 Live from Barcelona, Spain, it's theCUBE! Covering Cisco Live 2020. Brought to you by Cisco and its ecosystem partners. Hello everyone, welcome back to theCUBE's live coverage here in Barcelona, Spain for Cisco Live 2020. I'm John Furrier, my co-student and man, we are in the DevNet zone where all the action is. It's theCUBE's third year covering where DevNet has been evolving into the centerpiece of Cisco's strategy and all the sessions are here. We've got a great guest, Meg Diaz, Product Marketing for Cisco with Umbrella. There's a takeover going on here, the DevNet, thanks for joining us. Thanks for having me. So tell us about Umbrella, because that's a new brand, Open DNS, kind of convert, what's the story with Umbrella? Give us the update. Sure, so Umbrella was first really developed and introduced in the market in 2012 under the Open DNS company. We were acquired by Cisco in 2015 and rebranded it to Cisco Umbrella. So we've taken the same great product that we've had for years and just continued to develop and add to it. And what's the main features now? Is it the same product has been integrated in? Because everything's becoming API based here. We're seeing that. What's the tweak, is it security? What's the main linkage with the Cisco? Yeah, so Umbrella really started off providing DNS layer security. So it was often an added layer or foundational layer that customers would use to reduce the amount of malware, make sure that their users were protected anywhere that they were connecting to the internet. And so we've taken that, it's always been developed as an open platform. And we've continued to add additional APIs to it and a lot of additional security features too. So beyond just DNS, we now have a full secure web gateway, cloud-delivered firewall, CASB capabilities. So there's been a lot of new capabilities that we've built into the product. Yeah, can you bring us inside a little bit? We've been in the DevNet zone for three years, as John said, we've gone to DevNet Create. That API economy is something that is so important and that's what so many people, I mean, we've seen just huge crowds all week. Help us understand how those APIs fit into Cisco and Cisco Umbrella. Sure, so when you look at, there's a number of APIs that we've built into Umbrella. So to give you some examples, we have a device network device API to make it easy to actually integrate different network devices that you have to Umbrella. So how do you get that traffic very easily from any device to our cloud platform? So that's one example. We've rebuilt a lot of integrations, but that allows you to help build any additional integrations that you want. We have a reporting API that helps you to automate some of the reporting, send it and integrate it with other systems that you have. And then another example, even with all of the intelligence behind Umbrella, we make it available through our Investigate API. So we see a lot of organizations use that to enrich their SAM or Thread Intelligence platform. So being able to take all of the data that you have within Umbrella and make sure that it can be integrated in the right ways. Any new features you guys announcing in Umbrella that we should know about here this week? Yes, one of the big ones that we've been talking about at our booth and in some of the sessions is with Any Connect. So Any Connect has always been really big for a lot of Cisco customers to protect roaming users. And we've had the ability to enable a DNS module as part of that. So that enables them to, even when users are off the VPN, their VPN isn't even turned on, they're still getting protection from Umbrella. And we've taken that and we've also enabled them to leverage our secure gateway functionality when users are roaming as well. So the use cases, they're on a VPN, they're doing their thing, they go to a coffee shop or go somewhere else, they're moving around. Exactly. That's what you're talking about. And they might not be actually connected to the VPN so their traffic isn't actually being protected. So they might be connecting directly to the internet. That's where when they have Umbrella enabled there, they can still get the right protection for those users. May, talk about the dynamics going on with injecting hacks and DNS because this has always been kind of a, you've always been, people have always been chasing this because URLs, they run the internet. We know some URLs could look like PayPal or this or the other bank. And so it becomes kind of a URL DNS management challenge. This is something that's been fundamental for security. What are some of the things that are going on that people should pay attention to? Sure. So I think that there's a few different aspects of that that we're really delivering on today. So first of all, when it comes to just people trying to get you to click on a link that looks like PayPal, but it's actually not. So there's a number of different methods that we're using in the product to detect that. So one of the things is we'll look at the way that the domain is actually written. A lot of times you can see some, we look at the structure of the wording and sometimes you can see little characters or letters or numbers that are off and we can detect that that's happening. But then we also look at the infrastructure behind the domain. So we look at where is that domain actually hosted? So what's the IP address? What other activity do we see happening on that IP address? Because you can really learn a lot. We saw a PayPal domain that was supposedly a UK PayPal domain, but it was actually hosted on a bulletproof hosting site which no legitimate PayPal account would be or domain would be hosted on. So things like that that we're able to detect. I saw something talked about online puny code. Is this what we're talking about here or is this a different topic? A little bit different. But yeah, there's also, yeah, that could be embedded within puny code, things like that. But this is just some of our fundamental what we look at when we're determining if a domain is malicious or not. Okay, could you walk us through a little bit? The demo's going on, we've got the takeover going on right now. What's the umbrella presence here in the DevNet zone and throughout Cisco Live? Yeah, so there's a lot of different areas that we are. So we have Lacha Berna, the cafe. We have all of our demo stations. We have theater presentations, pretty much running every 15 minutes so you can learn more on a number of different topics. We have the DevNet takeover. We have a number of breakout sessions that are happening. So there's a lot of activity happening around Cisco Live. Well, Cisco's got a huge technical crowd here. Obviously they're network geeks. They all know DNS. What are some of the conversations you guys are having? What are some of the cool things that are, because they don't have programming and they're getting into different formats. How is the DNS fitting into that? I've saw some cool demos. What are some of the cool tech conversations? Yeah, I think a lot of times it's still, we're seeing more of an uptake in people understanding that DNS can be used to actually deliver security as well. So I think those are some of the conversations still educating people about how they can add additional layers of security to their environment and DNS being really one of them. I think what we're also seeing is just because with umbrella we're going beyond just DNS and really taking multiple security services, bringing them into a single cloud platform and that's a lot of the conversation that we're having and that's where you're seeing the market going. So organizations starting to look at how does that fit into their environment? How can they start to architect their network differently for the future and how to wrap security in there? So a lot of the conversations we're having are around that as well. It's interesting the whole dynamic internet conversation because it's interesting because DNS is, you got to resolve, you got name servers, you got your resolute to the destination URL and you load the page or app. As you start getting into more of the dynamic situations the software is programming it. So it's interesting to see how DNS evolves. You guys are leading the forefront on that. What's your view on that? How do you guys see that evolving as you got ACI, intent-based networking, app dynamics over the top kind of programming down? Is DNS fit into all that? How does that all work? Definitely, I think DNS continues to be a foundational part of how the internet works and I don't see that really changing. I think some of the things that we've been seeing are even the different ways that you see attackers leveraging DNS. You're seeing DNS tunneling, for example, being one of the kind of, I wouldn't say newer, but it's one of the types of techniques that nation states are using at times when they're actually embedding data into DNS to exfiltrate it. So things like that we're seeing come into play so trying to use DNS in different ways from the attack side. But I think when you look at the overall network and all of that, it is a really important and kind of core part of the security side. Yeah, what's interesting is that the international thing, too, as you mentioned, hosting, a lot of these hosting sites are outside of North America, outside of Europe, they're in these countries where, hey, it's suspect. And some of the foreign characters get interesting because that's not ASCII, it's Unicode, and you got all kinds of things going on. So it's a complex, not that easy, is it? No, we have a lot of very, very smart doctors working on the backend on the engineering side to really look at that. And one of the things that we tried to do even from the beginning was take a different approach to security where we're not just looking strictly at the file hash or just the basic information, but seeing how can you take data science principles and apply them to security in new ways to uncover attacks even before they launch. I got to say, one of the sessions, I was walking around the hall, the couple of the main kind of clusters of people was obviously the big panoramic WebEx room was pretty popular, it looks pretty cool. But the IoT security section was packed. As you get more devices out there, they're just internet addresses, too, and you got destinies, you got URLs with DNS there, too. So you have now that edge piece. That's a big security perimeter. I mean, a security surface area, I should say. That's popular, people are interested in this. Yes, and that's one of the big use cases that we've even seen with umbrella is you have hospitals who have all of these IoT devices that are in their patients and it's really scary to think about where they could be connecting on the internet. And that's one of the things that we've seen with umbrella is because we're providing some of that security at the DNS layer, you don't need to have an agent or something on those devices. When they're on the network, it's protected by umbrella. So that is one of the use cases that we see. I got to ask you because you came from the acquisition OpenDN as I know David the founder of Donum when he started, great company, great success. Congratulations to the whole team there. As you guys come into Cisco, what's it like? Because startups are, you know, you're hungry, you grow in, and then you get in here, it's almost an oasis of tech, you got new divisions. What's it been like at Cisco with the OpenDN? Now umbrella brand, same product with some tweaks. What's it like? No, I mean, it's been amazing. I mean, I'm still here, you know, almost five years later. And I think one of the things that's been really exciting is the fact that we have been able to leverage a lot of the Cisco technology, right? We've embedded, you know, amp technology, threat grid technology, things that ultimately because we're, you know, sharing those resources and embedding them, it's going to make the products more secure, it's going to allow us to share more information between products. And I think just the, you know, the investment, I think Cisco sees where the future is going and, you know, how important the cloud is, you know, not only from just a, the way that businesses work, but from the security perspective. So there's been a lot of investment in it. Awesome. Well, thanks for coming on, chair, and your insight. I got to ask you kind of an industry question because you've been on, again, the startup now Cisco. Most normal people, like DNS, I know what a URL is, but they know security. So when they ask you about, hey, all this fake news, all this malware, spearfishing, I mean, the average consumer, they get the security thing. When they ask you what's going on, what do you say to them? How do you explain what you do and your vision of how you see the world evolving? Sure, I think for a lot of people, I mean, I've been in security now for a while. When I started, it was really, it was still all the compliance conversation and you were still educating a lot of people on security. But now my grandma knows about it and she'll ask me questions. So I think it has become so much more mainstream. And in simplest terms, I just talked to people about the fact that we are making sure that wherever users are connecting to the internet, they're doing it securely. No matter what application they're trying to access, we can help secure that. And so that's kind of the basic. And be careful what you click on. The emails you get. Well, you don't know what's in there. Exactly. Well, thanks for coming on. Great to have you on. Thanks for the insight. Cisco Umbrella, it's taking over DevNet. DevNet zone is packed. It just gets bigger every year. And this is where people are learning. It's very community driven. A lot of education, a lot of great content. If you're starting out or you're more experienced, software certifications all here inside the queue. Coverage of Barcelona. We'll be right back after this short break.