(soft music) >> Announcer: TheCUBE's live coverage is made possible by funding from Dell Technologies. Creating technologies that drive human progress. (upbeat music) >> Welcome back to Spain, everybody. We're here at the Fira in MWC23. Is just an amazing day. This place is packed. They said 80,000 people. I think it might even be a few more walk-ins. I'm Dave Vellante, Lisa Martin is here, David Nicholson. But right now we have the Analyst Hot Takes with three friends of theCUBE. Chris Lewis is back again with me in the co-host seat. Zeus Kerravala, analyst extraordinaire. Great to see you, Z. and Sarbjeet SJ Johal. Good to see you again, theCUBE contributor. And that's my new name for him. He says that is his nickname. Guys, thanks for coming back on. We got the all male panel, sorry, but it is what it is. So Z, is this the first time you've been on it at MWC. Take aways from the show, Hot Takes. What are you seeing? Same wine, new bottle? >> In a lot of ways, yeah. I mean, I was talking to somebody this earlier that if you had come from like MWC five years ago to this year, a lot of the themes are the same. Telco transformation, cloud. I mean, 5G is a little new. Sustainability is certainly a newer theme here. But I think it highlights just the difficulty I think the telcos have in making this transformation. And I think, in some ways, I've been unfair to them in some degree 'cause I've picked on them in the past for not moving fast enough. These are, you know, I think these kind of big transformations almost take like a perfect storm of things that come together to happen, right? And so, in the past, we had technologies that maybe might have lowered opex, but they're hard to deploy. They're vertically integrated. We didn't have the software stacks. But it appears today that between the cloudification of, you know, going to cloud native, the software stacks, the APIs, the ecosystems, I think we're actually in a position to see this industry finally move forward. >> Yeah, and Chris, I mean, you have served this industry for a long time. And you know, when you, when you do that, you get briefed as an analyst, you actually realize, wow, there's a lot of really smart people here, and they're actually, they have challenges, they're working through it. So Zeus was saying he's been tough on the industry. You know, what do you think about how the telcos have evolved in the last five years? >> I think they've changed enormously. I think the problem we have is we're always looking for the great change, the big step change, and there is no big step change in a way. What telcos deliver to us as individuals, businesses, society, the connectivity piece, that's changed. We get better and better and more reliable connectivity. We're shunting a load more capacity through. What I think has really changed is their attitude to their suppliers, their attitude to their partners, and their attitude to the ecosystem in which they play. Understanding that connectivity is not the end game. Connectivity is part of the emerging end game where it will include storage, compute, connect, and analytics and everything else. So I think the realization that they are not playing their own game anymore, it's a much more open game. And some things they will continue to do, some things they'll stop doing. We've seen them withdraw from moving into adjacent markets as much as we used to see. So a lot of them in the past went off to try and do movies, media, and a lot went way way into business IT stuff. They've mainly pulled back from that, and they're focusing on, and let's face it, it's not just a 5G show. The fixed environment is unbelievably important. We saw that during the pandemic. Having that fixed broadband connection using wifi, combining with cellular. We love it. But the problem as an industry is that the users often don't even know the connectivity's there. They only know when it doesn't work, right? >> If it's not media and it's not business services, what is it? >> Well, in my view, it will be enabling third parties to deliver the services that will include media, that will include business services. So embedding the connectivity all the way into the application that gets delivered or embedding it so the quality mechanism deliver the gaming much more accurately or, I'm not a gamer, so I can't comment on that. But no, the video quality if you want to have a high quality video will come through better. >> And those cohorts will pay for that value? >> Somebody will pay somewhere along the line. >> Seems fuzzy to me. >> Me too. >> I do think it's use case dependent. Like you look at all the work Verizon did at the Super Bowl this year, that's a perfect case where they could have upsold. >> Explain that. I'm not familiar with it. >> So Verizon provided all the 5G in the Super Bowl. They provided a lot of, they provided private connectivity for the coaches to talk to the sidelines. And that's a mission critical application, right? In the NFL, if one side can't talk, the other side gets shut down. You can't communicate with the quarterback or the coaches. There's a lot of risk at that. So, but you know, there's a case there, though, I think where they could have even made that fan facing. Right? And if you're paying 2000 bucks to go to a game, would you pay 50 bucks more to have a higher tier of bandwidth so you can post things on social? People that go there, they want people to know they were there. >> Every football game you go to, you can't use your cell. >> Analyst: Yeah, I know, right? >> All right, let's talk about developers because we saw the eight APIs come out. I think ISVs are going to be a big part of this. But it's like Dee Arthur said. Hey, eight's better than zero, I guess. Okay, so, but so the innovation is going to come from ISVs and developers, but what are your hot takes from this show and now day two, we're a day and a half in, almost two days in. >> Yeah, yeah. There's a thing that we have talked, I mentioned many times is skills gravity, right? Skills have gravity, and also, to outcompete, you have to also educate. That's another theme actually of my talks is, or my research is that to puts your technology out there to the practitioners, you have to educate them. And that's the only way to democratize your technology. What telcos have been doing is they have been stuck to the proprietary software and proprietary hardware for too long, from Nokia's of the world and other vendors like that. So now with the open sourcing of some of the components and a few others, right? And they're open source space and antenna, you know? Antennas are becoming software now. So with the invent of these things, which is open source, it helps us democratize that to the other sort of skirts of the practitioners, if you will. And that will bring in more applications first into the IOT space, and then maybe into the core sort of California, if you will. >> So what does a telco developer look like? I mean, all the blockchain developers and crypto developers are moving into generative AI, right? So maybe those worlds come together. >> You'd like to think though that the developers would understand everything's network centric today. So you'd like to think they'd understand that how the network responds, you know, you'd take a simple app like Zoom or something. If it notices the bandwidth changes, it should knock down the resolution. If it goes up it, then you can add different features and things and you can make apps a lot smarter that way. >> Well, G2 was saying today that they did a deal with Mercedes, you know this probably better than I do, where they're going to embed WebEx in the car. And if you're driving, it'll shut off the camera. >> Of course. >> I'm like, okay. >> I'll give you a better example though. >> But that's my point. Like, isn't there more that we can do? >> You noticed down on the SKT stand the little helicopter. That's a vertical lift helicopter. So it's an electric vertical lift helicopter. Just think of that for a second. And then think of the connectivity to control that, to securely control that. And then I was recently at an event with Zeus actually where we saw an air traffic control system where there was no people manning the tower. It was managed by someone remotely with all the cameras around them. So managing all of those different elements, we call it IOT, but actually it's way more than what we thought of as IOT. All those components connecting, communicating securely and safely. 'Cause I don't want that helicopter to come down on my head, do you? (men laugh) >> Especially if you're in there. (men laugh) >> Okay, so you mentioned sustainability. Everybody's talking about power. I don't know if you guys have a lot of experience around TCO, but I'm trying to get to, well, is this just because energy costs are so high, and then when the energy becomes cheap again, nobody's going to pay any attention to it? Or is this the real deal? >> So one of the issues around the, if we want to experience all that connectivity locally or that helicopter wants to have that connectivity, we have to ultimately build denser, more reliable networks. So there's a CapEx, we're going to put more base stations in place. We need more fiber in the ground to support them. Therefore, the energy consumption will go up. So we need to be more efficient in the use of energy. Simple as that. >> How much of the operating expense is energy? Like what percent of it? Is it 10%? Is it 20%? Is it, does anybody know? >> It depends who you ask and it depends on the- >> I can't get an answer to that. I mean, in the enterprise- >> Analyst: The data centers? >> Yeah, the data centers. >> We have the numbers. I think 10 to 15%. >> It's 10 to 12%, something like that. Is it much higher? >> I've got feeling it's 30%. >> Okay, so if it's 30%, that's pretty good. >> I do think we have to get better at understanding how to measure too. You know, like I was talking with John Davidson at Sysco about this that every rev of silicon they come out with uses more power, but it's a lot more dense. So at the surface, you go, well, that's using a lot more power. But you can consolidate 10 switches down to two switches. >> Well, Intel was on early and talking about how they can intelligently control the cores. >> But it's based off workload, right? That's the thing. So what are you running over it? You know, and so, I don't think our industry measures that very well. I think we look at things kind of boxed by box versus look at total consumption. >> Well, somebody else in theCUBE was saying they go full throttle. That the networks just say just full throttle everything. And that obviously has to change from the power consumption standpoint. >> Obviously sustainability and sensory or sensors from IOT side, they go hand in hand. Just simple examples like, you know, lights in the restrooms, like in public areas. Somebody goes in there and just only then turns. The same concept is being applied to servers and compute and storage and every aspects and to networks as well. >> Cell tower. >> Yeah. >> Cut 'em off, right? >> Like the serverless telco? (crosstalk) >> Cell towers. >> Well, no, I'm saying, right, but like serverless, you're not paying for the compute when you're not using it, you know? >> It is serverless from the economics point of view. Yes, it's like that, you know? It goes to the lowest level almost like sleep on our laptops, sleep level when you need more power, more compute. >> I mean, some of that stuff's been in networking equipment for a long time, it just never really got turned on. >> I want to ask you about private networks. You wrote a piece, Athenet was acquired by HPE right after Dell announced a relationship with Athenet, which was kind of, that was kind of funny. And so a good move, good judo move by by HP. I asked Dell about it, and they said, look, we're open. They said the right things. We'll see, but I think it's up to HP. >> Well, and the network inside Dell is. >> Yeah, okay, so. Okay, cool. So, but you said something in that article you wrote on Silicon Angle that a lot of people feel like P5G is going to basically replace wireless or cannibalize wireless. You said you didn't agree with that. Explain why? >> Analyst: Wifi. >> Wifi, sorry, I said wireless. >> No, that's, I mean that's ridiculous. Pat Gelsinger said that in his last VMware, which I thought was completely irresponsible. >> That it was going to cannibalize? >> Cannibalize wifi globally is what he said, right? Now he had Verizon on stage with him, so. >> Analyst: Wifi's too inexpensive and flexible. >> Wifi's cheap- >> Analyst: It's going to embed really well. Embedded in that. >> It's reached near ubiquity. It's unlicensed. So a lot of businesses don't want to manage their own spectrum, right? And it's great for this, right? >> Analyst: It does the job. >> For casual connectivity. >> Not today. >> Well, it does for the most part. Right now- >> For the most part. But never at these events. >> If it's engineered correctly, it will. Right? Where you need private 5G is when reliability is an absolute must. So, Chris, you and I visited the Port of Rotterdam, right? So they're putting 5G, private 5G there, but there's metal containers everywhere, right? And that's going to disrupt it. And so there are certain use cases where it makes sense. >> I've been in your basement, and you got some pretty intense equipment in there. You have private 5G in there. >> But for carpeted offices, it does not make sense to bring private. The economics don't make any sense. And you know, it runs hot. >> So where's it going to be used? Give us some examples of where we should be looking for. >> The early ones are obviously in mining, and you say in ports, in airports. It broadens cities because you've got so many moving parts in there, and always think about it, very expensive moving parts. The cranes in the port are normally expensive piece of kits. You're moving that, all that logistics around. So managing that over a distance where the wifi won't work over the distance. And in mining, we're going to see enormous expensive trucks moving around trying to- >> I think a great new use case though, so the Cleveland Browns actually the first NFL team to use it for facial recognition to enter the stadium. So instead of having to even pull your phone out, it says, hey Dave Vellante. You've got four tickets, can we check you all in? And you just walk through. You could apply that to airports. You could do put that in a hotel. You could walk up and check in. >> Analyst: Retail. >> Yeah, retail. And so I think video, realtime video analytics, I think it's a perfect use case for that. >> But you don't need 5G to do that. You could do that through another mechanism, couldn't you? >> You could do wire depending on how mobile you want to do it. Like in a stadium, you're pulling those things in and out all the time. You're moving 'em around and things, so. >> Yeah, but you're coming in at a static point. >> I'll take the contrary view here. >> See, we can't even agree on that. (men laugh) >> Yeah, I love it. Let's go. >> I believe the reliability of connection is very important, right? And the moving parts. What are the moving parts in wifi? We have the NIC card, you know, the wifi card in these suckers, right? In a machine, you know? They're bigger in size, and the radios for 5G are smaller in size. So neutralization is important part of the whole sort of progress to future, right? >> I think 5G costs as well. Yes, cost as well. But cost, we know that it goes down with time, right? We're already talking about 60, and the 5G stuff will be good. >> Actually, sorry, so one of the big boom areas at the moment is 4G LTE because the component price has come down so much, so it is affordable, you can afford to bring it all together. People don't, because we're still on 5G, if 5G standalone everywhere, you're not going to get a consistent service. So those components are unbelievably important. The skillsets of the people doing integration to bring them all together, unbelievably important. And the business case within the business. So I was talking to one of the heads of one of the big retail outlets in the UK, and I said, when are you going to do 5G in the stores? He said, well, why would I tear out all the wifi? I've got perfectly functioning wifi. >> Yeah, that's true. It's already there. But I think the technology which disappears in front of you, that's the best technology. Like you don't worry about it. You don't think it's there. Wifi, we think we think about that like it's there. >> And I do think wifi 5G switching's got to get easier too. Like for most users, you don't know which is better. You don't even know how to test it. And to your point, it does need to be invisible where the user doesn't need to think about it, right? >> Invisible. See, we came back to invisible. We talked about that yesterday. Telecom should be invisible. >> And it should be, you know? You don't want to be thinking about telecom, but at the same time, telecoms want to be more visible. They want to be visible like Netflix, don't they? I still don't see the path. It's fuzzy to me the path of how they're not going to repeat what happened with the over the top providers if they're invisible. >> Well, if you think about what telcos delivers to consumers, to businesses, then extending that connectivity into your home to help you support secure and extend your connection into Zeus's basement, whatever it is. Obviously that's- >> His awesome setup down there. >> And then in the business environment, there's a big change going on from the old NPLS networks, the old rigid structures of networks to SD1 where the control point is moved outside, which can be under control of the telco, could be under the control of a third party integrator. So there's a lot changing. I think we obsess about the relative role of the telco. The demand is phenomenal for connectivity. So address that, fulfill that. And if they do that, then they'll start to build trust in other areas. >> But don't you think they're going to address that and fulfill that? I mean, they're good at it. That's their wheelhouse. >> And it's a 1.6 trillion market, right? So it's not to be sniffed at. That's fixed on mobile together, obviously. But no, it's a big market. And do we keep changing? As long as the service is good, we don't move away from it. >> So back to the APIs, the eight APIs, right? >> I mean- >> Eight APIs is a joke actually almost. I think they released it too early. The release release on the main stage, you know? Like, what? What is this, right? But of course they will grow into hundreds and thousands of APIs. But they have to spend a lot of time and effort in that sort of context. >> I'd actually like to see the GSMA work with like AWS and Microsoft and VMware and software companies and create some standardization across their APIs. >> Yeah. >> I spoke to them yes- >> We're trying to reinvent them. >> Is that not what they're doing? >> No, they said we are not in the business of a defining standards. And they used a different term, not standard. I mean, seriously. I was like, are you kidding me? >> Let's face it, there aren't just eight APIs out there. There's so many of them. The TM forum's been defining when it's open data architecture. You know, the telcos themselves are defining them. The standards we talked about too earlier with Danielle. There's a lot of APIs out there, but the consistency of APIs, so we can bring them together, to bring all the different services together that will support us in our different lives is really important. I think telcos will do it, it's in their interest to do it. >> All right, guys, we got to wrap. Let's go around the horn here, starting with Chris, Zeus, and then Sarbjeet, just bring us home. Number one hot take from Mobile World Congress MWC23 day two. >> My favorite hot take is the willingness of all the participants who have been traditional telco players who looked inwardly at the industry looking outside for help for partnerships, and to build an ecosystem, a more open ecosystem, which will address our requirements. >> Zeus? >> Yeah, I was going to talk about ecosystem. I think for the first time ever, when I've met with the telcos here, I think they're actually, I don't think they know how to get there yet, but they're at least aware of the fact that they need to understand how to build a big ecosystem around them. So if you think back like 50 years ago, IBM and compute was the center of everything in your company, and then the ecosystem surrounded it. I think today with digital transformation being network centric, the telcos actually have the opportunity to be that center of excellence, and then build an ecosystem around them. I think the SIs are actually in a really interesting place to help them do that 'cause they understand everything top to bottom that I, you know, pre pandemic, I'm not sure the telcos were really understand. I think they understand it today, I'm just not sure they know how to get there. . >> Sarbjeet? >> I've seen the lot of RN demos and testing companies and I'm amazed by it. Everything is turning into software, almost everything. The parts which are not turned into software. I mean every, they will soon. But everybody says that we need the hardware to run something, right? But that hardware, in my view, is getting miniaturized, and it's becoming smaller and smaller. The antennas are becoming smaller. The equipment is getting smaller. That means the cost on the physicality of the assets is going down. But the cost on the software side will go up for telcos in future. And telco is a messy business. Not everybody can do it. So only few will survive, I believe. So that's what- >> Software defined telco. So I'm on a mission. I'm looking for the monetization path. And what I haven't seen yet is, you know, you want to follow the money, follow the data, I say. So next two days, I'm going to be looking for that data play, that potential, the way in which this industry is going to break down the data silos I think there's potential goldmine there, but I haven't figured out yet. >> That's a subject for another day. >> Guys, thanks so much for coming on. You guys are extraordinary partners of theCUBE friends, and great analysts and congratulations and thank you for all you do. Really appreciate it. >> Analyst: Thank you. >> Thanks a lot. >> All right, this is a wrap on day two MWC 23. Go to siliconangle.com for all the news. Where Rob Hope and team are just covering all the news. John Furrier is in the Palo Alto studio. We're rocking all that news, taking all that news and putting it on video. Go to theCUBE.net, you'll see everything on demand. Thanks for watching. This is a wrap on day two. We'll see you tomorrow. (soft music)

>> Narrator: theCUBE's live coverage is made possible by funding from Dell Technologies, creating technologies that drive human progress. (bright upbeat music plays) >> Welcome back to Barcelona, everybody. You're watching theCUBE's coverage of MWC '23, my name is Dave Vellante. Just left a meeting with the CEO of Cisco, Chuck Robbins, to meet with Jeetu Patel, who's our Executive Vice President and General Manager of security and collaboration at Cisco. Good to see you. >> You never leave a meeting with Chuck Robbins to meet with Jeetu Patel. >> Well, I did. >> That's a bad idea. >> Walked right out. I said, hey, I got an interview to do, right? So, and I'm excited about this. Thanks so much for coming on. >> Thank you for having me. It's a pleasure. >> So, I mean you run such an important part of the business. I mean, obviously the collaboration business but also security. So many changes going on in the security market. Maybe we could start there. I mean, there hasn't been a ton of security talk here Jeetu, because I think it's almost assumed. It was 45 minutes into the keynote yesterday before anybody even mentioned security. >> Huh. >> Right? And so, but it's the most important topic in the enterprise IT world. And obviously is important here. So why is it you think that it's not the first topic that people mention. >> You know, it's a complicated subject area and it's intimidating. And actually that's one of the things that the industry screwed up on. Where we need to simplify security so it actually gets to be relatable for every person on the planet. But, if you think about what's happening in security, it's not just important for business it's critical infrastructure that if you had a breach, you know lives are cost now. Because hospitals could go down, your water supply could go down, your electricity could go down. And so it's one of these things that we have to take pretty seriously. And, it's 51% of all breaches happen because of negligence, not because of malicious intent. >> It's that low. Interesting. I always- >> Someone else told me the same thing, that they though it'd be higher, yeah. >> I always say bad user behavior is going to trump good security every time. >> Every single time. >> You can't beat it. But, you know, it's funny- >> Jeetu: Every single time. >> Back, the earlier part of last decade, you could see that security was becoming a board level issue. It became, it was on the agenda every quarter. And, I remember doing some research at the time, and I asked, I was interviewing Robert Gates, former Defense Secretary, and I asked him, yeah, but we're getting attacked but don't we have the best offense? Can't we have the best technology? He said, yeah but we have so much critical infrastructure the risks to United States are higher. So we have to be careful about how we use security as an offensive weapon, you know? And now you're seeing the future of war involves security and what's going on in Ukraine. It's a whole different ballgame. >> It is, and the scales always tip towards the adversary, not towards the defender, because you have to be right every single time. They have to be right once. >> Yeah. And, to the other point, about bad user behavior. It's going now beyond the board level, to it's everybody's responsibility. >> That's right. >> And everybody's sort of aware of it, everybody's been hacked. And, that's where it being such a complicated topic is problematic. >> It is, and it's actually, what got us this far will not get us to where we need to get to if we don't simplify security radically. You know? The experience has to be almost invisible. And what used to be the case was sophistication had to get to a certain level, for efficacy to go up. But now, that sophistication has turned to complexity. And there's an inverse relationship between complexity and efficacy. So the simpler you make security, the more effective it gets. And so I'll give you an example. We have this great kind of innovation we've done around passwordless, right? Everyone hates passwords. You shouldn't have passwords in 2023. But, when you get to passwordless security, not only do you reduce a whole lot of friction for the user, you actually make the system safer. And that's what you need to do, is you have to make it simpler while making it more effective. And, I think that's what the future is going to hold. >> Yeah, and CISOs tell me that they're, you know zero trust before the pandemic was like, yeah, yeah zero trust. And now it's like a mandate. >> Yeah. >> Every CISO you talk to says, yes we're implementing a zero trust architecture. And a big part of that is that, if they can confirm zero trust, they can get to market a lot faster with revenue generating or critical projects. And many projects as we know are being pushed back, >> Yeah. >> you know? 'Cause of the macro. But, projects that drive revenue and value they want to accelerate, and a zero trust confirmation allows people to rubber stamp it and go faster. >> And the whole concept of zero trust is least privileged access, right? But what we want to make sure that we get to is continuous assessment of least privileged access, not just a one time at login. >> Dave: 'Cause things change so frequently. >> So, for example, if you happen to be someone that's logged into the system and now you start doing some anomalous behavior that doesn't sound like Dave, we want to be able to intercept, not just do it at the time that you're authenticating Dave to come in. >> So you guys got a good business. I mentioned the macro before. >> Yeah. >> The big theme is consolidating redundant vendors. So a company with a portfolio like Cisco's obviously has an advantage there. You know, you guys had great earnings. Palo Alto is another company that can consolidate. Tom Gillis, great pickup. Guy's amazing, you know? >> Love Tom. >> Great respect. Just had a little webinar session with him, where he was geeking out with the analyst and so- >> Yeah, yeah. >> Learned a lot there. Now you guys have some news, at the event event with Mercedes? >> We do. >> Take us through that, and I want to get your take on hybrid work and what's happening there. But what's going on with Mercedes? >> Yeah so look, it all actually stems from the hybrid work story, which is the future is going to be hybrid, people are going to work in mixed mode. Sometimes you'll be in the office, sometimes at home, sometimes somewhere in the middle. One of the places that people are working more and more from is their cars. And connected cars are getting to be a reality. And in fact, cars sometimes become an extension of your home office. And many a times I have found myself in a parking lot, because I didn't have enough time to get home and I was in a parking lot taking a conference call. And so we've made that section easier, because we have now partnered with Mercedes. And they aren't the first partner, but they're a very important partner where we are going to have Webex available, through the connected car, natively in Mercedes. >> Ah, okay. So I could take a call, I can do it all the time. I find good service, pull over, got to take the meeting. >> Yeah. >> I don't want to be driving. I got to concentrate. >> That's right. >> You know, or sometimes, I'll have the picture on and it's not good. >> That's right. >> Okay, so it'll be through the console, and all through the internet? >> It'll be through the console. And many people ask me like, how's safety going to work over that? Because you don't want to do video calls while you're driving. Exactly right. So when you're driving, the video automatically turns off. And you'll have audio going on, just like a conference call. But the moment you stop and put it in park, you can have video turned on. >> Now, of course the whole hybrid work trend, we, seems like a long time ago but it doesn't, you know? And it's really changed the security dynamic as well, didn't it? >> It has, it has. >> I mean, immediately you had to go protect new endpoints. And those changes, I felt at the time, were permanent. And I think it's still the case, but there's an equilibrium now happening. People as they come back to the office, you see a number of companies are mandating back to work. Maybe the central offices, or the headquarters, were underfunded. So what's going on out there in terms of that balance? >> Well firstly, there's no unanimous consensus on the way that the future is going to be, except that it's going to be hybrid. And the reason I say that is some companies mandate two days a week, some companies mandate five days a week, some companies don't mandate at all. Some companies are completely remote. But whatever way you go, you want to make sure that regardless of where you're working from, people can have an inclusive experience. You know? And, when they have that experience, you want to be able to work from a managed device or an unmanaged device, from a corporate network or from a Starbucks, from on the road or stationary. And whenever you do any of those things, we want to make sure that security is always handled, and you don't have to worry about that. And so the way that we say it is the company that created the VPN, which is Cisco, is the one that's going to kill it. Because what we'll do is we'll make it simple enough so that you don't, you as a user, never have to worry about what connection you're going to use to dial in to what app. You will have one, seamless way to dial into any application, public application, private application, or directly to the internet. >> Yeah, I got a love, hate with my VPN. I mean, it's protecting me, but it's in the way a lot. >> It's going to be simple as ever. >> Do you have kids? >> I do, I have a 12 year old daughter. >> Okay, so not quite high school age yet. She will be shortly. >> No, but she's already, I'm not looking forward to high school days, because she has a very, very strong sense of debate and she wins 90% of the arguments. >> So when my kids were that age, I've got four kids, but the local high school banned Wikipedia, they can't use Wikipedia for research. Many colleges, I presume high schools as well, they're banning Chat GPT, can't use it. Now at the same time, I saw recently on Medium a Wharton school professor said he's mandating Chat GPT to teach his students how to prompt in progressively more sophisticated prompts, because the future is interacting with machines. You know, they say in five years we're all going to be interacting in some way, shape, or form with AI. Maybe we already are. What's the intersection between AI and security? >> So a couple very, very consequential things. So firstly on Chat GPT, the next generation skill is going to be to learn how to go out and have the right questions to ask, which is the prompt revolution that we see going on right now. But if you think about what's happening in security, and there's a few areas which are, firstly 3,500 hundred vendors in this space. On average, most companies have 50 to 70 vendors in security. Not a single vendor owns more than 10% of the market. You take out a couple vendors, no one owns more than 5%. Highly fractured market. That's a problem. Because it's untenable for companies to go out and manage 70 policy engines. And going out and making sure that there's no contention. So as you move forward, one of the things that Chat GPT will be really good for is it's fundamentally going to change user experiences, for how software gets built. Because rather than it being point and click, it's going to be I'm going to provide an instruction and it's going to tell me what to do in natural language. Imagine Dave, when you joined a company if someone said, hey give Dave all the permissions that he needs as a direct report to Chuck. And instantly you would get all of the permissions. And it would actually show up in a screen that says, do you approve? And if you hit approve, you're done. The interfaces of the future will get more natural language kind of dominated. The other area that you'll see is the sophistication of attacks and the surface area of attacks is increasing quite exponentially. And we no longer can handle this with human scale. You have to handle it in machine scale. So detecting breaches, making sure that you can effectively and quickly respond in real time to the breaches, and remediate those breaches, is all going to happen through AI and machine learning. >> So, I agree. I mean, just like Amazon turned the data center into an API, I think we're now going to be interfacing with technology through human language. >> That's right. >> I mean I think it's a really interesting point you're making. Now, from a security standpoint as well, I mean, the state of the art today in my email is be careful, this person's outside your organization. I'm like, yeah I know. So it's a good warning sign, but it's really not automated in any way. So two part question. One is, can AI help? You know, with the phishing, obviously it can, but the bad guys have AI too. >> Yeah. >> And they're probably going to be smarter than I am about using it. >> Yeah, and by the way, Talos is our kind of threat detection and response >> Yes. >> kind of engine. And, they had a great kind of piece that came out recently where they talked about this, where Chat GPT, there is going to be more sophistication of the folks that are the bad actors, the adversaries in using Chat GPT to have more sophisticated phishing attacks. But today it's not something that is fundamentally something that we can't handle just yet. But you still need to do the basic hygiene. That's more important. Over time, what you will see is attacks will get more bespoke. And in order, they'll get more sophisticated. And, you will need to have better mechanisms to know that this was actually not a human being writing that to you, but it was actually a machine pretending to be a human being writing something to you. And that you'll have to be more clever about it. >> Oh interesting. >> And so, you will see attacks get more bespoke and we'll have to get smarter and smarter about it. >> The other thing I wanted to ask you before we close is you're right on. I mean you take the top security vendors and they got a single digit market share. And it's like it's untenable for organizations, just far too many tools. We have a partner at ETR, they do quarterly survey research and one of the things they do is survey emerging technology companies. And when we look at in the security sector just the number of emerging technology companies that are focused on cybersecurity is as many as there are out there already. And so, there's got to be consolidation. Maybe that's through M & A. I mean, what do you think happens? Are company's going to go out of business? There's going to be a lot of M & A? You've seen a lot of companies go private. You know, the big PE companies are sucking up all these security companies and may be ready to spit 'em out and go back public. How do you see the landscape? You guys are obviously an inquisitive company. What are your thoughts on that? >> I think there will be a little bit of everything. But the biggest change that you'll see is a shift that's going to happen with an integrated platform, rather than point solution vendors. So what's going to happen is the market's going to consolidate towards very few, less than a half a dozen, integrated platforms. We believe Cisco is going to be one. Microsoft will be one. There'll be others over there. But these, this platform will essentially be able to provide a unified kind of policy engine across a multitude of different services to protect multiple different entities within the organization. And, what we found is that platform will also be something that'll provide, through APIs, the ability for third parties to be able to get their technology incorporated in, and their telemetry ingested. So we certainly intend to do that. We don't believe, we are not arrogant enough to think that every single new innovation will be built by us. When there's someone else who has built that, we want to make sure that we can ingest that telemetry as well, because the real enemy is not the competitor. The real enemy is the adversary. And we all have to get together, so that we can keep humanity safe. >> Do you think there's been enough collaboration in the industry? I mean- >> Jeetu: Not nearly enough. >> We've seen companies, security companies try to monetize private data before, instead of maybe sharing it with competitors. And so I think the industry can do better there. >> Well I think the industry can do better. And we have this concept called the security poverty line. And the security poverty line is the companies that fall below the security poverty line don't have either the influence or the resources or the know how to keep themselves safe. And when they go unsafe, everyone else that communicates with them also gets that exposure. So it is in our collective interest for all of us to make sure that we come together. And, even if Palo Alto might be a competitor of ours, we want to make sure that we invite them to say, let's make sure that we can actually exchange telemetry between our companies. And we'll continue to do that with as many companies that are out there, because actually that's better for the market, that's better for the world. >> The enemy of the enemy is my friend, kind of thing. >> That's right. >> Now, as it relates to, because you're right. I mean I, I see companies coming up, oh, we do IOT security. I'm like, okay, but what about cloud security? Do you that too? Oh no, that's somebody else. But, so that's another stove pipe. >> That's a huge, huge advantage of coming with someone like Cisco. Because we actually have the entire spectrum, and the broadest portfolio in the industry of anyone else. From the user, to the device, to the network, to the applications, we provide the entire end-to-end story for security, which then has the least amount of cracks that you can actually go out and penetrate through. The biggest challenges that happen in security is you've got way too many policy engines with way too much contention between the policies from these different systems. And eventually there's a collision course. Whereas with us, you've actually got a broad portfolio that operates as one platform. >> We were talking about the cloud guys earlier. You mentioned Microsoft. They're obviously a big competitor in the security space. >> Jeetu: But also a great partner. >> So that's right. To my opinion, the cloud has been awesome as a first line of defense if you will. But the shared responsibility model it's different for each cloud, right? So, do you feel that those guys are working together or will work together to actually improve? 'Cause I don't see that yet. >> Yeah so if you think about, this is where we feel like we have a structural advantage in this, because what does a company like Cisco become in the future? I think as the world goes multicloud and hybrid cloud, what'll end up happening is there needs to be a way, today all the CSPs provide everything from storage to computer network, to security, in their own stack. If we can abstract networking and security above them, so that we can acquire and steer any and all traffic with our service providers and steer it to any of those CSPs, and make sure that the security policy transcends those clouds, you would actually be able to have the public cloud economics without the public cloud lock-in. >> That's what we call super cloud Jeetu. It's securing the super cloud. >> Yeah. >> Hey, thanks so much for coming to theCUBE. >> Thank you for having me. >> Really appreciate you coming on our editorial program. >> Such a pleasure. >> All right, great to see you again. >> Cheers. >> All right, keep it right there. Dave Vellante with David Nicholson and Lisa Martin. We'll be back, right after this short break from MWC '23 live, in the Fira, in Barcelona. (bright music resumes) (music fades out)

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back everyone. We're so glad that you're still with us. It's the Cube Live at the MGM Grand. This is our second day of coverage of Palo Alto Networks Ignite. This is takeaways from Ignite 22. Lisa Martin here with two really smart guys, Dave Valante. Dave, we're joined by one of our cube alumni, a friend, a friend of the, we say friend of the Cube. >>Yeah, otc. A friend of the Cube >>Karala joined us. Guys, it's great to have you here. It's been an exciting show. A lot of cybersecurity is one of my favorite topics to talk about. But I'd love to get some of the big takeaways from both of you. Dave, we'll start with you. >>A breathing room from two weeks ago. Yeah, that was, that was really pleasant. You know, I mean, I know was, yes, you sat in the analyst program, interested in what your takeaways were from there. But, you know, coming into this, we wrote a piece, Palo Alto's Gold Standard, what they need to do to, to keep that, that status. And we hear it a lot about consolidation. That's their big theme now, which is timely, right? Cause people wanna save money, they wanna do more with less. But I'm really interested in hearing zeus's thoughts on how that's playing in the market. How customers, how easy is it to just say, oh, hey, I'm gonna consolidate. I wanna get into that a little bit with you, how well the strategy's working. We're gonna get into some of the m and a activity and really bring your perspectives to the table. Well, >>It's, it's not easy. I mean, people have been calling for the consolidation of security for decades, and it's, it's, they're the first company that's actually made it happen. Right? And, and I think this is what we're seeing here is the culmination of this long term strategy, this company trying to build more of a platform. And they, you know, they, they came out as a firewall vendor. And I think it's safe to say they're more than firewall today. That's only about two thirds of their revenue now. So down from 80% a few years ago. And when I think of what Palo Alto has become, they're really a data company. Now, if you look at, you know, unit 42 in Cortex, the, the, the Cortex Data Lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have, right? And bringing that together into one big data lake. >>And then they're able to use that to, to do faster threat notification, forensics, things like that. And so I think the old model of security of create signatures for known threats, it's safe to say it never really worked and it wasn't ever gonna work. You had too many day zero exploits and things. The only way to fight security today is with a AI and ML based analytics. And they have, they're the gold standard. I think the one thing about your post that I would add the gold standard from a data standpoint, and that's given them this competitive advantage to go out and become a platform for a security. Which, like I said, the people have tried to do that for years. And the first one that's actually done it, well, >>We've heard this from some of the startups, like Lacework will say, oh, we treat security as a data problem. Of course there's a startup, Palo Alto's got, you know, whatever, 10, 15 years of, of, of history. But one of the things I wanted to explore with you coming into this was the notion of can you be best of breed and develop a suite? And we, we've been hearing a consistent answer to that question, which is, and, and do you need to, and the answer is, well, best of breed in security requires that full spectrum, that full view. So here's my question to you. So, okay, let's take Esty win relatively new for these guys, right? Yeah. Okay. And >>And one of the few products are not top two, top three in, right? Exactly. >>Yeah. So that's why I want to take that. Yeah. Because in bakeoffs, they're gonna lose on a head-to-head best of breed. And so the customer's gonna say, Hey, you know, I love your, your consolidation play, your esty win's. Just, okay, how about a little discount on that? And you know, these guys are premium priced. Yes. So, you know, are they in essentially through their pricing strategies, sort of creating that stuff, fighting that, is that friction for them where they've got, you know, the customer says, all right, well forget it, we're gonna go stove pipe with the SD WAN will consolidate some of the stuff. Are you seeing that? >>Yeah, I, I, I still think the sales model is that way. And I think that's something they need to work on changing. If they get into a situation where they have to get down into a feature battle of my SD WAN versus your SD wan, my firewall versus your firewall, frankly they've already lost, you know, because their value prop is the suite and, and is the platform. And I was talking to the CISO here that told me, he realizes now that you don't need best of breed everywhere to have best in class threat protection. In fact, best of breed everywhere leads to suboptimal threat protection. Cuz you have all these data data sets that are in silos, right? And so from a data scientist standpoint, right, there's the good data leads to good insights. Well, partial data leads to fragmented insights and that's, that's what the best, best of breed approach gives you. And so I was talking with Palo about this, can they have this vision of being best of breed and platform? I don't really think you can maintain best of breed everywhere across this portfolio this big, but you don't need to. >>That was my second point of my >>Question. That's the point. >>Yeah. And so, cuz cuz because you know, we've talked about this, that that sweets always win in the long run, >>Sweets >>Win. Yeah. But here's the thing, I, I wonder to your your point about, you know, the customer, you know, understanding that that that, that this resonates with them. I, my guess is a lot of customers, you know, at that mid-level and the fat middle are like still sort of wed, you know, hugging that, that tool. So there's, there's work to be done here, but I think they, they, they got it right Because if they devolve, to your point, if they devolve down to that speeds and feeds, eh, what's the point of that? Where's their valuable? >>You do not wanna get into a knife fight. And I, and I, and I think for them the, a big challenge now is convincing customers that the suite, the suite approach does work. And they have to be able to do that in actual customer examples. And so, you know, I I interviewed a bunch of customers here and the ones that have bought into XDR and xor and even are looking at their sim have told me that the, the, so think of soc operations, the old way heavily manually oriented, right? You have multiple panes of glass and you know, and then you've got, so there's a lot of people work before you bring the tools in, right? If done correctly with AI and ml, the machines would do all the heavy lifting and then you'd bring people in at the end to clean up the little bits that were missed, right? >>And so you, you moved to, from something that was very people heavy to something that's machine heavy and machines can work a lot faster than people. And the, and so the ones that I've talked that have, that have done that have said, look, our engineers have moved on to a lot different things. They're doing penetration testing, they're, you know, helping us with, with strategy and they're not fighting that, that daily fight of looking through log files. And the only proof point you need, Dave, is look at every big breach that we've had over the last five years. There's some SIM vendor up there that says, we caught it. Yeah. >>Yeah. We we had the data. >>Yeah. But, but, but the security team missed it. Well they missed it because you're, nobody can look at that much data manually. And so the, I I think their approach of relying heavily on machines to fight the fight is actually the right way. >>Is that a differentiator for them versus, we were talking before we went live that you and I first hit our very first segment back in 2017 at Fort Net. Is that, where do the two stand in your >>Yeah, it's funny cuz if you talk to the two vendors, they don't really see each other in a lot of accounts because Fort Net's more small market mid-market. It's the same strategy to some degree where Fort Net relies heavily on in-house development and Palo Alto relies heavily on acquisition. Yeah. And so I think from a consistently feature set, you know, Fort Net has an advantage there because it, it's all run off their, their their silicon. Where, where Palo's able to innovate very quickly. The, it it requires a lot of work right? To, to bring the front end and back ends together. But they're serving different markets. So >>Do you see that as a differentiator? The integration strategy that Palo Alto has as a differentiator? We talk to so many companies who have an a strong m and a strategy and, and execution arm. But the challenge is always integrating the technology so that the customer to, you know, ultimately it's the customer. >>I actually think they're, they're underrated as a, an acquirer. In fact, Dave wrote a post to a prior on Silicon Angle prior to Accelerate and he, he on, you put it on Twitter and you asked people to rank 'em as an acquirer and they were in the middle of the pack, >>Right? It was, it was. So it was Oracle, VMware, emc, ibm, Cisco, ServiceNow, and Palo Alto. Yeah. Or Oracle got very high marks. It was like 8.5 out of, you know, 10. Yeah. VMware I think was 6.5. Nice. Era was high emc, big range. IBM five to seven. Cisco was three to eight. Yeah. Yeah, right. ServiceNow was a seven. And then, yeah, Palo Alto was like a five. And I, which I think it was unfair. >>Well, and I think it depends on how you look at it. And I, so I think a lot of the acquisitions Palo Altos made, they've done a good job of integrating their backend data and they've almost ignored the front end. And so when you buy some of the products, it's a little clunky today. You know, if you work with Prisma Cloud, it could be a little bit cleaner. And even with, you know, the SD wan that took 'em a long time to bring CloudGenix in and stuff. But I think the approach is right. I don't, I don't necessarily believe you should integrate the front end until you've integrated the back end. >>That's >>The hard part, right? Because UL ultimately what you're gonna get, you're gonna get two panes of glass and one pane of glass and it might look pretty all mush together, but ultimately you're not solving the bigger problem, right. Of, of being able to create that big data like the, the fight security. And so I think, you know, the approach they've taken is the right one. I think from a user standpoint, maybe it doesn't show up as neatly because you don't see the frontend integration, but the way they're doing it is the right way to do it. And I'm glad they're doing it that way versus caving to the pressures of what, you know, the industry might want >>Showed up in the performance of the company. I mean, this company was basically gonna double revenues to 7 billion from 2020 to >>2023. Three. Think about that at that, that >>Make a, that's unbelievable, right? I mean, and then and they wanna double again. Yeah. You know, so, well >>What did, what did Nikesh was quoted as saying they wanna be the first cyber company that's a hundred billion dollars. He didn't give a timeline market cap. >>Right. >>Market cap, right. Do what I wanna get both of your opinions on what you saw and heard and felt this week. What do you think the likelihood is? And and do you have any projections on how, you know, how many years it's gonna take for them to get there? >>Well, >>Well I think so if they're gonna get that big, right? And, and we were talking about this pre-show, any company that's becoming a big company does it through ecosystem >>Bingo. >>Right? And that when you look around the show floor, it's not that impressive. And if that, if there's an area they need to focus on, it's building that ecosystem. And it's not with other security vendors, it's with application vendors and it's with the cloud companies and stuff. And they've got some relationships there, but they need to do more. I actually challenge 'em on that. One of the analyst sessions. They said, look, we've got 800 cortex partners. Well where are they? Right? Why isn't there a cortex stand here with a bunch of the small companies here? So I do think that that is an area they need to focus on. If they are gonna get to that, that market caps number, they will do so do so through ecosystem. Because every company that's achieved that has done it through ecosystem. >>A hundred percent agree. And you know, if you look at CrowdStrike's ecosystem, it's pretty similar. Yeah. You know, it doesn't really, you know, make much, much, not much different from this, but I went back and just looked at some, you know, peak valuations during the pandemic and shortly thereafter CrowdStrike was 70 billion. You know, that's what their roughly their peak Palo Alto was 56, fortune was 59 for the actually diverged. Right. And now Palo Alto has taken the, the top mantle, you know, today it's market cap's 52. So it's held 93% of its peak value. Everybody else is tanking. Even Okta was 45 billion. It's been crushed as you well know. But, so Palo Alto wasn't always, you know, the number one in terms of market cap. But I guess my point is, look, if CrowdStrike could got to 70 billion during Yeah. During the frenzy, I think it's gonna take, to answer your question, I think it's gonna be five years. Okay. Before they get back there. I think this market's gonna be tough for a while from a valuation standpoint. I think generally tech is gonna kind of go up and down and sideways for a good year and a half, maybe even two years could be even longer. And then I think there's gonna be some next wave of productivity innovation that that hits. And then you're gonna, you're almost always gonna exceed the previous highs. It's gonna take a while. Yeah, >>Yeah, yeah. But I think their ability to disrupt the SIM market actually is something I, I believe they're gonna do. I've been calling for the death of the sim for a long time and I know some people at Palo Alto are very cautious about saying that cuz the Splunks and the, you know, they're, they're their partners. But I, I think the, you know, it's what I said before, the, the tools are catching them, but they're, it's not in a way that's useful for the IT pro and, but I, I don't think the SIM vendors have that ecosystem of insight across network cloud endpoint. Right. Which is what you need in order to make a sim useful. >>CISO at an ETR roundtable said, if, if it weren't for my regulators, I would chuck my sim. >>Yes. >>But that's the only reason that, that this person was keeping it. So, >>Yeah. And I think the, the fact that most of those companies have moved to a perpetual MO or a a recurring revenue model actually helps unseat them. Typically when you pour a bunch of money into something, you remember the old computer associate days, nobody ever took it out cuz the sunk dollars you spent to do it. But now that you're paying an annual recurring fee, it's actually makes it easier to take out. So >>Yeah, it's it's an ebb and flow, right? Yeah. Because the maintenance costs were, you know, relatively low. Maybe it was 20% of the total. And then, you know, once every five years you had to do a refresh and you were still locked into the sort of maintenance and, and so yeah, I think you're right. The switching costs with sas, you know, in theory anyway, should be less >>Yeah. As long as you can migrate the data over. And I think they've got a pretty good handle on that. So, >>Yeah. So guys, I wanna get your perspective as a whole bunch of announcements here. We've only been here for a couple days, not a big conference as, as you can see from behind us. What Zs in your opinion was Palo Alto's main message and and what do you think about it main message at this event? And then same question for you. >>Yeah, I, I think their message largely wrapped around disruption, right? And, and they, in The's keynote already talked about that, right? And where they disrupted the firewall market by creating a NextGen firewall. In fact, if you look at all the new services they added to their firewall, you, you could almost say it's a NextGen NextGen firewall. But, but I do think the, the work they've done in the area of cloud and cortex actually I think is, is pretty impressive. And I think that's the, the SOC is ripe for disruption because it's for, for the most part, most socks still, you know, run off legacy playbooks. They run off legacy, you know, forensic models and things and they don't work. It's why we have so many breaches today. The, the dirty little secret that nobody ever wants to talk about is the bad guys are using machine learning, right? And so if you're using a signature based model, all they're do is tweak their model a little bit and it becomes, it bypasses them. So I, I think the only way to fight the the bad guys today is with you gotta fight fire with fire. And I think that's, that's the path they've, they've headed >>Down and the bad guys are hiding in plain sight, you know? >>Yeah, yeah. Well it's, it's not hard to do now with a lot of those legacy tools. So >>I think, I think for me, you know, the stat that we threw out earlier, I think yesterday at our keynote analysis was, you know, the ETR data shows that are, that are that last survey around 35% of the respondents said we are actively consolidating, sorry, 44%, sorry, 35 says we're actively consolidating vendors, redundant vendors today. That number's up to 44%. Yeah. It's by far the number one cost optimization technique. That's what these guys are pitching. And I think it's gonna resonate with people and, and I think to your point, they're integrating at the backend, their beeps are technical, right? I mean, they can deal with that complexity. Yeah. And so they don't need eye candy. Eventually they, they, they want to have that cuz it'll allow 'em to have deeper market penetration and make people more productive. But you know, that consolidation message came through loud and clear. >>Yeah. The big change in this industry too is all the new startups are all cloud native, right? They're all built on Amazon or Google or whatever. Yeah. And when your cloud native and you buy a cloud native integration is fast. It's not like having to integrate this big monolithic software stack anymore. Right. So I I think their pace of integration will only accelerate from here because everything's now cloud native. >>If a customer comes to you or when a customer comes to you and says, Zs help us with this cyber transformation we have, our board isn't necessarily with our executives in terms of execution of a security strategy. How do you advise them where Palo Alto is concerned? >>Yeah. You know, a lot, a lot of this is just fighting legacy mindset. And I've, I was talking with some CISOs here from state and local governments and things and they're, you know, they can't get more budget. They're fighting the tide. But what they did find is through the use of automation technology, they're able to bring their people costs way down. Right. And then be able to use that budget to invest in a lot of new projects. And so with that, you, you have to start with your biggest pain points, apply automation where you can, and then be able to use that budget to reinvest back in your security strategy. And it's good for the IT pros too, the security pros, my advice to, to it pros is if you're doing things today that aren't resume building, stop doing them. Right? Find a way to automate the money your job. And so if you're patching systems and you're looking through log files, there's no reason machines can't do that. And you go do something a lot more interesting. >>So true. It's like storage guys 10 years ago, provisioning loans. Yes. It's like, stop doing that. Yeah. You're gonna be outta a job. And so who, last question I have is, is who do you see as the big competitors, the horses on the track question, right? So obviously Cisco kind of service has led for a while and you know, big portfolio company, CrowdStrike coming at it from end point. You know who, who, who do you see as the real players going for that? You know, right now the market's three to 4%. The leader has three, three 4% of the market. You know who they're all going for? 10, 15, maybe 20% of the market. Who, who are the likely candidates? Yeah, >>I don't know if CrowdStrike really has the breadth of portfolio to compete long term though. I I think they've had a nice run, but I, we might start to see the follow 'em. I think Microsoft is gonna be for middle. They've laid down the gauntlet, right? They are a security vendor, right? We, we were at Reinvent and a AWS is the platform for security vendors. Yes. Middle, somewhere in the middle. But Microsoft make no mistake, they're in security. They've got some good products. I think a lot of 'em are kind of good enough and they, they tie it to the licensing and I'm not sure that works in security, but they've certainly got the ear of a lot of it pros. >>It might work in smb. >>Yeah. Yeah. It, it might. And, and I do like Zscaler. I, I know these guys poo poo the proxy model, but they've, they've done about as much with proxies as you can. And I, I think it's, it's a battle of, I love the, the, the near, you know, proxies are dead and Jay's model, you know, Jay over at c skater throw 'em back at 'em. So I, it's good to see that kind of fight going on between the two. >>Oh, it's great. Well, and, and again, ZScaler's coming at it from their cloud security angle. CrowdStrike's coming at it from endpoint. I, I do think CrowdStrike has an opportunity to build out the portfolio through m and a and maybe ecosystem. And then obviously, you know, Palo Alto's getting it done. How about Cisco? >>Yeah. Cisco's interesting. And I, I think if Cisco can make the network matter in security and it should, right? We're talking about how a lot of you need a lot of forensics to fight security today. Well, they're gonna see things long before anybody else because they have all that network data. If they can tie network security, I, I mean they could really have that business take off. But we've been saying that about Cisco for 20 years. >>But big install based though. Yeah. It's hard for a company, any company to just say, okay, hey Cisco customer sweep the floor and come with us. That's, that's >>A tough thing. They have a lot of good peace parts, right? And like duo's a good product and umbrella's a good product. They've, they've not done a good job. >>They're the opposite of these guys. >>They've not done a good job of the backend integration that, that's where Cisco needs to, to focus. And I do think g G two Patel there fixed the WebEx group and I think he's now, in fact when you talk to him, he's doing very little on WebEx that that group's running itself and he's more focused in security. So I, I think we could see a resurgence there. But you know, they have a, from a revenue perspective, it's a little misleading cuz they have this big legacy base that's in decline while they're moving to cloud and stuff. So, but they, but they, there's a lot of work there're trying to, to tie to network. >>Right. Lots of fuel for conversation. We're gonna have to carry this on, on Silicon angle.com guys. Yes. And Wikibon, lets do see us. Thank you so much for joining Dave and me giving us your insights as to this event. Where are you gonna be next? Are you gonna be on vacation? >>There's nothing more fun than mean on the cube, so, right. What's outside of that though? Yeah, you know, Christmas coming up, I gotta go see family and do the obligatory, although for me that's a lot of travel, so I guess >>More planes. Yeah. >>Hopefully not in Vegas. >>Not in Vegas. >>Awesome. Nothing against Vegas. Yeah, no, >>We love it. We >>Love it. Although I will say my year started off with ces. Yeah. And it's finishing up with Palo Alto here. The bookends. Yeah, exactly. In Vegas bookends. >>Well thanks so much for joining us. Thank you Dave. Always a pleasure to host a show with you and hear your insights. Reading your breaking analysis always kicks off my prep for show and it's always great to see, but predictions come true. So thank you for being my co-host bet. All right. For Dave Valante Enz as Carla, I'm Lisa Martin. You've been watching The Cube, the leader in live, emerging and enterprise tech coverage. Thanks for watching.

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back everyone. We're so glad that you're still with us. It's the Cube Live at the MGM Grand. This is our second day of coverage of Palo Alto Networks Ignite. This is takeaways from Ignite 22. Lisa Martin here with two really smart guys, Dave Valante. Dave, we're joined by one of our cube alumni, a friend, a friend of the, we say friend of the Cube. >>Yeah, F otc. A friend of the Cube >>Karala joins us. Guys, it's great to have you here. It's been an exciting show. A lot of cybersecurity is one of my favorite topics to talk about. But I'd love to get some of the big takeaways from both of you. Dave, we'll start with >>You. A breathing room from two weeks ago. Yeah, that was, that was really pleasant. You know, I mean, I know was, yes, you sat in the analyst program, interested in what your takeaways were from there. But, you know, coming into this, we wrote a piece, Palo Alto's Gold Standard, what they need to do to, to keep that, that status. And we hear it a lot about consolidation. That's their big theme now, which is timely, right? Cause people wanna save money, they wanna do more with less. But I'm really interested in hearing zeus's thoughts on how that's playing in the market. How customers, how easy is it to just say, oh, hey, I'm gonna consolidate. I wanna get into that a little bit with you, how well the strategy's working. We're gonna get into some of the m and a activity and really bring your perspectives to the table. Well, >>It's, it's not easy. I mean, people have been calling for the consolidation of security for decades, and it's, it's, they're the first company that's actually made it happen. Right? And, and I think this is what we're seeing here is the culmination of this long-term strategy, this company trying to build more of a platform. And they, you know, they, they came out as a firewall vendor. And I think it's safe to say they're more than firewall today. That's only about two thirds of their revenue now. So down from 80% a few years ago. And when I think of what Palo Alto has become, they're really a data company. Now, if you look at, you know, unit 42 in Cortex, the, the, the Cortex Data Lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have, right? And bringing that together into one big data lake. >>And then they're able to use that to, to do faster threat notification, forensics, things like that. And so I think the old model of security of create signatures for known threats, it's safe to say it never really worked and it wasn't ever gonna work. You had too many days, zero exploits and things. The only way to fight security today is with a AI and ML based analytics. And they have, they're the gold standard. I think the one thing about your post that I would add, they're the gold standard from a data standpoint. And that's given them this competitive advantage to go out and become a platform for security. Which, like I said, the people have tried to do that for years. And the first one that's actually done it, well, >>We've heard this from some of the startups, like Lacework will say, oh, we treat security as a data problem. Of course there's a startup, Palo Alto's got, you know, whatever, 10, 15 years of, of, of history. But one of the things I wanted to explore with you coming into this was the notion of can you be best of breed and develop a suite? And we, we've been hearing a consistent answer to that question, which is, and, and do you need to, and the answer is, well, best of breed in security requires that full spectrum, that full view. So here's my question to you. So, okay, let's take Estee win relatively new for these guys, right? Yeah. Okay. And >>And one of the few products are not top two, top three in, right? >>Exactly. Yeah. So that's why I want to take that. Yeah. Because in bakeoffs, they're gonna lose on a head-to-head best of breed. And so the customer's gonna say, Hey, you know, I love your, your consolidation play, your esty win's. Just, okay, how about a little discount on that? And you know, these guys are premium priced. Yes. So, you know, are they in essentially through their pricing strategies, sort of creating that stuff, fighting that, is that friction for them where they've got, you know, the customer says, all right, well forget it, we're gonna go stove pipe with the SD WAN will consolidate some of the stuff. Are you seeing that? >>Yeah, I, I, I still think the sales model is that way. And I think that's something they need to work on changing. If they get into a situation where they have to get down into a feature battle of my SD WAN versus your SD wan, my firewall versus your firewall, frankly they've already lost, you know, because their value prop is the suite and, and is the platform. And I was talking with the CISO here that told me, he realizes now that you don't need best of breed everywhere to have best in class threat protection. In fact, best of breed everywhere leads to suboptimal threat protection. Cuz you have all these data data sets that are in silos, right? And so from a data scientist standpoint, right, there's the good data leads to good insights. Well, partial data leads to fragmented insights and that's, that's what the best, best of breed approach gives you. And so I was talking with Palo about this, can they have this vision of being best of breed and platform? I don't really think you can maintain best of breed everywhere across this portfolio this big, but you don't need to. >>That was my second point of my question. That's the point I'm saying. Yeah. And so, cuz cuz because you know, we've talked about this, that that sweets always win in the long run, >>Sweets win. >>Yeah. But here's the thing, I, I wonder to your your point about, you know, the customer, you know, understanding that that that, that this resonates with them. I, my guess is a lot of customers, you know, at that mid-level and the fat middle are like still sort of wed, you know, hugging that, that tool. So there's, there's work to be done here, but I think they, they, they got it right Because if they devolve, to your point, if they devolve down to that speeds and feeds, eh, what's the point of that? Where's their >>Valuable? You do not wanna get into a knife fight. And I, and I, and I think for them the, a big challenge now is convincing customers that the suite, the suite approach does work. And they have to be able to do that in actual customer examples. And so, you know, I I interviewed a bunch of customers here and the ones that have bought into XDR and xor and even are looking at their sim have told me that the, the, so think of soc operations, the old way heavily manually oriented, right? You have multiple panes of glass and you know, and then you've got, so there's a lot of people work before you bring the tools in, right? If done correctly with AI and ml, the machines would do all the heavy lifting and then you'd bring people in at the end to clean up the little bits that were missed, right? >>And so you, you moved to, from something that was very people heavy to something that's machine heavy and machines can work a lot faster than people. And the, and so the ones that I've talked that have, that have done that have said, look, our engineers have moved on to a lot different things. They're doing penetration testing, they're, you know, helping us with, with strategy and they're not fighting that, that daily fight of looking through log files. And the only proof point you need, Dave, is look at every big breach that we've had over the last five years. There's some SIM vendor up there that says, we caught it. Yeah. >>Yeah. We we had the data. >>Yeah. But, but, but the security team missed it. Well they missed it because you're, nobody can look at that much data manually. And so the, I I think their approach of relying heavily on machines to fight the fight is actually the right way. >>Is that a differentiator for them versus, we were talking before we went live that you and I first hit our very first segment back in 2017 at Fort Net. Is that, where do the two stand in your >>Yeah, it's funny cuz if you talk to the two vendors, they don't really see each other in a lot of accounts because Fort Net's more small market mid-market. It's the same strategy to some degree where Fort Net relies heavily on in-house development in Palo Alto relies heavily on acquisition. Yeah. And so I think from a consistently feature set, you know, Fort Net has an advantage there because it, it's all run off their, their their silicon. Where, where Palo's able to innovate very quickly. The, it it requires a lot of work right? To, to bring the front end and back ends together. But they're serving different markets. So >>Do you see that as a differentiator? The integration strategy that Palo Alto has as a differentiator? We talk to so many companies who have an a strong m and a strategy and, and execution arm. But the challenge is always integrating the technology so that the customer to, you know, ultimately it's the customer. >>I actually think they're, they're underrated as a, an acquirer. In fact, Dave wrote a post to a prior on Silicon Angle prior to Accelerate and he, he on, you put it on Twitter and you asked people to rank 'em as an acquirer and they were in the middle of the pack, >>Right? It was, it was. So it was Oracle, VMware, emc, ibm, Cisco, ServiceNow, and Palo Alto. Yeah. Or Oracle got very high marks. It was like 8.5 out of, you know, 10. Yeah. VMware I think was 6.5. Naira was high emc, big range. IBM five to seven. Cisco was three to eight. Yeah. Yeah, right. ServiceNow was a seven. And then, yeah, Palo Alto was like a five. And I, which I think it was unfair. Well, >>And I think it depends on how you look at it. And I, so I think a lot of the acquisitions Palo Alto's made, they've done a good job of integrating the backend data and they've almost ignored the front end. And so when you buy some of the products, it's a little clunky today. You know, if you work with Prisma Cloud, it could be a little bit cleaner. And even with, you know, the SD wan that took 'em a long time to bring CloudGenix in and stuff. But I think the approach is right. I don't, I don't necessarily believe you should integrate the front end until you've integrated the back end. >>That's >>The hard part, right? Because UL ultimately what you're gonna get, you're gonna get two panes of glass and one pane of glass and it might look pretty and all mush together, but ultimately you're not solving the bigger problem, right. Of, of being able to create that big data lake to, to fight security. And so I think, you know, the approach they've taken is the right one. I think from a user standpoint, maybe it doesn't show up as neatly because you don't see the frontend integration, but the way they're doing it is the right way to do it. And I'm glad they're doing it that way versus caving to the pressures of what, you know, the industry might want or >>Showed up in the performance of the company. I mean, this company was basically gonna double revenues to 7 billion from 2020 to >>2023. Think about that at that. That makes, >>I mean that's unbelievable, right? I mean, and then and they wanna double again. Yeah. You know, so, well >>What did, what did Nikesh was quoted as saying they wanna be the first cyber company that's a hundred billion dollars. He didn't give a timeline market >>Cap. Right. >>Market cap, right. Do what I wanna get both of your opinions on what you saw and heard and felt this week. What do you think the likelihood is? And and do you have any projections on how, you know, how many years it's gonna take for them to get there? >>Well, >>Well I think so if they're gonna get that big, right? And, and we were talking about this pre-show, any company that's becoming a big company does it through ecosystem >>Bingo >>Go, right? And that when you look around the show floor, it's not that impressive. No. And if that, if there's an area they need to focus on, it's building that ecosystem. And it's not with other security vendors, it's with application vendors and it's with the cloud companies and stuff. And they've got some relationships there, but they need to do more. I actually challenge 'em on that. One of the analyst sessions. They said, look, we've got 800 cortex partners. Well where are they? Right? Why isn't there a cortex stand here with a bunch of the small companies here? So I do think that that is an area they need to focus on. If they are gonna get to that, that market caps number, they will do so do so through ecosystem. Because every company that's achieved that has done it through ecosystem. >>A hundred percent agree. And you know, if you look at CrowdStrike's ecosystem, it's, I mean, pretty similar. Yeah. You know, it doesn't really, you know, make much, much, not much different from this, but I went back and just looked at some, you know, peak valuations during the pandemic and shortly thereafter CrowdStrike was 70 billion. You know, that's what their roughly their peak Palo Alto was 56, fortune was 59 for the actually diverged. Right. And now Palo Alto has taken the, the top mantle, you know, today it's market cap's 52. So it's held 93% of its peak value. Everybody else is tanking. Even Okta was 45 billion. It's been crushed as you well know. But, so Palo Alto wasn't always, you know, the number one in terms of market cap. But I guess my point is, look, if CrowdStrike could got to 70 billion during Yeah. During the frenzy, I think it's gonna take, to answer your question, I think it's gonna be five years. Okay. Before they get back there. I think this market's gonna be tough for a while from a valuation standpoint. I think generally tech is gonna kind of go up and down and sideways for a good year and a half, maybe even two years could be even longer. And then I think there's gonna be some next wave of productivity innovation that that hits. And then you're gonna, you're almost always gonna exceed the previous highs. It's gonna take a while. Yeah. >>Yeah, yeah. But I think their ability to disrupt the SIM market actually is something that I, I believe they're gonna do. I've been calling for the death of the sim for a long time and I know some people of Palo Alto are very cautious about saying that cuz the Splunks and the, you know, they're, they're their partners. But I, I think the, you know, it's what I said before, the, the tools are catching them, but they're, it's not in a way that's useful for the IT pro and, but I, I don't think the SIM vendors have that ecosystem of insight across network cloud endpoint. Right. Which is what you need in order to make a sim useful. >>CISO at an ETR round table said, if, if it weren't for my regulators, I would chuck my sim. >>Yes. >>But that's the only reason that, that this person was keeping it. No. >>Yeah. And I think the, the fact that most of those companies have moved to a perpetual MO or a a recurring revenue model actually helps unseat them. Typically when you pour a bunch of money into something, you remember the old computer associate says nobody ever took it out cuz the sunk dollars you spent to do it. But now that you're paying an annual recurring fee, it's actually makes it easier to take out. So >>Yeah, it's just an ebb and flow, right? Yeah. Because the maintenance costs were, you know, relatively low. Maybe it was 20% of the total. And then, you know, once every five years you had to do a refresh and you were still locked into the sort of maintenance and, and so yeah, I think you're right. The switching costs with sas, you know, in theory anyway, should be less >>Yeah. As long as you can migrate the data over. And I think they've got a pretty good handle on that. So, >>Yeah. So guys, I wanna get your perspective as a whole bunch of announcements here. We've only been here for a couple days, not a big conference as, as you can see from behind us. What Zs in your opinion was Palo Alto's main message and and what do you think about it main message at this event? And then same question for you. >>Yeah, I, I think their message largely wrapped around disruption, right? And, and they, and The's keynote already talked about that, right? And where they disrupted the firewall market by creating a NextGen firewall. In fact, if you look at all the new services they added to their firewall, you, you could almost say it's a NextGen NextGen firewall. But, but I do think the, the work they've done in the area of cloud and cortex actually I think is, is pretty impressive. And I think that's the, the SOC is ripe for disruption because it's for, for the most part, most socks still, you know, run off legacy playbooks. They run off legacy, you know, forensic models and things and they don't work. It's why we have so many breaches today. The, the dirty little secret that nobody ever wants to talk about is the bad guys are using machine learning, right? And so if you're using a signature based model, all they gotta do is tweak their model a little bit and it becomes, it bypasses them. So I, I think the only way to fight the the bad guys today is with you're gonna fight fire with fire. And I think that's, that's the path they've, they've headed >>Down. Yeah. The bad guys are hiding in plain sight, you know? Yeah, >>Yeah. Well it's, it's not hard to do now with a lot of those legacy tools. So >>I think, I think for me, you know, the stat that we threw out earlier, I think yesterday at our keynote analysis was, you know, the ETR data shows that are, that are that last survey around 35% of the respondents said we are actively consolidating, sorry, 44%, sorry, 35 says who are actively consolidating vendors, redundant vendors today that number's up to 44%. Yeah. It's by far the number one cost optimization technique. That's what these guys are pitching. And I think it's gonna resonate with people and, and I think to your point, they're integrating at the backend, their beeps are technical, right? I mean, they can deal with that complexity. Yeah. And so they don't need eye candy. Eventually they, they, they want to have that cuz it'll allow 'em to have deeper market penetration and make people more productive. But you know, that consolidation message came through loud and clear. >>Yeah. The big change in this industry too is all the new startups are all cloud native, right? They're all built on Amazon or Google or whatever. Yeah. And when your cloud native and you buy a cloud native integration is fast. It's not like having to integrate this big monolithic software stack anymore. Right. So I, I think their pace of integration will only accelerate from here because everything's now cloud native. >>If a customer comes to you or when a customer comes to you and says, Zs help us with this cyber transformation we have, our board isn't necessarily aligned with our executives in terms of execution of a security strategy. How do you advise them where Palo Alto is concerned? >>Yeah. You know, a lot, a lot of this is just fighting legacy mindset. And I've, I was talking with some CISOs here from state and local governments and things and they're, you know, they can't get more budget. They're fighting the tide. But what they did find is through the use of automation technology, they're able to bring their people costs way down. Right. And then be able to use that budget to invest in a lot of new projects. And so with that, you, you have to start with your biggest pain points, apply automation where you can, and then be able to use that budget to reinvest back in your security strategy. And it's good for the IT pros too, the security pros, my advice to the IT pros is, is if you're doing things today that aren't resume building, stop doing them. Right. Find a way to automate the money your job. And so if you're patching systems and you're looking through log files, there's no reason machines can't do that. And you go do something a lot more interesting. >>So true. It's like storage guys 10 years ago, provisioning loans. Yes. It's like, stop doing that. Yeah. You're gonna be outta a job. So who, last question I have is, is who do you see as the big competitors, the horses on the track question, right? So obviously Cisco kind of service has led for a while and you know, big portfolio company, CrowdStrike coming at it from end point. You know who, who, who do you see as the real players going for that? You know, right now the market's three to 4%. The leader has three, three 4% of the market. You know who they're all going for? 10, 15, maybe 20% of the market. Who, who are the likely candidates? Yeah, >>I don't know if CrowdStrike really has the breadth of portfolio to compete long term though. I I think they've had a nice run, but I, we might start to see the follow 'em. I think Microsoft is gonna be for middle. They've laid down the gauntlet, right? They are a security vendor, right? We, we were at Reinvent and a AWS is the platform for security vendors. Yes. Middle, somewhere in the middle. But Microsoft make no mistake, they're in security. They've got some good products. I think a lot of 'em are kind of good enough and they, they tie it to the licensing and I'm not sure that works in security, but they've certainly got the ear of a lot of it pros. >>It might work in smb. >>Yeah, yeah. It, it might. And, and I do like Zscaler. I, I know these guys poo poo the proxy model, but they've, they've done about as much with prox as you can. And I, I think it's, it's a battle of, I love the, the, the near, you know, proxies are dead and Jay's model, you know, Jay over at csca, throw 'em back at 'em. So I, it's good to see that kind of fight going on between the >>Two. Oh, it's great. Well, and, and again, ZScaler's coming at it from their cloud security angle. CrowdStrike's coming at it from endpoint. I, I do think CrowdStrike has an opportunity to build out the portfolio through m and a and maybe ecosystem. And then obviously, you know, Palo Alto's getting it done. How about Cisco? >>Yeah, Cisco's interesting. And I I think if Cisco can make the network matter in security and it should, right? We're talking about how a lot of you need a lot of forensics to fight security today. Well, they're gonna see things long before anybody else because they have all that network data. If they can tie network security, I, I mean they could really have that business take off. But we've been saying that about Cisco for 20 years. >>But big install based though. Yeah. It's hard for a company, any company to say, okay, hey Cisco customer sweep the floor and come with us. That's, that's >>A tough thing. They have a lot of good peace parts, right? And like duo's a good product and umbrella's a good product. They've, they've not done a good job. >>They're the opposite of these guys. >>They've not done a good job of the backend integration and that, that's where Cisco needs to, to focus. And I do think g G two Patel there fixed the WebEx group and I think he's now, in fact when you talk to him, he's doing very little on WebEx that that group's running itself and he's more focused in security. So I, I think we could see a resurgence there. But you know, they have a, from a revenue perspective, it's a little misleading cuz they have this big legacy base that's in decline while they're moving to cloud and stuff. So, but they, but they, there's a lot of Rick there trying to, to tie to network. >>Lots of fuel for conversation. We're gonna have to carry this on, on Silicon angle.com guys. Yes. And Wi KeePon. Lets do see us. Thank you so much for joining Dave and me giving us your insights as to this event. Where are gonna be next? Are you gonna be on >>Vacation? There's nothing more fun than mean on the cube. So what's outside of that though? Yeah, you know, Christmas coming up, I gotta go see family and be the obligatory, although for me that's a lot of travel, so I guess >>More planes. Yeah. >>Hopefully not in Vegas. >>Not in Vegas. >>Awesome. Nothing against Vegas. Yeah, no, >>We love it. We love >>It. Although I will say my year started off with ces. Yeah. And it's finishing up with Palo Alto here. The bookends. Yeah, exactly. In Vegas bookends. >>Well thanks so much for joining us. Thank you Dave. Always a pleasure to host a show with you and hear your insights. Reading your breaking analysis always kicks off my prep for show. And it, it's always great to see, but predictions come true. So thank you for being my co-host bet. All right. For Dave Valante Enz as Carla, I'm Lisa Martin. You've been watching The Cube, the leader in live, emerging and enterprise tech coverage. Thanks for watching.

>>Welcome back everyone to the Cube's live coverage of VMware Explorer, 2022. I'm John furrier with Dave Valante host of the cube. We're here on the ground floor, Moscone west two sets Walter Wall coverage. Three days. We heard Laura Heisman, the senior vice president and CMO of VMware, put it all together. Great to see you. Nice, thanks for, to see you for spending time outta your very busy week. >>It is a busy week. It is a great week. >>So a lot of people were anticipating what world was gonna look like. And then the name changed to VMware Explorer. This is our 12th year covering VMware's annual conference, formerly known ASM world. Now VMware Explorer, bold move, but Raghu teased it out on his keynote. Some reason behind it, expand on, on the thought process. The name change, obviously multi-cloud big headline here. vSphere eight partnerships with cloud hyperscale is a completely clear direction for VMware. Take us through why the name changed. Exactly, exactly. And why it's all coming together. Think he kind of hinted that he kinda said exactly, you know, exploring the new things, blah, blah, blah. Yeah. But take us through that. You've architected it. >>Yeah. It is a, a change of, we have a great past at VMware and we're looking to our future at the same time. And so when you come back from a pandemic and things changing, and you're really looking at the expansion of the business now is the time because it wasn't just to come back to what we were doing before. And every company should be thinking about that, but it's what are we gonna do to actually go forward? And VMware itself is on our own journey as expanding in more into the cloud, our multi-cloud leadership and everything that we're doing there. And we wanted to make sure that our audience was able to explore that with us. And so it was the perfect opportunity we're back live. And VMware Explorer is for everyone. That's been coming Tom world for so many years. We love our community and expanding it to our new communities that maybe don't have that legacy and that history and have them here with us at >>VMware. You did a great job. I love the event here. Love how it turned out. And, and a lot of interesting things happened along the way. Prior to this event you had we're coming outta the pandemic. So it's the first face to face yes. Of the VMware community coming together, which this is an annual right of passage for everyone in the customer base. Broadcom buys VMware. No, no, if you name change it to VMware Explorer and then Broadcom buys VMware. So announces, announces the, the buyout. So, and all the certainty, uncertainty kind of hanging around it. You had to navigate those waters, take us through, what was that like? How did you pull it off? It was a huge success. Yeah, because everyone showed up. Yeah. It's, it's, it's the same event, different name, >>It's >>Same vibe. >>The only thing constant is change. Right? And so it's the, we've gotta focus on the business and our VMware customers and our partners and our community at large. And so it's really keeping the eye on what we're trying to communicate to our community. And this is for our VMware community. The VMO community is here in spades. It is wonderful to have the VMO community here. We have tons of different customers, new customers, old customers, and it's just being able to share everything VMware. And I think people are just excited about that. It's great energy on the show floor and all >>Around. And it's not like you had years to plan it. I mean, you basically six months in you, you went, you said you went on a six month listening tour the other day. What was the number one question you got on that listening tour? >>Well, definitely about the name change was one, but I would say also, it's not just the question. It was the ask of, we have we're in what we call our chapter three here. And it's really our move into multicloud and helping all of our customers with their complexities. >>So virtualization, private cloud, and now multi-cloud correct. The third chapter. >>Yeah. And the, the question and the ask is how do we let our customers and partners know what this is, help us Laura. Like that was the number one ask to me of help us explain it. And that was my challenge and opportunity coming into explore, and really to explain everything about our, if you watched the gen session yesterday, these was, was going through our multiple different chapters where we are helping our customers with their multi-cloud strategies. And so it is been that evolution gets us today and it doesn't end today. It starts today. And we keep going, >>Like, like a lot of companies, obviously in you in this new role, you inherited a hybrid world and, and you've got, you got two years of virtual under your belt, and now you're running a completely different event from that standpoint. How does the sort of the COVID online translate into new relationships and how you're cultivating those? What's that dynamic like? >>Well, let's start with how happy everyone is to see each other in person. No doubt. Yeah. It is amazing just to see people, the high fives in the hallways, the hugs, oh, some people just the fist pump, whatever people mats are there masks aren't there, right? It is something of where everyone's comfort level, but it is really just about getting everyone together and thinking about how do, how was it before the pandemic? You don't necessarily just wanna repeat coming back. And so how do you think about this from an in-person event? People have been sitting behind their screens. How do we engage and how are we interactive? Knowing that attention spans are probably a little bit shorter. People are used to getting up and going get their coffee. We have coffee in the conference rooms, right? Things like that, making the experience just a really great one for everyone. So they're comfortable back in person, but I mean, honestly the energy and seeing people's smiles on their faces, it's wonderful to be back in person. >>It's interesting, you know, the cube, we've had some transformations ourselves with the pandemic and, and living through and getting back to events, but hybrid cloud and hybrid events is now the steady state. So, and in a way it's kind of interesting how hybrid cloud and now multi-cloud the digital aspect of integrating into the physical events is now key. First class citizen thinking. Yeah. For CMOs, you guys did a great job of preserving the, the, the, the best part of it, which is face to face people seeing each other and now bringing in the digital and then extending this. So that it's an always on kind of explore. Is that the thinking behind it? Yes. What's your vision on where you go next? Because if it's not, it's not one and done and see you next year. No anymore, because no, the pandemic showed us that hybrid and digital and physical together. If design as first class citizens with each other. Yeah. One sub-optimize me obviously face to face is better than digital, but if you can't make it, it shouldn't be a bad experience. >>No, not at all. Good's your vision. And, and we're in a point where not everyone's gonna come back, that everyone has what's going on with their life. And so you have to think about it as in person and online, it's not necessarily even hybrid. And so it's, what's the experience for people that are here, you know, over 10,000 people here, you wanna be sure that that is a great experience for them. And then our viewers online, we wanna be sure that they're able to, to know what's going on, stay in touch with everything VMware and enjoy that. So the gen session that was live, we have a ton of on demand content. And this is just the start. So now we go on to essentially multiple other VMware explorers around the world. >>It's interesting. The business model of events is so tickets driven or sponsorship on site on the location that you can get almost addicted to the, no, we don't wanna do digital and kind of foreclose that you guys embraced the, the combo. So what's the attendance. I mean, probably wasn't as big as when everyone was physical. Yep. What are some of the numbers? Can you give us some D data on attendance? Some of the stats around the show, cuz obviously people showed up and drove. Yes. It wasn't a no show. That's sure a lot of great stuff here >>We have. So it's over 10,000 people that are registered and we see them here. The gen session was packed. They're walking the show floor and then I don't have the numbers yet for our online viewership, but everything that we're doing to promote it online, if anyone missed it online, the gen session is already up and they'll see more sessions going live as well as all the on demand content so that everyone can stay in the loop of what's happening. And all of our announcements, >>You're obviously not disappointed. Were you surprised? A little nervous. >>So I will say one thing that we learned from others, thank goodness others have gone before us. So as far as coming back in person is the big change is actually registration happens closer to the event, right. Is a very big change from pre so, >>So it's at the end. Yes. >>The last three weeks. And we had been told that from peers at RSA and other conferences, that that's what happens. So we were prepared for that, but people wanna know what's going on in the world. Yeah. Right. You wanna have that faith before you buy that ticket and book your travel. And so that has definitely been one of the biggest changes and one that I think that will maybe continue to see here. So that was probably the biggest thing that changed as far as what to expect as registration. But we planned for this. We knew it was not going to be as big in the past and that that's gonna be, I think the new norm, >>I think you're right. I think a lot of last minute decisions, you know, sometimes people >>Wanna know, I mean, it's, what's gonna happen another gonna be outbreak or, I mean, I think people have gotten trained to be disappointed >>Well and be flexible >>With COVID I and, and, and weirded out by things. So people get anxiety on the COVID you've seen that. Yeah. >>Yeah. Yeah. I wanna ask you about the developer messaging cause that's one of the real huge takeaways. It was so strong. And you said the other day in the analyst session, the developers of the Kings and the Queens now, you know, we, when we hear developers, we think we pictured Steve Bama running around on stage developers develop, but it's different. It's a different vibe here. It it's like you're serving the Kings in the, in the Queens with, through partnerships and embracing open source. Can you talk a little bit about how you approached or, and you are approaching developer messages? Yeah, >>I, so, you know, I came from GitHub and so developers have been on my mind for many years now. And so joining VMware, I got to join this great world of enterprise software background and my developer background. And we have such an opportunity to really help our developer community understand the benefits of VMware to make them heroes just like we made sort of virtualization professionals heroes in the past, we can do the same thing with developers. We wanna be sure that we're speaking with our developer community. That was very much on stage as well as many of the sessions. And so our, we think about that with our products and what we're doing as far as product development and helping developers be able to test and learn with our products. And it's really thinking about the enterprise developer and how can we help them be successful. >>And I think, I think the beautiful thing about that message is, is that the enterprises that you guys have that great base with, they're all pretty much leaned into cl cloud native and they see it and it's starting to see the hybrid private cloud public cloud. And now with edge coming, it's pretty much a mandate that cloud native drive the architecture and that came clear in the messaging. So I have to ask you on the activations, you guys have done how much developer ops customer base mix are you seeing transfer over? Because the trend that we're seeing is is that it operations and that's generic. I'll say that word generically, but you know, your base is it almost every company has VMware. So they're also enabling inside their company developers. So how much is developer percentage to ops or is they blending in, it's almost a hundred percent, which how would you see >>That it's growing? So it's definitely growing. I wouldn't say it's a hundred percent, but it is growing. And it is one where every company is thinking about their developer. There's not enough developers in the world per the number of job openings out there. Everyone wants to innovate fast and they need to be able to invest in their developers. And we wanna be able to give them the tools to be able to do that. Cuz you want your developers to be happy and make it easier to do their jobs. And so that's what we're committed to really being able to help them do. And so we're seeing an uptick there and we're seeing, you'll see that with our product announcements and what we're doing. And so it's growing. >>The other thing I want to ask you, we saw again, we saw a lot of energy on the customer vibe. We're getting catching that here, cuz the sessions are right behind us and upstairs the floor, we've heard comments like the ecosystem's back. I mean not to anywhere, but there was a definitely an ecosystem spring to the step. If you will, amongst the partners, can you share what's happening here? Observations things that you've noticed that have been cool, that that can highlight some trends in the partner side of it. Yeah. What's going on with partners. >>Yeah. I mean our partners are so important to us. We're thrilled that they're here with us here. The expo floor, it is busy and people are visiting and reuniting and learning from each other and everything that you want to happen on the expo floor. And we've done special things throughout the week. For example, we have a whole hyperscaler day essentially happening where we wanna highlight some of the hyperscalers and let them be able to, to share with all of our attendees what they're doing. So we've given them more time within the sessions as well. And so you'll see our partner ecosystem all over the place, not just on the expo >>Floor, a lot of range of partners. Dave, you got the hyperscalers, you have the big, the big whales and cloud whales. And then you have now the second tier we call 'em super cloud type customer and partners. And you got the multi-cloud architecture, developing a lot of moving parts that are changing and growing and evolving. How do you view that? How you just gonna ride the wave? Are you watching it? Are you gonna explore it through more, you know, kind of joint marketing. I mean, what's your, how do you take this momentum that you have? And by the way, a lot of stuff's coming outta the oven. I was talking with Joan last night at the, at the press analyst event. And there's a lot of stuff coming outta the VMware oven product wise that hasn't hit the market yet. Yep. That's that's that's I mean, you can't really put a number on that sales yet, but it's got value. Yep. So you got that happening. You got this momentum behind you, you just ride the wave and what's the strategy. Well, >>It is all about how do we pass to the partner, right? So it is about the partner relationship. And we think about that our partner community is huge to us at VMware. I'm sure you've been hearing that from everyone you've been speaking to. So it's not even it's ride the wave, but it's embrace. Got it. It's embrace our partners. We need their help, our customer base. We do touch everybody and we need them to be able to support us and share what it is that we're doing from our product E evolution, our product announcements. So it's continuous education. It's there in educating us. It's definitely a two way relationship and really what we're even to get done here at explore together. It's progress that you can't always do on a zoom or a teams call or a WebEx call. You can't do that in two weeks, two years sometimes. And we're able to even have really great conversations >>Here and, and your go to market is transforming as well. You, you guys have talked about how you're reaching many different touchpoints. We've talked about developers. I mean, the other thing we've seen at events, we talked about the last minute, you know, registrations. The other thing we've seen is a lot more senior members of audiences. And now part of that is maybe okay, maybe some of the junior folks can't travel, they can't get, but, but, but why is it that the senior people come, they, they maybe they wouldn't have come before maybe because they're going through digital transformations. They wanna lean in and understand it better. But it seemed, I know you had an executive summit, you know, on day zero and Hawk 10 was here and, and so forth. So, okay. I get that. But it seems in talking to the partners, they're like, wow, the quality of the conversations that we're having has really been up leveled compared to previous years in other conferences. >>So yeah. Yeah. I think it's that they're all thinking about their transformation as well. We had the executive summit on day zero for us Monday, right? And it was a hundred plus executives invited in for a day who have stayed because they wanna hear what's going on. When I joined VMware, I said, VMware has a gift that so many companies are jealous of because we have relationships with the executives and that's what every company's startup to large company wants. And they're, they're really trusted customers of ours. And so we haven't been together and they want to be here to be able to know what's going on and join us in the meetings. And we have tons of meetings happening throughout >>The event and they're loyal and they're loyal. They're absolutely, they're active, active in a good way. They'll give you great feedback, candid feedback. Sometimes, you know, you might not wanna hear, but it's truthful. They're rare, engaging feedback gift. And they stay with you and they're loyal and they show up and they learn they're in sessions. So all good stuff. And then we only have about a minute left. Laura. I want to get your thoughts and, and end the segment with your explanation to the world around explore. What's next? What does it mean? What's gonna happen next? What does this brand turn into? Yeah. How do you see this unfolding? How do people, how should people view the VMware Explorer event brand and future activities? >>Yeah. VMware Explorer. This is just the start. So we're after this, we're going to Brazil, Barcelona, Singapore, China, and Japan. And so it is definitely a momentum that we're going on. The brand is unbelievable. It is so beautiful. We're exploring with it. We can have so much fun with this brand and we plan to continue to have fun with this brand. And it is all about the, the momentum with our sales team and our customers and our partners. And just continuing what we're doing, this is, this is just the beginning. It's not the, it's a global >>Brand explore >>Global. Absolutely. Absolutely. >>All right, Dave, that's gonna be great for the cube global activities. There you go, Laura. Great to see you. Thank you for coming on. I know you're super busy. Final question. It's kind of the trick question. What's your favorite aspect of the event? Pick a favorite child. What's going on here? Okay. In your mind, what's the most exciting thing about this event that that's near and dear to >>Your heart? So first it's hearing the feedback from the customers, but I do have to say my team as well. I mean, huge shout out to my team. They are the hub and spoke of all parts of explore. Yeah. VMware Explorer. Wouldn't be here without them. And so it's great to see it all coming >>Together. As they say in the scoring and the Olympics, the degree of difficulty for this event, given all the things going on, you guys did an amazing job. >>We witnessed >>To it. Congratulations. Thank you. Thank you for a great booth here. It looks beautiful. Thanks for coming. Wonderful. >>Thank you for >>Having me. Okay. The cues live coverage here on the floor of Moscone west I'm Trevor Dave. Valante two sets, three days. Stay with us for more live coverage. We'll be right back.

>>Okay. We're back with Ari Basu, who is Cisco's resident philosopher, who also holds a master's in computer science. We're gonna have to unpack that a little bit and Najati chair he who's technical lead at Cisco. Welcome guys. Thanks for coming on the cube. >>Happy to be here. Thanks a >>Lot. All right, let's get into it. We want you to explain how Cisco validated the SBRI technology and the proof points that, that you have, that it actually works as advertised. So first Outre tell first, tell us about Cisco tech. What does Cisco tech do? >>So T is otherwise it's an acronym for technical assistance center is Cisco's support arm, the support organization, and, you know, the risk of sounding like I'm spotting a corporate line. The, the easiest way to summarize what tag does is provide world class support to Cisco customers. What that means is we have about 8,000 engineers worldwide, and any of our Cisco customers can either go on our web portal or call us to open a support request. And we get about 2.2 million of these support requests a year. And what these support requests are, are essentially the customer will describe something that they need done some networking goal that they have, that they wanna accomplish. And then it's tax job to make sure that that goal does get accomplished. Now, it could be something like they're having trouble with an existing network solution, and it's not working as expected, or it could be that they're integrating with a new solution. >>They're, you know, upgrading devices, maybe there's a hardware failure, anything really to do with networking support and, you know, the customer's network goals. If they open up a case for request for help, then tax job is to, is to respond and make sure the customer's, you know, questions and requirements are met about 44% of these support requests are usually trivial and, you know, can be solved within a call or within a day. But the rest of tax cases really involve getting into the network device, looking at logs. It's a very technical role. It's a very technical job. You're look you're, you need to be conversing with network solutions, their designs protocols, et cetera. >>Wow. So 56% non-trivial. And so I would imagine you spend a lot of time digging through through logs. Is that, is that true? Can you quantify that like, you know, every month, how much time you spend digging through logs and is that a pain point? >>Yeah, it's interesting. You asked that because when we started this on this journey to augment our support engineers workflow with zebra solution, one of the things that we did was we went out and asked our engineers what their experience was like doing log analysis. And the anecdotal evidence was that on average, an engineer will spend three out of their eight hours reviewing logs, either online or offline. So what that means is either with the customer live on a WebEx, they're going to be going over logs, network, state information, et cetera, or they're gonna do it offline, where the customer sends them the logs, it's attached to a, you know, a service request and they review it and try to figure out what's going on and provide the customer with information. So it's a very large chunk of our day. You know, I said 8,000 plus engineers, and so three hours a day, that's 24,000 man hours a day spent on long analysis. >>Now the struggle with logs or analyzing logs is there by out of necessity. Logs are very contr contr. They try to pack a lot of information in a very little space. And this is for performance reasons, storage reasons, et cetera, BEC, but the side effect of that is they're very esoteric. So they're hard to read if you're not conversant, if you're not the developer who wrote these logs or you or you, aren't doing code deep dives. And you're looking at where this logs getting printed and things like that, it may not be immediately obvious or even after a low while it may not be obvious what that log line means or how it correlates to whatever problem you're troubleshooting. So it requires tenure. It requires, you know, like I was saying before, it requires a lot of knowledge about the protocol what's expected because when you're doing log analysis, what you're really looking for is a needle in a haystack. You're looking for that one anomalous event, that single thing that tells you this shouldn't have happened. And this was a problem right now doing that kind of anomaly detection requires you to know what is normal. It requires, you know, what the baseline is. And that requires a very in-depth understanding of, you know, the state changes for that network solution or product. So it requires time, tenure and expertise to do well. And it takes a lot of time even when you have that kind of expertise. >>Wow. So thank you, archery. And Najati, that's, that's about, that's almost two days a week for, for a technical resource. That's that's not inexpensive. So what was Cisco looking for to sort of help with this and, and how'd you stumble upon zebra? >>Yeah, so, I mean, we have our internal automation system, which has been running more than a decade now. And what happens is when a customer attaches a log bundle or diagnostic bundle into the service request, we take that from the Sr we analyze it and we represent some kind of information. You know, it can be alert or some tables, some graph to the engineer, so they can, you know, troubleshoot this particular issue. This is an incredible system, but it comes with its own challenges around maintenance to keep it up to date and relevant with Cisco's new products or new version of the product, new defects, new issues, and all kind of things. And when I, what I mean with those challenges are, let's say Cisco comes up with a product today. We need to come together with those engineers. We need to figure out how this bundle works, how it's structured out. >>We need to select individual logs, which are relevant and then start modeling these logs and get some values out of those logs, using pars or some rag access to come to a level that we can consume the logs. And then people start writing rules on top of that abstraction. So people can say in this log, I'm seeing this value together with this other value in another log, maybe I'm hitting this particular defect. So that's how it works. And if you look at it, the abstraction, it can fail the next time. And the next release when the development or the engineer decides to change that log line, which you write that rag X, or we can come up with a new version, which we completely change the services or processes, then whatever you have wrote needs to be re written for that new service. And we see that a lot with products, like for instance, WebEx, where you have a very short release cycle that things can change maybe the next week with a new release. >>So whatever you are writing, especially for that abstraction and for those rules are maybe not relevant with that new release. With that being sake, we have a incredible rule creation process and governance process around it, which starts with maybe a defect. And then it takes it to a level where we have an automation in place. But if you look at it, this really ties to human bandwidth. And our engineers are really busy working on, you know, customer facing, working on issues daily and sometimes creating these rules or these pars are not their biggest priorities, so they can be delayed a bit. So we have this delay between a new issue being identified to a level where we have the automation to detect it next time that some customer faces it. So with all these questions and with all challenges in mind, we start looking into ways of actually how we can automate these automations. >>So these things that we are doing manually, how we can move it a bit further and automate. And we had actually a couple of things in mind that we were looking for and this being one of them being, this has to be product agnostic. Like if Cisco comes up with a product tomorrow, I should be able to take it logs without writing, you know, complex regs, pars, whatever, and deploy it into this system. So it can embrace our logs and make sense of it. And we wanted this platform to be unsupervised. So none of the engineers need to create rules, you know, label logs. This is bad. This is good. Or train the system like which requires a lot of computational power. And the other most important thing for us was we wanted this to be not noisy at all, because what happens with noises when your level of false PE positives really high your engineers start ignoring the good things between that noise. >>So they start the next time, you know, thinking that this thing will not be relevant. So we want something with a lot or less noise. And ultimately we wanted this new platform or new framework to be easily adaptable to our existing workflows. So this is where we started. We start looking into the, you know, first of all, internally, if we can build this thing and also start researching it, and we came up to Zeum actually Larry, one of the co co-founders of Zeum. We came upon his presentation where he clearly explained why this is different, how this works, and it immediately clicked in. And we said, okay, this is exactly what we were looking for. We dived deeper. We checked the block posts where SBRI guys really explained everything very clearly there, they are really open about it. And most importantly, there is a button in their system. >>So what happens usually with AI ML vendors is they have this button where you fill in your details and sales guys call you back. And, you know, we explain the system here. They were like, this is our trial system. We believe in the system, you can just sign up and try it yourself. And that's what we did. We took our, one of our Cisco live DNA center, wireless platforms. We start streaming logs out of it. And then we synthetically, you know, introduce errors, like we broke things. And then we realized that zebra was really catching the errors perfectly. And on top of that, it was really quiet unless you are really breaking something. And the other thing we realized was during that first trial is zebra was actually bringing a lot of context on top of the logs. During those failures, we work with couple of technical leaders and they said, okay, if this failure happens, I I'm expecting this individual log to be there. And we found out with zebra, apart from that individual log, there were a lot of other things which gives a bit more context around the root columns, which was great. And that's where we wanted to take it to the next level. Yeah. >>Okay. So, you know, a couple things to unpack there. I mean, you have the dart board behind you, which is kind of interesting, cuz a lot of times it's like throwing darts at the board to try to figure this stuff out. But to your other point, Cisco actually has some pretty rich tools with AppD and doing observability and you've made acquisitions like thousand eyes. And like you said, I'm, I'm presuming you gotta eat your own dog food or drink your own champagne. And so you've gotta be tools agnostic. And when I first heard about Z zebra, I was like, wait a minute. Really? I was kind of skeptical. I've heard this before. You're telling me all I need is plain text and, and a timestamp. And you got my problem solved. So, and I, I understand that you guys said, okay, let's run a POC. Let's see if we can cut that from, let's say two days a week down to one day, a week. In other words, 50%, let's see if we can automate 50% of the root cause analysis. And, and so you funded a POC. How, how did you test it? You, you put, you know, synthetic, you know, errors and problems in there, but how did you test that? It actually works Najati >>Yeah. So we, we wanted to take it to the next level, which is meaning that we wanted to back test is with existing SARS. And we decided, you know, we, we chose four different products from four different verticals, data center, security, collaboration, and enterprise networking. And we find out SARS where the engineer put some kind of log in the resolution summary. So they closed the case. And in the summary of the Sr, they put, I identified these log lines and they led me to the roots and we, we ingested those log bundles. And we, we tried to see if Zeum can surface that exact same log line in their analysis. So we initially did it with archery ourself and after 50 tests or so we were really happy with the results. I mean, almost most of them, we saw the log line that we were looking for, but that was not enough. >>And we brought it of course, to our management and they said, okay, let's, let's try this with real users because the log being there is one thing, but the engineer reaching to that log is another take. So we wanted to make sure that when we put it in front of our users, our engineers, they can actually come to that log themselves because, you know, we, we know this platform so we can, you know, make searches and find whatever we are looking for, but we wanted to do that. So we extended our pilots to some selected engineers and they tested with their own SRSS. Also do some back testing for some SARS, which are closed in the past or recently. And with, with a sample set of, I guess, close to 200 SARS, we find out like majority of the time, almost 95% of the time the engineer could find the log they were looking for in zebra analysis. >>Yeah. Okay. So you were looking for 50%, you got to 95%. And my understanding is you actually did it with four pretty well known Cisco products, WebEx client DNA center, identity services, engine ISE, and then, then UCS. Yes. Unified pursuit. So you use actual real data and, and that was kind of your proof proof point, but Ari. So that's sounds pretty impressive. And, and you've have you put this into production now and what have you found? >>Well, yes, we're, we've launched this with the four products that you mentioned. We're providing our tech engineers with the ability, whenever a, whenever a support bundle for that product gets attached to the support request. We are processing it, using sense and then providing that sense analysis to the tech engineer for their review. >>So are you seeing the results in production? I mean, are you actually able to, to, to reclaim that time that people are spending? I mean, it was literally almost two days a week down to, you know, a part of a day, is that what you're seeing in production and what are you able to do with that extra time and people getting their weekends back? Are you putting 'em on more strategic tasks? How are you handling that? >>Yeah. So, so what we're seeing is, and I can tell you from my own personal experience using this tool, that troubleshooting any one of the cases, I don't take more than 15 to 20 minutes to go through the zebra report. And I know within that time either what the root causes or I know that zebra doesn't have the information that I need to solve this particular case. So we've definitely seen, well, it's been very hard to measure exactly how much time we've saved per engineer, right? What we, again, anecdotally, what we've heard from our users is that out of those three hours that they were spending per day, we're definitely able to reclaim at least one of those hours and, and what, even more importantly, you know, what the kind of feedback that we've gotten in terms of, I think one statement that really summarizes how Zebra's impacted our workflow was from one of our users. >>And they said, well, you know, until you provide us with this tool, log analysis was a very black and white affair, but now it's become really colorful. And I mean, if you think about it, log analysis is indeed black and white. You're looking at it on a terminal screen where the background is black and the text is white, or you're looking at it as a text where the background is white and the text is black, but what's what they're really trying to say. Is there hardly any visual cues that help you navigate these logs, which are so esoteric, so dense, et cetera. But what XRM does is it provides a lot of color and context to the whole process. So now you're able to quickly get to, you know, using their word cloud, using their interactive histogram, using the summaries of every incident. You're very quickly able to summarize what might be happening and what you need to look into. >>Like, what are the important aspects of this particular log bundle that might be relevant to you? So we've definitely seen that a really great use case that kind of encapsulates all of this was very early on in our experiment. There was, there was this support request that had been escalated to the business unit or the development team. And the tech engineer had really, they, they had an intuition about what was going wrong because of their experience because of, you know, the symptoms that they'd seen. They kind of had an idea, but they weren't able to convince the development team because they weren't able to find any evidence to back up what they thought was happening. And we, it was entirely happenstance that I happened to pick up that case and did an analysis using Seebri. And then I sat down with the attack engineer and we were very quickly within 15 minutes, we were able to get down to the exact sequence of events that highlighted what the customer thought was happening, evidence of what the, so not the customer, what the attack engineer thought was the, was a root cause. It was a rude pause. And then we were able to share that evidence with our business unit and, you know, redirect their resources so that we could change down what the problem was. And that really has been, that that really shows you how that color and context helps in log analysis. >>Interesting. You know, we do a fair amount of work in the cube in the RPA space, the robotic process automation and the narrative in the press when our RPA first started taking off was, oh, it's, you know, machines replacing humans, or we're gonna lose jobs. And, and what actually happened was people were just eliminating mundane tasks and, and the, the employee's actually very happy about it. But my question to you is, was there ever a reticence amongst your team? Like, oh, wow, I'm gonna, I'm gonna lose my job if the machine's gonna replace me, or have you found that people were excited about this and what what's been the reaction amongst the team? >>Well, I think, you know, every automation and AI project has that immediate gut reaction of you're automating away our jobs and so forth. And there is initially there's a little bit of reticence, but I mean, it's like you said, once you start using the tool, you realize that it's not your job, that's getting automated away. It's just that your job's becoming a little easier to do, and it's faster and more efficient. And you're able to get more done in less time. That's really what we're trying to accomplish here at the end of the day, rim will identify these incidents. They'll do the correlation, et cetera. But if you don't understand what you're reading, then that information's useless to you. So you need the human, you need the network expert to actually look at these incidents, but what we are able to skin away or get rid of is all of the fat that's involved in our, you know, in our process, like without having to download the bundle, which, you know, when it's many gigabytes in size, and now we're working from home with the pandemic and everything, you're, you know, pulling massive amounts of logs from the corporate network onto your local device that takes time and then opening it up, loading it in a text editor that takes time. >>All of these things are we're trying to get rid of. And instead we're trying to make it easier and quicker for you to find what you're looking for. So it's like you said, you take away the mundane, you take away the, the difficulties and the slog, but you don't really take away the work, the work still needs to be done. >>Yeah. Great guys. Thanks so much. Appreciate you sharing your story. It's quite, quite fascinating. Really. Thank you for coming on. >>Thanks for having us. >>You're very welcome. Okay. In a moment, I'll be back to wrap up with some final thoughts. This is Dave Valante and you're watching the, >>So today we talked about the need, not only to gain end to end visibility, but why there's a need to automate the identification of root cause problems and doing so with modern technology and machine intelligence can dramatically speed up the process and identify the vast majority of issues right out of the box. If you will. And this technology, it can work with log bundles in batches, or with real time data, as long as there's plain text and a timestamp, it seems Zebra's technology will get you the outcome of automating root cause analysis with very high degrees of accuracy. Zebra is available on Preem or in the cloud. Now this is important for some companies on Preem because there's really some sensitive data inside logs that for compliance and governance reasons, companies have to keep inside their four walls. Now SBRI has a free trial. Of course they better, right? So check it out@zebra.com. You can book a live demo and sign up for a free trial. Thanks for watching this special presentation on the cube, the leader in enterprise and emerging tech coverage on Dave Valante and.

(upbeat music) >> Full stack observability is all the rage today. As businesses lean into digital, customer experience becomes ever more important. Why? Well, it's obvious, fickle consumers can switch brands in the blink of an eye or the click of a mouse. Technology companies have sprung into action and the observability space is getting pretty crowded in an effort to simplify the process of figuring out the root cause of application performance problems without an army of PhDs and lab coats, also known as endlessly digging through logs, for example. We see decades old software companies that have traditionally done monitoring or log analytics and or application performance management stepping up their game. These established players, you know, they typically have deep feature sets and sometimes purpose-built tools that attack one particular segment of the marketplace. And now they're pivoting through M&A and some organic development trying to fill gaps in their portfolio. And then, you got all these new entrants coming to the market, claiming end to end visibility across the so-called modern cloud and now edge native stacks. Meanwhile, cloud players are gaining traction and participating through a combination of native tooling combined with strong ecosystems to address this problem. But, you know, recent survey research from ETR confirms our thesis that no one company has it all. Here's the thing. Customers just want to figure out the root cause as quickly and as efficiently as possible. It's one thing to observe the stack end to end, but the question is who is automating the observers? And that's why we're here today. Hello, my name is Dave Vellante and welcome to this special Cube presentation where we dig into root cause analysis, and specifically, how one company, Zebrium, is using unsupervised machine learning to detect anomalies and pinpoint root causes and delivering it as an automated service. And in this session, we have two deep dives. First, we're going to dig into this exciting new field of RCaaS, Root Cause As A Service with two of the founders and technical experts behind Zebrium. And then we bring in two technical experts from Cisco, an early Zebrium customer who ran a POC with Zebrium's service, automating and identifying root cause problems within four very well established and well known Cisco product lines, including WebEx Client and UCS. I was pretty amazed at the results and I think you'll be impressed as well. So thanks for being here. Let's get started. With me right now is Larry Lancaster, who's a founder and CTO of Zebrium. And he's joined by Rod Bagg, who's the founder and vice president of engineering at the company. Gents, welcome. Thanks for coming on. >> Thanks. >> Okay. >> It's good to be here. >> It's good to be here >> All right Rod, talk to me. Talk to me about software downtime, what root cause means, all the buzzwords in your domain, MTTR and SLO. What do we need to know? >> Yeah, I mean, it's like you said. I mean, it's extremely important to our customers and to most businesses out there to drive uptime and avoid as much downtime as possible. So, you know, when you think about it, all of these businesses, most companies nowadays, either their product is software and it's running, you know, running on the web and that's how you get a point click. Or the business depends on, you know, internal systems to drive their business and to run it. When that is down, that is hugely impacting to them. So if you take a look, you know, way back, you know, 20, 30 years ago, software was simple. You know, there wasn't much to it. It was pretty monolithic and maybe it took a couple of people to maintain it and keep it running. There wasn't really anything complicated about it. It was a single tenant piece of software. Today's software is so complicated, often running, you know, maybe hundreds of services to keep that or to actually implement what that software is doing. So as you point out, you know, enter the sort of observability space and the tools that are now in use to help monitor that software and make sure when something goes wrong, they know about it But there's kind of an interesting stat around the observability space. So when you look at observability in the context or through the lens of the cost of downtime, it's really interesting. So observability tools are about a $20 billion market, okay? But the cost of downtime, even with that in place, is still hundreds of billions of dollars. So you're not taking much of a bite out of what the real problem is. You have to solve root cause and get to that fast. So it's all great to know that something went wrong but you got to know why. And it's our contention here that, you know, really, when you take a look at the observability space, you have metrics, that's a great tool. I mean, there's lots of great tools out there, you know, around metrics monitoring that's going to tell you when something went wrong. It's very rarely it's going to tell you why. Similarly for tracing, it's going to point you to where the issue is. It's going to take you through that stack and probably pinpoint where you're being, you know where it's happening or where something is running slow, potentially. So that's great. But again, the root cause of why it's happening is going to be buried in log files. And I can expand on that a little bit more but you know, when you're a software developer and you're writing your software, those log files are a wealth of information. It's just a set of breadcrumbs that are littered with facts about how the software is behaving and why it's doing what it's doing, or why it went wrong. And it's that that really gets you to the root cause very fast. And that's our contention, is that these software systems are so complex nowadays and that the root cause is lying in those logs. So how do you get there fast? You know, we would contend that you better automate that or you are just doomed for failure. And that's where we come in. >> Great. >> Getting to that root cause. >> Thank you, Rod. You know, it's interesting you talk about the $20 billion market. There's an analogy with security, right? We spend 80, $100 billion a year on securing our infrastructure, and yet we lose probably closer to a trillion dollars a year in breaches. And there's a similar analogy here. 20 billion could be 5X in downtime impacts or more. Okay, let's go to Larry. Tell us a little bit more about Zebrium. I'm interested always to ask a founder why you started the company. Rod touched on that a little bit. You guys have invented this concept of RCaaS. What does it mean? What problems does it solve, and how does it solve the problem? Let's get into it. >> Yeah. Hey, thanks, Dave. So I think when you said, you know, who's automating the observer, that that's a great way to think about it because what observability really means is it's a property of a system that means you can see into it. You can observe the internal state and that makes it easier to troubleshoot, right? But the problem is if it's too complicated, you just push the bottleneck up to your eyeball. There's only so much a person can filter through manually, right? And I love the way you put that. So that's a great way to think about it is automating the observer. Now, of course, it means that, you know, you reduce your MTTR, you meet your service level objectives, all that stuff, you improve customer experience. That's all true, but it's important to step back and realize like we have cracked a real nut here. People have been trying to figure out how to automate this part of sort of the troubleshooting experience, this human part of finding the root cause indicators for a long time. And until Zebrium came along, I would argue, no one's really done it right. So, you know, I think it's also important you know, as we step back, we can probably look forward five to 10 years and say, everyone's going to look back and say how did we do all this manually? You're going to see this sort of last mile of observability and troubleshooting is going to be automated everywhere because otherwise, you know, people are just... They're not going to be able to scale their business. So, you know, I think one more thing that's important to point out is, you know, I think Zebrium, you know, it's one thing to have the technology but we've learned we need to deliver it right where people are today. You can't just expect people to dive into a new tool. So, you know, we're looking at, you know, if you look at Zebrium, you'll put us on your dashboard and we don't care what kind of a dashboard it is. It could be, you know Datadog, New Relic, Elastic, Dynatrace, Grafana AppDynamics, ScienceLogic, we don't care. You know, they're all our friends. So we're more interested in getting to that root cause than trying to fight, you know, these incumbents and all that stuff. Yep. >> Yeah. So, interesting. Again, another analogy I think about. You know, you talked about automation. If we're to look back and say this is what... We're never going to do this again, it's like provisioning loans. Nobody provisions loans anymore, it's all automated. >> Larry: (chuckling) That's right. >> So Larry, I'll stay with you, then the skeptic in me says, this sounds amazing, but if I, you know... It might be too good to be true. Tell us how it works. >> Larry: (chuckling) Yeah. So that's interesting. So Cisco came along and they were equally skeptical. So what they did was they took a couple of months and they did a very detailed study. And they got together 192 incidents across four product lines, where they knew that the root cause was in the logs. And they knew what that root cause was because they had had their best engineers, you know work on those cases and take detailed notes of the incidents that had taken place. And so they ran that data through the Zebrium software. And what they found was that in more than 95% of those incidents, Zebrium reflected the correct root cause indicators at the correct time. Like that blew us away. When we saw that kind of evidence, Dave, I have to tell you, everyone was just jumping up and down. It was like, you know, it was like the Apollo command center, you know when they finally, you know, touchdown on the moon kind of thing. So, you know, it's really an exciting point in time to be at the company, like just seeing everything finally being proven out according to this vision. I'm going to tell you one more story which is actually one of my favorites, because we got a chance to work with Seagate Lyve Cloud. So they're, you know, a hyper modern, you know, SaaS business, they're an S3 competitor. Zoom has their files stored on Lyve Cloud, you know, to let you know who they are. So essentially, what happened was they were in alpha, their early access, and they had an outage, and it was pretty bad. I mean, it went on for longer than a day, actually, before they were completely restored. And it was, you know, fortunately for them, it was early access. So no one was expecting, you know, uptime, you know, service level objectives and so on. But they were scared, because they realized, if something like this happens in production, you know, they're screwed. So what they did was they saw Zebrium. They went and did some research, they saw Zebrium. They went in a staging environment, recreated the exact (indistinct) that they had had. And what they saw was immediately, Zebrium pops up a root cause report that tells them exactly the root cause that they took over a day to find. These are the kind of stories that let us know we're onto something transformational. >> Dave: Yeah. That's great. I mean, you guys are jumping up and down, I'm sure. We're going to hear from Cisco later. I bet you, they were jumping up and down too because they didn't have to do all that heavy lifting anymore. So Rod, Larry's just sort of implying that, or actually, you guys both talked about that your tool is agnostic. So how does one actually use the service? How do I deploy it? >> Yeah. So let me step back. So when we talk about logs right? Like, you know, all these bread crumbs being in logs and everything else? So, you know, they are a great wealth of you know, information, but people hate dealing with them. I mean, they hate having to go in and figure out what log to look at. In fact, you know, we had one of our... Or we've heard from several of our customers now prior to using Zebrium, when they, you know, have some issue, and they know there's something wrong, something on their dashboard has told them that something's wrong, maybe a metric has, you know, taken a blip or something's happened that they know there's a problem. We've heard from them that it can take like a number of hours just to get to the right set of logs, like figuring out over these hundreds of services where the logs are, to get to them, maybe searching in a log manager. Just to get into the right context, even, can take hours. So, you know, that's obviously the problem we solve but, you know, we don't want them just looking at logs. I mean, you know, we don't want to put them back in the thing they don't like doing because people don't do that. They don't like doing it. So we put it up on the dashboard. So if something is going wrong with your metrics and that's the indicator, or maybe it's something with tracing that you're sort of digging through that you know something's wrong, we will be right on that same dashboard. So we're deployed as a SaaS service. You send us your logs, you click on one of our integrations and we integrate with all these tools that Larry's talked about. And when we detect anything that is a root cause report, it will show up on your dashboard in the same timeline as those blips in your metrics. So when you see something going wrong and you know there's an issue, take a look at the portion of your dashboard that is us, and we're going to tell you why. We're going to get you to the why that went wrong. No other work could be... You can, you know, also click down and click through to us so that you land up in our portal, if you want to do some more digging around, if you need to or whatever, maybe to get some context what have you, but it's fair that if you ever need to do that, the answer should be right there on your dashboard. And that that's how we expect people to use it. We don't want them digging in logs and going through things, we want it to be right in their workflow. >> Great. Thank you, Larry. So Rod, we talked about Cisco. We're going to hear more from them in a moment in Seagate. I would think this is like a perfect solution for a SaaS provider, anybody doing AI ops. Do you have some examples of those types of firms leaning into this? >> Rod: Yeah, a couple of great ones. Well, I mean, we've got many of them, but a couple that I'll touch on. We have an actual AI ops company that was looking for, you know, sort of some complimentary technology and so on. And so they decided to just put us through our paces by having one of their own SREs sign up for our service in our SaaS environment, and send the logs from their system to us, you know, and just see how we did. So it turned out we ended up talking back to this SRE like a week after he had installed the product, you know signed up and then, you know, started sending us logs. And, you know, he was hewing and hawing, saying that he was busy, like every SRE is, and that he didn't have a chance to really do much with us yet. And, you know, we were just, you know, having this conversation on the phone, and he comes to tell us that, yeah I've been busy because we had this, you know, terrible outage, like, you know, five days ago. And we said like, "Okay did you actually look on the Zebrium dashboard?" (chuckles) And he goes, "You know what? I didn't even think to do it yet. I mean, I'd just been so busy and frazzled." So we have an integration with that company, he hadn't put that integration in, so it wasn't in his dashboard yet, but it was certainly on ours. So he went there, and he looks and he looks on the day, you know, on the time range of when he had had this incident. And right at the very top of the page on our portal was that incident with that root cause. And he was flabbergasted. It literally would've saved him hours and hours and hours. They had this issue going on for over 24 hours. And we had the answer right there in five minutes, and it was crazy. And we get that kind of stories. It's just like the Seagate one. If you use us and you have a problem, we're going to detect it. And you're going to hear from Cisco how successful we are at detecting things. I mean, it'll be there when you have a problem. In SaaS companies, you know, one of our customers is Alchera. They do cost optimizations for cloud properties, you know, for AWS optimization, Google, Google cloud, and so on. But they use our software, and they have a lot of interaction, obviously with these cloud vendors and the APIs of those cloud vendors. So, you know, in order to figure out your costing at AWS, they're using all those APIs. So it turned out, you know, they had some issue where their services were breaking. And we had that root cause report right on the screen, again within five minutes, that was pointing to an API problem with Google. And they had changed one of their APIs and Alchera was not aware of it. So their stuff was breaking because of a change downstream that we had caught. And I'll just tell you one last one because it's somewhat related to one of these cloud vendors. You know, it was a big cloud vendor who had an outage a couple of months ago. And it's interesting because, you know, a lot of our customers will set up shared Slack channels with us, where we're monitoring or seeing their incidents as well as they are. So we get a little Slack representation of the incident that we detected for them or the root cause that we detected for them, and that's in a shared community channel. So we could see this happening when that AWS outage happened. We could see our customers getting impacted by that AWS outage, and the root cause of what was going on there in AWS that was impacting our customers that was showing up in our incidents. Now we didn't obviously, you know, have the very root cause of what was going on in AWS, per se but we were getting to the root cause of why our customer's applications were failing. And that was because of issues going on at AWS. >> Very interesting. I mean, I think one of your biggest challenges is going to be getting people's attention because these SREs are so busy, their hair's on fire. >> Rod: That's it. Right. (chuckling). You know, when you say, hey, (indistinct). >> I tell you, if you get their attention, they love it. I mean, this AI ops company, I didn't even tell you the punchline there, but, you know, they had this incident that occurred that we found. And quite literally, the next week, they ended up signing up as a paid customer. So... >> Dave: that's great. And Larry, to give you the last word. I mean, you know, Rod was talking about, you know, changes in APIs and you know, there's still a lot of scripts out there. You guys, if I understand it correctly, run both as a service in the cloud and you can run on-prem, which is important because there's a lot of sensitive information in logs that people are trying not to leave. >> Larry: That's right. Absolutely. >> Dave: But close it out here. >> Yeah. I mean, that's right, you can run it on-prem. Just like we run it in our cloud, you can run it in your cloud or on your own infrastructure. Now that's all true. You know, I think the one hurdle now that we have left as a company is getting the word out and getting people to believe that this is actually possible and try it for themselves. You don't believe it, do a POC, try it yourself. And you know, people have become so jaded by the lack of, you know, real, sort of, innovation in the software industry for the last 10 years that it's hard to get people to... But guys, you got to give it a shot, I'm telling you. I'm telling you right now, it works. And you'll hear more about that from one of our customers in a minute. >> All right guys, thanks so much. Great story. Really appreciate you sharing. >> Thank you. >> Yeah. Thanks Dave. Appreciate the time. >> Okay. In a moment, we're going to hear from Cisco who is the customer in this case example and a company that has... Look, they have quite an impressive suite of observability tooling, and they've done a pretty compelling proof of concept with Zebrium using real data on some Cisco products that you've heard of, like WebEx. So stay tuned and learn about how you can really take advantage of this new technology called Root Cause As A Service. You're watching theCube, the leader in enterprise and emerging tech coverage. (upbeat music)

(upbeat music) >> Okay, we're back with Atri Basu who is Cisco's resident philosopher who also holds a master's in computer science. We're going to have to unpack that a little bit. And Necati Cehreli, who's technical lead at Cisco. Welcome, guys. Thanks for coming on theCUBE. >> Happy to be here. >> Thanks a lot. >> All right, let's get into it. We want you to explain how Cisco validated the Zebrium technology and the proof points that you have that it actually works as advertised. So first Atri, first tell us about Cisco TAC. What does Cisco TAC do? >> So TAC is otherwise it's an acronym for Technical Assistance Center, is Cisco's support arm, the support organization. And the risk of sounding like I'm spouting a corporate line. The easiest way to summarize what TAC does is provide world class support to Cisco customers. What that means is we have about 8,000 engineers worldwide and any of our Cisco customers can either go on our web portal or call us to open a support request. And we get about 2.2 million of these support requests a year. And what these support requests are, are essentially the customer will describe something that they need done some networking goal that they have that they want to accomplish. And then it's TACs job to make sure that that goal does get accomplished. Now, it could be something like they're having trouble with an existing network solution and it's not working as expected or it could be that they're integrating with a new solution. They're, you know, upgrading devices maybe there's a hardware failure anything really to do with networking support and, you know the customer's network goals. If they open up a case for testing for help then TACs job is to respond and make sure the customer's, you know questions and requirements are met. About 44% of these support requests are usually trivial and, you know can be solved within a call or within a day. But the rest of TAC cases really involve getting into the network device, looking at logs. It's a very technical role. It's a very technical job. You need to be conversed with network solutions, their designs, protocols, et cetera. >> Wow. So 56% non-trivial. And so I would imagine you spend a lot of time digging through logs. Is that true? Can you quantify that like, you know, every month how much time you spend digging through logs and is that a pain point? >> Yeah, it's interesting you asked that because when we started on this journey to augment our support engineers workflow with Zebrium solution, one of the things that we did was we went out and asked our engineers what their experience was like doing log analysis. And the anecdotal evidence was that on average an engineer will spend three out of their eight hours reviewing logs either online or offline. So what that means is either with the customer live on a WebEx, they're going to be going over logs, network, state information, et cetera or they're going to do it offline where the customer sends them the logs it's attached to a, you know, a service request and they review it and try to figure out what's going on and provide the customer with information. So it's a very large chunk of our day. You know, I said 8,000 plus engineers and so three hours a day that's 24,000 man hours a day spent on log analysis. Now the struggle with logs or analyzing logs is there by out of necessity, logs are very contrite. They try to pack a lot of information in a very little space. And this is for performance reasons, storage reasons, et cetera, but the side effect of that is they're very esoteric. So they're hard to read if you're not conversant if you're not the developer who wrote these logs or you aren't doing code deep dives. And you're looking at where this logs getting printed and things like that, it may not be immediately obvious or even after a little while it may not be obvious what that log line means or how it correlates to whatever problem you're troubleshooting. So it requires tenure. It requires, you know, like I was saying before it requires a lot of knowledge about the protocol what's expected because when you're doing log analysis what you're really looking for is a needle in a haystack. You're looking for that one anomalous event, that single thing that tells you this shouldn't have happened, and this was a problem right. Now doing that kind of anomaly detection requires you to know what is normal. It requires, you know, what the baseline is. And that requires a very in depth understanding of, you know the state changes for that network solution or product. So it requires time to near and expertise to do well. And it takes a lot of time even when you have that kind of expertise. >> Wow. So thank you, Atri. And Necati, that's almost two days a week for a technical resource. That's not inexpensive. So what was Cisco looking for to sort of help with this and how'd you stumble upon Zebrium? >> Yeah, so, we have our internal automation system which has been running more than a decade now. And what happens is when a customer attach log bundle or diagnostic bundle into the service request we take that from the Sr we analyze it and we represent some kind of information. You know, it can be alerts or some tables, some graph, to the engineer, so they can, you know troubleshoot this particular issue. This is an incredible system, but it comes with its own challenges around maintenance to keep it up to date and relevant with Cisco's new products or a new version of a product, new defects, new issues and all kind of things. And when I mean with those challenges are let's say Cisco comes up with a product today. We need to come together with those engineers. We need to figure out how this bundle works, how it's structured out. We need to select individual logs, which are relevant and then start modeling these logs and get some values out of those logs, using PaaS or some rag access to come to a level that we can consume the logs. And then people start writing rules on top of that abstraction. So people can say in this log I'm seeing this value together with this other value in another log, maybe I'm hitting this particular defect. So that's how it works. And if you look at it, the abstraction it can fail the next time. And the next release when the development or engineer decides to change that log line which you write that rag X or we can come up with a new version which we completely change the services or processes then whatever you have wrote needs to be re-written for the new service. And we see that a lot with products, like for instance, WebEx where you have a very short release cycle that things can change maybe the next week with a new release. So whatever you are writing, especially for that abstraction and for those rules are maybe not relevant with that new release. With that being said we have a incredible rule creation process and governance process around it which starts with maybe a defect. And then it takes it to a level where we have an automation in place. But if you look at it, this really ties to human bandwidth. And our engineers are really busy working on you know, customer facing, working on issues daily and sometimes creating news rules or these PaaS are not their biggest priorities so they can be delayed a bit. So we have this delay between a new issue being identified to a level where we have the automation to detect it next time that some customer faces it. So with all these questions and with all challenges in mind we start looking into ways of actually how we can automate these automation. So these things that we are doing manually how we can move it a bit further and automate. And we had actually a couple of things in mind that we were looking for and this being one of them being this has to be product agnostic. Like if Cisco comes up with a product tomorrow I should be able to take it logs without writing, you know, complex regs, PaaS, whatever and deploy it into this system. So it can embrace our logs and make sense of it. And we wanted this platform to be unsupervised. So none of the engineers need to create rules, you know, label logs, this is bad, this is good. Or train the system like which requires a lot of computational power. And the other most important thing for us was we wanted this to be not noisy at all because what happens with noises when your level of false positives really high your engineers start ignoring the good things between that noise. So they start the next time, you know thinking that this thing will not be relevant. So we want something with a lot more less noise. And ultimately we wanted this new platform or new framework to be easily adaptable to our existing workflow. So this is where we started. We start looking into the, you know first of all, internally, if we can build this thing and also start researching it, and we came up to Zebrium actually Larry, one of the co-founders of Zebrium. We came upon his presentation where he clearly explained why this is different, how this works and it immediately clicked in and we said, okay, this is exactly what we were looking for. We dive deeper. We checked the block posts where Zebrium guys really explain everything very clearly there. They're really open about it. And most importantly, there is a button in their system. And so what happens usually with AI ML vendors is they have this button where you fill in your details and a sales guys call you back and you know, explains the system here. They were like, this is our trial system. We believe in the system you can just sign up and try it yourself. And that's what we did. We took one of our Cisco live DNA Center, wireless platforms. We start streaming logs out of it. And then we synthetically, you know, introduce errors like we broke things. And then we realized that Zebrium was really catching the errors perfectly. And on top of that, it was really quiet unless you are really breaking something. And the other thing we realized was during that first trial is Zebrium was actually bringing a lot of context on top of the logs. During those failures, we worked with couple of technical leaders and they said, "Okay if this failure happens I'm expecting this individual log to be there." And we found out with Zebrium apart from that individual log there were a lot of other things which gives a bit more context around the root cause, which was great. And that's where we wanted to take it to the next level. Yeah. >> Okay. So, you know, a couple things to unpack there. I mean, you have the dart board behind you which is kind of interesting, 'cause a lot of times it's like throwing darts at the board to try to figure this stuff out. But to your other point, Cisco actually has some pretty rich tools with AppD and doing observability and you've made acquisitions like thousand eyes. And like you said, I'm presuming you got to eat your own dog food or drink your own champagne. And so you've got to be tools agnostic. And when I first heard about Zebrium, I was like wait a minute. Really? I was kind of skeptical. I've heard this before. You're telling me all I need is plain text and a timestamp. And you got my problem solved. So, and I understand that you guys said, okay let's run a POC. Let's see if we can cut that from, let's say two days a week down to one day, a week. In other words, 50%, let's see if we can automate 50% of the root cause analysis. And so you funded a POC. How did you test it? You put, you know, synthetic, you know errors and problems in there, but how did you test that, it actually works Necati? >> Yeah. So we wanted to take it to the next level which is meaning that we wanted to back test is with existing SaaS. And we decided, you know, we chose four different products from four different verticals, data center security, collaboration, and enterprise networking. And we find out SaaS where the engineer put some kind of log in the resolution summary. So they closed the case. And in the summary of the SR, they put "I identified these log lines and they led me to the root cause" and we ingested those log bundles. And we tried to see if Zebrium can surface that exact same log line in their analysis. So we initially did it with archery ourself and after 50 tests or so we were really happy with the results. I mean, almost most of them we saw the log line that we were looking for but that was not enough. And we brought it of course to our management and they said, "Okay, let's try this with real users" because the log being there is one thing but the engineer reaching to that log is another take. So we wanted to make sure that when we put it in front of our users, our engineers, they can actually come to that log themselves because, you know, we know this platform so we can, you know make searches and find whatever we are looking for but we wanted to do that. So we extended our pilots to some selected engineers and they tested with their own SaaS. Also due some back testing for some SaaS which are closed in the past or recently. And with a sample set of, I guess, close to 200 SaaS we find out like majority of the time, almost 95% of the time the engineer could find the log they were looking for in Zebrium's analysis. >> Yeah. Okay. So you were looking for 50%, you got the 95%. And my understanding is you actually did it with four pretty well known Cisco products, WebEx client, DNA Center Identity services, engine ISE, and then UCS. Unified pursuit. So you use actual real data and that was kind of your proof point, but Atri, so that sounds pretty impressive. And have you put this into production now and what have you found? >> Well, yes, we've launched this with the four products that you mentioned. We're providing our TAC engineers with the ability, whenever a support bundle for that product gets attached to the support request. We are processing it, using sense and then providing that sense analysis to the TAC engineer for their review. >> So are you seeing the results in production? I mean, are you actually able to reclaim that time that people are spending? I mean, it was literally almost two days a week down to you know, a part of a day, is that what you're seeing in production and what are you able to do with that extra time and people getting their weekends back? Are you putting 'em on more strategic tasks? How are you handling that? >> Yeah. So what we're seeing is, and I can tell you from my own personal experience using this tool that troubleshooting any one of the cases, I don't take more than 15 to 20 minutes to go through the Zebrium report. And I know within that time either what the root causes or I know that Zebrium doesn't have the information that I need to solve this particular case. So we've definitely seen, well it's been very hard to measure exactly how much time we've saved per engineer, right? Again, anecdotally, what we've heard from our users is that out of those three hours that they were spending per day, we're definitely able to reclaim at least one of those hours and what even more importantly, you know, what the kind of feedback that we've gotten in terms of I think one statement that really summarizes how Zebrium's impacted our workflow was from one of our users. And they said, "Well, you know, until you provide us with this tool, log analysis was a very black and white affair, but now it's become really colorful." And I mean, if you think about it log analysis is indeed black and white. You're looking at it on a terminal screen where the background is black and the text is white, or you're looking at it as a text where the background is white and the text is black, but what they're really trying to say is there are hardly any visual cues that help you navigate these logs which are so esoteric, so dense, et cetera. But what Zebrium does is it provides a lot of color and context to the whole process. So now you're able to quickly get to, you know using their Word Cloud, using their interactive histogram, using the summaries of every incident. You're very quickly able to summarize what might be happening and what you need to look into. Like, what are the important aspects of this particular log bundle that might be relevant to you? So we've definitely seen that. A really great use case that kind of encapsulates all of this was very early on in our experiment. There was this support request that had been escalated to the business unit or the development team. And the TAC engineer had really, they had an intuition about what was going wrong because of their experience because of, you know the symptoms that they'd seen. They kind of had an idea but they weren't able to convince the development team because they weren't able to find any evidence to back up what they thought was happening. And it was entirely happenstance that I happened to pick up that case and did an analysis using Zebrium. And then I sat down with a TAC engineer and we were very quickly within 15 minutes we were able to get down to the exact sequence of events that highlighted what the customer thought was happening, evidence of what the sorry not the customer what the TAC engineer thought was a root cause. And then we were able to share that evidence with our business unit and, you know redirect their resources so that we could chase down what the problem was. And that that really shows you how that color and context helps in log analysis. >> Interesting. You know, we do a fair amount of work in theCUBE in the RPA space, the robotic process automation and the narrative in the press when our RPA first started taking off was, oh, it's, you know machines replacing humans, or we're going to lose jobs. And what actually happened was people were just eliminating mundane tasks and the employees actually very happy about it. But what my question to you is was there ever a reticence amongst your team? Like, oh, wow, I'm going to lose my job if the machine's going to replace me or have you found that people were excited about this and what's been the reaction amongst the team? >> Well, I think, you know, every automation and AI project has that immediate gut reaction of you're automating away our jobs and so forth. And there is initially there's a little bit of reticence but I mean, it's like you said once you start using the tool, you realize that it's not your job, that's getting automated away. It's just that your job's becoming a little easier to do and it's faster and more efficient. And you're able to get more done in less time. That's really what we're trying to accomplish here. At the end of the day, Zebrium will identify these incidents. They'll do the correlation, et cetera. But if you don't understand what you're reading then that information's useless to you. So you need the human you need the network expert to actually look at these incidents, but what we are able to skin away or get rid of is all of is all the fat that's involved in our process like without having to download the bundle, which, you know when it's many gigabytes in size and now we're working from home with the pandemic and everything, you're, you know pulling massive amounts of logs from the corporate network onto your local device that takes time and then opening it up, loading it in a text editor that takes time. All of these things are we're trying to get rid of. And instead we're trying to make it easier and quicker for you to find what you're looking for. So it's like you said, you take away the mundane you take away the difficulties and the slog but you don't really take away the work the work still needs to be done. >> Yeah, great. Guys, thanks so much appreciate you sharing your story. It's quite, quite fascinating. Really. Thank you for coming on. >> Thanks for having us. >> You're very welcome. >> Excellent. >> Okay. In a moment, I'll be back to wrap up with some final thoughts. This is Dave Vellante and you're watching theCUBE. (upbeat music)

(bright intro music) >> Full stack observability is all the rage today. As businesses lean in to digital, customer experience becomes ever more important, why? Well, it's obvious. Fickle consumers can switch brands in the blink of an eye or the click of a mouse. Technology companies have sprung into action, and the observability space is getting pretty crowded in an effort to simplify the process of figuring out the root cause of application performance problems without an army of PhDs and lab coats, also known as endlessly digging through logs, for example. We see decades-old software companies that have traditionally done monitoring or log analytics and/or application performance management stepping up their game. These established players, you know, they typically have deep feature sets and sometimes purpose built tools that attack one particular segment of the marketplace, and now, they're pivoting through M&A and some organic development trying to fill gaps in their portfolio, and then you got all these new entrants coming to the market claiming end to end visibility across the so-called modern cloud and now edge-native stacks. Meanwhile, cloud players are gaining traction and participating through a combination of native tooling combined with strong ecosystems to address this problem, but, you know, recent survey research from ETR confirms our thesis that no one company has at all. Here's the thing. Customers just want to figure out the root cause as quickly and efficiently as possible. It's one thing to observe the stack end to end, but the question is who is automating the observers? And that's why we're here today. Hello, my name is Dave Vellante, and welcome to this special "CUBE" presentation where we dig into root cause analysis and, specifically, how one company, Zebrium, is using unsupervised machine learning to detect anomalies and pinpoint root causes and delivering it as an automated service. In this session, we have two deep dives. First, we're going to dig into this exciting new field of RCA, root cause as a service, with two of the founders and technical experts behind Zebrium, and then we bring in two technical experts from Cisco, an early Zebrium customer who ran a POC with Zebrium's service, automating and identifying root cause problems within four very well established and well-known Cisco product lines including Webex client and UCS. I was pretty amazed at the results, and I think you'll be impressed as well. So thanks for being here. Let's get started with me right now is Larry Lancaster who's a founder and CTO of Zebrium, and he's joined by Rod Bagg who's a founder and Vice-President of Engineering at the company. Gents, welcome, thanks for coming on. >> Thanks. >> (indistinct). >> To be here. >> Great to be here. >> All right, Rod, talk to me. Talk to me about software downtime, what root cause means, all the buzzwords in your domain, MTTR and SLO, what do we need to know? >> Yeah, I mean, it's like you said. I mean, it's extremely important to our customers and to most businesses out there to drive up time and avoid as much downtime as possible. So, you know, when you think about it, all of these businesses, most companies nowadays, either their product is software and it's running, you know, running on the web, and that that's how you get a point click or their business depends on it and, you know, internal systems to drive their business and to run it. Now, when that is down, that is hugely impacting to them. So if you take a look, you know, way back, you know, 20, 30 years ago, software was simple. You know, there wasn't much to it. It was pretty monolithic, and maybe it took a couple of people to maintain it and keep it running. It wasn't really anything complicated about it. It was a single tenant piece of software. Today's software is so complicated, often running, you know, maybe hundreds of services to keep that or to actually implement what that software is doing. So as you point out, you know, enter the sort of observability space and the tools that are now in use to help monitor that software and make sure when something goes wrong, they know about it, but there's kind of an interesting stat around the observability space. So when you look at observability in the context or through the lens of the cost of downtime, it's really interesting. So observability tools are about a $20 billion market, okay? But the cost of downtime, even with that in place, is still hundreds of billions of dollars. So you're not taking much of a bite out of what the real problem is. You have to solve root cause and get to that fast. So it's all great to know that something went wrong, but you got to know why, and it it's our contention here that, you know, really, when you take a look at the observability space, you have metrics. That's a great tool. I mean, there's lots of great tools out there, you know, around metrics monitoring that's going to tell you when something went wrong. It's very rarely it's going to tell you why. Similarly for tracing, it's going to point you to where the issue is. It's going to take you through that stack and probably pinpoint where you're being, you know, where it's happening or where something is running slow potentially. So that's great, but again, the root cause of why it's happening is going to be buried in log files, and I can expand on that a little bit more, but, you know, when you're a software developer, and you're writing your software, those log files are a wealth of information. It's just a set of breadcrumbs that are littered with facts about how the software is behaving and why it's doing what it's doing or why it went wrong, and it's that that really gets you to the root cause very fast, and that's, our contention is that these software systems are so complex nowadays, and that the root cause is lying in those logs. So how do you get there fast? You know, we would contend that you better automate that or you're just doomed for failure, and that's where we come in. >> Great. >> Getting to that request. >> Thank you, Rod. You know, it's interesting. You talk about the $20 billion market. There's an analogy with security, right? We spend 80, $100 billion a year on securing our infrastructure, and yet we lose, probably, closer to a trillion dollars a year in breaches, and there's a similar analogy here. 20 billion could be 5x in downtime impacts or more. Okay, let's go to Larry. Tell us a little bit more about Zebrium. I'm interested always to ask a founder why you started the company. Rod touched on that a little bit. You guys have invented this concept of RCAs. What does it mean? What problems does it solve? And how does it solve the problem? Let's get into it. >> Yeah, hey, thanks, Dave. So I think when you said, you know, who's automating the observer? That's a great way to think about it because what observability really means is it's a property of a system that means you can see into it. You can observe the internal state, and that makes it easier to troubleshoot, right? But the problem is if it's too complicated, you just push the bottleneck up to your eyeball. There's only so much a person can filter through manually, right? And I love the way you put that. So that's a great way to think about it is automating the observer. Now, of course, it means that, you know, you reduce your MTTR, you meet your service level objectives, all that stuff, you improve customer experience, that's all true, but it's important to step back and realize like we have cracked a real nut here. People have been trying to figure out how to automate this part of sort of the troubleshooting experience, this human part of finding the root cause indicators for a long time, and until Zebrium came along, I would argue no one's really done it right. So, you know, I think it's also important, you know, as we step back, we can probably look forward five to 10 years and say, "Everyone's going to look back and say, 'How did we do all this manually?'" You're going to see this sort of last mile of observability and troubleshooting is going to be automated everywhere because otherwise, you know, people are just, they're not going to be able to scale their business. So, you know, I think one more thing that's important to point out is, you know, I think Zebrium, you know, it's one thing to have the technology, but we've learned we need to deliver it right where people are today. You can't just expect people to dive into a new tool. So, you know, we're looking at, you know, if you look at Zebrium, you'll put us on your dashboard, and we don't care what kind of a dashboard it is. It could be, you know, Datadog, New Relic, Elastic, Dynatrace, Grafana, AppDynamics, ScienceLogic, we don't care. You know, they're all our friends. So we're more interested in getting to that root cause than trying to fight, you know, these incumbents and all that stuff, yeah. >> Yeah, so interesting. Again, another analogy I think about, you know, you talked about automation, where to look back, and say, "This is what- We're never going to do this again." It's like provisioning LANs. Nobody provisioned LANs anymore. It's all automated. >> That's correct. >> So, Larry, stay with you. The skeptic in me says, "This sounds amazing," but if, you know, it probably too good to be true. Tell us how it works. >> Yeah, so that's interesting. So Cisco came along and they were equally skeptical. So what they did was they took a couple of months, and they did a very detailed study, and they got together 192 incidents across four product lines where they knew that the root cause was in the logs, and they knew what that root cause was because they'd had their best engineers, you know, work on those cases and take detailed notes of the incidents that had taken place, and so they ran that data through the Zebrium software, and what they found was that in more than 95% of those incidents, Zebrium reflected the correct root cause indicators at the correct time. Like that blew us away. When we saw that kind of evidence, Dave, I have to tell you, everyone was just jumping up and down. It was like, you know, it was like the Apollo Command Center, you know, when they finally, (Dave laughs) you know, touchdown on the moon kind of thing. So, you know, it's really exciting at a point in time to be at the company, like just seeing everything finally being proven out according to this vision. I'm going to tell you one more story, which is actually one of my favorites, because we got a chance to work with Seagate Lyve Cloud. So they're, you know, a hyper modern, you know, SaaS business. They're an S3 competitor. Zoom has their files stored on Lyve Cloud to give, you know, to let you know who they are. So, essentially, what happened was they were in alpha, in their early access, and they had an outage, and it was pretty bad. I mean, it went on for longer than a day, actually, before they were completely restored, and it was, you know, fortunately, for them, it was early access. So no one was expecting, you know, uptime, you know, service level objectives and so on, but they were scared because they realized if something like this happens in production, you know, they're screwed. So what they did was they saw Zebrium, they did some research, they saw Zebrium. They went in a staging environment, recreated the exact (indistinct) that they'd had, and what they saw was, immediately, Zebrium pops up a root cause report that tells them exactly the root cause that they took over a day to find. These are the kind of stories that let us know we're onto something transformational. >> Yeah, that's great. I mean, you guys are jumping up and down. I'm sure, we're going to hear from Cisco later. I bet you, they were jumping up and down, too, 'cause they didn't have to do all that heavy lifting anymore. So Rod, Larry's just sort of implying that or, actually, you guys both talked about that your tool's agnostic. So how does one actually use the service? How do I deploy it? >> Yeah, so let me step back. So when we talk about logs, right? Like, you know, all these red crumbs being in logs and everything else. So, you know, they are a great wealth of, you know, information, but people hate dealing with them. I mean, they hate having to go in and figure out what log to look at. In fact, you know, we had one of our, or we've heard from several of our customers now prior to using Zebrium, but when they're, you know, have some issue, and they know there's something wrong, something on their dashboard has told them that something's wrong, maybe a metrics is, you know, taken a blip or something's happened that they know there's a problem, we've heard from them that it can take like a number of hours just to get to the right set of logs, like figuring out over these hundreds of services where the logs are to get to them, maybe searching in a log manager, just to get into the right context even can take hours. So, you know, that's obviously the problem we solve, but, you know, we don't want them just looking at logs. I mean, you know, we don't want to put 'em back in the thing they don't like doing 'cause people don't do what they don't like doing. So we put it up on the dashboard. So if something is going wrong with your metrics, and that's the indicator or maybe it's something with tracing that you're sort of digging through now that you know something's wrong, we will be right on that same dashboard. So we're deployed as a SaaS service. You send us your logs. You click on one of our integrations, and we integrate with all these tools that Larry's talked about, and when we detect anything that is a root cause report, it will show up on your dashboard in the same timeline as those blips in your metrics. So when you see something going wrong, and you know there's an issue, take a look at the portion of your dashboard that is us, and we're going to tell you why. We're going to get you to the why that went wrong. Not no other work could be- You can, you know, also click down and click through to us so that you land up in our portal if you want to do some more digging around if you need to or whatever, maybe to get some context, what have you, but it's fair that you ever need to do that. The answer should be right there on your dashboard, and that's how we expect people to use it. We don't want them digging in logs and going through things. We want it to be right in their workflow. >> Great, thank you, Larry. So Rod, we talked about Cisco. We're going to hear more from them in a moment and Seagate. I would think this is like a perfect solution for a SaaS provider, anybody doing AIOps, do you have some examples of those types of firms leaning into this? >> Yeah, a couple of great, well, I mean, we got many of them, but couple that I'll touch on. We have an actual AIOps company that was looking for, you know, sort of some complimentary technology and so on, and so they decided to just put us through our paces by having one of their own SREs sign up for our service in our SaaS environment and send the logs from their system to us, you know, and just see how we did. So it turned out we ended up talking back to this SRE like a week after he had installed the product, you know, signed up, and then, you know, started sending us logs, and, you know, he was hemming and hawing saying that he was busy like, you know, like every SRE is, and that he didn't have a chance to really do much with us yet, and, you know, we just, you know, having this conversation on the phone, and he comes to tell us that, "Yeah, I've been busy because we had this, you know, terrible outage like, you know, five days ago," and we said like, "Okay, did you actually look on the Zebrium dashboard?" (laughs) And he goes, "You know what? I didn't even think to do it yet. I mean, I'd just been so busy and frazzled." So we have an integration with that company. He hadn't put that integration in so it wasn't in his dashboard yet, but it was certainly on ours. So he went there and he looks on the day like, you know, on the time range of when he had this incident, and right at the very top of the page on our portal was the incident with the root cause, and he was flabbergasted. It literally would've saved him hours and hours and hours. They had this issue going on for over 24 hours, and we had the answer right there in five minutes, and it was crazy, and we get that kind of story. It's just like the Seagate one. If you use us and you have a problem, we're going to detect it, and you're going to hear from Cisco how successful we are at detecting things. I mean, it'll be there when you have a problem. In SaaS companies, you know, one of our customers is Archera. They do cost optimizations for cloud properties, you know, for AWS optimization, Google cloud, and so on, but they use our software, and they have a lot of interaction, obviously, with these cloud vendors and the APIs of those cloud vendors. So, you know, in order to figure out you're costing at AWS, they're using all those APIs. So it turned out, you know, they had some issue where their services were breaking and we had that root cause report right on the screen, again, within five minutes that was pointing to an API problem with Google, and they had changed one of their APIs, and Archera was not aware of it. So their stuff was breaking because of a change downstream that we had caught, and I'll just tell you one last one because it's somewhat related to one of these cloud vendors of, you know, big cloud vendor who had an outage couple of months ago, and it's interesting because, you know, lot of our customers will set up shared Slack channels with us where we're monitoring or seeing their incidents as well as they are. So we get a little Slack representation of the incident that we detected for them or the root cause that we've detected for them, and that's in a shared community channel. So we could see this happening when that AWS outage happened. We could see our customers getting impacted by that AWS outage and the root cause of what was going on there in AWS that was impacting our customers, that was showing up in our incidents. Now, we didn't obviously, you know, have the very root cause of what was going on in AWS per se, but we were getting to the root cause of why our customer's applications were failing, and that was because of issues going on at AWS. >> Very interesting. I mean, I think one of your biggest challenge is going to be getting people's attention because these SREs is so busy, their hair's on fire. (all laughs) You know, he's like, "Hey, chap, I'm going to show you, look at this." >> I tell you. You get their attention, they love it. I mean, this AIOps company, I didn't even tell you the punchline there, but, you know, they had this incident that occurred that we found and, quite literally, the next week, they ended up signing up as a paid customer, so. >> That's great, and Larry, give you the last word. I mean, you know, Rod was talking about, you know, changes in APIs, and, you know, there's still a lot of scripts out there. You guys, if I understand it correctly, run both as a service in the cloud and you can run on-prem, which is important because there's a lot of sensitive information in logs and people don't want to leave. >> That's right, absolutely. >> But, yeah, close it out here. >> Yeah, I mean, you can, that's right, you can run it on-prem, just like we run it in our cloud. You can run it in your cloud or on your own infrastructure. Now, that's all true. You know, I think the one hurdle now that we have left as a company is getting the word out and getting people to believe that this is actually possible and try it for themselves. You don't believe it? Do a POC, try it yourself. And, you know, people have become so jaded by the lack of, you know, real sort of innovation in the software industry for the last 10 years that it's hard to get people to... But guys, you got to give it a shot. I'm telling you. I'm telling you right now, it works, and you'll hear more about that from one of our customers in a minute. >> Alright guys, thanks so much. Great story, really appreciate you sharing. >> Thank you. >> Yeah, thanks, Dave. Appreciate the time. >> Okay, in a moment, we're going to hear from Cisco who is the customer in this case example, and a company that is... Look, they have quite an impressive suite of observability tooling, and they've done a pretty compelling proof of concept with Zebrium using real data on some Cisco products that you've heard of like Webex. So stay tuned and learn about how you can really take advantage of this new technology called root cause as a service. You're watching "theCUBE", the leader in enterprise and emerging tech coverage. (bright outro music)

(bright music) >> Hey, welcome to this "CUBE Conversation." I'm your host, Lisa Martin. I've got two guests from NETSCOUT here with me today. Eileen Haggerty joins us, the AVP of Product and Solutions Marketing and Jason Chaffee, Senior Product Manager. We're going to be talking about the importance of quality end user experience with UC&C, Unified Communications and Collaborations services for something that will be near and dear to all of our hearts, employee productivity. Eileen, let's go ahead and start with you and the impact of COVID on UC&C, what has it been? >> Oh, Lisa, great question, because we really have seen an evolution in the importance and reliance on UCC. COVID would not have allowed us to go to work, do business continuity, any of those things had it not been for strong communications platforms to help us do that. And in fact, really the hero of all of this has been what's called Unified Communications as a Service or UCaaS. Enterprise businesses really depended entirely on the communications between the home office and the employees remotely. This is also known to be the way we all went to work. It was no longer a car. We picked up the phone basically or the computer. So Zoom, WebEx, Teams, Google Meets, they've all become household names really over the last two years. That's kind of exciting for them. And businesses during that period of time expanded their tools to keep business running and employees in communication using these very platforms, and we'll refer to this a couple of times during this conversation too, Lisa. We did a survey at the end of 2021, IT leaders, about their use of UCaaS and UCC during this period of time. We found that almost of them had used collaboration tools, and in fact, added to their arsenal of tools during this period of time to such an extent that they're now ranging, the majority of them, between three and nine different platforms that their corporate employees use. This became unwieldy, of course, during that time, and so their strategy going forward is going to be to reduce some of that number, but pretty interesting details. >> Yeah, between three and nine is a lot, and certainly, UC&C became a lifeline for all of us, professionally and personally. Even my mom learned how to use Zoom during this time. I was pretty proud of helping her with that. But, Jason, talk to us about all these new communication services. We're completely dependent on them, but overall what have you found out in terms of how they worked out? >> Well, to be honest with you, I think from the IT organization, it's been a challenge. It's been difficult. I think every IT organization is really motivated to ensure the quality of the services throughout the whole company, but as you can imagine, the increase of these communications Eileen just talked about during the pandemic is just significantly increasing the number of IT help desk tickets that have come through. And in that survey that Eileen just talked about, in fact, a third of those that responded said that 50 to 75% of their help desk tickets right now are related to UC&C or UCaaS services, and in fact, they say that over half of them have said that they get those tickets at least once a day, if not multiple times a day. And I think another big aspect of this that's been a challenge is everybody working from home now and the whole hybrid environment, and IT teams are really trying to understand and make sure that they get the same delivery of services if they were in the corporate headquarters, and I think they felt a loss of control and visibility in the services that are being delivered. I think the other thing that came out of this survey was about 25% of those said that they could get these issues if and when they happen, resolved in just a matter of minutes, but most said that it can take hours or even days to get through those, and that's obviously a really bad look for the company and really hinders productivity. So overall, I'd say it's been a challenge. I think as this onslaught of services that have come through and hampered and that everyone's trying to manage and get through, along with the lack of visibility when everybody's working from home. Of course, it's been fantastic for those of us that are working from home and made everything easier, but I think it's just made it that much more difficult for the IT teams that are trying to manage this new environment. >> Right, definitely difficulty behind the scenes there. You talked about the 25% of IT organizations being able to resolve quickly, but that leaves 75% of organizations where it takes more than a few minutes, and I can imagine individually, that might not be a big impact, but, Eileen, overall if it's taking more than a few minutes to resolve UC&C IT help desk issues, what's the overall impact to a business? >> It can be significant, and we hear a lot of little stories sadly sometimes on Lester Holt's evening news, but really what you are looking at here are longer periods of time where employees can't talk to each other. We've got email. We can probably compensate a different manner, but when it happens to be your customers not being able to talk to customer service reps in the contact center, couple of hours, that can be a big issue. Partners and suppliers who might be trying to get you important information very quickly. Maybe it's a supply chain issue item that they want to alert you to that you need to act on. That's a long period of time. And I think it's kind of important here to call out one special group, and that would be corporate executives. I think we've all heard about these big town hall meetings that corporate executives may be holding with employees or investors and all of a sudden their UCaaS support freezes, or it doesn't connect the voice in the video, and all of a sudden, you've got a very embarrassing situation. It really gets the attention of the public. Losing communication for a couple of hours, bottom line, it is going to impact productivity, customer service, and it could impact reputation, especially with those social media influencers that we all both favor and fear. So, when we were talking about our survey results, that is actually a top concern of IT executives, that productivity will get hit if communications problems do exist. So I think really ultimately for all of us in the business, disruptions and communication, it's going to be bad for business, any length. >> It is bad for business at any length, and that's a huge risk for businesses in any industry. I've been on those executive town halls where video wouldn't connect, and you just think, as much as we wanted that human connection during this time, and you couldn't get it, it made the the interaction not as ideal and obviously a risk for the organization. So, Jason, how can IT then jump in and resolve these disruptions faster, because time is of the essence here? >> Well, yeah, exactly. As we've discussed and Eileen just talked about, I think resolving issues quickly is really the key. I think we all know issues are going to happen, they just will, but it's really the IT team that can solve those the fastest is the team that's going to win, and so I think that's really the key to all of that. And one of the things that comes out of that is, again, from this survey is that only about 54% of the respondents said that they felt confident that they could understand root cause and be able to get to those issues quickly, which leaves about 43%, almost as many, that said they were less than confident or somewhat confident in finding that root cause, and so I think that's really the key there is really having the confidence to be able to find that, and to get that confidence, you need to be able to understand root cause quickly. And in order to get that, I think you need a combination of two things, which is passive, packet-based monitoring as well as continuous active testing or monitoring of those solutions. So, what I mean by that is being able to automatically and continuously test these services, even if nobody's on the system and nobody's on trying to make a phone call. So you have somebody who's trying to host, an active agent that's trying to host a meeting and others that are trying to join the meeting and sending an audio and sending and receiving video and looking at the measurements and trying to take all of that data in to really proactively understand what's going on and doing this every 15 minutes or every once an hour to really, again, get ahead of things before they become a problem. But I think beyond that, it's really about being able to take that data and the packets from those transactions that you were just testing and be able to trend that data and define problems and diagnose issues proactively. Again, as Eileen just said, before the CEO gets on there and tries to make his town hall call, so that that's really important to be able to solve those things more quickly. I think it's really a combination of a passive, scalable monitoring solution along with scheduled automatic testing of those, and along with the packets that go with that, that's really a combination of both. It's kind of a best of both worlds in order to get those things solved quickly. >> To get them solved quickly, I want to go back to something that Eileen said. You mentioned the word 'confidence,' and that I think it's important to point out that you're not saying that trivially, that IT needs to have the confidence that it has the right solutions in place to discover these faster. Eileen, from your perspective, talk to me about what that confidence means to IT and how it can shift up the stack to the C-suite. >> You know, honestly, processes and policies in these organizations are critical. They need to be able to notice when the trouble ticket comes in, and there's a lot of 'em, let's face it, and they're coming from all kinds of locations. Now, it's some of the remote offices. Some of 'em are still people at home. You've got to be able to know where to turn, what screen to use, what tool to adjust, what workflow to process, and that does come with practice, but it also comes with a solid set of tools and visibility strategies, and then you follow that process through, you work together. Maybe the voice, people in the network, people have to work together, maybe the cloud people, 'cause it's a contract with UCaaS, work together, gather the evidence and pinpoint the solution that's going to fix the problem with those locations. And it is, it becomes then a confidence builder, proof points. >> Right, proof points are critical. So, the solution that you both talked about, Jason, you elaborated on this, I'd love to get some real world examples. Tell me how you've seen this in practice. Jason, we'll start with you and then, Eileen, we'll go to you. >> Okay, yeah, great, I was just thinking of one that we had that really was one of the largest insurance companies in the country, if not the world, and when the pandemic hit, they suddenly had to send everybody home, and this is the lifeblood of their company, the contact centers that are answering these calls and the ones that were processing these claims. And as everybody went home, their strategy really was to actually go buy new laptops for everyone and implement VPNs that had a little bit of, but not fully and then implement SD-WAN, and so they had all of this traffic going over VPNs and through SD-WANs and new UCaaS solutions and all of this and what they quickly learned and found out was they just didn't have the visibility to be able to fuel, again, that word confidence that they were serving their their customers very well. So, they actually implemented one of our solutions and put these agents out at all their different desktops and started watching and doing these proactive calls and making going through the meeting life cycle and actually testing the bandwidths of their SD-WAN and ensuring all of those services. And what they found was they were able to solve some of the solutions that are even harder to solve normally, because it was affecting some users, but not all of them, and that's often harder to try and get their arms around. And so as they continued to do this, and just got their arms more around it and got more visibility, they really feel like everything's under control. And as of now, they're actually planning on leaving all those users working from home now, because they can actually ensure the same type of experience for both the users and for their customers as if those people were working from their corporate headquarters. >> Jason, that sort of sounds like a bit of a COVID silver lining. >> (laughs) Yeah, I think so. I think a lot of us actually started working from home and so there was kind of the silver lining of flexibility for the employee, but for the customer and the company itself, they learned this new visibility and this new way to ensure that across everywhere, wherever they may be, and I don't know that that would've come out without the COVID silver lining, as you just said. So I think it was something that really came out of it that might've been a good thing. >> And there are a few of those, which is nice. Eileen, talk to me about some of the experiences that you've had. What have you seen out in the field? >> Yeah, we have one really terrific energy company that was talking with us the other day, and their employees use Microsoft Office 365 which has the teams collaboration and communications system with it. And, what they've been doing for those at-home employees was configuring tests on their works stations, much like Jason explained, but it mimics exactly how an employee might be making their call and joining the sessions from video to audio, to going through login and log out. What's interesting is, and this is a compelling differentiator, a lot of tools may just watch traffic as it's happening, and certainly that's a value, but these tests even run when our agents are asleep. And what that does is these are all 24 hour a day businesses, and so maybe they have followed-the-sun contact centers or whatnot and something's happening in one part of the world, but then it's rolling to others, and we have all heard those disaster stories online when we wake up and we're hearing it on the morning news. So, if an organization can find the problem and detect it early enough and then get it when it's a few people that are involved, they can actually resolve it with our tools, find the root cause, implement a corrective action before the majority of their agents are even logging in in the morning. Nobody even knew that there was a problem overnight, because they were able to get to it and resolve it faster, and when you can do that, you're being proactive. And this, again, builds on the confidence that you get doing this kind of activity over and over and over again. But at the same time, it's also enormously beneficial from a business productivity perspective for the employees and certainly reputationally in revenue-based customer service, making sure that things are available whenever they're necessary. So, making sure they can perform their jobs, I know it sounds trite, but it's really the most critical thing we can help 'em with. >> Absolutely, 'cause I think, Eileen, one of the things that I've always thought for years is that employee productivity and employee satisfaction is directly tied to customer satisfaction, customer delight, and as you talked about, there's plenty of social media influencers who are happy to share news, good or bad, so that employee productivity is a direct relation on the customer satisfaction, the brand reputation. Jason, what are your thoughts there? >> Well, I think that's exactly right. I think it's, again, being able to continuously have your arms around that and make sure, because if you can't make phone calls or customers can't call in or things aren't working then it is, it's really a revenue impact, but it's also reputation impact, and you're going to remember that company that just didn't have their act together if you will, so I think it's important to, again, invest in this and make sure that no matter what, wherever your end users are or wherever your employees are, you're providing that experience just as if they were in the corporate office, and even when they're in the corporate office, being able to, as Eileen talked about, know ahead of time and proactively when issues happen in these very complex UCaaS and UC&C solutions that are out there now. >> And last question, Eileen for you, I imagine that these solutions are horizontal across every industry, every type of business, every size of business? >> Yeah, it's one of those phenomenon that's really critical is the ability to be ubiquitous in any environment, not being vendor-specific or dependent because now look at it, we shot that stat, three to nine different platforms in one company. If you had to buy three or nine different platforms to resolve problems, that reduces your ability to build workflows, consistent ones and know what you're doing every single time. You'd have to learn nine different platforms. That's not productive and that's certainly not realistic. So yeah, I think that this is really key. You have to be able to look at all of the traffic and be able to resolve the problems, regardless of what they happen to be running on. >> And the great thing is hearing the tools and the capabilities and solutions that NETSCOUT has to help businesses in any industry, at any size be able to identify these issues, resolve them faster and then create some silver linings. Guys, thank you so much for joining me today. Always a pleasure talking to you. This was really interesting to talk about the importance of quality end user experience with communication services for the employee productivity and of course, ultimately consumer customer satisfaction. We appreciate your insights. >> Thank you so much. >> Thank you. >> For Eileen Haggerty and Jason Chaffee, I'm Lisa Martin, you're watching a "CUBE Conversation." (bright music)

(upbeat ambient music) >> Hey everyone, welcome to this CUBE Conversation. I'm your host, Lisa Martin. I've got NETSCOUT guests here with me today. Eileen Haggerty joins us, the AVP of product and solutions marketing and Jason Chaffee as well, senior product manager. We're going to be talking about gaps in edge visibility. Guys, great to have you on theCube. >> Yeah, thanks Lisa, I really appreciate it. I appreciate the time to be able to talk with everyone. >> Good to be here. >> Yeah. All right, Eileen, we're going to start with you. Oh, what a last two years we have had, COVID, digital transformation massively accelerated, it also both changed networking dynamics over the last couple of years. How has that changed? >> Yeah, and that's the absolute truth. I think we've really seen it in the huge swings where people are performing their jobs right now. You know, I think when people went home two years ago to do their jobs, no one ever expected we where we would be two years later, right? There's really been a variety of different stages from totally working at home to now where you see an awful lot of hybrid work. People splitting their time between the offices and home. That's really where we're at right now. And in fact, some of the studies that we've been reading up on and seeing, majority of workers actually really prefer a hybrid work model, I can understand that. (chuckles) As well the managers believe they are going to have some of their employees that work from a remote location on a regular basis going forward too. So that becomes one of the biggest issues that we have to support them from an IT perspective and a corporate of going forward. One aspect was interesting, two thirds of high revenue growth companies are really embracing hybrid work. This is going to require a couple of things though. Business continuity has depended on this model now, remote workers have been a part of it and we need applications in the network to support that as well as it used to when they were all based in one set of buildings, right? So one of the things that we find IT executives lamenting, some think that they have a lot of confidence in being able to troubleshoot problems when employees are having them remotely, others are actually not quite so confident. So we're going to have to look at this as an industry and help them assure IT infrastructure and services are performing flawlessly so that the hybrid workforce can be successful. >> Yeah, that hybrid environment, it's kind of like must embrace at this point. But Jason, there brings some network complexity to this. The digital transformation was absolutely essential, right, the last couple of years for businesses to first survive and then to thrive, but network complexity has increased. Jason, walk us through what the communications path looks like in today's hybrid environment. >> Yeah, Lisa, it really has. It's just become more complex, you know, in today's hybrid environment and the whole digital transformation, there's really three areas of visibility or three location types if you will that they really need to have to focus on. And one is sort of that data center, cloud services edge and then there's the network edge. And now the ever expanding and growing client edge and really what's common about all of these different edges is this is where the traffic gets altered and crosses across those two domains or those multiple domains really. And so what happens there is those are areas where problems can occur and these are possibly, if not probably blind spots for IT. So when you think about these different edges, like the service edge, just as your private data center or the cloud where applications that are actually hosted or the network edge are going through colocations and WANs and through the internet and your typical kind of network throughout the whole organization. And then lastly is the client edge. And the client edge is again, just continues to grow. And this, people now working from home as Eileen was just talking about and remote offices or their home one day and a remote office the next day and whatever that might be and heck, they might be working in coffee shops or in the corporate headquarters. So it's just really added complexity. And as we get further away from the data center, we start to lose all of that infrastructure that we own and can control. And so it makes it difficult to really manage and understand that. In fact, I think that's probably one of the biggest consequences or challenges of this whole digital transformation. You know, it's made it real easy for those of us to work from home and all these new systems, and it's real simple to work from literally anywhere, but it's just made it that much more complex and challenging for the IT organization to really be able to manage and kind of provide that ubiquitous end user experience regardless of where the users are. You know, kind of last point, I was just thinking about this is, when you think about an organization that maybe has 30,000 employees and if 80,000 of those sudden, or 80% of those suddenly got sent home and had to work during COVID and the whole pandemic, and maybe they're hybrid now, well, that's 24 to 25,000 employees that are really key to your revenue and customer satisfaction. So IT organizations just simply can't afford not to invest in all of this and really try and to understand these complexities and make sure that everything's working the way it should for productivity for the company. >> That's a great point, Jason, as consumers, we are so demanding. That's I think one of the things in COVID that went away was patients and maybe it's slowly coming back but the customer satisfaction, the brand reputation, those are all things that are dependent on solid networking. And of course IT challenges, IT is challenged to to really smooth out those challenges. But Eileen, as employees and end users, we've faced a lot of challenges. I know I have in the last couple of years. Walk us through some of those main pain points that the employees and the end users have been through in the last two years. >> You couldn't be more on spot there. So we really haven't. The irony is all of us on this call have been amongst the ones who have probably suffered from some of these issues as well. You know, one of the things that we found during this period is all of us were coming in over VPN or on video desktop interfaces like Citrix and others. And we were connecting to data center applications and software as service apps for everything. You know, it could be customer order processing, customer records, emails, and in any time or place that we were accessing, we could have slow responsiveness, we could have log issues, we had timeouts. I think one of the interesting ones was communications apps that became huge overnight, Teams, Zoom, WebEx, and those have had issues for us too. They had connection issues, poor quality voice, terrible video. So it became a very frustrating period of time in many cases for employees, they're there to deliver customer care, protect the corporate revenue. But networks and application disruptions counter that. So leading to productivity loss, that's a big issue and a concern. And certainly one of the bigger worries is customer dissatisfaction. But I'd say, you know what's fascinating here too is IT staffs were equally frustrated but for different reasons during this period. They were combating network and application issues for these employees. And usually, they were used to everybody being in one location or to a few buildings and they had total control if you will. Now they're managing 100s and sometimes 1000s of locations known as homes and those staff members we've heard them say things like, they felt like they were losing sight of the remote workforce or simply losing control. And hybrid work models, as they become the norm for many of these organizations, groups of IT professionals still have to ensure the quality of service performance for those employees wherever they do their jobs, home, remote offices or headquarters, and for any application wherever it happens to be hosted. So this is a big challenge. >> Big challenge for IT. You talked about that customer satisfaction. Reminded me of one time I was on the phone with a contact center and I heard a dog barking in the background and I first I thought was that my dog and I thought, no, that customer contact center person is also stuck working from home. Talk about losing control of your environment. But Jason, next question is actually for both of you and Jason, I'll start with you, how does IT assure performance? I mean, it's hard to manage, talk to us about that. >> Well, yeah, Lisa, really kind of as Eileen just said, we used to all sort of be in the same common area in the headquarters. And so people, you know, the IT organization was looking at things like the data center or server farms or internet links just going into and out of the headquarters or off to the data center itself. And so, but that's just not really the case anymore. And as people continue again, as I said before, work from literally anywhere, it's just made the ecosystem that much more challenging and much more complex and bigger frankly to try to manage. And so I think what you really need to do is you see something where it's challenging because the old adage is you just can't manage what you can't see. And so that's become that challenge. And I think what you need is visibility at every edge including up to the client edge that we've been talking about so that you can do things like track and trend volumes and bandwidth and capacity and application utilization and all the different things that make up that end user experience. You need that visibility from all of those locations to really understand and see what's going on from there. >> Eileen, what's your take? >> Well, Jason makes a bunch of valid points. I think what triggers in my mind as he was speaking was that there are other enterprises that have very specific remote locations which present themselves a very different kind of importance for value of the performance assurance. There's banks. They have financial transactions that are going on there, which are instantaneous in nature or need to be for a variety of different reasons, right? Factory plants they've been now wirelessly or WiFi driven production lines. And as a result, any disruption in that production line could have it turned off for 20 minutes an hour. And that has a deep impact to the business as well. Retail stores and distribution centers. This one rings probably for everybody, 'cause during this period of time, we were all online and we were ordering things, right? And so any issues with disruptions, slow downs from those types of remote locations for touchless pickup for the ability to go to a store or get something picked up that day, this was critical. And we all know those services broke down for one reason or another and it created a bit of a problem if you didn't have the right snack for the four year old today. >> Right, definitely the four year old losing control or losing patients, the poor parent. Jason, you talked about visibility and you said something really poignant, you can't manage what you can't see, what is needed for IT to have that visibility as this environment just scattered, what's needed to effectively manage it? >> Yeah. Lisa, you know I think as you just said, and as I said earlier, I think the real key is visibility at every edge and all of the different edges that we've talked about including the home user and it's really been impractical and expensive to instrument at every one of those, especially at all the home locations which are now everybody's home work office. And you just really can't get a view into it. And of course there's some solutions out there that sort of gives you a view of what's going on, what's that end user experience. And, but it doesn't really tell you why. And I think that's one of the key components of that. So as I think about this large new hybrid ecosystem, I think there's really three main things that you need in order to do that. And the first of all, again, is that complete visibility at every edge. And to me that means a combination of both passive and active synthetic based monitoring. So you're passive monitoring where you're actually looking at the real user traffic, and detecting trends and being able to understand what's going on there. But then you also do need, there's a time and a place for that synthetic active testing where we're getting an understanding and a baseline where we're testing continuously and automatically to understand what that end user experience is and understand what performance should look like. But as I mentioned, I think that's just not necessarily enough to do just do synthetics from those synthetic locations. I think it's really key to be able to get deep down into the wire day or the packets of that to really understand why something is happening. You know, for instance, today there might be an issue and you can say, well, I see it's a DNS issue. Hey, DNS guy, go off and try to fix this and figure out what's going on. Well, again, I think you need that visibility, you need a solution that can pull the packets back and give you that combination of both of those things. The next thing I think. >> So. >> Oh, sorry, go ahead. >> Go ahead. >> Well, the next thing I was going to say that I think that's really critical and key is tools that can manage the complexity as you go across all of these. I mean, there's just so many tools out there that are, SaaS and Ucast, your WebEx, Zoom teams, all of those. And it's just frankly, almost impossible to be an expert on all of those different solutions that you might have. And of course they have their own management platform forms that make it, so you can kind of see what's going on but being able to understand and see how to fix WebEx for instance, doesn't really help you when one of your users happens to be having a problem with teams. And so I think again, you need a solution that can go across all of those different applications to be able to see what's going on. And then thirdly, I think is the key, one of the key components is service and application collaboration. And what I mean by this is you need a tool that can give you the ability to have proof and evidence that you can share with your service providers, your application providers because they're very complex, right? They all have dozens of servers in different parts of the world, in different parts of the country. And frankly, they're going to probably blame you first, they're going to say, no, this is something on your end. And it really adds to the time of troubleshooting and get resolution. But if you can actually have that data to say, hey, I can see exactly what's going on. And it's this server at this data center and it's causing high retransmissions or latency. That just makes again more of a collaborative effort but allows you to sort of put all of those things together and stop the finger pointing and blame game and be able to solve those solutions much more quickly. So again, I think it's really a combination of active and passive together all in one console or one solution that really gives you that visibility across all of the different environments that we might have today. >> All those different environments, and there still are so many. Eileen, how have you seen this? How has NETSCOUT seen this actually in practice and how have the tool that you and talked about, how is it actually helping to give the visibility, to reduce the complexity and to ensure that ultimately the end users and the employees are productive so that the customers can be happy? >> Yeah, and you know, it's interesting as he was talking, I was thinking one of the accounts that I've talked to, an organization that's based in software development and they literally have offices all over the world. The hybrid workforce model is their choice going forward. And most of those worldwide employees are part of the sales and support organization for local prospects and customers. So one of the biggest things that's critical to them is communications. And that has to be top of their concerns for quality. The other business related applications are equally important because as you're talking to them, you're pulling those services up and they are in fact using solutions for looking at those edges, the WAN links are key for visibility. They're able to look at the inbound and outbound traffic at those locations. And then what they're able to do is to do two things, one, like Jason was talking about, collaborate, work with those local WAN providers. They're all different over the world. So you really need to build a relationship with them, you have to have some evidence and they're able to do that now. It helps them cost effectively and proactively plan bandwidth changes, and that's really important too. They're also using the synthetic testing that Jason referred to. These locations have the buildings able to test for different applications that are going to be important to the business that's at that location. They do it over ethernet, so for the people with hardwired desks, they can see what the traffic experience is. And then for those that are in open spaces or conference rooms on using WiFi, they're measuring there as well. They want to make sure that no matter where you sit in the office and how you connect, the quality is the same and that's important. Bottom line, they're being able to reduce dramatically the time it's taken to troubleshoot and resolve issues as they emerge. It's great. >> That is great. And of course, as we all have that patience limitation, that speed is key there. Guys, thank you so much for joining me talking about not just the gaps in edge visibility but the ways that they can be remedied and fixed so that ultimately customer satisfaction, employee productivity, all things are harmonious. We appreciate your insights. >> Absolutely, thank you. >> Thank you. >> For Eileen Haggerty and Jason Chaffee I'm Lisa Martin, you're watching a CUBE Conversation. (upbeat ambient music)

>> From theCUBE Studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE in ETR. This is "Breaking Analysis" with Dave Vellante. >> Cisco is a company at the crossroads. It's transitioning from a high margin hardware business to a software subscription-based model, which also should be high margin through both organic moves and targeted acquisitions. It's doing so in the context of massive macro shifts to digital in the cloud. We believe Cisco's dominant position in networking combined with a large market opportunity and a strong track record of earning customer trust, put the company in a good position to capitalize on cloud momentum. However, there are clear challenges ahead for Cisco, not the least of which is the growing complexity of its portfolio, a large legacy business, and the mandate to maintain its higher profitability profile as it transitions into a new business model. Hello and welcome to this week's Wiki-bond cube insights powered by ETR. In this breaking analysis, we welcome in Zeus Kerravala, who's the founder and principal analyst at ZK Research, long time Cisco watcher who together with me crafted the premise of today's session. Zeus, great to see you welcome to the program. >> Thanks Dave. It's always a pleasure to be with you guys. >> Okay, here's what we're going to talk about today, set the agenda. The catalyst for this session, Zeus and I attended Cisco's financial analyst day. We received a day and a half of firehose presentations, drill downs, interactions, Q and A with Cisco execs and one key customer. So we're going to share our takeaways from these sessions and add our additional thoughts. Now, in particular, we're going to talk about Cisco's TAM, its transformation to a subscription-based model, and how we see that evolving. As always, we're going to bring in some ETR spending data for context and get Zeus' take on what that tells us. And we'll end with a summary of Cisco's cloud strategy and outlook for how it could win in the cloud. So let's talk about Cisco's sort of structure and TAM opportunities. First, Zeus, Cisco has four main lines of business where it's organized it's executives around sort of four product areas. And it's got a large service component as well. Network equipment, SP routing, data center, collaboration that security, and as I say services, that's not necessarily how it's going to market, but that's kind of the way it organizes its ELT, its executive leadership team. >> Yeah, the in fact, the ELT has been organized around those products, as you said. It used to report to the street three product segments, infrastructure platforms, which was by far the biggest, it was all their networking equipment, then applications, and then security. Now it's moved to five new segments, secure agile networks, hybrid work, end to end security, internet for the future and optimized app experiences. And I think what Cisco's trying to do is align their, the way they report along the lines of the way customers buy. 'Cause I think before, you know, they had a very simplistic model before. It was just infrastructure, apps, and security. The ELT is organized around product roadmap and the product innovation, but that's not necessarily the way customers purchase things and so, purchase things so I think they've tried to change things a little bit there. When you look at those segments though, you know, by, it's interesting. They're all big, right? So, by far the biggest distilled networking, which is almost a hundred billion dollar TAM as they reported and they have it growing a about a 9% CAGR as reported by other analyst firms. And when you think about how mature networking is Dave, the fact that that's still growing at high single digit CAGR is still pretty remarkable. So I think that's one of those things that, you know, watchers of Cisco historically have been calling for the network to be commoditized for decades. For as long as I've been watching Cisco, we've been, people have been waiting for the network to be commoditized. My thesis has always been, if you can drive enough innovation into things, you can stave off commoditization and that's what they've done. But that's really the anchor for them to sell all their other products, some of which are higher margin, some which are a little bit sore, but they're all good high margin businesses to your point. >> Awesome. We're going to dig into that. So, so they flattened the organization when Geckler left. You've got Todd Nightingale, Jonathan Davidson, Liz Centoni, and Jeetu Patel who we heard from and we'll make some comments on what we heard from them. One of the big takeaways at the financial analysts meeting was on the TAM, as you just mentioned. Liz Centoni who also is heavily involved in strategy and the CFO Scott Herren, showed this slide, which speaks to the company's TAM and the organizational structure that you were just talking about. So the big message was that Cisco has got a large and growing market, you know, no shortage of available market. Somewhere between eight and 900 billion, depending on which of the slides you pull out of the deck. And ironically Zeus, when you look at the current markets number here on the right hand side of this slide, 260 billion, it just about matches the company's market cap. Maybe an interesting coincidence, but at any rate, what was your takeaway from this data? >> Well, I think, you know, the big takeaway from the data is there's still a lot of room ahead for Cisco to grow, right? Again, this is a, it's a company that I think most people would put in the camp of legacy IT vendor, just because of how long they've been around. But they have done a very good job of staving off innovation. And part of that is just these markets that they play in continue to grow and they continue to have challenges that they can solve. I think one of the things Cisco has done though, since the arrival of Chuck Robbins, is they don't fight these trends anymore, Dave. I know prior to Chuck's arrival, they really fought the tide of software defined networking and you know, trends like that, and even cloud to some extent. And I remember one of the first meetings I had with Chuck, I asked him about that and he said that Cisco will never do that again. That under his watch, if customers are going through a market transition, Cisco wants to lead them through it, not try and hold them back. And I think for that reason, they're able to look at, all of those trends and try and take a leadership position in them, even though you might look at some of those and feel that some of them might be detrimental to Cisco's business in the short term. So something like software defined WANs, which you would throw into secure agile networks, certainly doesn't, may not carry the same kind of RPOs and margins with it that their traditional routers did, but ultimately customers are going to buy it and Cisco would like to be the ones to sell it to them. >> You know, you bring up a great point. This industry is littered, there's a graveyard of executives who fought the trend. Many people, some people remember Ken Olson of Digital Equipment Corporation. "Unix is snake oil," is what he said. IBM mainframe guys said, "PCs are a toy." And of course the history, they were the wrong side of history. The other big takeaway was the shift to software in subscription. They really made a big point of this. Here's a chart Cisco showed a couple of times to make the point that it's one of the largest software companies in the world. You know, in the top 10. They also made the point that Chuck Robbins, when he joined in 2015, and since that time, it's nearly 4x'ed it's subscription software revenue, and roughly doubled its software sales. And it now has an RPO, remaining performance obligations, that exceeds 30 billion. And it's committing to grow its subscription business in the forward-looking statements by 15 to 17% CAGR through 25, which would imply about a doubling of these, the blue lines. Zeus, it's unclear if that forward-looking forecast is just software. I presume it includes some services, but as Herren pointed out, over time, these services will be bundled into the product revenue, same way SAS companies do it. But the point is Cisco is committed, like many of their peers, to moving to an ARR model. But please, share your thoughts on Cisco's move to software subscriptions and how you see the future of consumption-based pricing. >> Yeah, this has been a big shift for Cisco, obviously. It's one that's highly disruptive. It's one that I know gave their partners a lot of angst for a long time because when you sell things upfront, you get a big check for selling that, right? And when you sell things in a subscription model, you get a much smaller check for a number of months over the period of the contract. It also changes the way you deal with the customer. When you sell a one-time product, you basically wipe your hands. You come back in three or four years and say, "it's time to upgrade." When you sell a subscription, now, the one thing that I've tried to talk to Cisco and its partners about is customers don't renew things they don't use. And so it becomes incumbent on the partner, it becomes incumbent upon Cisco to make sure that things that the customer is subscribing to, that they do use. And so Cisco's had to create a customer success organization. They've had to help their partners create those customer success organizations. So it's really changed the model. And Cisco not only made the shift, they've done it faster than they actually had originally forecast. So during the financial analyst day, they actually touted their execution on software, noting that it hit it's 30% revenue as percent of total target well before it was supposed to, it's actually exceeded its targets. And now it's looking to increase that to, it actually raised its guidance in this area a little bit by a few percentage points, looking out over the next few years. And so it's moved to the subscription model, Dave, the thing that you brought up, which I do see as somewhat of a challenge is the shift to consumption-based pricing. So subscription is one thing in that I write you a check every month for the same amount. When I go to the consumption-based pricing, that's easy to do for cloud services, things like WebEx or Duo or, you know, CloudLock, some of the security products. That that shift should be relatively simple. If customers want to buy it that way. It's unclear as to how you do that when you're selling on-prem equipment with the software add-on to it because in that case, you have to put metering technology in to understand how much they're using. You have to have a minimum baseline to start with. They've done it in some respects. The old HCS product that they sold, the Telcos, actually was sold with a minimum commit and then they tacked on a utilization on top of that. So maybe they move into that kind of model. But I know it's something that they've, they get asked about a lot. I know they're still thinking about it, but it's something that I believe is coming and it's going to come pretty fast. >> I want to pick up on that because I think, you know, they made the point that we're one of the top 10 software companies in the world. It's very difficult for hardware companies to make the transition to software. You know, HP couldn't do it. >> Well, no one's done it. >> Well, IBM has kind of done it, but they really struggle. It's kind of this mishmash of tooling and software products that aren't really well-integrated. But, I would say this, everybody now, Cisco, Dell, HPE with GreenLake, Lenovo, pretty much all the traditional hardware players are trying to move to an as a service model or at least for a portion of their business. HPE's all in, Dell transitioning. And for the most part, I would make the following observation. And I'd love to get your thoughts on this. They're pretty much following a SAS like model, which in my view is outdated and kind of flawed from a customer standpoint. All these guys say, "Hey, we're doing this because "this is what the customers want." I think the cloud is really a true consumption based model. And if you look at modern SAS companies, a lot of the startups, they're moving to a consumption based model. You see that with Snowflake, you see that with Stripe. Now they will offer incentives. But most of the traditional enterprise players, they're saying, "Okay, pay us upfront, "commit to some base level. "If you go over it, you know, "we'll charge you for it. "If you go under it, you're still going to pay "for that base level." So it's not true consumption base. It's not really necessarily the customer's best interest. So that's, I think there's some learnings there that are going to have to play out. >> Yeah, the reason customers are shying away from that SAS type model, I think during the pandemic, the one thing we learned, Dave, is that the business will ebb and flow greatly from month to month sometimes. And I was talking with somebody that worked for one of the big hotel chains, and she was telling me that what their CRM providers, she wouldn't tell me who it was, except said it rhymed with Shmalesforce, that their utilization of it went from, you know, from a nice steady level to spiking really high when customers started calling in to cancel hotel rooms. And then it dropped down to almost nothing as we went through that period of stay at home. And now it's risen back up. And so for her, she wanted to move to a consumption-based model because what happens otherwise is you wind up buying for peak utilization, your software subscriptions go largely underutilized the majority of the year, and you wind up paying, you know, a lot more than you need to. If you go to more of a true consumption model, it's harder to model out from a financial perspective 'cause there's a lot of ebbs and flows in the business, but over a longer period of time, it's more cost-effective, right? And so the, again, what the pandemic taught us was we don't really know what we're going to need from a consumption standpoint, you know, nevermind a year from now, maybe even six months from now. And consumption just creates a lot more flexibility and agility. You can scale up, you can scale down. You can bring in users, you can take out users, you can add consultants, things like that. And it just, it's much more aligned with the way businesses are run today. >> Yeah, churn is a silent killer of a software company. And so there's retention is the key here. So again, I think there's lots of learning. Let's put Cisco into context with some of its peers. So this chart we developed compares five companies to Cisco. Core Dell, meaning Dell, without VMware. VMware, HPE, IBM, we've put an AWS, and then Cisco as, IBM, AWS and Cisco is the integrated plays. So the chart shows the latest quarterly revenue multiplied by four to get a run rate, a three-year growth outlook, gross margin percentage, market cap, and revenue multiple. And the key points here are that one, Cisco has got a pretty awesome business model. It's got 60% gross margin, strong operating margins, not shown here, but in the mid twenties, 25%. It's got a higher growth rate than most of its peers. And as such, a much better, multiple than say, for instance, Core Dell gets 33 cents on the revenue dollar. HPE is double that. IBM's below two X. Cisco's revenue multiple rivals VMware, which is a pure software company. Now in a large part that's because VMware stock took a hit recently, but still the point is obvious. Cisco's got a great business. Now for context, we've added AWS, which blows away any company on this chart. We've inferred a market cap of nearly 600 billion, which frankly is conservative at a 10 X revenue multiple given it's inferred margins and growth rate. Now Zeus, if AWS were a separate company, it could have a market cap that approached 800 billion in my view. But what does this data tell you? >> Well, it just tells me that Cisco continues to be a very well-run company that has staved off commoditization, despite the calling for it for years. And I think the big lesson, and I've talked to financial analysts about this over the years, is that if, I don't really believe anything in this world is a commodity, Dave. I think even when Cisco went to the server market, if you remember back then, they created a new way of handling memory management. They were getting well above average margins for service, albeit less than Cisco's network margins, but still above average for server margins. And so I think if you can continue to innovate, you will see the margin stay where they are. You will see customers continue to buy and refresh. And I think one of the challenges Cisco's had in the past, and this is where the subscription business will help, is getting customers to stay with the latest and greatest. Prior to this refresh of network equipment, some of the stuff that I've seen in the fields, 10, 15 years old, once you move to that sell me a box and then tack on the subscription revenue that you pay month by month, you do drive more consistent refresh. Think about the way you just handle your own mobile phone. If you had to go pay, you know, a thousand dollars every three years, you might not do it at that three-year cycle. If you pay 40 bucks a month, every time there's a new phone, you're going to take it, right? So I think Cisco is able to drive greater, better refresh, keep their customers current, keep the features in there. And we've seen that with a lot of the new products. The new Cat 9,000, some of the new service provider products, the new wifi products, they've all done very well. In fact, they've all outpaced their previous generation products as far as growth rate goes. And so I think that is a testament to the way they've run the business. But I do think when people bucket Cisco in with HP and Dell, and I understand why they do, their businesses were similar at one time, it's really not a true comparison anymore. I think Cisco has completely changed their business and they're not trying to commoditize markets, they're trying to drive innovation and keep the margins up, where I think HP and Dell tend to really compete on price versus innovation. >> Well, and we are going to get to this point about the tailwinds and headwinds and cloud, and how Cisco to do it. But, to your point about, you know, the cell phone analogy. To the extent that Cisco can make that seamless for customers could hide that underlying complexity, that's going to be critical for the cloud. Now, but before we get there, I want to talk about one of the reasons why Cisco such a high multiple, and has been able to preserve its margins, to your point, not being commoditized. And it's been able to grow both organically, but also has a strong history of M and A. It's this chart shows a dominant position in core networking. So this shows, so ETR data within the Fortune 500. It plots companies in the ETR taxonomy in two dimensions, net score on the vertical axis, which is a measure of spending velocity, and market share on the horizontal axis, which is a measure of presence in the survey. It's not like IDC market share, it's mentioned market share if you will. The point is Cisco is far and away the most pervasive player in the market, it's generally held its dominant position. Although, it's been under pressure in the last few years in core networking, but it retains or maintains a very respectable net score and consistently performs well for such a large company. Zeus, anything you'd add with respect to Cisco's core networking business? >> Yeah, it's maintained a dominant network position historically. I think part of because it drives good products, but also because the competitive landscape, historically has been pretty weak, right? We saw companies like 3Com and Nortel who aren't around anymore. It'll be interesting to see moving forward now that companies like VMware are involved in networking. AWS is interested in networking. Arista is a much stronger company. You know, Juniper bought Mist and is in better position. Even Extreme Networks who most people thought was dead a few years ago has made a number of acquisitions and is now a billion dollar company. So while Cisco has done a great job of execution, they've done a great job on the innovation side, their competitive landscape, looking out over the next five years, I think is going to be more difficult than it has been over the previous five years. And largely, Dave, I think that's good for Cisco. I think whenever Cisco's pressed a little bit from competition, they tend to step on the innovation gas a little bit more. And I look back and even just the transition when VMware bought Nicira, that got Cisco's SDN business into gear, like nothing else could have, right? So competition for that company, they always seem to respond well to it. >> So, let's break down Cisco's net score a little bit. Explain why the company has been able to hold its spending momentum despite its large size. This will give you a little insight to the survey. So this chart shows the granular components of net score. The lime green is new adoptions to Cisco. The forest green is spending more than 6%. The gray is flat plus or minus 5%. The pink is spending drops by more than 5%. And the red is we're chucking the platform, we're getting off. And Cisco's overall net score here is 25%, which for a company of its size speaks to the relationships that it has with customers. It's of course got a fat middle in the gray area, like all sort of large established companies. But very low defections as well, it's got low new adoptions. But very respectable. So that is background, Zeus. Let's look at spending momentum over time across Cisco's portfolio. So this chart shows Cisco's net score by that methodology within the ETR taxonomy for Cisco over three survey periods. And what jumps out is Meraki on the left, very strong. Virtualization business, its core networking, analytics and security, all showing upward momentum. AppD is a little bit concerning, but that could be related to Cisco's sort of pivot to full stack observability. So maybe AppD is being bundled there. Although some practitioners have cited to us some concerns in that space. And then WebEx at the end of the chart, it's showing some relative strength, but not that high. Zeus, maybe you could comment on Meraki and any other takeaways across the portfolio. >> Yeah, Meraki has proven to be an excellent acquisition for Cisco. In fact, you might, I think it's arguable to say it's its best acquisition in history going all the way back to camp Kalpana and Grand Junction, the ones that brought up catalyst switches. So, in fact, I think Meraki's revenue might be larger than security now. So, that shows you the momentum it has. I think one of the lessons it brought to Cisco was that simpler is better, sometimes. I think when they first bought Meraki, the way Meraki's deployed, it's very easy to set up. There's a lot of engineering work though that goes into making a product simple to use. And I think a lot of Cisco engineers historically looked at Meraki as, that's a little bit of a toy. It's meant for small businesses, things like that, but it's not for enterprise. But, Rocky's done a nice job of expanding the portfolio, of leveraging the cloud for analytics and showing you a lot of things that you wouldn't necessarily get from traditional networking equipment. And one of the things that I was really delighted to see was when they put Todd Nightingale in charge of all the networking business, because that showed to me that Chuck Robbins understood that the things Meraki were doing were right and they infuse a little bit of Meraki into the rest of the company. You know, that's certainly a good thing. The other areas that you showed on the chart, not really a surprise, Dave. When you think of the shift hybrid work and you think of the, some of the other transitions going on, I think you would expect to see the server business in decline, the storage business, you know, maybe in a little bit of decline, just because people aren't building out data centers. Where the other ones are related more to hybrid working, hybrid cloud, things like that. So it is what you would expect. The WebEx one was interesting too, because it did show somewhat of a dip and then a rise. And I think that's indicative of what we've seen in the collaboration space since the pandemic came about. Companies like Zoom and RingCentral really got a lot of the headlines. Again, when you, the comment I made on competition, Cisco got caught a little bit flat-footed, they've caught up in features and now they really stepped on the gas there. Chuck joked that he gave the WebEx team a bit of a blank check to go do what it had to do. And I don't think that was a joke. I think he actually did that because they've added more features into WebEx in the last year then I think they did the previous five years before that. >> Well, let's just drill into video conferencing real quick here, if we could. Here's that two dimensional view, again, showing net score against market share or pervasiveness of mentions, and you can see Microsoft Teams in the upper right. I mean, it's off the chart, literally. Zoom's well ahead of Cisco in terms of, you know, mentions presence. And that could be a spate of freemium, you know, but it's basically a three horse race in this game. And Cisco, I don't think is trying to take Zoom head on, rather it seems to be making WebEx a core part of its broader collaboration agenda. But Zeus, maybe you could comment. >> Well, it's all coming together, right? So, it's hard to decouple calling from video from meetings. All of the vendors, including Teams, are going after the hybrid work experience. And if you believe the future is hybrid and not just work from home, then Cisco does have a pretty interesting advantage because it's the only one that makes its own end points, where Teams and Zoom doesn't. And so that end to end experience it can deliver. The Microsoft Teams one's interesting because that product, frankly, when you talk to users, it doesn't have a great user score, like as far as user satisfaction goes, but the one thing Microsoft has done a very good job of is bundling it in to the Office365 licenses, making it very easy for IT to deploy. Zoom is a little bit in the middle where they've appealed to the users. They've done a better job of appealing to IT, but there is a, there is a battleground now going on where video's not just video. It includes calling, includes meetings, includes room systems now, and I think this hybrid work friend is going to change the way we think about these meeting tools. >> Now we'd be remiss if we didn't spend a moment talking about security as a key part of Cisco's business. And we have a graphic on this same kind of X, Y. And it's been, we've seen several quarters of growth. Although, the last quarter security growth was in the low single digits, but Cisco is a major player in security. And this X, Y graph shows, they've got both a large presence and a solid spending momentum. Not nearly as much momentum as Okta or Zscaler or a CrowdStrike and some of the smaller companies, but they're, these guys are on a rocket ship, but others that we featured in these episodes, but much more than respectable for Cisco. And security is critical to the strategy. It's a big part of the subscriber base. And the last thing, Zeus, I'll say about Cisco made the point in analyst day, that this market is crowded. You can see that in this chart. And their goal is to simplify this picture and make it easier for customers to secure their data and apps. But that's not easy, Zeus. What are your thoughts on Cisco's security opportunities? >> Yeah, I've been waiting for Cisco go to break up in security a little more than it has. I do think, I was talking with a CSO the other day, Dave, that said to me he's starting to understand that you don't have to have best of breed everywhere to have best in class threat protection. In fact, there's a lot of buyers now will tell you that if you try and have best of breed everywhere, it actually creates a negative when it comes to threat protection because keeping all the policies and things up to date is very, very difficult. And so the industry is moving more to a platform model, right? Now, the challenge for Cisco is how do you get that, the customer to think of the network as part of the platform? Because while the platform model, I think, is starting to gain traction, FloridaNet, Palo Alto, even McAfee, companies like that also have their own version of a security platform. And if you look at the financial performance of companies like FloridaNet and Palo Alto over the past, you know, over the past couple of years, they've been through the roof, right? And so I think an interesting and unique challenge for Cisco is can they convince the security buyer that the network is as important a part of that platform as any other component? If they can do that, I think they can break away from the pack. If not, then they'll stay mixed in with those, you know, Palo, FloridaNet, Checkpoint, and, you know, and Cisco, in that mix. But I do think that may present their single biggest needle moving opportunity just because of how big the security TAM is, and the fact that there is no de facto leader in security today. If they could gain the same kind of position in security as they have a networking, who, I mean, that would move the needle like no other market would. >> Yeah, it's really interesting that they're coming at security, obviously from a position of networking strength. You've got, to your point, you've got best of breed, Okta in identity, you got CrowdStrike in endpoint, Zscaler in cloud security. They're all growing like crazy. And you got Cisco and you know, Palo Alto, CSOs tell us they want to work with Palo Alto because they're the thought leader and they're obviously a major player here. You mentioned FloridaNet, there's a zillion others. We could talk all day about security. But let's bring it back to cloud. We've talked about a number of the piece in Cisco's portfolio, and we haven't really spent any time on full stack observability, which is a big push for Cisco with AppD, Intersight and the ThousandEyes acquisition. And that plays into this equation. But my take, Zeus, is Cisco has a number of cloud knobs that it can turn, it sells core networking equipment to hyperscalers. It can be the abstraction layer to connect on-prem to the cloud and hybrid and across clouds. And it's in a good position with Telcos too, to go after the 5G. But let's use this chart to talk about Cisco's cloud prospects. It's an ETR cut of the cloud customer spending. So we cut it by cloud customers. And they're are, I don't know, 800 or so in the survey. And then looking at various companies performance within that cut. So these are companies that compete, or in the case of HashiCorp, partner with Cisco at some level. Let me just set this up and get your take. So the insert on the chart by the way shows the raw data that positions each dot, the net score and the shared n, i.e. the number of accounts in the survey that responded. The key points, first of all, Azure and AWS, dominant players in cloud. GCP is a distant third. We've reported on that a lot. Not only are these two companies big, they have spending momentum on their platforms. They're growing, they are on that flywheel. Second point, VMware and Cisco are very prominent. They have huge customer bases. And while they're often on a collision course, there's lots of room in cloud for multiple players. When we plotted some other Cisco properties like AppD and Meraki, which as we said, is strong. And then for context, we've placed Dell, HPE, Aruba, IBM and Oracle. And also VMware cloud and AWS, which is notable on its elevation. And as I say, we've added HashiCorp because they're critical partner of Cisco and it's a multi-cloud play. Okay, Zeus, there's the setup. What does Cisco have to do to make the cloud a tailwind? Let's talk about strategy, tailwinds, headwinds, competition, and bottom line it for us. >> Yeah, well, I do think, well, I talked about security being the biggest needle mover for Cisco, I think its biggest challenge is convincing Wall Street in particular, that the cloud is a tailwind. I think if you look at the companies with the really high multiples to their stock, Dave, they're all ones where they're viewed as, they go along with the cloud ride, Right? So the, if you can associate yourself with the cloud and then people believe that the cloud is going to, more cloud equals more business, that obviously creates a better multiple because the cloud has almost infinite potential ahead of it. Now with respect to Cisco, I do think cloud has presented somewhat of a double-edged sword for Cisco. I don't believe the current consumption model for cloud is really a tailwind for Cisco, not really a headwind, but it doesn't really change Cisco's business. But I do think the very definition of cloud is changing before our eyes, Dave. And it's shifting away from centralized clouds. If you think of the way customers bought cloud before, it might have used AWS, it might've used Azure, but it really, that's not really multi-cloud, it's just multiple clouds in which I put things in these centralized resources. It's shifting more to this concept of distributed cloud in which a single application can be built using resources from your private cloud, for AWS, from Azure, from Edge locations, all the cloud providers have built their portfolios to support this concept of distributed cloud and what becomes important there, is a highly agile dynamic network. And in that case with distributed cloud, that is a tailwind for Cisco because now the network is that resource that ties all those distributed cloud components together. Now the network itself has to change. It needs to become a lot more agile and microservices and container friendly itself so I can spin up resources and, you know, in an Edge location, as fast as I can on-prem and things like that. But I do think it creates another wave of innovation and networking, and in that case, I think it does act as a tailwind for Cisco, aside from just the work it's done with the web scalers, you know, those types of companies. So, but I do think that Cisco needs to rethink its delivery model on network services somewhat to take advantage of that. >> At the analyst meeting, Cisco made the point that it does sell to the hyperscalers. It talked about the top six hyperscalers. You know, you had mentioned to me, maybe IBM and Oracle were in there. I always talk about four hyperscalers and only four, but that's fine. Here's my question. Practitioners have told me, buyers have told me, the more money and more workloads I put in the cloud, the less I spend with Cisco. Now, even though that might be Cisco gear powering those clouds, do you see that as a potential threat in that they don't own that relationship anymore and value will confer to the cloud players? >> Yeah, that's, I've heard that too. And I don't, I believe that's true when it comes to general purpose compute. You're probably not buying as many UCS servers and things like that because you are putting them in the cloud. But I do think you do need a refresh the network. I think the network becomes a very important role, plays a very important role there. The variant, the really interesting trend will be, what is your WAM look like? Do you have thousands of workers scattered all over the place, or do you just have a few centralized locations? So I think also, you know, Cisco will wind up providing connectivity within the cloud. If you think of the transition we've seen in other industries, Dave, as far as cloud goes, you think of, you know, F5, a company like that. People thought that AWS would commoditize F5's business because AWS provides their own load balancers, right? But what AWS provides is a very basic, very basic functionality and then use F5's virtual edition or a cloud edition for a lot of the advanced capabilities. And I think you'll see the same thing with the cloud that customers will start buying versions of Cisco that go in the cloud to drive a lot of those advanced capabilities that only Cisco delivers. And so I think you wind up buying more Cisco over time, although the per unit price of what you buy might be a little bit lower. If that makes sense here. >> It does, I think it makes a lot of sense and that fits into the cloud model. You know, you bring up a good point, the conversation with the customer was Rakuten. And that individual was essentially sharing with us, somebody was asking, one of the analysts was asking, "Well, what about the cloud guys? "Aren't they going to really threaten the whole Telco "industry and disrupt it?" And his point was, "Look at, this stuff is not trivial." So to your point, you know, maybe they'll provide some basic functionality. Kind of like they do in a lot of different areas. Data protection is another good example. Security is another good example. Where there's plenty of room for partners, competitors, of on-prem players to add value. And I've always said, "Look, the opportunity "is the cloud players spend 100 billion dollars a year "on CapEx." It's a gift to companies like Cisco who can build an abstraction layer that connects on-prem, cloud for hybrid, across clouds, out to the edge, and really be that layer that is that layer that takes advantage of cloud native, but also delivers that experience, I don't want to use the word seamlessly, but that experience across those clouds as the cloud expands. And that's fundamentally Cisco's cloud strategy, isn't it? >> Oh yeah. And I think people have underestimated over the years, how hard it is to build good networking products. Anybody can go get some silicon and build a product to connect two things together. The question is, can you do it at scale? Can you do it securely? And lots of companies have tried to commoditize networking, you know, White Boxes was looked at as the existential threat to Cisco. Huawei was looked at as the big threat to Cisco. And all of those have kind of come and gone because building high quality network equipment that scales is tough. And it's tougher than most people realize. And your other point on the cloud providers as well, they will provide a basic level of functionality. You know, AWS network equipment doesn't work in Azure. And Azure stuff doesn't work in Google, and Google doesn't work in AWS. And so you do need a third party to come in and act as almost the cloud middleware that can connect all those things together with a consistent set of policies. And that's what Cisco does really well. They did that, you know back when they were founded with routing protocols and you can think this is just an extension of what they're doing just up at the cloud layer. >> Excellent. Okay, Zeus, we're going to leave it there. Thanks to my guest today, Zeus Kerravala. Great analysis as always. Would love to have you back. Check out ZKresearch.com to reach him. Thank you again. >> Thank you, Dave. >> Now, remember I publish each week on Wikibond.com and siliconangle.com. All these episodes are available as podcasts, just search "Braking Analysis" podcast, and you can connect on Twitter at DVallante or email me David.Vallante@siliconangle.com. Thanks for the comments on LinkedIn. Check out etr.plus for all the survey action. This is Dave Vallante for theCUBE insights powered by ETR. Be well and we'll see you next time. (light music)

(upbeat music) >> Hey, welcome to this Cube conversation with NetScout. I'm Lisa Martin. Excited to talk to you. Richard Hummel, the manager of threat research for Arbor Networks, the security division of NetScout. Richard, welcome to theCube. >> Thanks for having me, Lisa, it's a pleasure to be here. >> We're going to unpack the sixth NetScout Threat Intelligence Report, which is going to be very interesting. But something I wanted to start with is we know that and yes, you're going to tell us, COVID and the pandemic has had a massive impact on DDoS attacks, ransomware. But before we dig into the report, I'd like to just kind of get some stories from you as we saw last year about this time rapid pivot to work from home, rapid pivot to distance learning. Talk to us about some of the attacks that you saw in particular that literally hit close to home. >> Sure and there's one really good prime example that comes to mind because it impacted a lot of people. There was a lot of media sensation around this but if you go and look, just Google it, Miami Dade County and DDoS, you'll see the first articles that pop up is the entire district school network going down because the students did not want to go to school and launched a DDoS attack. There was something upwards of 190,000 individuals that could no longer connect to the school's platform, whether that's a teacher, a student or parents. And so it had a very significant impact. And when you think about this in terms of the digital world, that impacted very severely, a large number of people and you can't really translate that to what would happen in a physical environment because it just doesn't compute. There's two totally different scenarios to talk about here. >> Amazing that a child can decide, "I don't want to go to school today." And as a result of a pandemic take that out for nearly 200,000 folks. So let's dig into, I said this is the sixth NetScout Threat Intelligence Report. One of the global trends and themes that is seen as evidence in what happened last year is up and to the right. Oftentimes when we're talking about technology, you know, with analyst reports up and to the right is a good thing. Not so in this case. We saw huge increases in threat vectors, more vectors weaponized per attack sophistication, expansion of threats and IOT devices. Walk us through the overall key findings from 2020 that this report discovered. >> Absolutely. And if yo glance at your screen there you'll see the key findings here where we talk about record breaking numbers. And just in 2020, we saw over 10 million attacks, which, I mean, this is a 20% increase over 2019. And what's significant about that number is COVID had a huge impact. In fact, if we go all the way back to the beginning, right around mid March, that's when the pandemic was announced, attacks skyrocketed and they didn't stop. They just kept going up and to the right. And that is true through 2021. So far in the first quarter, typically January, February is the down month that we observe in DDoS attacks. Whether this is, you know, kids going back to school from Christmas break, you have their Christmas routines and e-commerce is slowing down. January, February is typically a slow month. That was not true in 2021. In fact, we hit record numbers on a month by month in both January and February. And so not only do we see 2.9 million attacks in the first quarter of 2021, which, I mean, let's do the math here, right? We've got four quarters, you know, we're on track to hit 12 million attacks potentially, if not more. And then you have this normal where we said 800,000 approximately month over month since the pandemic started, we started 2021 at 950,000 plus. That's up and to the right and it's not slowing down. >> It's not slowing down. It's a trend that it shows, you know, significant impact across every industry. And we're going to talk about that but what are some of the new threat vectors that you saw weaponized in the last year? I mean, you talked about the example of the Miami-Dade school district but what were some of those new vectors that were really weaponized and used to help this up and to the right trend? >> So there's four in particular that we were tracking in 2020 and these nets aren't necessarily new vectors. Typically what happens when an adversary starts using this is there's a proof of concept code out there. In fact, a good example of this would be the RDP over UDP. So, I mean, we're all remotely connected, right? We're doing this over a Zoom call. If I want to connect to my organization I'm going to use some sort of remote capability whether that's a VPN or tunneling in, whatever it might be, right? And so remote desktop is something that everybody's using. And we saw actors start to kind of play around with this in mid 2020. And in right around September, November timeframe we saw a sudden spike. And typically when we see spikes in this kind of activity it's because adversaries are taking proof of concept code, that maybe has been around for a period of time, and they're incorporating those into DDoS for hire services. And so any person that wants to launch a DDoS attack can go into underground forums in marketplaces and they can purchase, maybe it's $10 in Bitcoin, and they can purchase an attack. That leverage is a bunch of different DDoS vectors. And so adversaries have no reason to remove a vector as new ones get discovered. They only have the motivation to add more, right? Because somebody comes into their platform and says, "I want to launch an attack that's going to take out my opponent." It's probably going to look a lot better if there's a lot of attack options in there where I can just go through and start clicking buttons left and right. And so all of a sudden now I've got this complex multi-vector attack that I don't have to pay anything extra for. Adversary already did all the work for me and now I can launch an attack. And so we saw four different vectors that were weaponized in 2020. One of those are notably the Jenkins that you see listed on the screen in the key findings. That one isn't necessarily a DDoS vector. It started out as one, it does amplify, but what happens is Jenkins servers are very vulnerable and when you actually initiate this attack, it tips over the Jenkins server. So it kind of operates as like a DoS event versus DDoS but it still has the same effect of availability, it takes a server offline. And then now just in the first part of 2021 we're tracking multiple other vectors that are starting to be weaponized. And when we see this, we go from a few, you know, incidents or alerts to thousands month over month. And so we're seeing even more vectors added and that's only going to continue to go up into the right. You know that theme that we talked about at the beginning here. >> As more vectors get added, and what did you see last year in terms of industries that may have been more vulnerable? As we talked about the work from home, everyone was dependent, really here we are on Zoom, dependent on Zoom, dependent on Netflix. Streaming media was kind of a lifeline for a lot of us but it also was healthcare and education. Did you see any verticals in particular that really started to see an increase in the exploitation and in the risk? >> Yeah, so let's start, let's separate this into two parts. The last part of the key findings that we had was talking about a group we, or a campaign we call Lazarus Borough Model. So this is a global DDoS extortion campaign. We're going to cover that a little bit more when we talk about kind of extorted events and how that operates but these guys, they started where the money is. And so when they first started targeting industries and this kind of coincides with COVID, so it started several months after the pandemic was announced, they started targeting a financial organizations, commercial banking. They went after stock exchange. Many of you would hear about the New Zealand Stock Exchange that went offline. That's this LBA campaign and these guys taking it off. So they started where the money is. They moved to a financial agation targeting insurance companies. They targeted currency exchange places. And then slowly from there, they started to expand. And in so much as our Arbor Cloud folks actually saw them targeting organizations that are part of vaccine development. And so these guys, they don't care who they hurt. They don't care who they're going after. They're going out there for a payday. And so that's one aspect of the industry targeting that we've seen. The other aspect is you'll see, on the next slide here, we actually saw a bunch of different verticals that we really haven't seen in the top 10 before. In fact, if you actually look at this you'll see the number one, two and three are pretty common for us. We almost always are going to see these kinds of telecommunications, wireless, satellite, broadband, these are always going to be in the top. And the reason for that is because gamers and DDoS attacks associated with gaming is kind of the predominant thing that we see in this landscape. And let's face it, gamers are on broadband operating systems. If you're in Asian communities, often they'll use mobile hotspots. So now you start to have wireless come in there. And so that makes sense seeing them. But what doesn't make sense is this internet publishing and broadcasting and you might say, "Well, what is that?" Well, that's things like Zoom and WebEx and Netflix and these other streaming services. And so we're seeing adversaries going after that because those have become critical to people's way of life. Their entertainment, what they're using to communicate for work and school. So they realized if we can go after this it's going to disrupt something and hopefully we can get some recognition. Maybe we can show this as a demonstration to get more customers on our platform or maybe we can get a payday. In a lot of the DDoS attacks that we see, in fact most of them, are all monetary focused. And so they're looking for a payday. They're going to go after something that's going to likely, you know, send out that payment. And then just walk down the line. You can see COVID through this whole thing. Electronic shopping is number five, right? Everybody turned to e-commerce because we're not going to in-person stores anymore. Electronic computer manufacturing, how many more people have to get computers at home now because they're no longer in a corporate environment? And so you can see how the pandemic has really influenced this industry target. >> Significant influencer and I also wonder too, you know, Zoom became a household name for every generation. You know, we're talking to five generations and maybe the generations that aren't as familiar with computer technology might be even more exploitable because it's easy to click on a phishing email when they don't understand how to look for the link. Let's now unpack the different types of DDoS attacks and what is on the rise. You talked about in the report the triple threat and we often think of that in entertainment. That's a good thing, but again, not here. Explain that triple threat. >> Yeah, so what we're seeing here is we have adversaries out there that are looking to take advantage of every possible angle to be able to get that payment. And everybody knows ransomware is a household name at this point, right? And so ransomware and DDoS have a lot in common because they both attack the availability of network resources, where computers or devices or whatever they might be. And so there's a lot of parallels to draw between the two of these. Now ransomware is a denial of service event, right? You're not going to have tens of thousands of computers hitting a single computer to take it down. You're going to have one exploitation of events. Somebody clicked on a link, there was a brute force attempt that managed to compromise a little boxes, credentials, whatever it might be, ransomware gets put on a system, it encrypts all your files. Well, all of a sudden, you've got this ransom note that says "If you want your files decrypted you're going to send us this amount of human Bitcoin." Well, what adversaries are doing now is they're capitalizing on the access that they already gained. So they already have access to the computer. Well, why not steal all the data first then let's encrypt whatever's there. And so now I can ask for a ransom payment to decrypt the files and I can ask for an extortion to prevent me from posting your data publicly. Maybe there's sensitive corporate information there. Maybe you're a local school system and you have all of your students' data on there. You're a hospital that has sensitive PI on it, whatever it might be, right? So now they're going to extort you to prevent them from posting that publicly. Well, why not add DDoS to this entire picture? Now you're already encrypted, we've already got your files, and I'm going to DDoS your system so you can't even access them if you wanted to. And I'm going to tell you, you have to pay me in order to stop this DDoS attack. And so this is that triple threat and we're seeing multiple different ransomware families. In fact, if you look at one of the slides here, you'll see that there's SunCrypt, there's Ragnar Cryptor, and then Maze did this initially back in September and then more recently, even the DarkSide stuff. I mean, who hasn't heard about DarkSide now with the Colonial Pipeline event, right? So they came out and said, "Hey we didn't intend for this collateral damage but it happened." Well, April 24th, they actually started offering DDoS as part of their tool kits. And so you can see how this has evolved over time. And adversaries are learning from each other and are incorporating this kind of methodology. And here we have triple extortion event. >> It almost seems like triple extortion event as a service with the opportunities, the number of vectors there. And you're right, everyone has heard of the Colonial Pipeline and that's where things like ransomware become a household term, just as much as Zoom and video conferencing and streaming media. Let's talk now about the effects that the threat report saw and uncovered region by region. Were there any regions in particular that were, that really stood out as most impacted? >> So not particularly. So one of the phenomena that we actually saw in the threat report, which, you know, we probably could have talked about it before now but it makes sense to talk about it regionally because we didn't see any one particular region, one particular vertical, a specific organization, specific country, none was more heavily targeted than another. In fact what we saw is organizations that we've never seen targeted before. We've seen industries that have never been targeted before all of a sudden are now getting DDoS attacks because we went from a local on-prem, I don't need to be connected to the internet, I don't need to have my employees remote access. And now all of a sudden you're dependent on the internet which is really, let's face it, that's critical infrastructure these days. And so now you have all of these additional people with a footprint connected to the internet then adversary can figure out and they can poke at it. And so what we saw here is just overall, all industries, all regions saw these upticks. The exception would be in China. We actually, in the Asia Pacific region specifically, but predominantly in China. But that often has to do with visibility rather than a decrease in attacks because they have their own kind of infrastructure in China. Brazil's the same way. They have their own kind of ecosystems. And so often you don't see what happens a lot outside the borders. And so from our perspective, we might see a decrease in attacks but, for all we know, they actually saw an increase in the attacks that is internal to their country against their country. And so across the board, just increases everywhere you look. >> Wow. So let's talk about what organizations can do in light of this. As we are here, we are still doing this program by video conferencing and things are opening up a little bit more, at least in the states anyway, and we're talking about more businesses going back to some degree but there's going to still be some mix, some hybrid of working from home and maybe even distance learning. So what can enterprises do to prepare for this when it happens? Because it sounds to me like with the sophistication, the up and to the right, it's not, if we get attacked, it's when. >> It's when, exactly. And that's just it. I mean, it's no longer something that you can put off. You can't just assume that I've never been DDoS attacked, I'm never going to be DDoS attacked anymore. You really need to consider this as part of your core security platform. I like to talk about defense in depth or a layer defense approach where you want to have a layered approach. So, you know, maybe they target your first layer and they don't get through. Or they do get through and now your second layer has to stop it. Well, if you have no layers or if you have one layer, it's not that hard for an adversary to figure out a way around that. And so preparation is key. Making sure that you have something in place and I'm going to give you an operational example here. One of the things we saw with the LBA campaigns is they actually started doing network of conasense for their targets. And what they would do is they would take the IP addresses belonging to your organization. They would look up the domains associated with that and they would figure out like, "Hey, this is bpn.organization.com or VPN two." And all of a sudden they've found your VPN concentrator and so that's where they're going to focus their attack. So something as simple as changing the way that you name your VPN concentrators might be sufficient to prevent them from hitting that weak link or right sizing the DDoS protection services for your company. Did you need something as big as like OnPrem Solutions? We need hardware. Do you instead want to do a managed service? Or do you want to go and talk to a cloud provider because there's right solutions and right sizes for all types of organizations. And the key here is preparation. In fact, all of the customers that we've worked with for the LBA extortion campaigns, if they were properly prepared they experienced almost no downtime or impact to their business. It's the people like the New Zealand Stock Exchange or their service provider that wasn't prepared to handle the attacks that were sent out them that were crippled. And so preparation is key. The other part is awareness. And that's part of what we do with this threat report because we want to make sure you're aware what adversaries are doing, when new attack vectors are coming out, how they're leveraging these, what industries they're targeting because that's really going to help you to figure out what your posture is, what your risk acceptance is for your organization. And in fact, there's a couple of resources that that we have here on the next slide. And you can go to both both of these. One of them is the threat report. You can view all of the details. And we only scratched the surface here in this Cube interview. So definitely recommend going there but the other one is called Horizon And netscout.com/horizon is a free resource you can register but you can actually see near real-time attacks based on industry and based on region. So if your organization out there and you're figuring, "Well I'm never attacked." Well go look up your industry. Go look up the country where you belong and see is there actually attacks against us? And I think you'll be quite surprised that there's quite a few attacks against you. And so definitely recommend checking these out >> Great resources netscout.com/horizon, netscout.com/threatreport. I do want to ask you one final question. That's in terms of timing. We saw the massive acceleration in digital transformation last year. We've already talked about this a number of times on this program. The dependence that businesses and consumers, like globally in every industry, in every country, have on streaming on communications right now. In terms of timing, though, for an organization to go from being aware to understanding what adversaries are doing, to being prepared, how quickly can an organization get up to speed and help themselves start reducing their risks? >> So I think that with DDoS, as opposed to things like ransomware, the ramp up time for that is much, much faster. There is a finite period of time with DDoS attacks that is actually going to impact you. And so maybe you're a smaller organization and you get DDoS attacked. There's a, probably a pretty high chance that that DDoS attack isn't going to last for multiple days. So maybe it's like an hour, maybe it's two hours, and then you recover. Your network resources are available again. That's not the same for something like ransomware. You get hit with ransomware, unless you pay or you have backups, you have to do the rigorous process of getting all your stuff back online. DDoS is more about as soon as the attack stops, the saturation goes away and you can start to get back online again. So it might not be as like immediate critical that you have to have something but there's also solutions, like a cloud solution, where it's as simple as signing up for the service and having your traffic redirected to their scrubbing center, their detection center. And then you may not have to do anything on-prem yourself, right? It's a matter of going out to an organization, finding a good contract, and then signing up, signing on the dotted line. And so I think that the ramp up time for mitigation services and DDoS protection can be a lot faster than many other security platforms and solutions. >> That's good to know cause with the up and to the right trend that you already said, the first quarter is usually slow. It's obviously not that way as what you've seen in 2021. And we can only expect what way, when we talk to you next year, that the up and to the right trend may continue. So hopefully organizations take advantage of these resources, Richard, that you talked about to be prepared to mediate and protect their you know, their customers, their employees, et cetera. Richard, we thank you for stopping by theCube. Talking to us about the sixth NetScout Threat Intelligence Report. Really interesting information. >> Absolutely; definitely a pleasure to have me here. Lisa, anytime you guys want to do it again, you know where I live? >> Yes. It's one of my favorite topics that you got and I got to point out the last thing, your Guardians of the Galaxy background, one of my favorite movies and it should be noted that on the NetScout website they are considered the Guardians of the Connected World. I just thought that connection was, as Richard told me before we went live, not planned, but I thought that was a great coincidence. Again, Richard, it's been a pleasure talking to you. Thank you for your time. >> Thank you so much. >> Richard Hummel, I'm Lisa Martin. You're watching this Cube conversation. (relaxing music)

(upbeat music) >> Hey, welcome to this Cube conversation with NetScout. I'm Lisa Martin. Excited to talk to you. Richard Hummel, the manager of threat research for Arbor Networks, the security division of NetScout. Richard, welcome to theCube. >> Thanks for having me, Lisa, it's a pleasure to be here. >> We're going to unpack the sixth NetScout Threat Intelligence Report, which is going to be very interesting. But something I wanted to start with is we know that and yes, you're going to tell us, COVID and the pandemic has had a massive impact on DDoS attacks, ransomware. But before we dig into the report, I'd like to just kind of get some stories from you as we saw last year about this time rapid pivot to work from home, rapid pivot to distance learning. Talk to us about some of the attacks that you saw in particular that literally hit close to home. >> Sure and there's one really good prime example that comes to mind because it impacted a lot of people. There was a lot of media sensation around this but if you go and look, just Google it, Miami Dade County and DDoS, you'll see the first articles that pop up is the entire district school network going down because the students did not want to go to school and launched a DDoS attack. There was something upwards of 190,000 individuals that could no longer connect to the school's platform, whether that's a teacher, a student or parents. And so it had a very significant impact. And when you think about this in terms of the digital world, that impacted very severely, a large number of people and you can't really translate that to what would happen in a physical environment because it just doesn't compute. There's two totally different scenarios to talk about here. >> Amazing that a child can decide, "I don't want to go to school today." And as a result of a pandemic take that out for nearly 200,000 folks. So let's dig into, I said this is the sixth NetScout Threat Intelligence Report. One of the global trends and themes that is seen as evidence in what happened last year is up and to the right. Oftentimes when we're talking about technology, you know, with analyst reports up and to the right is a good thing. Not so in this case. We saw huge increases in threat vectors, more vectors weaponized per attack sophistication, expansion of threats and IOT devices. Walk us through the overall key findings from 2020 that this report discovered. >> Absolutely. And if yo glance at your screen there you'll see the key findings here where we talk about record breaking numbers. And just in 2020, we saw over 10 million attacks, which, I mean, this is a 20% increase over 2019. And what's significant about that number is COVID had a huge impact. In fact, if we go all the way back to the beginning, right around mid March, that's when the pandemic was announced, attacks skyrocketed and they didn't stop. They just kept going up and to the right. And that is true through 2021. So far in the first quarter, typically January, February is the down month that we observe in DDoS attacks. Whether this is, you know, kids going back to school from Christmas break, you have their Christmas routines and e-commerce is slowing down. January, February is typically a slow month. That was not true in 2021. In fact, we hit record numbers on a month by month in both January and February. And so not only do we see 2.9 million attacks in the first quarter of 2021, which, I mean, let's do the math here, right? We've got four quarters, you know, we're on track to hit 12 million attacks potentially, if not more. And then you have this normal where we said 800,000 approximately month over month since the pandemic started, we started 2021 at 950,000 plus. That's up and to the right and it's not slowing down. >> It's not slowing down. It's a trend that it shows, you know, significant impact across every industry. And we're going to talk about that but what are some of the new threat vectors that you saw weaponized in the last year? I mean, you talked about the example of the Miami-Dade school district but what were some of those new vectors that were really weaponized and used to help this up and to the right trend? >> So there's four in particular that we were tracking in 2020 and these nets aren't necessarily new vectors. Typically what happens when an adversary starts using this is there's a proof of concept code out there. In fact, a good example of this would be the RDP over UDP. So, I mean, we're all remotely connected, right? We're doing this over a Zoom call. If I want to connect to my organization I'm going to use some sort of remote capability whether that's a VPN or tunneling in, whatever it might be, right? And so remote desktop is something that everybody's using. And we saw actors start to kind of play around with this in mid 2020. And in right around September, November timeframe we saw a sudden spike. And typically when we see spikes in this kind of activity it's because adversaries are taking proof of concept code, that maybe has been around for a period of time, and they're incorporating those into DDoS for hire services. And so any person that wants to launch a DDoS attack can go into underground forums in marketplaces and they can purchase, maybe it's $10 in Bitcoin, and they can purchase an attack. That leverage is a bunch of different DDoS vectors. And so adversaries have no reason to remove a vector as new ones get discovered. They only have the motivation to add more, right? Because somebody comes into their platform and says, "I want to launch an attack that's going to take out my opponent." It's probably going to look a lot better if there's a lot of attack options in there where I can just go through and start clicking buttons left and right. And so all of a sudden now I've got this complex multi-vector attack that I don't have to pay anything extra for. Adversary already did all the work for me and now I can launch an attack. And so we saw four different vectors that were weaponized in 2020. One of those are notably the Jenkins that you see listed on the screen in the key findings. That one isn't necessarily a DDoS vector. It started out as one, it does amplify, but what happens is Jenkins servers are very vulnerable and when you actually initiate this attack, it tips over the Jenkins server. So it kind of operates as like a DoS event versus DDoS but it still has the same effect of availability, it takes a server offline. And then now just in the first part of 2021 we're tracking multiple other vectors that are starting to be weaponized. And when we see this, we go from a few, you know, incidents or alerts to thousands month over month. And so we're seeing even more vectors added and that's only going to continue to go up into the right. You know that theme that we talked about at the beginning here. >> As more vectors get added, and what did you see last year in terms of industries that may have been more vulnerable? As we talked about the work from home, everyone was dependent, really here we are on Zoom, dependent on Zoom, dependent on Netflix. Streaming media was kind of a lifeline for a lot of us but it also was healthcare and education. Did you see any verticals in particular that really started to see an increase in the exploitation and in the risk? >> Yeah, so let's start, let's separate this into two parts. The last part of the key findings that we had was talking about a group we, or a campaign we call Lazarus Borough Model. So this is a global DDoS extortion campaign. We're going to cover that a little bit more when we talk about kind of extorted events and how that operates but these guys, they started where the money is. And so when they first started targeting industries and this kind of coincides with COVID, so it started several months after the pandemic was announced, they started targeting a financial organizations, commercial banking. They went after stock exchange. Many of you would hear about the New Zealand Stock Exchange that went offline. That's this LBA campaign and these guys taking it off. So they started where the money is. They moved to a financial agation targeting insurance companies. They targeted currency exchange places. And then slowly from there, they started to expand. And in so much as our Arbor Cloud folks actually saw them targeting organizations that are part of vaccine development. And so these guys, they don't care who they hurt. They don't care who they're going after. They're going out there for a payday. And so that's one aspect of the industry targeting that we've seen. The other aspect is you'll see, on the next slide here, we actually saw a bunch of different verticals that we really haven't seen in the top 10 before. In fact, if you actually look at this you'll see the number one, two and three are pretty common for us. We almost always are going to see these kinds of telecommunications, wireless, satellite, broadband, these are always going to be in the top. And the reason for that is because gamers and DDoS attacks associated with gaming is kind of the predominant thing that we see in this landscape. And let's face it, gamers are on broadband operating systems. If you're in Asian communities, often they'll use mobile hotspots. So now you start to have wireless come in there. And so that makes sense seeing them. But what doesn't make sense is this internet publishing and broadcasting and you might say, "Well, what is that?" Well, that's things like Zoom and WebEx and Netflix and these other streaming services. And so we're seeing adversaries going after that because those have become critical to people's way of life. Their entertainment, what they're using to communicate for work and school. So they realized if we can go after this it's going to disrupt something and hopefully we can get some recognition. Maybe we can show this as a demonstration to get more customers on our platform or maybe we can get a payday. In a lot of the DDoS attacks that we see, in fact most of them, are all monetary focused. And so they're looking for a payday. They're going to go after something that's going to likely, you know, send out that payment. And then just walk down the line. You can see COVID through this whole thing. Electronic shopping is number five, right? Everybody turned to e-commerce because we're not going to in-person stores anymore. Electronic computer manufacturing, how many more people have to get computers at home now because they're no longer in a corporate environment? And so you can see how the pandemic has really influenced this industry target. >> Significant influencer and I also wonder too, you know, Zoom became a household name for every generation. You know, we're talking to five generations and maybe the generations that aren't as familiar with computer technology might be even more exploitable because it's easy to click on a phishing email when they don't understand how to look for the link. Let's now unpack the different types of DDoS attacks and what is on the rise. You talked about in the report the triple threat and we often think of that in entertainment. That's a good thing, but again, not here. Explain that triple threat. >> Yeah, so what we're seeing here is we have adversaries out there that are looking to take advantage of every possible angle to be able to get that payment. And everybody knows ransomware is a household name at this point, right? And so ransomware and DDoS have a lot in common because they both attack the availability of network resources, where computers or devices or whatever they might be. And so there's a lot of parallels to draw between the two of these. Now ransomware is a denial of service event, right? You're not going to have tens of thousands of computers hitting a single computer to take it down. You're going to have one exploitation of events. Somebody clicked on a link, there was a brute force attempt that managed to compromise a little boxes, credentials, whatever it might be, ransomware gets put on a system, it encrypts all your files. Well, all of a sudden, you've got this ransom note that says "If you want your files decrypted you're going to send us this amount of human Bitcoin." Well, what adversaries are doing now is they're capitalizing on the access that they already gained. So they already have access to the computer. Well, why not steal all the data first then let's encrypt whatever's there. And so now I can ask for a ransom payment to decrypt the files and I can ask for an extortion to prevent me from posting your data publicly. Maybe there's sensitive corporate information there. Maybe you're a local school system and you have all of your students' data on there. You're a hospital that has sensitive PI on it, whatever it might be, right? So now they're going to extort you to prevent them from posting that publicly. Well, why not add DDoS to this entire picture? Now you're already encrypted, we've already got your files, and I'm going to DDoS your system so you can't even access them if you wanted to. And I'm going to tell you, you have to pay me in order to stop this DDoS attack. And so this is that triple threat and we're seeing multiple different ransomware families. In fact, if you look at one of the slides here, you'll see that there's SunCrypt, there's Ragnar Cryptor, and then Maze did this initially back in September and then more recently, even the DarkSide stuff. I mean, who hasn't heard about DarkSide now with the Colonial Pipeline event, right? So they came out and said, "Hey we didn't intend for this collateral damage but it happened." Well, April 24th, they actually started offering DDoS as part of their tool kits. And so you can see how this has evolved over time. And adversaries are learning from each other and are incorporating this kind of methodology. And here we have triple extortion event. >> It almost seems like triple extortion event as a service with the opportunities, the number of vectors there. And you're right, everyone has heard of the Colonial Pipeline and that's where things like ransomware become a household term, just as much as Zoom and video conferencing and streaming media. Let's talk now about the effects that the threat report saw and uncovered region by region. Were there any regions in particular that were, that really stood out as most impacted? >> So not particularly. So one of the phenomenon that we actually saw in the threat report, which, you know, we probably could have talked about it before now but it makes sense to talk about it regionally because we didn't see any one particular region, one particular vertical, a specific organization, specific country, none was more heavily targeted than another. In fact what we saw is organizations that we've never seen targeted before. We've seen industries that have never been targeted before all of a sudden are now getting DDoS attacks because we went from a local on-prem, I don't need to be connected to the internet, I don't need to have my employees remote access. And now all of a sudden you're dependent on the internet which is really, let's face it, that's critical infrastructure these days. And so now you have all of these additional people with a footprint connected to the internet then adversary can figure out and they can poke it. And so what we saw here is just overall, all industries, all regions saw these upticks. The exception would be in China. We actually, in the Asia Pacific region specifically, but predominantly in China. But that often has to do with visibility rather than a decrease in attacks because they have their own kind of infrastructure in China. Brazil's the same way. They have their own kind of ecosystems. And so often you don't see what happens a lot outside the borders. And so from our perspective, we might see a decrease in attacks but, for all we know, they actually saw an increase in the attacks that is internal to their country against their country. And so across the board, just increases everywhere you look. >> Wow. So let's talk about what organizations can do in light of this. As we are here, we are still doing this program by video conferencing and things are opening up a little bit more, at least in the states anyway, and we're talking about more businesses going back to some degree but there's going to still be some mix, some hybrid of working from home and maybe even distance learning. So what can enterprises do to prepare for this when it happens? Because it sounds to me like with the sophistication, the up and to the right, it's not, if we get attacked, it's when. >> It's when, exactly. And that's just it. I mean, it's no longer something that you can put off. You can't just assume that I've never been DDoS attacked, I'm never going to be DDoS attacked anymore. You really need to consider this as part of your core security platform. I like to talk about defense in depth or a layer defense approach where you want to have a layered approach. So, you know, maybe they target your first layer and they don't get through. Or they do get through and now your second layer has to stop it. Well, if you have no layers or if you have one layer, it's not that hard for an adversary to figure out a way around that. And so preparation is key. Making sure that you have something in place and I'm going to give you an operational example here. One of the things we saw with the LBA campaigns is they actually started doing network of conasense for their targets. And what they would do is they would take the IP addresses belonging to your organization. They would look up the domains associated with that and they would figure out like, "Hey, this is bpn.organization.com or VPN two." And all of a sudden they've found your VPN concentrator and so that's where they're going to focus their attack. So something as simple as changing the way that you name your VPN concentrators might be sufficient to prevent them from hitting that weak link or right sizing the DDoS protection services for your company. Did you need something as big as like OnPrem Solutions? We need hardware. Do you instead want to do a managed service? Or do you want to go and talk to a cloud provider because there's right solutions and right sizes for all types of organizations. And the key here is preparation. In fact, all of the customers that we've worked with for the LBA extortion campaigns, if they were properly prepared they experienced almost no downtime or impact to their business. It's the people like the New Zealand Stock Exchange or their service provider that wasn't prepared to handle the attacks that were sent out them that were crippled. And so preparation is key. The other part is awareness. And that's part of what we do with this threat report because we want to make sure you're aware what adversaries are doing, when new attack vectors are coming out, how they're leveraging these, what industries they're targeting because that's really going to help you to figure out what your posture is, what your risk acceptance is for your organization. And in fact, there's a couple of resources that that we have here on the next slide. And you can go to both both of these. One of them is the threat report. You can view all of the details. And we only scratched the surface here in this Cube interview. So definitely recommend going there but the other one is called Horizon And netscout.com/horizon is a free resource you can register but you can actually see near real-time attacks based on industry and based on region. So if your organization out there and you're figuring, "Well I'm never attacked." Well go look up your industry. Go look up the country where you belong and see is there actually attacks against us? And I think you'll be quite surprised that there's quite a few attacks against you. And so definitely recommend checking these out >> Great resources netscout.com/horizon, netscout.com/threatreport. I do want to ask you one final question. That's in terms of timing. We saw the massive acceleration in digital transformation last year. We've already talked about this a number of times on this program. The dependence that businesses and consumers, like globally in every industry, in every country, have on streaming on communications right now. In terms of timing, though, for an organization to go from being aware to understanding what adversaries are doing, to being prepared, how quickly can an organization get up to speed and help themselves start reducing their risks? >> So I think that with DDoS, as opposed to things like ransomware, the ramp up time for that is much, much faster. There is a finite period of time with DDoS attacks that is actually going to impact you. And so maybe you're a smaller organization and you get DDoS attacked. There's a, probably a pretty high chance that that DDoS attack isn't going to last for multiple days. So maybe it's like an hour, maybe it's two hours, and then you recover. Your network resources are available again. That's not the same for something like ransomware. You get hit with ransomware, unless you pay or you have backups, you have to do the rigorous process of getting all your stuff back online. DDoS is more about as soon as the attack stops, the saturation goes away and you can start to get back online again. So it might not be as like immediate critical that you have to have something but there's also solutions, like a cloud solution, where it's as simple as signing up for the service and having your traffic redirected to their scrubbing center, their detection center. And then you may not have to do anything on-prem yourself, right? It's a matter of going out to an organization, finding a good contract, and then signing up, signing on the dotted line. And so I think that the ramp up time for mitigation services and DDoS protection can be a lot faster than many other security platforms and solutions. >> That's good to know cause with the up and to the right trend that you already said, the first quarter is usually slow. It's obviously not that way as what you've seen in 2021. And we can only expect what way, when we talk to you next year, that the up and to the right trend may continue. So hopefully organizations take advantage of these resources, Richard, that you talked about to be prepared to mediate and protect their you know, their customers, their employees, et cetera. Richard, we thank you for stopping by theCube. Talking to us about the sixth NetScout Threat Intelligence Report. Really interesting information. >> Absolutely; definitely a pleasure to have me here. Lisa, anytime you guys want to do it again, you know where I live? >> Yes. It's one of my favorite topics that you got and I got to point out the last thing, your Guardians of the Galaxy background, one of my favorite movies and it should be noted that on the NetScout website they are considered the Guardians of the Connected World. I just thought that connection was, as Richard told me before we went live, not planned, but I thought that was a great coincidence. Again, Richard, it's been a pleasure talking to you. Thank you for your time. >> Thank you so much. >> Richard Hummel, I'm Lisa Martin. You're watching this Cube conversation. (relaxing music)

>> (lively music) >> Narrator: From around the globe it's theCUBE, with digital coverage of IBM Think 2021. Brought to you by IBM. >> Welcome to theCUBE's coverage of IBM Think 2021, the digital event experience. I'm your host, Lisa Martin. I've got an alumni joining me and a brand new guest to the CUBE please welcome Paul Papas, the Global Managing Partner, for IBM Global Business Services, this is transformation services. Paul, welcome back to the virtual CUBE. >> Thanks Lisa great to be here with you today. And Dominique Dubois is here as well. She is the Global Strategy and Offerings Leader in business transformation services or BTS at IBM. Dominique, welcome to the program. >> Thanks Lisa, great to be here. So, we're going to be talking about accelerating business transformation with intelligent workflows. We're going to break through all that, but Paul we're going to start with you. Since we last got together with IBM, a lot has changed so much transformation, so much acceleration of transformation. Talk to me from your perspective, how have you seen the way that businesses running change and what some of the changes in the future are going to be? >> Well, you hit on two key words there Lisa and thanks so much for that question. Two key words that you hit on were change and acceleration. And that's exactly what we see. We were seeing this before the pandemic and if anything, with the pandemic did when things started started kind of spreading around the world late or early last year, around January, February timeframe we saw that word acceleration really take hold. Every one of our clients were looking for new ways to accelerate the change that they had already planned to adapt to this new, this new normal or this new abnormal, depending on how you view it. In fact, we did a study recently, an IBV study that's our Institute of Business Value and found that six out of 10 organizations were accelerating all of their transformation initiatives they had already planned. And that's exactly what we're seeing happening right now in all parts of the world and across all industries. This acceleration to transform. >> So, one of the things that we've talked about for years, Paul, before the pandemic was even a thing, is that there was a lot of perceived technical barriers in terms of like the tech maturity for organizations and employees being opposed to change. People obviously it can be a challenge. They're used to doing things the way they are. But as you just said, in that IBV survey, nearly 60% of businesses say we have to accelerate our transformation due to COVID, probably initially to survive and then thrive. Talk to me about some of those, those barriers that were there a little over a year ago and how businesses 60 plus percent of them have moved those out of the way. >> You know at IBM we've got a 109 year history of being a technology innovation company. And the rate of pace of technical change is always increasing. It's something that we love and that we're comfortable with. But the rate and pace of change is always unsettling. And there's always a human element for change. And the human element is always the rate, the rate setter in terms of the amount of change that you can have in an organization. Our former chairman Ginni Rometty, used to say that growth and comfort cannot co-exist. And it's so true because changing is uncomfortable. It's unsettling. It can be, it can be nerve-racking. It can instill fear and fear can be paralyzing in terms of driving change. And what we also see is there's a disconnect, a lot of times and that IBV study that I was referring to before, we saw results coming back where 78% of executives feel that they have provided the training and enablement to help their employees transform to new required skills and new ways of working but only half of the people surveyed felt the same way. Similarly, we saw a disconnect in terms of companies feeling that they're providing the right level of health and wellness support during the pandemic. And only half of the employees responded back they feel that they're getting that level of support. So, the people change aspect of doing a transformation or adapting to new circumstances is always the most critical component and always the hardest component. And when we talk about helping our clients do that in IBM that's our service as organization. That's the organization that Dominique Dubois is representing here today. I'm responsible for business transformation services within our organization. We help our clients adapt using new technologies, transforming the way they work, but also addressing the people change elements that could be so difficult and hitting them head on so that they can make sure that they can survive and thrive in a meaningful and lasting way in this new world. >> One of the hardest things is that cultural transformation regardless of a pandemic. So, I can't imagine I'd love to get one more thing, Paul from you before we head over to Dominique. IBM is on 109 year old organization. Talk to me about the IBM pledge. This is something that came up last year, huge organization massive changes last year, not just the work from home that the mental concerns and issues that people had. What did IBM do like as a grassroots effort that went viral? >> Yeah, so, it's really great. So, when the pandemic started, we all have to shift it, We all have to shift to working from home. And as you mentioned, IBM's 109 year old company, we have over 300,000 employees working in 170 countries. So, we had to move this entire workforce. It's 370,000 humans to working in a new way that many of which have never done before. And when we started experiencing, the minute we did that, within a few weeks, my team and I were talking Dominique is on my team and we were having conversations where we were feeling really exhausted. Just a few weeks into this and it was because we were constantly on Webex, we were constantly connected and we're all used to working really hard. We travel a lot, we're always with our clients. So, it wasn't that, you have a team that is adapting to like working more hours or longer hours, but this was fundamentally different. And we saw that with schools shutting down and lock downs happening in different of the world the home life balance was getting immediately difficult to impossible to deal with. We have people that are taking care of elderly parents, people that are homeschooling children, other personal life situations that everyone had to navigate in the middle of a pandemic locked at home with different restrictions on when you can go out and get things done. So, we got together as a group and we just started talking about how can we help? How can we help make life just a little bit easier for all of our people? And we started writing down some things that we would, we would commit to doing with each other. How we would address each other. And when that gave birth to was what we call the IBM Work From Home Pledge. And it's a set of principles, all grounded in the belief that, if we act this way, we might just be able to make life just a little bit easier for each other and it's grounded in empathy. And there are parts of the Plex that are pledging to be kind. Recognizing that in this new digital world that we're showing up on camera inside of everyone's home. We're guests in each other's homes. So, let's make sure that we act appropriately as guests at each other's home. So, if children run into the frame during the middle of a meeting or dog started barking during the middle of a meeting, just roll with it. Don't call out attention to it. Don't make people feel self-conscious about it. Pledged the support so your fellow IBM by making time for personal needs. So, if someone has to, do homeschooling in the middle of the day, like Dominique's got triplets she's got to do homeschooling in the middle of the day. Block that time off and we will respect that time on your calendar. And just work around it and just deal with it. There are other things like respecting that camera ready time. As someone who's now been on camera every day it feels like for the last 14 months we want to respect the time that people when they have their cameras off. And not pressure them to put their cameras on saying things like, Hey, I can't see you. There's no reason to add more pressure to everyone's life, if someone's camera's off, it's all for a reason. And then other things like pledging to checking on each other, pledging to set boundaries and tend to our own self-care. So, we published that as a group, we just again and we put it on a Slack channel. So it's kind of our communication method inside the company. It was just intended to be for my organization but it started going viral and tens of thousands of IBM members started taking, started taking the pledge and ultimately caught the attention of our CEO and he loved it, shared it with his leadership team, which I'm a part of. And then also then went on LinkedIn and publicly took the pledge as well. Which then also got more excitement and interaction with other companies as well. So, grassroots effort all grounded in showing empathy and helping to make life just a little bit easier for everyone. >> So important, I'm going to look that up and I'm going to tell you as a person who speaks with many tech companies a week. A lot of businesses could take a lead from that and it gets really important and we are inviting each other into our homes and I see you're a big Broadway fan I'll have to ask you that after we wrap (giggles) Dominique I don't know how you're doing any of this with triplets. I only have two dogs (Dominique laughs) but I'd love to know this sense of urgency, that is everywhere you're living it. Paul talked about it with respect to the acceleration of transformation. How from your lens is IBM and IBM helping customers address the urgency, the need to pivot, the need to accelerate, the need to survive and thrive with respect to digital transformation actually getting it done? >> Right, thanks Lisa, so true our clients are really needing to and ready to move with haste. That that sense of urgency can be felt I think across every country, every market, every industry. And so we're really helping our clients accelerate their digital transformations and we do that through something that we call intelligent workflows. And so workflows in and of themselves are basically how organizations get work done. But intelligent workflows are how we infuse; predictive properties, automation, transparency, agility, end to end across a workflow. So, pulling those processes together so they're not solid anymore and infusing. So, simply put we bring intelligent workflows to our clients and it fundamentally reinvents how they're getting work done from a digital perspective, from a predictive perspective, from a transparency perspective. And I think what really stands apart when we deliver this with our clients in partnership with our clients is how it not only delivers value to the bottom line, to the top line it also actually delivers greater value to their employees, to the customers, to the partner to their broader ecosystem. And intelligent workflows are really made up of three core elements. The first is around better utilizing data. So, aggregating, analyzing, getting deeper insight out of data, and then using that insight not just for employees to make better decisions, but actually to support for emerging technologies to leverage. So we talked about AI, automation, IOT, blockchain, all of these technologies require vast amounts of data. And what we're able to bring both on the internal and external source from a data perspective really underpins what these emerging technologies can do. And then the third area is skills. Our skills that we bring to the table, but also our clients deep, deep expertise, partner expertise, expertise from the ecosystem at large and pulling all of that together, is how we're really able to help our clients accelerate their digital transformations because we're helping them shift, from a set of siloed static processes to an end-to-end workflow. We're helping them make fewer predictions based on the past historical data and actually taking more real-time action with real time insights. So, it really is a fundamental shift and how your work is getting done to really being able to provide that emerging technologies, data, deep skills-based end to end workflow. >> That word fundamental has such gravity. and I know we say data has gravity being fundamental in such an incredibly dynamic time is really challenging but I was looking through some of the notes that you guys provided me with. And in terms of what you just talked about, Dominique versus making a change to a silo, the benefits and making changes to a spectrum of integrated processes the values can be huge. In fact, I was reading that changing a single process like billing, for example might deliver up to 20% improved results. But integrating across multiple processes, like billing, collections, organizations can achieve double that up to 40%. And then there's more taking the intelligent workflow across all lead to cash. This was huge. Clients can get 50 to 70% more value from that. So that just shows that fundamental impact that intelligent workflows can make. >> Right, I mean, it really is when we see it really is about unlocking exponential value. So, when you think about crossing end to end workflow but also, really enhancing what clients are doing and what companies are doing today with those exponential technologies from kind of single use the automation POC here and AI application POC here, actually integrating those technologies together and applying them at scale. When I think intelligent workflows I think acceleration. I think exponential value. But I also really think about at scale. Because it's really the ability to apply these technologies the expertise at scale that allows us to start to unlock a lot of that value. >> So let's go over Paul, in the last few minutes that we have here I want to talk about IBM garage and how this is helping clients to really transform those workflows. Talk to me a little bit about what IBM garage is. I know it's not IBM garage band and I know it's been around since before the pandemic but help us understand what that is and how it's delivering value to customers. >> Well, first I'm going to be the first to invite you to join the IBM garage band, Lisa so we'd love to have you >> I'm in. no musical experience required... >> I like to sing, all right I mean (laughs) We're ready, we're ready for. So, let me talk to you about IBM garage and I do want to key on two words that Dominique was mentioning speed and scale. Because that's what our clients are really looking for when they're doing transformations around intelligent workflows. How can you transform at scale, but do that with speed. And that really becomes the critical issue. As Dominique mentioned, there's a lot of companies that can help you do a proof of concept do something in a few weeks that you can test an idea out and have something that's kind of like a throw away piece of work that maybe proves a point or just proves a point. But even if it does prove the point at that point you'd have to restart a new, to try to get something that you could actually scale either in the production technology environment or scale as a change across an organization. And that's where IBM garage comes in. It's all a way of helping our clients co-create, co-execute and then cooperate, innovating at scale. So, we use methods like design thinking inside of IBM we've trained several hundred thousand people on design thinking methods. We use technologies like neural and other things that help our clients co-create in a dynamic environment. And what's amazing for me is that, the cause of the way we were, we were doing work with clients in a garage with using IBM garage in a garage environment before the pandemic. And one of our clients Frito-Lay of North America, is an example where we've helped them innovate at scale and speed using IBM garage over a long period of time. And when the pandemic hit, we in fact were running 11 garages across 11 different workflow areas for them the pandemic hit and everyone was sent home. So, we all instantly overnight had to work from home together with relay. And what was great is that we were able to quickly adapt the garage method to working in a virtual world. To being able to run that same type of innovation and then use that innovation at scale in a virtual world, we did that overnight. And since that time which happened, that happened back in March of last year throughout the pandemic, we've run over 1500 different garage engagements with all of our clients all around the world in a virtual, in a virtual environment. It's just an incredible way, like I said to help our clients innovate at scale. >> That's fantastic, go ahead Dominique. >> Oh, sorry, was just said it's a great example, we partnered with FlightSafety International, they train pilots. And I think a great example of that speed and scale right is in less than 12 weeks due to the garage methodology and the partnership with FlightSafety, we created with them and launched an adaptive learning solution. So, a platform as well as a complete change to their training workflow such that they had personalized kind of real-time next best training for how they train their pilots for simulators. So, reducing their cycle time but also improving the training that their pilots get, which as people who normally travel, it's really important to us and everyone else. So, just a really good example, less than 12 weeks start to start to finish. >> Right, talk about acceleration. Paul, last question for you, we've got about 30 seconds left I know this is an ecosystem effort of IBM, it's ecosystem partners, it's Alliance partners. How are you helping align right partner with the right customer, the right use case? >> Yeah, it's great. And our CEO Arvind Krishna has really ushered in this era where we are all about the open ecosystem here at IBM and working with our ecosystem partners. In our services business we have partnerships with all the major, all the major technology players. We have a 45 year relationship with SAP. We've done more SAP S 400 implementations than anyone in the world. We've got the longest standing consulting relationship with Salesforce, we've got a unique relationship with Adobe, they're only services and technology partner in the ecosystem. And we just recently won three, procedures Partner Awards, with them and most recently we announced a partnership with Celonis which is an incredible process execution software company, process mining software company that's going to help us transform intelligent workflows in an accelerated way, embedded in our garage environment. So, ecosystem is critical to our success but more importantly, it's critical to our client success. We know that no one alone has the answers and no one alone can help anyone change. So, with this open ecosystem approach that we take and global business services and our business transformation services organization, we're able to make sure that we bring our clients the best of everyone's capabilities. Whether it's our technology, partners, our services IBM's own technology capabilities, all in the mix, all orchestrated in service to our client's needs all with the goal of driving superior business outcomes for them. >> And helping those customers in any industry to accelerate their business transformation with those intelligent workloads and a very dynamic time. This is a topic we could keep talking about unfortunately, we are out of time but thank you both for stopping by and sharing with me what's going on with respect to intelligent workflows. How the incremental exponential value it's helping organizations to deliver and all the work that IBM is doing to enable its customers to be thrivers of tomorrow. We appreciate talking to you >> Paul: Thanks Lisa. >> Dominique: Thank you >> For Paul Papas and Dominique Dubois I'm Lisa Martin. You're watching the CUBE's coverage of IBM Think the digital event experience. (gentle music)