 Okay, we're back here live at HP Discover Day 2. I'm John Furrier, the founder of SiliconANGLE.com. This is theCUBE, our flagship program. We go out to the events, extract a signal from the noise, and we're talking to everyone here with an HP. We're extracting that signal and sharing that with you, and we're getting the scoop on HP, talking to all the different groups and the divisions from services, all the way up to the systems guys and all the geeks. So we're really happy to do that, and it's really going to be a great day, continuing on with extensive coverage from SiliconANGLE and Wikibon. I'm John Furrier, the founder of SiliconANGLE, and I'm joined by my co-host. Hi everybody, I'm Dave Vellante of Wikibon.org, and we're here with Michael Callahan, who's the Vice President of Worldwide Product Marketing for Enterprise Security Products at HP. Michael, welcome back to theCUBE. Thank you. We saw you last summer, actually, spring. Yeah, yeah. At HP Discover in Las Vegas, and security, obviously, a big challenge. Like this arms race, a lot of bad guys out there. It is. The war is escalating. How are we doing? Yeah, well, we're staying ahead of the bad guys, but it's not easy. It's every day we're out there having to find the latest techniques they're using so we can find ways to combat them, but it just keeps getting worse, and the reason it's getting worse is people have realized that it's not about fame anymore. It used to be someone would create something or do it by stealing it. It's the worst thing one step at a time. Yeah, the TAM for hackers is probably trillions. Handing out Ferraris. Michael, we had just had the autonomy guys on, and we were talking about MEG's three initiatives, obviously cloud security and information management, governance, whatever you want to call it. Basically, big data is the top three priorities. So, they made a reference to some of the things that they're doing with security around their tool and using analytics. Is that part of the plan? And can you talk about how you guys are handling with autonomy? And has that been integrated in because you can use analytics and probes and all kinds of instrumentation to add a new security paradigm. Is there any progress there? Is it changed the game at all? You know, it's done just on a document, and we see that there's a real application of that into security, and it's in the area of information protection. And the reason for that is it typically, the way people protect information is they categorize an asset and then it goes through some sort of filter or some sort of policy. That's very manual. And a lot of people have tried to do that and it always fails. What we think is unique about autonomy is that it can automatically look at a document, determine its meaning, and then categorize it for you so that you're one step ahead and it does it real time. And so, you're constantly categorizing and recategorizing and applying your policy to those documents automatically rather than having someone do it manually. Huge future there. We're really excited about that. Dave and I are always talking about how security is it to do over and does cloud bring up new issues and all this stuff. So, honestly, in the old days, you had remote workers, right? You got a dial in and perimeter-based secure, all kinds of elementary schemes, but now it's a complex word. You get with cloud, mobile, and social connected devices, whether it's probes, instrumentation, or mobile devices, consumers are connected. So, bring your own device to work. You've got cloud-based access to applications and with mobility, it just kind of throws the mobile security, security up in the air. How do you guys look at that? I mean, obviously, you're probably working hard on it, but give us an update of where security is in that equation because this is a new experience. You just want that consumerization. They want the consumer experience at enterprise-level capabilities. And so, it's just a hard thing to do. So, can you just share with us your perspective on that? Well, the way that we look at it is exactly like an attacker would. And they look at that problem that you just described as an enormous opportunity because what's happened as you deploy cloud technologies, so you have this combination of a traditional infrastructure which you see a bunch of racks and servers on-premise maybe, and then a combination of maybe public and private cloud is how you're pushing information out, then you have this consumption of the information which is on all these new devices like these BYOD. An attacker looks at that and says, this is wonderful. I have this huge attack surface now. It's increased exponentially. All I have to do is find one point that's vulnerable and I can get in. And so, they're loving it. So, we look at it the same way. And so, we look at it and say, so what can we do? It's called evil genius. You got to think like the enemy. You do. You have to. No, you absolutely have to. And in fact, what's built up around these attacks is this market where used to be that people were trying to do everything to break in and now they found that they can make money so people have specialized in particular parts of the attack. So, someone may be real good at research to say, hey, I found all these logins that you can use. They put their hand up on the internet and say, who wants to buy these from me? And so, they've created this kind of system around it. And so, what we do- It's the eBay of hackers. In a sense it is. And so, we say, we have to think like that. So, if we think like that, we can prevent it. And so, an example is, one of the most common ways into an organization is through the applications. 82% of all successful attacks happen through an application because there's a vulnerability in the application. Well, with mobile devices, it just takes that problem that makes it even bigger. So, we put solutions in place where you can test those applications before you push them to your iPhone or your Android device or your Windows device or whatever it is so that it is secure so that that attack surface is hardened or reduced. So, what tech is involved? Because obviously, with virtualization, you can do a lot of cool things. And with compute getting faster and stronger. And in the cloud, you got SaaS that kind of creates another canvas of attack. And what kind of tech is involved in that? I mean, can you share some high level strategies around? Sure, sure. Arranging that surface. So, there's a couple things. So, one is, you want to have the visibility. So, first you want to see what is going on across more organization and where do I have issues? And so, we do that through a technology called ArcSight. ArcSight is what's known as a SIM. It's S-I-E-M, Security Information and Event Management. And it pulls in information from across your entire enterprise. So, over 300 different devices that are generating events, we pull those into ArcSight, we correlate and we analyze them and say, here's where your main issues are and you need to focus on these. So, the first piece is visibility. Then we go into hardening that attack surface. And so, a great way to do that is to, like I mentioned with the mobile apps, make sure that those apps don't have vulnerabilities before they're released. But maybe you already have an application that's in production. Well, what do you do? Well, it's already out there. You can't just say to a bunch of stock traders during the day, hey, we're going to take down the trading floor for 20 minutes, just because we want to fix them out, you can't do it. So, we can apply what's called virtual patches. So, we do that with something called HP Tipping Point, which real-time looks at attacks coming across the networks and blocks them at multi-gigabit speeds through deep packet inspection. So, on the application side, DevOps comes up a lot. We actually had Scott Weller on earlier on the services side. So, and you got DevOps guys who program away. And we just commented about VMware spinning out the cloud foundry. We saw the news yesterday, but they just spun out green plum, cloud foundry, Vfabrick and a variety of other things. So, obviously, people are realizing there's an application market and there's an infrastructure market. So, DevOps guys, they build apps. It's hard to test at scale. That's one of the biggest concerns people have is, how do I test at scale and harden my apps? How do I simulate rolling out 15,000 clients and our million clients? How do I test that? So, you got to have some sort of strategy. Is it a big testing lab you guys have? Is it automation with virtualization? Is it you just creating a zillion virtual machines? Do you guys do any of that? Yeah, so there's kind of two parts to your question. The first part is, how do you create an environment for developers to test their application? So we do that wonderfully through our cloud services. So we can spin up environments where you can test quickly, test and then bring them back down. What we do on the security side is we are constantly looking for vulnerabilities in those applications. So as part of the development process, we put in what's called a security gate that says before this application gets pushed to production, it has to go through a security gate. So you've tested your product, it looks good, it functions like you want, but is it secure? Well, run it through this, an analyzer to see if there's vulnerabilities in the code or not, and if there are, take it back to the process, fix those and then release it. And so by doing that, you're significantly reducing the likelihood that you're going to be successfully attacked. So I look back, Michael, every year and say, okay, how do we do this year in security? And are we safer or not? And say, in one hand you said we're winning the war. I feel like it's the war on drugs. Make it progress, but the bad guys are getting bad or they're getting more sophisticated. It feels like the gaps are widening or at least the complexities are that much greater. What evidence do you have that we're really winning and what's the prognosis going forward? Yes, I'll give you a good example of that. So we have 1600 researchers around the world that are constantly looking for new vulnerabilities. And when they find them, they come to us and say, we found this vulnerability in an application, we think it's bad, and they sell it to us. And so we buy it, we buy it from them. And we take, at that point, we do two things. We notify the vendor of that application and say, Adobe, Microsoft, whoever are, you may have a vulnerability, you need to fix it. And at the same time, we put protection in our products for any of our customers to take advantage of. And that's working really well. And so at any time, we have several hundred vulnerabilities that only we know about that no one else does. And then as the vendor fixes it, well, that comes off the list, but new ones come into the funnel. And so it's kind of a never-ending or a continuous couple hundred that we know about. The way that I know we're winning is if you look at the, one of the common hacker group is called Anonymous. You may see that name out there. You know them well. If you do some searches on their tweets, you'll see that they're using various four-letter words about us because we are finding the vulnerabilities that they want to use to break in, and we're patching them. And so we're preventing them from breaking in, and so it's irritating them. And so you see that we are winning, we're winning that war against it because they can't use the same vehicles that they were. And so they're having to come up with other means. And it's making their job much more difficult. Can you describe HP's unique differentiators in this marketplace? I mean, there's some large companies that are really trying to attack this problem. What makes HP different? Yeah, oh, absolutely. So a couple things. One is on this visibility that we have with the ArcSight products. So we're able to look at over 300 different devices and pull information into. We can pull into the ArcSight product more information, faster, analyze it faster, store it more efficiently than anyone else in the market. And that's a big differentiation, especially as you start to generate all of these security events, which is like big data for security. So we can analyze it, we can store it more efficiently. Secondly, with our tipping point products, we can provide, we can protect even the most demanding enterprise class data centers. We're doing deep packet inspection at multi gigabit rates. So up to 16 gigabits in a single device that we can protect any sort of attack coming in real time. And then lastly is with our Fortify products where before you start to push all of these mobile apps out to your employees or to your customers, we can ensure that they're tested and free from a vulnerability so that someone can't take advantage of it. So Michael, yesterday in Meg's keynote, she said that essentially HP's strategy, she said we can sum up, provide solutions for the new style of computing, new style of IT, which she described as cloud mobility and big data. How does your security strategy map in line to Meg's vision? Well, let me give you an example. So in cloud, one of the things that you do in cloud is you're putting applications out there that are to be accessed from anywhere in the world. And that's a big benefit of the cloud is that you can put those applications in the cloud rather than on premise. But we believe that before you put those applications out there, you should test them. So we think that the cloud can actually be more secure than a traditional environment. If you put in this testing first, which is the Fortify product I was talking about, but you can make the cloud more secure than a traditional environment. On mobility, it has to do with the, it's not about the device, it's about the content on the device and the apps on the device. And we believe we can secure those apps so that we reduce that attack surface for anybody using any of that new style computing, be it a tablet or be it a phone. And what was the third one? Was it social? Was it big data? Big data, thank you. The, on big data, we intentionally re-architected our flagship ArcSight product to be able to handle big data. In fact, we went to a completely different architecture. We went to what's called a columnar database with the new ArcSight product that can process information in 300% faster than typical relational databases and store it in a tent of the amount of space. Is that Vertica? Are you using for that? We use ArcSight, it's called the Core Engine. Correlation, Optimize, Retention, and Retrieval. So you mentioned that you think the cloud can be more secure. I wonder if we could follow up on that and if you could essentially summarize why I know this is a longer discussion there. But I mean, I can think of some reasons like you can probably respond faster to fixes. You know, you can automate that. Sure, that's one aspect. But maybe describe for our audience a little bit why you feel the cloud can be more secure. Because most people feel like, oh, cloud's not secure. I can't put my data in the cloud. What you said is sort of contrarian. So I'd like to drill into that a bit. Yeah, well, and I think if you were to ask the question two or three years ago, most people would say, I'm not doing it. I'm not putting my data there. It's simply too sensitive and I'm not going to do it. What's happened though in the meantime is that the security industry has responded and said, this is inevitable. So we need to figure out how to secure it. And so we've responded. So the good example is you're accessing applications. If the application has vulnerabilities, you're going to be attacked. So how can you make sure that those applications are secure? Well, we can. We can create a bit of a walled garden and say any application that you're going to access in the cloud has got to go through this security gate. It has to go through it in order to be published in the cloud. So that's one way. Another way is to look at this combination of user activity. So there are applications that are in the cloud now that are partly in the cloud and maybe partly on premise. And you want to be able to bridge both of those. And so to see the user activity, both what's going on locally and then in the cloud, a good example is salesforce.com. We can see what is going on and combine all of that user information across both a traditional and a non-traditional environment. And so in that sense, it could be more secure. And then lastly, if you think about the cloud as a way to deliver additional capacity, you're still connecting through an internet or through the network into that cloud, putting a high performance network security device at the ingress, I believe it is, to that data center and inspecting it is going to make sure that data center isn't under attack. And I guess the other reason is that for most enterprises, the cloud service provider is going to have better security than they do. And that's sort of a brute force way to make, utilize and leverage the cloud more effectively. But all right, Michael, well thanks very much. You have another question, John? So are you all right? Do we have time? Do we have time? No, this is more of a final kind of summary question. Meg Whitman's three priority areas in the enterprise area, cloud, security and information mentioned earlier. Tell the folks out there, what does that mean? What does, when she says security, because you get security in all three, I mean you've got thoughts in your own category, but cloud needs security, we talked about those guys about that, information's got to be secure. So security by itself is one of the three major initiatives. What does that mean internally to HP? Does it mean a massive group of people are working on some stuff? Is there product specific? Is it all of the above? Well yeah, so it's kind of a combination of those things. So it is, I think those are three areas that she talks about because those are areas that are important to our customers. And those are areas that are causing problems, but also creating opportunities for our customers around information, cloud and security. We believe in the security group that it's secure, there's one thing in it's security because it does go everywhere. You know what is that one thing? So tell us, what is that one thing that you guys are working on? Is it products? Is it like this technology? Yeah, so what customers want is a solution. They don't want the products or the services, they want the combination. So what we do is we pull the best technologies together combined with incredibly experienced people on the services side to deliver a security solution that are solving the customer's problems. Okay, great, so is it its own P&L? Absolutely. And you guys sell those directly and you also sprinkle the technology into the other functional objectives, right? Oh for sure, yeah, a lot of cross-pollination across the different business groups within HP. Yeah, I mean, we just had Scott Welleron talking about the cloud and cloud services and you know that everyone wants consumer grade services whether it's cloud or apps, enterprise, anyone, consumer prices and experience at enterprise quality, which is service level and security. So hard things to do, so congratulations. So great, thank you for coming on theCUBE. We'll be right back. This is siliconangle.com to theCUBE here at HP Discover, live in Germany for two days exclusive coverage. We'll be right back with our next guest.