 From Silicon Valley, it's theCUBE, covering RSA Conference 2017. Now, here's your host, John Furrier. Hello everyone, welcome to theCUBE. We're here live in Palo Alto for special RSA coverage, RSA Conference. It is the big security conference. There's really two of them, RSA and Black Hat. Seem to be the biggest shows that really the top industry players in the security vendors and customers and now governments come together and really talk about how the state of the security is and what the solutions are. Our next guest here in theCUBE is Dave Packer, Vice President of Product and Corporate Marketing at Druva on the marketing and on the product side, which is very relevant for today's conversation. Thanks for joining us today. Great, thanks for having me on board. Thanks for coming down to our studio in Palo Alto. So he's no room and Sam will be there for two days. I'll be driving up tonight, but I want to get the vibe of the show. Of course, we get into some of the things that you guys are working on because I think the number one story that I see coming out of this thing is that the threat detection volume is at an all time high. So and the diversity of the attack vectors, AKA and surface area is at the highest it's ever seen in terms of at least surface area and the number of attacks. Has the industry one internalized it? Are we still in denial? And two, is there any movement in any kind of strategy to respond to this massive threats? Yeah, I mean, it's a great question. I think, you know, what we see, you know, if you look across our say, I mean, there's a lot of different topics, you know, and as technology has gone over the last few years, you know, IOT's, you know, definitely added an interesting dimension to that, right? You have people who have on the consumer side, you know, Alexa, Google Home, you know, attached to their locks at their front door, right? And so, you know, do I just need a blow horn down the street to say, hey, Google unlocked the front door, right? And see whose doors unlocked. So I mean, I think there's interesting questions about kind of what we're opening ourselves up to. The attack surface has become so varied and so broad, right? That you now have these distinct domains, right? There's the enterprise side of it, which is really more focused on, you know, devices and workers and users and how they're interacting with data. And then you have the consumer side, which is much more diverse because there's so many products. And yet, consumers are less attuned to the security vulnerabilities that they're buying into, right? So I think, you know, where it's interesting is, you know, what is, you know, what are the right tools? What are the right things that people should be doing? And, you know, there are a lot of great elements out there on the enterprise side. Obviously on the consumer side, it's a lot trickier. But, you know, I think what's, you know, where we're seeing things evolve today is how do you, with all these data sources, all these different areas, how do you get that kind of global visibility? I think it's very difficult when you look through the security stack and try to figure out where do I interject to make sure I'm helping the business and reducing the risk. A couple of things highlights for me, I would say that I want to get your reaction to is obviously the industry probably has this now call to arms, if you will. I know it's actually set up, but you kind of see the teasing out of this. We need a cyber West Point kind of institutional facility. But you also have the sharing of data is becoming a real call to action. Hey guys, we need to share data as fast as possible. Certainly any kind of new pattern recognition as key algorithm on some of the anomaly detections. And you start to see government up there. We saw the Chief General Counsel, now the CEO of Microsoft, Brad Smith on stage, but really not a lot of government presence. No one from the Trump administration was there. There was really nobody there from government. And this seems to be the black hole in my mind of data sharing because ultimately the government is a big part of that as well. Thoughts and reaction to that? Did I miss it? Was there more government there than I thought? No, I mean, I think you raise a great point. I mean, I think that there really is a need today to really start forcing more open sharing. I mean, I think when we look at how the attack vectors are coming in and how varied they are, that the fact that organizations are still very much like, this is happening to me, but I don't want to tell anybody because I don't want anybody to really know unless it's something super serious, right? But at the same time, it's only the spread of that knowledge because you need to think about securities about people process and technology, right? And so it's really, how do you define the proper people and process practices and how do you share them in a way so that organizations know more ahead of time when they might be some kind of a threat they need to thwart, I guess is the right way to say it. And I think that you hit on a great point because I do feel like the government especially is open to a lot of vulnerabilities. We saw that recently. How do you take action against that? Yeah, on which side are they on? So people are speculating both, but really ultimately it's disappointing that the government really is backing away from our side when they should be leaning in to quote Cheryl Sandberg, even though the government is not a male or female, it's actually Trump, I guess is male, but we got to lean in especially with the government. I want to get your thoughts on other commentary. I had a chance to speak with Mark McLaughlin as the CEO of Palo Alto Networks, the CEO of Checkpoint and Cisco's top security guy, Intel McAfee guy. I asked them directly, I'm like, guys, the internet's old. I mean, you could say maybe 40 years old. We're talking about technology that's 30 to 40 years old. Mark McLaughlin used to work at Network Solutions and he ran the registry for the DNS system. The DNS still is part of the underpinnings. What the hell's going on with the infrastructure? So to me, I think the big elephant in the room, at least from my perspective was, yeah, the action is moving up the top of the stack, but still the infrastructure is like 40 years old. I mean, is there any impact to that? Does that help? Does it matter? What's your reaction to that? What's your thoughts? Is it relevant? Is it abstracted away or is it still a problem? You know, I think it's all tiers are relevant, right? I mean, at some point we have to, it's like any kind of infrastructure, roadways, highways. I mean, there's always modernization that has to happen, right? And evolution of that, you know, I think when you think about security in general, you do have to look at all the various layers. And I think, you know, internet, yeah, 40 years old. You know, I think there's been though a lot of maturity in how organizations are transferring data, how they're interconnecting, how that data is being secured and locked down. But at the same time- The perimeter's gone. That's for sure. The one thing we know, even though that old infrastructure, which was managed by Lock and Key, if you will metaphorically speaking, front door, back door, perimeter. Now it's gone. Now it blows out of way. Right, exactly. I mean, this really wears the anomalies interesting because now you have the pattern. So, I mean, talk about it from your perspective. True of you guys are doing a lot in this area. You talked to a lot of customers in the real world who are actually living and breathing this. We're seeing ransomware exploding and fake ransomware, all kinds of malware burying themselves into these older infrastructure pockets, exploits or whatever. So this is an issue. So what's the reality? When you're talking to your customers and the products that you guys are making, what's the key thing that's going on? Well, you know, first off, when you think about Druva, what we're doing is we're collecting information, basically from all these different data sources from mobile devices, servers, cloud applications. We're bringing it together. And what we're doing is we're analyzing that data as we bring it into our system. What we've done is we've now applied a layer of machine learning on top of that to, if you think about an enterprise, you've got 50,000 users, 60,000 users. How do you really identify where there's a potential ransomware attack? Common theme is somebody gets attacked, they don't report it, right? They try to figure it out themselves, pay with their credit card, whatever that is. You're embarrassed, whatever. Right, whatever. But at the same time, it's corporate information. Well, it's also a time when a lot of the ransomware is really orchestrated and targeted. So they know the pressure point. And so it literally is a gun to the head, so to speak. And so, you know, the way we're looking at it is from the standpoint of giving people the ability to have early awareness of when there is an attack, right? We kind of think of it as we're like the second line of defense. Your first line of defense is your malware, right? Which is your malware detection, right? Which is really looking at what's coming in and what people are putting on their machines, et cetera. But we also know that the ransomware right now is evolving so rapidly and it's being tuned to work around these systems that you need that second line of defense to really look at where are there changes out of my network, right? And so what we do is we take these snapshots up to a tolerance of every few minutes, right? To be able to say where are changes? Where are things that look like, for example, a large volume of files being encrypted? And if we see that, then identifying that for IT, alerting them so that they can take action on it directly. But you could also use the same technology for looking for things that are other anomalous or malicious activities like a rogue employee that's about to quit who deletes a lot of information, right? Or somebody who's downloading tons of information suddenly, which might be indicative of the same thing. Somebody leaving the order. Yes, some interesting stories are just pulling up our SiliconANGLE Newsroom here. One story came from Tech Republic. New ransomware could poison your town's water supply before you don't pay up. And it's researchers from Georgia Tech, great school, have a new form of ransom targeting industrial systems. This is the IoT challenge and other things that essentially could simulate a disruption to the water treatment plant. So, I mean, that's, it's everyday life. I mean, you'll drink water, right? And then the other one here, love this story from Microsoft, where kind of a strategic imperative, the need for a digital Geneva convention. So this brings back a couple of different points, right? One is IoT, Internet of Things is industrial, things that we live every day with roads, cars, water treatment plants, nuclear power, all this stuff. To policy, how do we resolve it? So you guys have a business, people buy your services, but then the other customers might not have you guys, they might have another product. Is there sharing going on right now in the industry? Is it more of, don't ask, don't hell, secret clubhouse? You know, there is some sharing, but I suppose this is one of the things about technology and proprietary and building out your systems and solutions, right? You're creating new technology. You're inventing, right? And part of that is like, you know, hey, I've got something that's patentable. I want to be able to take that into the broader market. I think there are some things that exist today that will create those barriers because of the way that organizations look at what they're creating from a technology standpoint to address that, right? So if I come up with some new algorithm that's going to help stamp out ransomware, I'm probably less inclined to share that right away, right? Or explain it right away. I think that's where you get back to your initial comment, you know, what can the government be doing to provide a more broader industry, kind of governing committee or something that helps businesses to better kind of figure out what are the ways that these things can be shared and still protect organizations at the same time. And this is a tricky challenge. Open source has proven that open creates better security than closed, as we know. So I like this, I love the trend of open data and I think that's interesting. Not yet practice, I think it's going to be incumbent upon people sharing. Question about your business. Why are people buying you guys? I mean, what's the value purposes for you guys? What's the buyer sales motion? What's the value proposition? Why you guys and what specific use cases do you guys hit the home run at? Yeah, so where we come in is we're really about providing cloud information management, right? It's about how do you, in this new world of data being spread everywhere, how do you institute the proper stewardship of your information and provide the right tools on that when those tools that are strictly on-premises or wherever just can't do that anymore, they fall short. So we look at it from, we can leverage the cloud and the beauty of the infinite capacity and elasticity to do search indexes across petabytes of data, help you search through that sift through, find. And a great example from a security and privacy standpoint is take something like GDPR and the EU, right? How do you know who has what type of information on their devices, right? I mean, part of- What's GDPR? That's a general data protection act. Okay, that's so that the countries have their own little- Right, so the EU is kind of agreed, right? The 18 member states have agreed that, you know, these are the policies we're gonna have now. And it's- That's really for consumer protection, right? That kind of thing. It's a protection, it's privacy protection. So it affects consumers or employees or anybody pretty much. And anybody who's doing business in the EU is impacted by that, right? So it's not just you and the EU. So there's a lot of management of getting the auditing and the numbers, tracking things to know what's- Right, so companies are now in the US spending millions of dollars to get aligned to that, right? But the question at the end of the day is where are my real risk pools, right? If somebody loses a laptop and it's got marketing data on it, I might not be too worried about that, right? But if I've got a financial advisor who's out there doing work and suddenly his laptop's breached or is stolen, you know, how do you know what's on there, right? Because at the end of the day, it can result in a breach notification. Well, I have to show that I did everything in good faith or I'm gonna have some huge penalty levied against me. So it's the same- So risk management meets, you know, protecting, too, right? Right, exactly. And balancing both sides. So those are the problems that we're helping businesses. And ransomware is right at your wheelhouse then, too. So that's where it hits you guys. What's the impact of this? Is it real ransomware? Right, exactly. Is it backed up? Do we have alternatives? Exactly. Do we have to pay up? In most cases, people bang up. All right, so a final question. Tell us a cool story, good, bad, or ugly around a real-life situation, and you don't have to talk about the customer's name because it's good, it's juicy, but that's a juicy story of a customer that didn't have the kind of protection they needed and one that did and what happened. Yeah, you know, actually it's interesting. What I find is that, kind of go through the who's, who's list of my customers. They're usually companies that are post-breach. So what you'll find is that, you know, I won't name them, but large healthcare companies, whatever, who, you know, something was compromised. Maybe it was a laptop or something. And, you know, not a customer, but you know, you can look at like advocate healthcare in Chicago that was levied at a $5 million fine back in August, right, by Health and Human Services for HIPAA violation. You know, where those organizations, you know, what happens is, is they pay out all this money, the CIO loses their job, the CISO loses their job, somebody loses their job, right? And next thing you know, they've got to bring in consultants to help them realign all their data practices. Kind of just bring the consultants in. Yeah, right, it's super expensive, right? Maybe not efficient, they're milking it all the way. Right, so you know what's unfortunate is that companies, you know, there's one thing that's a breach, there's another thing like all the post-breach stuff that you have to do to align and show the government, hey, I'm doing the right things, right? And so we get a large volume of those types of companies coming to us and saying, hey, we need better, a better way to manage the data, understand what's there, how to understand what our security posture is, understand the data streams, who has what, who shouldn't have stuff. We have customers that, we have one customer in particular, unfortunately who's had information theft that has very large security implications. And you know, the reason they came to us was how do we, how do we get our arms around this in a way so we know, you know. Dave, bottom line, great show, give us the bumper sticker. What's the real aha from this week, this year, RS8 2017, what's the big story? What's in your mind? Well, I think what we're really starting to see now is that because of the sheer volume of things, things like knowledge management are starting to be applied to this area more strongly. I still think there's a lot of noise there. It still needs a lot of maturity, but we see that as actually providing a way to have companies gain insights. So about machine learning, AI, these kinds of things. Right, right. Insights across large volumes of data, right? And ultimately at the end of the day, you start surpassing the human capacity to look at all that and say, oh, this is a problem, this isn't a problem, right? So how do you leverage that? You know, if you can drive a car down the street using AI, how come you can't start utilizing and applying it to these data sets and correlate across various data sets to find the various threats, get closer to, instead of finding out three weeks later, getting closer to finding it within the zero day. So, great. More exploits, more problems, more complexity, but automation machine learning is coming fast. Dave Packer, here inside theCUBE, breaking down the RSA coverage and analysis and great commentary reaction here inside theCUBE. We'll be right back with more action, live here in Palo Alto on RSA 2017 after the short break.