 Live from Santa Clara, California, extracting the signal from the noise. It's theCUBE, covering Nextwork 2015. Brought to you by Juniper Networks. Now your host, John Furrier and Stu Miniman. Okay, welcome back everyone. We are here live in Silicon Valley for Juniper Networks, Networks event, NXT work. That's the hashtag. Join the conversation at crowdchat.net slash NXT work. This is Juniper Networks customer summit. I'm John Furrier, the founder of Silicon Angle. This is theCUBE, our flagship program. We go out to the events and extract the signal and the noise. I'm joined by my co-student Miniman, analyst at wikibon.com. Check on the research on cloud and infrastructure. Our next guest is Tushar Kotari of Ativio, Ativo Networks. There's so many Ativio's network, all those different names, but great. Welcome to the... Yeah, thank you very much. Thanks for coming on today. One of the things I want to talk about is really kind of the theme here is all of the next generation networks, but really securities at the center of the conversation. We heard on the presentations. We heard a quote earlier on theCUBE. It was a great CUBE gem, which was, the perimeter is everywhere and it's nowhere, meaning the perimeter model of security is gone. We hear that on theCUBE, so it's not new to us. But the customers are dealing with the ramifications of this API economy and the fact that networks are expanding, not getting smaller. What's your take on that? I think you said it right. I think what we saw the last three or four years is the prevention technology by itself is not working because one of the reasons is the perimeter itself is morphing or melting or as some would say, it's not there anymore. And so a lot of companies have made investment in preventing the malware from getting through. But I think at this point it's a given that most security professionals would agree that it's a matter of time if you're not already, malware is made it in. And there are a variety of good reasons why the malware could get through. So we started at Ativo with the idea that we needed to come up with a solution that will help our customers effectively detect and neutralize a threat once it's inside the network. So that's where the idea of Ativo started. Most of our core engineering team came from companies which were involved in developing most state-of-the-art prevention technologies. And that's when it occurred to us that prevention by itself is not enough. You need to have ability to detect malware if it gets cut through. And so we started with this idea about three years ago and actually interesting enough that the whole notion has been validated as. The breaches are everywhere. I mean, you're seeing the massive amounts of hacks of epic proportions. It's not like little databases, credit cards are everywhere, there's black markets forum, there's all kinds of arbitrage going on. Over the last 18 months, we have seen hundreds of announced breaches. In fact, this year to date, I think that about 600 breaches already that are publicly announced. So it's very interesting times from that perspective and what we designed and developed is very effective in addressing that issue. Jishar, talk about the dynamics because what you just said is really a cracking critical state-of-the-art today is assume they're in. That is the kind of working assumption. They're already in. Deal with it. That's where you guys come in. Talk about the company and how long you guys been around. You mentioned a couple of years where you guys located staff, employees, funding. Give us a quick update. So we are Silicon Valley based company. We are located here in Fremont, California. We are now about 70 employees. We've been designing these products for a little over three years and we are actually now deployed in customers for about a year now. We have some marquee Fortune 500 customers who have deployed our technology. So we are now moving to the next stage of the company. We've been earlier this year funded by Bain Capital with Mr. Enrique Salem. Enrique Salem is on our board of directors. Cube alumni. Yeah, Cube alumni is on our board of directors. And so that's been a great boost for us. And it was a strong validation of the approach we had taken. It's a new layer of security. And he's smart. He was at Symantec even in that for years. So he knows some of these, the cutting edge issues. So talk about the relationship with Juniper because you have some news guys now part of the announcement with Juniper. Talk about the relationship with Juniper. What do you guys are in part of? So we compliment their solution. There are a series of product line is top of the line. And we have mutual customers who are looking to deploy a TVOS technology inside the network. And they would like us to integrate. So with this announcement today, we are integrating with Juniper's platform and feeding the information as we detect attacks. And so we feed both the device that is infected as well as the signature of the attack so that it can be. So the hard news is you're integrated in with the Juniper products. Correct. So one of the things that Stu and I talk about with Dave Vellante at Wikibon with our analysts is, and we asked Pat Gelsinger who's now at COVM where directly this since he was at EMC and now CEO, is security a do-over? And because of the notion of you got to make assumptions now that the perimeter is gone, you get there in, security is kind of in this do-over mode. And I got to ask you specifically, and we already got the philosophy of your company, the role of compute and networks are advancing. So you're seeing a lot of efficiencies in horsepower. So more compute's coming. You got more dynamic agile networks that Jennifer Lynn was pointing out from the Contrail team. Does that enable you to do more? And talk about your solutions because you have a detection kind of method that's interesting. I mean years ago, people would poo-poo that and say, hey, there's too much overhead involved in setting all these traps. Talk about that dynamic. What is enabling now? Yeah, I think so. There's an inflection point in the technology with the advent of VM technologies. We can actually now deliver a complete deception platform in just sort of speak, you know, in a single box or single instance of VM. And it can be pervasive across the network. So the way we do that is that we take some unused IP addresses and interweave ourselves into the network. So we are kind of everywhere. Yet the normal traffic and the normal users will never see us. But only if a bad guy is coming into the network, he's looking to see where to go, he will find us because we're advertising our availability. We have the actual authentic looking operating system. You speak the language of love for the hacker. Exactly. They go right to you. Exactly. We have a full platter of cheese. You know, a little bit of an open door. And all the- Just a crack. Just a crack and a full variety there. And once he's in, we can detect the device that is talking to us and provide the full forensic or signature of the attack so that it could be used to remediate across the network. So this is called a deception detection. Correct. Deception platform. Deception platform. Correct. And we basically inject deception across the network. So we put it in every endpoint. So we insert some breadcrumbs in the endpoint. So if the attacker captures an endpoint and scrapes the information from the endpoint, we'll lead him back to us and trap him. But the normal user will never see that. The person was using the device. So that's one. The second thing we do is we also insert ourselves in every VLAN. And so no matter where the attacker starts, if he does a reconnaissance to see where am I and where the important services are, he's going to find us and think that he's found what he's looking for. So we look very attractive. We have all the exact replicate of the real servers and all that. And we are per visibly interwoven inside the network. So if you have, let's say, 10 real servers, we would be probably 50 times more present. And so the deception is very effective. The beautiful. So you're out intelligent, the attacker. You're smarter, more critical mass. Correct, we're turning the table on them, number one. And secondly, the technique is very efficient and effective because with our technique, we don't need to examine all the traffic. We don't need to see or know the pattern of the attack. We can detect zero-day attacks. Basically. It's a pole model. They come to us exactly. And that inherently is very efficient from both the compute perspective as well as the effectiveness of the solution. So there's not a lot of, there's no overhead. Or not a little. No, we are waiting to be attacked and we are busy only when we attack. So compute perspective, it's very, very efficient. Particularly important in data center. Because today in data center, if you have lateral movement, you don't have any good way to detect that. If you put traditional solutions like IDS IPs, they're a very heavy compute. Okay, so are you worried to even be in the cube right now? I mean, you're sharing with all the hackers out there are the secrets. So there is a- How? So are you worried? I mean, are you giving away the farm here? So of course we're in a deception business. So we are not saying everything we can do. You're deceiving us in the cube. But we're not deceiving you either. No, but so you have technology. So that even if they know you're out there, they just don't know who you are. It's like bumping into random people in the crowd. Yeah, and actually the beauty of our technology is that we look exactly. So when we go inside a customer's environment, we adopt that customer's environment. So customer can actually bring in his own or hold an image for his servers. So we look exactly like his server. There's no difference between us and the real servers of the customers because we actually have full-fledged operating systems. We are paying the same license fee to Microsoft. For example, same services, same applications. So there's just no way, even if you knew that we were inside for you to differentiate between us. By the time that you figure out or maybe they won't figure us too late. Yeah, it's too late. And once you trip on us, we got you. So it's very, very effective, efficient and there are zero false positives because a method of detection is very fundamental. We're not looking at a pattern or signature. We're basically saying somebody's coming and attacking us and therefore it's 100% high-quality alert. There's no random package that says go off the reservation. I mean, it's 100% attack. Yeah, 100% attack. And we, you know, we validate that. Not that packets go off the reservation, but I mean. No, no, and we validate it because we let the attack continue inside our system for a period of time so we can actually make sure that it's, you know, doing some. Not some machine-based out as you can see. Correct. It's a specific attack pattern. Yeah, specific attack pattern or sudden behavior. So just because something scans, we don't think it's an attack. So we correlate to make sure. So I'm wondering if you can give us a little bit insight as to, you know, what the customers you're talking to are saying because, you know, unfortunately we've seen, security's always been top of mind, but a lot of times it was bottom of budget. Correct. Things have changed, you know, everybody's got, you know, ton of startups coming up in the space, you know, renewed focus, you know, so what is that conversation that's going on inside the C-suite when it comes to security? Yeah, I think so, as you can imagine, everybody's increasing the security budgets now because of all the things that happen. No company wants to be in the limelight. Customers, we are talking to our, typically the top of the stack. The verticals that we have most traction is in financial, healthcare, government, technology companies who have IPs to protect. So these are companies who have valuable information that they need to protect, and at this point it's critical for their success of the company. So we are seeing budgets open up. With our technology, we are creating a new layer of security. This is a deception layer, and because of its efficiency, effectiveness, it's a compelling value proposition, and we are seeing a lot of positive traction in the market. And we think in the next 12 to 18 months, this could become another layer of security, which is like, so far, 10, 15 years of everybody started putting firewalls, then you have sandboxing layer. I think deception is going to be the next layer because it makes so much sense and makes bad guys' life that much more difficult. So we've heard from Juniper and many other players out there that customers are moving to a hybrid cloud model. Correct. And that some applications will span, but a lot of times it's a piece of the data's here. I'm accessing data sources, lots of places. So what's the impact on security then, and how do you address that? So I think it's an inflection point because it's kind of making a lot of customers reexamine their security infrastructure, and a lot of legacy technologies don't migrate well into that hybrid environment. Our technology is really designed to fit into that model very well. So in fact, customers we have deploy us in their data centers, in-house, in the user networks, in-house, or inside the campus, as well as into the data center in AWS, for example. So we have versions of our solution that's available. And in fact, we announced our AWS product in a couple of months ago. So ours is perfect for deploying across the network, very efficient, and through our scalable central manager, they can manage all the instances of this deception across the network. So no matter where the attacker gets in and starts his kilch and cycle, we'll trip him and catch him. For us it's a big opportunity, by the way. Go ahead. Tell us about the competition in your world. In the start-up side, there's a variety of different approaches out there I was seeing, go big or go home, and that seems to be the model of security. Is it a winner take all or winner take most because some approaches are, I won't say science projects, but okay, I was just saying, they're science projects. Some are workable, that start out as theory and then they get deployed. You guys have had some success with customers. Where's the tipping point where security starts to make it? In your mind, and how do you compare vis-a-vis the competition on approaches and certain? Yeah, so I think there's some different approaches. I think we believe ours is a winning approach because of its sheer efficiency. We don't require any signature database. I mean, just the deployment friction is very low and the effectiveness of our technology is very good. So a lot of times you put some data analytics type of solutions and technologies which can generate a lot of alerts for then you need the security staff to go through that to see which one is real attack. In our case, the quality of the alert is very, very good. When we are attacked, we are attacked so there is no two ways about it. So it makes so much sense that we think the deception layer is gonna be one of the winners for sure. And we integrate with all the other environments switching manufacturers like Juniper as well as Firewalls. So we provide it into and complete, fill the gap in the security infrastructure and it's easy to deploy and very effective. So we think ours would be one of the winning categories. I really like it a lot. I think it's a great strategy. But it's almost too good to be true. I mean, I always got a little skeptic in me. I'm not a skeptic, but something that's skeptic in me says, no false positives. That's what you see. What about the misses? I mean, so that's not to say you guys are missing things but there's also other attack vectors and strategies that a customer might have to deploy. What can you share there? Be great if you can get 100% of the attack, 100% of the time. No, obviously, so in security, of course there are different layers required to have a comprehensive security strategy. We've been deployed in some of the largest financial institutions, some of the government applications and all that. And so far we not had a situation where the customer was successfully attacked and we didn't detect. So that doesn't mean that it's always going to be the case. But a trick to this whole thing is that we are going to continue innovating and out innovating and so on and make our technology better and better. But like any prudent customer, they need to have multiple layers in the security. And that's, I think, the way to go. And you see customers up and down the stack deploying security all the way at every layer. Correct, every layer. And for us, the best customer right now are the big companies who have the most sophisticated security infrastructure. They bought everything they could buy in prevention and yet realize that there is a gap and that attacks are making true and we really help them fill that gap. I mean, literally what you're saying is customers are throwing everything at security right now. Correct. They're buying everything. But I think it's changing a little bit because I think there's a bit of fatigue. On an average an enterprise gets 17,000 alerts per week and most of them don't have staffs to come through that. So the solutions like ours which have near zero false positives have a lot of appeal. And I think my prediction is in the next 12 to 18 months, some of the customers are going to back off from some of the overly analytic solutions which give them more work to do. Right, so I think they're going to look for more effective things. So I talked to some of my peers in the security industry. They said one of the next big waves come in is IoT. Yes. Because there's great promise in IoT but the surface area for attack is just going to get exponentially bigger and some of the protocols are relatively rudimentary and how often will they be updated? So is that something that fits into what you're doing? Yeah, actually it fits into very well. In fact, we will be announcing some newer solutions to address those needs and industrial controls. So again, same kind of technique there. We can pose ourselves or insert ourselves as appear to be the IoT and attacker will mistake us for the real internet of things and launch and attack on us and we can trap them that way. So the basic technology we have skills really well and it's actually a big opportunity for our technology. We're talking to some of the largest oil companies and work controls and different devices out which are controlling various utility infrastructure and there's seeing a lot of resonance with the technology we have. How does the Juniper relation help you? Obviously integrating with them is obviously phenomenal. The insight you're getting into the network can help you create more deception if you will. Talk about that. So Juniper is a great partner. Juniper has always been known for being best in class, high performance technologies and some of the customers we have share that we have common customers and we fit in really well. Those are the customers who are really looking for advanced technical solutions to their today's and tomorrow's security problems and they're naturally attracted to us. So for us it's a great benefit to be integrated with Juniper because those customers will find our solution that much more attractive. Shar, talk about the event here the Juniper customer summit. It's their first inaugural event where it's very intimate for the folks that are watching other customers that aren't here and partners. What's it like here? What's some of the things that are going on? What's the experience like? Take us through some of the highlights from your perspective. I think we see some of the top name companies customers here. It's a great event to intermingle and communicate and share ideas. We have a small booth we have had here. We have had a lot of very interesting customers stop by and start thinking about what we have to offer. I think for us it's going to open a lot of doors and we're excited to be here. I think it's well organized, well done program and we're very happy to be participating in it. What's next for Ativo for you guys? Growth, I see security is not slowing. Think big data and storage is more happening. What's your plans for the year? What's your vision? What's next? I think the biggest thing we see is that this new deception is going to become a new layer of security in the 12 to 18 months to come. And that is a big thing and we are a leader in this category, we started this category and we think there is very exciting opportunities for us ahead. A lot of customers are really excited about what we are doing because it makes so much sense. Congratulations and thanks for sharing the data and the insight here in theCUBE and Salota and Rige Salem for us to say theCUBE says hello. And we'll be touching based on, he's at Bain Capital now, good investor, very savvy, seeing your, he's been around the block. Correct, exactly, we're very happy to have him and thank you very much. Yeah, this is theCUBE, we are getting the data, it's secure, it's straight out on the network as we speak, go to Twitter and search CubeGems, hashtag CubeGems and check out the highlights. That's our new product, we're putting out content while we're interviewing and of course go to youtube.com slash siliconangle and that's where all the videos are, siliconangle.tv is tracking all the Cube events. We'll be right back with more live coverage from Juniper's customer summit after the short break.