 Hello, and welcome to theCUBE Conversation. I'm John Furrier. We have a great guest here, John Madison, Senior Vice President of Products and Solutions with Fortinet. Got some exciting news. Welcome to theCUBE Conversation. Thanks for joining me. Master of the Year, John. So we covered your awesome launch at RSA this year, and I thought that was a fantastic event. I thought it was one of the highlights of RSA this year in San Francisco. You guys really have put together quite a partner ecosystem around your solution, and you guys have exciting news that you recently announced. PortaOS 5.6, it's exciting. Tell us, what's resonating with you guys right now with your vision? Because it seems to be some nice tailwinds for you guys coming into the marketplace. Yeah, so, you know, cyber security is absolutely a foundational element of digital business going forward. Now the journey there means that the infrastructure, the edge of the network is changing quite rapidly. So you've got OT, IoT, and cloud. And so infrastructure is really driving a lot of their business inside cybersecurity. Add to that, obviously the changing threat landscape, advanced threats. Add to that industry regulation and governance. It really means customers have to build out now a risk management, a risk cyber security life cycle. And we're seeing in the industry different life cycles, different parameters, but we're seeing the NIST framework as being one of the most important. In fact, Gartner said by 2020, 50% of US companies will be using the NIST cyber security framework. And the critical infrastructure is at risk too, but when you say, when you kind of describe the landscape, I'm kind of, I'm not saying rolling my eyes, but I kind of almost feel like we got to go faster because it's a moving train security. We're seeing the dynamic environment out there, but when you mentioned governance, the first thing that jumps in my head is slow. How are you guys enabling people to go faster because the speed is really critical because you want to also be compliant as regulations as critical infrastructure, but at the same time, the nimbleness is key. Yeah, and you know, one of the issues, if you look at security over the last 15 years, our customers have bought a lot of point solutions. So every time a problem comes up, spam or URL filtering or advanced threats or botnets, they've gone out and bought a specific point solution. And this really slows them down and moving forward towards this digital framework in that a lot of these solutions and products don't talk to each other. And so what they really need is a framework, a communication between these elements. And that's what our 40OS 5.6 brings to the table. And on the landscape, before we move on to some of the customer challenges, what's the biggest trend now? Is it more entrance coming in, consolidation? It seems to be a security sprawl. Everyone's buying everything that moves in the hope for something. Is there more security options or less? Is there consolidation? What's the landscape look like there? Well, customers want to get to this key strategy of network segmentation end to end. And to do that, they really need to take a hard look at their existing products and then new products which fit together. And to do segmentation, you really need to make sure you can orchestrate all the way from the endpoint, all the way into the data or the applications. So segmentation is a big problem for customers because the operational headache is really hard. And so again, for us, that's one of our main goals long-term, to make security operationally easier for customers when they try and segment the network. Talk about threat evolution. What's happening there with customers? Because they're constantly, again, this is a moving train, there's new things coming out, you're hearing it. A lot of times they don't even know something's going wrong until it pops its head out. But what's the evolution of the threats these days? What does it look like? Well, again, faster and faster. Once you've been breached, there's a report done by the Verizon data breach report that says, once you've been breached, within 60 seconds you'll be compromised. And so you've basically got a minute to detect that threat and prevent it. And that's why you really need to make sure that all your security elements are sharing threat information and more importantly, sharing that threat mitigation information. What are some of the advanced threats that you see out there right now that you guys are jumping all over and solving the problems for? Well, it's interesting in that still probably 50% of advanced threats, the attack vector still email and phishing, another word for it is social engineering, and companies just can't stop it. They just can't, at least four or 5% of people are clicking on those things. And so that's still a common threat vector for a lot of companies. That seems like a numbers game is just kind of thrown out there and just the percentage will click over. Yeah, I want to talk about IoT because one of the things that we hear, we go to a lot of events that we cover and security is always top of the agenda. But the hottest thing besides AI is IoT, which essentially the machine learning has AI implications. Internet of things, industrial Internet of things have opened up the notion of connecting a machine to the internet. So machine has the ability to talk to us now with data. But also a machine is a threat opportunity. So you have machines talking to machines now and this may or may not be human intervention. How do you get your arms around? Customers figure out, you know, the IoT and the machine to machine threat. Yeah, and that's the next wave. We saw a bit of that last year with the Dynatact. Just the sheer scale and speed of machine to machine attacks, even dwarfs and advanced threats. And so what customers are doing right now is looking very carefully getting at their risk management framework. They're looking at how they can identify IoT devices attaching to the network. And then again, they're applying segmentation strategy depending on the trust level as IoT devices. Took about 40 OS 5.6. What's the big new thing there? You guys just released that operating system. What's that fabric? What's the key value proposition? Well, last year, 40 OS 5.4 introduced what we call our security fabric. This is the ability for all our security products and our partners to share threat intelligence and mitigation information peer to peer extremely fast within seconds. And so this year, with our 5.6, we're expanding the fabric to include visibility of access points, switches, reporting. And then we've also added additional partners to it. We're also added a regulatory framework inside there and the ability to run audits. Talk about the fabric collaboration piece because this was fascinating. I thought this is a trend that I'm seeing across the community. There's almost an opt-in social network coming together around security vendors that are recognized that sharing is critical. And this becomes a scale opportunity to get the data you need. How important is the ecosystem of partners in this fabric model? Is it a cog on the wheel? Is it super critical? How do you see the collaboration amongst the partners of importance here? They're very important. There's two vectors I see. One is sharing threat intelligence. And you were there at RSA when we announced the Cyber Threat Alliance sharing threat intelligence in the cloud. And then there's also the ability on-premise, on-customers premises for the products to then talk to each other and share threat intelligence and mitigation information. And that's why along with this announcement of 5.6 we've also announced some new partners to our Fabric Ready program which work through several APIs on our fabric to share that information. So what's unique about the offering? If you had to boil it down to talk about your key differentiator because you are open, you're sharing. So there's an openness there. I love that. I think that's going to be a key scale point in my opinion, having the data. It will be super important. I think that's have that integrity of the kind of alliance that you guys put together is solid. But as a company in the OS you have, what's unique about it? Well, we've been building it since we went, we found it in 2000, quite a while ago. First product in 2002. And we've been building this network operating system organically. You know, a lot of companies acquire a lot of security companies and then try and glue them together through management consoles or different APIs. We've been building this network operating system for a long time organically. We do acquire intellectual property, but it makes this very tight. It's like a mesh network in some ways that's able to work very fast. Talk about the segmentation. You mentioned it earlier. It's got my attention because segmentation is one of those things where can you over segment? Is there too much segmentation? Because that seems like a critical piece there. And how does that help you guys solve the main attack vector? Specifically, you've mentioned email and phishing because that's just, email just never is going to go away. You can still use email all the time. And it's been the key factor there for the security. How does segmentation help that or does it? Well, before that, the fabric is very unique in that it covers the entire attack surface. So you mentioned mail, web, access, endpoint, obviously these days, cloud. Segmentation, a lot of customers have done what I call small segmentation projects. They've done east-west micro-segmentation. They've done wide area intellectual property segmentation. These days, IoT segmentation. Their goal, though, is to have end-to-end segmentation. If I want to add a user or a device to any applications, then I want the whole network to be segmented on the way there. And that's the next goal for customers. To do that, they need to have better operational capabilities, automation of the operations, so that you're not individually configuring everything. Every time you add a phone or you change an application, the goal for security long-term is to make that operation more automated. That's the key long-term strategy of our fabric. So are you saying more segmentation is better than in your mind? It's not so much more segmentation. It's making sure that it's end-to-end and it's making sure it's automated. Because if you have to provision every single element of the network to segment, it's going to be too much. Talk about end-to-end. There's something I hear all the time. This is the Nirvana. Everyone wants an end-to-end look. And it's also consistent with some of the big mega trends that we cover. For instance, you look at what 5G is doing with IoT. You have full data center at the edge. I mean, that is end-to-end. Is that part of the strategy and how do customers feel comfortable end-to-end? Well, the end-to-end also means, and I talked about at the beginning, this digital security, at some point, there's going to be a lot of transactions, activity, and applications which are not even visible by the IT organization. And so to us, as part of this release, for example, we also announced our CASB solution, our cloud access security broker, which gives access and visibility once you're off the network. Could be a mobile phone interacting with a SaaS application. So end-to-end doesn't just mean my device on my network connecting to my data center. In the future, it means any device anywhere in the world connecting to any application, any cloud. I talked a lot of enterprise CXOs and a lot of the COOs tend to pick up a lot of security now because it's operational. The number one thing I hear is, well, besides being super paranoid about security and worrying about the whole risk side of it, is they're looking for blind spots and they're worried about blind spots. What do you see, what do you guys see with the fabric? Because the blind spot is something that the customer's always trying to chase. Where's my blind spot? So the question is, what is the number one blind spot that you see that customers tend to forget about or maybe they don't pay too much attention to? Or blind spots that they should worry about that they may or may not be paying attention to? Yeah, it's definitely that new edge, that expanding edge. And so if you look at the number of devices and so everyone thinks about IoT and they think about cars and all sorts of, well, there's all sorts of printers and Apple TV, all sorts of things implemented within organizations these days. There's the kind of what I call the gray market for all the SaaS applications. We issued a threat report recently which looked at the number of SaaS applications the average enterprise used. It was over 35 SaaS applications. And it was just amazing when you spoke to the system inside the organization, they had no idea. And so the blind spot or in their terms, you know, some deficiency in their coverage of the attack surface could be anywhere these days. Yeah, and there's no perimeter anymore. It's completely dead. Let's get a watch out. So in four to OS 5.6, you mentioned compliance. Automation is key on the auditing side. This is again, part of the thing that could slow things down is the audit requirements and all the paper trail, the digital trail. How are you guys helping on the audit side? And can you just take a minute to talk about the piece of that that's important? Yeah, our long-term vision there is something called intent-based network security. To simplify that, and actually it's a simplification, we speak a business language. So let me connect this phone to this application. We'll translate that into network and ports. And then we translate that in terms of a single provisioning across the entire fabric. That's not quite there yet. That's something to work in towards. Right now what we've implemented are some regulatory templates, which you can apply to the fabric, which then looks at some best practices and some standard governance, such as PCI or the new Data Protection Act in Europe, and then applies that to the entire fabric. It gives you a recommendation, severity. Then it also allows you to actually apply a recommendation automatically and fix that. So our first step towards that intent-based network security. So closing the gaps and coordinating between security devices is something you said earlier as a key part of the US 5.6. And it's competitive advantage from what we can see in the marketplace out there for you guys. So congratulations. What is the bottom line from your standpoint? As you look at the landscape with the 5.6 and what you guys are doing, what is the big message to the CXO? Because you're seeing at the senior level of companies and the IT guys and they're all like, hey, they're running around, the hair's on fire. But the CXO is the CEO, CFO, COO, sometimes the Chief Data Officer, Chief Compliant, whatever, CISO, they're all shifting, but they're all kind of got their eyes on the security angle. What is the message to those guys? As you guys talk to that audience, what's the key message you'd like to share to them? Yeah, so the first one is to make sure that our implementation of the fabric is broad across the entire tax surface. Not only that, but it makes every element inside their security architecture visible. Which means then they've got a really detailed segmentation strategy they can put in place. The second piece is powerful in that you need to make sure that you can scale from embedded solutions. For example, we have next generation firewall security can embed inside access points all the way through core, highly scalable appliances, all the way into the cloud. And then the third one, which I think is the most important one long term, is the automation of the operations. The ability to apply a command, a business language, and then apply that to your network as a single entity, and automate that operation. It's interesting, I was just talking with one of our Wikibon analysts and more and more the COO is taking on the control because it's the operationalizing some of these things, hit a lot of departments. It's not the CIO anymore. Okay, final question for you. What are you excited about right now with Fortinet? You got the OS 5.6 out there. Just share some color into what's going on on the product side. What are you excited about? What's exciting in your world right now? Well, you know, being charged with products, it's pretty interesting and exciting at Fortinet. We have probably the broadest product, security product portfolio in the marketplace. And so, you know, whether I'm dealing with on the email side or the website or network side, endpoint and cloud, access, it's very exciting. We have a product portfolio that's expanding across all those vectors. But most exciting is the ability to see it all come together as part of the fabric so customers can now connect all the security solutions and allow some of our key partners to connect in as well. How has the partnerships with the alliances and the cybersecurity alliance at RSA, you guys, how has that changed your product mix? Has that altered a little bit? Has it changed? Obviously, I can almost imagine being positive at the scale with the data being shared. Is that something that is working for you guys? Share some insight into how the partner equation has changed the product roadmap and your outlook. Yeah, it's very important to us. You know, with a company of our size, in terms of product portfolio, we're always going to have a situation where some of these partners are somewhat competitive. But we shouldn't let that stop us from them being part of the fabric. If a customer has selected a specific partner, now or in the future, we want to make them part of the fabric. And so, for example, SD-WAN, we announced some SD-WAN capability as part of our 5.6. We have some partners who do SD-WAN, but that's okay. You know, we can work together within those customers and make sure that there's a better solution for the customer rather than ignoring those type of partners. John Madison, thanks so much for spending some time with me and it's theCUBE here. I'm John Furrier, you're watching CUBE Conversations with John Madison, Senior Vice President of Products and Solutions with Fortinet. I'm John Furrier, thanks for watching.