 Live from San Francisco, it's theCUBE, covering RSA Conference 2020 San Francisco, brought to you by SiliconANGLE Media. Hey, welcome back everybody. Jeff Frick here with theCUBE. We're at RSA 2020. It's the biggest security conference in the country, if not the world. I'm guessing there's got to be 50,000 people. We'll get the official word tomorrow. It's our sixth year here and we're excited to be back. I'm not sure why it's 2020. We're supposed to know everything at this point in time with the benefit on its side. But we've got two people that do know a lot. We're excited to have them. On my left is Chris Betts. He's the SVP and Chief Security Officer for CenturyLink. Chris, great to see you. Great to see you, Jeff. And to his left is Chris Smith, VP Global Security Services for CenturyLink. Welcome. Thank you, thanks for having me. Absolutely, so you guys just flew into town? Yep, just for the conference. It's great to be here. This is always a really exciting space with just a ton of new technology coming out. So let's just jump into it. What I think is the most interesting and challenging part of this particular show. We go to a lot of shows. We do a hundred shows a year. I don't know that there's one that's got kind of the breadth and depth of vendors from the really, really big to the really, really small that you have here. And you know, with the expansion of Moscone, they're even packing more of them in underneath Howard Street. What advice do you give to people who are coming here for the first time, especially on more the buyer side, as to how do you navigate this place? When I come here, CSO, I'm always looking at what the new technologies are. But honestly, having a new technology is not good enough. Tackers are coming up with new attacks all the time. The big trick for me is understanding how they integrate into my other solutions. So I'm not just focused on the technology. I'm focused on how they all fit together. And so the vendors that have solutions that fit together, that really makes a difference in my book, and so I'm looking for products that are designed to work with each other, not just separate. From a practice standpoint, the theme of IRSA this year is the human element. And for us, if you look at this floor, it's overwhelming. And if you're a CSO of an average enterprise, it's hard to figure out what you need to buy and how to build a practice with all of the emerging tools. So for us, core to our practice, we think core to any mature security practices having a pro-services capability and a consulting capability that can piece this all together that helps you understand what to buy, what things to piece together, and how to make it all work. Right. And it's funny, the human element, because that is kind of the global theme. And what's funny is for all the technology, it sounds like still the easiest way in is through the person, whether it's a phishing attack or there's a myriad of ways that people are getting him through the human. So that's kind of a special challenge. You're trying to use technology to help people do a better job. But at the end of the day, sometimes you're squishiest or easiest access point is not a piece of technology, but it's actually a person. It's often because we ask people to do the wrong things. We're having them focus on security steps. I use email security as an easy to grasp example. We all go through training every year to teach folks how to make sure that they avoid clicking on the wrong emails. More often than a year. And so the downside of it is that we're asking people to take a step away from their job and try to figure out how to protect themselves. And is this a bad email instead of really focusing on the job? And so that's why it's so important to me to make sure that we've got solutions that help make the human better. And frankly, it's even worse than security. We don't have the staff that we need. And so how do we help make sure that the right tools are there, that they work together and that they automate? Because asking everybody to take those steps is just, it's a recipe for disaster because people are going to make mistakes. Right. Well, let's go a little deeper into the email thing. A friend of mine is in commercial real estate. And he was describing an email that he got like from his banker, describing a wire transfer from one of his suppliers that he has a regular ongoing banking relationship with. You know, it's not the bad pronunciation and bad grammar and you know, kind of the things that used to jump out is an obvious bad email. He said it was super good to the point where thankfully, you know, it was just this time, but you know, he called the bankers like, did you just send me this thing? So, you know, where does, as a sophistication of the bad guys goes up and specifically targeting people, how do you try to keep up with that? How do you try to give them the tools to know, whoa, whoa, whoa, versus I'm being efficient, I'm trying to get my job done. For me, it starts with technology look, we've only got so many security practitioners in the company and actually defend, like in your email example, we've got to defend every user from those kinds of problems. And so, how do I find technology solutions that help take that load off the security practitioners so they can focus on the niche examples that are really, really well-crafted emails and help take that load off the user? Because users just are not going to be able to handle that, right? It's not fair to ask them. And like you said, it was just poorly timed that helped the tech. How do we help make sure that we're taking that technology load off, identify the threats in advance and protect them? And so I think one of the biggest things that Chris and I talk a lot about is how do our solutions help make it easier for people to secure themselves instead of just providing only a technology advantage? Our strategy for the portfolio and it's sort of tied to the complexity you see on this floor is the simplicity. So from our perspective, our goal as a network service provider is to deliver threat-free traffic to our customers even before it gets to the human being. And we've got an announcement that we launched just a week ago in advance of the show called Rapid Threat Defense. And the idea is to take our mature threat and tell practice that Chris has a team of folks focused on that we branded Black Lotus Labs and we built a machine learning practice that takes all the bad things that we see out in the network and protects customers before it gets to their people and to the edge of their network. Right, so that's an interesting take because you have the benefit of seeing a lot of network traffic from a lot of customers and not just the stuff that's coming into my building. So you get a much more aggregated approach. So tell us a little bit more about that and what is the Black Lotus Labs doing? And I'm also curious from an industry point of view, is this a collaboration with the industry? Because you guys are carrying a lot of traffic, there's other big network providers carrying a lot of traffic. How well do you kind of work together when you identify some nasty new thing that's doing the horizon? And where do you kind of draw the line between better together versus still a competitive environment? When we're talking about making the internet safer, it's not really to me a lot about competitive environment. It's really about better together. That's one of the things I love about the security community. I'm sure you see it every year when you're here and you're talking to security practitioners how across every industry, the security folks work together to accomplish something that's meaningful. And so, yeah, as the world's largest global ISP, we get to see a ton of traffic and it's really, really interesting what we're able to put together. You know, at any given point in time, we're watching many tens of thousands of probable malware networks. We're protecting our customers from that. But we're also able to ourselves take down nearly 65 malware networks every month, just knock them off the internet. So we identify the command and control and we take it off the internet. And we work with our partners. We go talk to hosting providers who may be competitors of ours. And we say, hey, here's a bad address. Here's a bad server that's being used to control malware. Go and shut it down. And so, the result of that is not only protecting our customers, but more importantly, protecting tens of thousands of customers every month by removing malware networks that we're attacking them. And that really makes a difference to me. To me, that's the biggest impact we bring. And so, it really is a better together. It's a collaboration story. And of course, as Chris said, we get the benefit of that information. As we're developing it and as we're building it, we can protect our customers right away while we're building the confidence necessary to take something as dramatic an action as shutting down a malware network unilaterally. So Citrix, I was going to ask you kind of the impact of IoT, right, in this crazy expansion of attack services, which we hear about all the time. One of my favorite examples, somebody told a story of, you know, attacking a casino through the connected thermometer in the fish tank in the lobby, which may or may not be true. It's still a great story. It's a great story. But I'm curious, you know, looking at the network feeding versus the devices connecting, that's really an interesting way to attack this proliferation of attack services because you're getting it before it necessarily gets to all these new points of presence and doing it based on the source. Plus that's the only way to make it scalable is through that automation, blocking it before it gets to the edge or to the device. It is what will create simplicity and value for our customers. Right. Well, and the other piece of the automation, of course, that we hear about all the time is there just aren't enough security professionals, period. And so if you don't have the automation, you don't have the machine learning, as you said, to filter the low hanging fruit and to focus your resources where they need to be, you're not going to do it. The bad news is the bad guys have similar tools. So as you look at kind of the increase in speed of automation, the increase in automated connectivity between these devices, making decisions amongst each other, how do you see that kind of evolving, what's your kind of role in making sure you stay a step ahead of the bad guys? For me, it's not about just automation. It's about allowing smart people to put their brains against hard problems, hard, impactful problems. And so simply automating is not enough. It's making sure that automation is reducing the load on people so that they're able to focus on those hard, unique problems and really solve those solutions. And yes, attackers build automation as well. And so if we're not building faster and better, then we're falling behind. So like every other part of this race, it's about getting better, faster. And again, it's why it's so important that technology work together because we're constantly throwing out more new tools. And if they don't work better together, even if we've got incremental automation in each place, we still miss overall because it's end-to-end that we need to defend ourselves, defend our customers. Can I say something else? Layered on to what he said, for the foreseeable future, you're going to need smart security people to help protect your practice. Our goal in automation is to take the rote tasks out of the day live so they can focus on the things that provide the most value in protecting their enterprise. Right. And when you're looking, you're talking about making sure things work together or you're talking about making sure things work together. How do you decide what's kind of on the top of the stack, right? Everybody wants to own the single plane. Everybody wants to be the control plane. Everybody wants to be that thing that's on your computer all the time, which is how you work your day-to-day. How do you kind of dictate what are the top-level tools while still going out and, as you said, exploring some of these really cutting-edge things out around the fringe, which don't necessarily have a full-stack solution that you're going to rely on but might have some cool kind of point solutions, if you will, or point products to help you plug some new and emerging holes. So for us, we take our security capabilities and we build them into the other things that we sell, so it's not a bolt-on. So when you buy things from us, whether it's bandwidth or whether it's SD-WAN security comes baked in, so it's not something you have to worry about integrating later. It's an ingredient of the things that we sell and all of the automation that we build is built into our practice, so it's simple for our customers to understand and consider. Like, simple. And then layer it on top of that. We've got a couple different ways that we bring pro-services and consulting to our practice, so we've got a smart group of folks that can lean in and do staff augment and sit on site and do just about anything to help a customer build a practice from day zero to something more mature. But now we're toying with taking those folks and building them into the products and services that we sell for 10 or 20 hours a month as an ingredient, so you get that consulting wrapper on top of the portfolio that we sell as a service provider. So Chris, I'll get your take on kind of budgets and how people should think about their budgets. And when I think of security, I can't help but think of like insurance. Because you can't spend all your money on security, but you want to spend the right amount on security, but at the end of the day, you can't be 100% secure, right? So it's kind of a, you're kind of working the margins game and you got to make hard trade-offs and marketing wants their money and product development wants their money and sales wants their money. So when people are trying to assess kind of the risk and their investment trade-offs, what are some of the things they should be thinking about to determine what is the proper investment on security? Because it can't just be locked everything down 100%. It's not realistic and they don't have the money. How do you help people frame that? Usually when companies come to us and CenturyLink plays in every different segment all the way down to five people company all the way to the biggest multinationals on the planet. So that question is in the budget is a little bit different depending on the type of customer, the maturity and the lens they're looking at it. So typically we have a group of folks that we call security account managers. Those are our consultants. And we bring them in either in a dedicated or a shared way to help companies assess where their practice is today and what tool sets they're using and the things that they need to purchase and integrate to get to where they need to be. So it's really kind of a needs analysis based on gaps as much as anything else? Yeah. Yeah. That's part of the reason why we try to build to Chris's earlier comments. So many of the technologies into our solution so that you buy SD-WAN from us and you get a security story as part of it is that that allows the customer to save money and to really have one seamless solution that just provides that secure experience. We've been building firewalls and doing network-based security for gosh, going on two decades now in different places. So at this point, that is a good place that we understand well. We can apply automation against it. We can dovetail it into existing services and then allow focus on other areas of security. So it both helps from a financial standpoint. It also helps customers understand from where they put their talent because as you talked about, it's all about talent, even more so than money. Yes, we need to watch our budgets but if you buy these tools, how do you, it's about the talent to deploy them and the easier you can make it to do that, the simpler, I think the better off you can do it. Typically, we had the most success selling security practices when somebody is either under attack or compromised, right? Then the budget opens right up and it's not a problem anymore. So we thought about how to solve that commercially and I'll just use DDoS as an example. We have a big global DDoS practice that's designed to protect customers that have applications out on the internet that are business critical and if they go down, whether it's an e-commerce or a trading site, they're losing millions of dollars a day. And some companies have the money to buy that upfront and just have it as a service and some companies don't purchase it from us until they're under attack and the legacy telco way of deploying that service was an order and a quote and some days later, we turned it up. So we've invested with Chrystosteam, a whole orchestration layer to turn it up in minutes and that months. So you can go to our portal, you can enter a few simple commercial turns and turn it on when you need it. So that's interesting, I was going to ask you how has cloud changed the whole, go to market and the way people think about it and even then you hear people have stuff that's secure in the cloud but they've been misconfigured to switch and left something open. But you're saying too, it enables you to deploy in a very, very different matter based on kind of business conditions and to not have that old, get a P.O. requisition order, install, config, all that other kind of crazy stuff. Okay, so before I let you go, kind of last question, what are your kind of priorities for this RSA show for CenturyLink, what is the top of mind? Obviously you have the report and the black lotus. What are you guys really prioritizing for this next week here at San Francisco? We're here to help customers. We have a number of customers that want to learn about our solutions and that's always my priority. And I mentioned earlier, we just put out a press release for our rapid threat defense. So we're here to talk about that and educate the industry on what we're doing that's a little bit different. I get to work with Chris Motion this week with the customers, which is a ton of fun. The other part that I'm really excited about, I think we'll spend a bunch of time with partners and potential partners, because we're always looking at how we bring more better together. And so one of the things that we're both focused on is making sure that we're able to provide more solutions. And so the trick is finding those right partners who are ready to do the API level integration, the other things that Chris was talking about that really make this a seamless end-to-end experience. And I think we've got a set of them that are really, really interested in that. And so those conversations this week are going to be exceptional. I think that's going to help build better technologies for our customers even six months from now. All right, great. Well, thanks for kicking off your week with theCUBE and have a terrific week. Thanks for having me. All right, he's Chris, he's Chris. I'm Jeff, you're watching theCUBE. We're the RSA Conference, downtown San Francisco. Thanks for watching. See you next time.