 Hey, welcome everyone to theCUBE's live coverage here in San Francisco at Moscone West in broadcast alley for RSA Conference 2023. I'm John Furrier, host of theCUBE, Dave Vellante is flying in. We're here for four days, wall-to-wall coverage. We're kicking it off on day one with J2 Patel, executive vice president of Collaboration Security at Cisco Systems, CUBE alumni, great to see you. Thanks for coming in, kicking up. You got a big keynote, we need a little preview. You know, by the way, I love the fact that you just, in RSA, you walk around, and you and I weren't scheduled, so you just kind of flagged me and said, let's get on, and this is great. So, yes, we have a keynote today, we're excited. And I think RSA is one of those iconic events for security where you just get to meet all of the old friends and colleagues, and it's fantastic. Well, Serendipitous, as you know, it's all about Serendipity, won 13 years doing theCUBE, having CUBE alumni, and we're right next to the keynote dry-run green room, so all the top talents walking by, so thanks for it. Well, thank you for having me. And I know you're super busy, let's get into it. So you got a keynote coming up. Before we get into that, Cisco's also a big player in security. You run two big groups within Cisco. Collaboration, which includes all video and workflows around that, and then obviously security, two of the hottest areas. You know, they'll give the job to anyone these days. Ha ha ha, a lot of pressure. No, it's actually, it's a privilege to be there, and you know, we are here to talk about security, but I think hybrid work actually has a fair amount to do with security as well, because as people work from anywhere on any device, you know, the attack surface is just going to get larger and larger, and the attacks are getting more sophisticated, so security plays a pretty big role on the hybrid work side as well, and also on the security side. But it's interesting to see what's happening right now in the market. So as companies move to hybrid, multi-cloud worlds, I think there's an appetite for customers to say, hey, wouldn't it be nice to have a neutral kind of company that can abstract networking and security so that you can actually acquire and steer any and all traffic across any of the cloud providers? Because I think there's going to be four major computers in the world, Microsoft, Google, Amazon, and you know, a private data center of some sort, and each one of them right now have their own compute stack, storage stack, network stack, and security stack, and we'd like to make sure that we abstract networking and security and act as a layer above all of that. And if we do that, I think there'll be a fair amount of kind of efficiency in making sure that you can actually drive workloads across any of those cloud providers while still maintaining the policy structure of security. What's also interesting too, you were on the Mobile World Congress Cube, for the folks that are watching, check that out, Mobile World Congress coverage, that's telecom, that's the pipes. So abstracting away Cisco's obviously business and networking over the years, legacy, as you move up the stack in this abstraction, you've got bolt-ons and you've got abstraction. So a lot going on there, and then you've got the large language models, multimodal, AI's hit the scene, that's only going to accelerate. I know Cisco's done a lot with machine learning, so it's not a new concept to Cisco. AI though now is becoming a consumable opportunity that people are starting to get their arms around. So all this presents a perfect storm of innovation. And security now, we're going to hear a lot here, developer first, developer centric, offense, defense, what's your, how do you look at the current state of the market right now? Look, I think if you think about the state of security, firstly, it's about 3,500 vendors in the space. No one owns any kind of dominant share in the market. It's a highly fractured market and I think what's starting to happen now is, especially because of AI, the attacks are also going to get more sophisticated. And so we need to make sure that there's a mechanism to have much more of a platform approach rather than just a point solution approach that can have, we have this concept of cross domain native telemetry that can actually go out and solve for sophisticated attacks. But in AI what's really important is there's going to be three factors that fundamentally change in security as a result of AI. Number one, you're going to see the experience get meaningfully altered. I think there's going to be experience. Gone are the days where you just have a mouse as a point of input. You'll actually have large language models where you have natural language and command line prompts will be a very, very kind of interesting way to do things. And it'll be much more conversational in nature. So that's one. Number two is you'll see the efficacy of security go up quite a bit. And number three is the efficiency of everyone, the SOC analysts, the CISO, the practitioner that's going to go up. It's a, I love what you're going with this because I just think it's so fascinating because both offense and defense have the advantage too. So the bad guys are going to be just as good with AI as the company. So a lot of things going on. Let's take with this prompt engineering kind of vibe with the AI right now. It's super hot. You hear prompt engineering, prompting chat GPT as an example. Then you get prompt operations. And then you hear about prompt tuning. So it reminds me of the DevOps movement. You got prompt engineering, ops, tuning is more self-healing. So a lot of these concepts are on automation are coming forward. Undifferentiated heavy lifting is a concept that's well known in the cloud. So as AI starts coming in, security is not a place where people experiment. You don't want hallucinations. Ops is super valuable. So this is important. This is the distinction between the, we get the copyright issue. This is a whole nother ball game. But more people are writing code from AI. So now you have code pollution coming in. That's going to change the observability game. That's going to change the trust equation for networks. It's almost like mind blowing. As you look at that, that's what you're looking at now. Yeah, I think we, the way that we're thinking about AI. Firstly, we have to think about it from a responsible AI framework perspective. Because there's going to be a fair amount of upside with AI. There's also going to be some pretty significant downsides. And you have to make sure that you can actually match for both. But there's three things that I think in AI are important to keep in mind as this market evolves. The first one is the model itself, right? And what you're starting to see with models now is, if you have three different models and you feed it the same kind of data, largely the substantial kind of core of what you're getting back as insight is not that different. But what's different is if any one of those models is fed even a little bit more unique data, specialized data, you're going to see a step function improvement in the insight that you get from it. So the first one is the model. The second is the data itself. What's the custom set of data that you're going to provide that specialize? And in security, you're going to have security data that's going to be native telemetry for security. You're going to have any kind of playbooks that you might have that you'll feed in. So human knowledge will be pretty important to enter in. And then the third one is experience. And then all these three come together. I think magic starts to happen. And I think that's a great point. I want to not to circle back to Cisco. Sound like it's a Cisco commercial, but the unification is going to be the key part of all this. We look at data. So proprietary data is a new initial property. That's kind of being talked about right now in some of the elite circles and the thought leadership. So that makes a lot of sense to me. But when you have it integrated, where you can actually move it around in a way that's tied into workflows or systems. The way we think about it is it has to be correlated, not just aggregated, you know. And if you think about an attack kill chain from a minor attack framework, what does it look like? Well, you start something in an email. You have a link in an email that actually takes you to a website. Website downloads a piece of code onto your endpoint. That then spawns a process on the endpoint before you know it. You've actually had that malware now starting to traverse the network. You look at that entire chain. If you look at each one of those domains, email, web, endpoint, network, as individual domains, you only get half the picture. Yeah, exactly. And so what you need to have is something that's actually going to be correlated across all of those domains. So you've got a much more end to end picture. You spoke and siloed is not the answer. It's not the answer anymore. Some sort of connective tissue. If they're decoupled, you have to be unified. That's going to change the identity access, zero trust equation. That's going to change the data protection in the patchless market. And that's going to open up cloud native, cloud native networking for developers, which is a hot area. That's not only to talk much about this show, but you start to see signs of the new trend where developers are driving the change and they're the new consumers. So we're calling it B2D, business to developer. And if you win that equation, I don't say win, but if the developers adopt something, at the coding point of coding, security is built in from the beginning, not just shift left, but programming data. A prompt is a call. We think of it as policy as code, right? And if you have a security policy that actually embed into the code itself, you're just going to be protected all the way up top. And so I think what's going to happen is there's a shift left movement where the developers will have it. There's also going to be a shift right movement where you'll actually see a fair amount of security kind of prevention mechanisms that are taken even for the SOC analysts, for the CISO, for the IT operator. So we're going to have policy sec ops, data sec ops. No, so that's because basically infrastructure as code is make the infrastructure programmable, make it invisible, extract away the complexity and make it easier. If data becomes programmable, you can almost go to that next level and connect the dots and say it's hard on top and it's abstracted away. I think this goes back, look, this goes back to this whole notion of making sure that you have a platform. Because when you have a platform and you've got multiple sources of telemetry in the platform, security is no longer going to be a game that can be won with human scale. It has to be machine scale. And in order to have machine scale, you can have isolated defenses by domain. You have to have cross domain defenses that actually have correlation, not aggregation. As you go forward. You know what's interesting about, I love this whole AI thing. I'd mentioned before, prompt tuning, there's a lot of papers going out right now. You can see a lot of, I've read more academic papers in the past, it's kind of fun though, isn't it? It's been in the past 10 and six years, more hit in the table. But this idea of tuning is like self-healing. This is a network constant. This is not new. Now you take it to data where you have, okay, if I'm looking at say policy changes on the fly, I have service mesh if you're cloud native. If you're standing up and tearing down services, whether they're network services or data services, you got to have that intelligence. This has become a killer error. This is new. I think there's a lot of exciting possibilities that are going to be there and how you can automate and reimagine the SOC. How you can reimagine a policy engine. How you can reimagine setting policies for organizations. And these are all things that have been relatively hard and cumbersome to do. And one of the big challenges that we as a security industry have had is, I think there's like four million jobs that go unfilled every year just in the US. We need to make sure that we can actually somehow figure out a way to augment AI to the talented skill sets that we have and pull it all together. And it's, I think the future possibilities are very exciting, but you have to keep in mind the downsides. And that's why responsible AI frameworks are going to be pretty important as well. I want to get into your keynote little preview. I don't want to reveal it too much. I know it's the afternoon, but I want to get into the collaboration side because I know your hybrid work is big. A lot of video, WebEx, setter ups, platform and security. But there's also a collaboration aspect on the security side, sharing data, sharing incidents, that culture is changing. Can you share your thoughts on that? It may not be a direct correlation to something you're doing within Cisco, but the notion of collaboration is more important than this industry than ever before. I'll give you an example where that works really well. If you think about XDR, extended section of response, what is XDR? IDC has a great definition for its three things. XDR is you take telemetry for multiple sources and ingest it, operative word being multiple. You then conduct analytics on it. And then, you make sure that you can effectively detect, respond and remediate the threats. Now, detection without remediation is insufficient. And remediation without detection is impossible, right? And so, how do you make sure that you actually tie all of this together in an effective way? And in XDR, one of the things that we've done, going back to your question of like, what are you doing with collaboration? Is when you detect a threat and there's an automatic orchestration that needs to happen of a response and remediation action, that can actually spawn a conversation in a chat interface right from within your sort kind of center that you have. It's the point of attack, point of real time at that exact moment. That's the dream of data, real time. You have to make sure that the time to investigation compresses as much as you can, so that the delta between detection and response is not days or months. It's actually hours and minutes. And I'll say all the database stuff, all the real time information, having that time series, all unified killer. All right, so let's get to the keynote. Give us a preview of what you're going to talk about. I know you're doing a dry run, going back in there now to do a dry run, get ready for your talk. What's the main talk track? What's the main message? Well, I think the main message is around this whole notion of the era of point solutions that have isolated telemetry, I think is no longer tenable. And the reason for that is one simple reason. Is if you think about attacks today, compared to attacks even three, four, five years ago, it's hard to decipher, and it's going to get harder with AI to decipher what is a normal course of activity that John is conducting to go about his day, and what is in fact a breach that is starting to occur. And it'll be hard to tell between those two. For example, if you look at the Nigerian Prince, right, not a real guy, but when he looked at the Nigerian Prince giving you kind of an offer to say, I'll give you 10 million bucks, John, if you just click on this link. It was very easy to decipher that the Nigerian Prince was not a real person, because there was spelling mistakes, there was a bunch of, now attacks are going to be much more bespoke. Hey, John, you happened to be at your daughter's basketball game yesterday. Great to see you there. By the way, click on this link because we've got some pictures for you to download. Or a job description from a fake recruiter. Exactly. That was the double supply chain hack that we reported on Silicon Angle this weekend. This new supply chain, whether it's workflows, spearfishing, whatever, they're now going to come in multiple combinations. More complexity. And I do feel like there's this notion of we have to make sure that we get ahead of it and not just, you know, look at this from a, the attacks are going to get more bespoke. They're going to get, there's going to be nuance. There's going to have to be some level of subtlety in determining an attack versus just normal course of action. And that cannot happen. I'll give you another example. End-to-end encryption is going to be very hard to go out and allow you to look inside a packet. So deep packet inspection is much harder to do. So the only way then in the future you'll be able to do what's traversing a network is not by looking inside a packet, but looking at the pattern of movement off the packet and infer from that whether or not that pattern of movement has anomaly to it. Yeah. That's going to make it more complex and harder for the bad guys. But they're going to be smart too. That's right. That's right. All right, final question for you. I know you got to go on them. I appreciate your time. What's going on in Cisco? How's business? What's the update? What's with your customers? What are they thinking about? What are the conversations you're having? Cisco performance, business update, and then what are the conversations you're having with your customers? Well, Cisco is a great place to work, by the way. I, having been there, it's such a privilege and we just got voted again one more time the best place to work. And if you think about what's happening we are having innovation on multiple different fronts. So if you, what are, we think of this as what are the core basic human rights? Well, the ability to connect is a core basic human right. The ability for people to be safe and secure while they're connecting is another core basic human right. And the right to privacy is a core basic human right. And those are the three things they're working on very closely. We're working with making sure that customers can reimagine the applications, transform their infrastructure, make sure that they actually have end to end security and can collaborate across these wonderful tools that we have so that hybrid work is no longer something that's an anomaly but a reality that's going to persist but we shouldn't feel the distance when people are away from each other. And you guys have all the technology to connect it from the packets to the app. I mean, we've been spoiled and actually it's great to see the uptick of the technology appetite within our customers. They love the new WebEx and all the things that we've done around it. So it's a, and security is a core part of it. Got a tailwind for sure. J2, thanks for coming on. Hey, thank you for having me. I know you're super busy, great to have you on. Appreciate it. Yeah. Such a pleasure. All right, theCUBE coverage kicking off. Our state conference 2023 in the broadcast alley, Moscone West four days of live coverage on Jump Jump for your host. We'll be right back with more coverage after this short break.