 From around the globe, it's theCUBE with digital coverage of AWS ReInvent 2020, sponsored by Intel, AWS, and our community partners. Hey, welcome back, everybody. Jeff Frick here with theCUBE. Welcome back to our ongoing coverage of AWS ReInvent 2020. It's virtual this year, just like everything is virtual this year, but it's still the biggest event in cloud and we're excited to be back. I'd like to welcome in our next guest. She is Ariz Yarkoni, Head of Cloud and Telco Technologies for Checkpoint Software Technologies. It is great to see you. Nice to see you, Jeff. Thank you for hosting me this morning. Absolutely. So let's jump into it. You've been in the cloud space for a while. I saw a great interview with you, I think like four or five years ago when I was doing some research and you're talking about all the great innovation that's coming from cloud. That was years and years ago. Now suddenly we had COVID arrive and I'm sure you've seen all the social media memes who's driving your digital transformation, the CEO, the CMO or COVID and we all know what the answer is. So first off, I'd just love to get your perspective. You've been in this a long time now that we're here in 2020, both in terms of the development of the cloud and the adoption of the cloud as well as this accelerant that came into our lives in mid-March. Yeah, Jeff, I've been lucky that I got to participate in this kind of innovation cycle of IT and technology. Earlier I was a CIO for an organization, a large organization and we were adopting cloud. At the same time as an organization we were selling technologies and networks to our customers and they were asking to adopt cloud and so on and these are probably some of the early interviews you looked at. So I got lucky that I had to look at my own organization and understand where cloud is beneficial and obviously now I work with cybersecurity and securing the cloud. So it's all come together. I think that as cloud technologies came in, it really came in to help many of us address the fundamental need to come to who market with business capabilities and functionality faster. For those of us in technology, we're probably always the bottleneck of our business counterparts that said, well, if you could only do this for me, I could grow the business, I could change the business, I can go to other places, I can incrementally bring more customers, revenues and so on. The cloud platforms have done a tremendous job allowing developers and operators of technology to change the speed in which they service their businesses, but with speed comes security. And I think the cloud platforms specifically, platforms like AWS built security into the cloud as well, but there's other needs in it. And the pandemic or COVID, all it did is it shifted some of these motions into another gear and then it created some new business needs that can only be serviced digital. Me and you are now having a collaboration session over a digital channel where otherwise we'd be probably sitting in the same studio. So definitely collaboration has changed. Commerce have changed, especially for some organizations that never planned to do commerce over digital channels, small businesses and so on. Just think about the food delivery industry and how many new customers have now, sorry, restaurants have now signed up for food delivery services. That must have exploded. These continuous changes brought continuous needs to address security as well. AWS is allowing people to build some amazing applications. I watch the commercials when I watch football on Sunday. So Peloton and Zoom and education and many other things. And yeah, so when people build those amazing applications, the next thing they need to do is make sure that the Zoom session is secure and nobody's crashing in if you have a bunch of kids doing Zoom for school. There is, you talked on so many topics on that. So let's break a few of them down. First off, I just thank goodness for cloud, right? This pandemic had hit 10 years ago, 15 years ago. We would not have been able, those of us in the IT industry, to shift so easily to cloud-based, or excuse me, to working from home or working from anywhere because of the cloud-based applications, huge enabler. But it's funny, not once in what you just talked about, did you talk about cost savings? And I still find there's a lot of people that are looking at cloud as a way to save costs. You've been in it for a while. You know the truth is all about agility and speed of business, speed of adoption, speed of innovation. You said it in every single one of your answers, but it still seems to be a lag for a lot of people. With COVID and securing people work from home, one of the big issues, let's go back to security, is increasing attack surface. And we know the increasing sophistication of the bad guys. Now I'm hearing from some people that they're actually using old techniques that they used to use back in the day because they know people are at home and maybe things aren't as locked down. You talk about security needs to be baked in all along the way. We're using all these more cloud-based apps. How do people think about the security perspective? How do you bake it into everything that you do? And how do you respond to the increased attack surfaces that have now suddenly opened up to look like for probably a little while, not just going back to the old way any time soon? Yeah, so you touched on that. You said that you hear about people using all the attack methods or vectors or so on coming back because people are now at home and no longer behind a very secure environment in their office or in their data center. People had to maybe move things that they never thought they would, the call center operations. That was by definition, you showed up to the call center for certain organizations and moved it out and they may have not been ready to move those applications and so on. So they had to address the security of it. I think that's exactly it, which is now some of the reaction we had to have for just staying in business. We used kind of very older or we increased what we know about security, about remote access by increasing VPN capacity for the organization or those type of methodologies. Now people are looking at what happened to our topology, to our architecture, where are people and machines coming in to execute their work over the network? Where are the applications residing? What have we moved to the cloud? Because we had to now flex for capacity and speed and maybe localize and move it into regions and so on. I don't think it was about cost saving. I do think it was about business agility, especially in this phase. I actually think that at the end of the day, the big benefit from cloud is business agility. Cost has to come with it. We cannot sacrifice cost in everything we do. And we look at overall how we use cloud technologies and other technologies and make sure that the cost fits into what our business demands from a cost structure, but it is about business agility. Now it's also about security agility. So people are building methods and capabilities to match the business agility with security. And security was, at least for me, for instance, as a CIO, security was a bottleneck. So when business demanded agile development, iterations, sprints, deliver functionality in weeks and keep pouring it into the environment, one of the inhibitors was security. We weren't ready for it. We weren't ready to release it. So we had to find a way to adopt it. And then came in companies like AWS saying, we built some of that security built into the platform. And companies like Checkpoint saying, we have cloud security that moves at cloud speed and allows you to integrate into your CICD environment or processes and allows you to match the speed of the business with the speed of security. Yeah, that's great. I mean, again, I agree with you 100%. It's all about agility and speed of business and being able to move faster. It just always surprises me how many people are still kind of stuck on the cost-saving piece. And then the other thing, of course, which you're super aware of, and if you've ever been to one of, kind of the technical keynotes at AWS re-invent, the amount of investment that they can make in infrastructure, including security, just completely overshadows anything, and the size of the individual company can invest just in terms of the resources. And then somebody like you guys can leverage on top of, not only using the massive Amazon kind of core investments and security at the infrastructure layer, but then all the stuff that you guys can do in terms of securing the enterprise and helping make sure that the right people have access to the right information at the right time, but not a lot more than that. I wonder if you can talk about kind of zero trust and some of the evolution within security in terms of the posturing and how you kind of make assumptions. As we said, it's no longer a wall anymore. It's no longer talking about having these physical borders or even logical borders, but it's really about access and breaking down access even to the person and the application and the data, et cetera. Yeah, I think you asked specifically about zero trust. And I think that we wanna move, maybe wanna keep the theme here around the application security and so on. I'll get to zero trust at the end. So one of the things that definitely is thematic or we see happening is in the evolution in the maturity curve of adopting the cloud, the initial adoption was maybe some lift and shift from organizations and the IS layer was a big player, but the past layers of the cloud are where all the interesting happened, where all the exciting services, all the innovation coming from organizations like AWS, all the enablers for business agility and capabilities are coming from there. And when you start developing your applications for that past layer, we start leveraging the services, the type of security changes. So you're no longer looking at network security or maybe North East West, North South East West type of security on your network. You're now looking at securing APIs and securing the backplane of the cloud from those services that they give you. You got to encrypt your buckets. You got to make sure your security groups are correct. You wanna make sure your serverless functions are not executing anything malicious in them or talking to IP addresses, they shouldn't be. Same with your container. You wanna make sure that your container code is scanned properly. You didn't download anything in there that's malicious and obviously have runtime security both to make sure that you're compliant from a posture perspective. You may, compliance may require you to be PCI compliant on one of those. So the elevation in which you execute security changed from the stack from a kind of a traditional stack. It requires different capabilities and between what AWS has built into the platform and what checkpoint puts together in Cloud Guard, this is the big target. Then we get into, okay, so how do you access all these great things that we just built? So we built these, this great application. It's sitting on AWS. It's using some of the great services there. How do you get to it? Who gets to it? How do you get to it? This is where some of these, you know, Sassy and Zero Trust come in because what happened is you used to come into a lot of enterprise applications from the data center. Then we moved some web apps and you came over the web into the application. So we have some web firewalls and security for that. Now you're getting into every application from the edge of the network because we are all at home or we used to be traveling but a lot more of us are now at home coming over the edge of the network. We're adding IoT devices coming over the edge and there I can so on. There's a lot more volume coming at you and you got to find different ways than just VPN authentication of the traffic into. So we are coming into the age of having to identify who's coming at the application at the capability at any given time. And that's where you come into the framework of Zero Trust. Every time you come in, I'm gonna authenticate that as you and there's different methodologies in there. For instance, one of the things that we just added to our portfolio is the ability to put an agent, let's say around your AWS application and allow remote access with no VPN to your enterprise app to an acquisition or company we call Odo without having to put a VPN. So the administrator defines what applications are connected to the connector. They define who's the users that are allowed and authenticates them based on the authentication framework let's say octa or something like that and allows them to come in. And those are the type of capabilities you need in these new frameworks of how do you get to these great applications we're building. And you touched on something really interesting which is the complexity is only going up. As you mentioned, Edge, you mentioned a little bit of IoT. So as 5G comes on board, as IoT gets increasing amounts of traction, all these applications are API based. There's all types of information flying back and forth. So I wonder if you can share kind of your guys thoughts on applied machine learning and artificial intelligence to help kind of get through all the signal or excuse me all the noise, find the signal and really bring more automation to help the security experts and the security systems be more effective at their jobs. Yeah, so I think a lot of what we talked about until now was protecting, establishing a new perimeter. There's not really a perimeter, right? Because we talked about the perimeter has grown and it's fuzzy and it's at scale that really doesn't allow you to say I have a perimeter so you have to authenticate everybody, but like you said with that speed and scale came a lot of data. You got a lot of logs running in there. You got a lot of events. You got a lot of things that you can look into and by looking into them, you can start with machine learning and those type of AI methodologies start looking both to identify things before they happen or inform organizations and inform about things that are already happened and potentially remediate them. At checkpoint, for instance, we have something called the threat cloud. We collect these events from every gateway, every appliance, every virtual appliance, every type of security agent that we have around the world into the threat cloud processes and I'm gonna throw a number there that's the close to about 80 billion a day transactions. And it allows us to process, to apply machine learning and AI algorithms to find threats and then inform all these great checkpoint security agents out there of new threats and prevent those threats from ever happening in the environment. If you're operating on an AWS environment, there's a lot of log flows happening in your environment. There's a lot of things to collect and look at, right? So in Cloud Guard, we offer something called logic or log.ic which allows you to harvest those logs. We enrich them and then we allow threat hunting inside those environment, right? So those type of capabilities are definitely kind of the future of advanced security, right? So beyond just establishing, it's like, you establish your security around what you do and then you have your intelligence unit starting to identify what signals are out there allowing you to both prevent security breaches or any type of threats, but also remediate anything you find the traces of things that happen and remediate them. Right, right, well, that's just a great illustration of kind of baking security until the multiple steps of the process and all the steps of the process that's not just a bolt on anymore. It's got to be part of everything you do and bake into everything you do. I still wonder how certain companies that are run by having people click on links that they're not familiar with still happen today, but I guess they still do. So I'll give you the final word. Again, you've been in this space for a long time as we kind of turned the page on 2020. What are some of your priorities? What are you excited about for 2021? I think the most exciting thing for us in cloud security in 2021 is we're releasing more capabilities into the environment. We're in the maturity curve of protecting your network in the cloud and then protecting your posture in the cloud. We're moving very strongly into predicting your runtime and applications in the cloud, your APIs and working with organizations through that maturity curve and getting them up to all the way up to threat hunting capabilities. And I think that'll be exciting because I hear from customers that they need to move quickly through that maturity curve of cloud security as they have accelerated and continue to accelerate their move to the cloud. That's great. Well, I think no shortage of job security in the cloud security space. I'm sure it'll be a busy year. Well, Aris, thanks for sharing your insight. Really appreciate the time and it was great catching up. Thank you, Jeff, for your time today and it was great talking to you. Absolutely. All right. Well, here's Aris, I'm Jeff. You're watching the cubes continuous coverage of AWS re-invent 2020. Thanks for watching. We'll see you next time. Thanks.