 from downtown San Francisco. It's theCUBE, covering RSA North America 2018. Hey, welcome back everybody. Jeff Frick here with theCUBE. We're at RSA's North American Conference 2018 in downtown San Francisco. 40,000 plus people talking about security. Security continues to be an important topic, an increasingly important topic and a lot more complex with the having a public cloud, hybrid cloud, all these APIs and connected data sources. So it's really an interesting topic. Continues to get complex. There is no right answer, but there's a lot of little answers to help you get kind of closer to Nuvana. And we're excited to have Misha Goffsten. He's the co-founder and SVP of Alert Logic, CUBE alumni, it's been a couple of years since we've seen you, Misha. Great to see you again. That's right, I'm glad to be back. Thank you. Yeah, so since we've seen you last, nothing has happened more than the dominance of public cloud. And they continue to eat up market share. I think I predicted it on my past visit. Did you predict it? But I think it happened, yeah. But it's certainly happening, right? Amazon's AWS's run rate is 20 billion, last reported, Google's making moves. Their conference is bigger than ours, I'd say now. Is it? That's 45,000? Yeah, it's 45,000, yeah, it's reinvented. It's crazy. And then obviously Microsoft's making big moves as is Google Cloud. So what do you see from the client's perspective as the dominance of public cloud continues to grow, yet they still have stuff they have to keep inside? We have GDPR, regs are going to hit in about a month. Well, one thing's for sure is it's not getting any easier, right? Because I think cloud is turning things upside down and it's making things disruptive, right? So there's a lot of people that are sitting there and looking at their security programs and asking themselves, does this stuff still work? When more and more of my workloads are going to cloud environments, the security have to change. And the answer is obviously it does, but it always has to change because the adversaries are getting better as well, right? So there's no shortage of things for people to worry about. You know, when I talk to security practitioners, the big thing I always hear is I'm having a good year if I don't get fired, you know? Well, it almost feels like it's inevitable, right? It's almost like you're going to, it seems like you're going to get hit at some way, shape, or form you're going to get hit. So it's almost, you know, how fast can you catch it? How to react? How do you change places? That's a huge change from five years ago, right? Five years ago, we were still kind of living in denial, thinking that we can stop this stuff. Now it's all about detection and response and how does the answer to response process works? That's the reason why, you know, last year, I think we saw a whole bunch of noise about machine learning and anomaly detection and AI everywhere and a whole lot of next generation antivirus products this year. It seems like a lot of the conversation is, what do I do with all this stuff, right? How do I make use of it? Well, and then how do you leverage the massive investment that the public cloud people are making? So, you know, love James Hamilton's Tuesday night show and he talks about just the massive investment, say, Amazon is making and networking and security. And you know, he's got so many resources that he can bring to bear to the benefit of people on that cloud. So, where does the line? How do I take advantage of that as a customer and then where are the holes that I need to augment with other types of solutions? You know, here's the way I think about it. And we had to go through this process, Adalert Logic internally as well, because we obviously are a fairly large IT organization, so we have 20 petabytes of data that we manage, right? So, at some point, we had to sit down and say, are we going to keep managing things the way we have been, or are we going to overhaul the whole thing? So, I think what I would do is I would watch where my infrastructure goes, right? If my infrastructure's still on prem, keep investing in what you've been doing before, get it better, right? But if you see more and more of your infrastructure move to the cloud, I think it's a good time to think about blowing it up and starting over again, right, because when you rebuild it, you can build it right and you can build it using some of the native platform offerings that AWS and Azure and GCP offer, you can work with somebody like Adalert Logic, there's others as well, right, to harness those abilities. I'll go out on a limb and say, I can build a more secure environment now in a cloud than I ever could on prem, right? But that requires rethinking about your stuff. Right, and then the other really important thing as you said, the conversation has changed. It's not necessarily about being 100% locked down, it's really incident response and really it's a business risk trade-off decision. Ultimately, it's an investment and it's kind of like insurance, you can't invest infinite resources and security and you don't want to just stay at home and not go outside, that's not going to get it done. So ultimately, it's trade-offs, it's making very significant trade-off decisions as to where's the investment, how much investment, when is the investment then hit a plateau where the ROI is not there anymore. So how do people think through that? Because at the end of the day, one person saying, God, we need more, more, more, anything is bad, at the other hand, you just can't use every nickel you have on security. So I'll give you two ends of the spectrum, right? And on one end are those companies that are moving a lot of their infrastructure to the cloud and they're rethinking how they're going to do security. For them, the real answer becomes it's not just the investment in technology and investing into better getting information from our cloud providers, getting a better security layer in place. Some of it is architecture, right? And some of the basics, right? There's thousands of application-running and most enterprises. Each one of those applications on the cloud couldn't be in its own virtual private cloud, right? So if it gets broken into, only one domino falls down. You don't have this scenario where the entire network falls down because you can easily move laterally. If you're doing things right in the cloud, you're solving that problem architecturally, right? Now, aside from the cloud, I think the biggest shift we're seeing now is towards kind of focusing on outcomes, right? You have your technology stack, but really it's all about people, analytics, data. How do you make sense of all this stuff? And this is classic, I think, with the target breach and some of the classic breaches we've seen, all the technology in the world, right? They had all the tools they needed, the real thing that broke down is analytics and people. Right, and people. And we hear time and time again where people, like you said, had the architecture in place, the system in place, and somebody misconfigured a switch. Or I interviewed a gal who did a live social hack at Black Hat just using some Instagram pictures and some information on your browser. No technology, just went in through the front door, said, you know, hey, I'm trying to get the company picnic site up. Can you please test this URL? She's got a hundred percent hit rate, but I think it's really important because as you said, you guys offer not only software solutions, but also services to help people actually be successful in implementing security. And the big question is, if somebody does that to you, can you really block it? And the answer a lot of times is you can't. So the next battle front is all about can you identify that kind of breach happening, right? Can you identify abnormal activity that starts to happen? You know, going back to the Equifax breach, right? One of the abnormal things that happened that they should have seen, and for some reason didn't, you know, 30 web shells were stood up, which is the telltale sign of, maybe you don't know how you got broken into it, but because there's a web shell in your environment, you know somebody's controlling your servers remotely. That should be one of those indicators that I don't know how it happened. I don't know, maybe I missed it and I didn't see the initial attack, but there's definitely somebody on an network poking around. There's still time, right? There's, you know, for most companies, it takes about a hundred days on average to steal the data, right? So I think the latest research is if you can find the breach in less than a day, you eliminate 96% of the impact. That's a pretty big number, right? That means that if you, the faster you respond, the better off you are. And most people, I think when you ask them, and you ask them, honestly, assess your ability to quickly detect, respond, eradicate the threat. A lot of them will say it depends, but really the answer is not really. Right, because the other, the sad stat that's similar to that one is usually it takes many, many days, months, weeks to even know that you've been breached, so to figure out the pattern that you can even start, you know, the investigation and the fixing. It's almost not surprising, right? I don't think there's that many security operation centers out there, right? There's not, you know, not every company has a sock, right? Not everybody, every company can afford a sock. I think the latest number is for enterprises, right? This is Fortune 2000, right? 15% of them have a sock. What are the other 85% doing? Right, right. And, you know, are they buying a slice of a sock somewhere else? That's the service that we offer, but I think suffice to say, there's not enough security people watching all this data to make sense of it, right? That's the biggest battle, I think, going forward. And we can't make enough people doing that. That requires a lot of analytics. Right, which really, then, begs for the standalone single enterprise that they really need help, right? They're not going to be able to hire the best of the best for their individual company, and they're not going to be able to leverage, you know, Best Breed, which I think is kind of an interesting part of the whole open source ethos, knowing that the smartest brains aren't necessarily in your four walls that you need to leverage people outside those four walls. So, as it continues to morph, what do you see changing now? What are you looking forward to here at RSA 2018? Well, so I made some big predictions five years ago, so I'll say, you know, five years from now, I think we're going to see a lot more companies outsource major parts of their security, right? And that's just because you can't do it all in a house, right? There's got to be a lot more specialization. There's still people today buying AI products, right? And having machine learning models they invest into. There's no company I'm aware of, unless they're, you know, maybe the top five financial firms out there, they should have a, you know, security-focused data scientists on staff, right? And if you have somebody like that in your environment, you're probably not spending money the right way, right? So, I think security is going to get outsourced in a pretty big way. We're going to focus on outcomes more and more. I think the question's not going to be what algorithm are you using to identify this breach? The question's going to be how good are you identifying breaches, period, right? And some of the companies that offer those outcomes are going to grow very rapidly. And some of the companies that offer just, you know, picks and shovels are going to probably not do it nearly as well, right? So, five years from now, I'll come back and we'll talk about it then. Well, the other big thing that's going to be happening in a big way five years from now is IoT and IoT and 5G. So, the size of the attack surface, the opportunities to breach- The data volume, right? The data volume and the impact. You know, it's not necessarily stealing credit cards, taking control of somebody's vehicle, moving down the freeway. So, you know, the implications are only going to get higher. We collect a lot of logs from our customers. Usually, the log footprint grows at three times the rate of our revenue in customers, right? So, you know, thank God. The log, the log- The log volume grows- The log volume that you're tracking for a customer grows at three times your revenue for that customer. That's right. I mean, they're not growing at three times that rate annually, right? But annually, you know, we've clocked anywhere between two to 300% growth and data that we collect from them. IOT makes that absolutely explode, right? You know, if every device out there, if you actually are watching it, and if you have any chance of stopping the breaches on IOT networks, you got to collect a lot of that data. That's the fuel for a lot of the machine learning models because you can't put human eyes on small RTUs and, you know, in factories. That means even more data. Right, well, and, you know, the model that we've seen in financial services and ad tech in terms of, you know, an increasing amount of the transactions that are going to happen automatically with no human intervention, right? It's hard wired stuff, so. So I think it's that balance between data size and data volume analytics, but most important, what do you feed the humans that are sitting on top of it? Can you feed them just the right signal to know what's a breach and what's just noise? That's the hardest part. Right, and can you get enough good ones? That's right. Underneath your own, underneath your own shell, which is probably, no. Well, hopefully. I think building this from scratch for every company is madness, right? Yes, madness. There's a handful of companies out there that can pull it off, but I think ultimately, everybody will realize, you know, I'm a big audio nerd, so I looked it up, right? You used to build all of your own speakers, right? You would buy cabinet and you would buy some tools and you would build all this stuff. Now you go to the store and you buy an audio system, right? Right, yeah. Well, at least audio, you do, you had, and the speakers are interesting because there's a lot of mechanical interpretations about how to take that signal and to make sound. But if you're making CDs, you know, you gotta go, you gotta go into the standard, right? You buy Sonos now, right? Sonos is a fully integrated system, right? Exactly. So, Sonos for security, right? It doesn't exist yet and that's, I think that's where security as a service is going. Security as a service should be something you subscribe to that gives you an out, set of outcomes for your business and I think that's the only way to consume this stuff. It's too complex for somebody to integrate from best of great products and assemble it just the right way. I think the parallels are gonna be exactly the same. I'm not building my car either, right? Right, right. I'm gonna buy one. All right, Misha, well thanks for the update and hopefully we'll see you before five years, maybe in a couple and get an update on where you're at. We'll do some checkpoints along the way. All right, all right, he's Misha. I'm Jeff, you're watching theCUBE from RSA North America 2018 in downtown San Francisco. Thanks for watching.