 From the CUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE Conversation. Welcome to this CUBE Conversation. I'm Lisa Martin, and today I'm talking with Avanti again. Nayaki Nayar, their Chief Product Officer at EVP is back with us as is another CUBE alumni, Sumid Takar, the President and Chief Product Officer of Paulist. Nayaki, Sumid, great to have you guys both back on the program. Great to be back here, Lisa. I think it's becoming a habit for me to be talking to you almost every week, yes. Yeah, great to be here. Thank you for inviting me. So let's go right into some exciting news here. So Avanti has had a lot of momentum in the last week or so, Nayaki with launch announcements. Talk to us about what you're announcing today in terms of an expansion with the Avanti-Paulist partnership. So Lisa, as you remember this week, we had a great week this week with the launch of our Avanti Neurons platform that really helps our customers address end-to-end management of their endpoints and security of those endpoints, how we can help them, what we call self-feel, self-secure and self-service the endpoints. And one of the key strengths Avanti has in our portfolio is our ability to manage all the patches. Today, with our Avanti Patch Management solution, we patch approximately 1.2 billion patches on an annual basis. So that's a pretty big volume. And we are extremely excited as a part of this launch announcement to also share the partnership we have with Paulist and how we are extending and helping Paulist to their overall vision for VMDR. So Simi, let's go right into that. Talk to us about VMDR. Vulnerability management has been around for a while. What is VMDR in Paulist's perspective and what are you looking to do with your partnership with Avanti? Yeah, I mean, I should know about vulnerability management being around for a while. I've been 18 years at Paulist. So we've been doing this for a long time. And what's happened is with the hybrid infrastructure exploding and a lot more devices being added and focus shifting from just servers to endpoint, I think there is just a need to be able to do vulnerability management. In addition, also have the ability to do assessment of your devices in terms of inventory, et cetera. So discovering your devices, being able to do vulnerability assessment, configuration assessment, but also be able to prioritize those vulnerabilities on which ones you really need to patch because you just have way too many vulnerabilities. And then at the end, all of this vulnerability management is not useful if you can do something about it, right? And that's where you need the ability to patch and fix those issues. And this is where VMDR really brings that workflow in a single platform end to end. So instead of just throwing a big report of CVEs, we provide the ability to go from detection of the device to the patching. And this is where Avanti partnership has been something that has really helped our customers because they bring in that patching piece. And this is one of the most complicated things you do. And because taking a vulnerability and mapping it to a particular patch is very complex to do. And that's where the Avanti partnership is helping us. And so this is an expansion to me. You guys have been doing this for Windows and Linux and now this is adding Mac support and others. Tell me a little bit more about the additional capabilities that you're enabling. Yeah, so what's interesting is that when we started working on this, this was before the pandemic hit and COVID has certainly added a very interesting twist to the patching challenge, right? And the ability for the system admins to suddenly patch 100,000, 200,000 devices which are not in your office with the high speed internet anymore. They're sitting in little apartments all over the world with low bandwidth, Wi-Fi connections, et cetera. How do you patch those end points? And so while the focus at the beginning was a lot more on Windows and Linux, which are more on the server side with the pandemic hitting there is a big need now for people also to be able to do their Macs and other end points that are now remote internet people's homes. And so obviously with the success of the patch management capabilities on Windows that we got with Avanti, they are a natural partner for us to also expand that into being able to do it for the Macs as well. And so now we're working together to get this done for the Macs. So Nyaki, in terms of the announcements from Avanti that have been coming out the last week or so, we talked with Jeff Abbott last week about the partnerships and the GTM. Talk to me about from a strategic perspective, how does the expansion of the QALUS partnership dial up Avanti's vision? Yeah, so Lisa, when you take a look at what's really happening across every enterprise, every large company, especially during COVID and post COVID is what we call this explosive growth of remote workers, right? As everyone is trying to manage what the transformation to remote working means, the explosive growth of devices that now have to be managed by every IT organization, not to mention how to secure those devices, which is where this partnership with QALUS becomes extremely strategic for us. Now we can extend that overall vision that we have without Avanti neurons to discover every device we have. The customers have sense, any security vulnerabilities, anomalies that are on those devices, prioritize those based on risk based priority with algorithmic priority as we embed more and more AI into it and get into what we call this auto remediation by remediating all those vulnerabilities which nicely fits into QALUS's overall VMDR vision and strategy, right? So this truly helps our customers go beyond just managing the endpoints to now what we call self securing those endpoints, being able to automatically detect all security vulnerabilities and issues and get closer and closer to the self remediation of those vulnerabilities. And that's why this partnership makes, I would say, a great strategic benefit for all of our customers and large enterprises. So Sumi, talk to us about the VMDR life cycle. Give us a picture of where your customers are and how this is really going to help them deal with the new normal of even more devices going to be remote for a long TDD period of time. Yeah, what's happening now is that this is being extended to home devices, right? Customers in the past are only looking at enterprise devices that were owned by the organization and we continuously now see we can't get a new laptop to the user or they're using their home device, home desktop because it's bigger screen, more powerful, whatever it is. So people are starting to do that and you can't really stop them from doing that if you want to get work done. And so the need to basically, essentially VMDR is four things, right? Which is continuous asset inventory discovery. Second is detection of all security issues, including vulnerabilities and misconfigurations. Third is the prioritization based on the knowledge of the device and what's running on the device. Just because you have a severity five vulnerability or a highly exploitable vulnerability does not mean that you need to prioritize that as the first one to patch and then you need to be able to patch it. And so that's the four elements that make up the VMDR life cycle and as customers have no good way to detect what devices are there, what is connecting to their VPN because now they don't actually physically see the devices, the traditional network devices that were, or home office firewalls that were sitting in the office that were detecting devices are now not useful because everybody's outside the firewall. And so that entire life cycle is something that customers want to do because at the end you want to reduce your risk quickly and having a single platform that does all of that is the key benefit that we get from there. Talk to me a little bit about the go to market in terms of how are your customers, joint customers buying this solution? Yeah, I think what we've really worked on is typically what happens today is the customers, different vendors are providing individual pieces. You have to go buy a different inventory solution a different vulnerability solution, a different prioritization, a different patch solution. So working with Avanti, we really worked on creating a single platform and this took us quite a bit of time to really make that engineering integration work to be able to have Avanti patch management directly embedded into the policy agent. So that way customers don't have to deploy another agent and they don't have to buy different solutions with different consoles. So from a go to market perspective, we keep it very simple for our customers. They essentially have a one price for their entire asset and then if they choose to do the patch management, this is something that we sell as a capability that is directly available through QALIS and Avanti has done a huge amount of work to integrate seamlessly in the backend to help the customer so that they don't have to buy from one, buy from another and try to integrate it themselves. And Lisa, if you look at it, it's really a way for customers to handle heterogeneous landscape, patching of heterogeneous landscape that they have in their environment all the way from the data centers to those endpoints. They had Windows devices, Mac devices, Linux devices and in future, we'll also be supporting multiple other devices and platforms through QALIS's VMDL platform, absolutely. Let's talk about the target audience and really understanding from a security perspective, it's top of mind for the C-suite all the way up to the board. Now with COVID and the increase in ransomware and some of the things, the device spread that's probably only going to spread even more. Now, okay, starting with you, what, how are you seeing the customer conversations change? Are you now not just talking to IET? I was just elevated up the stack. Is this a CEO board level concern that you're helping them to remediate? Oh, absolutely, Lisa. I mean, this conversation about cybersecurity challenges especially as organizations are trying to figure out what this transformation to remote working means. This is really not just limited to an IT organization or a CIO level conversation. This is a C-suite conversation at the CEO level. And in most cases, I'm also saying there's becoming a board conversation and I'm a couple of boards myself. And this is truly a board conversation where discussing how we help enterprises transform to remote working and cybersecurity challenges as more and more workers are working from home, right? Securing those devices is top of mind for pretty much CEOs and the boards and helping them through the transition is a number one priority. It's between the partnership with Paulus and Ivanti for us to offer this joint solution and really make it available where they can address the security concerns that they have in their environment. And to me, in terms of target market, we talked with Neaki and Jeff last week about from a vertical perspective, they've got a lot of strengths in healthcare and retail, for example, are you looking at any leading edge markets right now, verticals that really are at most risk or are you attacking this from a GTM perspective in a horizontal way? I mean, it's not even our choice anymore because what's happened with remote working in no matter what industry you are in, everybody's workers are working from home essentially, right? And using laptops and the number of attacks have significantly multiplied because now that this endpoint is outside of your traditional defenses that you have in an office environment, these endpoints are a lot more vulnerable and they're in a home network and I have devices in my home network from my kids that are running all kinds of Fortnite and things like that, that now actually could have access to my work laptop, right? So that is becoming a big concern and the other realization that you cannot really use enterprise solutions as you have in the past for patching and securing an endpoint that's not inside the enterprise because you're a single SMB Ghost vulnerability patches 350 megs for one device. If you have that patch, a thousand devices trying to download that over VPN, it's just not going to work and it kills the VPN. So that is this big push towards moving into a cloud-based method of deploying these patches. So you can actually get these patches deployed without hitting your VPN environments. And this is really the big thing. And the other day I read something that asked like what is accelerating the digital transformation to the cloud for your enterprise? And there was a CEO and the CISO and then COVID, right? So unfortunately, the pandemic has been bad in many ways but in other ways it has really helped organizations move more quickly to get approvals from the board and the management because the other option is just not a choice anymore which is trying to use on-prem solutions so that resistance to cloud-based solutions is significantly decreasing because today we're all sitting in different locations and meeting every day on video, et cetera. And that's really powered by that cloud-based platforms that we have today. Yeah, I call it the COVID catalyst. There are a lot of interesting things that are positive that are being catalyzed as a result of this massive change. I would like to, one more question to mean for you in terms of this enabling VMVR to become a category, a target market for endpoint security, how does this help? Well, I mean, I think the more we can provide the customer ability to reduce the number of different steps that they have to go through and the different tools that they have to purchase and multiple agents and multiple consoles that they have to put together, that then it just becomes a category in itself because you kind of have that ability to do detection, prioritization and response in a single solution which is something that nobody else offers today because everybody's focused on just one aspect of it. And so today the response from our customers has been absolutely tremendous. They are extremely happy to have this ability to very quickly figure out what's wrong. One of the things we didn't talk a lot about but I would say in patch management process the biggest challenge and where most time is spent is mapping a CVE to a specific patch that needs to be deployed in a specific machine because of 64-bit architecture, 32-bit architecture. So the Avanti catalog helps us tremendously to help bring the knowledge that we have on the CVEs to that catalog and then give our customers a way to be able to get those patches deployed in a very, very quick way. And so that essentially has just created this new category when you have this end-to-end ability on a single platform, right? So whether it comes from colleagues or somebody else, I think the need is there to say when I'm looking at patch management, I want the discovery of vulnerability and patching all of that to be done together. And that speed is absolutely critical. So in terms of the general availability, I mean, is this available now? When do customers get access? So with the partnership with Avanti, so VMDR in general has been available now for customers for a couple of months, but now with the Enhanced Partnership, it was available for Windows or is currently available for Windows. And now we are working with Avanti for the next few months to get the Mac version out. So we would think about in the next couple quarters, we will have that available through Qualys VMDR, the ability to patch the Macs as well. Excellent. Mayak, let's go ahead and take this home with you. In terms of, give me kind of an overall, round this out, the expansion of the partnership, the importance of helping customers in these disparate environments and the momentum that this gives Avanti for the rest of the year and going into 2021. Yeah, so I mean, this really rounds our entire Avanti's vision and strategy. Lisa, where, I mean, our ability to discover every asset customers have on their end points, end point assets, edge devices, being able to manage those devices holistically end to end, secure those devices, and also do service management of those devices. And I mentioned this, we are the only vendor in the market that can do all of this end to end, all the way from discovery to security to service managing the devices, which and the partnership with Qualys really helps us rounded off across the board, this full life cycle of end point management, device management, and also enables us to extend to the natural adjacencies of IoT with our Avanti neurons vision and strategy, and truly get into a world of what we call self-healing and self-securing, the autonomous edge that we really strive to in the long term. Well, congratulations, both of you on this expansion of the partnership. We thank you for taking the time to explain to us the value in it, the challenges that it's going to solve for your customers. Nayak, it's always great to have you on the program. Thank you for joining me. Thank you. Thank you, Lisa and Sumit, absolutely a great pleasure talking to you all the time. Thank you for inviting me and good seeing both of you and I look forward to seeing you guys again. Have a good day. Yes, it'd be great to meet you as well. For my guests, I'm Lisa Martin. You're watching this CUBE conversation.