 We're back in San Francisco. We're at Moscone West. You're watching theCUBE's coverage of RSA 2023. This is day two of theCUBE's coverage. Really excited to have Kumar Ramachandran here. He's the senior vice president of SASE at Palo Alto Networks, and he's joined by Rex Thexton, who's back on theCUBE. He's a cyber leader at Accenture. Gents, welcome. Good to see you. Thanks for having us. So Kumar, you just came off of a keynote. You do a keynote on AI, of course, and network security. It's not a topic here, it's AI. So how to go? Oh, we're all seeing the impact of AI and ML on cyber security. I was on stage with Neil Boland. Neil is the CISO of MLB, Major League Baseball, and we were really having a robust discussion on how one AI ML has become absolutely essential. The reality is this, right? Many vendors, including us, we've been using AI ML to secure and to automate operations for several years now. Chad GPT has put it in the popular side guest, right? And what we will continue to see is a transformation with co-pilots, autopilots, whatever the industry builds. But the discussion we had really was if you take it back to the basics, AI ML and data science, only work is we have the right data, right? And the data really has to fulfill the three principles, right? You have to have complete data. You have to have consistent data, and you have to have correct data, the three C's. Complete, consistent, and correct. That's right. And if you have fragmented systems, which is how we used to build network and IT infrastructure systems, it's very hard to get that. So it's very hard to implement AI ML at scale. Whereas in SASE, you now have a unique opportunity where you can get a complete platform, your mobile users, your home users, your branch users, your SaaS applications, internet, cloud, private data center applications, network security, all of it coming together. So now you have the opportunity of delivering transformational outcomes to your customers. Explain that a little bit more, SaaS. So it's kind of the big buzzword right now, but it has meaning. So give it some meaning, secure access, service edge, what should we know about it? Yeah, so if you think about it, right? Pre-pandemic, when most customers were employees, but really coming to a branch office, accessing corporate resources. You used to put security primarily in the data center because that's where you're delivering your applications from. The pandemic really accelerated the transformation where people with digitization, much more aggressive adoption of cloud and SaaS, and then hybrid work became a real thing. We now expect to work anywhere. In this model, putting a firewall or a security stack in your data center alone doesn't cut it. You need a model where security is pervasive and can meet the user wherever she is. So what we did with SASE was we said we have an opportunity to reimagine how security is delivered. So we built this highly scalable multi-cloud service that's distributed globally. Any user anywhere, when they're accessing their application, they get processed with a full stack of security. The other interesting thing about SASE is the policy model. The policy model has migrated to a zero trust model. Previously people used to have the notion of I'm in the network, if I'm in the campus in the office, I'm going to trust the device to a certain extent, trust the user to a certain extent, give them network access. Whereas now we are moving to a model where you really want a policy based on, hey, I'm going to publish an application, here's my user, let me specify a policy. My user has access to X applications based on a device profile. User application device rather than worrying about networks. I think those are the big transformations. So Rex, I know when Accenture gets involved, it's actually a real business. Actually, with the one exception of my first quantum demo was that an Accenture thing in Boston, it was unbelievable, I learned a lot, but that was very cool. But so you guys announced a bunch of stuff, the SASE diagnostic and advisory services, SASE implementation services, SASE is a managed service, so you guys are seeing the opportunity here. Explain what's going on from your perspective. So one of the things we've seen is, as things have tightened up recently, that a lot of our clients are slowing down the pace and what we're trying to do with the diagnostic is create a data-driven approach to identifying the business case outcomes, so how they can deploy SASE and save money. This is a real business case that there's a lot of cost savings that can be deployed. A lot of people are using legacy architectures, running backhaul traffic through the data center, and so there is a meaningful business case that we've made in that. So that's diagnostic, it's the goal in where we invest some time leveraging the Palo Alto stack to go in and it's a little bit of some feedback. Testing one, too. Yeah, here we go. Someone said feedback is a gift, not this audio feedback. Yeah, it's not, I was a rockstar there. I love that line. Anyway, so the goal is to help clients identify that, and we feel if it's a data-driven approach, they'll believe it, right? If it's just a conversation, consulting speak 101, they're just like the Bible. If you can show them the real data, the user experience improvements, the cost savings, then it becomes more real. And then the implementation, obviously we implement the technology in the case, but the thing that's more exciting to me is this SASE as a service or SASE as a managed service, because what we're trying to do is help our clients scale this technology, right? And a lot of they can implement some core use cases, but they oftentimes have a hard time scaling it out to the enterprise. And so what we're doing as a people at this SASE as a service is being able to go in and help our clients do this at pace, have an ongoing deployment and capability so that they can scale out through the enterprise in a cost-effective fashion and doing it in a shared service model where we can provide scale. Because I think that's the one thing, obviously you've known Accenture for a long time, we can help clients scale and we can provide scale to this. And I think that's what we want to do because we are kind of stressing off the importance for our clients needs to modernize. Everybody needs to modernize them. We need to retire tech debt, consolidate tools. I mean, look what it takes to do now in a network, right? How many tools? That's right. A ton, right? And you can come in and leverage it into one platform, reduce the number of vendors that you have to work with and reduce the toll blow. It drives a huge business benefit. So you mentioned the business case, Rick. I mean, it's hard dollars these days. It's very hard dollars, it's not soft. I mean, they want to see it. And so, and how has that changed? I mean, are they looking for, I mean, I know it depends, but are they looking for big numbers? Are they looking for fast payback? Are they looking for low risk? You know, low risk, high return? So it's, I think, you know, and some of the, you know, I've worked with a lot of large clients and you know, they want to be able to scale without driving up costs. Kind of what Cloud did was everybody ran real fast but their operations cost exponentially. And they want to be able to scale with keeping their costs flat and do more with less operating leverage. The labor operating leverage, yeah. And then, you know, ideally they get some cost savings out but it's more about, you know, just being able to do more without, you know, driving up costs. So, stepping back a little bit, Kumar, what do you see as the real demand drivers for Sassy and the sort of market catalyst? So we see four really important catalysts and projects that our customers are doing, right? During the pandemic, we saw this VPN replacement. Where people were traditionally having these VPNs that brought your traffic back to your data center and then sent it out. And if you're sitting in your home and you're trying to access SaaS services or internet in addition to your corporate resources, that doesn't make sense. So VPN replacement to a ZTNA model where you move to the app user device-based policies without VPNs, that's a huge driver. The second big driver really is your on-prem SWIG or secure web gateway replacement, right? People build these proxies that they used to deploy in their data centers, process the traffic there and then send it to the internet. Again, makes no sense. People are migrating to a cloud proxy. That's a big driver. Third big driver, SaaS adoption. People were deploying standalone CASB products to protect their SaaS applications. What they quickly found is that over 50% of the SaaS breaches are related to poor posture management. Because think about it, right? If I'm an enterprise, I can't understand every one of the 100 SaaS applications I have and how exactly I should configure it. And then every time the SaaS vendor doesn't update, what are the edits I need to make? So having an automated drift prevention mechanism, mechanism to protect it properly, that became the third big project. And then the fourth project that is particularly exciting, we're seeing the return of the branch. During the pandemic, rightfully in many industries, the branch office was less of a priority perhaps. Now it's back because people are back in a hybrid work model. I'm in the office three days a week working from home two days a week. So people are having to re-architect the branch. There's a very interesting thing we're seeing in the branch office. There's not really a very variable user population because people are in and out depending on day of week. People are using rich media and video and Zoom in the branch tremendously. People come to the office, some of their coworkers are at home. So I'm turning on 1080p video on my Zoom call. So we're seeing ridiculous amounts of bandwidth explosion and variability. These are the four big drivers for SASE right now. Are you guys, so you're back in the office too? A few days a week here? Yes, yeah. So it's interesting, I go in every day and it's like bookends. Monday and Friday, traffic's light except Friday afternoon, everybody's going out, right? And in the middle of the week. And so how are organizations, are they able to dial up, dial down? Do they have to? Yes. So if you think about it, if you're only deploying hardware boxes, then you would have to keep scaling those boxes for peak capacity, whereas SASE is a service you're delivering from the cloud so you can dial it up or down depending on how your branch is, right? The elasticity that you get in addition to security is absolutely massive, right? Yeah, I can't stress the security aspect enough, right? Bringing security to where the user's at, right? You know, it used to be impossible now it's delivered every day. That's exactly right. And you know, to echo some of the comments he was making about how Accenture adds value, right? Any IT project, there's a three piece, right? People process product. And vendors like us, we love delivering innovative and absolutely fantastic products, but partners like Accenture, those are the people and the process pieces, right? How do you ensure that you have the right kind of ROI? How do you ensure that the client's process transformation is adapting to this new model of security and network consumption? And they're able to accelerate that transformation for our customers. Well that's where you get the business value. I mean, you get the technology, you have to apply it to a business, you have to understand the business. It might be, you guys have specific industry knowledge and like you said before Rex, you've got scale. What, how does this compare to some of the other, you know, relationships that you guys, describe the relationship over time. What gives you confidence that this is going to fly? I mean, you guys have a lot of experience. What are the similarities? What are the unknowns, you know? Yeah, so you know, I think the big, what do we bring to the table uniquely, right? What we bring to the table very uniquely in the marketplace really is that for all the use cases that I described, it's a unified platform. Now what does that mean? That in our case, it actually means that there is a single data lake that's collecting all the data related to network, security and operations for that mobile user, the branch user, the home user, accessing internet SaaS cloud data center applications. This has never ever before been done in the industry. There is absolutely no other vendor who's done that because we've actually collapsed that data. In one data lake, we're able to apply data science on top of it. And when you apply data science on top of it, we use traditional data science like correlations, regressions, we use AI and ML, we use LLMs increasingly. We're able to automate security. We're able to automate operational outcomes. So when a partner like Accenture comes, what they're trying to do really is get our customers to not only use one use case, but the more you use, you have one plus one greater than three effect. The customer saves more as they expand, right? And the best of the capabilities are native to the platforms. That's how the partnership, the customer benefits, Accenture is able to bring tremendous value. We're able to deliver an incredible platform out there. Well, Rex, that's your scale point that you were making before. What about from your perspective? We were literally talking about LLM and generative AI and the application of it to this because they have this, but we feel that we choose our partners that are innovative, that are not thinking about what's today, but what's tomorrow, right? I think that's what's super exciting to us. And to think about, there's a lot of work in creating policies, but as you learn from this data, you can auto-suggest policies, even auto-implement policies, and it can become super smart, because I truly believe there's not enough security professionals in the world to secure the world, right? And so we need to leverage these new technologies, but they have to be trusted. And I think with the data, the collection that they have, they will have a trusted, secure AI, which is super important, because if we get a lot of hallucinations, that's a big buzz word now. Yeah, yeah, I've been hearing that all week. I'm sure. But then people aren't going to trust it, and they're not going to use it. And so it's super important. That's why we need to work with innovative companies that are reputable, that understand these capabilities and these techniques to implement them in the appropriate fashion. And it's super important. That's a soil, come on, are you saying that's you? No, we implement, no, but we do implement. They're the ones that will run the LLM. They'll do the training, right? But we'll help interpret it for our clients and implement it in a meaningful fashion, yeah, exactly. Is that, I mean, again, it's a true partnership. It comes back to the business case. You're making a business case. You make a business case, you're making a promise to the client. 100%. And then they're expecting that they're going to get at least, and you've got to be, you have to come in with some degree of conservatism, and you've got to hit that number or beat it. It's like an earnings cause. You've got to hit the number. 100%. You know, where you going to get, you're going to get dinged. No, and I think, you know, I've made a living in this industry of doing what I say, right? And I think that's super important that you live up to your word and being able to work with partners and companies that you can do that is super important to us. And that's why we're working with. Do say ratio, got to be high. People oftentimes get that backwards. Say do, no, we want to do say ratios high. No, but it's got to be achievable. It's got to be attainable. And I think, you know, like I said, this is a similar moment in time, I think for security, we can really move the needle forward if we get this right. I think it is, I mean, you know, I think we're all old enough to remember some of these giant waves. And it feels like we're, you know, over the last 150 days, it feels like we're entering another wave here. You know, it's very hard to predict what's happening. I mean, you got the crazy supply chain, the economy's really unpredictable. You got all this GPT and foundation model stuff going on. And you know, a lot of layoffs and a lot of engineers now starting companies that are going to disrupt. It's kind of exciting. A lot of M&A going on and signing times. That's right. And you know, it's times of opportunity, right? And opportunity, if you think about the opportunity for the last 10 years, we kept saying, hey, data is a new oil and so on and so forth. You're seeing the opportunity right now. And you know, to his point, if you look at the security landscape, the threat vectors, as looking at some of the data points, right? You have, what is it? In less than 15 minutes, from the time of vulnerability is introduced or spoken about, you have scans coming into major customers. You have a 150 plus percent growth of the use of things like cobalt strike. It's not going to be too far away when you see LLMs being used by the bad guys. So if you're not using data science, you're not using AI, ML, to actually contract all these and secure your customers, your customers are going to be exposed. And that's why having partners who can guide customers into platforms where data is sking are going to be back. And I'm looking at this Unit 42 threat report. And 60% of the incidents take between more than four days to respond to. Yeah. Right. And it's 40% to zero to four. That could be three. And would you say it takes 15 minutes? So from the time of, let's say, some major company announces a vulnerability in their products. In less than 15 minutes, you start seeing major attempts, scans to exploit that vulnerability globally. Yeah, so four days, they didn't cut it. They didn't cut it, exactly. So you have to, if you're not using AI, ML, and data science, where it's LLMs, where it's deep learning, where it's ML, you have to use all of the above. But it all goes back to the data. Garbage in, garbage out. That was true pre-GPT. It's true post-GPT. So if you don't have platforms where data meets complete, correct, consistent, you're going to be out of luck. So what do you guys, go ahead. I was going to say, a lot of clients find out they have a breach from somebody else, which is quite fascinating, right? They don't even discover it themselves, which is quite fascinating, if you think about it. Well, hey, this has been happening all, for a long time in this industry. You go back to Stuxnet, all right. What about this event? I don't know, you guys here in 2020? Yeah. Yes. Okay, so you were here for the last RSA before COVID. I got the sniffles. No, just kidding. Yeah, yeah. Right, but it was a weird vibe, right? But now it's like back. I mean, I don't know what the numbers are. It's got to be at least 50,000. Yeah, there's a lot of energy, a lot of juice here right now. It's been pretty excitingly. The future of this conference seems very good. The future of the industry is good. I think the future of the industry is bright. I think we're at this, you rightly stated that we're at a very pivotal moment, right? If you take the thesis that data science, AI, ML, LLMs are going to be a critical part of this transformation, you really have to go back to the drawing board and say, the products I'm choosing in my environment, will they allow me to establish a framework that is not manual, that actually can be run with AI and ML. And I think that has to the start point of any IT transformation project, right? Whether in SASE or without, if you're not thinking about what is happening to your data, right? As a CISO or as CIO, you're going to be in a lot of trouble. For us as a vendor, our obligation really is to make sure that we are ensuring that we are gathering the right kind of data, we're very confident in that data, and then we're applying the might of our algorithms at scale, right? I'll leave you with a couple of factoids, right? Our system today, we see and stop 236 billion, that's billion with a B, threats every single day. That's over a trillion in a week, right? So it is that scale at which systems need to operate, and it's also that scale at which you start learning enough that you can actually implement things in line and security, right? So while the bad guys react in 15 minutes, in our case, 95% of the time, zero-day threats, threats the system hasn't seen before, we're able to stop using inline ML. So our reaction time is zero seconds, 95% of the cases. That's real time, yeah. That's right. All right, gents, congratulations on the launch, and good luck with everything. Thanks for coming on theCUBE. Thanks for having us. Thanks for having us. Appreciate it, you're welcome. All right, keep it right there. Dave Vellante will be back with John Furrier. This is theCUBE's coverage of RSA 2023. Go to siliconangle.com. We got all the news. We got multiple journalists and writers here. So check that out. We'll be right back right after this short break from San Francisco.