 Welcome, everyone, to theCUBE Virtual. I am your host, Rebecca Knight. Today we are talking about cybersecurity and healthcare. Our guest is Ken Checkai. He is a problem solver at Netscout. Thanks so much for coming on the show, Ken. Oh, my pleasure. Thank you for having me. I love your job title, a problem solver. Tell our viewers a little bit about Netscout and about your role there. Sure, no, I appreciate that. Yeah, Netscout's been around since 1984 and the gentlemen starter company, two gentlemen starter company, Anil Singhal is still our CEO. He's very passionate about what we do, believes in what we do, and our focus really is really service triage and making sure that important customer services and none more important than healthcare are up and running and functional. And so our focus is really protecting and where we call ourselves guardians of the connected world. We take that very seriously because when you think about the technology, the complexity and how we all really, the reliance on everything that we do and how we rely on technology as a just a society, our focus is protecting that. So the applications, the services, the network, that's all part of the service chain for that. Well, we know that healthcare organizations and hospitals are under tremendous strain and pressure because of the COVID-19 pandemic, but also recently hospitals all over the country have been hit and targeted in a scourge of ransomware attacks. Can you tell our viewers a little bit about what you're seeing and what's happening right now? Oh, yes, it's really sad. It's just an interesting time in the world, obviously, but we are seeing a very heavy increase in the number of attacks and from a cybersecurity perspective, really an extortion and ransomware. And there's a slight difference between the two, but effectively what's happening, we'll call them the bad guys, are going after healthcare organizations that have some vulnerabilities where they have some areas where they can be attacked. And effectively what happens is they will either launch a denial of service attack, which is really a lot of robot type computers launching just directed attacks at these particular caregiving organizations and hospitals. And then so they try to take down services. And that's one thing. So that's really more of a ransomware where they, hey, we showed you, we can do it. Now we're gonna extort money from you until you pay. The other one is more of a ransomware where they've already penetrated what we'll call the defenses of the hospital. And then now they're saying, okay, we've already taken control of your system and they lock you out until you pay the ransom. Both we're seeing lots of attacks in that realm. So what is the upshot in terms of patient care? I mean, this sounds awful. What are patients seeing? What are doctors seeing? Well, it's a really good point, especially in today's world with the pandemic, but really anytime for healthcare. We all have children, aunts, uncles, moms, dads. Nobody wants to be in the hospital for extended periods of time. And when they're in the hospital, we wanna make sure that from a healthcare organization, they wanna make sure they give the best care possible. And the caregiver, so the nurse, the doctor has the opportunity to do what they do and focus on what they're caregiving and not on the technology. So when things like ransomware or extortion or any particular impact on performance for a particular application, it just impacts the caregiver, which is, you know, and it affects us because these are people that you care about. You don't want them in the hospital. You don't want them in pain. And the caregivers, they're, you know, these are passionate people that do what they do. Obviously they're dedicated to it. So when there's an impact from a cybersecurity perspective or a application or a network issue that affects healthcare, that affects our loved ones. And you just, you know, you really put yourself in that position. We, especially at Nutscout, we like to, we partner with our customers. So, and we don't take that lightly. That's something that we mean and it's heartfelt. And the reason for that is we look at ourselves an extension of their team. This is what healthcare organizations offer to their patients and they're there for care to get well. We wanna make sure they have every opportunity to do that and because those healthcare organizations rely so much on technology, networks, applications and really protection from bad guys in cybersecurity. We just wanna make sure that those services are assured. And that's why that's where our focus is. So this, I mean, there are lives in the balance as you're describing. This is a technical challenge, but it's also one of resources. A lot of these organizations just simply do not have the resources to deal with these problems effectively. Great point. That's a great point. I mean, especially in today's world, the actual industry for healthcare is really taking a beating because it really had to focus their whole, all of their funds, frankly and all of their resources towards the pandemic, which would be personal equipment, mobile hospitals. And that's taken a tremendous toll and they've also from just a revenue perspective of really taking a beating, frankly on what happens from their revenue cycles because elective surgeries are way down. So when you start looking at, you take that into consideration. So they've got very, very tight resources and cybersecurity in general is just a thankless job. They're under attack every single day, no matter what their industry is. So when you look at the current situation, you get tight resources, cybersecurity is under a lot of stress and oh, by the way, here come the ransomware and extortion attacks. It's just a, it's terrible what's going on, but this is an area where we feel this is a spot where we can really help. Number one, our focus is really on network and service assurance. So the applications in the network and that's what we're very good at and been doing it for many years. But the upside and the place where we really feel we can help is really two-fold. And that is that same solution, the same deployment that we have for a network and application really can be leveraged by cybersecurity folks as well, mainly towards the areas of denial of service, mainly towards the areas of voice over IP. We think of telecommunications and telemedicine, that's all being leveraged and heavily leveraged right now, specifically by healthcare organizations. Well, again, if I'm a bad guy and I know you're trying to use your telemedicine to take care of your patients and have that interaction with the doctor and the patient and I take those services down, well, now I've impacted patient care. That all runs over unified communications protocols, voice and video, things that we can monitor, not only for performance, but also when we see cyber type issues and that's a really big, I would call it a bit of a hole at the moment, because that's a spot where cybersecurity teams are so strapped, so resource strapped as well from what they're trying to deal with every day. That's a spot we can help with and help with immediately. And as I mentioned, the other part is really the denial of service pieces, which is, that's part of what we do as part of our framework of what we deliver for services. So you're describing an exceedingly complex caregiver chain on so many different levels in terms of cybersecurity, in terms of telemedicine. And you also said that NetScout really partners with its clients. Talk a little bit about NetScout solution and how it helps clients and or healthcare organizations grapple with these challenges. No, that's a great question. Well, the one thing right off the bat is we look at network traffic and that means application traffic. So while we plug in on a network and take traffic from taps and spans and whatnot, we take traffic into our appliances so that we can, then we crunch that data through our smart data. So we call it depth of service intelligence. That's our patent. And we run it through that engine and that creates smart data. And that smart data then can be leveraged for, gee, is my problem with my network? Is my problem with my application? Is it something like a service enabler, like DNS or DHCP or LDAP, which is really the basic building life for active directory for authentication. So when you look at a complex, as you mentioned, a complex chain, an electronic medical records application, an EMR, that's really the go-to application for a hospital because that's scheduling, that's billing, that's diagnosis, that's history, that's patient history. It's just so integral to what they do. And when there's an impact with that, that affects patient care. And no one ever wants to hear, oh my goodness, we had a bad outcome with a patient because of a computer glitch, network application we had. And so what we do is the ability to take all that data in, crunch it through our engine and then display that in dashboards that are very easily consumable by not just network people, but really application, even management, cybersecurity, unified communications folks. And the focus here is we wanna get the problem set. We know there are gonna be problems. It happens every day and networks and applications are complex. The idea is when we have an issue like that, let's get the problem to the right team so that it can then go through their service restoration process. And again, the whole point here is keep services up and running. But the challenge becomes in a complex application team set up where you've got DNS, DHCP, LDAP, RADIAS. So you've got service enablers, then you've got web servers, application server, database servers, load balancers, firewalls. When somebody says, oh my goodness, the EMR is down or we're having issues with our network, that's a very tough chain to try and pinpoint. It's almost needle on a haystack. So what we do, and this is kind of our Bailey work in the world, is really we take all of that different traffic and we expose where are the hotspots? Where is the latency? Where are the error codes? Where do we see protocols that aren't behaving well? What are we seeing things that are, we're seeing authentication failures. And the big win for the healthcare organization on that standpoint is I can see all of my traffic, all of my applications and then I can pinpoint where I'm having issues so that I can restore services very quickly. What are some of the best practices that have emerged in terms of the company, in terms of the organizations and hospitals that are doing this well? What would you say that they're doing right? One thing, they want to partner. So they recognize the fact that number one, they've got limited staff and they actually want to partner with that scout. And what that means is we actually go in and we'll design solutions that will address their specific requirements. That's very important to what we do. But when we do so, we take, we have different product sets but our finish stream, our finish stream next generation ISNG is our data collector. And that's really the workhorse of our solution that processes all the packets from we'll get technical here for a second, but one gig to 100 gig. And that's a lot of data to process. And because we can just get to the point with the process to the smart data engine and get to the problem to show me where my latency is, show where my problems are, showing my protocols, pulling that up through our packet flow switch engine which kind of facilitates us collecting for multiple hops of the network. A lot of times IT folks will ask us, well, we want hop to hop views of this. And like, great, let's do that. We can do it right now. We just need to sit down, design it. But we really design towards their use cases and in healthcare. It's very common, you're gonna have DMZs, you're gonna have people accessing their electronic medical records to their DMZ and things like that. And as it goes through the back end services, we basically taking a traffic feed from all those different hops of the network work and cases that make the most sense, the primary spot and choke points and then take that data in and then we do what we do. We expose the data and expose the performance information and most customers and it's like this in the world. People usually don't call you up to say, hey, Rebecca, you're doing a great job today. I want to buy you a cup of coffee. Especially in IT, they call up to say, hey, things aren't working. Hey, fix it. Hey, I can't do something. And so our job is to help facilitate with those customers and really partner with them to design solutions so that they can not only view that information but also triage it really quick. And the word triage makes a great deal of sense in healthcare. For example, if you hurt your finger, they're not going to take an X-ray of your foot. Makes no sense because they've already triaged that that's not your problem. We do the same thing, but we do it more from the network and application side to see where the hotspots are. You are the IT triage. So talk a little bit about this, you are a problem solver. And so right now we have a crisis on our hands of monumental proportions. Do you think that it has forced healthcare organizations and hospitals to innovate more quickly at this time? Or do you think that there is still just so much uncertainty taking place right now that it is hard to see the forest for the trees? What are you seeing? That's a really good question. We're seeing both, just to put it just very, so one of the biggest changes that really the pandemic's had on everybody is the switch to everybody went from, I have 10, maybe 20% of my workers working remotely or VPN contractors, things like people that are just can't be in the office for a reason, they switched from 10 to 20% to 70, 80, 90%. So it was an overnight change. So think of the impact on that. The caregivers are at the hospital, they're actually the frontline workers, they're at the hospital serving their patients. But people in the administration, accounting, IT, other things that are important to the organization all had to switch to work from home, obviously for safety reasons. So the impact on just the internet link number one, huge impact before it was used for outbound. Hey, I'm gonna go check, I'm gonna go do some research, I'm gonna go check a website, I'm gonna see what sports activity is going on today. Now all the tribe is coming inbound on the internet. So that's number one, number two, big change VPNs. VPNs took an enormous beating that maybe they were sized for that type of scalability overnight and maybe they weren't. So the organizations that were kind of prepped for it, not such a big change and we've seen some good results from that, but there are also organizations that immediately had to switch to, oh my goodness, I need to upgrade my VPNs and my internet links because I wasn't prepared for this. So the larger organizations sometimes have a little more capabilities to make that change quick, the smaller organizations, that's a tough call. So they really have had to innovate quite a bit on that side of it. But when you add that stress on things that also shows that the internet and the VPN is really points where the bad guys are gonna target which again, we're starting to see that in the ransomware and the extortion attacks. So it has forced innovation certainly, but you bring it to the point of forced to the trees. There's still a lot of work to be done. So that's where we're really putting a lot of our focus, especially in healthcare right now because it's got the biggest impact, well, frankly, to society right now and it'll just the companies. So as company, as other organizations are navigating this period of new normal and of course we've had some positive vaccine news. So we can say that perhaps there is going to be an end to this pandemic in the coming year, but how are they planning ahead? I want you to close us out here with how healthcare organizations are thinking about the next 12 to 24 months. And if you have any advice for them, I'm sure they would be all ears. Yeah, I think we could all use some good advice right now on that one. Short answer is, I don't know either. Right now in healthcare, it is a big challenge because of the, as I mentioned earlier, the impact on the personal protection equipment, mobile hospitals, and frankly where they've had in the revenue loss. So it's become a, you basically have to do more with less right now, which is one of the things that we do. And really, it's kind of our message for customers anyway. I'm a big proponent of use what we have. If you have our solution, use what you have and use it to its full extent, especially while times are lean, we just don't, the wallets aren't as big right now. So we're going to have to really focus yet. I mean, has there been a bigger time in healthcare ever than right now? I can't think of one. So our focus right now in our message to our customers and anyone else is if you've got our types of solution, use it to its fullest capability so that you can triage and so that you can, not have patient impacting issues on top of all the other things you have to deal with. The, bring up the point about the vaccines. One of the things that we've seen, especially for what's called healthcare organizations that are more research focused is the bad guys aren't very nice. So the bad guys are going to go after organizations where they can have a big, we'll call it splash, or they can steal something. So the research hospitals that are working on vaccines or something in that realm have been huge targets, again, DDoS for ransomware and extortion. My message for anyone in healthcare right now is, you know, bless you first of all and second of all, use what you have to its fullest extent, which means a solution like ours. Yes, use it for network monitoring, use it for application monitoring, but please use it to protect yourself for cybersecurity type visibility. We typically in a lot of cases, we'll see traffic that some cybersecurity tools don't and not because they're bad tools, but because we're installed in places that they sometimes aren't. So that might be where they're typically installed maybe on the perimeters of network and endpoints. We actually are instrumented through that service chain. So not only the outbound internet, the wide area network links, the VPNs and DMZs and VDI and all those acronyms that are thrown out. Those are typical spots for us, as well as though virtualization, to be cloud or private cloud. So effectively we have areas of visibility that can be leveraged in bigger and better ways, even really on the cybersecurity and unified communication sides of the fence. So my message would be to be just use what you have to its fullest capability, especially while times are lean and keep up the good fight. Excellent, leverage what you got. Ken Check-Eye, Problem Solver at Netscout. Thank you so much for coming on theCUBE. Thank you for having me, it's been a pleasure. I'm Rebecca Knight, stay tuned for more of theCUBE Virtual.