 Hello friends and welcome back to fabulous Las Vegas, Nevada. We are here at AWS re-invent in the heat of day three. Very exciting time. My name is Savannah Peterson. Joined with John Furrier here on theCUBE. John, what's your big hot take from the day? Just from today. So right now the velocity of content has continued to flow on theCUBE. Thank you, Rem, for watching. The security conversations, also the cost tuning of the cloud kind of vibe is going on. We're doing that with the Lulun recession. But if you look at the show, it's the bulk of the keynote time spent talking is on data and security together. So security, security lake, Amazon, they continue to talk about security. This next segment is going to be awesome. We have a multi eight time CUBE alumni coming back and great conversation about security. So I'm looking forward to this. Alumni VIP, I know it's so great. Actually both of these guests have been on theCUBE before. So please welcome Dan and Hyann. Thank you both for being here from F5. How's the show going? You're both smiling and we're midway through day three. Good? It's so exciting to be here with you all and it's a great show. Awesome. Dan, you having a good time too? It's wearing me out. I'm having a great time. I need role play. It's okay to be honest. It's okay to be honest. Wearing out our vocal cords for sure up here, but it is definitely a great time. Hyann, can you tell me a little bit about F5 just in case the audience isn't familiar? Sure. So F5, we specialize in application delivery and security. So our mission is to deliver, secure and optimize any applications, any APIs, anywhere. I can imagine you have a few customers in the house. Absolutely. Yeah. That's awesome. So in terms of a problem that, and well an annoyance that we've all had, bots, we all want the end of bots. You have a unique solution to this. How are you helping AWS customers with bot standards? Send it to you. Well, we collect client-side signals from all devices. We might study how it does floating point math or how it renders emojis. We analyze those signals and we can make a real-time determination if the traffic is from a bot or not. And if it's from a bot, we could take mitigating action. And if it's not, we just forward it on to origin. So client-side signals are really important. And then the second aspect of bot protection, I think, is understanding that bots retool. They become more sophisticated. They unfortunately learn as well. Yeah, so you have to have a second stage, what we call retrospective analysis where you're looking over all the historical transactions, looking for anything that may have been missed by a real-time defense. And then updating that stage one, that real-time defense to deal with the newly discovered threat. Let's take a step back for a second. I want to just set the table in the context for the bot conversation. Bots, automation, people know like spam bots. But Amazon has seen the bot networks develop. Can you scope the magnitude and the size of the problem of bots? What is the problem? And kind of give us a size of what this magnitude of this is. Sure, one thing that's important to realize is not all bots are bad, okay? Some bots are good. And you want to identify the automation from those bots and allow listed so you don't interfere with what they're doing. I can imagine that's actually tricky. It is, absolutely. Yeah, nuance. But the bad bots, these are the ones that are attempting credential stuffing attacks, right? They're trying username, password, pairs against the login forms. And because of consumer habits to reuse usernames and passwords, they end up taking over a lot of accounts. But those are the bookends. There are all sorts of types of bots in between those two bookends. Some are just nuisance, like limited time offer bots. You saw some of this in the news recently with Ticketmaster, you know. That's a spicy story. Yeah, it really is. And it's the bots that is causing that problem. These automation to buy all these concert tickets or sneakers or any limited time offer project. And then they resell those on the secondary market. And we've done analysis on some of these groups and they're making millions of dollars. It isn't something they're making like 1200 bucks on. I know Amazon doesn't like to talk about this, but the cloud for its double-edged sword that it is for all the greatness of the agility, spinning up resources, bots have been taking advantage of that same capability to hide, change, morph. It reminds me of seeing the matrix when the bots attack the ship and they come out of nowhere. But Amazon actually has seen the bot problem for a long time, has been working on it. Talk about that kind of evolution of how this problem is being solved. What's Amazon doing about it? How do you guys help out? Yeah, well, we have this CloudFront connector that allows all Amazon CloudFront customers to be able to leverage this technology very, very quickly. So what historically was available only to like the Fortune 500 at most of the global 2000 is now available to all AWS customers who are using CloudFront. Just by really, you can explain how do they turn it on in CloudFront. Yeah, so I mean, CloudFront technologies like that is so essential to delivering the digital experience. So what we do is we do an integration natively. And so if you're CloudFront customers and you can just use our bot defense solution by turning on, you know, that traffic. So go through our API inspection, go through our bot inspection, and you can benefit from all the other efficacies that we acquired through serving the highest and the top institutions in the world. So just to get this clarification is a super important point. You said it's native to the service. I don't have to bolt it on. Is it part of the customer experience? We basically built the integration. So if you're already a CloudFront customer and you have the ability to turn on or bot solutions without having to do the integration yourself. So it's like a switch and it's on? Totally. Pretty much. Yeah, that's how I want to get rid of all the spam in my life. We've talked a lot about the easy button. I would also like the anti-spam button if we're here for it. Well, we were talking before we came on camera that there's a potentially a monetized solution. You can set charge. There are techniques. Yeah, we were talking about the spam emails and I thought you just charge a tenth of a penny for every cent email. It wouldn't affect me very much, but it would put them on business. What's the, are people on them? It's clever. You guys are on this, but I mean, this is never going to stop. We're going to see the underbelly of the web, the dark web continue to do it. People are harvesting passwords in the dark web using bots that go with test challenge credentials. I mean, it's just happening. It's never going to stop. What's, is it going to be that cat and mouse game where we're going to see solutions? What's the, when are we going to get some? Well, it's certainly not a cat and mouse game for F5 customers because we, we win that battle every time. But for enterprises who are still battling the bots as a DIY project, then yes, it's just going to be a cat and mouse. They're continuing to block by IP, you know, by rate limiting is what we're doing. Right, which is so early 2000s. Exactly. If we're being honest. Exactly. And the attackers, by the way, the attackers are now coming from hundreds of thousands or even millions of IP addresses. And some IPs are using one time. Yeah, I mean, it seems like such an easy problem to circumnavigate and still be able to get in. What are, let's stick here for a second. What are some of the other trends that you're seeing and how people are defending if they're not using you or just in general? Yeah, maybe I'll add too to that. You know, when we think about the bot problem, we also sort of zoom out and say, hey, bot is only one part of the problem. When you think about the entire digital experience, the customer experiencing, right? So at F5, we actually took a more holistic sort of way to say, well, it's about protecting the apps and the applications and the APIs that's powering all of those. And we're thinking not only the applications APIs, we're thinking the infrastructure that those API workloads are running. So one of the things we're sharing with John is since we acquired Threadstack, we have been busy doing integrations with our distributed cloud services. And we're excited in a couple of weeks, you will hear an announcement of the integrated solution for our application infrastructure protection. So that's just another layer. On that Threadstack, does that help with that data story too? Because it's a compliance aspect as well. Yeah, it helps with the telemetries, collecting more telemetries, the data story, but it's also think about applications and APIs. You can only be as secure as the infrastructure you're running on it, right? So the infrastructure protection is a key part of application security. And the other dimension is not only we can help with the credential staffing and things, but it's actually thinking about the customer's top line. Because at the end of the day, when all this inventory are being siphoned out, the customer won't be happy. So how do we make sure their loyal customers have the right experience? So that can improve their top line and not just sort of preventing the bots. So there's a lot of mission that we're on. That's a prize of delight in addition to that protection. 100%. I could talk about the evolution of an engagement with F5. We first go online, deploy the client-side signals I described, and take care of all the bad bots. Okay, mitigate them. Allow list all the good bots. Now you're just left with human traffic. We have other client-side signals that'll identify the bad humans among the good humans, and you could deal with them. And then we have additional client-side signals that allow us to do silent, continuous authentication of your good customers, extending their sessions so they don't have to endure the friction of logging in over and over and over. I was playing that last one again, because I didn't catch that. Yeah, so right now we require a customer to enter in their username and password before we believe it's them. But we had a customer who, a lot of their customers were struggling to log in. So we did analysis and we realized that our client-side signals, of all those who were struggling to log in, we're confident like 40% of them are known good customers based on some of these signals. Like they're doing floating point math the way they always have. They're rendering emojis the way they always have. All these client-side signals are the same. So why force that customer to log in again? Oh yeah, and that's such a frustrating user experience. Oh it sure is. I actually had that thought earlier today. How much of my life am I going to spend typing my email address? Just that in itself, then I, who wanted to crawl back under the covers, but. With biometric math, I forget my password. So it's like. So how about solving CAPTCS? How about solving CAPTCS? Where's, how many pictures have a bus? Yeah, I, I got one wrong the other day because I had to pick all the street signs, I got it wrong and I called a Russian human click farm and figured out why is I getting it wrong. I love that you went down this rabbit hole deeply. Well, you know why? You said that's not a street sign. That's a road sign, they told me. That's the secret back door. Oh wow, yeah. Tell them about your background because you have a fascinating background coming from law enforcement and you're in this kind of role here. He can probably tell us about our background. Well, for the last 25. Sponsor's records. Yeah. Not only kidding. 25, 30 years in working in local state and federal law enforcement and intelligence among those an FBI agent and a CI cyber operations officer. And most people are drawn to that because it's interesting. Three letter agencies can get an eyebrow. But I'll be honest, my early, early in my career I was a beat cop and that changed my life. That really did. That taught me the importance of an education. I'm taught me the criminal mindset. So yeah, people are drawn to the FBI and see a background, but I really value the. So you had a good observation eye for kind of what, how this all builds out. I know, and I'll kind of tease that. You know, constantly fighting the bad guys. Whether they're humans, bots, as security threat from a poor nation. Well, learning their mindset and learning what motivates them, what their objectives are. Yeah. It's really important. Reading the signals. You don't mind slipping into the mind of a criminal. So you need a role, right? It actually is. You got to put your foot in your hands and walk through their shoes, as they say. That's right. The bot network, so I want to get into it sounds like it's off the cup, but they're highly organized networks. They are. Talk about the aspect of the franchises of these bots behind them, how they're financed, how they use the money that they make, the ransomware that they collect. Well, what's the enterprise look like? Unfortunately, a lot of the nodes on a botnet are now just innocent victim computers using their home computers. They can subscribe to a service and agree to let their CPU be used while they're not using it in exchange for a free VPN service, say. So now, bad actors aren't just coming from rogue cloud providers who accept Bitcoin as payment. They're actually coming from residential IPs, which is making it even more difficult for the security teams to identify. There's one thing when it's coming from It's spooky. M247, you know what I'm saying? You're just kind of creeped out too. It's these unknown hosts, right? It's like being a, you know, and you have good traffic coming from it, you know, during the day, and then malicious traffic coming from it. The fairies. My last question is your relationship with Amazon. I'll see security centerpiece of this re-invent. It's always been day zero, as they say, but really it's the security data lake. A lot of gaps are being filled in the products. You kind of see that kind of filling out. Talk about the relationship with F5 and AWS. How you guys are working together. What's the status? We've been long-term partners, and the latest release on the connector for CloudFront is just one of the joint work that we did together. And try to, I think, to dance point, how do we make those technology that was built for the very sophisticated, big institutions to be available for all the CloudFront customers? So that's really what's exciting. And we also leverage a lot of the technology. You talk about the data and, or entire solution are very data-driven. As you know, it's automation. If you don't use data, you don't use analytics, you don't use AI, it's hard to really sort of win that war. So a lot of our stuff, it's very data-heavy. And benefit the customers is what? Access? The customer's access, the customer's top line we talked about, you know, like how we're really bringing better experiences. At the end of the day, F5's mission is to try to bring a better digital world to life. And it's also collaborative. We've had a lot of different stories here on the set about companies collaborating. You're obviously collaborating. And I also love that we're increasing access, not just narrowing this focus for the larger companies at scale already, but making sure that these companies starting out a lot of the founders probably milling around on the floor right now can prevent this and ensure that user experience for their customers throughout the course of their product development. I think it's awesome. So we have a new tradition here on theCUBE where we reinvent and since you're alumni, I feel like you're maybe gonna be a little bit better at this than some of the rookies. Not that the rookies can't be great, but you're veterans. So I feel strong about this. We are looking for your 30 second Instagram reel, hot take. Think of it like your sizzle of thought leadership from the show this year. So eventually eight more visits from now. We can compile them into a great little highlight reel of all of your sound bites over the evolution of time. Who wants to give us their hot take first? It sounds good. Dan? Yeah, sure. You've been elected. I mean, you are an agent. This is great. You're a former special agent. I guess I want everybody to know the bot problem is much worse than they think it is. We go in line and we see 98, 99% of all login traffic is from malicious bots. And so it is not a DIY project. 98 to 99%. That means only 1% of traffic is actually legitimate. It's only mollus. I just want to make sure that everybody heard you say that. I mean, it's very common. It didn't happen once or twice. It's happened a lot of times. Yeah, and when it's not 99, it's 60 or it's 58. It's high. And that's costing a lot too. Yes, it is. And it's not just in fraud, but think about charges that are... I think you're cloud service providers. Costs associated with transactions, you know? Fraud tools. All of it. Yeah, SIMs, all those things. There's a lot of cost associated with that much automation. So the client side signals and multi-stage defense is what you need to deal with it. It's not a DIY project. Bots are not DIY. How would you like to add to that? It's so hard to add to that, but I would say cybersecurity is a team sport and is a very data-driven solution. And we really need to sort of team up together and share intelligence, share, you know, all the things we know so we can be better at this. It's not a DIY project. We need to work together. Fantastic. Dan, Hyann, so great to have you both back on the queue. We look forward to seeing you again for our next segment and I hope the two of you have really beautiful rest of your show. Thank you all for tuning into a fantastic afternoon of coverage here from AWS ReInvent. We are live from Las Vegas, Nevada and don't worry, we have more programming coming up for you later today. With John Furrier, I'm Savannah Peterson. This is theCUBE, the leader in high-tech coverage.