 Live from Las Vegas, it's theCUBE! Covering AWS re-invent 2019. Brought to you by Amazon Web Services and Intel, along with its ecosystem partners. It is so good to have you here on theCUBE once again as we kick off our coverage here live in Las Vegas at AWS re-invent 2019, along with my trusty sidekick Justin Warren, John Walls here. I can't believe they put us back together again. I know, so I feel like I need a kite to go over there. That actually, I would be the trusty sidekick. Ah, ah. Yeah, because he carries the water. And I can wear the spandex, yeah, that sounds like a good idea. Andy Miller is going to wear the expert hat in this interview, he's the director of Global Public Cloud at Sofo. So Andy, good to see you. Thanks for joining us here on theCUBE. Thank you, it's great to be here. We're excited to be part of re-invent as I think it's our eighth year in a row of being part of the show and excited to be here on theCUBE. I come bearing a couple of gifts. I do this every time I visit on theCUBE here. What do we have here? We have Sofo socks for you. Sofo socks, very good. I love that, look, that's very nice. Yeah, it's something we came up with a few years ago as part of a promotion for CIS Admin's Day and it was so popular, it's never gone away after five years on Sofo. You're in the cloud security, this is security for the fee. Yes. This is what we have here. So your security, right? And it's all about the cloud these days. You just came out fairly recently with a 2020 threat report. So once you give us kind of the high level and then we'll dig down a little deeper into that but maybe the key takeaways from that report. Great, yeah, we looked at a lot of different things in the threat report basically. We do this every year, kind of look at trends and what we're seeing and so forth. And we saw a lot of interesting developments around ransomware, both in the cloud and in on-prem environments. But in the cloud, what we really saw was a continuation of the prevalence of the bad guys going after those assets, right? They know that there are some very large companies moving some very important data sets into the cloud and as such, they want to make sure that they can get at them as quickly as possible so we see a very, very prevalent and constant attack against those particular assets looking for data that they can steal. It seems that the bad actors here are just becoming more sophisticated every day and they understand how to do cloud infrastructure really quite well. Are there specific things that are special to the cloud that are different from what you would have with an on-site environment that requires a different approach? Yeah, certainly, when you move to the cloud, one of the things that's really important and there was talk about this in the keynote this morning, it's important to this idea of transformation rather than just transition. And the same is true with your security. You should use solutions that are specifically addressed and built for the cloud and that have very tight integrations with a provider like AWS, for instance. So it's important that those products integrate with the tools that are available to you through the provider as well as are, again, specifically built for those solutions and can scale and move and so forth at the speed of the cloud. That seems like a no-brainer, right? I mean, that seems logical, but you're saying that that's not automatic, that there are those who are trying to kind of retrofit, if you will, solutions that they've employed before, that ain't going to work. Yeah, you know, for customers it's a challenge because oftentimes their journey to the cloud starts with, Andy Jassy referred to it today as toe-dipping, and that is a very common way that people start in the cloud. And when you start out anything where you're just kind of dipping your toe in the water and then it gets a little further in and a little further in, that's an entirely different experience then. We're not in the cloud and we're going to plan and plan our journey and go into the cloud with a plan in place. You tend to evolve as you go. The other thing for customers is they may have security technologies that they've used for a long time that they're comfortable with and we all want to maintain a level of comfort, right? And so that a lot of times you'll see them trying to, it's the old square peg round hole analogy, right? Trying to bang those technologies into the cloud even though they may not work really well for cloud deployments. It's a hard problem as well because security is such a difficult thing to solve even just on-site that if you add in the newness of cloud on top of that and then have to change the way that you address security that just adds a whole bunch of extra complexity into that. So what are some of the things that Sophos is doing to help customers as they transition from this is how you've done stuff in the past, this is how you're going to have to do things in the cloud, how are you helping customers to actually learn about what they need to do as they start to experiment with the way that they're using the cloud? Yeah, one of the first things, we have a product that we introduced in April called Sophos Cloud Optics and one of the biggest challenges for customers as they move to cloud is maintaining visibility and control over their workloads. Cloud deployments are very different in that a lot of times you have a development community that may not be as wired as tight with security as you'd like. And a lot of different people who are having input into deployments and changes to workloads, that's a different scenario a lot of times than on-prem and so it creates situations where you may have new workloads introduced to the cloud or changes to workloads that happen on a constant and continuous basis and customers need to be able to track that and that's what Sophos Cloud Optics was designed to do was to give them an idea of exactly what they would have running in the cloud at any time and also what state of configuration that particular asset happens to be. All right, I know one trend is actually try to move that it's called shift left, which is to provide that visibility up the stack a bit towards the developers so that they can actually respond to what's happening in production or just to understand the security environment a bit better and then push that more to enable them to be able to make good decisions and that stops security being the division of no where you can't do anything at all which business doesn't like. The whole point of going to cloud is we want to go faster. We want to be able to do this with a more agile fashion. So it sounds like this is actually just providing that intelligence so that you can make those better decisions. Absolutely, in fact, a big part of the product is our infrastructure is a code scanning where we can scan formation templates actually in the repositories before they're published and let the developers know, hey, okay, you made some great changes to that infrastructure but in the process of doing that you actually configured this out of compliance with the policy that we have internally. So you need to make this change before you ever do it and really make that actually part of the DevOps loop so that like you say the department of no doesn't have to be big brother or daddy coming over the top and hammering on them but instead making a part of their workflow and really bringing them and buying them into the security process rather than just coming along behind. I mean, this is on a bigger picture level. There is some onus on the customer still, right? I mean, they can't just look at Sophos and say, please take care of all my concerns and all my problems and button me up and let me focus. There is still some burden on their backs, right? Absolutely and or nor the provider, right? And so it's been an interesting journey when we first moved our central platform built our central platform into the cloud in AWS cloud, there was a lot of resistance. I'm not going to move security into cloud. This was a number of years ago and now people sort of inherently trust cloud maybe a little too much in that they don't realize that while the AWS platform is very secure what you put into the cloud is your responsibility and you need to apply all the controls that you would on prem to those workloads. And customers I think sometimes are a little bit confused about where does their responsibility lie versus what the vendor takes and in this case AWS takes care of and what part they need to play in that scenario. And in their defense, some of the tools in cloud have kind of not really been there but we had the announcement this morning where Amazon announced was S3 access points which provides a bit of a better control mechanism for controlling S3 bucket access which is notorious for people leaving open buckets just sitting there on the internet and someone comes along and suddenly they have all of your data and it's really easy with cloud to do that. So it's good to see those sorts of developments come along and we're seeing more tooling being provided to customers that then helps them to make that kind of decision. That way they can take more responsibility otherwise it's like well, you want me to take more responsibility but I can't do it. I can't do it. Yeah, yeah and it's important for us as well and this is one of the things we integrate with the number of services and you'll hear it first here on theCUBE we're going to announce a little later today some new additions to the optics platform including integrations with things like Amazon Detective we have some new integrations in the AWS platform with our UTM offering as well. So we continue to add those and use those tools because essentially things like integrating with the identity access management solution that Amazon's just announced that gives us information that we can use to populate along with all the other data that we gather in order to help keep customers secure but we're really glad to see the new offering around S3 buckets because obviously that is a very low hanging fruit for us as you might say it's not really difficult to detect but it's been a huge problem for customers because it's so easy to make that change to that control and cause a lot of damage with just a very small change that a perfectly well-meaning employee made and just made a mistake so. Why has optics been the home run for you? I mean what gap did it fill? What service did it provide that, I mean you always hope what you roll out works but this has been like I said it's been a home run. Yeah, I think the biggest thing has been really helping customers to get their arms around what their cloud deployment looks like and what state it's in. So one of the things I frequently would talk to customers when we first came out with the product was I would say take out your cloud bill and if you can tell me every workload that is running on that cloud bill and who owns it and who's responsible for maintaining the security profile of that then we have nothing more to talk about but the reality was no one could. My own team when we first got the optics product we have our own really a playground environment for our security architects on our team to try out different things in AWS and so forth. We didn't even know everything that was running in the cloud bill it turned out that we actually found some things that were running that were workloads that were fired up by employees that hadn't been with the company for two or more years and didn't even realize it and traced it back and were able to get rid of those and you know essentially create a situation where we obviously spend less but also that we don't have assets running that we're not aware of which is obviously a glaring hole for someone to take advantage of. Yeah, there's lots of technology and advances coming out and there's particularly advances in machine learning for example that has a lot of promise for doing this but a lot of the solution to security does seem to be just doing the basics and that just requires a bit of discipline from customers. Are they, are customers really prepared to have that level of discipline and take that responsibility to just do the hard work? I think to varying degrees I think one of the things is you want to make it as easy for customers as humanly possible. You do not want to interrupt their flow of business for sure but you also want to you know you want to make it so that they can implement the security controls that they need without as much with this little effort as humanly possible and that's always been a big mantra for Sophos. We security made simple has been our tagline for I don't know four or five years and it's always been a guiding principle of the company because we feel like you know complex security is security that won't be implemented and not on a continuous basis for sure. We let off with ransomware and kind of left from there. I just want to get back to that if we can to close up. Is it, are there unique aspects to it in a cloud environment that create different kinds of complexities as obviously this is not a new phenomenon it's been around but going into the shared source the shared resource, what kind of difficulties does that bring and then what do you see that's unique that you think you really are going to need to ramp up your game to attack down the road. So I think there were some new, there were some new some changes to how people go about ransomware that are not unique to the cloud that are the same across. What is probably unique to the cloud is the prevalence at which people are constantly the bad actors are constantly scanning it. So you talked earlier about their sophistication their level of automation frankly is impressive. So we deployed earlier this year we deployed in a study 10 workloads around the world and 10 different of AWS's most popular data centers. And what we found is, is I believe the first attempt to compromise happened in 52 seconds. The longest one was about 15 minutes and then even more scary than that was the fact that once a server was discovered on the cloud there was an on average an attempt every 13 seconds to compromise that. It ended up totaling over 5 million in a 30 day period on 10 workloads. So the bad guys are out there, they're busy they have an impressive level of automation and I think they realized that the cloud is as good a target as any but certainly going out at hardcore for sure. For sure. Well, Andy, thanks for the time, good to see you and more importantly thanks for the socks. I mean, we're all set now, right? Yes, exactly. And if you need some more for the rest of the week let me know. We'll do, thank you. Thank you so much. Back with more coverage here live we're at AWS re-invent 2019 and you're watching this here on theCUBE.