 From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE Conversation. Hello everyone, welcome to theCUBE Conversation here from our Palo Alto Studios. I'm John Furrier, host of theCUBE. We're here with our remote crew, getting all the interviews, getting all the stories that mattered during this time. We're all sheltering in place during the COVID crisis. We've got a great returning guest, John Madison, EVP of Products and Chief Marketing Officer, Fortinet. John, great to see you. Looking good with the home studio there, getting used to it. Yeah, indeed, great to be here again, John. Thanks for coming on, I really appreciate it. We're hearing a lot about SASE, which is Secure Access Network Edge, honestly, Zero Trust Network Access. What does that all mean now these days? What is this SASE? Well, there's definitely a lot of hype around the word SASE, which is the security of the edge. For us, actually, it confirms a strategy that we've had since the beginning of the company and two important concepts. One is the coming together of networking and security. We refer to it as security-driven networking, and we've been doing it using A6 and appliances for a long time. We're now going to expand it to cloud as well. So that's one concept, again, bringing together networking and security or converging them in a way. And then the second concept is more around a platform approach. So if you look at the definition of SASE, it includes SD-WAN, it includes WebGateways as a service, Zero Trust, CASB, WAF, et cetera. And so bringing those together in a platform approach, we refer to it as the fabric. So we're actually really happy about those two concepts coming together. Maybe the name itself could be different, but definitely the concepts and the technologies play really well to our strategy. Yeah, it's SASE, not two A's, not like SAS, softwares of service, but if one knows it's cloud. Yeah, I tried using the full name, and then I've reverted back to SASE again. Yeah, it's short and SASE, keep it short and sweet. Okay, well, this is a super important relevant topic for multiple reasons. One is COVID has kind of accelerated the future for everybody. And we've been kind of riffing on Twitter and throughout the industry. I've been calling it the big IoT experiment because the unforecasted disruption of COVID has forced everyone to work at home. So the notion of work changes, workplace is now home, workforce, the people, how they're interacting with the networks, workloads, workflows, all changing, new expectations, new experiences. This is the real deal. And the edge is where the action is. That's the big new obvious architectural highlight here. Yeah, so we talked last time, I think we were just beginning this work from home element, but we're still here. And I think what it says is that, and what it's forced is that enterprises and customers need to look at their edges and they're increasing. So the WAN edge was a new one over the last two years as we introduced SD WAN. They had a data center edge. They had an endpoint edge. Now you have a home edge. And so you've got to apply security as a cloud edge as well. You've got to apply security to these edges. And the key is the flexibility to apply the security you want and you need against those edges. And so we're seeing some customers right now look at setting up many enterprise networks to protect that home edge, again in the homes of their executives or developers. And we've reported with the news you guys had a couple of months ago around just that's such been a feeding frenzy for hackers and bad actors to go after the home environment, as well as the IT guys who are working from home, either the cloud consumption shifted as well. You're seeing the cloud players doing extremely well because now you have more cloud. You have more vulnerabilities at the edge with the home. This is changing completely increasing the attacks. Yeah, the attack vectors, predominantly still actually a lot of phishing, but then if you're on the network, that attack vector is very important. So for us, and we did an acquisition last week of opaque networks because that gave us an additional consumption model and additional form factor. So if somebody's going from the home straight into the cloud or the peering off, branching off an SD-WAN connection straight into the cloud, we can now apply that cloud edge security through our SASE capabilities. And so again, the ability to have security at all these edges has become very important going forward. So for us, now we've got appliances, we've got virtual machines, we've got cloud delivery. And this is becoming very important to customers. I'm not saying, and customers are not saying they're going to go to just cloud only going forward, they're going to be hybrid. And so having those options is very important. You mentioned opaque networks, we've reported that acquisition, congratulations. What does that mean for Fortinet and where does that technology fit? And you mentioned software, can you just take a minute to explain the acquisition, impact of Fortinet and where does the tech fit? Well, as I said, we've been driving a lot of this SASE conversions through our appliances, but it sometimes makes sense to put that security closer to the cloud, the peering points or wherever. And so opaque, we really like their model of building out these hyper peering stations and making sure they've got high speed security there as well as edges. And so we're going to bring that inside our environment, update it to include some of our technology, but it gives us now great flexibility of applying that security at the SD-WAN edge, the data center edge and now the cloud edge. Our longer-term romance will integrate orchestration capabilities. It also includes a zero trust network access capability as well. So it really, when we looked at our SASE framework, we had most of the things in place. This now adds firewall as a service as well as zero trust network access, giving us the most complete SASE framework in the marketplace. What is the security component of the work at home? You mentioned earlier, there's more networks and companies are looking to kind of up level the capabilities. Can you give an example and take us through what that looks like and what companies are thinking about? Because it's not just, here's some extra money for your home bandwidth. People are working there. It's got to be industrial strength edge now. It's not just temporary. And their kids are home too. So you got their gaming, they're watching Netflix. People is zooming in and doing web access all day long. It's a work environment. It can be as simple as putting a zero trust network access agent on there and doing some security locally and then going back through a proxy. We believe actually that it can be even better than that that you can apply mini enterprise security in your house through an XM firewall, give high availability through SD-WAN, then expand out the secure access and switching and end points. And we can do that today. I think what's going to be key going forward is as you're dealing, as IT teams have to deal with more of a consumer approach remotely in the homes, we're going to have to simplify the way things get set up such that you can easily separate out maybe home usage from corporate enterprise usage. So that will be something we'll be working on over the next 18 months. I mean, just the provisioning the hardware. Okay, here you go. Plug it in. It should be plug and play. This is kind of back to the future of where SaaS is going. I mean, the old days was plug and play was a technology. Now you've hit that concept. It has to be auto configured. You have to provision pretty quickly. What's the future of SaaS in your mind? Yeah, and so if you think about, you know, coming back to the home usage, then people have done down those routers and the security is very simplistic. So we people can just plug and play. If you need to be a bit more sophisticated, you're going to need to put some tools in place. We believe long-term that the SaaS model, once you've got the platforms in place, once you've got SD-WAN in place, your CASB, your SaaSy, your zero trust, then long-term you're going to need an orchestration system that's more AI driven. So we've done a lot of work on AI around security and making sure we can see things very quickly. But the long-term goal I think will be around AI ops, AI network ops, where the system and the big data systems are looking across your network, across these different components to see where there may be an issue. Maybe there's a certain link that's gone down across a certain ISP, we need to bring that back up. Maybe there's a certain QRS to an application in the cloud somewhere, so we need to change the on-run. So once everything's in place and you have that console and policy engine that can look across everything, then we need to get smarter by looking at the data and the logs, et cetera, and applying some of that AI technology. You know, John, we've been following, as you know, for many, many years and watching the evolution of you guys as a company and also as the industry, the new waves are coming in. A lot of the stuff you're doing with the fabric and now the secure-driven networking has been kind of on the playbook. So I want to get your thoughts before we get into those topics and define them and kind of unpack them. But generally customers are looking at slew of vendors out there and you have kind of two approaches. You have a platform approach and then you have the, we're an application or fully full stack or SaaS or something. And there's trade-offs between the two and how should customers understand the difference because there's different value propositions for each. Platforms more enabling, out of the box SaaS or point solution can solve this particular thing but it may not have that breadth. How should customers think about a platform approach or fabric and how should they think about the value and how to engage with that long-term? Yeah, I'm definitely seeing more customers look towards a platform going forward. They just can't manage all the different point solutions. And you know, if the training individual and that product you have to have a separate management console, you have to interpret it. And so more and more I'm finding customers wanting to converge which is the basis of SaaS. So you consolidate applications onto a platform or security applications. What's important though for that platform is that the consumption model is flexible enough to be an appliance, to be a virtual machine and to be cloud delivery. Because as a customer's networks move and their orchestration systems move into different more cloud or they've got their IP enabling their factories, for example then they need that security to be flexible. So yes, a platform is the way forward but two things, one is you need a flexible consumption model for it, appliance, virtual machine and cloud. And also that platform needs to be very open. It needs to have connectors into the main orchestration systems. It needs to allow people to build API and automation. So yes, you need a platform but it needs to be open and it needs to be flexible. Great insight there and that's exactly what the market needs especially with cloud and the kind of scale. Second follow-up question to that is how do you tell the difference between a tool camouflage as a platform? So I have a tool, I want to sell you a tool but no, it's a platform. So a lot of people are peddling tools and seeing their platforms. How do you know the difference? Well, to me a platform has much greater scope across the attack surface, first of all. The attack vectors, whether that be email or application, the network, the endpoint. So a platform is not just of a specific attack vector. It can go across the complete surface. And then also a platform is when it's organically built allows those products to communicate. So then you can build automation across it. It's very hard to build automation across two or three different vendors. They have different eyes, different scripts. So being able to build that automation and then of course on top of that to have a single view, single visibility capability, as well as long-term apply that AI ops across it. And so a platform is very, very different from some of the tools I've seen in the marketplace. I want to get to your reaction to a comment that your CEO said about security driven networking and underscores what we've been saying for years, blah, blah, blah, it goes on. In this era of hyper-connectivity and expanding networks with the network edge stretching across the entire digital infrastructure, networking and security have to be kind of either the converge as you mentioned. Describe how you view hyper-connectivity and expanding networks and how the edge stretches across the digital infrastructure. What does that look like? Can you share your vision of that? Well, when you think about networking, if you go back 20 years when you have these 10 megabit per second connections, really networking and routing and switching, they haven't really changed that much over the last 20 years. They've just got a lot faster. They've gone to now to 400 gigabits per second, but the basic functionality is the same. So it's allowed them to go a lot, a lot faster. Security is very different. You know, it started off with firewalling and VPN and then next-gen firewall, SSL inspection. All these functionalities, IPS have been added, making it a lot harder for it to keep up in the network. And so one of the fundamental principles of security driven networking is bringing these two things together but accelerating them, either using A6 and now cloud through our acquisition to allow those to run in a converged format. And that's very important. As I said, there's now more, you can look at it two ways. You can say the perimeter's expanded because it used to be a very narrow perimeter at the data center across these areas or the edges have formed as well. These new edges sitting at the OT environment, sitting at the WAN edge, sitting at the home edge as I talked about, sitting at the cloud edge. And so the ability to apply that security in very high performance, very high quality security, not just a small sampling of security, a full enterprise stack at those edges is going to be critical going forward and the flexibility to apply in different ways is going to be very important. I think the convergence piece is totally relevant and obviously consolidating into a platform is a very key point there. While I got you here, I'd like you to define what is security driven networking and what does it mean to be security driven? So define security driven networking and give an example of what it means. Yeah, so I think the WAN edge was one of the best examples of it. I mean, actually, before that next-gen firewall was where you brought firewalling and then content inspection together, but I think the latest one is definitely the WAN edge or secure SD-WAN, where you had a networking function which was to get the users to the right applications. So they got this application now steering that goes out through there. Well, you also want to apply security there because security into the WAN, you've also got to protect the LAN. And so the ability to run a security stack there, whether it be IPS or application control is very important. So getting all those networking functions working at high speed, getting all the security functions working at high speed is the kind of the genesis of security driven networking. And you can apply it there. We can also apply it in other places at the edge in the cloud now or the home. It's a very, very important concept to be able to run networking and security together at high speeds. Everyone has their own kind of weird definition of sassy depending on if you're building your own or different analyst firms. I noticed you guys have a different take on this. Even Gartner has a different view on this. How do you guys differ from that definition? And what should people be aware of when they hear that? What is the right definition? Yeah, it's unfortunate. I mean, I think Ghana does some good work there and they define it and come up with sassy, but it's like aquarium soup. And I want a bit of next-gen firewall on my sassy. It's just so many different terms that confuses the customer. And what makes it more confusing is that vendors look at their portfolio and go, oh, sassy is a hot topic. I've got a sassy as well. And really it should be very clear what the definition from Gartner is. It is bringing together security and networking. Now their definition is that you should do that in the cloud, which we agree with as well, but it can't only be in the cloud. The reason it's in the cloud is because not many people have got the ability to run on an appliance very fast. So we believe our difference there is that you should be able to run it on an appliance, built-in machine, and cloud. And then the second kind of difference is that they've defined the components of sassy as being SD-WAN, CASB, firewall as a service, zero trust. We also think that the LAN age is very important. So we would add into that definition the secure access of Wi-Fi and ethernet switching as well. So we try and point out the Gartner definition. And we also point out where we differ. And I think that's fair so the customer can make a good decision. I think it is fair. And I think one of the things I've been saying for years, and I love Gartner, I love the guys over there and gals, I just don't think that their business model is real time as much. They end up kind of getting it right down the road, but you brought up a good point. And again, I've been saying this for years, cloud changes Gartner's model because if you have quadrants, it implies silos and implies categories. And one of the best things about cloud is it does horizontally scale. So some of the best vendors actually have multiple capabilities that might fall on different quadrants that may or may not be judged on a criteria that meets what cloud's doing. So for instance, ASICS you mentioned, right? That's in there too. You got cloud and ASICS is that, well they've got two different categories. You add the edge in there. If you do all three really great as an integrated, converged and consolidated platform, you're technically awesome, but you might not fit in the quadrant. Yes, it's a really good point. I have this conversation with them all the time that traditionally enterprises have had networking teams and security teams and they've been in silos or they've had a networking team that just does switching or just this routing or just this SD-WAN and have a security team that does web gateway. And they like to separate them all into different components. When you look inside those magic quadrants, they're all different. It isn't the same vendor, they're different products. What we like to do is bring it all together in a single operating system, a single appliance or cloud version machine. Sometimes it's not quite, doesn't quite fit the model, but in the end, you're trying to do the same. You know, in COVID-19, one of the real realities that everyone's dealing with is it does expose everything and expose. And again, it's been a disruption, unforecasted, but it's not like an outage or a flood or a hurricane, it happened and it's happening. It really puts the pressure on looking at the network. It's looking at how you can have continuous operations. How are you working with your people and workloads, workforces and apps? You got to have it all there. And if you're not digitally enabled, you're going to be on the wrong side of history. This is what companies are facing every day. And they got to come back and double down on the right project. So every CXO I talk about, that's the number one challenge. I need to come out of the pandemic with a growth strategy and an architecture that's going to allow me to take advantage of the new realities. Hey, it's really good to have people work at home. That's cool. Some people are going to continue to do that. Maybe that's normal. Maybe that's a new tactic. And it's going to vary by industry as well. So if I'm a retail outlet, I absolutely need 100% off time for those retail outlets because people are ordering online and they're driving up into it. So it has changed the dynamics. It's for me, working at home, I have to be up all the time. And so the ability to do really good, high quality networking, high availability, high Q of S with this integrated security across the different edges is super critical going forward. I was talking with a network friend of mine. Again, we were having a few Zoom cocktails and do a little social networking online. And we were like, and we've mentioned before in the queue, but we keep coming back to the when is the new land? And meaning that it's in the old days, land was everything, everything, the local area network and you were inside the data center. Everything was great on-premises. When is the new land? So if you think about it that way, you go, okay, when edge, I got to now a land at home. You got an SD-WAN at your house. Of course you work for Fortinet. So it's a little bit beneficial for you, you're a geek there, but this is the new normal where it's all one network. It's not just a WAN link, it's a system. Can you react to that and what's your take on that? WAN is the new land kind of ref? First of all, I can't be too geeky because of the CMO as well. So there's no talk about geekiness. But it just makes, as I keep saying, it's making sure that wherever you may be, you're doing less traveling these days, but that may come back at some point, or whether you're at a branch office or a campus environment, or wherever the applications and then moving around in different clouds, different areas in terms of consumption and workloads. Wherever that's happening, you'll be able to be flexible in applying that security to the different edges, LAN edge, WAN edge, home edge, data center edge. And so the ability to do that while providing high speed and connectivity is very important. And then again, as you go forward, and you implement that platform approach, so not just the point product. Now, three or four products working together, being able to apply that policy, orchestration and AI ops, is going to make sure that they get that user. In the end, it's all about the user experience. Do I have a high quality of experience in whatever application I'm using? That's the key measurement in the end. You know, one observation I would have, we'd look back at the whole virtualization trend going back to the early days of VMware, that kind of enabled Amazon and kind of having a large scale kind of infrastructure. Hyperconvergence really kind of collapsed everything together. And now you're seeing things with Amazon like Outposts, you're seeing, you know, these non-premises devices, which is basically one cloud operations. Kind of highlights what you're saying here. I want to get your thoughts on this because the combination of A6 with cloud is not a bug, it's a feature. For you guys, that's a value proposition. And it's kind of consistent with some of the big players like AWS when you look at what they're doing and a pair of chips, for instance, what they're putting in the servers. Having that combination of horsepower, A6, with cloud is a guiding principle of the future architecture. Can you share your thoughts? Because obviously you guys are announcing that and have that feature. Yeah, well, another reason why I like the opaque acquisition is they were their major peering hubs into the different cloud service providers that were using hardware. And that hardware, we can run hardware and with our A6 almost 50, 100 times faster than the equipment CPU. So I've got a firewall application I've got on appliance there. I may need a hundred virtual machines and CPUs they're running the same thing. So again, we're coming back to that definition of security driven networking. In our minds, it can be ASIC, it can be virtual machine, and it can be cloud. Now imagine if we can take the best benefits of ASIC and combine that with cloud, that's a great model going forward, again, given that flexibility. So when people think cloud, something has to run on something, it doesn't run in fresh air. So the big cloud vendors are putting in some ASICs to accelerate some of the AI stuff. And we're gonna use the same thing in some of our major, what we call 40SASI, our naming methodologies, 40, whatever it does, going forward to provide us that performance and high availability. Now, yes, you're always going to need some flexibility of virtual machines in certain areas, but we think the combination of both, it gives us a great advantage. And there's definitely evidence to that. I mean, there's kind of two schools of thought on hardware. Are you a box mover, commodity general purpose, or are you using the hardware in a system architecture? Acceleration has been a huge advantage where I've seen companies doing accelerated Kubernetes processing for clusters and see GPUs are out there. It's how you use the hardware. That's really the key, and again, back to the architecture. So, okay, so wrapping up, if you believe that and you look at the fabric that you guys are having out there and as it evolves, what's the next level for it? How do you see this going forward? You got security-driven networking, you got the fabric, what's next? What are you guys working on on the product side? I know you're public, you can't reveal any future earnings, but give us a taste of kind of the direction on the roadmap. I think, you know, we've got now all the kind of component, the underlying components of the platform in terms of the ability to apply appliances, to deliver it by appliances or virtual machine or cloud. We've got a very broad portfolio from end point all the way into the cloud and the network. So, all those things are in place. Obviously, you always need some features here and there as you go forward, and next day when, and next year in firewall, et cetera. But I think the long-term, I think, goal for us, now is to, again, to apply a bit more intelligence, both from a security perspective and from a network perspective, such that we can predict things, we can automatically change things, we can build automation and react to things much more quickly. So, I think the building blocks are in place. Now, I think it's the ability to provide a bit more smarts across it, which of course takes big data and a very specific application programming. And I think definitely our customers are asking us about that. And we'll look very closely with our customers to build out that, to make sure it meets their needs going forward. Well, it's great to see the platform continue to grow and fill in a holistic view of the landscape from edge to throughout the enterprise. So, great strategy and thanks for the update. John Madison, EVP of products and CMO at Fort Ant, John, great to have you on. Thanks for coming on. Thanks, John. Okay, this is theCUBE conversation here in Palo Alto Studios. I'm John Furrier, your host at theCUBE. Thanks for watching.