 Live from Las Vegas, Nevada, it's the Cube, covering Accelerate 2017, brought to you by Fortinet. Now, here are your hosts, Lisa Martin and Peter Burris. Hi, welcome back to the Cube. I'm Lisa Martin joined by my co-host, Peter Burris, and we are with Fortinet in beautiful Las Vegas at their Fortinet Accelerate 2017 event. A great event that brings together over 700 partners from 93 countries and right now, we're very excited to be joined by one of their technology partners, Carbon Black. Jim Marine, welcome to the Cube. Thank you very much, I appreciate it, great to be here. Absolutely, you are a key alliance partner, Carbon Black, as you're the director of technology alliances. I know that you've been at Carbon Black for three years, but you're quite the veteran in terms of technology engineering, sales, channel services, expertise, quite the veteran, quite the sage. But some interesting things that I wanted to let our viewers know about Carbon Black and we'll have you expand upon this is that you guys are the leading cloud-based endpoint security company that stops cyber threats. And that your roots are actually in offensive security. You now protect more than seven million endpoints worldwide and 30 of the Fortune 100 are your customers. Tell our viewers a little bit more about Carbon Black. What are you doing? What are some of the things that you're seeing as security now is a boardroom level topic? We're seeing a lot of changes. It's the idea of taking an endpoint context, what's actually happened at the endpoints. The endpoints are always the real source of where the attacker was really targeting to get to the information. And for such a long period of time, we've used legacy technology to really do that. So we're looking at what are some things that we need to do now to really change that entire game. And one of the key things about that is looking beyond just simple files. Now where's bad, we know that. And we've had great ways of stopping that for years and our attackers are moving well beyond just malware today and they're moving really into leveraging different attacks by actual actors within the customer's environments. And so we're really positioning ourselves to stop those next threats, the new threats that we're seeing and do it in such a way that it's very easy for a customer to still manage, still maintain it and then integrate that with other things. And I think the key word is integrated with other things. Absolutely. Because it's not just enough to know what the endpoints doing. You have to know what the endpoints doing in the context of what it's supposed to be able to do with those other things. Talk a little bit about how that and Fortinet come together for customers. So it was really important for it. We've had a very strong opinion that open APIs are very important. The idea that we are better together than we are apart and that really is true in security. For too long we've had different vendors that have tried to consolidate everything under one roof and the problem is that most customers will make financial investments within a given product and then they need to capitalize on that on every single new product they bring in board. With us from an endpoint context, we really wanted to make sure that our endpoint data, the actual vision of what we're seeing could be shared with network entities, could be shared with a SOC. And so the SOC can have a holistic picture of the entire environment. Not just on-premise but also off. How, you know, talking about endpoints, tablets, mobile, the proliferation of IoT devices. How does a company nowadays that we were talking off here that the day of everybody getting issued a phone or a Blackberry is over? But when we're all providing our own devices as employees how realistic is it for a company to actually secure the things that I as an employee are doing with my own devices? On a corporate network? It's really tough. We have to control the things we can control, right? Which are the endpoints that we issue. So the laptops, the desktops, the home systems. For a lot of engineers now with a remote context they're working from home on an iMac. We need to be able to protect that as it was on a corporate network. And so part of that is taking that off-network devices but enabling the corporate assets, the actual on-network devices to leverage that. And that's what we've done with Fortinet. We leveraged the Fort of Sandbox so that whenever we see a brand new binary on an endpoint we can submit that to Fort of Sandbox and say is it good or is it bad? Obviously we don't know that binary at that point. We're making a determination. And if Fort of Sandbox come back and says that is malicious we can not only stop her from executing the game but also terminate it in motion. One of the things I'm curious about during that general session this morning there was a CISO panel of Levi's AT&T and Lazard was there. There were also some great customer videos Pittsburgh Steelers and some other telecommunications companies. When we're talking about what you're doing with Fortinet expand upon that a little bit more in terms of the integration. Also are you focused on certain industries that might be at higher risk healthcare financial services for example? Yeah I mean I like to say yes but honestly I think everybody's at a higher risk. I mean the hard part today is that attackers are going after wherever they can find the most valuable data to them. And it's not based upon my role and my job or my industry it's based upon what that attacker actually needs. And so we see it in small mom and pop shops we see it in healthcare we see it in finance definitely see it in retail a lot recently in manufacturing. And so we really view it as the customer needs to take a proper assessment understand where their assets are and then deploy multiple different layers which includes an end point solution to actually stop that. So you take our next generation endpoint you take Fortinet's advanced capabilities on the network you take the visibility what they've done with the fabric and now all of a sudden you have this really great solution that does protect the assets they can control. For IoT I mean honestly that's to be something we're going to have to be challenged for with a while. But at least if I can segment that a little bit and protect what I can control I don't throw my hands up and say I can't do anything. Now I have IoT segmented in such a way where I can properly address that with an overall posture. And Kui can we presume that your customers have this awareness as knowledge that we're already breached we now have to be providing or limiting damage is that the feeling and the vibe that you're getting when you're talking to customers about end point security? We hope so. I mean we came out about three years ago and said that there's an assumption to breach which means don't assume you won't be assumed it's already happened and assumed you just don't know about it. And that's really a reality I think for a lot of people nowadays. You know Ponamon does a really great yearly expose where it talks about how long it breaches the curve within environments and it's 200 plus days or some number. The point is it's always a significant amount of time. So the ability to have more visibility within a network not only on the network side but also on the end point side and combine that into one view is so important because most customers honestly don't know they have been. And then when it is it's a panic situation and that's rough. But increasingly an enterprise that's providing service to a customer or a partner is really providing service to an end point somewhere. It is. So we know for example that it's that when folks when the bad guys are trying to do something malicious they're just not getting into your network and working their way through your systems until they can find the most valuable data. They also know that if you are a trading partner that even if your data is not that valuable the trading partners data may be very valuable. And so they are hopping corporate boundaries as well. And so trading partners absolutely have to be able to secure and validate that their relations are working the way that they're supposed to be working. So how does my ability to be a trading partner go up and down based on my ability to demonstrate that I've got great end point security in my business? It's a great question because I don't know if too many customers have a strict validation to say if I'm a partner of yours not a technology partner but a business partner that I expect you to maintain a certain level of security protection. There's just an automatic assumption that we partner with Siebel or somebody else and of course they have a protection enabled. I think you have to raise it up a level. So we have to have the policy mindset to not say that obviously we have different solutions deployed but what have I enabled from a very broad perspective? What kind of things do I allow my end points or do I allow my network to do? What kind of things do I disallow? Do I block? Do I have control of domain admin? I mean something as simple as that but that forms a policy and then different companies can match policies together and say yes you actually do comply with our policy or our security posture therefore we're going to enable the partnership because you're right. I mean if I come in through a partner even does that allow my insurance to cover me from a cyber protection perspective? That may be disallowed because it may be seen as an authorized entry within an environment not a breach and so there's all kinds of complexities that come out of that but we have to have a better way of communicating between our companies. So as Kenzie, the CEO of Fortinet talked about this morning in his keynote he was talking about the evolution of security going from the perimeter to web and web 2.0 cloud and now we're moving towards 2020 in this time of needing to have resilience and automation and it's also an interesting time as we get towards 2020 and that's not that far away. This is 2017 if you believe that. The proliferation of mobile and IoT and tablet I mean they're expected to be what? 20 billion IoT devices connected in 2020 and only about a billion PCs. As you see that proliferation and you look at the future and from an endpoint perspective how has the game changed today and how do you expect the game for endpoints security to change in the next few years as we get to 2020? I mean it's interesting because I remember the days when I was first installing the firewall the only one in my enterprise and working through that kind of perimeter and barrier concept and now that barrier's disappeared. So we see a lot of things moving to cloud and I think that really is the key enabler. What Fortinet is doing with the CASB structure they're really targeting for a cloud control or cloud protection. We're seeing it from a lot of vendors. There's a lot of focus on that right now because if I have a mobile device I may not be able to attach the mobile itself because of the operating system or restrictions from the provider like iOS has in it but I can control the application. I can tie into that and if I tie that back to my corporate environment so the same policies are being applied and I can apply that down to my endpoints and make sure that at least from an application perspective what's running on my laptop is the same control segment running on my application in the cloud. I now have a better control of the entire environment and I think that's where our first step is there's going to be a lot of advances I believe really the next 10 years, five years or less for 2020 that really bring about some unique things concerning to mobile and IoT. Can you share with us a little bit more exactly how your technologies integrate with Fortinet's technologies especially kind of looking at the announcements today what they're doing with FortiGate the announcements with the operating system. Absolutely so today we basically from an endpoint perspective anytime we see a binary that comes on from our CB protection product we'll send that to FortiSandbox at first we'll query it to find out whether or not they've seen it before if they haven't we'll send it to them and they can do a detonation obviously we're taking the results of that back and then we're making a block determination on that. Obviously those are things that we haven't already seen before so with different protection modes and different protection policies are in place but if I haven't seen that particular binary something brand new it could be malicious it could be a zero day. I can play that against the FortiSandbox and find out whether or not it actually does have that malicious nature to it and then act upon it. I've always thought of endpoint security and tell me if I'm right as the first line of defense. It is, I mean magically we've always thought of the firewall as the first line because we think outward in but really it is inward out because you use your laptops at home right so it is the first place that everything always starts. So it's the first line of defense and to my perspective and increasingly as businesses deliver, provide or their services are in fact based on data that that notion of the first line of defense accretes new responsibilities for both customers as well as vendors as well as sellers. So over the next few years how is that notion of the first line of defense going to change? How are we going to see customers start thinking about this and whether or not I'm a good customer? How do we anticipate, how do you anticipate kind of some of the social changes that are going to be made possible by evolution of endpoint security and how it will make new demands on endpoint security? It's going to be, it's going to start with more visibility. I don't mean that in a very broad sense but today we have any of our solutions that were really targeted about just simple binary yes or no. Do I allow some to execute or not? And that worked very well 10, 15 years ago. Increasing over time we know that it really hasn't because there've been advanced attacks that have come around. So now we're applying more visibility to that endpoint saying what actually is occurring and how are those processes working together? Have I seen something operate from an email file? I click on it, something else happens. Now all of a sudden there's code executing. That sequence of events or that stream becomes very, very important for a visibility standpoint. Our natural, our product CB defense takes that as a streaming prevention. We say what is the risk factor scoring that we've applied to this and how does that sum together not only blocking good and bad but now I'm getting into actions. So now that I'm paying more attention that rolls into what are users doing? What are they actually doing on the endpoints and how does that policy dictate? I think for so long we've said we can't approach endpoints because we can't control them and that's the CEO's device or whatever it is. We're really changing that methodology. I think mindset-wise people are okay with I need more controls on the endpoint, I need more capabilities. That's going to start transitioning to having conversations about well how do you control your endpoints? And suddenly there's more of a focus besides just saying do you have something installed to block stuff? That conversation got really short because it just doesn't work today. So I'm not saying do I have carbon black installed or anything else installed. It's what am I doing? What policy am I applying there? How does that match up to my business partners? I've made commitments to this customer. This customer's made commitments to me. Are those commitments being filled and are someone trying to step beyond those commitments to do something bad? I never want to be the source of an attack to my partner. That would be the worst. Right, and well there are some very high profile cases where an HVAC company for example suddenly discovered that they were a security risk to some very very big companies. What's supposed to happen that way? And to your point before it was an HVAC company. I mean nobody thought about HVAC being a targeted industry. A critical infrastructure. Exactly, exactly, but it doesn't matter. People are after the data. They're after what's on the endpoint and that's why we need to protect the endpoints as a first step. But obviously combining that with a bigger emotion because it's not all endpoint. There has to be a network barrier. You have to have other things involved. There's cloud now and we're transitioning in such a quick way and that's where partnerships are going to be formed. I really believe that you're going to see more and more partnerships over time with this collective nature of leveraging what I call the intent-based networking. Right, so intent-based. What is the intent behind it? What is the target the attack are really trying to do? And I love that concept because it really does match up well with us. Well, but as security practices and technologies improve in one area, security practices and technologies have to improve in all areas. Otherwise one part of that security infrastructure becomes the point that everybody's using for the attack. There's no vulnerability, right? Yeah, it's vulnerability. So it's all going to, my point is a lot of people are now starting to think, oh, endpoint security, that's not that, this. No, that too has to evolve and it's going to create value and it has to, in context, it has to evolve in the context of the broader class of attacks and the things that people are trying to do with their data in digital business. Absolutely. I think that's, for a lot of customers that realize that they're making that a part of their overall security planning, third for three years out, what am I going to do and where do I stand at today? And obviously there's existing license cycles and things like that on the network side as well. But I think a lot of customers are starting to formulate a whole plan about how do I look at my entire infrastructure? Forget what I have. Let me say I want to have certain protections in place. First off, do I have them? And if I not, can I plug something in that actually still will seamlessly integrate? And that's a really important point to a lot of our customer base. Speaking on kind of giving you the last word, Jim, you both talked about evolution here. As we look at where CarbonLoc is today, you were just named by Forrester as the market leader for Endpoint Security. Fantastic. Thank you. Looking at that, going into 2017, as we're in January 2017, the announcements from Fortinet today, what most excites you about this continued technology partnership? Continue with Fortinet? With Fortinet, yes. Okay. That is a good overall, it's good. Honestly, it's something as simple as their approach to the APIs. I mean, it sounds silly, but at the end of the day, if their approach is really to leverage and to work with other partners, and that's what ours has been for a long time. So they're not saying it just has to be our product, it just has to be our solutions. They're saying whatever the customer's already invested in, we're going to make it better. And that's been a strong message we've had for a long time as well. I don't care what you've put in for a firewall necessarily, but I do want to be able to integrate with that because the customer needs that. It's not me being very selfish, so to speak. Customers are demanding that they have a simpler solution to manage. And it's that simplistic way of, that's where we're headed from the endpoint perspective, of having a solution that actually takes in everything from the environment and really makes it a common view for the answer responder and the SOC personnel. And it's all essential for digital business transformation, which as we've been talking about, Peter, is the crux of that is data and value in the trust and that. Well, Jim Brain from Caramel Black, thank you so much for joining us on theCUBE today. And on behalf of Peter Burris and myself, Lisa Martin, we thank you so much for watching theCUBE and we're going to be right back.