 Welcome back to theCUBE's coverage of Splunk.com 21. I'm Lisa Martin. Joining me next, Ward Holloway, the director of technology alliances at Zscaler. Ward, welcome to the program. Thanks for having me, great to be here. Talk to me a little bit about Zscaler and Splunk working together. How are you helping companies to improve their security posture? Yeah, I think, you know, we're each market leaders in our respective areas and Zscaler the market leader for cloud delivered security as a service. And Splunk is really the market leader in log monitoring and correlation across the entire security environment, really providing their customers deeper insights through zero trust analytics and orchestration. And together our integrated solution protects enterprises from threat campaigns, reduces security operations burdens through automation and really provides our customers with actionable data much faster than they could do on their own. Actionable data at speed is incredibly important. You mentioned zero trust, that's a hot topic right now. Let's dig more into how Zscaler and Splunk handle zero trust. Yeah, well, I think first and foremost, our integration is cloud native. So you're getting that data in real time and not requiring any on-premise appliances or infrastructure. And that's a real key thing in this cloud-enabled cloud-first world that we're all operating in. And by getting that data in quickly to Splunk, we're really enabled our customers to do some interesting things. We have some pre-built dashboards via our Splunk application that allows customers to very quickly leverage our data and logs and give insights into what exactly is going on. They can view usage applications threats all immediately. And that data that we're sending to Splunk is natively configured in Splunk's SIM logging protocol. So it natively and easily is leveraged by our users when they deploy out of the Splunk app from Zscaler. So what are some of the things that differentiate how Zscaler delivers zero trust network access compared to some of the other guys? Well, I think first and foremost, zero trust has to enable zero network access. It requires zero access to the network. So you only connect to a particular application, really eliminating the possibility for lateral movement. It's really like the difference between letting a guest in your office wander around your headquarters unescorted versus escorting a guest to a meeting room and then it's escorting them out once the meeting is over. I think the second key really is then also having a zero attack surface. Anything that resolves on the open internet today can be discovered, exploited, denial of service. This means traditional solutions like firewalls, VPNs, any web portal that are visible on the internet are ultimately an attack surface, which is really a security risk. If they can find it, if they can discover it, they can attack it. If they can't find your application, they can attack it. So that's really the key about zero trust approach that Zscaler takes. We don't expose anything on the internet. And finally, we have zero pass through. So our zero trust exchange doesn't go through a pass through connection. It utilizes a proxy architecture, which allows you to hold the data, inspect it, and then making a verdict before allowing it to pass. This is really a fundamental key for zero trust to ensure that all connections are secure from threats and data loss and only allowing things in based on the context of the actual data itself. We've seen a massive change in the threat landscape in the last 18, 19 months. I'm wondering, Ward, if you can kind of elaborate on some of the trends from a security perspective or threat perspective that Zscaler has seen? Yeah, I think, you know, with the pandemic, obviously it's greatly accelerated work from home, work from anywhere. So users are no longer on their company's corporate networks. They're working from their homes. They're working from traveling around wherever they might be in the country. And I think that really has increased the threat attack surface. It's not protected by the traditional security infrastructure that companies have spent years putting in place in their networks because everyone is remote. We've seen things like a 500% increase in ransomware delivered over encrypted channels, for example. And 30% of malware delivered through trusted apps such as file sharing and collaboration tools. And so ultimately the largest risk is really lateral movement inside of corporate networks once these things get in because traditional approaches such as VPNs are placing the users on the network and ultimately exposing them to risk. You said 500% increase in ransomware delivered over encrypted channels. That's huge. And that is one of the things that we've seen just this year alone is ransomware becoming a household ward. Everyone understanding what happened with the colonial pipeline, the executive order. That's a huge strut there. And of course ransomware is also getting more personal. Are you seeing that as well? Yeah, definitely. I think again, with all of the remote workforce being distributed and no longer protected by the traditional security approaches, it's exposing them to this ransomware and it's what attackers are really kind of leaning on to go after these remote users in order to gain access into the corporate infrastructures and ultimately deploy ransomware within those infrastructures. And that's really why zero trust is so important. Zero trust is really the idea of kind of putting an exchange in the cloud itself so that security is by all of your users wherever they may be. So regardless of where those users are working, whether it's remotely from home, whether it's traveling at a hotel, whether they've decided to sell everything and get an RV and travel around the country, by placing a zero trust cloud exchange in place to secure your assets and secure the connections, you're protecting those users wherever they are and ultimately protecting against that ransomware threat. And that's going to be key as this work from anywhere persists for a while and then eventually there'll be probably some hybrid environment with a good amount of people working remotely and that the need to secure that landscape and deliver that zero trust is just going to be table stakes for businesses in any industry. Talk to me about digital transformation. We've been talking about that for years now but how are some of the ways that Zscaler helps your customers? And then what are some of the things that you've seen perhaps accelerate in the last 18, 19 months? Yeah, I think we touched on it already. Obviously the pandemic really accelerated the work from anywhere, work from remote dynamic. And I think that combined with most corporations moving towards embracing the cloud and software as a service has really accelerated this whole digital transformation movement. And the pandemic has just made it come to us exceptionally faster. So now that users are working remotely anywhere and now that your assets are no longer in data centers but sitting in the cloud whether it's things like Workday or Microsoft Office 365 or Salesforce or whatever application that you're using the traditional castle and moat approach to security that we used to take doesn't really work in this cloud first world. Corporations spent a lot of years deploying firewalls, VPNs, DLP's things of that nature in all of the data centers that they physically controlled. And that was great when all of the users were physically at the office and going through that physical infrastructure. But now that the pandemic has accelerated this remote work from anywhere dynamic that old castle and moat approach doesn't work anymore. So you have these users scattered around not connecting through your data centers not connecting through your infrastructure. And the pandemic also really exposed the weakness of that model as well. When everybody got sent home initially they were leveraging those VPNs to try to connect back through those legacy data centers and then out to the cloud. And we're really experiencing a terrible experience working in that environment. The VPNs were overwhelmed, they fell over and a lot of users started just going directly to the cloud themselves. And that's really where you risk this exposure and this problem with ransomware as they were bypassing the traditional security measures you had in place and exposing you to a much greater risk. And that's why the zero trust approach that Zscaler takes is much more effective and combined with what we're doing with Splunk really enables you to get full visibility across that deployed disparate infrastructure that you have and insight into what those users are doing and the ability to automatically react to it with the integration that we have with Splunk SOAR. That insight is absolutely critical. You talked about that rapid scatter to work from home that occurred 18, 19 months ago. And of course we all, all of us workers that were remote and are still remote were our reliant on SAS tools, collaboration tools, video conferencing. And of course you mentioned the stuff that 30% of malware is delivered through trusted apps like collaboration tools. Talk to me about how Zscaler and Splunk are helping customers combat challenges like that as they still are in this dynamic work from anywhere environment. Yeah, I think we've got a couple of interesting integrations. Again, first we're automatically sending the data from all of our Zscalers zero trust infrastructure to Splunk automatically normalized in their SIM format. So it is natively and easily ingested into Splunk and you start getting actionable insight from that. Once that data is in, Splunk can start doing an analysis and seeing what is going on with those users, looking at things like most hit sites, sites that are blocked, any suspicious information that they're starting to see through their analysis and correlation engine. And they can even take action on that. If they suddenly see users going to known bad malware sites, for example, they can use the Splunk SOAR integration that we have to call the endpoint detection and response system that they may have in place and block that user from connecting it. So we're giving users full insight into what their user base is doing and the ability to automatically react to that and even block and prevent bad actions that can ultimately expose them to risk. Is there a customer example that you can share of how you guys are doing this together? I mean, we have many examples through multiple verticals be it financial, healthcare, manufacturing. There's one insurance company in particular that I can think of that has integrated the solutions together and really as soon as they put the two integrations in place, we're able to identify a number of users that were hitting malicious sites and automatically block and protect those users from going to those sites and eliminating that risk from their environment. Excellent. Talk to me about some of the key pain points that you're solving for and some of the business outcomes that customers can expect working with Zscaler and Splunk. Great question. I think one of the first is the zero trust exchanges that Zscaler has enables really the much needed modern workplace that COVID has further accelerated. Users really can work anywhere so they can safely access any application from any network, whether that location is external or internal on any device. And the exchange really provides consistent security by being the inline policy enforcement point between all devices and services. The other thing that I think is key is users really require a great experience. And so if something goes wrong, you need to be able to quickly figure out what that is. So we're constantly collecting a huge amount of telemetry to really understand and see exactly what that user experience is like and what issues they may be having and really giving the ability to see those issues before they arise and cause a problem. So you can proactively identify them and eliminate them so they don't cause a problem. We've been able to allow our customers to roll this solution out in days and even over the weekend in order to get started. And this really allows them to accelerate implementing zero trust for their organization, ensuring that all traffic for the internet goes through the zero trust exchange first where it's fully decrypted and inspected for any threats or data loss. And that's really key. I think one of the things that's so important and differentiating about what Zscaler does is we're able to inspect traffic at scale. We have over 150 points of presence around the world that allows us to inspect all traffic, including SSL and cryptid traffic. So I think that's really a key point to focus on is that most of the threats that you and I were talking about earlier, especially around ransomware tend to try to hide themselves in SSL and cryptid traffic. So whatever solution you wanna deploy for zero trust, it's imperative that it has the ability to fully expect SSL traffic at scale, not just a limited subset of that traffic, but all of it because so much of the threats today are coming in an encrypted format. And that's probably something that I'm wondering if you're seeing that those threats in terms of the increase and the significance is only going to persist as this work from any more environment does. So how can customers get started with Zscaler and Splunk? Where would they start? Well, I think the great thing is if they are a Zscaler customer or a Splunk customer, it's very easy for them just to go to the ZSplunk app store and download the Zscaler app to allow them to very quickly and easily integrate the two solutions together. Once they've made that connection, we start automatically sending all of our logging and telemetry data into Splunk. And then they're able to leverage to the Splunk infrastructure and the dashboards that we've created to automatically start getting that insight into what's going on within their user community to see what threats are spooling up and to leverage Splunk's sword to take automated action to protect and eliminate those threats from their environment. So it's very easy for our users and our customers to get the application up and running quickly and start realizing value from the deployment itself. Yeah, you mentioned a stat a minute ago in terms of being able to deploy it over the weekend, that fast time to value in this dynamic landscape where the threats are constantly changing, that fast time to value is critical for businesses in any industry. Yeah, absolutely. I think that's the key again in this cloud world where you no longer have everything in your data center and it's not a very simple and easy process just someone down to the data center to deploy a new solution. The solutions that you do choose need to be able to spin up quickly and easily. And that's really what we built together with our integration with Splunk. It was designed to be easy, quick to deploy and quick to leverage value from. Excellent word. Thank you for joining me talking about what Zscaler and Splunk are doing together, how you're helping customers to solve key pain points and that fast time to value that you're delivering. We appreciate your insights and your time. Thank you. For Ward Holloway, I'm Lisa Martin. You're watching theCUBE's coverage of Splunk.com 21.