 from Las Vegas, it's theCUBE, covering Kuala Security Conference 2019. Welcome to you by Kualas. Hey, welcome back, everybody. Jeff Frick here with theCUBE. We're at the Bellagio Hotel in Las Vegas at the Kuala Security Conference. This conference has been going on for 19 years. It's our first time to be here. We're excited to be here, but it's amazing that they've just been clipping along through wave after wave after wave. They've got some new announcements today and we're excited to get the full rundown here. Our next guest is Chris Carlson, the VP of Strategy from Kualas. Chris, great to meet you. Great, thanks, great to be here. Yeah, so you just got out of your session? How did your session go? Yeah, it's fantastic. In fact, that's the great thing about a Kuala Security Conference because we have the ability to not only interact with our customers and partners, but actually showcase what's new, but also what we're working on coming into the future. And that's really important for us at Kualas because we get the feedback from the customers early and we can work very closely with them and define the right set of solutions and the right products for their use in their environment and programs. Now the security landscape has changed quite a bit over the last two decades and Philippe's keynote, I mean, he is right on the edge in terms of really appreciating cloud and the benefits of cloud. You guys have a lot of great integration partners. You know, did you have to re-architect this thing at some point down the road? I mean, it's pretty amazing that you've been at it for two decades and still really sitting in a good spot here as kind of the cloud and IoT and 5G and this next big wave of innovation starts to hit. Well, that's right. I think that's why it starts with that vision, but it's not just a vision of where the market is going but the vision of where technology is going. So when Kualas started, they started in the cloud and they started with the cloud-delivered architecture and that was really maybe early for a lot of first customers, but 20 years ago security was still maybe not as much and put security in the cloud, that's where all the bad guys are. But it's really that architecture vision and technology that allowed us to not only innovate quickly on a platform, but as our customers grew, as our customers moved to the cloud, as our customers moved to IoT and OT and mobile computing and those aspects, we're already there. We're already there. So that is really the advantage for us is we don't have to re-architect our platform. We can layer on new capabilities and new services, new products, leveraging the existing architecture that we developed in the cloud. Yeah, it's really a little bit of good fortune, a little bit of luck, a little bit of smarts, right? I think it's maybe a lot of experience with smarts from that. Well, it's just funny, right? Because we had John Chambers on not that long ago and his kind of computing waves, he was using kind of 10-year waves as kind of the starting points. And Philippe's were a little bit longer, but it's the same kind of story with mainframes and minis and client server and now cloud. But as he said, and as you've reinforced, if you don't architect it to be able to do that at the beginning, you can't necessarily repurpose it for this new application. It's really architecture-specific and without that kind of vision, you're not going to be able to take advantage of these kind of new waves. Exactly, and I think that architecture breaks down into different levels. So one is systems architecture, but it's also the design architecture. So the technologies that we're using in our platform today aren't the same 20 years ago. We've swapped out those technologies, we used new modern technologies. Technically, like Kafka streaming bus to do real-time event streaming, Cassandra for object data store, those did not exist five or six years ago. But from our architecture that we're collecting lightweight data from our customers and analyzing it in our cloud platform, doesn't matter if we have one million events, a billion events, a hundred billion events, the platform can scale the process of those. The other piece clearly that you've mentioned two or three vocabulary words right there is the open source component. The open source has grown dramatically since early days of Linux both in terms of market acceptance as well as kind of new opportunities for things like Kafka to be able to grab that type of innovation integrated into your product set and really drive a whole bunch of extra value. Yeah, that's right, I think we benefit from these qualities using some of these open source technologies and we do contribute back because we work with those teams, if there's any defects or performance enhancements, we do that, but while we've benefited from some of the open source technologies, our customers have benefited as well. Now they've benefited from new technology architectures, but in some cases they benefited from new security problems. So if you get commercial off the software, the vendor produces a security patch, they test the patch and they can apply the patch. In many cases with some open source software, it's not like that. The customer has to get the software, compile it, make sure it works, maybe it doesn't fix the vulnerability and that's why in that case for them, open source technology can improve some of their IT systems and their business initiatives, but it puts a challenge on security to keep up with all the security risks that are happening across the board. Right, so one of the big announcements today was the VMDR. That's right. Tell us all about it. Great, so VMDR stands for vulnerability management detection and response. And that really is a capability that we've actually had in the platform itself, but the feedback from our customers were that internally their own people, their own process and their own tools created these artificial silos that prevented them from actually doing security detection and remediation at scale quickly. We have all these capabilities in the Qols platform anyway, but with this new VMDR bundle, we're bringing it together with new automation, new workflow, new orchestration, new user interfaces that actually reduce the time to remediate down to near zero in some cases. So we had an example of a live attack that happened two years ago, WannaCry with the Eternal Blue and many companies did nothing for two months. So they had the right tools, but maybe the data silos to go from one application to another application to one team to another team just increased that length of when they can remediate. Our customers that had Qols already had that data within the Qols platform. We can tell them what assets they have, what the vulnerabilities were, that WannaCry was a big thing happening, and then with our patch management, they can click one button and then just fix those assets easily. That was two years ago, now this summer something called Blue Keep. So Blue Keep and Deja Blue is another attack that's happening, it's going on right now. People don't know about it. Well, maybe not you. Maybe if you're aware of this. I got nothing. I got nothing. Maybe if he's a Windows operating assistant, he's being attacked right now. I don't know about that. But a lot of our customers here, they're struggling with that every day. Not that Qols can't tell them where it is, but they have to rely on another team to actually fix it. And that's what's so excited about VMDR, vulnerability management detection response, is the D and the R, the detection and the response, allow them to remediate in a full lifecycle very quickly, very effectively, and with a high confidence that it has actually corrected those issues. Yeah, it's really interesting, kind of the application versus platform conversation. You guys are integration partners with ServiceNow. Fred Lutty's been on many, many times and tells a great story at it. He wanted to build a platform, but you can't go to mark with a platform. You got to go to mark with an application. Hopefully you get some traction and over time you start adding more applications. And it was pretty interesting listening to you guys talk. Well, I was actually going to stop you right there if you don't mind. No. The marketing people go to market with the platform. The marketing people say, hey, version one is a platform. To their customer, but nobody's got a line item to buy a new platform today, right? That's sort of the disconnect really with normal enterprise sales models and technology. The marketing sales disconnect versus the technical reality that customers depend on for their environment. But if you do it right, then you can build that application stack. And I think in the earnings call, you guys last earnings call, you define seven specific applications that sit on this platform that enable you to bundle and have kind of multi application integration in the new VDMR. Yes, that's right. And I think the difference with QALUS is they knew that the architecture was important. So our vulnerability management was an application on the architecture when it first launched 20 years ago. And that really helped us going forward. So from the earnings call, it's seven product capabilities on our lightweight agent, but the entire QALUS platform has 19 different product capabilities in the same platform, using the same user interface model. And the VMDR takes many of those and bring it together in that single bundle on a per asset basis. Okay, great. Thanks for that clarification. Slight shift of focus. Another thing that came up in Philippe's keynote was kind of re-architecting the sales side and the market bundles that you guys are going to go to mark with over time. And he broke it down into really only four big buckets of categories, cloud providers, I think managed security service providers, enterprises, and I can't remember what the last one was, OT and IoT vendors. So as you kind of look forward in the way that you're going to develop your products to go to market, how is that impacting your strategy and are you seeing that start to play out in the marketplace? Yes, when you look at security technology and actually part of his keynote, he had this slide that had, you couldn't zoom in because there was a million logos on this slide, security companies. And you go to some of the security shows, there's 800 vendors in the exhibit hall. Oh yeah, we go to RSAC. I mean, that's why it's chaos, right? So it's crazy, it's crazy. And there was an analyst that actually said a couple of years ago that whenever there's a new threat, there's a new tech. Here's a new threat vector and now there's five new startups. And is that new threat vectors super narrow and it's only a feature or as a product? But our view of QALUS was a little bit different in that while the buying centers may be different, while some of the assets may be different and an OT asset versus a cloud asset versus endpoint asset, the ability to discover it, identify it, categorize it, assess it, prioritize and remediate is the same. That is the same. So whether it is a PLC on a shop floor from a car manufacturing or an e-commerce web server that's running in a public cloud or an end user machine, the process to identify, assess and remediate is exactly the same. So we're at QALUS with our platform, different sensors for different asset types, normalized security data and different remediation approaches for different asset types. But all the same platform. But it sounds like you're doing some special stuff with Azure. So tell us a little bit about what's special about that relationship, what's special about that solution. Yeah, and that integration was announced two weeks ago at Microsoft Ignite, which is a big Microsoft show. And that really is a close partnership that we have with Microsoft. We actually did an early integration with them four years ago, but this is a lot deeper. And that really is Philippe's and QALUS vision. That security needs to be built in and not bolted on. That if you take, let's take a car for example. When you buy a car, you don't buy the car without a seatbelt and airbag, maybe a radio, you don't buy it without tires, it all comes together. You don't buy a car and then go to the seatbelt shop and then buy a car and go to the airbag shop. It all comes together. And that's what we're very excited about this announcement with Microsoft and Azure is that the vulnerability assessment is powered by QALUS already built into Azure. So there may be a whole set of customers that know nothing about QALUS, know nothing about our 20 year history, know nothing about our conference. They go to Microsoft Azure's security center and it goes assess your vulnerabilities, click a button and there's the vulnerability information. So this opens up a new capability for customers that they may not have used, but more importantly, bringing security into IT without them knowing that they're doing security. And that is very important. So is it like a white label under the covers or is it just kind of integrated? It's not a white label, it's a joint integration. Okay. And it's a micro-set Azure. So they eventually have employees in the bottom of the report. Powered by QALUS, powered by QALUS. So we got to have that name in there. Right, right, good. What's exciting about Microsoft Ignite is that we had a lot of Microsoft IT and dev people come up to our QALUS booth and say, hey, I don't know much about QALUS, but I get this report of things that I need to fix. Tell me more about what you're doing and how can we help that fix faster? Right. And it's really about speed, time to market, a time to acquire customers, time to service customers, but more importantly, time to produce new technology, time to secure the new technology. And lastly, unfortunately, time to respond to security events that may have happened in your network. And I presume they can buy more of the suite through the, and run it on the Azure stack. Yes, that's right. In fact, all of our tech- It's going to be a good distribution for you. Kid Village can go on there from it. And that really is a strong partnership. In fact, the Group Product Manager for Azure is speaking at QALUS Security Conference just later today. And that really shows a testament of the deep integration and partnership that we have with them. All right, Chris, before I let you go, you're the strategy guy. So as you look down the road and you're crystal ball, I won't say more than three years, two years, three years, four years. What are some of the things you're keeping an eye on? What are the things you're excited about? What are the things you're a little concerned about? Well, I think that the things that we're excited about is a vision that Philippe, and of course, Samed has painted for it, is that the computing environment is accelerating dramatically. It's fragmenting dramatically. 5G might be a complete game changer across the board. We have some of our large customers that have a project that they call Data Center Zero. 17 data centers in two years, no data centers at all. I say that in their corporate offices, they have laptops and printers. That's it. How do you secure and assess an environment that is ephemeral and that is virtual and that is remote? And that's where the quality platform architecture can move along with those customers. Our very largest customers are the ones leading the charge, not only developing new capabilities, but also using them as they come out. So I think that's what we're very excited about. I think that's some areas that we're working deeper with our customers on is at the end of the day, it's people, process and tools. And we're working on the technology capability and stack that can also influence and make the process better, but ultimately the people have to come in and understand that security has to be built in. We have to shift left, integrate it into the depth cycle to really reduce that attack surface and have a stronger, more secure enterprise. All right, Chris, we'll stick you're going to be busy for the next couple of years. That's exciting time, it's exciting time to follow. All right, well again, congrats on the event. Thanks for having us. Can't believe it's been here for 19 years and we haven't been here yet. So again, thanks for having us and congrats on all your success. Fantastic, Jeff. All right, he's Chris, I'm Jeff. You're watching theCUBE. We're at the Quality Security Conference in Las Vegas. Thanks for watching, we'll see you next time.