 Live from Las Vegas, Nevada, it's theCUBE, covering Accelerate 2017, brought to you by Fortinet. Now, here are your hosts, Lisa Martin and Peter Burris. Hi, welcome back to theCUBE. We are SiliconANGLE's flagship program where we go out to the events and extract the signal to the noise bringing it directly to you. Today we are in beautiful Las Vegas with Fortinet. It's their Accelerate 2017 event. I'm your host, Lisa Martin, joined by my co-host, Peter Burris, and we're very excited to be joined by a technology alliance partner, Nozomi Networks, Edgar Capdeville, you are the CEO. And welcome to theCUBE. Thank you, happy to be here. So a couple of great things that Nozomi announced just a couple of months ago. One was they just secured fantastic 7.5 million in series A funding, and the second thing they announced was you as the new CEO. So congratulations on your new post. Thank you very much, thank you. So Nozomi is focused on the industrial control systems technology industry. What was it about this particular opportunity that attracted you to want to lead Nozomi? Yeah, great question. Two things mainly. One is the team. The two founders are truly rockstars. They have a great background in cybersecurity and how do you apply artificial intelligence to industrial cybersecurity? And two was I had been working with the founders for a little bit, and I saw with my own eyes how the customers adopted the technology, how easy it was to deploy in an industrial setting, which tends to have a lot of friction. Not a lot of equipment gets into those networks. And the ease of proof of concepts, soy with my own eyes and the frictionless interactions was made me join. So Nozomi was started in 2013. You're already monitoring over 50,000 industrial installations. Some of the themes that we've talked about at the event today so far with Fortinet's senior leaders is the evolution of security where they're positioning really at this third generation of that. As we're seeing that and we're seeing that in order for businesses to digitalize successfully, they have to have trust in that data. What is Nozomi seeing in terms of your industrial customers? What are some of the biggest concerns that they have regarding security? And how are you working with Fortinet to help mitigate or limit damage from cyber attacks? A lot of our customers in our space are going through what's called IT-OT convergence. OT networks have traditionally been serial, point to point, run over two-step pair copper, and they've recently adopted Ethernet. When you adopt Ethernet, you have a gravitational force, which is to connect. So these OT networks used to be air-gapped, segregated, and now they're being converged with IT technology under sometimes IT operation, and therefore they start suffering the traditional IT attacks. Those traditional IT attacks are particularly harmful when it comes to industrial critical infrastructure, and they require a special technology that understands those protocols to be able to detect anomalies and whitelist or blacklist certain activities. Give us an example of an IoT network. So what is, you say critical infrastructure. Give us some examples. What are you talking about? IoT is a very broad term. The focus is very specifically on industrial IoT. Industrial IoT could be a network that controls a refining, so the refining process in a refinery. It could be electrical distribution, any form of electrical generation, oil and gas, upstream or downstream, manufacturing, everything that moves in manufacturing is controlled by an industrial control networks, pharma in the same sub-segment, if you will, some transportation. We're based in San Francisco, so our BART system is controlled with industrial control systems. So we're talking about, as you say, critical infrastructure. We're talking about things that we're getting control of some element of that critical infrastructure, especially in process manufacturing businesses, can have enormously harmful effects on not only business, but an entire community. The disruption that it can cause is tremendous, from lights out in the city to harm to people in a transportation case, oil and gas case, environmental damage, leakage, the damage can be tremendous. And that's basically one of the huge differences between IT and OT. In IT, if your network blinks, your email may be two seconds late, my print job may need to be resent. In OT, you may not be able to turn off that valve or stop this process from happening or receive an alarm in time. Right, so like, I live in Palo Alto, not too far from me, is some of the big refineries up in Richmond, California, not too long ago, they had an OT outage and it led to nearly a billion dollars over the damage to that plant and the local environment. Correct. This is real serious stuff. With a product like Nozomi, you can detect anomalies. Anomalies come in three flavors. One could be equipment, damage malfunction. The other one could be human error, which is very, very common. And the other one could be cyber. Any one of those could be an anomaly. And if it tries to throw the process into a critical state, we would detect that. And that's where, yeah. Talking about cyber, from a cyber attack perspective, what is it about industrial control systems that makes them such a target? Yeah. It is that they had been used to be isolated networks. Just like I said, IT and OT converges, are taking networks that used to be, serial security was not really a concern. In industrial control networks, you don't have identity, you don't have authentication. You're just starting to have encryption. Basically, if you drop a command in the network, that command will get executed. So it's about the vulnerability of- Vulnerability, maybe it's an easy target. And then from a proliferation perspective, we've mentioned kind of the evolution of security, but the evolution of cyber attacks, the threat surface is increasing. What is the potential? Give us some examples, some real world examples, of the proliferation that a cyber attack and an high industrial control system can have on our retail, a bank, energy company. The industry was put in the map in 2010 with Stuxnet. Stuxnet was the first attack. Everybody talked about Stuxnet for a while, and it was very hard to create a market out of that because it was done really by a nation state and it was done like once. Since then, 2010, you know, till 2013 and now till today, attacks have increased in frequency dramatically and in use cases. Not only are nation states attacking each other, like in the case now of the Ukraine, but now you have traditional security use cases, your malicious insider, your compromise insiders, doing industrial cyber attacks. In 2015, the Department of Homeland Security reported 29795 industrial cyber attacks in our nation's critical infrastructure, and those are not mandated, they don't have a reporting mandate, so those are voluntary reporting. So that number could be two or three times as big. If you think about it, from 2010, we've gone from once a year to 2015 once per day. So it's happening, it's happening all the time, and it's increasing in not only frequency, but in sophistication. So it's 295 reported, but there's a bunch of unreported that we know about, and then there's a bunch that we don't know about. Correct. So you're talking about potentially thousands of efforts, and you're trying with Fortinet and others to bring the technology as well as sort of best practices and thought leadership for how to mitigate those problems. That's right. For Fortinet, we have a very comprehensive solution. We basically combine Fortinet's sophistication and robustness from a cyber security platform with Nozomi's industrial knowledge. Really, we provide anomaly detection, we detect, like I said, any sort of anomaly when it comes to error, cyber, or malfunction, and we feed it to Fortinet. Fortinet can be our enforcement arm, if you will, to stop, quarantine, block cyber attacks. So Nozomi's building models based on your expertise of how industrial IoT works, and you're deploying those models with clients, but integrating them back into the Fortinet sandbox and other types of places. So when problems are identified, it immediately gets published, communicated to Fortinet, and then all Fortinet customers get visibility into some of those problems. We connect with Fortinet in two ways. One is we have FortiSim, so we alert everybody. We become part of the information, security information environment, but we also use Nozomi 40 gates to block, to become active in the network. Our product is 100% passive. We have to be passive to be friendly, deployed in industrial networks, but for the level of attack or the level of risk, it's very high. You can actually configure Fortinet to receive a command from Fortinet and from Nozomi and actually block or quarantine a particular contaminated node or something like that. Does that make sense? Oh, totally, it makes 100%. Because as you said, so you let Fortinet do the active work of actually saying yes or no, something can or cannot happen based on the output of your models. That's right, yep. So when you think about IoT or industrial IoT, there's an enormous amount of investment being made of turning all this analog feeds into digital signals that then can be modeled. Tell us a little bit about how your customers are altering their perspective on what analog information needs to be captured so that your models can get smarter and smarter and better and better at predicting and anticipating and stopping problems. When it comes to industrial models, you need to pretty much capture all the data. So we size the deployment of our product based on the number of nodes or PLCs that exist in a industrial network. We have designed our product to scale so the more information or the more number of nodes, the better our models are going to be and our product will scale to build those models. But capturing all the data is required, not only capturing but parsing all the data and extracting the insights and the correlations between all the data is a requirement for us to have the accuracy in anomaly detection that we have. What is the customer looking at? In terms of going along that, that seems like an arduous task, a journey. What does, you don't have to give us a customer name, but what does that journey look like working together with Nizomi and Fortegard to facilitate that transformation from analog to digital? All the information is critical. That transformation is happening already. A lot of these industrial networks are already working on top of Ethernet, standard DCP IP. The way the journey works for us is we provide, as soon as we show up, an immediate amount of visibility. These networks don't have the same tool sets from a visibility and asset management perspective that IT networks have. So the first value at is visibility. We capture an incredible amount of information and the first and best way to deploy it initially is with, let me look at my network, understand how many PLCs do I have, how many, how the segmentation should be properly done. And then, during all this time, our model building is happening or we're learning about the physical process and about the network. After we've done with the learning, our system determines that now it's ready to enforce or detect anomalies and we become, at that point, active in anomaly detection. At that point, the customer may connect us with Fortinet and we may be able to enforce quarantine activities or blocking activities if the problem requires it. Is there any one particular use case that sticks out in your mind is a considerable attack that Nozomi has helped to stop? We obviously can name any one in particular, but when it comes to defending yourself against cyber criminals, we have defended companies against malicious insiders. Sometimes an employee didn't like how something may have happened with them or with somebody else and that person leaves the company, but nobody removed their industrial credentials and they decide to do something harmful and it's very hard. Industrial malicious insider activity is extremely hard to pinpoint, extremely hard to troubleshoot. Industrial issues, in general, are very hard to troubleshoot. So one of the things that Nozomi has a lot of value with is allowing troubleshooting from the keyboard without eliminating trucks and Excel sheets. You quickly can pinpoint a problem and stop the bad things before they happen. One more quick question for you. With the announcements that Fortinet has made today regarding, you mentioned some of the products, what are you looking forward to most in 2017 in terms of being able to take it to the next level with your customers and help themselves? Listen, the solution works amazingly well. We have to tell more people about it. I think the critical infrastructure has not had the attention in prior years and I think this year is going to be a year where ICS security is going to be, and Fortinet, of course, is very aware of this, is going to be a lot more relevant for a lot more people. It's the number of attacks and the attack surface, the vulnerability, it's all playing so that this year is going to be a big year. Yeah, I think we were talking before we started that the U.S. Department of Homeland Security has just identified the U.S. election system as a critical infrastructure. So maybe it's going to take more visible things that have global implications to really help move this forward. I think the one point I would make when it comes to government, government has been great. If you make an analogy, this is an analogy that I have in the top of my head. If you look at cars and the automotive industry, seat belts and airbags have saved a lot of lives. We don't have that in industrial cybersecurity and we need the government to tell us what are the seat belts and what are the minimum set of requirements that our electrical infrastructure should be able to sustain. And that way it makes the job easier for a lot of us because nobody can tell you today how much security to invest and what's the mix of security solutions that you should have. And therefore, in places where you don't have a lot of investment, you don't have none and you become very vulnerable. Today, if you want to ship a car and you want your car to be driven on the road, it has to have airbags and it has to have seat belts. And that makes it a minimum bar for proper operation if you will. But the proper, the way it typically works is government's going to turn to folks like yourself to help advise and deliver visibility into what should be the appropriate statements about regulation and what needs to be in place. So it's going to be interesting because you and companies like you will in fact be able to generate much of the data that will lead to hopefully less ambiguous regulations. Yes, that's right. That's right. I agree 100%. Well, what's an exciting prospect. Edgar Keptaville, thank you so much, CEO of Nizami Network. It's been a pleasure to have you on the program today. On behalf of my co-host, Peter Burris, Peter, thank you. We thank you for watching theCUBE, but stick around, we've got some more up, so stay tuned.