>> from our studios in the heart of Silicon Valley, Palo Alto, California It is >> a cute conversation. Hey, welcome back. Get ready. Geoffrey here with the Cube. We're gonna rip out the studios for acute conversation. It's the middle of the summer, the conference season to slow down a little bit. So we get a chance to do more cute conversation, which is always great. Excited of our next guest. He's Ridge, IP, Ops Statik. He's a VP and GM from key. Cite, Reject. Great to see you. >> Thank you for hosting us. >> Yeah. So we've had Marie on a couple of times. We had Bethany on a long time ago before the for the acquisition. But for people that aren't familiar with key site, give us kind of a quick overview. >> Sure, sure. So I'm within the excess solutions group Exhale really started was founded back in 97. It I peered around 2000 really started as a test and measurement company quickly after the I poet became the number one vendor in the space, quickly grew around 2012 and 2013 and acquired two companies Net optics and an ooey and net optics and I knew we were in the visibility or monitoring space selling taps, bypass witches and network packet brokers. So that formed the Visibility Group with a nice Xia. And then around 2017 key cite acquired Xia and we became I S G or extra Solutions group. Now, key site is also a very large test and measurement company. It is the actual original HB startup that started in Palo Alto many years ago. An HB, of course, grew, um it also started as a test and measurement company. Then later on it, it became a get a gun to printers and servers. HB spun off as agile in't, agile in't became the test and measurement. And then around 2014 I would say, or 15 agile in't spun off the test and measurement portion that became key site agile in't continued as a life and life sciences organization. And so key sites really got the name around 2014 after spinning off and they acquired Xia in 2017. So more joy of the business is testing measurement. But we do have that visibility and monitoring organization to >> Okay, so you do the test of measurement really on devices and kind of pre production and master these things up to speed. And then you're actually did in doing the monitoring in life production? Yes, systems. >> Mostly. The only thing that I would add is that now we are getting into live network testing to we see that mostly in the service provider space. Before you turn on the service, you need to make sure that all the devices and all the service has come up correctly. But also we're seeing it in enterprises to, particularly with security assessments. So reach assessment attacks. Security is your eye to organization really protecting the network? So we're seeing that become more and more important than they're pulling in test, particularly for security in that area to so as you. As you say, it's mostly device testing. But then that's going to network infrastructure and security networks, >> Right? So you've been in the industry for a while, you're it. Until you've been through a couple acquisitions, you've seen a lot of trends, so there's a lot of big macro things happening right now in the industry. It's exciting times and one of the ones. Actually, you just talked about it at Cisco alive a couple weeks ago is EJ Computer. There's a lot of talk about edges. Ej the new cloud. You know how much compute can move to the edge? What do you do in a crazy oilfield? With hot temperatures and no powers? I wonder if you can share some of the observations about EJ. You're kind of point of view as to where we're heading. And what should people be thinking about when they're considering? Yeah, what does EJ mean to my business? >> Absolutely, absolutely. So when I say it's computing, I typically include Io TI agent. It works is along with remote and branch offices, and obviously we can see the impact of Io TI security cameras, thermal starts, smart homes, automation, factory automation, hospital animation. Even planes have sensors on their engines right now for monitoring purposes and diagnostics. So that's one group. But then we know in our everyday lives, enterprises are growing very quickly, and they have remote and branch offices. More people are working from remotely. More people were working from home, so that means that more data is being generated at the edge. What it's with coyote sensors, each computing we see with oil and gas companies, and so it doesn't really make sense to generate all that data. Then you know, just imagine a self driving car. You need to capture a lot of data and you need to process. It just got really just send it to the cloud. Expect a decision to mate and then come back and so that you turn left or right, you need to actually process all that data, right? We're at the edge where the source of the data is, and that means pushing more of that computer infrastructure closer to the source. That also means running business critical applications closer to the source. And that means, you know, um, it's it's more of, ah, madness, massively distributed computer architecture. Um, what happens is that you have to then reliably connect all these devices so connectivity becomes important. But as you distribute, compute as well as applications, your attack surface increases right. Because all of these devices are very vulnerable. We're probably adding about 5,000,000 I ot devices every day to our network, So that's a lot of I O T. Devices or age devices that we connect many of these devices. You know, we don't really properly test. You probably know from your own home when you can just buy something and could easily connect it to your wife. I Similarly, people buy something, go to their work and connect to their WiFi. Not that device is connected to your entire network. So vulnerabilities in any of these devices exposes the entire network to that same vulnerability. So our attack surfaces increasing, so connection reliability as well as security for all these devices is a challenge. So we enjoy each computing coyote branch on road officers. But it does pose those challenges. And that's what we're here to do with our tech partners. Toe sold these issues >> right? It's just instinct to me on the edge because you still have kind of the three big um, the three big, you know, computer things. You got the networking right, which is just gonna be addressed by five g and a lot better band with and connectivity. But you still have store and you still have compute. You got to get those things Power s o a cz. You're thinking about the distribution of that computer and store at the edge versus in the cloud and you've got the Leighton see issue. It seems like a pretty delicate balancing act that people are gonna have to tune these systems to figure out how much to allocate where, and you will have physical limitations at this. You know the G power plant with the sure by now the middle of nowhere. >> It's It's a great point, and you typically get agility at the edge. Obviously, don't have power because these devices are small. Even if you take a room order branch office with 52 2 100 employees, there's only so much compute that you have. But you mean you need to be able to make decisions quickly. They're so agility is there. But obviously the vast amounts of computer and storage is more in your centralized data center, whether it's in your private cloud or your public cloud. So how do you do the compromise? When do you run applications at the edge when you were in applications in the cloud or private or public? Is that in fact, a compromise and year You might have to balance it, and it might change all the time, just as you know, if you look at our traditional history off compute. He had the mainframes which were centralized, and then it became distributed, centralized, distributed. So this changes all the time and you have toe make decisions, which which brings up the issue off. I would say hybrid, I t. You know, they have the same issue. A lot of enterprises have more of a, um, hybrid I t strategy or multi cloud. Where do you run the applications? Even if you forget about the age even on, do you run an on Prem? Do you run in the public cloud? Do you move it between class service providers? Even that is a small optimization problem. It's now even Matt bigger with H computer. >> Right? So the other thing that we've seen time and time again a huge trend, right? It's software to find, um, we've seen it in the networking space to compete based. It's offered to find us such a big write such a big deal now and you've seen that. So when you look at it from a test a measurement and when people are building out these devices, you know, obviously aton of great functional capability is suddenly available to people, but in terms of challenges and in terms of what you're thinking about in software defined from from you guys, because you're testing and measuring all this stuff, what's the goodness with the badness house for people, you really think about the challenges of software defined to take advantage of the tremendous opportunity. >> That's a really good point. I would say that with so far defined it working What we're really seeing is this aggregation typically had these monolithic devices that you would purchase from one vendor. That wonder vendor would guarantee that everything just works perfectly. What software defined it working, allows or has created is this desegregated model. Now you have. You can take that monolithic application and whether it's a server or a hardware infrastructure, then maybe you have a hyper visor or so software layer hardware, abstraction, layers and many, many layers. Well, if you're trying to get that toe work reliably, this means that now, in a way, the responsibility is on you to make sure that you test every all of these. Make sure that everything just works together because now we have choice. Which software packages should I install from which Bender This is always a slight differences. Which net Nick Bender should I use? If PJ smart Nick Regular Nick, you go up to the layer of what kind of ax elation should I use? D. P. D K. There's so many options you are responsible so that with S T N, you do get the advantage of opportunity off choice, just like on our servers and our PCs. But this means that you do have to test everything, make sure that everything works. So this means more testing at the device level, more testing at the service being up. So that's the predeployment stage and wants to deploy the service. Now you have to continually monitor it to make sure that it's working as you expected. So you get more choice, more diversity. And, of course, with segregation, you can take advantage of improvements on the hardware layer of the software layer. So there's that the segregation advantage. But it means more work on test as well as monitoring. So you know there's there's always a compromise >> trade off. Yeah, so different topic is security. Um, weird Arcee. This year we're in the four scout booth at a great chat with Michael the Caesars Yo there. And he talked about, you know, you talk a little bit about increasing surface area for attack, and then, you know, we all know the statistics of how long it takes people to know that they've been reach its center center. But Mike is funny. He you know, they have very simple sales pitch. They basically put their sniffer on your network and tell you that you got eight times more devices on the network than you thought. Because people are connecting all right, all types of things. So when you look at, you know, kind of monitoring test, especially with these increased surface area of all these, Iet devices, especially with bring your own devices. And it's funny, the H v A c seemed to be a really great place for bad guys to get in. And I heard the other day a casino at a casino, uh, connected thermometer in a fish tank in the lobby was the access point. How is just kind of changing your guys world, you know, how do you think about security? Because it seems like in the end, everyone seems to be getting he breached at some point in time. So it's almost Maur. How fast can you catch it? How do you minimize the damage? How do you take care of it versus this assumption that you can stop the reaches? You >> know, that was a really good point that you mentioned at the end, which is it's just better to assume that you will be breached at some point. And how quickly can you detect that? Because, on average, I think, according to research, it takes enterprise about six months. Of course, they're enterprise that are takes about a couple of years before they realize. And, you know, we hear this on the news about millions of records exposed billions of dollars of market cap loss. Four. Scout. It's a very close take partner, and we typically use deploy solutions together with these technology partners, whether it's a PM in P. M. But very importantly, security, and if you think about it, there's terabytes of data in the network. Typically, many of these tools look at the packet data, but you can't really just take those terabytes of data and just through it at all the tools, it just becomes a financially impossible toe provide security and deploy such tools in a very large network. So where this is where we come in and we were the taps, we access the data where the package workers was essentially groom it, filtering down to maybe tens or hundreds of gigs that that's really, really important. And then we feed it, feed it to our take partners such as Four Scout and many of the others. That way they can. They can focus on providing security by looking at the packets that really matter. For example, you know some some solutions only. Look, I need to look at the package header. You don't really need to see the send the payload. So if somebody is streaming Netflix or YouTube, maybe you just need to send the first mega byte of data not the whole hundreds of gigs over that to our video, so that allows them to. It allows us or helps us increase the efficiency of that tool. So the end customer can actually get a good R Y on that on that investment, and it allows for Scott to really look at or any of the tech partners to look at what's really important let me do a better job of investigating. Hey, have I been hacked? And of course, it has to be state full, meaning that it's not just looking at flow on one data flow on one side, looking at the whole communication. So you can understand What is this? A malicious application that is now done downloading other malicious applications and infiltrating my system? Is that a DDOS attack? Is it a hack? It's, Ah, there's a hole, equal system off attacks. And that's where we have so many companies in this in this space, many startups. >> It's interesting We had Tom Siebel on a little while ago actually had a W s event and his his explanation of what big data means is that there's no sampling air. And we often hear that, you know, we used to kind of prior to big day, two days we would take a sample of data after the fact and then tried to to do someone understanding where now the more popular is now we have a real time streaming engines. So now we're getting all the data basically instantaneously in making decisions. But what you just bring out is you don't necessarily want all the data all the time because it could. It can overwhelm its stress to Syria. That needs to be a much better management approach to that. And as I look at some of the notes, you know, you guys were now deploying 400 gigabit. That's right, which is bananas, because it seems like only yesterday that 100 gigabyte Ethan, that was a big deal a little bit about, you know, kind of the just hard core technology changes that are impacting data centers and deployments. And as this band with goes through the ceiling, what people are physically having to do, do it. >> Sure, sure, it's amazing how it took some time to go from 1 to 10 gig and then turning into 40 gig, but that that time frame is getting shorter and shorter from 48 2 108 100 to 400. I don't even know how we're going to get to the next phase because the demand is there and the demand is coming from a number of Trans really wants five G or the preparation for five G. A lot of service providers are started to do trials and they're up to upgrading that infrastructure because five G is gonna make it easier to access state of age quickly invest amounts of data. Whenever you make something easy for the consumer, they will consume it more. So that's one aspect of it. The preparation for five GS increasing the need for band with an infrastructure overhaul. The other piece is that we're with the neutralization. We're generating more Eastern West traffic, but because we're distributed with its computing, that East West traffic can still traverse data centers and geography. So this means that it's not just contained within a server or within Iraq. It actually just go to different locations. That also means your data center into interconnect has to support 400 gig. So a lot of network of hitmen manufacturers were typically call them. Names are are releasing are about to release 400 devices. So on the test side, they use our solutions to test these devices, obviously, because they want to release it based the standards to make sure that it works on. So that's the pre deployment phase. But once these foreign jiggy devices are deployed and typically service providers, but we're start slowly starting to see large enterprises deploy it as a mention because because of visualization and computing, then the question is, how do you make sure that your 400 gig infrastructure is operating at the capacity that you want in P. M. A. P M. As well as you're providing security? So there's a pre deployment phase that we help on the test side and then post deployment monitoring face. But five G is a big one, even though we're not. Actually we haven't turned on five year service is there's tremendous investment going on. In fact, key site. The larger organization is helping with a lot of these device testing, too. So it's not just Xia but key site. It's consume a lot of all of our time just because we're having a lot of engagements on the cellphone side. Uh, you know, decide endpoint side. It's a very interesting time that we're living in because the changes are becoming more and more frequent and it's very hot, so adapt and make sure that you're leading that leading that wave. >> In preparing for this, I saw you in another video camera. Which one it was, but your quote was you know, they didn't create electricity by improving candles. Every line I'm gonna steal it. I'll give you credit. But as you look back, I mean, I don't think most people really grown to the step function. Five g, you know, and they talk about five senior fun. It's not about your phone. It says this is the first kind of network built four machines. That's right. Machine data, the speed machine data and the quantity of Mr Sheen data. As you sit back, What kind of reflectively Again? You've been in this business for a while and you look at five G. You're sitting around talking to your to your friends at a party. So maybe some family members aren't in the business. How do you How do you tell them what this means? I mean, what are people not really seeing when they're just thinking it's just gonna be a handset upgrade there, completely missing the boat? >> Yeah, I think for the for the regular consumer, they just think it's another handset. You know, I went from three G's to 40 year. I got I saw bump in speed, and, you know, uh, some handset manufacturers are actually advertising five G capable handsets. So I'm just going to be out by another cell phone behind the curtain under the hurt. There's this massive infrastructure overhaul that a lot of service providers are going through. And it's scary because I would say that a lot of them are not necessarily prepared. The investment that's pouring in is staggering. The help that they need is one area that we're trying to accommodate because the end cell towers are being replaced. The end devices are being replaced. The data centers are being upgraded. Small South sites, you know, Um, there's there's, uh how do you provide coverage? What is the killer use case? Most likely is probably gonna be manufacturing just because it's, as you said mission to make mission machine learning Well, that's your machine to mission communication. That's where the connected hospitals connected. Manufacturing will come into play, and it's just all this machine machine communication, um, generating vast amounts of data and that goes ties back to that each computing where the edge is generating the data. But you then send some of that data not all of it, but some of that data to a centralized cloud and you develop essentially machine learning algorithms, which you then push back to the edge. The edge becomes a more intelligent and we get better productivity. But it's all machine to machine communication that, you know, I would say that more of the most of the five communication is gonna be much information communication. Some small portion will be the consumers just face timing or messaging and streaming. But that's gonna be there exactly. Exactly. That's going to change. I'm of course, we'll see other changes in our day to day lives. You know, a couple of companies attempted live gaming on the cloud in the >> past. It didn't really work out just because the network latency was not there. But we'll see that, too, and was seeing some of the products coming out from the lecture of Google into the company's where they're trying to push gaming to be in the cloud. It's something that we were not really successful in the past, so those are things that I think consumers will see Maur in their day to day lives. But the bigger impact is gonna be for the for the enterprise >> or jet. Thanks for ah, for taking some time and sharing your insight. You know, you guys get to see a lot of stuff. You've been in the industry for a while. You get to test all the new equipment that they're building. So you guys have a really interesting captaincy toe watches developments. Really exciting times. >> Thank you for inviting us. Great to be here. >> All right, Easier. Jeff. Jeff, you're watching the Cube. Where? Cube studios and fellow out there. Thanks for watching. We'll see you next time.

>> Live from San Francisco. It's the Cube covering artists. A conference twenty nineteen brought to you by for scout. >> Hey, Welcome back, everybody. Geoffrey here with the cue, We're at the arse. A >> conference in Mosconi. They finally finished The remodel. Looks beautiful in the rain is not coming in. Which is a good thing. We're excited. >> Have a next guests of many time Keep alumni. >> He's Sean Connery, the VP and GM of Security and Risk Business Unit at service now Song. Great to see you. It's great Sea again, Jeff. Thanks for having us. Absolutely. So it's been probably six months or so since we last talked What's been going on its service down the security space? >> Well, one of the things that's been most interesting is, as our customers have started to get into production now with the security capabilities as well as our risk capabilities there, realizing the benefits of having I t security and risk on the same platform. So when we were talking last time, we're talking a lot about, you know, security, hygiene, vulnerability, management, security incidents and that's all very much mainstream now on R and R install base. But now folks are saying, Wait a minute if I've got it. Data risk, data, compliance, data and security and vulnerability to it on the same platform. What kinds of things could I now do that >> I couldn't do before? Right? So what are they doing? >> Well, big thing they're doing is they're starting to manage risk in a holistic way by leveraging operational data on the platform. So if you think about the way risk tools have historically worked, you know, you're basically in what is essentially a glorified spreadsheet building dashboards for how to represent the various risks to your organisation. But if you think about what auditors and compliance people need to do there, essentially checking the state of all these compliance tasked throughout an organization. But it's essentially a survey. Like I'll ask you like, Hey, tell me about the data protection strategy for your application. You have to tell me while we're using crypto or we're not using krypto. The data is in this country. Well, all that date is already in service now. So how do you now automate? So we take all those mundane tasks around compliance and risk and be able to roll that up to clear, visible risk indicators manage that in a continuous way, what we call continuous monitoring for risk, which is just a brand new way to think about this problem, >> right? I'm curious how the changing of the assessment of the risk changes over time you've got the compliance stuff, which you just have to do, right? You have to check the box you've got, you know, kind of your business crown jewels. But then now we're seeing with kind of these nation state attacks and political attacks and sees things that aren't necessarily just trying to steal your personal information and not trying to steal your your your big money. But they're looking for other data that maybe you wouldn't have assigned an appropriate risk level in a time before because you were kind of really protecting the money and the and the and the obvious crown jewels. How >> does that >> how's that risk kind of profile continue to modify and change over time? >> I think that that's gonna be the state, uh, for you know, forever, right? The right profile. Going to continue to modify. I think what's important for security team's risk teams teams is to make sure they're actually using risk as we talked about last time. Is there North Star for guiding their security investments were here surrounded, like in the lion's den. All these security vendors, I was just walking the halls, all the startups that air, trying to do different things. And, you know, there's always gonna be another tool that somebody's going to want to sell you to solve a problem. But ultimately you need to be looking at the risks to your organisation. As you said, the evolving risk people shipped a cloud. You know, they deal with nation state attacks. They deal with, you know, whatever is going to come tomorrow. And how do you guide your security investments in favor of that? What we're seeing it service now is a renewed interest in hygiene and back to basics. How do I manage my vulnerabilities? Is my patch program effective? How am I dealing with exceptions and that? What's that channel to it? Because, as you know, almost everything about security was actually done by from an operational standpoint. So that channel of communication is something that we've been really heavily focused on. >> Yeah, it's a pretty state, As you say. We're surrounded by many shiny many bright, shiny lights, and people have something yourself. But you can't you can't buy your way out of this thing. You can't technology. You're way out of it. You can't hire out of it. So you really need to use a kind of a sophisticated strategy of integrated tools with the right amount of automation to help you get through this morass. >> Absolutely. And one of the ways we liketo help our customers think about >> this is, >> you know, your teams want to be focused on the interesting parts of their jobs. They came into the security industry because they want to help save the world right now, they watch some movie, they imagine some amazing role. And then when they get into the role, if they're dealing with mundane, you know, uh, fishing response. You know, vulnerability, prioritization. It just, you know, it takes the wind out of their sails, right? But if you can, if you can automate those mundane task using a digital work folk platform like service now, then suddenly free that time up so they could be focused on what you were just describing much more advanced attacks where you want creative humans. Sort >> of. This is so funny, right? It's almost like any type of a job like painting. You know the more time he spilled, spend prepping the house and sanding everything except painting better. The painting goes, and it's kind of the same thing here. It's the Boring is the mundane is applying the patches, as you said, but it's all of those things that make the exciting part when you get there. Now you can focus on real problems was just shoot, you know, we forgot to apply that match two weeks ago, >> you reminded me. I think my dad taught me a measure twice cut once that. S O s. Oh, it's absolutely right. So one way to think about that is that a concrete example is attack surface. So people, a lot of people on this hall are talking about your attack surface. What are the areas that can be attacked within your organization? Well, one of the best ways to reduce your attack surfaces to manage your vulnerability program in an effective way. Because if you can deal with patching much more efficiently patching the right assets the ones that have active exploits that are available, then suddenly you're inflow of incidents reduces, and then you automate the incidents that remain. And then suddenly you've got a mass the time savings versus If you just sort of scattershot said All right, T Max is going to work on vulnerabilities. Team wise, going toe workout incidents. They're really not gonna coordinate. And they're especially not gonna coordinate with tea. That's when things start to fall apart. >> Right. Right. So we're here in the Fourth Scout Booth. Um, so how long have you guys been working for Scout? How does how did the two systems work together? >> Yeah. So we've been working for Scott for awhile. We've actually got a number of integrations that are live on the surface now store. Uh, in fact, we have customers in production using for scout. So we really see, with force got in service now is a couple of things. First off, just on the asset management asset Discovery side of the house for Scott has a wealth of capabilities around giving us information about endpoint assets, whether they be traditional assets or coyote assets. And we can feed that directly into the seem to be our configuration management database. Right To help manage the overall assets within an organization that's sort of step one for Scout is a terrific partner to help pull that data in. And then the second thing we can do is we can men using the security capabilities inside service. Now we can trigger actions inside for scouts environment to then block re mediate, isolate. When we see something bad happening related to an incident or a vulnerability >> that we discover, right, I just can't help, but they're gonna know Asset management is eighty beady little piece of of the service now offering and all we hear about force. God just going in and finding out all kinds of stuff that you had out there that can. And I'm like, who found it first. You guys in the asset management or were the four scout sniffer? But I I imagine a lot of that stuff is not in your asset management system because it's things that people have just plugged in here and there and along the way. >> Yeah, well, we've got our we have a discovery capability is part of service now, which is which is fantastic. And that is primarily focused on server assets and the relationship between those server assets. So you want to understand, What is the total footprint of my AARP infrastructure? The load balancers, the network equipment, the servers. We can do that very, very well. What? What we really rely on coming like forced God to help us with is like you said, somebody plugged something in on the wireless network on the local network. You know, we don't know what it is. And for school can help us, you know? What is it? Where is it on DH that that information's changing so quickly that it really helped us out tohave having integrated solution. We've actually got Customersdata, Utah was in production now, with sixty thousand devices being managed with force got in service now working together, it's curious >> if you somehow integrate those back in and say, You know, it's not just me plugging in my phone, but it's actually something that needs to be more actively managed. If there's a discovery process there within service in ours, and it's mainly just temporary stuff, plug it in, plug it in and out, plug it in, plug it out. >> Yeah, I wouldn't think of the integrations with force got his temporary in anyway. It's just more. It's more dynamic environment so that our people are people are plugging systems in, you know, typically, you want to do that in an agent lis way, right? You don't want to have a heavyweight agent on the end point. And that's what force guys really known for discovering, analyzing what these devices are. And for us, the more incoming data we have into our CM, D B, the more valuable that is to our customers. And so we're really excited Team to do more with force. Go >> right. All right, I give you the last word. What priorities? For twenty nineteen. >> Prices for twenty nineteen is really to build on what we what we just announced. So Madrid are major service not released. Just hit today, right? Thanks. Thanks very much. We have exploit enrichments and our vulnerability system now so we can know, you know. Is there a phone? How How How critical is it? But also has it been exploited or not? Right. Is it publicly available? Exploit doesn't require local access, remote access so that we've done that on the security side. Wait. Did some continuous monitoring that we already talked about. But the big thing for us, that service now is mobile in twenty nineteen. Right? So big capability we announced, is native mobile capabilities. So essentially, we're positioning everyday work is the next killer out for mobile? Because, as you know, service now is all about Inter connecting all these various departments and making these classic processes digital work clothes. And now you can have that same sort of consumer grade mobile experience on your enterprise infrastructure. And so being able to build that out about all of our products and continue to drive Alodor customers are really excited about it. >> I just can't help But think of Fred coming out. I think it like twenty fifteen with, like, the first. I might be off by year to the first, You know, service now on mobile and the crowd went wild. >> It was awesome at the time. Right now, that was a that was a essentially a scaled down web capability. Right foot inside of a container. Now, this is Native mobile. So GPS face I d three d touch to use IOS. Examples are all capabilities you can expose in a code lis environment tio to developers so you could build a custom application custom workflow. And you don't have to know anything about how to code and the APC and get pushed down to users devices right away. >> Very good. Well, I think that's a good place to focus on. Right, Sean? Well, thanks for taking a few minutes to stop >> by course. Thanks, Tio. Pleasure. All right. He shot on. Jeff. You're watching the cube? Where are say in San Francisco? Thanks for watching. >> We'LL see you next time.

>> Live from San Francisco. It's the Cube covering artists. A conference twenty nineteen brought to you by for scout. >> Hey, welcome back already, Geoffrey here with the Cube were in downtown San Francisco at the brand new Open. I think it's finally complete. Mosconi Center for our conference. Twenty nineteen were really excited this year. For the first time ever in the four Scout booth, we've been coming to our say for a long time. We had Mike on last last year by Caesar. President Seo >> for scout. I appreciate you having me >> because we had the last year and you're so nice. You You invited us to the way we must both done something right? Absolutely it Also, before we get too far into it, Congratulations. Doing some homework. The stock is going well. You're making acquisitions, You said it's the anniversary of going out in public. So things are things are looking good for Four. Scout >> things have been good. We've been public company now for four quarters. We've beaten, raised on every metric we had out there. So we're feeling good about >> life. So I don't think the security threats are going down. I don't think you're Tamas is shrinking by any stretch of the imagination. Definitely >> does not feel like the threat landscape is getting less challenging these days, right? I mean, when you look at all the geopolitical stuff going on between the US and China and Russia, that that usually spills into the cybersecurity world and kind of makes things a little bit more tense, >> right? So the crazy talk and all confidence now is machine learning an a I and obviously one of the big themes that came up, we had a great interview. A googol is you just can't hire enough professionals regardless of the field, especially in this one to take care of everything So automation, really key. Hey, I really key. But the same time the bad guys have access to many of the same tools so that you're in the middle of this arm raise. How are you? You kind of taken a strategic view of machine learning an A I in this world. >> So what's amazing about cyber security in two thousand nineteen is the fact that the pace of innovation is exploding at an unprecedented rate, Right? I mean, we're bringing Maur devices online every quarter now, then the first ten years of the Internet combined. So the pace of adoption of new technologies is really what is driving the need for machine learning and a I a human being. Historically, in the cybersecurity world, most corporations approach was, I'm gonna have a whole bunch of different cyber products. They all have their own dashboards. I'm going to build this thing called a cyber Operations Center of Sock. That is going to be the input of all those. But a human being is going to be involved in a lot of the research and prioritization of attacks. And I think just the volume and sophistication of the breaches these days and attacks is making those same companies turn towards automation. You have to be willing to let your cyber security products take action on their own and machine learning in a I play a very large roll back. >> Yeah, it's really interesting because there's very few instances where the eye in the M L actually generate an action. Oftentimes will generate a flag, though they'll bring in a human to try to make one of the final analysis. But it's not, not often that way, actually give them the power to do something. Is that changing? Do you see that changing are people more accepting of that when you can't give it up that >> control when you when you look at for scouts kind of core value Proposition the category that were in his device. Visibility in control device visibility. What's on the network control? When I find something that shouldn't be, there are customers. Want to block that so way? Have a front row seat on watching customers that for decades have been unwilling to allow cybersecurity products to actually take action, turning our product on everyday and allowing us to do exactly that. So when we look at the way that they approached the breaches in every one of these scenarios, they're trying to figure out how they can augment the personal staff they have with products that can provide that level of intelligence >> on nothing to >> see over and over is that people are so falih. Fallible interview to Gala Grasshopper A couple of years he was one hundred percent a social engineering her way into any company that she tried. She had a kind of cool trick. She looked at Instagram photos. He would see the kind of browser that you had, and you know the company picnic. Paige won't let me in. Can you please try this? You're one hundred percent success. So you guys really act in a very different way. You're kind of after the breaches happened. You're sensing and taking action, not necessarily trying to maintain that that print Big Mo >> we're actually on the front end were before the breach takes place. So the way our product works is way plug into the network and then we turned that network ten years ago. A CEO would would would control everything on their networks. They would buy servers and load them with products and put them in their data centers. And they bite, you know, end points and they give those to their to their employees. Those same CEOs now need to allow everything to connect and try to make sense of this growing number of devices. So both the role that we play is preventative. We are on the front end. When a device first joins that network, you need to make sure that device is allowed to be there. So before we worry about what credentials that device is trying to log in with, let's make sure that's a device that the company wants to be on the network to begin with. So to your point, exactly your right. I mean, I think my CFO and I probably every week have some very sophisticated email that makes it sound like one of us asked the other to approve a check request. But it's but they're getting good and you're right. They go on the They know that I went to Villanova, where I'm a Phish fan, and they'll leverage some form of thing. All Post online has tried to make that seem a little bit more personalized, but our philosophy is a company is very basic, which is you need situational awareness of what devices are allowed to be on that network to begin with. If you get that in place, there's a lot less examples that what you described a couple of minutes >> ago and that you said to really instinct philosophy, having kind of an agent list methodology to identify and profile everything that's connected to the network, as opposed to having having you know an OS or having a little bug on there, Which would put you in good shape for this operations technology thing, which is such a critical piece of the i O. T and the I O T transfer >> there. Now there's there's no doubt, You know, that's one of the most fourth sight ful things that, for Scout has ever done is we made the decision to go Agent Lis ten years ago, Way saw that the world was moving from you, Nick and and Lenox and Windows and all of these basic operating systems that were open and only a few of them to the world that we're in today, where every TV has a different operating system, every OT manufacturer has their own operating system, right? It's example I uses that is the Google, you know, the nest thermostat where you you, you buy that, you put it on the wall of your house, you pair with your network, and it's sitting right on line next to your work laptop, right? And and there's been Brit breaches shown that attacks can come in through a device like that and get on to a more more trusted asset, right? So just having that situational awareness is a big part to begin with. But, oh, teams, let's talk about OT for a couple of seconds is almost in front of us post Wanna cry? I am seeing almost every sea, so in the world not having had but the cyber responsibilities for OT being pulled into the O. T part of the business. And it makes sense. You know that the when you watch it a cry, a breach like Wanna cry? Most companies didn't think they bought something from Windows. They thought they bought a controller from Siemens or Gear, one of the larger manufacturers. What they realized on wanna cry was that those controllers have embedded versions of an old operating system from Microsoft called X that had vulnerabilities. And that's how it was exploited so that the approach of devices being online, which changing in front of us, is not just the volume of devices. But they're not open anymore. So the Agent Lis approach of allowing devices to connect to the network and then using the network to do our thing and figure out what's on it makes us a really relevant and big player in that world of coyote and don't. So >> do you have to hold their hand when they when they break the air gap and connect the TV into the Heidi to say it'll be okay. We'll be able to keep an eye on these things before you go. You know, you talk about air gaps all the time is such a kind of fundamental security paradigm in the old way. But now the benefits of connectivity are outweighing, you know, the potential cost of very >> difficult, right? I mean, one of the examples I always uses. PG and E are local power company here. We're up until a few years ago, they'd have a human being. A band would come to your house and knock on your door, and all they wanted to do is get in your garage to read your meter, right? So they could bill you correctly. And then they put smart meters on the side of our houses. And I'm sure the roo I for them was incredible because they got rid of their entire fleet as a result, but recognized that my house is Theo T grid, now connected back to the side, which is Billy. So there's just so many examples in this connected world that we're in. Companies want to do business online, but online means interconnectivity. Interconnectivity means OT and connected so Yes, you're absolutely right. There's many companies believe they have systems air gapped off from each other. Most of those same cos once they get for Scout Live recognized they actually were not air gapped off from each other to begin with. That's part of the role that we play. >> This cure is to get your >> take. You talk to a lot of sizes about how kind of the the types of threats you know have evolved more recently. You know, we saw the stuff with presidential campaign. The targets and what they're trying to do has changed dramatically over the last several years in terms of what the bad guys actually want to do once they get in where they see the value. So how has that changed? No, it's not directly because you guys don't worry about what they're trying to do bad. You want to protect everything. But how is that kind of change from the size of perspective? >> Our customers are government's financial service companies, health care companies, manufacturing companies. Because every one of those companies, I mean, it sounds basic. But if you knew the bad thing was plugged into your network, doing something bad you would've blocked it. You didn't know it was there to begin with. So we actually have a role in all types of threats. But when you look at the threat landscape, it's shifted your right. I mean, ten years ago, it was mostly I p theft. You were hearing examples of somebody's blueprints being stolen before they got their product into the market. WeII. Then soft financial threat shifted. That's still where the bulk of it is today, right? No, they ransomware attacks. I mean, they're all money motivated. The swift breaches. They're all about trying to get a slice of money and more money moves online that becomes a good hunting ground for cybersecurity attackers. Right? But what? What is now being introduced? A CZ? Well, as all the geopolitical stuff. And I think you know with, with our commander in chief being willing to be online, tweeting that with other organism governments worldwide having a more social footprint, now that's on the table. And can you embarrass somebody? And what does that mean? And can you divide parties? But, yeah, there's there's a lot of different reasons for people to be online. What's amazing is the attacks behind them are actually fairly consistent. The mechanisms used right toe actually achieve those that you know that you know the objectives are actually quite similar. >> I'm curious from the site's perspective >> and trying to measure r A Y and, you know, kind of where they should invest in, not a vest, How the changing kind of value proposition of the things that they that are at risk really got to change the dynamic because they're not just feeling a little bit of money. You know, these air, these are much more complex and squishy kind of value propositions. If you're trying to influence our election or you're trying to embarrass somebody or you know, >> that's kind of different from anything. If it's state funded sheriff, it's believed to be state funded. It typically has a different roo. I model behind it, right, and there's different different organizations. But, you know, like on the OT side that you described a second ago, right? Why is OT so hot right now? Because it's one thing to have a bunch of employees have their laptops compromised with something you don't want to be on their right. It's embarrassing. Your emails get stolen it's embarrassing. It's a very different thing when you bring down a shipping line. When a company can't shift, you know can't ship their products. So the stakes are so high on the OT side for organizations that you know, they are obviously put a lot of energy and doing these days. >> You need talk about autonomous vehicles, you know, misreading signs and giving up control. And you know what kinds of things in this feature? Right, Mike? So if we let you go, you're busy. Guy, get thanks >> for having us in the booth. What do your superiors for twenty nineteen, you know for us at Four Scout, the priorities are continuing to execute. You know, we grow our business thirty three percent. Last year. We achieved free cash flow profitability, which is the first time in the company's history. So way of obligation to our investment community. And we intend to run a good, solid business from a product perspective. Our priorities are right in the category of device visibility and control its one of things. When you look around this conferences, you know cos cos had to be careful. They don't increase their product size too quickly. Before they have the financial means to do so. And we just see such a large market in helping answer that question. What is on my network? That's our focus, and we want to do it across the extent that enterprise at scale. >> Yeah, I've sought interesting quote from you on one of their earnings calls that I thought was was needed. A lot of people complain What, you go public. You're on the ninety day shot clock in that that becomes a focus. But your your take on it was now that everything's exposed country spending an already how much spinning a marketing I'm in shipping, it sails that it forces you to really take a deeper look and to make tougher decisions and to make sure you guys are prioritizing your resource is in the right way, knowing that a lot of other people now are making those judgments. >> You know, Listen, the process of raising money and then going public is that you have to be willing to understand that you have an investment community, but you have an obligation to share a lot of detail about the business. But from the other side of that, I get a chance to sit in front of some of the smartest people on the planet that look att my peer companies and me and then provide us input on areas that they're either excited about are concerned about. That's amazing input for me and helps me drive the business. And again, we're trying to build this into a big, organically large cybersecurity business, which is a rare thing these days. And we're quite were very how aboutthe trajectory that we're on. >> Right? Well, Mike, thank you. Like just out with smart people like, you know, I appreciate it and learned a lot. So you congrats on this very much. >> Sorry. He's Mike. I'm Jeff. You're watching The Cube were in the Fourth Scout booth at RC North America. Mosconi Center. Or in the north North Hall. Just find the Seibu. Thanks for watching. >> We'LL see you next time.