 Hi everybody, welcome back to the Moscone Center. We're in Moscone West. The Cube's continuous coverage of RSA 2023. This is day three Wednesday. John Furrier here with me, Dave Vellante. Zia's Caravallo's here. Man behind ZK Research, friend of the Cube. Great to see you again. Yeah, it's always great to be in the Cube. You're like a Cube analyst now. Yeah, I am, yeah. Coming in between your meetings. Thanks for coming on. So you know Palo Alto really well. We were at Ignite in December and you just heard Lee Clarich coming on talking about best-of-breed, both best-of-breed and platform, integrated platform. And I was kind of skeptical. I'm like, wow, that's never happened before in the industry, is it actually happening now? Well, I think they're best-of-breed next-gen firewall. I wouldn't say they're best-of-breed everywhere though. But I think the point is, if you build out a platform, you don't need to be best-of-breed. In fact, everywhere. I had a conversation with a C-cell a couple of weeks ago who said to me, he finally understands now that with the right platform strategy, if you try and do best-of-breed everywhere, you actually get less than effective threat protection. So the platform strategy actually gives you best-of-class threat protection without being best-of-breed everywhere. And that should be Palo Alto's goal. It's to be able to find those threats and remediate against them before anybody else because of the platform, but not thinking about things on a product-by-product basis. Because if you do that, then you get in a knife fight of my product versus this product and that defeats the whole point of the platform. Because, what are you saying? Because best-of-breed, like a caravan, has to slow down so everybody can stay together and be coherent. But you're saying that best-of-breed might create some discontinuity between the rest of the platform. Is that what you're talking about? Well, especially in security, because you've got to keep policies up to date. You know, some systems, you know, pole, some use telemetry. And so you wind up with this inconsistent data, right? Like, so we talked about the Palo Alto zone. Security today is an analytics game, right? It's can you analyze the data that you have to be able to find those needles in the stack of needles, right? And if you're working on your own data set and everything's consistent, you can do that better than if you're trying to cobble together data sets and normalize them with things from multiple vendors. So this is exactly what we talked about with Amazon, for example. They have such an observation space, the way they have all that data. You know, are we anonymized? Okay, whatever. That's the challenge. I think that's the opportunity for the platform. And, you know, I love the platform conversation in these events because I think it's relevant. But to your point, platform for platform's sake is not the answer. Platform for objective sake is why you have a platform. Why do you have a platform? So if they can create more observational space, like for example, I asked them about cloud native networking, I didn't really get an answer. Maybe they don't have anything on that. Or maybe they do. They said, no, we're building network security in AWS. So we'll check on that. So there's a lot going on this cloud native networking because network security is an old school. Here's my MPLS. Here's my routes on Amazon. Well, and so, let's call it what it is. So cloud native security can be everything from providing firewalls in AWS, Azure, GCP, right? And Palo can do that better than everybody. But you can also, you then have to think of container security, which they're new to. Also API level security, which is something like, you know, Volterra, which F5 bought, right? There's- There's Akvai just bought NeoSec. Yeah, and so cloud native security is unpacking that itself is a pretty big category. I think within the confines of network security, Palo Alto does a great job of cloud native security, but there's a whole- I was talking about cloud-ave networking. Cloud, yes. That, yeah. But that should be the same policies as network security, but it just doesn't seem the most companies that we talk to on theCUBE, they're like, well, we have a completely different network security team than the ones on Amazon. Yeah, so that's an interesting trend, right? I was at Fortinet's event, they talked about the convergence of network and security. Scott Harrell, you know, came from Cisco, went to Infoblox, he was talking about that as well. But when I talk to large enterprises, they're not really integrating networking and security. I do see it in the mid-market, and I just think a lot of the, you know, a big part of G2 and Tom's keynote from Cisco was about bringing together network and security. And when you get into those large enterprises that have all these processes built around these sims and, you know, these security tools, they haven't integrated together. And I think there's susceptible to breaches. I do think it's something they need to do, but I just think we're alone. Well, I want to get your thoughts on, Dave always says this on every show we go in security, because it's a great observation. Not any one company has the large market share. Chambers even said, commented here earlier, like, yeah, someone's got a cup above 20%, and you know, he had 60%, but who's going to break out in your mind? Who are the dark horses? Who's the favorite horses that's going to emerge to be more of the dominant platform company? Is it CrowdStrike? Is it Zscaler? Is it Pan? Palo Alto Networks? Who merges in your mind? Microsoft's the biggest, right? I mean, just because they're Microsoft. Microsoft is the biggest, but they're a bit of a walled garden. Right, so of the independence. So let's park Microsoft for a second, because they maybe do have double digit market. That's hard to tell, but anyway, of the independence, who do you think is? So I like Palo a lot. I think their platform strategy is outstanding. I think the way they can build products, buy products, integrate them in quickly, I think makes a lot of sense. I think the stuff Cisco's been talking about, when I talk to Cisco, so Cisco's an interesting security company because it's that expression of fool me once shame on you, fool me twice shame on me. I might like fool me seven times, right? Because I've been expecting to do something, but if network telemetry is a big part of security threat identification, who has more network telemetry than them? And I think the new leadership at Cisco, Tom and G, actually understand that, right? And so they're not trying to, and they understand that their portfolio, which is Kena and Callos and Duo and Umbrella, they need to bring those things together. But I think they, from my conversation with the leadership, I think they finally have it right. Well, Gillis is, it was a great pickup for Cisco. I thought, you know, and I think actually, I think VMware has an okay story in security. They just, they didn't tell it at the last VMware. I think G2 probably said, hey, Tom, why don't you come on over to Cisco because we're really serious about security. Well G2 wants to talk, so we'll follow up with him. I got to ask them about the private company, so what non-public companies do you see out there rising up in security and network security? Oh, look, just say cloud, security on-prem edge. Yeah, who's rising? I think Netscope, actually. Yeah, Netscope's got some momentum. Yeah, they've got a lot of momentum. I think they, you know, most people thought of them as a CASB vendor and thought of Zscaler as a swig and both those companies are leaders in the Gartner MQ. I wrote a whole piece on that on SiliconANGLE, by the way. Yeah, I saw that. But I do think those two companies have broken away from the SSE pack and I think they both have the opportunity to try and create a platform strategy around them. You know, they're a proxy, they do a lot of, there's a lot of stuff they don't do, but for what they do, if you believe more and more workloads are moving to the cloud, more workers are moving to home, those two companies actually have a lot of upside. Well, it's interesting, we had Jay Chaudry on and he didn't mention Palo Alto, but he was just throwing firewalls under the bus any chance that he got. Yeah. But it's interesting. He's still leaving firewalls though, what's happening? Let's be real, he's still leaving firewalls. Well, no, you've made this point a number of times, but they don't sell firewalls. Yeah. This is the game they play. But so it's been interesting to watch the security market because I think there was, a lot of investors said, hey, this market's insulated and then last summer we saw security sort of reverted to the mean. And then you've seen Palo Alto and Fortinet in particular, more recently CrowdStrike sort of do really well. You see Zscaler sort of not doing as good as say even the NASDAQ or even the Buggy TF. They're not really doing as well. So it's really mixed right now. Why do you think that is? And do you think that these companies are going to come roaring back? I mean, what's your outlook? Well, a lot of Fortinet's growth has been based on the resty-wan. So this convergence of network and security has actually benefited them more than anybody, right? Because with them you just flick on the networking and they're for the game. But I think security is always, I do think a lot of what drove Zscaler and NetScope, that type of growth was people working from home, right? And now that companies are starting to bring people back to the office, they need to rethink what exactly are we doing? We brought in a lot of technology. How do we integrate it together? And I think that's causing a bit of a pause in buying which is why you saw some of the security vendors take up a little bit. You mean the transition back to hybrid work? Yeah. People trying to figure that out? Yeah, yeah. Like who am I going to have in the office? But I can't really figure out what to secure or even how to enable them to work if I don't know what that work style is. And one of the predictions I made at the beginning of the year from a UC perspective and it holds through with security is that hybrid work this year will be a disaster because companies don't know how to implement it. You're right. You're right on that one. It's sort of landing on, okay, Monday, Friday, you work from home, Tuesday, Wednesday, Thursday, you come in with some exceptions. It's very easy, but it's so easy to solve. It's anti-insecurity. Yeah, it's anti-insecurity. So the policies are going to move from the network to the edge of the handheld, to the virtual desktop, so that I'm a user. You got to know when I'm in the office. It should be independent of the infrastructure. But a lot of offices should be smart enough to know that, hey, John's in the office. Well, that's my point. A lot of office infrastructure was... Well, no, I'm just saying, I just said it's a simple problem to solve. Yeah, yeah, but a lot of office infrastructure wasn't invested in for two years right during the pandemic and now they had a catch up and they probably thought about security. Well, no, there's some structural changes, but the answer is simple. But getting there is hard. Chambers, I asked chambers the same question. What's that startup that's going to come out of the woodwork and slay this domain legacy dogma of this is the way it was? I don't see some startup all of a sudden coming in and taking a big share. I mean, if you run cloud-native networking and on-premise networking tied to the cloud, you can tie your app directly into the cloud-native network. Yeah, but I would be personally shocked to see some kind of startup all of a sudden come in and grab 20% market share in this market. Yeah, well, I mean, not from zero to 20%. That was a scenario, either one of my companies does that or they get bought. Guess what scenario is more likely? Yeah, they get bought because more and more, again, security is a game of analytics and the company that has the biggest data set that they can apply machine learning to, I think is the one that's ultimately going to win this, right, and so, but that's why acquisitions do become important. You do need to be able to bring the API level data in and be able to see what's going on there and combine it with login data from your VPN client and network data from the stuff that's moving your network and it's the correlation of those things that lets you find those things that are impossible to find through a SIM. One of the things we didn't talk about, too, was what security industries are going to fall, right? And I do think- Do what's going to fall? What parts of the security industry are likely to see a downturn, right? And I think pure endpoint place, you just don't have enough visibility into the rest of the spectrum and I think SIMs, right? I've long been a SIM skeptic because every time we have a breach, some SIM vendor says we caught it, right? Well, if you caught it, your customer didn't see it. I don't think that counts, right? And so I think a whole rethink of that industry is needed because, you know, logs for a lot, log analysis for, you know, that just provides you a whole bunch of data doesn't really do anybody any good. Can they transform, though? Can those guys take, you know, sort of a modern data stack and then add in some, you know, not just the sort of log data, but actually some response and remediation and the sort of move, can they do that? Yeah, I think so. If you were the head of a CEO of a SIM company, right? What would you do? Yeah, well, they have a ton of data, right? But I don't think they do a very good job of analyzing and most of it's reactive, but I think they have to partner with the threat Intel companies and be able to look outside of their domain of what they hold, because they've got a lot of interesting data, but in itself, an isolation only has limited value. Yeah, I mean, thanks for your point. I mean, the data perspective is huge. Cripple's announcement with CrowdStrike, I thought was interesting. You follow Cripple, the electric just did. It's a great tool. It pulls data in very quickly and they're eating Splunk's lunch. Just a nice start up, the very unique product and it's about moving data in to these platforms. I would like to see the security industry actually get together and develop some real standards too, because a lot of what you see is, Fortinet partners with Palo, who partners with Cisco and the integrate data together, but a lot of that's manual integration done through APIs. And so there's a large amount of heavy lifting, right? Where I think one of the things the security industry has missed historically is if you make things interoperable, right? And you think of the way networks work. I can plug a Juniper AP into a Cisco switch. I know it's going to work. Well, that creates this uplift of utilization. And the security industry has lived the life of islands and almost in opposition to what the customers need. And I think I would like to see, you know, AWS is trying this, I guess, but somewhere along the line, we need some standards here that companies can build to to make the stuff more interoperable. And then let the best platform win. Like the best analytics win. And we stop thinking about these knife fights of this versus this. Yeah, it's a knife fight industry. So would that be your top story coming out of here? So what people watching RSA 2023, what would the big walk away story from your perspective as you, tons of meetings and talk to all the vendors. What's the big, go to the balcony, look down the stage. What's- Well, from the way I look at the world, I think it is the coming together of networking and security. Because it's, and we'll see how far that goes up market. But more and more vendors are actually coming out of, you know, think of VMware as a network company. They're more into security. Cisco is the same thing. All the network security vendors are now trying to do more networking. I think one of the interesting things that has flown under the radar a little bit is what is the future role of SecOps though? Because everybody I talked to, you know, I talked to JFrog, they said, well, DevOps and SecOps are coming together, right? VMware is going to tell you that CloudOps and SecOps are coming together. Palo is saying NetOps and SecOps. Well, if everything's coming together with SecOps, right, what's the role of SecOps? And perhaps the answer is SecOps should determine policy, but then each individual group implements themselves, right? Because, and it winds up becoming diffused through every organization. It just like, you know, I remember when I started my career, the companies that worked at, we had an internet group, right? To think about, nobody has that now because it's just an embedded part of what you do. And what about data ops? Yeah. Check. Yeah. But security ops can't just become, can't come together with every group. Well, that's my point. It's like, right, so, because you've said it a couple of times, that basically security is a data problem, and you've got this data group, you know, it's kind of off doing their own thing, analytics, rock stars, and data scientists, you know, are you going to lend some of their time or loan some of their time, you know, or are you going to build your own? What's the right data strategy for companies? Yeah, well, I think it's a combination of your own data plus the vendor, the vendors to buy data, because the vendors, the thing is the Threat Intel groups of these vendors have just a ton of data they're collecting. Maybe like a unit 42 or a Mandiant. Yeah, or TALOS or, you know, groups like that, right? There's, because they're aggregating data across their customer base, but then the data that the company has is unique to them, right? People work in certain ways or whatever, and if you just, you know, think of your own company, you know, you start logging in all of a sudden at different times, that's a pretty good indicator that, you know, maybe there's something where somebody hacked your account or something, right? So, but I think it's a combination of the company's data applied to the aggregate threat hunting data that's out there. It's awesome. Cool, what about, I mean, a lot of talk about generative AI, you know, generative models, large- That's back to Zecops. I mean, what do you think about that? You think it's mostly hype? Do you think, are you an optimist in terms of it being applied to the industry or is it just a bunch of bullshit? Well, I think generative AI has been used to create better and better phishing attacks, spear phishing campaigns and things like that, because now with generative AI, you should never have a phishing email that comes to you with a spelling error. You should be able to write it in, you know, to one of your employees in your tone and the way you talk. Perfect grammar, right? Right, perfect. You could be able to replicate people's voices, right? Perfectly. And I think we haven't really explored what the fraudster use of generative AI is and I think that's still yet to be seen. And I think it's going to have a huge impact and I think you need generative AI, and this is a little bit of fight-fire with fire. And this is where companies need to really rethink their security strategies. You cannot fight AI-based security with manual processes. It's too slow and it doesn't work. And the great thing about AI is you could have, chat GPT create me 10 variants of this malware and only one of them has to work. Yeah, right? Yeah. So your basic developer productivity meets a back end. You're basically saying, which is no surprise, the adversaries are going to figure it out first. Yeah. And they're ahead. They're leaders. Yeah. And it's easier now. Yeah. Back to your analytics play, because I think it's going to be a data opportunity. Whoever can get that data to fight fire in your instance and then also use it for defense, it's really going to be critical. Well, that's why the platform strategy is important. And that's why, to your point, Dave, I don't know if a small startup can come out of nowhere now and do that. Maybe as an analyst. Unless it's completely game changing. It's out of left field. No one sees it. But then somebody will buy it. Yeah. Well, that's the question. How long does it come out with the best-of-breed tool that has the potential to be a platform? And there are a number of companies out there that are trying to do that. But it's just, how long does it take to get a platform adopted in cyber? I mean, it's eight, 10 years. Yes. Generational. And you need critical mass in a couple of areas in order to call yourself a power. And a lot of the really interesting innovations coming out of Israel. And those companies, they're going to get bought. Yeah. The M&A market's going to be hot. Yeah. All right. It's awesome as always to see you. Thanks for making some time for us. Always happy to be here. All right. Dave Vellante for John Furrier. Great stuff. And our guest, we'll be back right after this short break, the Cube Live from RSA 2023.