 Live from Silicon Valley, it's theCUBE, covering RSA Conference 2017. Now, here's your host, John Furrier. Hello, welcome everyone to the special live CUBE coverage here inside our studio in Palo Alto. We've been at RSA Conference and San Francisco for the past two days, scouring the landscape myself and Jeff Frick was up there doing interviews on the ground, again, huge crowd. We couldn't bring theCUBE there this year, so we're going to do a live in-studio wrap up today, all day today, wall-to-wall coverage. And our first guest is Darius Goodall, who's the director of security products at Barracuda, Barracuda Networks. Well-known, I mean, they've been doing security as an appliance when they first started the company. Now they're super successful and grown from the anti-spam virus firewall back in the day to full-blown security portfolio. And the threat detections in the whole landscape has completely changed, obviously, RSA this year. Darius, comment on the first welcome to our- Yeah, thanks for having us, John, I appreciate it. It's been a dark vibe there, and honestly, and by the way, I kind of love the whole cyber thing, personally, as a geek, because it is a digital world now, and there is cyber warfare going on. There are threats that are global, and we were staying on theCUBE, not a last show. Where's the cyber West Point? And so, the younger kids coming up into the industry are all now living spear-fishing. Every kind of attack you can imagine. So it just seems that the diversity of attacks is grown, and there's more tactics, good guys, bad guys, white guys, dark web. I mean, what's- That's right, you're exactly right, and that's a really good question. Where is the cyber West Point? I'd like to love to see that as a university come out in the future as well, that would be awesome. But yeah, it's unrelenting, right? It's absolutely unrelenting. The number of attacks that we're seeing with our broad threat intelligence that we have is just crazy. I mean, one of the, I was talking to Michael Osterman, actually, industry analyst a while ago, and he's predicting that we're seeing, just in ransomware alone, 200 new variants a quarter, at the very least, and there's no sign of abating, well up into 2020. So this is definitely following, like you say, you know, the threats they're changing as time goes on, the landscape changes. These guys are just moving with supply and demand, right? Ransomware is one of those things where it's just so coordinated. Talk about some of the threats, because I want to get into some of the things that you guys are doing as a company. I think it's important to highlight as this changes, but talk about some of the key things that are happening. What are the top security threats in your mind that you see out there, isn't it? Ransomware is one of those things where it's kind of an embarrassing thing, so you don't really kind of hear about it. It's one of those things where it's also coordinated so that the attackers know who they're going after and know how to get the leverage, whether it's a hotel or... Well, you're right, you're right. I mean, some of it's coordinated, some of it's very coordinated and starts with the spearfishing campaigns and so on, and obviously comes to the less coordinated, you know, in the fishing campaigns to boot as well. But I've seen some very interesting occurrences over time, just like you say. We've heard of the ICUs at the hospitals being locked up. We've heard libraries. We've heard of hotels with the electronic key card systems being disabled and so on. It's all very disruptive, all pretty nasty stuff. But we're starting to see some strange strains coming out as well. I mean, one that I saw come out in November was a new strain called Ranscap. It looks like ransomware, it feels like ransomware. I asked you money in Bitcoin for ransomware as well, but at the end of the day, it actually, what it does is destroy your files. So you're gonna make that one easy payment on their payment plan, and you're gonna get exactly nothing back for it. So the motto of the story, the moral of the story. It's fake ransomware. That's right. It's fake news. It's fake ransomware. It's Ranscap, right? It's Ranscap. I mean, there's no honor amongst thieves now. They're just ruining it for themselves, right? But we like that. Then come over, let them spend more of their investment actually, or invest more, I should say. My friend Bill Tai, who's a former venture capitalist, big kite surfer, he's big into Bitcoin, and he just got his two-factor authentication nails. So two-factor, you get your phone, you get SMS message. Now they're hacking the phone, so now that's at risk. So what is the prospect? I mean, my liberties are being at risk here as a user, as a consumer. If two-factor authentication is not going to work, if the phone's going to get hacked, and certainly emails can be compromised, I'm just assuming my emails compromised these days, but what's next? How do I, as a user, and as a company, or a consumer of a company, get secured? It's a big challenge. It's a big challenge. And this is something that we talk about on a daily basis, is you have to secure from all of the threats, right? And so it's no longer about having the old legacy systems. We hear of companies all the time saying us are legacy tools, they're not doing the job, they're just not cutting it anymore, right? So they're always looking for the latest things. So the advanced threat detection, the advanced threat protection, that is live up to date, and distributes all of that information across all the threat vectors. Just like you say, now we're getting another one, which is talking more, what you mentioned is more about end point protection, specifically around mobile devices. So yeah, that's another challenge. That's going to be another area of the market that we have to look at. Well, you mentioned attack vectors. Some people also say surface area attacks, which now with the way the web is digital, there's unlimited doors to enter. It used to be front door, back door. You lock it up, you secure it, you have a mode, and that's the perimeter. Secure, everything's good, VPN in. That's gone, everyone kind of much validates that. So what is the challenge now? Because I was just talking to my son as I was driving to school, we were talking about how Teslas are being hacked. Cars are being hacked. So IoT, Internet of Things, opens up this, and everyone says AI is going to cure all, but the reality is that it isn't. So is the answer first of all, one, talk about the surface area of attacks, and two, is the answer data sharing, is the answer open source? Because some are saying, if you have open source, the collective intelligence of everyone. Could be the answer. What's the current state of the world? So from a barracuda perspective on the threat intelligence, we collect our threat intelligence from numerous different places, and that's absolutely critical. You can't just have a single point source. But then a leading, and some of that is open source stuff, getting that information from open source places. Of course that's critical as well. That adds to your threat intelligence. But aside from that, like I said, it's one thing for you to understand or see an attack coming on a specific threat vector. It's then how do you leverage that information? How do you make that information available across all the other threat vectors? So for example, ransomware, there's no question, 70% of ransomware gets deployed over email, right? Whether you pick it up on your cell phone device or your laptop or your desktop, whatever, it really doesn't matter, right? But what we see then is that as soon as we detect a piece of ransomware that comes in on that threat vector, what we need to do is make sure that that information is available right across all the other threat vectors. So these guys are planting the same piece of ransomware out on a website. They're waiting for someone unscrupulous user to come and download it, right? In which case, endpoint protection might not necessarily help you there. You then need to be able to thwart that kind of attack and a web download. So a web gateway, a secure web gateway, and be able to take that information and upload it to your ATD stack and what have you to make sure that that's cleansed. But you don't want it to keep on going up to the sandbox every single time. That's the point, because that's not the great user experience. Nobody wants to wait for that download. You want to use your threat intelligence saying, hey, I already saw this in my email threat vector or whatever. You want it to be more efficient. Exactly, exactly. Coordination amongst the data and these points to the back end. All right, so talk about the ransomware, because this is really interesting, because ransomware is an obvious example and that people can get a mental model around that. The timing's impeccable. It's kind of like the old, when I didn't pay my bills in college, the lights get turned off. I need the lights now. They know exactly when to turn off everything, so you have to pay more. But what are the use cases? And what do customers do? How do they protect it? What's the, take us through the day in the life of, hey, I have a ransomware potential problem. Do I deploy a certain way? Do I lock down certain assets? What do I do? What's the playbook? So the playbook is relatively clear from our perspective. We actually put this down into three very distinct buckets, right? So there's the detect category, there's the prevent category, and there's the recovery category, right? So on the detect category, this is all about making sure that your infrastructure, be it your email servers, your web servers and all that kind of stuff, they're all secure, right? The email service specifically, if you're doing a migration to Office 365, you need to make sure that those emails that have been migrated with them aren't taking all that existing ransomware, malware and viruses all across to your new infrastructure, because now you're just waiting for somebody to go back into an old email, double click on it and boom, you're done, right? So first stage is to take care of that, clean house there. The other thing is as well, it goes across to all the other threat vectors as well. Make sure that your web infrastructure, we're looking at web hacks, we're looking at people uploading files to companies like monster.com or what have you. Are they uploading malicious content or is it genuinely a resume, right? For example, so you're gonna make sure that those environments are secure and so detect any of the vulnerabilities associated with your web. Then you move over to the prevention category and that is exactly what we've been saying. Apply advanced threat detection across all the attack surfaces, whether it's email, whether it's web, whether it's network perimeter and so on. So make sure that you've got an advanced threat detection program to actually cover all of those as well. And I want to push you on the spot for a second and put you in the hot seat because this is, first of all, everyone knows Barracuda, the folks probably know you. You've got great products, you have enterprise presence. You guys do great job of security. Again, you're DNAs from your first product and it's done a great job and so I've been following you guys there. The question that comes up is, IOT, I mentioned the surface area, it could be air conditioning to Tesla cars, it's all these new attack vector points that you mentioned. But ultimately, the big topic is cloud. Where are you guys with cloud? Because at the end of the day, it's cloud, cloud, cloud, cloud also complicates and exasperates the threats. That's right. So Amazon's done a good job with security, Azure's out there, but I'm a customer, I might want to play in multiple clouds. So these are the things that are on the minds of the buyers right now. How do you help those customers? That's exactly right, and very good question, John. So migration to cloud is definitely an area for concern and quite rightly so. Because it just breaks up your network perimeter, it breaks up all your application perimeter and so on, right? So the rules still apply over here. As you migrate out into the cloud, the AWS's and the Azure's of the world, of course, they make their infrastructure secure. That's good for them. That's good for them. It does essentially nothing for you. If you put an application up there, it's like sticking it out on the cloud, right? It's sticking it out on the public internet. It's exposed. So what you then have to do is then... So essentially it's on them to make sure it's secure. Amazon is secure, but you have to take advantage of their stuff, which might change, again, more of the dynamics. Exactly. So it's on the customer to secure in the cloud. So essentially what you've done is you've opened up, perceived it as you've opened up a hole in your network perimeter. Now you need to close it up again. So you've just moved your assets up into the cloud. The first thing you're gonna get to do is go deploy a cloud instance of a firewall up there, right? So that's one thing, but then making sure that you can get to those assets securely is also equally important. So making sure you have the VPN, the encryption and the traffic prioritization and capabilities for that to get you access to your data up in the cloud, that's critically important as well. How do you, what do you guys do specifically for the customers? What products do you actually... Yeah, we push... Easy, I mean, is it push button report, like the provisioning? So it is, it is, right? So we have our well-known NGF products that are now, which are well-established either as IoT devices to secure the IoT framework, but more specifically as your network perimeter. We've taken that version because it's x86 based and we've created versions available for Azure and AWS. So it's exactly the same user... Is that the cloud-ready program? That's it. Well, the cloud-ready program feeds into this. But the firewall experience is exactly the same. You're just moving your perimeter out. So the cloud-ready program is just to address this and promote this. We've seen a lot of customers starting to move out to the cloud. And of course, what we want to do is enable them. So we've got a promotion out there that allows them to secure the network perimeter, but we'll give them free 90-day licenses for Azure and AWS to help move them up there. So it accelerates there. That's right. So I get this right. Your model is, okay, if you have an endpoint on Barracuda, you're extending them with a clear path of the cloud in things that they understand the Barracuda and the other pieces and whatnot. And exactly. And for newer customers who are looking to... So it's not a major shift for your customers? No. No, not at all. But for somebody moving out into the cloud where the leader out there in the cloud space in the firewall arena, and we've got very good traction. Business is good for you guys. Security's hot. I mean, what's the bottom line of the show? What's your takeaway first two days? Now I'm on the third day. What's the total vibe? Do you have to summarize the show? I want to talk about the, you know, I would say it's still around about the threats, the dark web, just like you opened up the conversation, right? I mean, it really is around that. And keeping up with that, keeping up with what's going on out there. That's a fascinating spot. And all the noise out there for customers that are being bombarded and the first wave of security that I would say in this kind of the unsecure list perimeter market, customers were buying everything in sight. Oh, it's security guy. Give me some of that. So that sprawl of buying security products is out there. And there's still, pretty much, they'll kick any solution most customers will. That's right. But now the challenge is they got to really start building stuff. What's your advice to enterprises out there that have bought everything and now got to start narrowing down on a straight, narrow on solutions? Yeah, you know what? Take a step back. My advice is take a step back and analyze your threat exposure, right? And really understand that before you start diving into buying products, okay? The nice thing about Barakur is simply that we are a portfolio company and we'll give you that visibility right across the entire threat surface and manageability as well. So that's, you know, those kind of things are critical. You've got the tactical solution to deploy and then you've got the data model behind it to back it up. That's right. So are you for this whole notion of data sharing amongst vendors? I think we have to. Yeah, I think we have to. Barakur is absolutely up in there. We've got to share that threat intelligence. We've got to get that single source of truth going. That's absolutely critical. All right, Darce, thanks for coming into the studio. Really appreciate it. Pleasure. I know you're heading up to San Francisco. We are here live in Palo Alto for our coverage of RSA Institute. We have a lot of guests lined up. Stay with us all day. Darce is going to shoot up to San Francisco and to the show with Jeffery. And I'll be attending some of the parties. I think we're going to be schmoozing people late night up in San Francisco. So we'll be right back with more coverage after this short break.