 Live from Santa Clara, in the heart of Silicon Valley, it's theCUBE, covering Juniper Next Work 2016. Brought to you by Juniper. Now, here are your hosts, John Furrier and Stu Miniman. Hey, welcome back, everyone. We're live here in Silicon Valley in Santa Clara, California. This is theCUBE's Silicon Angels flagship program. We go out to the events and extract the signal from the noise. I'm John Furrier with my co, Stu Miniman, and also at wikibond.org. And our next guest is Chris McGurdy, VP of Global Security Services at IBM. Welcome to theCUBE. Thank you. So, obviously, Stu and I have been talking about security all morning. Juniper, a networking company, talking about security, obviously it's the hottest area where the action is. And where the threats and the detection and the enforcement's all happening. You know, policy-based networking. We've seen this before, but more than ever, security is the number one conversation. Top of mind. It's in top of mind, boardroom. It's all about risk. Now, it's all the hacking from foreign countries. Big enterprises are being affected by this. So, obviously, IBM is a lot of big enterprises. I mean, how do you guys talk to customers? What is IBM's conversations with customers when they say, hey, help us? So, all of our customers are now coming to us. And one of the most important reasons is because our chairman talks about security all the time. And one of those pieces that we like to talk about is secure by design. So, our customers, as they're developing solutions and asking us to write new applications or build new infrastructures or look at going to the cloud, their expectation is it's secure. And we can't provide a solution to our customer that doesn't include security because their expectations are we are building that. As the largest enterprise security company in the world, our customers expect that to happen. And of course, IBM's got the magic of Watson, a cognitive brain of the network, if you will. Yeah, but all kidding aside, cognitive is AI, promise of AI, machine learning. It's using data, but it's still a human problem. I mean, you still need to deploy the business policies, understand what a threat looks like, understand potentially unknowns, pattern recognition. It's a big data problem meets networking. Absolutely. So, very interesting story as Watson was first being created for security. So Watson for security, you're taking structured and unstructured data and trying to make intelligent decisions with that. The security language is very different. So ransomware, what does Watson think about ransomware? The first time Watson heard it was, that's a location, geographic location, where is it supposed to be? So it's a challenge to educate Watson on the different language of security. So currently today, we have eight universities that are participating in helping educate Watson to become smart in security. In our managed security services, we are already using that for our customers. So we're ingesting about 35 billion events per day. So that way we can teach Watson how to help us make better decisions at level one, level two, and level three. So as threats happen, we're able to provide remediation and take action much more quickly. So up and down this stack pretty much, you guys will look for any events and feed that into Watson, almost like a black box, if you will, but ultimately for some sort of predictive, prescriptive solution? Absolutely, so think about the number of white papers that are written in security. How do you make sense of that in a very quick amount of time, along with real events that you can look at, the telemetry data with source data, event data, and then be able to say this is what type of event this is. So you can have different variants as hackers create and utilize old code. We continue to see the same types of events. SQL Slammer, for example, is still prevalent in the wild. Different variants of that are used to create new attack types. We must be smart about that and use old intelligence structured data to be able to write new signatures or look at those different types of variants and understand how do we protect our infrastructure against those types of attacks. Chris, Juniper's been talking about the transformation of moving from hardware-defined to software and cloud-defined. How does that fit in with the services that your group offers? Absolutely, so as a security service provider, we're both doing network design, deployment, as well as managed services. IBM is the only company that is able to help from a strategy to deployment, as well as being able to do the run state for our customers. As we're looking at cloud, hybrid cloud, and continue private data center, it's important that you're able to provide a risk framework that is measured the same way across all those types of infrastructures. So we're able to look at and utilize the Juniper platform as what we call a zero trust infrastructure. So whether you're going to a cloud or you're a traveling sales person or in a different role where you're connecting to the network infrastructure, we want that person to be inspected the same way, whether they're on-premise or off-premise, they must be treated as zero trust and that's what we're bringing to the market in what we call our security hub along with Juniper. So as an emerging offering, whether it be hybrid cloud or cloud, we need to be able to do that same type of inspection wherever that infrastructure lies and looking at the network is the most important piece. So being able to capture network traffic from all endpoints is important to get all that telemetry data. What about SaaS and security because this is a cloud problem too and people move into the cloud at a rapid delay. How does the SaaS software market impact your engagement with customers? Because in one level it's like, we got to move to the cloud, all this operating benefits are going to be great, good leverage, a blue mix, there's some cool stuff going on with IBM, soft layer hosting and blue mix, but yet there's now more problem areas potentially or is it better in the cloud? I mean, how do you guys have those? Take us through that conversation. So the conversation is very much, you should adopt cloud, right? We want to see people move to the cloud. It's very important as they're able to get more elastic, right, as a service offerings where customers can consume in an OPEX type model. So we're actually able to provide infrastructure as a service as well. When you move to the security platform, it is a great opportunity to transform your security environment. You don't have the same legacy problems as you're moving to cloud infrastructure. The cloud providers have already started thinking about what type of security services can we enable in the cloud? I was recently in the Philippines and some of the reasons around compliance and making changes to their security policies haven't really hit, but as they start making leap changes in the type of infrastructure they're able to provide, they're looking at how do we do secure by design? So the first thing that they talk about and in most of these organizations the same way SaaS as they move to the SaaS environment, they're looking at how do I put security in that? The first thing they think about is we can't deploy this without security and that's what we're emphasizing with our customers is you must be secure by design. And this brings up another point about your customers ultimately in the SaaS market, the API economy, it's a lot of different software that could be really good. So let's just say I'm a customer and I'm an IBM customer. I'm like, hey, I use ISVs a lot for instance and they have apps. What do I do just about securing the binary? Is it a binary in the app? I mean, what's the right, I mean, I don't want the malware. So I don't know idea, it's all about zero trust but I have a trusted relationship with ISVs. They're going to run on my network. I mean, it's a nightmare for them. So how do you advise that situation? So what I tell people is you have to look at security end to end. You must look at the risk of the applications that you're running. What is the data that is residing in the cloud? So are you putting your crown jewels there? How do you put protection around those types of assets that you're moving to the cloud? Are you testing those applications? The cloud is simply another place to do offload computing. So you must have the same risk framework. You must employ the same type of strategies for protecting your infrastructure in the cloud as you would at any type of private data center. You must be able to have visibility of the events that are happening in the cloud and correlate those to the things that are happening in your environment back in your own private data center. Chris, can you bring us inside some of those conversations you're having with your customers? Security's such a tough issue for most people. It's a board level discussion. What are you hearing from your customers? So our customers are telling us exactly that. This is a board level discussion. It's what keeps us up at night. They have to protect sensitive data. My conversation with them is, how do you make money? Where are you making money? And in the event that revenue-producing take a power or utility, for example, and someone stopped them from creating power, what would happen to your business? How long can you run without your business? An online retailer. If you experience a denial of service attack, how long can you go with your website down before you have to shut your business down because you can't sell parts or someone they'll go to another competitor? So I look at it as one brand image, right? So there's certain industries like financial where we see industry turn rates of seven to 10% in our recent Ponymon study. In other industries, it's about revenue-producing. So energy utility, retail. If you can't make money, then you're going to have a problem running your business. So one of the things that's come up on Twitter is concerns regarding cloud threats around malware. We've seen the zero-day attacks. Threat Actors are constantly changing malware to evade signature-based detection. Questions kind of come up to us on Twitter here. What does IBM say to that? Because we heard a little bit of that here about the malware and the FireEye CEO saying, hey, signature-based attacks are static. How do you guys talk about that? Because that's one dimension of how malware is getting smart and dynamic. And so the signature-based detection isn't really working. That's right. And I would tell you that that's been for a very long time. And there are many malware providers dating back to 2006 and 2007 that, you know, as public disclosures reached seven, 8,000 vulnerabilities. And malware providers can't keep up with that. So it is, it used to be- And the new technique is what? Network stuff or what's the- Absolutely. Ransomware. Denial of service on network infrastructure. So being able to look at different protection strategies and to layer those protection strategies in, looking at the endpoint, if you only have visibility to your perimeter, you're only seeing about 10 to 15% of your network traffic. If you can see it down to the endpoint, you can get 100% of that traffic. You have to be able to do incident forensics so you can trace back and find out where the problem is. Endpoint data protection is critical to understand where's the source, where's the destination. So that way you have complete visibility across your entire network infrastructure. So obviously IBM and Juniper have had a long partnership there. They've been talking a lot for the last few months about SDSN, the software defined secure networks. How does that resonate with you? What's your take on what you've been hearing at the show so far? So software defined is really the next wave and where we are taking our customers together. So one of the emerging offerings that IBM and Juniper are going to market with is what we call our security hub. We've deployed this in several of our customers and the ability to have multifunction capabilities to be able to take our customers to look at their network traffic, to reduce overall cost in an OPEX type model. In one case, we were able to help with network latency, save 33X of what they were paying on their network infrastructure. At the same time, passing packets very fast, reducing cost to provide a secure solution for that customer. So they are capturing the benefits of having security hubs where all traffic is going through the security hub, providing the same risk posture, whether the client is on the inside of their network or from the outside of their network going to any type of cloud provider that they have, they're looking at their entire infrastructure in the same way. At the same time, they have that visibility that comes back into their security operation center. They have Qradar as their SIM, market leader provided by IBM. What we're able to do now is to take with machine identity and now identify users. So identity access management is a huge problem in security. What hackers are doing are capturing user credentials, creating additional user credentials. If you can grab the credentials that are performing the bad behavior, you're able to block it at the user level as opposed to the machine, and that's the capability that we're enabling for our clients. What do you say to those customers that have just had software-defined fatigue as they've heard so much promise from the industry, but software-defined networking hasn't necessarily hit for a lot of customers? That they need to be looking at the TCO. They aren't ready for a transformation, but once they start looking at a total cost of ownership or a ROI around what it means to be able to increase their bandwidth, to provide more security, it's a no-brainer once they start to get that information. And really, it's a couple-page document that is all fact-based. It says, I can save money, I've got a better and more secure solution, I've got more throughput that I can bring to my clients and provide a better user experience. So you're saying SDN, ultimately, is the promise of SDN kind of resides in security? As a security practitioner? From an ROI, from a TCO, I mean TCO, total cost of ownership. Yes. The impact there is security. Low-hanging fruit for TCO. Absolutely, absolutely. To be able to make those changes in the infrastructure, security is no longer a byproduct, but it is the answer, really, and of getting to that solution. So one of the things about the stage today, I want to get your thoughts on this as a parting comment, was automation is inevitable and good? Is automation trustworthy and how and why? And why is automation a good thing relative to the security conversation we're having? So automation has been a long time coming, especially in the security space, so people trusting things to automatically happen, especially when you're looking at a network person that wants to ensure packets pass, availability and capacity. When you're making changes on the fly, you have to be able to trust. So the more data and information that you can get to make sure that those changes and the automation around those types of changes, taking out human error, as I look at security, most mistakes happen because of human intervention. And I call those sometimes the oops mistakes, even down to users clicking on URLs. They make mistakes, very intelligent. Clearly a trust gone bad situation. Absolutely, and even the best make those same mistakes, but the testing and the tricking. It's a big data problem at the end of the day, all of us is coming down to big data. Absolutely. And the cognitive stuff that you guys have resonates with customers I can imagine. Absolutely. But then you get down and dirty, it's the packets at the end of the day. The malware needs to travel on the network before it gets to its host. That's exactly right. You got to get it where it's moving, right? You attack the move, moving threat. Absolutely. And the more data you can get, and that's a big challenge for us, right? So we like to capture as much threat data, as much vulnerability data. So the event data is critical, having all those events. Absolutely. Coming into the security hub, if you will, to look at everything, zero trust means every signal matters. That's right. And you use those signals to extract patterns, map that against other data sets. That's right. That's going to be the flywheel, right? As well as ingesting threat intelligence. What do we know about other events that are happening, potentially at other customers, or as we're doing threat research, or collaboration from our clients. Collaboration in security is one of the biggest pieces that we can do as the good guys in the marketplace. That's actually the biggest story I think of the year is that the security community is actually going to, bringing that old extra net mentality to the market where they're actually sharing the jewels of their network with other customers unprecedented. So there's like a social network developing amongst security experts. That's right. So you see many of the ISACs and the most prominent is in the financial services, FSISAC, has been doing this for many, many years. IBM has a product called X-Force Exchange that is free to customers. We have over 2,000 customers that participate and provide event data to us and to each other so that they can share in the community and understand what is happening, what are the bad guys doing, or understanding the events that happen in the environment. And the more we can do that, the better we are in combating threats. Chris McCrady, VP of Global Security Service at IBM, talking about sharing the data, but also making sure it works well, gets locked down, gets the data and network all combined working together. Thanks for sharing. I guess that's the cohesions do we've been hearing this, the theme of the show, digital cohesions all about sharing the data. Chris, thanks for sharing your insight and the data here on theCUBE. We're all secure here on theCUBE. There's more coverage after this short break. Thanks, John.