 Live from Santa Clara in the heart of Silicon Valley, it's theCUBE, covering Juniper Nextwork 2016. Brought to you by Juniper. Now, here are your hosts, John Furrier and Stu Miniman. Okay, welcome back everyone. We're live here in Silicon Valley in Santa Clara, at the Marriott for Juniper's User Conference, where networks, next works, I'm John Furrier with Stu Miniman. This is Silicon Angles Cube, our flagship program. We go out to the events to attract a signal for noise. Our next guest is Denise Schiffman, who's the Senior Vice President of Product Management at Juniper Networks. Welcome back to theCUBE, good to see you. Yeah, good to see you too, John. So now we get to get down and dirty on the product roadmap, the product management. So obviously security is all a big announcement. You guys announced some big stuff here, but it's really going to impact the product mix for your customers and the technology you guys are deploying because how do you stay secure? And that's in the network as well as the action is. Tell us, give us the update on the news and some of the product features. Yeah, so we announced a number of new products and innovations today in security, and I'll cover those in a few minutes, but we look at the threat landscaping, there's just so much going on. You got Android malware with humming bad and dress code and people think, is the attack in my network? Well, yes, it is in your network. I mean, there's so much going on, the volume of attacks and the variability of attacks. And I think the message to customers on what they're feeling is the security has to change, it has to evolve, it has to become pervasive. It can't just be about the firewall, it's about the firewall much more. And so one of the big things that we announced today is really about extending security from the firewall into the network infrastructure, into the switching infrastructure and stopping threats at the switch port. Because we know the threats are in the network and you've got to stop them from moving laterally through the network before they find what they're looking for and actually trade it. So you've got to assume they're in. The perimeter stuff that's been there done that, there's a lot of fortification going on on the front lines, if you will. On the inside, you're assuming they're in, is that what you're referring to the lateral movement internally? Yeah, you have to assume with the number of endpoints, the number of devices we're all carrying around today, all the different OSs and patch level of OSs, it's very, and all the number of different types of malware that's out there and how much it can change very quickly, it's very hard to stop attacks from getting in the network. And what most of our customers are trying to do is they're taking pieces of security and they're putting it all around the network to try and stop the problem. They're spending more money but they're not feeling more secure. So we introduced this earlier this year, the software-defined secure networks approach to solving this problem. And it's a very big problem and that covers everything from global policy orchestration to open threat intelligence to actually automating and adapting enforcement across the firewalls and in the infrastructure. Is that an umbrella solution with a set of technologies in it? That software-defined secure network? Yes, SDSN for short. SDSN, so I mean that's a lot of stuff. Is it a lot of series of products? It is. Can you just take a minute to explain the architecture of what that looks like? Absolutely, so if I start, it has to start a policy and orchestrating policy and the thing about policy is it can get over time, very complicated. You have many, many different firewall rules or adding firewall rules that can be quite manual with some of our competitors. We automate this, but we make it very easy for a customer to set a policy at a business level at the intent they have to deploy on the network and then our security director policy enforcer which is a policy engine that translates for the customer that policy into rules that can put down the network. So you meant this kind of thing, business logic to network. Yes, to actual the technical things that have to happen in a firewall and on the network and that level of simplicity and automation is required. So is that a speed advantage and efficiency advantage or both? It is, it is, well it's an accuracy advantage, right? You take the human error out, you take the human lag time out, they get what they want done on the network without having to use a lot of people, a lot of technical detail to make it happen. The alternative is to call the guys ahead, need some rules, they have to map it, they do the configuration and policy setup. That's right. Here, I map my business logic. They do and then you have to even check for things like duplication of firewall rules and shadow rules and so we eliminate that by automating it. So simplicity and automation is going to be really important going forward and that's the policy side of it and then there's open threat intelligence over threat detection and we have the Sky Advanced Threat Prevention cloud service for advanced anti-malware and we combine that with third parties. Any open system that wants to work in our threat intelligence network such as a Tivo and Vectra and Cyfort and many others because you don't want to make a judgment about what's the best way to find a threat. You want to take it all in and unify that process, simplify it for the customer once again, show them what their threat intake in the network is, what their threat level is in the network and make decisions about at what risk level they want to manage to. Denise, can you unpack a little bit that ecosystem for us? Juniper says we need to move from closed to open but how do the partners get involved? Where do they contribute? Who else is signed up to participate and where do they participate in that whole framework? Yeah, so it's a great point. So we have an open API. Any partner can use, any partner, any sort. And we have partners such as, as I mentioned, a Tivo and Vectra and everybody has their way of trying to take threats, whether it's inside the network or outside the network and both a Tivo and Vectra work inside the network either by deception, trying to attract someone doing something they shouldn't be doing so you know they're bad, or by using analytics and looking at the flows across the network and making judgments about things that don't seem normal. So anomalies basically. Anomalies basically, absolutely. And so, and we pull those into a threat feed that essentially assigns a threat severity level to the threats that are seen and then makes it very easy for a customer to set, you know, how much risk am I going to take? I won't take anything over threat level six and so those get blocked. The automatic capability to send out the rules and block both at the firewall and at the switch. One of the biggest challenges for most companies is not just, oh okay, here's a new framework and here's a lot of technologies, but how do you retrain the workforce? How do they get involved? You talk about, you know, the humans are kind of where a lot of the threats can happen so are there a lot of services involved in SDSN or how does that fit in the training and education too? So it's a great point. I mean, one of the reasons why we're automating so much of the behavior of the system is to get out of having to retrain, but one of the things that we've seen some of the most famous attacks in the last year is that the threats were in the network for several weeks before they got identified and then several weeks more before they were blocked and that's actually human behavior. It's just the time it takes to identify it, write the rule, take an action, deploy it, you don't want humans in the middle of that. Our systems are smart enough to make that happen on their own. So this is critical. The automation and simplicity part of where security is going, so this is all about, SDSN is about where security is going in the future, what customers are going to need to solve this problem in a unified and simple way. So you take the humans out of the bottleneck on detection and enforcement and let the algorithms and the technology scale that piece. Yeah, absolutely. And the humans just are kind of curating the front end of it with the business policy and then you guys do that, they get that right? Yeah, absolutely, that's exactly it. And you take, the systems are getting much smarter and I think a great example is Sky Advanced Threat Prevention, which is a machine learning based system to find new types of threats and new types of signatures. And you take that in combination with antivirus systems and in combination in the system itself and with third parties. And you have a pretty sophisticated threat detection solution and threat intelligence solution today that our customers don't have to manually figure out themselves. Denise, most of your customers, they're deploying hybrid cloud, they've probably Salesforce Dreamforce is going on this week, everybody's got Salesforce, they got Office 365, they're using Amazon, they're using Azure and they've got their data center and they're thinking about things like IoT. So the surface area is so much bigger for security. How do we attack that? Well, we think about it a couple of different ways. One is we work with cloud access security broker partners such as NetScope because they've already got some of that figured out. The other real key piece here is to have policy set to work on workflows, whether they're on premise in your own campus or branch or data center and the same policy works, even if it's in the workflow moves to the cloud or the applications in the cloud. And it's once again, back to that simplicity. I said it once, this was my intent and how I want it to be secured and then it just happens and then it happens in data centers around the globe. So if you have 25 data centers around the globe, it happens automatically across that entire group. No human call of, hey, configure the ports. It all just rolls out policy wise. It all just rolls out on its own. How about enforcement? So tell about that enforcement piece because you got policy, you got detection, you got enforcement. That's kind of like the last mile if you were kind of nailing it down. How does that play into, what do you guys do to enable more enforcement? Yeah, so as I mentioned, we're actually blocking at the switch point and what we can do is quarantine the endpoint itself and basically pop it into a VLAN. And then IT can determine, wow, what can they do once they've been quarantined and how am I going to message them and what's next if it's obviously you and your laptop you kind of want to know. And here's my email. Exactly. And then we have the ability to track that device. So we don't let go at just quarantine it. We can actually track a device because you want to make sure our devices and pop back on the network with a different IP address. So we track it a little deeper than the IP address. And so it's really that ability to block at the switch port that matters because as you know, all packets go to the switch port and something else that's really critical here. If I look at anyone in the competition trying to do this, a pure play firewall vendor trying to do what we're doing, this pervasive type style of security, they would have to do an entire overlay on the network. A firewall. Discover all the resources. They'd have to put firewalls everywhere. It's a magnitude difference in cost. We're simply using the infrastructure that's already there. This is where it's already there. And you have more data access too. So let's kind of looking back, love this conversation. So the network obviously is where the action is. If I'm malware, I got to move across the network. My goal is malware is to find a host. Yes. So I can hide there for a couple of weeks and then I'm going to have to jump on the network anyway to find my next spot. So maybe I hide somewhere. I don't reach my target. I'm kind of having my way around the data center of the network, but the network is the backbone. So one is the movement of the network is key. And then two is understanding the patterns of malware, which is a big data problem. So one would say, okay, network, you can see it, but you're going to need to have visibility to sell those new honey potting techniques or analytics. How do you guys talk to customers around that because someone would say, does Juniper really do analytics? Yeah, I think it's such a good point in that you always have to be working on all fronts. You want to be able to block the attack so it doesn't move around the network as you described. You really got to stop that because they're going to find what they're looking for if you leave them there long enough. And you have to be running different types of threat intelligence inside the network, not just at the edge of the network or outside the network. You have to be running it in all places and assessing what's going on, where's the anomaly, whether I'm finding that with analytics or whether I'm following that with deception techniques or any other new techniques that come around. And that's probably the most interesting thing about having an open intelligence platform, an open API. There's new startups coming every day with new ways to find threats. And that's a good thing. It's a good thing for customers. It's good for you, you can share data with them. Yeah. And they can share data with you. Absolutely, can share data back and forth. We get, obviously we have the telemetry on the network. Yeah. And lots of people would like access to that telemetry because it would make them a stronger application to fight against attacks in the network. But we also get the advantage of offering to our customers any new ways to find threats in the network as quickly as possible. We have a lot of event data going on. Obviously, there's events going on in the network all the time, not like physical events, like next 16 here, but network events. So the next step is the spear phishing. We heard that on stage, spear phishing, meaning how it's trusted, human trusted. Oh, you sent me an email. Oh, Teney, it's good to see you. Thank you for the Q interview. Wait a minute, malware. You didn't really intend that. I thought it was you. I downloaded it. Next thing you know, I got some malware. Yeah. That's a big problem. How do you guys solve it? Yeah, and this is back to the fact that, you know, vision is really one of the most popular ways to get in the network. We're all human. We're going to make mistakes. We're going to click on the wrong thing. And I think it's very hard. I'm not saying we shouldn't have endpoint security. I think it's very hard to catch them off for endpoint security. Hence why we're using that switch port to make sure, because that malware, that packet, has to cross that port. And I think that that is a great line of defense to ensure that we're catching it before it gets further into the network and starts moving around. But I think it's one of the key things is we can by pulling all of the threat intelligence together from what we're doing with Sky ATP and what our third parties are doing, whether that's anti-malware on the endpoint, sitting in the network, or sitting outside the network in a cloud platform, we're catching it all. So the phishing, the email, issues and attacks in malware, cloud-based, you know, any type of deceptive behavior. We're catching it all. And then look for the patterns of the network. We're detecting it through all kinds of applications, whether that's from us or from third parties, and we're blocking it before it moves around. So professional services, let's talk about the human aspect of it. The old way was throw a bunch of bodies in a problem and it goes away. But you still need that professional services. In the announcement today, you guys talk about the threat detection. It's not just going to be all algorithms, it's still a human piece. How do we get more cyber-trained folks out there and if a customer doesn't have it, can they call on Juniper to do that? You know, it is a key area of focus is to help our customers understand, I like to say it's a zero-trust model. Start at zero and then figure out who you need to transact with. It's kind of like the anti-America. You know, assume guilty and proven innocent. But you, exactly, I mean, you have to look at it one at a time. You can't assume everything's fine. Yes, you have to process credit cards. You're going to need to be out on that credit card network. But you determine what at a time, you know, what threat level can I handle in my business? If I'm a bank, that might be different than if I'm in retail. Clothing. I have a different perspective on what I'm trying to block and who's trying to go after me. And so customers, enterprises still need a lot of help and figuring out who do I trust? How do I trust? What is my, the level of risk I'm willing to manage to? How do I think about the security I'm putting in the network? And then how do I get to this point, this SDSN where I'm unifying everything? And one of the great things we've done with SDSN is you don't buy it as a big block. You don't have to buy a new firewall every time we launch something new. We do have some new firewalls and they're very good. But you literally are going to get software upgrades that give you more and more value over time. And it's really in the software. And the buyer's journey has also been bombarded with a bunch of vendor selling stuff. So the CISOs, the chief information security officer out there have been throwing everything at the problem. Money. Exactly. New startup, new shiny, new toy comes out. Now there's some fatigue involved in that. So how do you talk about that to the CISO? Hey, you're fighting a war with an unknown enemy, but you got fatigue. This is the critical network asset. What's the conversation that you guys have there? So really, we talk about the kind of threats that they're seeing. And then we talk about how we can simplify without having to throw away what they've invested in. How we can simplify how they're managing to those threats. And we talk about what we're doing in specific to automate the processes that they're running manually today with the other products in the network. And then what we're doing to find those threats and stop those threats really quickly. So we're pulling the whole thing together. And as you mentioned, we're wrapping in that some really great professional services, many of which we introduced today, to help customers get over the hump of learning, what they need to do and how to deploy. What a challenging job you have, running product management for probably one of the hottest, the hottest area in the technology industry by far. It blows away the Y2K problem in 2000. Security is a huge thing. You've got the product portfolio and you got a hard job. Yeah, I know, it's job longevity. Job security. Job security. Well, nothing gets in there, assume everyone's guilty. Yeah, but what's next for Juniper? What's coming down the pike? I know you really can't talk specifics, but philosophy-wise, what should customers expect to see from Juniper? Well, there's so much across the board, right? But in security, I think what we introduced today is a couple of new firewalls I should mention. The SRX4100 and 4200 mid-range firewalls for both the mid to large campus and small to mid data center. Two times the performance at half the footprint of some of our competitors. And the key there is you're going to continue to see that kind of competitiveness and competitive numbers and better efficacy from Juniper in the future. So the same speed, always been good performance. But Denise, I thought I heard in there, you've got the industry's first containerized firewall. Did I hear that right? We do have actually the industry's first containerized firewall. We introduced that a few months ago. We went from the virtual SRX, which is our virtual firewall, to the CSRX, which is our compact containerized firewall. Really getting at these new use cases our customers are looking for. Micro services, how do I pack a bunch of firewall services of what we call L4 through L7 services. Applications, user content services onto smaller and smaller devices. So you love your job. There's a lot of action going on. There's a lot of action. There's nothing but innovation and security. And we plan to continue to be on the leading edge of that and help our customers. We have Jonathan Davidson on the last segment. We're sure to get into all the future scenarios of driving, self-driving cars, smart cities. We didn't even get to IoT. Just the surface area on IoT alone is going to keep you guys in business for a while. I'm sure. Yeah, absolutely. Well, congratulations. Great to hear from you. Thanks for your sharing. Your insight here on theCUBE. Appreciate it. Great, thank you very much. I'm the Chief and Senior Vice President of Product Manager at Juniper Network. This is theCUBE. I'm John Furrier with Stu Miniman. We'll be right back with more after this short break.