directly on WiFi devices, so people get these devices, hey, free you know, nest light bulb or whatever's going on, they install in their home, oh it's got, I got a free WiFi router, uh-uh, it's got built in malware. It's just got WiFi connectivity. So again, the exploits are getting more complicated, Bryan, the network has to be smart. At the end of the day, this cloud 2.0 theme is beyond compute and storage, networking and security are two underdeveloped areas that need to evolve very quickly to solve these problems, what's your take on this. >> Well, my take on that is that our approach is that if the network has to be so smart that it can watch everything and understand what's good and bad, then we're doomed, so we're going to need to also combine watching packets, the traditional method, deep packet inspection, with divide and conquer. Frankly, it's-as Tom and I said before, the air gaps are gone for OT. I think we need to figure out a way to divide up the networks of things, and give them clean networks if possible, and try to segment them away from the network that the rest of the things are on. So, you know, we don't have enough compute power, we don't have enough memory and resources, but that's not really the fit. We just don't understand what is good traffic versus bad traffic, and we talk about Day Zero attack, and we talk about, try to chase that down with signatures, and you know the- you can watch transactions, people say AI and machine learning, but machine learning means learning good and bad from people. >> How do companies fix this, what's the answer to all this, or is there one? Or it's just going to take catastrophic loss to wake people up? >> Well we can't react to the problem, that's one thing that we all can probably- we all know that if we wait for the catastrophe, and then we try to react to that and solve it, that it's already gone, it's too late. I mean, this is a geometric expansion in complexity of the problem, I don't think there's a silver bullet, I think that there's going to be several things that need to be done, one is to keep inspecting traffic, but another one is again segmenting things that should be talking to each other, away from things that they should not be talking to. And trying to control the peers in the network of things. And you know, Greg something you said reminded me, fundamentally with networking, the TCP-IP, we are using the IP address, to mean the location say if we're talking about places, we're talking about the location of something and the identity of that thing, and most of our security policies, are spelled out in terms of something, an IP address, that is not under our control, and the network has to be kind of so complex as it is growing, with mass proxies, you know, motion, mobility, things are moving. A lot of this wasn't foreseen. >> So, Gabe and Greg, do we have to build new software, a new naming system? Do we have to kind of level up and put an extraction layer on top of the existing systems? What's the answer? >> The answer is a layered approach. Because to try and do a complete rebuild or a retrofit particularly with different operating systems, different versions, incompatible systems, billions of devices, and various types of security solutions that were not built for this, that's not a practical solution. So you've really got to go with an overlay strategy, people are always going to be the vulnerability, they'll fall for fishing attacks, that's why the strategy is that we're already compromised. So if the attacker is already in our network, how do we contain them from doing serious damage? So one strategy for this is micro-segmentation, which is a much more granular approach, to prevent that lateral movement once the attacker is inside the network. And then when you go from there, you can pair that with host identity protocol which has been around for a while, but that was architected specifically to address the networking and security requirements for IIOT environment, because it addresses that gap that we were talking about between traditional security solutions that lack this functionality, and it only allows white-listed communications between hosts or devices that are already approved and only approved to communicate with one another. So you could effectively do a lockdown even if the attacker is already inside your network. >> I want to get back to some of the criteria on this, and I want to also put the plug in for the TechTonic advisors report that's coming out that you are the author of, called securing critical infrastructure against cyber attacks, I read it, great paper. The line that I read, I want to get your thoughts I'm going to read it out loud, I'd love to get your thoughts on this Gabe or anyone else who wants to chime in, it says industrial IOT cybersecurity is beyond the scope of traditional firewall and VPN solutions would struggle to keep up with the scale and variety of modern attacks. What do you mean by that? Give an example, tell me what you mean by that sentence, and what examples can you give? >> Well, I'd say the most important thing is that firewalls were initially built to protect what we call north-south traffic. In other words, traffic that's coming in from the internet into the organization and back out. But now with network expansion, cloud adoption and more and more devices, industrial devices being connected, these firewalls cannot defend against that. They simply were not architected for it, they cannot scale to those proportions, and even if you're using software only versions, those aren't effective either because they do not protect against east-west or in other words lateral traffic. So if you're an organization moving IIOT data from your OT systems across your network into IP analytics systems or software, that's lateral movement. Your firewall- traditional firewall, just not going to be able to handle that and protect against it, so in simple terms, we need a new overlay not to say that firewalls are going away any time soon, they can still protect north-south traffic, but we need a new type of overlay that can protect this type of traffic, micro-segmentation is the strategy to do that and using host identity protocol or HIP protocol is what fills that gap that your traditional security tools were not designed to protect against. >> Greg, I want you to weigh in on this, because you're in this business now, you know the IT world, the criticality of what you just said is super critical to the nature of business, you know the catastrophic example's there, but IT does not move that fast, you know IT, IT'S like molasses, I mean they're slow. What is going to light a fire under IT to get them to be sensitive, I mean it's pretty obvious, can they get there, do they have to re-structure what has to happen in the IT world, because you know, it is a catastrophic end game here if they don't nail down this traffic protection. >> Well a part of the- you know, part of it is education. Because we've been- we've seen wave and wave of incremental innovation in the network, and when it happened it seemed so big and and it produced huge market cap growth with a lot of companies, you know play this guessing game of who is really connecting to the network. And it's evolved kind of gradually, to this big leap we have ahead of us, and IT is going to have to become aware that IIOT is a fundamentally different problem and challenge to solve, and that's going to require new thinking, new purpose built, like Gabe said, approaches, anything like the traditional firewall segmentation is just not going to address what we talked about, the scale issues, the resilience right? So, some of these devices, you don't want them off for one or two percent of the time. And the implications are that it's much more serious. So I think that, you know, more types of attacks are inevitable, and they're going to be even more catastrophic, and we're all aware that NotPetya and WannaCry raised a lot of eyebrows just for how quick it spread and the damage it caused. And we've just seen VxWorks vulnerabilities being announced. We need to prepare now. >> Malware and worms are still popular, it's a problem. Well guys, thanks so much for spending the time on this panel, I'll give you the final word here, share what you think is going to happen over the next 24 months, 12 months, is it going to take catastrophic failure, what's going to happen in your mind, what's going to end up being the trajectory over the next, you know say year. >> Well, unfortunately, sometimes it might take a catastrophic event to get things moving, hopefully not, but I think there's growing recognition as IIOT is growing, that they need new ways to secure this movement of data between OT and IT, and in order to facilitate that securing of data, you're going to have to have that OT and IT convergence occur, because the risk, as you sort of eluded to earlier John, we hear in the headlines about massive data breaches and all this data that's stolen. But the risk in IIOT is not only the exfiltration of the data, the risk is that the attacker has the capacity to take over the infrastructure. And if that happens in a hospital, if it happens with a water treatment facility or government type of defense installation, the outcomes can be disastrous. So the first thing that has to happen is OT IT convergence. Second, they have to start thinking strategically from a standpoint that they have already been breached, and so that changes their viewpoint about the technologies that they have to deploy, and where they have to move to to efficiently get to what I call the iddies, and that's the- you still need the availability, you've got to have visibility into this traffic, you need reliability of this network, obviously it's got to be at scale, it's got to be manageable, and you need security. >> Well, we'd like to have you on again Gabe, because we've talked about this from a national security perspective, not only the hackers potentially risking the business risk there, there's a national security overlay because you know, if the government's attacking our businesses, that's like showing up on the shores of our country, its the government's job to protect the freedom's and safety of the citizens, that includes companies. So why are companies defending themselves with all this capability, what's the role of government in all of this, that's a very important, I think a longer conversation. So, let's pick that one up, a separate one, my favorite topic these days. Critical infrastructure even if it's just business it's the grid, it's the plants that run our country. >> And John, what I'd like to add to that is, I was talking to a friend of mine who's a CIO down here in California yesterday, and we were talking about the ransomware right, that was taking down all these cities. And you know, he goes well the difference between what you guys are talking about and that, is that you can back up your IT systems, right, into the cloud, and that's a growing business to kind of protect and then replicate game over, and he goes, can you back up a hospital? Can you back up a manufacturing plant? Can you back up a fleet of ships? You know, can you back up a control center? Not really, when you lose physical control, it's game over. And people, I think that really needs to sink in. And that was, I think in Gabe's paper when I first read it, that's what really struck me about it, this is a different ballgame. >> Well, I mean, there's many points, there's the technical point there, and there's also the societal point of- you imagine things being taken over by hackers that physically can harm people, and that's again the societal side, technically the incompatible architecture's coming home to roost now, because there's the problem right there, that's the collision that's happened I think, and a lot of education needs to happen fast, Gabe, thanks for writing that paper critical infrastructure against cyber and securing it, Bryan thanks for coming on appreciate it, you want to say, get the final word Bryan, go ahead. Your thoughts, next 12 months. >> I think that if our future, it depends on OT and IT coming together and a lot of education, a lot of change, I don't think we're going to get there, I think that what's going to happen in the next 24 months is that you know, there are lots of innovative schemes and companies and people, working on this and what we need to do is lay down infrastructure that allows OT and IT to keep operating, and not have to do a forklift upgrade and everything that they do, their processes or teach the things how to protect themselves, and again I'm going to go back to air gaps in network, make a logical air gap, if you imagine driverless cars driving around they're not going to, imagine them sharing the same network that we're using to use Snapchat and look at cities and you know, sitting on the internet and looking at Facebook. We're not going to want that. So we need to try and figure out a way to separate the location of the thing from the identity, create policies in terms of the identity, manage that a new layer, and do it in such a way that doesn't change IT. To me that's the key, 'cause I- we've said it here, IT's doesn't move that fast, they can't. It's not a matter of willpower, it's a matter of momentum and intertia. >> Well, I think the forcing function on this is going to be catastrophic event, the subtitle of this panel, apocalypse now or later. And in my opinion, Greg's been, you know, on this JetEye department of defense story. I believe this is one of the most important stories in the technology industry in a long long time, it really highlights the confluence and convergence of two differently designed infrastructure technologies, that have to in a very short time, be re-platformed at high speed, in a very fast short time frame, because the stakes are so high. So guys, thanks so much for spending the time here on this power panel, IIOT, industrial IOT and cyber security apocalypse now or later, something's going to have to happen, it has to happen fast. Gabe, Bryan, Greg thanks for taking the time. This is a cube conversation here in Palo Alto power panel, I'm John Furrier, thanks for watching. (upbeat music)

(funky music) >> From our studios in the heart of Silicon Valley, Palo Alto, California. This is a CUBE conversation. >> Welcome back everybody, Jeff Frick here with the CUBE. We're in our Palo Alto studios havin' a CUBE conversation, but for a little bit of something different. Instead of having our guest here locally in Palo Alto we've got him all the way across the country, across the pond, all the way over to Holland, and he's in Utrecht, and we're happy to welcome Erik Klein. He is the infrastructure architect for FrieslandCampina. Erik thanks for joining us today. >> Thank you for having me. >> Absolutely, so before we get started, a little background on FrieslandCampina for people that aren't familiar with the company. >> FrieslandCampina is a co-operative company owned by farmers, predominantly in the Netherlands, Belgium and Germany. It's a international company. We have about 34 countries with, we have, at our sales offices, our plans in there, we are one of the biggest dairy companies in the world, and love to be there. It's a very good company to work for. >> It's amazing, I was doing a little research, I mean the scale is amazing. You guys, you operate in 100 countries, exporting. You've got offices in 34 countries. I think it said of 23,000 plus employees. It's quite a big operation. >> Yup. >> So, >> A big operation doing about 10 billion liters, or kilograms, of milk a year. >> Great, so, it's a dairy, we're here talking about digital transformation; it's always fascinating to me, kind of, the reach of digital transformation in everybody's company. Everyone says everyone's really a software company, you know, kind of built around a different product or service. So what were some of the challenges that you were looking towards in 2018-2019 in terms of digital transformation in this mature industry of dairy? >> The challenges that we're having is that you have to make sure that everything is safe. The products are safe, but also the data is safe. But also that we have a lot of things move through the Cloud, and also that the performance of those applications moves through the Cloud, is to the end user's satisfaction as well. So you're not looking only at transferring data safely from the Cloud into our offices, into our production environment, also protecting our production environments from everything that's going bad on the Internet, but also having to make sure that the applications are performing to the liking of the end user, so to speak, to our customer and our consumers. >> And was the objective to build new applications in the Cloud, or was it more kind of lift-and-shift some of your older applications in the Cloud? Because those are two very different challenges. >> Yeah, it's a lift-and-shift of our older applications. For example we're now in the middle of moving our SAP environment to the Cloud, at least the development test and user environments are moved to the Cloud. The other ones remain still within a traditional data center environment, and we have moved all of our Office 365, so that's Skype for Business, SharePoint, but all the other applications to the Cloud as well. >> Ha ha. >> And there we have all this additional transformation, the challenges that really comes back to the end user. >> Those are huge applications; SAP and Office 365. Those are not insignificant >> Yup. >> applications at all. So what were some of the challenges, I'm sure we have a lot of your peers watching this. What is some of the tips and tricks that you can share with them? Big challenges that you had to overcome? Things you thought about, maybe some things that you didn't think about in that transformation? >> If you look at the SAP landscape, it's the sheer amount of interfaces between the different components of SAP. That's was something that made us decide not to move SAP to the Cloud, not the production environment and the systems Environment. That was too big of an impact. That would take too long to do and we don't have that time. If you look at Office 365, the fact that Microsoft is very averse in having anything in the middle, that brought us some real challenges. And and we did that already in 2014-2015 and we had our fair share of all fun and games. >> Ha ha ha, so what was different about it then than today? I mean obviously the Cloud has moved quite a bit. I don't know if you can mention which Cloud you put it in? >>Yeah correct, the fact that Zscaler now, does the updating, and all the changes within the Microsoft environment. So you don't have to do it yourself. You don't have to constantly monitor the ARS feeds from Microsoft, do all the changes yourself. Now it's all done by Zscaler, all the SSL bypass, the authentication bypass has been set correctly. So when that came on board that made our life a lot easier. >> Wow. >> The first part of the migration that we did in in Europe, especially in the bigger locations like Amersfoort, which has our headquarters, we really had our challenges to keep the end user satisfied. >> So just, again, kind of the scale of the end users. You mentioned that a couple of times. Is this in support of all the 23,000 people that are employed at FrieslandCampina? Is it a subset, or is it remote workers? How are you, kind of, allocating this effort? >> It is indeed all users, except for the factory workers. We don't allow people that work in production direct access to the internet. So those people are not as much excluded, but they have special PCs where they work on. So you're looking currently at about 15,000 people that are working with Office 365 directly on a day-to-day basis within FrieslandCampina. >> Wow, so the other thing you've talked about repeatedly is not only satisfaction with the users who are interfacing with the systems, but security. So what were some of the >> Yup. >> security considerations that you considered? How did you, kind of, bake security into your process? And, as we hear all the time as we go to different shows, including security shows, you know, it's not a bolt-on anymore; you have to be thinking security throughout the whole pipeline of the process. So how did you think about it? How did you attack it? How did you solve some of those problems? >> We started thinking about it already in 2012. We had, at that time within FrieslandCampina, a program specifically driven out of the LT environment, so the operational technology, so the production IT, so to speak, and they come up with an architecture based on the ISO 9599 norm, and we took that on board as IT and continued to work on that. So from 2014 we already had in our plans, the architecture to separate the various layers of the ISO 9599 framework into security zones, and we're constantly building on that one. We're refining it, we're improving it. >> Another question on security, really, and kind of the network architecture. Did you have to re-do anything within your network architecture to make this move to the Cloud possible? How did you address the network? >> It was a completely redesigned. It was a complete redesign. In the, previous to that, we just had IT, and we had one or two firewalls on-site that connects to a certain part of OT, and that was it. And now we have an architecture where we can integrate all different flavors of OT. There's no need for OT to have their own internet connections for maintenance, for support, et cetera. It's all integrated and secure. We made, and the reason for that is that you can't, in this day and age, have an island structure. Everything needs to be integrated. Everything needs to talk to each other, et cetera. >>  So Erik, this interview is sponsored by Zscaler. You're a customer of theirs. I'm just curious if you can talk a little bit about how, you know, their offering enabled you to do stuff that maybe you couldn't do before. How did you get involved with them? How are they working with them throughout this project? And how has that really been an enabler for your, you know, your move to the Cloud? >> In 2013-2014 there was a request from the business, a very strong drive from the business, that looked into breakouts, specifically to get localized contact, driven out of the, how do say that, marketing department. And then we looked at, okay, how can we enable that without creating firewalls on every location we're having, making it very expensive, etcetera. And at that time our provider, Verizon, came up, let's do a Cloud security with Verizon, with Zscaler, and do a proof of concept, and build on that one. So that worked. That gave us more regularity, if the people in the countries that needed localized content got the localized content, speeding up the application for the specific countries, so no happening from Tokyo, Japan, back to Singapore, back to websites in Japan. So that helps a lot, but like I said it was early days so we had our challenges in getting that working, getting it secure, getting the traffic to the correct Zscaler node, and so on. So we did make, from the initial set-up of this network, a number of iterations to come to where we are today. >> Great. >> So it's not one decision and then it works. No, it's a decision, see what has worked, which challenge you're getting, and then take it to the next level. >> Right. >> If we do the same thing with Zscaler as they're offering today it will be a lot quicker. We will have a number of those challenges that we had at that time, we will not have today. >> So as you look forward, what's kind of next. As you mentioned this isn't a one-stop shop. This is an ongoing process. What are, kind of, your next priorities, you know, over the next six months or so as you guys continue on this journey? >> To another data center, so not to the Cloud but to a different data center, so that's a big, really a big program. The other thing we're looking at is how can we improve remote access, provide extra benefits as part. We also look at the ZPA product of Zscaler. We're doing a proof of concept, probably in the second half of this year. So, but on the other side, this year, 2019, FrieslandCampina is a, how do you say that in proper English, stop and look back and see what's really important, what we need to go forward. So it's not going crazy on all different kind of projects. It is, okay, what will actually contribute to the profitability of FrieslandCampina going forward. >> I think that's a really great close. I know it's late in Utrecht. I appreciate you taking some time out of your evening, and I was going to ask you the last question, you know, what advice would you have for your peers, for other practitioners that are looking at this, and, you know, either in the process or planning out their journey, but I think you hit on a big one right there which is really focus on the things that matter, focus on the things that really make a difference, and just don't start doing science experiments all over the place because you can, or it's fun, or it's interesting. >> Well, what my worries are for the future, and what, not keeps me awake at night, but that that's too much, is the bad that's going around in this world is getting stronger. They have more resources than we, as a company, has to defend for us against, and the acute challenge would be, is identifying what is your traffic that is good flowing in your network. Because if you're knowing what is good everything that's not defined as being good can be immediately defined as being bad. In that case you'll have a better position in preventing yourself against everything that's going wrong, like WannaCry. If you know that WannaCry is using a well known port used all over the place in FrieslandCampina. But if you then see that same port being used to communicate between servers that never communicated before, or to workstations to servers that never communicated before, then you say, okay, stop that one immediately, because that's not good. >> Right. >> And at that moment our biggest challenge is identifying what is the traffic that's good within our network. >> Well that's a great tip, you know, that's great. You know what the positives are, and if it doesn't make the the green list then shut 'er down and (chuckling) find out what's going on. >> Correct. >> All right. >> Correct. And the reason why we identified WannaCry is that somebody, for some reason, identified Hey this server never talked with that device: Why? >> Yeah, we're hearing that, >> And because, all. >> because with IOT you have to do that, right? >> You have to do that. >> 'Cause everything's IP connected, right? Whether it's the shades and the HVAC system all the way down to all your manufacturing processes, distribution processes, >> Correct. >> IT systems. >> Correct, correct. Our big advantage was that the call back to the command and control servers was already blocked by Zscaler so it didn't hurt us that much. >> Yeah, well good, we got to keep the cows safe, keep the milk safe, and the, >> Yeah, absolutely. >> what did you say, the 10 billion gallons of milk that you guys kick out a year, or something like that? >> Yep. >> It's amazing, ha ha. >> It's amazing. >> All right Erik, well thanks for sharing your story. Good luck on your future transformations, and good luck next week; thanks for stopping by. >> Thank you very much. >> All right. >> All right. >> All right, he's Erik, I'm Jeff, you're watching the CUBE. We're in our Palo Alto studios and Utrecht, Holland. Thanks for watching, we'll see you next time. (funky music)

(funky music) >> From our studios in the heart of Silicon Valley, Palo Alto, California. This is a CUBE conversation. >> Welcome back everybody, Jeff Frick here with the CUBE. We're in our Palo Alto studios havin' a CUBE conversation, but for a little bit of something different. Instead of having our guest here locally in Palo Alto we've got him all the way across the country, across the pond, all the way over to Holland, and he's in Utrecht, and we're happy to welcome Erik Klein. He is the infrastructure architect for FrieslandCampina. Eric thanks for joining us today. >> Thank you for having me. >> Absolutely, so before we get started, a little background on FrieslandCampina for people that aren't familiar with the company. >> FrieslandCampina is a co-operative company owned by farmers, predominantly in the Netherlands, Belgium and Germany. It's a international company. We have about 34 countries with, we have, at our sales offices, our plans in there, we are one of the biggest dairy companies in the world, and love to be there. It's a very good company to work for. >> It's amazing, I was doing a little research, I mean the scale is amazing. You guys, you operate in 100 countries, exporting. You've got offices in 34 countries. I think it said of 23,000 plus employees. It's quite a big operation. >> Yup. >> So, >> A big operation doing about 10 billion liters, or kilograms, of milk a year. >> Great, so, it's a dairy, we're here talking about digital transformation; it's always fascinating to me, kind of, the reach of digital transformation in everybody's company. Everyone says everyone's really a software company, you know, kind of built around a different product or service. So what were some of the challenges that you were looking towards in 2018-2019 in terms of digital transformation in this mature industry of dairy? >> The challenges that we're having is that you have to make sure that everything is safe. The products are safe, but also the data is safe. But also that we have a lot of things move through the Cloud, and also that the performance of those applications moves through the Cloud, is to the end user's satisfaction as well. So you're not looking only at transferring data safely from the Cloud into our offices, into our production environment, also protecting our production environments from everything that's going bad on the Internet, but also having to make sure that the applications are performing to the liking of the end user, so to speak, to our customer and our consumers. >> And was the objective to build new applications in the Cloud, or was it more kind of lift-and-shift some of your older applications in the Cloud? Because those are two very different challenges. >> Yeah, it's a lift-and-shift of our older applications. For example we're now in the middle of moving our SAP environment to the Cloud, at least the development test and user environments are moved to the Cloud. The other ones remain still within a traditional data center environment, and we have moved all of our Office 365, so that's Skype for Business, SharePoint, but all the other applications to the Cloud as well. >> Ha ha. >> And there we have all this additional transformation, the challenges that really comes back to the end user. >> Those are huge applications; SAP and Office 365. Those are not insignificant >> Yup. >> applications at all. So what were some of the challenges, I'm sure we have a lot of your peers watching this. What is some of the tips and tricks that you can share with them? Big challenges that you had to overcome? Things you thought about, maybe some things that you didn't think about in that transformation? >> If you look at the SAP landscape, it's the sheer amount of interfaces between the different components of SAP. That's was something that made us decide not to move SAP to the Cloud, not the production environment and the systems Environment. That was too big of an impact. That would take too long to do and we don't have that time. If you look at Office 365, the fact that Microsoft is very adverse in having anything in the middle, that brought us some real challenges. And and we did that already in 2014-2015 and we had our fair share of all fun and games. >> Ha ha ha, so what was different about it then than today? I mean obviously the Cloud has moved quite a bit. I don't know if you can mention which Cloud you put it in? >> Yeah correct, the fact that Zscaling now, does the updating, and all the changes within the Microsoft environment. So you don't have to do it yourself. You don't have to constantly monitor the ARS feeds from Microsoft, do all the changes yourself. Now it's all done by Zscaler, all the SSL bypass, the authentication bypass has been set correctly. So when that came on board that made our life a lot easier. >> Wow. >> The first part of the migration that we did in in Europe, especially in the bigger locations like Amersfoort, which has our headquarters, we really had our challenges to keep the end user satisfied. >> So just, again, kind of the scale of the end users. You mentioned that a couple of times. Is this in support of all the 23,000 people that are employed at FrieslandCampina? Is it a subset, or is it remote workers? How are you, kind of, allocating this effort? >> It is indeed all users, except for the factory workers. We don't allow people that work in production direct access to the internet. So those people are not as much excluded, but they have special PCs where they work on. So you're looking currently at about 15,000 people that are working with Office 365 directly on a day-to-day basis within FrieslandCampina. >> Wow, so the other thing you've talked about repeatedly is not only satisfaction with the users who are interfacing with the systems, but security. So what were some of the >> Yup. >> security considerations that you considered? How did you, kind of, bake security into your process? And, as we hear all the time as we go to different shows, including security shows, you know, it's not a bolt-on anymore; you have to be thinking security throughout the whole pipeline of the process. So how did you think about it? How did you attack it? How did you solve some of those problems? >> We started thinking about it already in 2012. We had, at that time within FrieslandCampina, a program specifically driven out of the LT environment, so the operational technology, so the production IT, so to speak, and they come up with an architecture based on the ISO 9599 norm, and we took that on board as IT and continued to work on that. So from 2014 we already had in our plans, the architecture to separate the various layers of the ISO 9599 framework into security zones, and we're constantly building on that one. We're refining it, we're improving it. >> Another question on security, really, and kind of the network architecture. Did you have to re-do anything within your network architecture to make this move to the Cloud possible? How did you address the network? >> It was a completely redesigned. It was a complete redesign. In the, previous to that, we just had IT, and we had one or two firewalls on-site that connects to a certain part of OT, and that was it. And now we have an architecture where we can integrate all different flavors of OT. There's no need for OT to have their own internet connections for maintenance, for support, et cetera. It's all integrated and secure. We made, and the reason for that is that you can't, in this day and age, have an island structure. Everything needs to be integrated. Everything needs to talk to each other, et cetera. >> So Erik, this interview is sponsored Zscaler. You're a customer of theirs. I'm just curious if you can talk a little bit about how, you know, their offering enabled you to do stuff that maybe you couldn't do before. How did you get involved with them? How are they working with them throughout this project? And how has that really been an enabler for your, you know, your move to the Cloud? >> In 2013-2014 there was a request from the business, a very strong drive from the business, that looked into breakouts, specifically to get localized contact, driven out of the, how do say that, marketing department. And then we looked at, okay, how can we enable that without creating firewalls on every location we're having, making it very expensive, et cetera. And at that time our provider, Verizon, came up, let's do a Cloud security with Verizon, with Zscaler, and do a proof of concept, and build on that one. So that worked. That gave us more regularity, if the people in the countries that needed localized content got the localized content, speeding up the application for the specific countries, so no happening from Tokyo, Japan, back to Singapore, back to websites in Japan. So that helps a lot, but like I said it was early days so we had our challenges in getting that working, getting it secure, getting the traffic to the correct Zscaler node, and so on. So we did make, from the initial set-up of this network, a number of iterations to come to where we are today. >> Great. >> So it's not one decision and then it works. No, it's a decision, see what has worked, which challenge you're getting, and then take it to the next level. >> Right. >> If we do the same thing with Zscaler as they're offering today it will be a lot quicker. We will have a number of those challenges that we had at that time, we will not have today. >> So as you look forward, what's kind of next. As you mentioned this isn't a one-stop shop. This is an ongoing process. What are, kind of, your next priorities, you know, over the next six months or so as you guys continue on this journey? >> To another data center, so not to the Cloud but to a different data center, so that's a big, really a big program. The other thing we're looking at is how can we improve remote access, provide extra benefits as part. We also look at the CPA product of Zscaler. We're doing a proof of concept, probably in the second half of this year. So, but on the other side, this year, 2019, FrieslandCampina is a, how do you say that in proper English, stop and look back and see what's really important, what we need to go forward. So it's not going crazy on all different kind of projects. It is, okay, what will actually contribute to the profitability of FrieslandCampina going forward. >> I think that's a really great close. I know it's late in Utrecht. I appreciate you taking some time out of your evening, and I was going to ask you the last question, you know, what advice would you have for your peers, for other practitioners that are looking at this, and, you know, either in the process or planning out their journey, but I think you hit on a big one right there which is really focus on the things that matter, focus on the things that really make a difference, and just don't start doing science experiments all over the place because you can, or it's fun, or it's interesting. >> Well, what my worries are for the future, and what, not keeps me awake at night, but that that's too much, is the bad that's going around in this world is getting stronger. They have more resources than we, as a company, has to defend for us against, and the acute challenge would be, is identifying what is your traffic that is good flowing in your network. Because if you're knowing what is good everything that's not defined as being good can be immediately defined as being bad. In that case you'll have a better position in preventing yourself against everything that's going wrong, like WannaCry. If you know that WannaCry is using a well known port used all over the place in FrieslandCampina. But if you then see that same port being used to communicate between servers that never communicated before, or to workstations to servers that never communicated before, then you say, okay, stop that one immediately, because that's not good. >> Right. >> And at that moment our biggest challenge is identifying what is the traffic that's good within our network. >> Well that's a great tip, you know, that's great. You know what the positives are, and if it doesn't make the the green list then shut 'er down and (chuckling) find out what's going on. >> Correct. >> All right. >> Correct. And the reason why we identified WannaCry is that somebody, for some reason, identified Hey this server never talked with that device: Why? >> Yeah, we're hearing that, >> And because, all. >> because with IOT you have to do that, right? >> You have to do that. >> 'Cause everything's IP connected, right? Whether it's the shades and the HVAC system all the way down to all your manufacturing processes, distribution processes, >> Correct. >> IT systems. >> Correct, correct. Our big advantage was that the call back to the command and control servers was already blocked by Zscaler so it didn't hurt us that much. >> Yeah, well good, we got to keep the cows safe, keep the milk safe, and the, >> Yeah, absolutely. >> what did you say, the 10 billion gallons of milk that you guys kick out a year, or something like that? >> Yep. >> It's amazing, ha ha. >> It's amazing. >> All right Erik, well thanks for sharing your story. Good luck on your future transformations, and good luck next week; thanks for stopping by. >> Thank you very much. >> All right. >> All right. >> All right, he's Erik, I'm Jeff, you're watching the CUBE. We're in our Palo Alto studios and Utrecht, Holland. Thanks for watching, we'll see you next time. (funky music)

>> Live from San Francisco, it's theCUBE, covering RSA Conference 2019. Brought to you by Forescout. >> Hey, welcome back everybody, Jeff Frick here with theCUBE, we're at the RSA Conference in downtown San Francisco, it's crazy, 40,000 plus people, we'll get the number later today. We're in the Forescout booth for our first time, we're really excited to be here, and, you know, part of the whole Forescout story is the convergence of IT and OT, operations technology, and those things are coming together, which is such a critical piece of smart things, and smart cities, and smart cars. We're excited to have our next guest, Elisa Costante, on. She is the OT technology and innovation lead at Forescout. Elisa, great to see you. >> Great to see you, thank for having me. >> Absolutely. So you've got a PhD in this space, you picked a field that is pretty hot, so as you think back and look at the convergence of OT and IT, what are some of the top-level things that people are thinking about, but what are some of the top-level things that they're just missing? >> Well, when you speak about OT, typically you refer to critical infrastructure and the technology that operates things. So it's cyber-physical systems, right? And when you think of IT, you think about computer and you think about the web, and you're like, okay, when the two things meet? And then you put in the recipe, you put something like an IoT device, like an IP camera, or a sensor for the number of people in a room. Now these whole things are coming together. And they're coming together because they come with a lot of interesting use cases. You can have all the data and information to configure, for instance, your building, to be as smart as possible, and to have. >> They need smart wheels on that cart, my goodness. >> Of course. And you have a clear picture of how much energy you consume and then you can basically have the energy that is cheaper, because it just arrives in the moment that you need it. Now all of these things are IT and OT convergence. And all of these things make our cities and our world smarter today. >> Right, now one of the interesting things I saw in a talk getting ready for this is, you talked about, there's always been a lot of OT systems, they've been around for a while, >> Yeah. >> But they've always been siloed, you know, they haven't been connected to other OT systems and much less being connected to IT systems. >> Yeah >> So they weren't architected for that from the first point of view. So how does that get implemented? Are they re-architecting 'em? Are you guys overlaying a different kind of control plane? How do you take these siloed applications around, say, elevator operation, and then integrate it in with all these other things? >> So what happens is that those systems are legacy systems. That's why. There are like, 60% of the modern buildings, of the buildings today, they have, they are controlled and managed by system that are 20 years old. So what does it mean? That you make an investment and you don't want to change that investment. You are not going to renew all the backbones of your buildings, or of your manufacturing and operation factories. So what do you do on top of these legacy system that have been developed without security in mind, you put the IT systems, to monitor, to control, to have remote access and remote control. And this is where, like, things can go wrong, because if this is not done properly, and by having in mind, for instance, the threat landscape, that's where you will have the controller for your HVAC exposed to the internet, and can pull down all the air conditioning in a hospital, for instance. And that's why WannaCry can come and heat and put down tons and tons of hospitals. >> Right. It's pretty interesting, you know, I think it's a pretty common concept in security for people that you should only have access, you know, to the information you need around a particular project or particular dataset. But you talked about, in some of your other talks that I saw, about a lot of these devices come out of the box with all kinds of capabilities, right? 'Cause they're built for kind of the Nth degree, the maximum use, but there may be a whole bunch of stuff that's turned on out of the box that you probably need to turn off. >> Yeah, that's actually super interesting. If you look at IP cameras, now IP cameras, they should do one thing, record stuff that they see on the screen. But actually they come with a bunch of protocols indeed, like FTPs, Samba protocols, SSDP, that announce the camera on the network, and reveal a lot of information about those camera on the network that if RPCed by an attacker or by someone with not-good intentions, might actually be leveraged to turn the camera against the owner of the camera itself. >> Right, right. And do weird things that the camera should not. And that's really part of what the Forescout solution is, is making sure that the devices are profiled and acting in the way that they're supposed to act. And not doing stuff that they shouldn't be doing. >> Yeah, Forescout is a leader in device visibility. So what we do is we enter into a network, and we give full visibility of all the IP devices that are there, and that's most of the times is a wow effect, like, the asset owner has no ideas that they had a camera that was directly connected to the internet. Or they'd have a thermostat that communicates with the servers. So all of these things, we bring basically light on the dark sides of the network. >> Right. So excited to talk to you 'cause I think the smart cities and smart buildings is such an interesting concept and going to be so important as we get denser populations and smaller areas that connected to transportation. I wonder if you could share some examples that you see out in the field where the ROI on putting these things in, the good part, is way higher than maybe people expect. That because you're combining, you know, a one plus one equals three kind of an opportunity. >> Right, so actually, one example of a very useful and smart use case is, is happening in Amsterdam right now. The Bijlmer Arena, is basically all the walls are made of solar panels, which means it gets the energy and is able to basically self-sustain the arena. The arena is one of the biggest stadiums in the Netherlands. >> Ajax plays there probably? >> Exactly. >> Alright. >> Now what they do if they have collected more energy than they are able to consume, they provide that same energy to the neighbors. Which means that you have basically a small ecosystem that thanks to the collection of data, knowing what neighbor needs how much light and energy in a certain time, you can actually even improve sustainability and going green initiatives. >> I love the innovation that comes out of the Netherlands. We interviewed a company a long time ago, and they were basically doing segmented data centers, where you would have a piece of the data center in your house and they were selling it as free heating. And I'm like, is it free heating, or is it distributed data center? But I mean, the creativity is terrific. So as you look forward, you know, what are you excited about in 2019? What are some of your top initiatives that you're working on? >> So we are working on a lot of IT and OT convergence, and especially on the IoT part. So we are looking at all those tiny devices that you would not expect to be on your network, and what they can do, and how these old systems that have been conceived to be standalone are now starting to communicate, and what kind of threats this communication can bring, and what we can do to actually defend our customers from the threats that can be arised. >> Going to be a good year. Excited to watch the developments unfold. >> Yeah, thanks. >> All right Elisa, thanks for taking a few minutes of your day, I know you said you had early meetings, you're calling Europe, calling all over the world, so thanks for taking a few. >> Thank you for having me. >> All right, she's Elisa, I'm Jeff, you're watching theCUBE. We're at RSA Conference, RSAC is the hashtag, in the Forescout booth. I'm Jeff Frick, thanks for watching. >> Thank you. (upbeat music)

(vibrant music) >> Hi, I'm Peter Burris, welcome once again to another CUBE Conversation from our Palo Alto studios. Recently, we had FortiGaurd Labs here on theCUBE talking about a regular report that they do on the state of the security industry. And once again, we've got Anthony Giandomenico. >> Yeah, good. >> Here to talk about the most recent, the Q1 update. First of all, tell us a little bit about FortiGaurd labs, where's this come from? >> So FortiGaurd Labs actually is the threat intelligence organization of Fortinet, so what we do, is we keep track of the tactics, techniques, and procedures of the adversary. And make sure that we have detection methodologies to be able to stop all those tactics, techniques, and procedures. >> Peter: So you're the ones that are collecting the data that's right from the ground to help everybody keep up to date on where the threat's are likely to be, set priorities. So that's what this report does, right? >> Absolutely, it's something we do on a quarterly basis, and it's really, you know, we're looking at billions of events that we're observing in real time, you know, production environments, and what we're trying to do is identify the top application exploits, malware, and botnets, and what we want to be able to do is find different types of trends that then can be able to translate into helping organizations fortify their environments. >> Peter: Alright, so here, this is the Q1, 2018, people can get access to it. >> Anthony: Yeah. >> What's the top line change? >> Anthony: Yeah, well at a high level, I think, you know, one the actual cyber criminals, they're evolving, their attack methodologies to be able to increase their, you know, success rate as well as being able to increase their infection rate. So that's one thing, you know, the other thing, obviously we always have to talk about ransomware. That, you know, seems to be a very hot threat these days for cyber criminals to make money. Now, that threat isn't going away. We did see a slight decrease though, where the adversaries were more interested in hijacking, you know, systems to be able to mine for crypto currencies as opposed to taking that machine hostage and demanding a ransome. >> Peter: Really? >> Anthony: Yeah, believe it or not. >> I'm a little bit, I mean ransomware just seems like it would have so much potential, and crypto currencies are, well they're interesting. Tell us a little bit about why that's happening. >> What seems to be the indicators? >> Yeah, well, you know, like I said, ransomware isn't going away, I think they're going to continue to use that to make money. But from a crypto jacking, you know, perspective, we did see the uptake last year in our Q4 report. It was about 13 percent of the organizations actually reported some type of crypto jacking attack. Fast forward to this report, and it nearly doubled. Actually, over doubled to, you know 28 percent, so that's about one in four organizations that are actually impacted with this particular threat. Now, what I think is interesting about this particular threat, is the way it evolves, right. 'Cause it's so new, it's always looking back at, its other successful, you know, predecessors to be able to determine how can I be more stealthy, and how can I get my, you know, malware, or my, you know, payload out to all the different sort of systems. So, you know, an example of that is phallus malware. Phallus malware is very stealthy. It's starting to use phallus malware techniques, it'll use scripts to inject their actual payload into memory, nothing on disc, so it makes it a lot more difficult to be able to detect. Now, how do I get my payload out to all the other, you know, workstations? Well, it takes a one two punch combination that, you know, Petya used last year. It's leveraging, um, there's this open source technology called, you know, minicats, steals different types of credentials and does something called pass the hash. Passes the hash credential out to those other systems, and then it gains access. That way it can actually pass the actual malware from system to system. If that fails, and then goes back to identifying different vulnerabilities that it could then exploit. One vulnerability it does looks for is eternal blue, which was a vulnerability that was so graciously given to us from shadow brokers. So those are the ways they're starting to be more effective and be more stealthy, and also being able to propagate a lot faster. >> Peter: And crypto currency obviously is one of the more extreme things because you take over the computer resources without necessarily stealing any data. You're just grabbing computer resources. >> Anthony: Yeah, what's interesting, I don't want to actually kind of go off topic here, but that' another conversation. Is crypto jacking actually a threat or not? Right, 'cause all it's really doing is stealing, you know, CPU resources, so, you know, so people say. So that's a whole 'nother discussion to actually get into is, is it actually really a threat or not? >> Well, you're able to get access to a computer, presumably you're able to get access not just for that purpose, but many others. >> Exactly. >> So that's probably an indication, you may have a problem. >> Yes, yes. >> Let's talk about ransomware. You said ransomware's not going away. Ransomware, most folks are familiar with it. What is it, what's the report suggest? >> You know Peter, did you realize that this month is the one year anniversary of WannaCry? Don't know if you remember that or not, but, you know, WannaCry was very infamous for, not necessarily the payload, but by the way that it actually was able to spread so fast and affect so many different machines. Now, that spreading, that worm-like spreading, kind of capability still exists here, you know. Today, you see a lot of different sort of threats using that, but what seems to be a bit different now is the combination of that ransomware payload along with more targeted attacks. >> Mm-hmm >> So, usually in a ransomware type of attack, you do some type of spammy campaign. You spam out that email, you know, and see what sticks. Well, these are more, a lot more targeted, so they're going to spend a lot more time doing, you know, reconnaissance on an organization and being able to find different vulnerabilities on the outside of the network. Once they actually come in, very methodical at how they're able to laterally move and put their actual malware on systems that they actually think, you know, well you know, however many systems they think they should actually have that particular malware on. Now, at this point, they hadn't actually executed you know, the actual payloads. So they have it on as many systems as possible, and once their ready (fingers snap). They flip the switch, and all those systems now are held hostage. That impact is much greater to the business. >> Peter: Now, when we think about the attacks, we think in terms of computing devices, whether it's a mobile device or PC device, or servers or what not, but are we seeing any changes in how people are attacking other computing resources within a network, hitting routers and other to try to drive more control over somebody's network resources? >> Well, I mean, we definitely see exploits that are actually hitting, you know, mobile devices, their hitting routers, um, a lot of IOT as well, but also web technology because, you know, web technology, there's so much external facing websites these days, you know, they're much easier targets. So we are seeing that. I would mention also that, it's up seven percent to 21 percent of organizations have actually reported mobile malware as well. >> And that is a especially difficult thing because your mobile applications are not just associated with a particular business, but other businesses as well. So you are both an employee and a consumer, and if your mobile applications get hit, that can have enormous ramifications on a number of different levels. >> Anthony: Yeah, absolutely, and I think sometimes, you know, in an organization where an actual consumer will have a phone, and they won't necessarily think it's the same as their workstation. So, it's like, oh, well not that much can happen on my mobile phone, right, not the same as on my workstation, but actually, it could be even worse. >> Peter: Yes, so if you think about some of the things that are on the horizon, you mention that we're seeing a greater utilization of different techniques to make money in some of the new domains, like jacking, uh, crypto jacking. >> Mm-hmm. >> Uh, there's still ransomware, still an issue, as folks go back and identify these different malware, these different security breaches, what are they doing to actually clean things up? Are we seeing folks actually cleaning up, or is there still just like, whack-a-mole, whacking things out, andt worrying about whether they go back and clean things up later? >> Anthony: Well, to basically answer your question, they are starting to actually kind of clean up, but, you know wait 'til you hear this, so what we try to do here, in this quarterly report, is we wanted to measure how quickly they were able to clean up that, you know, that particular threat. And what we found out, you know, we used botnet alerts. And we wanted to see how fast those botnet alerts actually got cleaned up. So what we were able to determine is 58 percent of all organizations, within 24 hours, were able to clean up that particular botnet infection. Which is actually pretty good. But, that 42 percent, it took them either two days or longer, you know, to be able to get that actual threat out. Actually, sometimes the threat really never even, you know, actually went away. Great example of that, is actually the Andromeda botnet. It's a threat that was brought down last year, but even though it's not there anymore, the infections on the workstations are still there, so we're still kind of getting those actual hits on that Andromeda botnet, and that actual threat >> for Q1, was one of the highest in prevalence and volume. >> Even if it wasn't necessarily doing damage, because we'd figured out how to deal with it, >> Right. >> but if it's there, somebody might find a way to use it again in the future. >> Absolutely, absolutely. >> So as we think about the next quarter, you doing this on every quarter, are there any particular areas that you think folks have to, they need to anticipate some of these changes, more of the same, different trends, or what about OT for example, as operational technology becomes increasingly part of that common technology fabric, how is that likely to be affected by some of these different attach types? >> In answer of your first question, I think we'll probably see a lot more of the same. And I think what we'll continue to see, you know there's this whole zero day market, I think it's getting more and more mature, meaning that we're going to see more and more vulnerabilities that are actually kind of zero day that have just been discovered or just been announced, and I think we're going to continue to see the adversaries take advantage of those newly discovered zero day vulnerabilities. You know, they'll take those actual, those exploits, you know, put 'em into their attack methodologies, to propagate faster and faster, so I think, organizations are going to have to make sure they can address some of those newly discovered vulnerabilities fairly quickly. Now, as we switch the, you know, the OT side, you know, we didn't see a lot of attacks if you look at the percentage of the overall attacks, however, you know, OT, if there is an actual successful attack, I think it's, you know, worth saying that it's >> a much larger impact, right. >> You have a major problem. >> You know, my concern is, these different types of trends that are coming together. One, OT is starting to connect to other networks, which means they're going to eventually be accessible from the internet, which makes it a lot more difficult to be able to protect. At the same time, we're seeing nation states continue to focus on compromising OT systems as well. So, I don't know what's going to happen in the coming months and years, but the trends aren't actually looking so good right now. >> So if you were to, if we had a CIO sitting here right now, and you were talking about this report, what are the, first off, how should they regard the information, what should they be doing differently as a result of the information that the reports are viewing? >> Yeah, I mean, I would say, one, we always talk about this, it's easier said than done, but you know, going back to the basics, and making sure that you have good cyber hygiene and being able to identify vulnerabilities that exist in your environment, and that, you know, me just saying that sounds kind of simple, but that really means identifying all the assets that you have in your environment that you're responsible for protecting, number one, and then being able to, you know, identify the vulnerabilities that may exist on those things. That's uh, it's not the easiest thing to do, but I think it's something that really should be focused on. At the same time though, threats are going to get into your network. That's just a, you know, that's a given. So being able to make sure that you can identify, you know, threats within your environment is extremely important, and then, once you identify them, what's the processes for you to go ahead and actually respond and clean up those particular threats? That really is going to be the key. I know it's at a high level, it's much deeper than that. But that's where you start. >> Alright, Anthony Giandomenico, Tony G, >> Tony G. >> thanks very much once again for being on theCUBE and talking to us about FortiGuard's Q1, 2018 report from Fortinet. >> Awesome, well thanks for having me. >> You betcha, so, Anthony Giandomenico (laughs) a senior strategist researcher at FortiGuard labs, Fortinet, talking to us about the 1Q 2018 report. Once again, this has been a CUBE Conversation thanks for listening. (vibrant music)

>> Narrator: Live from Las Vegas it's theCube covering AWS reInvent 2017 presented by AWS, Intel and our ecosystem of partners. >> Hello and welcome to theCube's exclusive coverage here in Las Vegas for AWS, Amazon Web Services reinvent 2017, 45,000 people. It's theCube's fifth year in covering AWS, five years ago I think 7,000 people attended, this year close to 45,000, developers and industry participants. And of course this is theCube I'm John Furrier with my co-host Keith Townsend and we're excited to have Cube alumni Sanjay Poonen who's the chief operating officer for VMware. Sanjay great to see you, of course a good friend with Andy Jassy, you went to Harvard Business School together, both Mavericks, welcome to theCube. >> Thank you and you know what I loved about the keynote this morning? Andy and I both love music. And he had all these musical stuff man. He had Tom Petty, he had Eric Clapton. I an not sure I like all of his picks but at least those two, loved it man. >> The music thing really speaks to the artists, artists inside of this industry. >> Yes. >> And we were talking on theCube earlier that, we're in a time now where and I think Tom Siebel said it when he was on, that there's going to be a mass, just extinction of companies that don't make it on the digital transformation and he cited some. You're at VMware you guys are transforming and continue to do well, you've a relationship with Amazon Web Services, talk about the challenge that's in front of business executives right now around this transformation because possibly looking at extinction for some big brands potentially big companies in IT. >> It's interesting that Tom Siebel would say that in terms of where Siebel ended up and where salespersons now I respect him, he's obviously doing good things at C3. But listen that's I think what every company has got to ask itself, how do you build longevity? How do you make yourself sustainable? Next year will be our 20 year anniversary of VMware's founding. The story could have been written about VMware that you were the last good company and then you were a legacy company because you were relevant to yesterday's part of the world which was the data center. And I think the key thing that kept us awake the last two or three years was how do you make them relevant to the other side of history which is the public cloud? What we've really been able to do over the last two or three years is build a story of the company that's not just relevant to the data center and private cloud, which is not going away guys as you know but build a bridge into the public cloud and this partnership has been a key part of that and then of course the third part of that is our end user computing story. So I think cloud mobile security have become the pillars of the new VMware and we're very excited about that and this show, I mean if you combine the momentum of this show and VMworld, collectively at VMworld we have probably about 70, 80,000 people who come to VMworld and Vforums, there's 45,000 people here with all the other summits, there's probably have another 40,000 people, this is collectively about a 100, 150,000 people are coming to the largest infrastructure shows on the planet great momentum. >> And as an infrastructure show that's turning into a developer show line get your thoughts and I want to just clarify something 'cause we pointed this out at VMworld this year because it's pretty obvious what happened. The announcement that you guys did that Ragu and your team did with Ragu with AWS was instrumental. The proof was at VMworld where you saw clarity in the messaging. Everyone can see what's going on. I now know what's happening, my operations are gonna be secure, I can run VSphere on the cloud or on Prem, everything could be called what it is. But the reality was is that you guys have the operators, IT operations and Amazon has a robust cloud native developer community, not that they're conflicting in any way, they're coming together so it was a smart move so I got to ask you, as you guys continue your relationship with AWS, how are you guys tying the new ops role, ops teams with the dev teams because with IoT, this is where it's coming together you can see it right there? Your thoughts? >> I mean listen, the partnership is going great. I just saw Andy Jassy after his exec summit session, gave him a hug. We're very excited about it and I think of any of the technology vendors he mentioned on stage, we were on several slides there, mentioned a few times. I think we're probably one of the top tech partners of his and reality is, there's two aspects to the story. One is the developer and operations come together which you, you eloquently articulated. The other aspect is, we're the king of the private cloud and they're the king of the public cloud, when you can bring these together, you don't have to make it a choice between one or the other, we want to make sure that the private cloud is maximized to its full extent and then you build a bridge into the public cloud. I think those two factors, bringing developer and operations together and marrying the private and public cloud, what we call hybrid cloud computing, a term we coined and now of course many others-- >> I think-- >> On top of the term. Well whoever did. >> I think HP might have coined it. >> But nonetheless, we feel very good about the future about developer and operations and hybrid cloud computing being a good part of the world's future. >> Sanjay, I actually interviewed you 2016 VMworld and you said something very interesting that now I look back on it I'm like, "Oh of course." Which is that, you gave your developers the tools they needed to do their jobs which at the time included AWS before the announcement of VMware and AWS partnership. AWS doesn't change their data center for anyone so the value that obviously you guys are bringing to them and their customers speaks volumes. AWS has also said, Andy on stage says, he tries to go out and talk to customers every week. I joked that before the start of this that every LinkedIn request I get, you're already a connection of that LinkedIn request. How important is it for you to talk to your internal staff as well as your external customers to get the pulse of this operations and developer movement going and infused into the culture of VMware. >> Well Keith I appreciate the kind words. When we decided who to partner with and how to partner with them, when we had made the announcement last year, we went and talked to our customers. We're very customer and client focused as are they. And we began to hear a very proportional to the market share stats, AWS most prominently and every one of our customers were telling us the same thing that both Andy and us were asking which is "Why couldn't you get the best of both worlds? "You're making a choice." Now we had a little bit of an impediment in the sense that we had tried to build a public cloud with vCloud air but once we made the decision that we were getting out of that business, divested it, took care of those clients, the door really opened up and we started to test pulse with a couple of customers under NDA. What if you were to imagine a partnership between us and Amazon, what would you think? And man, I can tell you, a couple of these customers some of who are on stage at the time of the announcement, fell off their chair. This would be huge. This is going to be like a, one customer said it's gonna be like a Berlin Wall moment, the US and the Soviet Union getting together. I mean the momentum building up to it. So now what we've got to do, it's been a year later, we've shipped, released, the momentum still is pretty high there, we've gotta now start to really make this actionable, get customers excited. Most of my meetings here have been with customers. System integrators that came from one of the largest SIs in the world. They're seeing this as a big part of the momentum. Our booth here is pretty crowded. We've got to make sure now that the customers can start realizing the value of VMware and AWS as a build. The other thing that as you mentioned that both sides did very explicitly in the design of this was to ensure that each other's engineering teams were closely embedded. So it's almost like having an engineering team of VMware embedded inside Amazon and an engineering team of Amazon embedded inside VMware. That's how closely we work together. Never done before in the history of both companies. I don't think they've ever done it with anybody else, certainly the level of trying. That represents the trust we had with each other. >> Sanjay, I gotta ask you, we were talking with some folks last night, I was saying that you were coming on theCube and I said, "What should I ask Sanjay? "I want to get him a zinger, "I want to get him off as messaging." Hard to do but we'll try. They said, "Ask him about security." So I gotta ask you, because security has been Amazon's kryptonite for many years. They've done the work in the public sector, they've done the work in the cloud with security and it's paying off for them. Security still needs to get solved. It's a solvable problem. What is your stance on security now that you got the private and hybrid going on with the public? Anything change? I know you got the AirWatch, you're proud of that but what else is going on? >> I think quietly, VMware has become one of the prominent brands that have been talked about in security. We had a CIO survey that I saw recently in network security where increasingly, customers are talking about VMware because of NSX. When I go to the AirWatch conference I look at the business cards of people and they're all in the security domain of endpoint security. What we're finding is that, security requires a new view of it where, it can't be 6000 vendors. It feels like a strip mall where every little shop has got its boutique little thing that you ought to buy and when you buy a car you expect a lot of the things to be solved in the core aspects of the car as opposed to buying a lot of add-ons. So our point of view first off is that security needs to baked into the infrastructure, and we're gonna do that. With products like NSX that bake it into the data center, with products like AirWatch and Workspace ONE that bake it into the endpoint and with products like App Defence that even take it deeper into the core of the hypervisor. Given that we've begun to also really focus our education of customers on higher level terms, I was talking to a CIO yesterday who was educating his board on what are some of the key things in cyber security they need to worry about. And the CIO said this to me, the magic word that he is training all of his board members on, is segmentation. Micro segmentation segmentation is a very simple concept that NSX sort of pioneered. We'll finding that now to become very relevant. Same-- >> So that's paying off? >> Paying up big time. WannaCry and Petya taught us that, patching probably is a very important aspect of what people need to do. Encryption, you could argue a lot of what happened in the Equifax may have been mitigated if the data been encrypted. Identity, multi-factor authentication. We're seeing a couple of these key things being hygiene that we can educate people better on in security, it really is becoming a key part to our stories now. >> And you consider yourself top-tier security provider-- >> We are part of an ecosystem but our point of view in security now is very well informed in helping people on the data center to the endpoint to the cloud and helping them with some of these key areas. And because we're so customer focused, we don't come in at this from the way a traditional security players providing access to and we don't necessarily have a brand there but increasingly we're finding with the success of NSX, Workspace ONE and the introduction of new products like App Defense, we're building a point of security that's highly differentiated and unique. >> Sanjay big acquisition in SD-WAN space. Tell us how does that high stress security player and this acquisition in SD-WAN, the edge, the cloud plays into VMware which is traditionally a data center company, SD-wAN, help us understand that acquisition. >> Good question. >> As we saw the data center and the cloud starting to develop that people understand pretty well. We began to also hear and see another aspect of what people were starting to see happen which was the edge and increasingly IoT is one driver of that. And our customers started to say to us, "Listen if you're driving NSX and its success "in the data center, wouldn't it be good "to also have a software-defined wide area network strategy "that allows us to take that benefit of networking, "software-defined networking to the branch, to the edge?" So increasingly we had a choice. Do we build that ourselves on top of NSX and build out an SD-WAN capability which we could have done or do we go and look at our customers? For example we went and talked to telcos like AT&T and they said the best solution out there is a company that can develop cloud. We start to talk to customers who were using them and we analyzed the space and we felt it would be much faster for us to buy rather than build a story of a software-defined networking story that goes from the data center to the branch. And VeloCloud was well-regarded, I would view this, it's early and we haven't closed the acquisition as yet but once we close this, this has all the potential to have the type of transformative effect like in AirWatch or in nai-si-ra-hat in a different way at the edge. And we think the idea of edge core which is the data center and cloud become very key aspects of where infrastructure play. And it becomes a partnership opportunity. VeloCloud will become a partnership opportunity with the telcos, with the AWSs of the world and with the traditional enterprises. >> So bring it all together for us. Data center, NSX, Edge SD-WAN, AirWatch capability, IOT, how does all of that connect together? >> You should look at IoT and Edge being kind of related topics. Data center and the core being related topics, cloud being a third and then of course the end-user landscape and the endpoint being where it is, those would be the four areas. Data center being the core of where VMware started, that's always gonna be and our stick there so to speak is that we're gonna take what was done in hardware and do it in software significantly cheaper, less complex and make a lot of money there. But then we will help people bridge into the cloud and bridge into the edge, that's the core part of our strategy. Data center first, cloud, edge. And then the end user world sits on top of all of that because every device today is either a phone, a tablet or a laptop and there's no vendor that can manage the heterogeneous landscape today of Apple devices, Google devices, Apple being iOS and Mac, Android, Chrome in the case of Google, or Windows 10 in the case of Microsoft. That heterogeneous landscape, managing and securing that which is what AirWatch and Workspace ONE does is uniquely ours. So we think this proposition of data center, cloud, edge and end-user computing, huge opportunity for VMware. >> Can we expect to see NSX as the core of that? >> Absolutely. NSX becomes to us as important as ESX was, in fact that's kind of why we like the name. It becomes the backbone and platform for everything we do that connects the data center to the cloud, it's a key part of BMC for example. It connects the data center to the edge hence what we've done with SD-WAN and it's also a key part to what connects to the end user world. When you connect network security with what we're doing with AirWatch which we announced two years ago, you get magic. We think NSX becomes a fundamental and we're only in the first or second or third inning of software-defined networking. We have a few thousand customers okay of NSX, that's a fraction of the 500,000 customers of VMware. We think we can take that in and the networking market is an 80 billion dollar market ripe for a lot of innovation. >> Sanjay, I want to get your perspective on the industry landscape. Amazon announcing results, I laid it out on my Forbes story and in Silicon Angle all the coverage, go check it out but basically is, Amazon is going so fast the developers are voting with their workloads so their cloud thing is the elastic cloud, they check, they're winning and winning. You guys own the enterprised data center operating model which is private cloud I buy that but it's all still one cloud IoT, I like that. The question is how do you explain it to the people that don't know what's going on? Share your color on what's happening here because this is a historic moment. It's a renaissance-- >> I think listen, when I'm describing this to my wife or to my mother or somebody who's not and say "There's a world of tech companies "that applies to the consumer." In fact when I look at my ticker list, I divide them on consumer and enterprise. These are companies like Apple and Google and Facebook. They may have aspirations in enterprise but they're primarily consumer companies and those are actually what most people can relate to and those are now some of the biggest market cap companies in the world. When you look at the enterprise, typically you can divide them into applications companies, companies like Salesforce, SAP and parts of Oracle and others, Workday and then companies in infrastructure which is where companies like VMware and AWS and so on fit. I think what's happening is, there's a significant shift because of the cloud to a whole new avenue of spending where every company has to think about themselves as a technology company. And the same thing's happening with mobile devices. Cloud mobile security ties many of those conversations together. And there are companies that are innovators and there companies that you described earlier John at the start of this show that's going to become extinct. >> My thesis is this, I want to get your reaction to this. I believe a software renaissance is coming and it's gonna be operated differently and you guys are already kind of telegraphing your move so if that's the case, then a whole new guard is gonna be developing, he calls it the new garden. Old guard he refers to kind of the older guards. My criticism of him was is that he put a Gartner slide up there, that is as says old guard as you get. Andy's promoting this whole new guard thing yet he puts up the Gartner Magic Quadrant for infrastructure as a service, that's irrelevant to his entire presentation, hold on, the question is about you know I'm a Gardner-- >> Before I defend him. >> They're all guard, don't defend him too fast. I know the buyers see if they trust Gartner, maybe not. The point is, what are the new metrics? We need new metrics because the cloud is horizontally scalable. It's integrated. You got software driving decision making, it's not about a category, it's about a fabric. >> I'm not here to... I'm a friend of Andy, I love what he talked about and I'm not here to defend or criticize Gartner but what I liked about his presentation was, he showed the Gartner slide probably about 20 minutes into the presentation. He started off by his metrics of revenue and number of customers. >> I get that, show momentum, Gartner gives you like the number one-- >> But the number of customers is what counts the most. The most important metric is adoption and last year he said there was about a million customers this year he said several million. And if it's true that both startups and enterprises are adopting this, adopting, I don't mean just buying, there is momentum here. Irrespective, the analysts talking about this should be, hopefully-- >> Alright so I buy the customer and I've said that on theCube before, of course and Microsoft could say, "We listen to customers too and we have a zillion customers "running Office 365." Is that really cloud or fake cloud? >> At the end of the day, at the end of the day, it's not a winner take all market to one player. I think all of these companies will be successful. They have different strategies. Microsoft's strategy is driven from Office 365 and some of what they can do in Windows into Azure. These folks have come up from the bottom up. Oracle's trying to come at it from a different angle, Google's trying to come at a different angle and the good news is, all of these companies have deep pockets and will invest. Amazon does have a head start. They are number one in the market. >> Let me rephrase it. Modern applications could be, I'll by the customer workload argument if it's defined as a modern app. Because Oracle could say I got a zillion customers too and they win on that, those numbers are pretty strong so is Microsoft. But to me the cloud is showing a new model. >> Absolutely. >> So what is in your mind good metric to saying that's a modern app, that is not. >> I think when you can look at the modern companies like the Airbnb, the Pinterest, the Slacks and whoever. Some of them are going to make a decision to do their own infrastructure. Facebook does not put their IaaS on top of AWS or Azure or Google, they built their own data is because they can afford to do and want to do it. That's their competitive advantage. But for companies who can't, if they are building their apps on these platforms that's one element. And then the traditional enterprises, they think about their evolution. If they're starting to adopt these platforms not just to migrate old applications to new ones where VMware fits in, all building new cloud native applications on there, I think that momentum is clear. When was the last time you saw a company go from zero to 18 billion in 10 years, 10, 12 years that he's been around? Or VMware or Salesforce go from zero to eight billion in the last 18 years? This phenomenon of companies like Salesforce, VMware and AWS-- >> It's all the scale guys, you gotta get to scale, you gotta have value. >> This is unprecedented in the last five to 10 years, unprecedented. These companies I believe are going to be the companies of the tech future. I'm not saying that the old guard, but if they don't change, they won't be the companies that people talk about. The phenomenon of AWS just going from zero to 18 is, I personally think-- >> And growing 40% on that baseline. >> Andy's probably one of the greatest leaders of our modern time for his role in making that happen but I think these are the companies that we watch carefully. The companies that are growing rapidly, that our customers are adopting them in the hundreds of thousands if not millions, there's true momentum there. >> So Sanjay, data has gravity, data is also the new oil. We look at what Andy has in his arsenal, all of the date of that's in S3 that he can run, all his MI and AI services against, that's some great honey for this audience. When I look at VMware, there's not much of a data strategy, there's a security the data in transit but there's not a data strategy. What does VMware's data strategy to help customers take math without oil? >> We've talked about it in terms of our data analytics what we're doing machine learning and AI. We felt this year given so much of what we had to announce around security software-defined networking, the branch, the edge, putting more of that into VMworld which is usually our big event where we announce this stuff would have just crowded our people. But we began to lay the seeds of what you'll start to hear a lot more in 2018. Not trying to make a spoiler alert for but we acquired this company Wavefront that does, next-generation cloud native metrics and analytics. Think of it as like, you did that with AppDynamics in the old world, you're doing this with Wavefront in the new world of cloud native. We have really rethought through how, all the data we collect, whether it's on the data center or in the endpoint could be mined and become a telemetry that we actually use. We bought another company Apteligent, formerly called Criticism, that's allowing us to do that type of analytics on the endpoint. You're gonna see a couple of these moves that are the breadcrumbs of what we'll start announcing a lot more of a comprehensive analytics strategy in 2018, which I think we're very exciting. I think the other thing we've been cautious to do is not AI wash, there's a lot of cloud washing and machine learning washing that happened to companies-- >> They're stopping a wave on-- >> Now it's authentic, now I think it's out there when, when Andy talks about all they're doing in AI and machine learning, there's an authenticity to it. We want to be in the same way, have a measured, careful strategy and you will absolutely hear from us a lot more. Thank you for bringing it up because it's something that's on our radar. >> Sanjay we gotta go but thanks for coming and stopping by theCube. I know you're super busy and great to drop in and see you. >> Always a pleasure and thanks-- >> Congratulations-- >> And Keith good to talk to you again. >> Congratulations, all the success you're having with the show. >> We're doing our work, getting the reports out there, reporting here on theCube, we have two sets, 45,000 people, exclusive coverage on siliconangle.com, more data coming, every day, we have another whole day tomorrow, big night tonight, the Pub Crawl, meetings, VCs, I'll be out there, we'll be out there, grinding it out, ear to the ground, go get those stories and bring it to you. It's theCube live coverage from AWS reInvent 2017, we're back with more after this short break.

>> Narrator: Live from Las Vegas, it's theCUBE covering AWS re:Invent 2017 presented by AWS, Intel, and our ecosystem of partners. >> Welcome back to AWS re:Invent 2017. I am Lisa Martin with theCUBE, our day two of continuing coverage of this event that has attracted 44,000 people. Keith Townsend is my cohost, and we are very excited to welcome to theCUBE family Simon West, the CMO of Cyxtera. Welcome, Simon. >> Thank you, great to be here. >> Cyxtera, a six-month-old company. Tell us about it, what do you guys do? >> Sure, so as you said we are just six months old. It feels longer than that now, born at the intersection of five simultaneous acquisitions. One part of that was the acquisition of 57 data centers and a global co-location business that was formerly owned and operated by Century Link. Into that we've added the security and analytics capabilities of four modern startup software companies, and the vision is to provide a secure infrastructure solution both within our data centers, but interestingly even though I've got 57 data centers around the world, I want to be location agnostic. We recognize that today's enterprises are running multi-clouds, running hybrid environments, so we extend our security solutions on prem and into public clouds which is why we are here at AWS re:Invent. >> Fantastic. >> One of the big challenges that we hear from the enterprise perspective, hybrid IT is that the control that we have internally are very different from the controls that exist in AWS. How do you guys help even that out? >> You are exactly right, we would go so far as to gently suggest that the core method by which we protect access to infrastructure and applications which is still predicated on a physical perimeter is just fundamentally flawed in a 2017 world where your applications are everywhere, your users are everywhere connecting on a myriad of devices. You can't build a wall around that which doesn't exist. You have also obviously, as you say, you've got that problem of hydrogenous platforms, each with their own method of control. Our flagship product in that area is a product called AppGate SDP. SDP stands for software defined perimeter which is an emerging specification born out of the US government's disarm. Now a number of companies are offering software defined perimeter solutions. The basic premise that we hold is that security should be user centric rather than IP centric. A firewall is still predicated on granting access from one IP block to another IP block. The VPN may capture who is coming in, but once you are in, we give you basically unfettered access to flat corporate internal networks and we track you as an IP address rather than as a user. We think we should get more user centric. The user should be at the center of our policy. We think it should be more like cloud in the way we run security so rather than these hardware-based static central chokepoints, we think security should be real-time, it should be adaptive and intelligent, and it should be as agile as the cloud. You build cloud applications that are capable of spawning multiple copies of themselves, auto scaling up and down, moving from availability zone to availability zone yet our typical network security posture is still highly static. When you have some of the high profile attacks that we have seen over the last few months, our ability to change policy, immediately we recognize a problem. A particular operating system, apps in a particular service pack, is incredibly out of step with how agile the rest of our IT is. So more like cloud in terms of the way it operates, and finally we think, and so does the software defined perimeter spec, we think that access needs to be thought of as conditional rather than just a X, Y, yes or no. Jim has access to sensitive financial systems should be dependent on what operating system Jim is using whether Jim is on a coffee shop Wi-Fi network or on a structured corporate network, the time of day, the day of week, our overall security posture. The way AppGate works is when a user tries to access a system, the policy can ingest any one of these different conditional items. It can interrogate the device the user is using for the right software revisions. You can look at environmental variables. It can even look at internal business systems and check anything it can get to via an API, and only if those conditions are met will it provide access to a specific system, and then it can monitor that real time, so if your context changes, you move from a trusted network to an untested network, we can alter access. We can prime for a one time multifactor authentication or take any other steps the user wants. We offer that in cloud, on premise, integrated into our data centers to provide one central policy mechanism no matter what platform you are running on. In the case of AWS, we integrate with features like security groups, like AMI machine tagging, so you can build policy natively out of those Amazon features as well. >> Talk about that transition to this user based approach. I would imagine that a user can migrate their legacy systems into one of your 56, 57 data centers, and then as they start to expand out to the cloud, they have to change their operating model from they may migrate their traditional big firewall into your data center. What does that migration process look like? Is that an application by application spec, network by network? How do I transition? >> You know, it really varies. It feels a lot like I'm an old cloud guy, so it feels a lot like cloud did in the late 00s, in 2008, 2009. We think the software defined perimeter is going to have that big of an impact, a cloudlike impact on network and application security, but the way in which organizations will choose to implement it is going to vary. One of the things we did very early on was to integrate AppGate as a service into the data centers. If you think about co-location environments, when you bring new gear into a data center, you racket and stack it, the very next thing you do after that is drag a VPN back to the corporate office so you can access it remotely, which we would respectfully suggest is not necessarily the best way to do it in 2017 out of the chute. We've then integrated AppGate so organizations can just avail themselves of that as a service, and instantly have a kind of easy on-ramp. One of the big areas we see, and we've seen with customers here at re:Invent is customers who are moving workloads to cloud, and want to make sure that they can have that same sense of fine-grained access control common to those on premises and off premises environments, whether that's at migration or that's just an extension of an app into cloud environments, so it's kind of all over the place. >> Sorry Simon, what differentiates Cyxtera's approach to the software defined perimeter from your competitors? >> A couple of things, it's extremely robust in terms of one, being able to run in multiple environments, so a native AWS version, versions that run natively in other public cloud environments. Obviously we think the ability to offer it deeply integrated into the data centers is important. It's also capable of granting access to more than just web applications. You've got some solutions out there that are really web proxies and that are built for SAS apps and born on the cloud apps. This is more of a fundamental network platform by which you can gain access to any system or application you choose, and finally was introduced the concept of what we call scriptable entitlements which is the ability to interrogate third-party systems via API, and bring back those results as part of the building policy. An example there is we've got service provider customers who are running large multitenant environments. You then have a technical support organization who needs to support a huge multi thousands of servers environment with multiple customers running in multiple VLANs and typically the way you have to do that is a jam box in the middle and then giving these technical support folks access to that entire backend management network which is a security risk. With AppGate, you can actually integrate into a ticketing system and when John in support asks for access to a customer database server, at runtime, we can find out whether there is a trouble ticket open on that box assigned to that rep, and only then will we grant access. We don't grant level network access. We grant access to that specific application. We call it a segment of one, secure and cryptic connection between the user's device and the application or the applications they have access to but to nothing else. Everything else on the network is literally dark. It cannot be port scanned. It doesn't show up at all, so it's a much narrower sense of control, a much narrower sense of access, and again it's dynamic. If that trouble ticket that shut off, the access goes away automatically. We think the integration into business systems is a critical piece of the puzzle and an area where I think we have innovated with AppGate. >> Let's talk about security in depth. Obviously you guys are putting the software security perimeter around the data center, what we would classify as the data center which is kind of disappearing in a sense, and the edge. You talked about end-user protection. Where do you guys pickup and drop off when it comes to MDM, mobile device management, which is much more important now with mobile, and then laptops, desktops, et cetera, and you mentioned third parties, pieces of data center equipment that's not in your data center, like a wind farm. >> Sure, so you are right. We are absolutely moving to the edge. I think we continue to think that the data center will be as important as it ever was. The more cloud we have, the more data centers it needs to run in. The more public cloud we have the more people want to move some of their machines that might have historically run on prem to cloud data centers with low latency direct connect to public cloud environments. If you look at our data center footprint with regard to the edge, we are not just in the major markets, although in major metropolitan markets I've got half a dozen data centers all linked together, but I'm also in markets started across the country, so I've got half a dozen in New York and New Jersey, half a dozen in DC, half a dozen in the Bay Area, but I'm in Tampa, I'm in Columbus Ohio, I'm in Dallas, I'm in Denver, and so that distribution becomes particularly important as more customers move data to the edge. From a security perspective, again, we think of that data center as the nexus of enterprise at IT and the cloud. The data center is where our conversation about security in terms of access control starts. It's a physical security message of biometrics, and ID checks, and so forth, but there, we think is the missing piece of the puzzle. The principal point of ingress and egress into a data center today is not to the front door, the back door, or the loading dock. It's the massively clustered multicarrier network core, so if you are not providing some level of access control in and out of the network, I'd offer you are not providing a truly secure infrastructure solution. We start there. We are focused mainly at this point with AppGate at controlling the conversation between the user device and the system applications themselves. One of our other acquisitions, a company called Cat Bird has done some innovative work in terms of east/west segmentation in virtual environments, which is notoriously difficult otherwise to see, to stop the spread of how machines can talk to each other in a large virtualized forms as well, and so it's the infrastructure where we principally focus. >> Where are we, or maybe where are you guys in this revolution of information security? Are we at the forefront of massive change? What is Cyxtera's view on that? >> I think we are at the beginnings of a revolution that's about 20 years late. If you can kind of carbon date year zero of modern IT at around 1996, which is the advent of the Internet as a commercial and consumer force, that was the revolution for enterprise IT. That was the moment that we had to move IT outside the four walls of the machine room on the corporate campus. Prior to that, the applications all ran on big beige boxes in one room. The users were largely tethered to them by smaller beige boxes in other rooms, and the notion of perimeter security worked. It was a valid construct. As soon as enterprises had to start thinking about an increasingly global user base, as soon as users started to connect from all over the place, the concept of this perimeter goes away. Over the last 20 years, you've seen revolution after revolution and the way in which we design, provision, deploy, manage and operate our business applications, our development frameworks, and our infrastructure. We've revolutionized for availability. We've revolutionized agility. We've turned IT into a real-time API driven motion, and we've revolutionized for scalability with platforms like AWS just industrializing this real time IT on a global scale, and if you took a systems administrator from '96, and you showed them IT today, I think you have some explaining to do. If you took a security administrator from 1996 and showed him 2017, I think the construct would be familiar. We are still hardware driven in a software defined world. We are still assuming that access is static, that it's never changing, that it's predicated on the users being someplace, the applications being another, and again, in a world of real time IT, a world in which our underlying application footprint changes without any human intervention whatsoever, and I think you see with WannaCry, with NotPetya, with all of these attacks, the commonalities that they have in the terms of the reason they were so devastating is one, they take advantage of lateral spread. They take advantage of riding an authorized access into a corporate network where port scans show up 10,000s of ports where you can rattle the handles, break the locks, and spread like wildfire, and two, in the case of something like WannaCry, days after we realized what the problem was, we were unable to simply alter as an institution, as an industry, or as an enterprise access policy at the press of a button until we could get things patched. We had to sit, and wait, and watch the fires continue to burn, so it's a question of security being insufficiently agile, insufficiently automated and adaptive, and insufficiently software driven. We think that is just starting. I think on the SDP side, we've noticed in the last six months the conversation changing. We've noticed customers who now have SDP mandates internally who are seriously starting to evaluate these technologies. >> Wow, it sounds like Cyxtera is at the beginning of being potentially a great leader in this security revolution. We wish you, Simon, and the entire company the best of luck. We thank you so much for joining us on theCUBE, and we look forward to hearing great things from you guys down the road. >> Much appreciated, thank you both. >> Absolutely, for my cohost, Keith Townsend, I'm Lisa Martin. You are watching theCUBE's continuous coverage of AWS re:Invent 2017. Stick around guys, we will be right back.

>> Announcer: Live from Las Vegas, it's the CUBE, covering AWS re:Invent 2017, presented by AWS, Intel, and our ecosystem of partners. >> Hey, welcome back to the CUBE. We are live on day one of AWS re:Invent 2017. This is their sixth event, our fifth time here with the CUBE. I'm Lisa Martin, along with Justin Warren, my co-host. There are upwards of 40,000 plus, I've heard even 50,000 people are here, incredible three day event. And we are excited to be joined by another guest from BMC, Daniel Nelson, AVP of Product Management, Security, Compliance and Automation, welcome to the CUBE. >> Thank you so much for having me, I'm excited to be here. >> We're excited to have you here. So one of the things that I'd love to understand is when you talk to customers who are in the enterprise, on this journey to cloud as you know, that term is used a lot, what are some of the biggest challenges that they face knowing they have no choice but to do this? What are some of the biggest challenges that they face that BMC can help to mitigate on this journey? >> Oh, I'd be happy, absolutely. So one of the things about us is that for the past twenty years, we've been helping large enterprises help keep their environment secure, fully automated, be able to have greater efficiencies within their data centers. And as our customers are transitioning to a multi-cloud world, everything that they had to do back at the data center, they still have to do in the public cloud, it still has to be compliant, it still has to be secure, it still has to be governed. And so what we help our customers do is to make that transformation and be able to bring together those two worlds so while they currently are looking as a goal to use AWS, use public cloud, use private cloud, they still have to manage their internal systems and be able to provide one platform to do that is what BMC's all about. >> Yeah, I've been a longtime user of BMC products, back in the day, you know Control-M and some of the things-- >> Still a great product, lots of people use it. >> Absolutely, it was a great product and we used it a lot. So I know that BMC has that rich history and experience of being able to automate things, particularly in scale, so how is that translating across into the world of cloud? 'Cause to me it actually seems like it's basically the same problem. >> Oh, and it is, absolutely. So what it used to be, scale was the measure of number of servers that you have. Now it's much more number of applications that you have, the number of developers you have, the number of configurations you have to keep in touch with, the number of policies you have to enforce, so the scale problem's exactly the same, just the physical mechanism of what's scaling has changed and that is an added complexity to it. >> Yeah, so given that level of similarity and what you've been able to translate from the inside world across into the cloud, what is it that's different? What is the thing that people are struggling with and the customers are really challenged by in this journey to cloud? >> Well, in one word it's speed. So everything that you had to do in the past was at a particular cadence. And so if you're releasing applications once a year, once every six months, even once a quarter, there was a certain amount of slack in the system where if something went wrong, you had time to adjust, you had time to keep up with it. Well now that you're down to hours, minutes, sometimes even seconds, pushing out code all the time, updating your applications all the time, you can't operate, it's beyond human scale and so that's where things like automation being able to tie back to your core systems, be able to have all that automated governance control really helps, you know, all of our customers. >> Speed is one of the things that AWS has done extremely well continuing to-- what? Last year I think it was 1,017 new features and services. This year it's over 1,100 already and you know, Andy Jassy has been very vocal about speed and customer focus is what's helping them. So with that focus on speed and accelerating pace of innovation, how is BMC alike AWS in getting what customers need faster than your competitors? >> You know, absolutely. And so what AWS does really well is providing the core preeminence that the underlying, you know, building blocks of what you need and allowing you to assemble those very quickly to have you realize your own vision and your own dreams. What we do very well is keeping some guardrails on those building blocks and making sure that, you know, we've seen it all over the place. One developer makes a mistake and suddenly, you've got a data breach. Uh, you know, one piece of code doesn't get updated the way it should be or you have a password in GitHub somewhere and now all of a sudden, you know, all your data's out there and you're on the front page of Wall Street Journal. What we help our customers do is to keep out of that news and into the news of satisfying their customers and going fast. So while AWS helps you build things really quickly, we help you do that in the right way, that keeps you safe, keeps you compliant, and keeps you you know, within the normal, corporate governance. >> So what's your favorite example of a customer doing that, where they had this issue and then they came to BMC and you were able to help them to actually solve that problem; what's a great example? >> Well we obviously do a lot of business with a lot of big banks and we have one of our customers, is a very large bank, was hesitant about the cloud, was experimenting with it, and they started with just five projects and within six months that five, those five projects had ballooned up to 65 projects, and all without really governance control oversight. And then WannaCry hit and our customer was so nervous, so scared about it, that their only response was, since they didn't know what their exposure was, they just shut 'em all down, they just pulled the plug, and says, "We're not gonna do anything." And so what we did is we came in and provided them the ability to do that, to revive those innovation products, to provide the ability to build quickly, but also know where you are, how to be safe, and can continue to update, you know, your compliance and security posture with new information as it comes in. So it gives them that safety factor that they can feel safe. One of my favorite examples and one of the best metaphors I've had is one of my customers from Savience said, "You know, Daniel, look I love to go fast, but the last thing I want to do is put my problems on roller skates, like that doesn't do any good." And I was like , "That's what we're here to do. We're here to provide you, you know, those bumper rails on the bowling alley so you can go fast." >> I do love that problems on roller skates idea. >> I'm gonna use that. >> Yeah, I was feeling that one. >> Go ahead, I use it all the time. >> So you know, we talk a lot about a lot of buzzwords, a lot of hot terms, right? Uh, multi-cloud. I'm curious about what BMC is doing in multi-cloud. How does an enterprise understand what multi-cloud is? What's hybrid cloud? How do you guys help sort of break down some of these buzzwords into actions for your customers so they can be fast and competitive? >> So for me, if I were to sound out what multi-cloud really means is that you're choosing the best technology at the best price point for what the need of the business is. And sometimes that means running of the data center. And there are a lot of things in the data center that run, you know, more cheaply, more efficiently, but at a much more cost effective basis than they ever will in the cloud. And those things belong in the data center. And I think over time, you'll see the data center loads will actually increase, as well. There's some things that you have to go very quickly, you can be experimental with it, you have to have the DevOps team attached to, and the public cloud is great for those things. And then even within the public cloud space, there are things that Azure does well, there's things that AWS does well, and individual enterprises, especially large enterprises, which is our constituency, need to be able to make those choices and be able to do that for the best underlying reason of their technology. What BMC then provides you is ability to say whether it's OnPrem, whether it's in Azure, whether it's AWS, wherever you wanna run that, you know, we can provide you the controls and the compliance and the governance that you can be safe regardless. You get the same policies in place regardless of where that individual technology's targeted. >> Yeah, absolutely. And when talking with large, particularly large customers as you've point out, you only have to buy one other company and all of a sudden, you're multi-cloud. You might've decided, "You know what, we're all in on AWS." A different company that you'd buy for business reasons may have decided, "You know what, I wanna have some Azure, I wanna have some Google Cloud." It's like kaboom, you buy them and now all of a sudden, IT has this multi-cloud issue and they need someone who can help them to manage that. And really, you wanna be able to manage that in the same way across all of the different environments and I can see that that's where BMC would be really strong. >> You know, you're exactly right. Give me one of the great things, like this is a great show, and there's so many vendors and there's so much great technology here, but if you talk to Gardner or Forester or ADC or 451, one of the main things they'll tell you is you've got to have not individual tools for every individual problem, you need to have a platform in place that provides you the breadth of coverage where you have the ability to be flexible across those technologies. And that's another thing that BMC is offering in the market. >> Yeah, so one of the challenges of building that platform, though, is that you've got all of these little different silos that tend to just sort of build up all by themselves. And then when you come and try like the central IT comes along and says, "No, thall shalt use the one true solution." How do you actually provide the right level of flexibility for individual solutions that can be tailored in need, but still provide that scalability and sameness across everything that gives you those efficiencies in scale? How does BMC help you manage that? >> Well that's one of BMC's historical strongest parts of the offering, is the breadth of content, being able to support, you know, in the data center all of the different operating systems, all of the different applications. We do the same thing now by us forwarding all the different microservices within AVDS, all of the different microservices within Azure, being able to then provide that breadth of content so that the developer, himself, can choose whatever and then from a central IT standpoint, you know you've got the policies in place to be able to make sure that they're safe. Another one of my favorite expression is that developers will argue with people but they won't argue with systems. And so if you then being able to incorporate that, the compliance and control into the DevOps pipeline, into the DNAP driven-approach, where a developer does something that's outside of those guidelines and they just get an immediate response back saying, "No, I'm sorry, that's not allowed." or you know, "There's an air message in law." they're like, "Okay, well I gotta go fix that." verus being on the phone or having to go through any of that process. Developers are very argumentative about that. So what we do is be able to take that corporate IT perspective and just be able to eject it programmatically across all the different dev teams. >> I think our question we wanna pivot on the developer role for a second, you know, AWS has done a great job of attracting a lot of awareness in the developer community for a long time now. They've never really had to advertise, because this awareness was so strong, very sticky. We've seen them this year, sort of advertising, which as a marketer kinda signaled to me, interesting. We know that their massive growth rate isn't predicated upon us, you know, startups alone. That the enterprise is also a major play for AWS and they need to get to now, the CEO, the corporate board. I'm just curious, is BMC seeing in like a customer, like a large bank or an insurance company for example, where are you seeing the C-Suite help influence product development? How influential is that higher tier of management now as this transition becomes an absolute business imperative? >> Well, it's interesting because you see not only the rise of the CIO as a digital transformer within the business, you also see the CEO being more and more involved with us. And you also have the rise of the CSO. So being able to inject security into this conversation, and so you've got a monopoly of different voices that are all happening at the board level and that there's board visibility in the center of these things as well. But the board now pays attention to, "How are we developing our applications? Are they safe? Are they secure? You know, is there an existential risk to our business by the way that we're conducting ourselves from an information technology standpoint?" So those conversations are obviously happening. You know, we see them happening all the time, it's been really great for our business, because we've been working with these companies for years and years and years to help them be safe and compliant, to keep their banking licenses in order, things of that nature, and now we're just extending that to the cloud, as well. So we definitely see it and honestly, it's one of the things that we feel like is a core competitive advantage for us, is we have those relationships in place today and have for decades. >> Yeah, do you see yourselves going into customers in sort of a partnering relationship with AWS, particularly for those enterprises? I can see that, I mean IT has been wanting a seat at this table for so, so long. It's like, "Well, you've got one now. It happened to come from security which is possibly not the best introduction ever." But now that they have their seat at the table, how are you finding to manage that conversation to influence board level, which is a far different conversation than what it would be when you're talking about technical things? And even from developer land, it's like, "API's and so on", that's not really a board level conversation or is it? >> Well AWS is one of our strategic partners and so it's very easy for us to go into customers together, and be able to tell that message of, "Go safe but be fast at the same time." And so we're much more of an and-world now than an or-world, you know, that we were in the past. And the ability to make trade-offs with somebody that we all kinda took for granted, but now we really don't have that ability anymore, like we have to be all things to all people and that forces a lot of innovation. And it forces a lot of the kind of the new things that you're seeing everyday, no matter of AWS and other vendors as well. It's really an exciting time to be in information technology. >> Never a dull moment. And yeah I wanted to kinda pivot on it, symbiosis. Like how much business do you drive for AWS, but also conversely, how much does AWS sorta push BMC to innovate at their pace? >> Right, so you know, just being a AWS partner pushes you. Because you're now along for the ride and wherever they go, whatever they're doing, you know, our customers are looking at us and saying, "When do you support that? And how are you gonna support that?" You know, we want to be easing into these things and so we've had to put on ourselves, a very strict SLA that as soon as AWS gets someone new, we have to support it with our very breviated time, 'cause that's what our customers have had it and that's great 'cause it enforces us to innovate, forces us to do things in new ways and be able to you know, actually have a lot of the technologies, a lot of the processes in place that our customers, themselves are trying to emulate. So that's been wonderful. In addition to that, if you look at you know, how we're pushing AWS, AWS is definitely you know, is already in the enterprise, there's a lot of enterprises that already used us but being able to think about things from an enterprise standpoint is different than a developer bottom-up standpoint and so we've always been a lot more holistic about understanding what are the needs of the business? And especially from a C-Suite communication perspective, like how do we articulate and how do we do that well? And that's part of what we bring to the relationship. >> You mentioned a lot of customers are banks and insurance companies, I'm curious about healthcare. There's sort of an anticipation that Andy Jassy might be announcing a broader partnership with Cerner, who has 25% market share in electronic health records. Healthcare being historically slower to adopt cloud, massive security challenges there. What are you guys seeing in the healthcare space? What are some of the primary concerns there that you're helping to mitigate? >> Well so if you talk about healthcare, the first thing that everybody will talk about, especially in the IT space is HIPAA, right? So it's you know, what am I doing with my private data? If you talk about it from an AMIA perspective, you know, it's GDPR, you know, what are we gonna do about private data, how do we keep it segregated? You know, how do we not only have those mechanisms in place, but how do we ensure that they're in place, be able to prove that they are in place? And when our auditors come to us, we can provide them all that data. And that's exactly what BMC provides. So we have out of the box content for HIPAA compliance, for SOX, for PCI, for anything that you want to do. And so we can just look at your systems or they're in the data center or in the cloud, tell you exactly how they need to be configured, and then also I'll remediate them for you. So we can take that next step and provide the automation in place for you, so that you can actually then just worry about running your business. So it's a really, really interesting vertical for us to go into 'cause of our history and 'cause of our background. >> Yeah, there's gonna be so much growth in that area. I mean, even from my part of the world, down in Australia. We've got our electronic health records is a big, big thing with the whole program of work that's involved in putting that in, being able to keep that data safe, but also useful. It's gonna be a big challenge and I can only see it getting larger. >> Oh right, absolutely. And it's important for us not to lose sight that the end person we're protecting is the consumer. The end person we're protecting is the individual who that's their data, like they own that, and so it's our job and our duty to do the best we can for our customers to protect that. And ultimately, that's the value. >> Last question for you, some of the things that have come out already in the last day and a half or so, from AWS on AI, what are you seeing in terms of customers' comprehension of machine learning and what the potential is for them to truly become data driven, leveraging advanced technologies like that? >> So we're definitely in the hype cycle with AI, right? I mean and I think we all kinda know that. I think when you talk about machine learning and basing and reasoning and-- it's all part of the cape on having the data in place to do the analysis on. And so just like we saw with the data, it's like, "Oh I want big data, but then now what do I do with it?" Now, we have AI machine learning for the people that do have large data sets, they can start to do some interesting analysis, they can start to do some interesting things. But you have to have the data first, before you start to apply the actual algorithms to it. 'Cause the algorithm, you know, just give it two data points, it's not gonna be very smart. Give it two trillion and it's gonna be able to do some really interesting things. >> So what can people see and learn and touch and feel at the BMC booth here? >> So just this week, we launched a new product called policy service, which is policy and compliance for public cloud and for DevOps pipelines, so we'd love to show anybody who wants to come by a demo of that, we're very excited about it. Also it ties back to our core automation and so if you have to do something also in the data center, we can bring those two worlds together for you. >> Excellent. Well Daniel Nelson, thank you so much for joining us. You're now in the CUBE alumni. >> Alright, that's exciting, I appreciate it. >> And I'm Lisa Martin, for my co-host Justin Warren, we are live from day one of our three day coverage at AWS re:Invent 2017, stick around, we'll be right back. (techno music)

(upbeat music) >> Announcer: Live from Madrid, Spain, it's theCUBE. Covering HPE Discover Madrid 2017. Brought to you by Hewlett Packard Enterprise. >> Hi everybody, welcome to Madrid, Spain. My name is Dave Vellante, and this is theCUBE, the leader in live tech coverage. We're here, this is day one of HPE Discover Madrid, the European version of the event that we cover in the summer, in the spring, in Las Vegas. I'm here with my cohost, Peter Burris, and Bob Moore is here, he's the director of server software and product security at HPE, and he's joined by good friend Patrick Osborne, who runs product marketing and management for the storage group at HPE. Gents, welcome to theCUBE. >> Good to be here, Dave, Peter. >> Yeah, very happy to be here. >> Dave: Always good to see you Did you bring your sax? >> Not this time, my friend. (laughing) >> We had a lot of fun. Where were we in New Orleans last year? >> Oh yeah, it was great. >> And you're an awesome sax player, we love it, big fan, and you're a bass player, we got more sax, more horns over there. So, I digress. >> Patrick: You need a CUBE band (laughing) >> We need a CUBE band. >> Bob, we talked this spring in Las Vegas, you guys made a big deal about the silicon-level security, you made some innovations there. Give us the update on why, again, that's so important, and how that's been received by customers. >> Yeah, well I think, answer the second part of the question first, it's really resonating pretty well with customers. Honestly, as we get to them, and we describe the level of cryptography we have, down right into the hardware, the firmware, down into our silicon, those customers that are concerned with security, and frankly, all customers are now, really does resonate with them pretty well. And the reason that it's important is because tying all of that security down into a bedrock foundation provides that ability to then leverage in or pull in other objects like storage and provide that security without any increase in latency but also the access and the shared access, being able to do that across multiple platforms, do it securely, and have that sharing capability like we all need to have to keep our IT infrastructure running. So it's really critically important, still, to this day, HPE is the only server manufacturer that's able to do that down into the silicon level that we're talking about here. So we're quite proud about that. And it's allowed us to claim the world's most secure industry standard servers and now, of course, today we're branching out with other technologies across our storage platform and including those into our security strategy. >> So, how does it, Patrick, relate to what you guys are doing on the storage side? >> Yeah, so I think it's a really good complementary solution and the fact that we can provide the silicon root of trust on the infrastructure level, and then on the storage side, we provide some similar capabilities at the infrastructure level, with encryption and other techniques that we have, and then, we assist customers in being able to, in a number of different cases, being able to take, for example, snapshots in backup, move those offsite, or even into the cloud, encrypt those, so you have essentially a silicon-rooted trust on the infrastructure side for your operating system and your firmware. And then you have essentially a golden image at a point in time of your data, which is a pretty valuable asset. So combine those two, we're able to help customers with a pretty aggressive RTO, and RPO, to be able to recover, if they'd been breached, or when they get breached, essentially. So we have some great examples here today in the show, of some customers that have used combinations of things like, the Gen10 servers, 3PAR, and StoreOnce, to achieve that level of recovery, in, not days, in, basically in hours, or even faster. And then we have some other technologies where you can set up a media break, essentially send all that data out to the cloud, and completely have a self-contained, encrypted copy of your data to recover from. So we're providing a number of different solutions, all the way up and down the stack for customers to be able to help to recover very quickly. >> So obviously security's been in the news lately, the huge Equifax breach, you go back to the spring, WannaCry, and ransomware, >> Patrick: Yep. >> So let's talk about ransomware specifically. How do you guys help a customer sort of address that. What's the, there's no silver bullet. You hear talk about air gaps, you guys are talking about >> Patrick: Right. >> silicon-level security, What's the prescription for customers? >> Well, I'm glad you asked that, because ransomware really is on every customer's mind these days. And it is, because it's gone up, ransomware is so lucrative and profitable, it's gone up by 15 full, 15 times in the last two years, to the point where it's cost companies five billion dollars in 2017, and by 2019, a company will be infected by ransomware every 14 seconds, so it's just really huge. And not only, and we don't encourage paying the ransom, but the ransom, if you paid it, would be expensive, but the downtime that you experience in recovering can be really expensive for companies as well. So this ability to recover from ransomware, or ransomware neutralizer, which is what we're talking about and announcing here today, is really new and a revolutionary way to recover in a systematic, orderly fashion, starting with the firmware that we talked about, that's anchored down in the silicon, so we recover that firmware, in case that ransomware malware virus has migrated. Because the hackers are getting so incredibly ingenious these days, that that malware can hide inside the firmware and will go everywhere, the tentacles will go everywhere, but we start the recovery with a firmware so you've got that firm foundation, routing out any remnants of the malware. And then on top of that, new today, we're announcing the fact that we can then recover the server settings that take days, sometimes weeks to set up initially, and that'll be recovered and restored automatically. Then we restore the operating system through an ISO site, along with the applications and then finally, we bring the data back, as Patrick was mentioning, we do that relatively quickly. We're demonstrating that here this week at Discover Madrid. And it really does allow customers to avoid having to pay the ransom, we want them to be able to recover, do it quickly and easily, without paying the ransom, and that's what we help. >> But you mention the word "trust," which is one of the most increasingly important words in the tech industry. We're in Madrid, GDPR is going to start moving in into a force in the first quarter of next year. >> Bob: May 2018. >> So, second quarter. And it's going to create some fair amount of attention, not just here in Europe, but on a global basis. I was talking to an expert who suggested that if the Equifax breach had occurred in Europe, under GDPR, it would not have been just embarrassment, it would have been about 60, 70 billion dollars worth of funds. >> Bob: Right. >> So we're talking not just about nice things to have, we're talking about, over the course of the next five years, you have to have this level of capability inside your infrastructure, or you will be out of business. >> I think it's true, absolutely. The GDPR, the penalties associated are so severe with that, up to 20 million dollars, or four percent of the annual revenue of the parent company, so it can just be massively impactful, financially impactful, hurtful to the companies. We're talking today, and this week, about GDPR, and how we help companies get ready for that, and you mention the Equifax breach, actually, we have, with our HP Gen9 and Gen10 solutions server networking and storage, applied the NIST 800-53 controls to that, and if they had applied those and used our solution, we believe that, after having looked at the Equifax breach, that would not have happened, had they followed the security controls that are in NIST. There's a lot of articles published about how NIST can help companies get ready for the GDPR in Europe, and so we've got the NIST controls, we went through all the time, energy, and funding to create the NIST security controls that will help a hundred percent of those applied to the ISO certification, ISO 27000-1, 27000-2, which then lends itself to being GDPR compliant. So, not only do we help customers through this great new technology that we have in the silicon-rooted trust, and that's helpful in getting ready for the GDPR, but also these NIST controls. >> But it's also that it's also that the well the conversations that we're having with CIOs is that GDPR, even though it's centered here in Europe, is likely to have an effect on global behavior. And so, one of the things that they're looking for is, they're looking for greater commonality in the base infrastructure about how it handles security, so that they can have greater commonality in how their people do things, so they can be better at targeting where the problem is, when the problem happens, and how to remediate the problem. Talk a little bit about how more commonality in the infrastructure, especially when you talk about storage, which is increasingly the value proposition, is how you share data is going to liberate resources elsewhere in the business to do new and better things faster. >> I think for, from the HPE perspective, you're not going to solve GDPR with any specific point product. Right? And that's not, it's not really our message to the market, that, you implement this and you're going to go satisfy those requirements. It's definitely part of a solution, but what we've been trying to do is, you see, we've got the silicon root of trust on the server side, and a number of security features, and we're talking about how we integrate that with the storage. We're starting to bring together more of a vertically oriented stack, that includes all those pieces and they work together. So instead of having a security or commonality layer at the server layer, at the networking layer, at the storage layer, thinking about it as a service that's more vertically oriented through the stack, where you're able to take a look at all aspects of the networking, what's going on with the firmware and the operating system and all the way down to essentially your secure and most important data. >> Peter: Securing the data >> Exactly. >> And not the device. >> Exactly. Exactly. And so for us, you see it in themes for for 3PAR, for SimpliVity on the hyperconverged area, and all the converged systems on the compute side, we're really providing integrated security and integrated data protection that is inherently secure with encyryption and a host of other techniques. So really, we're trying to provide it from the application level on down through the infrastructure, a set of capabilities within the products that work together to provide a little bit more of a secure infrastructure. >> One of the things we talked to Bill Philbin about on theCUBE recently was, and Patrick, I'm sure you've heard this, maybe you too as well, Bob, but boo-boos happen now, today, really fast. So they replicate very quickly. So how do you deal with fast boo-boo replication and sort of rolling back to the point where you can trust that data? >> There's a couple techniques and innovations that we brought within the storage realm, in terms of integrating that whole experience, so our big thing is, on the storage side, has been how can you provide an experience from all-flash on-prem out to the cloud, from a data perspective, and have all that integrated so we've got a number of things that we've actually announced here at Discover, in terms of 3PAR, all-flash, and Nimble, being able to federate that primary storage, with your secondary storage, on-prem, and then being able to have that experience go off-prem, into the cloud, so you do have a media break and a number of things. I think, from a solution perspective, integrating with some of our top-tier partners on the availability side, like Deem, for example, it gives you that really holistic application-level view, in the context of virtualization, it's something that helps do the very rich cataloging experience, and pieces. >> So I wonder if we could talk about a topic that's been discussed in our communities, which is the biggest threat within cyber is the weaponization of social media. You've sort of seen it with fake news, and Facebook, and I wonder if you guys are having similar conversations with customers and even ransomware. You look at WannaCry, it was sort of state-sponsored, and actually not a lot of money went back >> Patrick: Right. >> To the perpetrators, maybe it was a distraction to get other credentials. And you're seeing different signatures of Russians, very sophisticated hackers, they target pawns and make 'em feel like kings, and then grab their credentials, and then go in and get critical data. So when you think about things like the weaponization of social media, how can you guys help, sort of, detect what's going on, anomalous behavior, and address that? You've got silicon level >> Right. >> You've got the storage component. Do analytics come into play? Is there a whole house picture that you can help customers >> Yeah, I think that's the next level. It's almost an iterative process as soon as we've developed a protection, or the ability to detect a cybersecurity breach, is then the hackers try to outdo that, and so we're continually leapfrogging, and I think the next step is probably with machine learning. We're starting to actually deploy some of that at HPE, that artificial intelligence, and we have some of that now with our storage, our Nimble storage, as well as our Aruba Networking with the technologies that Aruba has with IntroSpect, can now look at the communication inside of a network and determine if there's nefarious behavior, and watch the behavior analytics, as well as the signatures that are going on inside the network, and actually, then communicates with ClearPass, and can proactively take some charge of that and rule out that user that's potentially a bad actor before any damage is really done. Same way on, with the storage side, >> Patrick: Yep. >> With the InfoSight that has great, in fact, so great of AI intelligence, that we're actually sharing as we look at ransomware viruses, they're looking at the signatures that those leave, and the trails that ransomware leaves behind, so that the storage systems can actually proactively route that out with machine learning and artificial intelligence. That's where we're headed with HPE. >> But it's, it's not only, it's not only finding ways to fix the boo-boos, it's acknowledging or recognizing that the boo-boos occurred. So how is this new capability facilitating, or increasing the speed with which problems are recognized? >> I think one of the important points that Bob made is that we are, we're announcing this week, on the storage side, some concepts around AI for the data center, and specifically, around our predictive analytics with InfoSight, and applying that from Nimble to the 3PAR systems, and then setting out a vision that is going to basically enable us to use that AI at the infrastructure layer, across other areas within the portfolio. Servers, networking, and for, at the speed at which this is moving, you can't solve this at the human level, right? So for us, to be able to whitelist and blacklist customers, based on our learning across a very large install base, if you think about the amount of compute nodes and the amount of storage that we sell as a infrastructure company, you can learn and be enabled to proactively help customers avoid those situations, that's something we're actually implementing today. >> And let me follow up with that, because it's a great lead-in or tie-back to GDPR that we were discussing. >> Yep. >> Because there's reporting requirements within 72 hours, right, >> Yep. >> That GDPR says that you've got to report that you had a breach, and how do you report that if you're not certain? Well, with our silicon-rooted trust and the Gen10 servers, we actually are monitoring all that server essential firmware every 24 hours. Now some of our competitors monitor, or check the firmware, one time when you boot up the server, and never again until you, maybe reboot the server, right? But we're doing, at HPE, that check every 24 hours, and that's an automated process. And so, you ask, how can be detected? Well, we can detect that, because you'll get an alert, coming back to the user of the server, that there's been a breach, and that can be reported. >> We got to go. I'm glad you mentioned automation, because that's a big factor, >> Bob: Yeah. >> Using false positives, because people just don't have time, they're drinking from the fire hose. Bob, Patrick, thanks very much for coming to theCUBE. >> Great, thanks so much for having us. >> Dave: Enjoy the week. >> Thank you so much, we appreciate it. >> All right, keep it right there everybody, we'll be back with our next guest. This is theCUBE. We're live, from HPE Discover in Madrid. We'll be right back. (upbeat music)

>> Announcer: Live from New York City. It's theCUBE. Covering CyberConnect 2017. Brought to you by Centrify, and the Institute for Critical Infrastructure Technology. >> Hey, welcome back everyone. Live here with Cube coverage in New York City, our favorite place to be when we've got all the action going on. CyberConnect 2017 is an inaugural event where industry, government comes together to solve the crisis of our generation. That's cybersecurity. I'm John Furrier, co-host theCube My partner Dave Vellante here. Our next guest is Chris Novak, VTRAC Global Director, Threat Research Advisory Center at Verizon. Welcome to theCube, great to have you. >> Thanks, pleasure to be here. >> So you do all the homework. You've got the forensic data. You're the one looks at the threats. You're the burning bush of cyber intelligence. What's happening? Tell us what's the threats? >> Everything. So, it's interesting because I always find what I do to be wildly exciting just because it's always changing, right? Everything we see. It's kind of' like being a cop. Ultimately you're investigating unknowns all the time, trying to figure out how they happen, why they happen, who they happen to, but more importantly than that, how do you get ahead of it to prevent being the next one, or prevent it happening to others? And that's really the thrust of what we're out to do. >> Talk about the challenges 'cause General Keith Alexander was on stage talking about how he compared it to an airline crashing, where they come in looking for the black box, and it's worse because you don't even know what happened, who was involved. >> Chris: That's right. >> The notion of anonymous, public domain software is causing all kinds of democratization, good and bad, bad being actors that we don't even know attacking us. What is the landscape of how you identify what's going on? >> Yeah, and it gets even more challenging than that because I like that analogy, and I'd say I'd almost take it one step further and say the analogy of the airline and looking for the black box. In many cases when we go in to do an investigation, we're just hoping that there was a black box to look at to begin with. In many cases, we get there and there was no information, and we're trying to take all the pieces and put it together of what's left. And ultimately what we see is, it keeps evolving, right? It keeps getting harder, and the threat actors keep getting better. What I always tell folks is, while many of us all have to play by a set of rules, or regulations, or compliance obligations, the threat actors don't have to do any of that. They're free to do whatever works for them, and repeat it over and over again, and, for them, it's a business. >> So Dave and I were talking earlier. I want to get your reaction to this. About the importance of Stuxnet. Ars Technica has a report coming out that certificate authorities were compromised well before Stuxnet. But Stuxnet is the Pearl Harbor, cyber Pearl Harbor, as a point in time. So much has happened since then. So from that kind of Pearl Harbor moment of the wakening of, oh my God, to today, what's the landscape look like? How important was the Stuxnet to that point in time now, and how has it evolved? What's changed? >> Sure, and I think a couple of key things that come out of that. One is, you start to see more and more attribution to government-related attacks. Some are actively sponsored and known. Some are, we're just diggin' through the details and the weeds to try and figure out who's actually behind it and attribution may never actually take place. >> Or it could not be real 'cause they want to blame their enemy so that they get attacked. >> Well, and that's the either beauty or downside of cyber is that you can conduct it in a vacuum, in an anonymous fashion. So, in many respects, you can conduct an attack remotely and try to give it all the hallmarks of someone else, making it further difficult to attribute it. >> And the tools are now available too, so like, I hear reports that states are sponsoring, or releasing in the public domain, awesome hacks, like Stuxnet of the future, which some say was released and then got out of control by accident. >> And that's always something you have to be concerned about is the fact that once this stuff gets out there, even if you only intended to use this malware or attack vector once. Once you use it on that victim, there is a potential that that spreads. >> But you guys have been doing this study for the last decade. >> Correct. >> So you've seen the shift from sort of hacktivist to nation-sponsored malware. What has the research shown you over the last decade as that shift has occurred? >> Yeah, it's interesting because you look at it and a lot of what we still see today are financially-motivated and interestingly enough, opportunistic, low-hanging fruit kind of attacks. About 70 to 80% fall in that category, and about 20 to 25, depending on the year, are nation state, but that keeps growing each year. And, I think a lot of it is. >> John: What the nation state piece? >> The nation state piece. But it's still the smaller piece of the pie or the graph, whatever you're looking at, because, at the end of the day >> It's cash. >> It's cash. >> They want the cash. >> And so much of what we find when you look back at the old days of breaches where the majority of them were, they weren't even really breaches of theft of data, it was someone. >> Confetti, graffiti. >> I should have actually asked that question differently because it's really went from hacktivist to criminals. >> Chris: Correct. >> To nation states and you're saying the dominant now is criminal activity. >> That's correct. Yeah, we find the large piece of it about more than half is organized crime. It comes down to, look, you can steal money in a variety of different ways. This is a way to do it safely from thousand miles away >> And no one knows who you are. >> on the other end of a keyboard. >> So it's annoyance. >> And by the way, no consequence. Who's going to? >> Virtually, yeah. >> What court do you go to? >> So its annoyance is the hacktivist. Okay, we can kind of' live with that. It's cash and it's threats to critical infrastructure. >> And we see kind of a graduation there where you see the activists realize, I can this and make a point, but a point doesn't necessarily make me money, or I can do this for an organized crime group and make millions of dollars. Hmmmm. >> And, by the way, to your point which we were just teasing out, Dave. There is zero downside, because if you get caught, what happens? >> Yeah. >> If you get caught. >> If you get caught, yeah. And then what happens if you get caught? >> There's no jurisdiction. >> You don't make money. >> No, no, there's no courts. >> It's very hard to prosecute. >> There's actually no process for that. >> So, we heard this morning that WannaCry and other examples of malware really weren't about malware. I mean, sorry, they really weren't about ransomware, they were about sending a message, or politics. So, you're obviously seeing more of that in your research. >> Chris: Exactly right. >> Fake news, and I wonder if you could comment. >> Absolutely, yeah. So, in fact, it was interesting because some of those had continued to come out. Everyone kept thinking that it was all ransomware, and then as we studied it further we found some of these, they never had the intention of collecting a ransom, or giving the data back. It was all about making a political point, and you now have this kind of injection of politics into something that was really, traditionally, just organized crime, smash and grab, make cash. Now politics is feeding into that, going, wait, we can affect and influence and all sorts of things in ways people have never imagined and people don't even know it's going on. >> So you must be seeing a dramatic improvement in the quality, hate to say this, but the quality of malware, over the last decade. Less bugs, less errors, >> More sophisticated. >> More insidious, sophisticated. >> That's exactly right >> Vectors. >> We do see that continuing to improve and for them, like I always tell folks, they operate it like a business. You'll have some of these groups where they'll have different divisions or departments. People will have clearly-defined roles and responsibilities of what they're supposed to be doing in generating that malware, troubleshooting it, and they'll even reward people for how well it works. >> Chris, I'd like to get your personal opinion. If you could put your Verizon hat on too, I will take any opinions that you have. How do we solve this? 'Cause this event here. We like this inaugural event because it's the first industry event that talks about the big picture, the holistic view, the 20-mile stare, if you want to' say it that way. Not the Black Hat, which has its own conference, and there should be more of that. This is industry coming together. Governments now intersecting here. What's your opinion on how this gets solved. We heard community, shared data, that's been going around. What do you think? >> So, that's probably the hardest question I get asked, and, honestly, I think it's because there's not really a simple answer to it, right? It's like saying, how do we stop crime? We don't. It's not going to be possible. It's a matter of, how do we put up better defenses? And also, important, how do we put up better detection, so that we can see things and, potentially, stop them sooner before they blow up into these big, multi-hundred-million record, or billion record breaches? So, one of the biggest things that I advocate is awareness. We also have to do things like pro-active threat hunting, right? If you're not out there. It's kind of like having security guards, right? You go through any office and you've got security guards walking the halls, sitting in the lobby, looking for things that are unusual. If we're not out there in the cyber realm looking for unusual things, you can't expect that you're going to see them until they've reached a certain blow-up point. >> Or are they cloaked? Completely cloaked. You can't see 'em. >> That's also true. >> Security guards are looking for someone they can't see. >> That's true. >> Chris, thanks so much for coming here and sharing the opinion. Follow the research. And your report's public, or? >> Yes, the reports are all available on the VerizonEnterprise.com website. >> Okay, VerizonEnterprise.com. Check it out. These reports are a treasure trove of information. Always getting it out. Thanks for your perspective. Lookin' for more trends. Chris Novak here inside theCube here in New York City's live coverage of CyberConnect 2017. I'm John with Dave Vallente. We're back with more coverage after this short break. (techno music)