 It's theCUBE, covering HPE Big Data Conference 2016. Now, here are your hosts, Dave Vellante and Paul Gillan. We're back in Beantown, everybody, host of our FVS series, the vice president of software engineering at Fidelis Cyber Security. Welcome to theCUBE, it's great to see you. Thank you. So another security discussion I was saying, I love these talks because it's such a hard problem. You're in an industry that's fast moving, you got bad guys, you got evil versus good. But so give us the update on Fidelis. So our mission is to protect the world's most sensitive information. We do that, whether it's in government, organizations, good countries, or the commercial sector. So we are very successful in both. We're not very well known, but we are well appreciated. Our core technology is based on deep visibility and real time analysis of data. So that's the core of our technology where we basically visibility first, right? If you're pumbling in the dark and shining spotlights on potential problems, that's a much harder problem to solve than if you have the full daylight visibility into full spectrum of everything that's happening on your network, and then use that as a core technology to then look for malicious activity or PII, or intellectual property, leaving your organization, or bad guys trying to get in, right? So visibility first in real time and then build on top of that, so. Okay, and as the head of software engineering, talk a little bit about sort of your focus on that core technology and how that's evolving. So the core technology we've had for a long time, what we've realized though is that you can't really catch everything all the time. You can try as hard as you can. Eventually you'll fail, right? You'll fail once and then you've been breached, the game is lost. So we still need that real time protection to stop 99.99% of the DAX, right? You don't wanna deal with too many incidents, but you have to realize that you can't stop everything and you can't listen to vendors that tell you that you can, so people that promise you the easy button and say buy us and you're safe, right? We know that nobody solved the problem yet, so just dishonest is to pretend that you can. I think accepting that fact is very important. So a few years ago we decided that, hey, we need to realize that, we could do the best we can, we're not gonna be able to stop everything. When it happens in real time, what can we do about that, right? So that was the realization that led to us using HP Vertica to store metadata about, rich metadata about everything that happens in your network to be able to go back and analyze it later to take another look, to find out whether new threats that you detect today, your threat team detects a new type of threat today, go back and look days back, months back, see if you've been compromised in the past, sort of not sticking your head in the sand and just be sort of forward looking when new threats fill up. It seems like a lot of companies are taking this analytical approach to security now. What does it do differently? I understand you have an endpoint strategy that's distinctive. Yes, so we have a comprehensive approach to network security. So we have, cover both the network side and endpoint, and they use those to the integration between the two to really enhance the way you can take action once you've detected a problem to go verify that the threat that's, the threat that you saw in the network is actually confirmed on the endpoint. Let's say you found a threat that attacks has a vulnerability on Microsoft Windows, for example. And then you check your endpoint, and the endpoint is not running that OS, or it's not running a vulnerable version, then you're safe, and if it does, you can confirm, hey, did it actually install this one? That kind of integration is important to us. And then, you're right, a lot of people are taking analytics, that analytic approach, and I think that's the right way to go. I would say one way we do it different is the data that we have to run the analytics on. So a lot of times, in big data, people forget the fact that the old garbage-in, garbage-out saying where you just take a lot of data and you hope for the best and hope that magic happens. It's hard to make magic happen sometimes when you have data that's not structured well, data that's missing information. So if you don't have the full spectrum visibility that I was talking about, then you have partial data that you can run analytics on and you can have smart people try to figure things out given that partial data, right? So it's kind of like seeing shadows and then trying to decide what's going on, rather than seeing a nice picture of events happening. So sure, you can use those shadows and run analytics on it, and then that way try to figure out what's going on, but that's just a much harder problem to solve. So we think that we have a data advantage where the data that we collect is so rich that it's so well-structured and stored in a great database. We think that gives us an advantage over other type of companies. So given that thwarting penetration is virtually impossible, it would stand a reason that security should be a board-level topic on a regular cadence, is it? I believe that it is, although what we've seen is almost some sort of numbing, I would say, to the problem. You've heard so many breaches happening in the news. You might have stopped paying attention, right? No, I pay attention. I mean, you know, oh, oh, oh. I love it. I think you're in the business, but the layperson, that doesn't, it's not that big of a news in another region. I'll be sure it'll take care of it. Well, I mean, the problem hasn't gone away. The problem is still big, but there is a level of numbing in the business, and a level of hopelessness, maybe? The people are given up, in a sense, and throwing their hands up. But we believe that there is hope, that right now, if you're being honest, we're behind, right? We're behind adversaries. They're a step ahead of us. Not necessarily because they have better technology, but because they only need to win once, right? It's a rigged game, where we play defense, and we win every time, but then you only need to lose once, and you've lost, you've lost. Plus, they're committed, like totally, completely committed. Not that the good guys aren't committed. They are, but... They have motivation. But inside of an organization, not everybody's committed. So what's the right regime for cybersecurity? Most organizations, true or false, the responsibility of security falls on an IT team, and not the business, and it's not a shared responsibility. Is that a fair criticism? That's fair, and it's even worse than that. Sometimes it's split, where the network security team is different than the endpoint security team, and they don't talk to each other. And the email team doesn't talk to the network security. And the business says it's somebody else's problem, even though my bad behavior is maybe the cause of the problem. I mean, we've seen that changing to some extent, where the organizations that take it more seriously are starting to change, and it's this full spectrum of different variety of face people are dealing with it. Some are still stuck in that mode. So... I'm sorry, Dave. Let's close on that. So the forward thinkers that I've talked to with the sort of board levels, executive level, are saying that you've got to integrate security as part of an entire risk management protocol and regime. And my sense is very few companies actually do that today. You know, maybe the top companies do. You know, maybe Starbucks does. Some of the high-profile brands do. But on balance, most, certainly most mid-sized companies and small companies don't, but is that a trend that you're seeing? Is it happening fast enough? Is it happening at all? I'm probably not the right person to give you... I mean, I could give you my sense of it. Coming from engineering, really trying to focus on solving the problem. And then hoping... This organizational issue is not really... You know, we kind of have to have faith in the industry and the good guys wanting to help themselves, right? And you're asking, hey, do you see that? And I believe we see enough of that at the end of your growing company and we've been growing year over year in a significant growth and that underscores the commitment. Yeah, that underscores that there is more spending going on and I believe that there is such a thing. But on the other hand, you kind of have to also understand our customer's point of view where they have been... It's not that they haven't invested. They have been investing, but they're still being breached, right? So, it's important that they don't obviously just throw their hands up and say, well, it's not going to work, so. Right. Let's talk about some of the technology you're bringing to bear using Vertica. We have all these new real-time, we're streaming tools like Spark Streaming and Flink and some of the open-source alternatives. How is this changing the game and security? This sudden, it seems like just the last couple of years availability of some really very powerful streaming data analytics tools. My belief is that this would be a game changer. That in a few years' time, we will have a significant shift in the dynamics of the capabilities of cyber attackers versus cyber defenders. In whose favor? In the defender's favor. Yeah. I mean, right now, we're way behind. And I believe that for a couple of reasons. Number one is the advanced analytics and machine learning. So I believe that we are ahead there, that the defenders have gone down that path a few years ago already. So we started thinking about how to apply advanced machine learning analytics towards cyber defense. Whereas I don't think the same thing exists on the open side. Number two is utilizing a massive increase in computational power. So we have the Moore's Law, where exponential growth in computational power, as well as the cloud that gives you the ability to use enormous amount of compute power to solve a problem. For various reasons, I don't think that cyber attackers have access to those similar type of capabilities. Think of a cloud, for example. It's harder for them to kind of, in the dark, spin up their attacking environment in a cloud. Right? They will get shut down, hopefully. Where else would you go? What's the dark cloud? What's the dark cloud? Even if they fade, right? We assume that the dark clouds will emerge, though. Yes, so they might have their own cloud infrastructures, but not at the scale of Microsoft and Amazon and Google. So those two things, hopefully, will give us an advantage where we turn the tide. And at least for a number of years, we'll have a leg up on them until they catch up. What kind of trends are you seeing, Scar? Oh, please, Scar. What kind of trends right now are you seeing in attacks and the way attackers are, the tactics that they're using? Do you have visibility into what they're doing? We do. We do. We do have a threat research team that's looking at emerging threats and try to protect our customers, writing policy and rules and analytics for our products, for our customers that we push down through the cloud to them. I would say, again, this is in my domain, per se, but the trends that we see, I don't know if they've been shifting necessarily in the, I mean, ransomware has exploded. We hear that a lot from our customers. Do something about ransomware, or I won't have a job, right? That's... But I want to follow up on that. Now ransomware typically is triggered by an individual employee clicking on a malicious link. And how do you stop that? It was in three seconds, their hard drive was encrypted. I mean, how do you stop that? Good question, good question. Multi-pronged approach, right? So you try to detect those messages coming in, right? Whether it's some sort of phishing, whether it's the website that they visit and inadvertently download something. So basically the first point of attack, you try to stop that. Believe it or not, you can actually detect ransomware as it's encrypting stuff. There's the pattern of the way it accesses the disk drive, for example. So there are types of signs to try to... But it's like anything that's based on human weakness, there's always that one time where it happens and you kind of have a choice, you pay out for it, right? I mean, I've heard this story where people call the police department asking for help and they're like, I don't know, I don't know what to do with it. People call the police department asking for help because they've been hit by ransomware and the local police department says, oh, you just pay up, that's happened to us. That just happened to us, too. That's what we did. I can't help it. So, I mean, it's a huge problem. So everybody cites these stats in terms of the number of days after you're infiltrated, the average organization that the average infiltration takes, whatever, that's 300, 200, somewhere in between there, days to detect that intrusion. With analytics, machine learning, you would think that you can start to attack that number. Can Fidelis help attack that number? Absolutely, yes. She ain't the time to detect, yes. Absolutely, so you're right, so you're right. So usually when a breach happens, so the breach, the end goal of the breach is to steal whether it's personal PIO information or your company's secret. That usually doesn't happen on day one. Where the first computer gets hacked, right? It takes a long time for them to propagate, get to the right places, get to the right servers, stage the data, and then pull it out. And you're right, it's anything between weeks to months that could happen. And that's another reason where analytics can, it has a chance of being very, very powerful because you do have the time to analyze the data and stop the eventual breach rather than stopping the initial malware, say, coming in. It's not all about 100% of the time stopping the first host that's being compromised. It's more, your overall goal should be to stop the final breach, and that's where analytics comes out, I can't be proud. They're going to get in, we've established that. Yeah, exactly. It's a certainty. It's a certainty that eventually they're going to get into one of your computers. That's established. You want to stop them from getting to your crown jewels and getting that out, right? You've got to find them, they've got to collect the data, they've got to stage it, sometimes they compress it, it's encrypted, and then pull it out, right? All that takes time, and you want to stop that. You're talking about a containment strategy, really. How do you advise your customers, assuming the inevitability of being breached, of what they should do when that happens? How do you contain? Once they realize they've been breached, you mean? Yeah. Well, I mean, then you call the pros, right? And there are multiple organizations that have professional services that are post-breach remediation. Fidelis does too. We have an excellent team where we do post-breach remediation, and you hear that in the news as well, right? That's when you find out that it was the Russians that broke into the Clinton service. Email service, yeah. So, and establishing, I mean, that's, hopefully it doesn't get to there, to that, but obviously when it does, you do need to disclose, you need to share, you need to contact the outside. You don't want to soup it under the mat and help for the best, because that's just going to make things worse. So, you predicted earlier that the scales will somewhat tip to favor the defendants. I have to warn you, I'm an optimist. That's good. That's good. I want my security people to be optimistic. The whole security industry better be optimistic or we're all in big trouble. And so, what's the, I mean, as an industry, what's the outcome that we can expect? Is it to keep pace, like radar detectors and police? No, that can't be our goal, right? That can't be our goal. So, you'll do better than that, right? Yes, yes. So, the goal should really be to get ahead, right? So, if you think of, you know, the viruses and your biology, the goal should be to detect that, to have the technology that basically detects the penicillin, right? Where we're, you know, for a long time, you're protected and we don't have to worry about bacteria anymore for a few decades at least. Now, with the past, you know, changing pace of technology, you know, hoping for many decades of relief, I mean, that's probably too optimistic, but finding that technology that gives us years of relief, I mean, that would be great, right? Where we could go back to just feeling safe. Now, criminals will probably find another target. Once we secure, say, once banks are secured, you know, they start robbing other places, probably, but at least we want to get to a point where, you know, we can feel safe that our money is safe in the bank, right? It seemed to me, taking this more analytical approach that sharing would be important, that if you were cooperating with all the other companies doing analytics-based forensics, sharing that data with each other as we could build large databases about looking for common patterns, I understand that sharing is not very common, though, in this field, am I wrong? It's true and false, I think it varies. There are a lot of organizations that are afraid of sharing because you sort of admit to the fact that you've been compromised. On the other hand, there are others that are realizing that being compromised isn't shameful, it's happening to everybody, it's a failure. It doesn't mean fire anymore. Exactly, so I think that's changing as well, and we've seen that in the marketplace, where there's some companies emerging that are basically about sharing, where they connect data from various sources. So as an optimist, we hear from a year from now, we have in the same conversation, it's going to take two years, what's the time horizon where we can expect to see the defenders actually get a leg up? So human beings, it's hard for us to understand the concept of exponential growth intuitively, right? So I think it's going to happen and it's going to happen fast. If you think about AI, how that was a joke for many, many decades, and all of a sudden it wasn't, and it's reality, and that's what exponential growth does when that knee kicks in, that's when it happens. Now, did people predict that need to happen much sooner? Sure they did, there were some that they were talking about intelligence being walking among us right now, it didn't happen, but eventually that knee kicked in. I believe because the problem, the solution that a lot of companies are pursuing is so much dependent on compute power, and big data, big data, big compute analytics, artificial intelligence, advanced machine learning, I believe that that will happen as well. We're a little bit behind because the problem we're trying to solve is slightly harder than the problems that have already been solved, if you're not vacuuming, that works really well right now. You can have an intelligent machine vacuum your floor, and those are excellent that is right now. Trying to solve a harder problem, that's why I think the knee and that curve is going to hit a little bit later. I can't predict whether it's a year from now or two, but it's not 10. But it could be around the corner or it could be a couple of years, three years. But near term, near to midterm. Yes, this is your prediction. Excellent. Okay, same, we have to leave it there. We're bringing you exponential content explosion on theCUBE. Thanks so much for coming on and sharing your segment. Thank you. Our pleasure. All right, keep it right there. Paul and I will be back with our next guest right after this. This is theCUBE, we're live from Boston. We're right back. We are here to win championships. We are here to win.