 from downtown San Francisco. It's theCUBE, covering RSA North America 2018. Hey, welcome back everybody. Jeff Frick here with theCUBE. We're at RSA North America 2018 in San Francisco. 40,000 plus people talking security, enterprise security, cloud security, a lot going on. It just continues to get more and more important. And we're really excited for our next guest who's been playing in the enterprise space for as long as I can remember, which has been a little while. Mike DeCesar, he's the CEO and president of Forescout. Mike, great to see you. Started my career off when I was one, so I've been in this for a long time. You have been in it a long time. So you guys now, you're all about, right? So there's so much stuff going in security and security is one of these things that I have to look at, it's kind of like insurance. You can't put every last nickel in security, but at the same time, you have to protect yourself. The tax surface is only growing with IIOT and we were at Autonomous Vehicles Show and Five Jesus coming around the corner and all these connected devices and APIs. So you guys have a pretty unique approach to how you top level think about security, call visibility, explain that to us. So visibility is the next big thing in the world of cybersecurity and the dynamic is very basic. It's for 20 plus years, CIOs and CISOs were substantially able to control everything that was on their network. You'd buy servers and windows machines and blackberries for your employees. And then there was very little tolerance for other devices being on those organizations networks. And what happened 10 years ago this year with the birth of the iPhone was that CIOs, those same CIOs now had to deal with allowing things onto their network that don't subscribe to those same philosophies and where you can't buy it and outfit it with security before you put it into the environment. And that's the gap that Forescout closes for organizations is we have an agentless approach, which means we plug into the network infrastructure itself and we give customers visibility into everything that is connected to their network. So the begs the question, how do you do that without an agent? I would imagine you would have to put a little agent on all the various devices. So what's your technique? We actually don't. That's the secret sauce of the company is that over 10 years ago, we recognized this IoT trend coming because that's the thing in the world of IoT is unlike the first kind of 20 years of the internet, there was a substantially smaller number of operating systems, most of them open, the different characteristic about the current internet is that many of these use cases are coming online as closed proprietary operating systems. The example I use here is like your home, you get a Nest thermostat and you put it on your network and it monitors heating and cooling, but the device, the operating system, the application is all one consumer device. It doesn't run Windows, you can't install antivirus on your Nest thermostat. So our approach is we plug into the network infrastructure, we integrate to all of the network vendors, the firewall vendors, the wireless controlling vendors, and we pull have both active and passive techniques for gathering data off those devices and we translate that into a real time picture of not just everything connected to the network, but we know what those devices are without that client having to do anything. So you have what you call a device cloud or yeah, of course got device cloud. So is that a directory of all potential kind of universe of devices that you're querying off of or is that the devices within the realm of control of your clients directly? It's the second, it's the, so the way that our product works is we plug into the network infrastructure, so anything that requests an IP address, whether it's wired and wireless in the campus environment, whether it's data center or cloud in the data center environments, or even in the OT space, anything that requests an IP address pops onto our radar the second it requests that address and that cloud that we've built that we've had for about nine months, we already have three million devices inside of almost three and a half million devices is a super set of all of the different devices across our entire install base, just from the clients that have been willing to share that data with us already. And that gives us optimism because what that becomes is a known set of fingerprints about all known devices. So the first time that we discover a Siemens camera that might be a manufactured, a company might have 10,000 of those in the environment, the first time that we see that device, we have to understand the pattern of traffic off that device, we label that as a security camera and any other customer worldwide that has that same device connects, we instantaneously know it's a Siemens security camera. So we need the fingerprint of those devices once. Right. So you're almost going to be like the GE predicts of connected devices down the road, potentially with this cloud. I won't go there all the way. He won't go there, all right. We've talked to Bill Rue a lot of times, but it's an interesting concept. The nice thing is you can leverage from a single device to knowledge across the other ones, which is so, so important on security. So you can pick up multiple patterns, repeated patterns, et cetera. One of the best parts about Forescout is the fact that we deploy incredibly quickly. We have clients that have almost a million devices that got live in less than three months. And the reason we're able to do that is we plug into the infrastructure and then our product kind of does its own thing with very little effort from the client where we compare what we have in this repository against what they have in their environment. We typically get to an 80 or 90% auto classification, meaning that we know 80 or 90% of the time, not just what's on the network, but what that device is. And then the other 20% is where we have to do the implementation where we go through and we look at unique devices. It might be a bank has some model of ATM we've never seen before or a healthcare company has beds or machines on a hospital floor that we haven't recognized before. And the first time that we see each of those devices uniquely, we have to go through the process of fingerprinting it, which means that we're looking for the unique pattern of traffic that's coming off a router, a switch and a firewall and we're ingesting that and we're tagging that device and saying anytime we see that unique pattern of traffic that's a certain device, a security camera or what have you. And the reason that's useful is then we get to put a policy in place about how those devices are allowed to behave on the network. So if you take something like the Mirai Botnet which hit about a year ago was the thing that took down a big chunk of the Northeast, the utilities and internet, it was a bot that infected security cameras predominantly. Nobody thought twice about having security cameras and their environment, but they're the same as they are your house where you put it online, you hit network pair and it's online, but that bot was simply trying to find devices that had the default password that shipped from the security manufacturer and was able to be successful millions of times. And with our product in place, that couldn't happen because when you set us up, we would know it's a security camera. We put a policy in place that says security camera can speak to one server in the data center called the security camera server. And if that device tries to do anything more criminal, if it tries to dial the internet, if it tries to break into your SAP backend, any of those activities, we would give the customer the ability automatically to take that device offline in real time. And that's why our clients find us to be very useful. So you're really segregating the devices to the places they're supposed to play, not letting them out of the areas they're supposed to be. Which is the classic kind of backdoor way in that the bad guys are coming in. We, our philosophy is let everything onto the network. We take a look at that traffic. We give you a picture of all those devices and we allow each customer to put an individual policy in place that fences that in. If you take the other extreme, like a Windows machine in a corporate environment, our typical policy will be, do you have Windows 2009 or later? Because most customers have policies and they don't want XP in their environments anymore, but we enforce it. So if an XP device hits the network, we can block that device, or we can force a new version down. If you have Symantec, has it got that file update? If you've got Tenable, has it had a scan recently? If you've got any of the other products that are out there that are on those machines, our job is to enforce that the device actually matches the company's policy before that device is allowed. Before you let it condone. And if at any time that it's on that network, it becomes non-compliant, we would take that device offline. With the proliferation of devices and continuation growth of IoT and then industrial IoT, I mean, you guys are really in a good space because everything is getting an IP address. And as you said, most of them are proprietary operating systems where they have some other proprietary system that's not going to allow kind of classic IT protections to be put into place. You've really got to have something special and it's a pretty unique approach coming at it from the connectivity. It's the secret sauce of the company is we recognized many years ago that the combination of not just there being very few operating systems, but they were all open. Windows, Linux, right? And you can buy a Windows machine and you can install any product you want on it. But we saw this trend coming where the next wave of devices was going to be massively heterogeneous and also in many cases very closed. And you mentioned the example of the OT space. And that's one of the other, the third biggest driver for us in our business is the OT space because when you look at a Wannacryer or not Petia and you see companies like Maersk and FedEx and others that are publicly talking about the impact of these breaches on their earnings calls, what those companies are waking up and realizing is they've got 25 year old systems that have run an old version of Microsoft that's been end to life decades ago and the bad actors have proven very adept at trying to find any entry point into an organization, right? And the great news for Forescout is that's really lends itself very much towards our agentless approach. I mean, many of these OT companies that we're in, the devices that are in their manufacturing facilities don't even have an API. They were built so long ago so there's no concept of interacting with that machine. So for us, allowing that device to hit the belt and switches and then be able to interrogate the traffic coming off those switches lets us do the same thing that we do in the campus world over in the OT world as well. Good spot to be. So RSA 2018, what are you looking forward to for this week? This is just a massive, it's like speed dating. From a customer's perspective too, right? I mean, I meet so many customers that come here and are able to meet with 30 or 40 vendors in a single week and it's no different for the providers themselves. So we've got some really kind of really high profile big wins, it's very common for us to be doing deals at this point that get up over a million devices. So they're very high profile. So it's a great chance to reconnect with customers. One of the things I didn't mention to you is that kind of the whole thing that we do of identifying devices and then understanding what they are and allowing those policies to get put in places, that's fundamentally done with our own IP and the connections into the switch and firewall vendors. But we've built this whole other ecosystem of applications in the world of orchestration that sit on top of our products. We integrate the firewall vendors, the vulnerability management vendors, the EDR vendors, the AV vendors. So it's a great chance for us to reconnect with those vendors as well. In fact, we're doing a dinner tonight with CrowdStrike. They're one of our newer partners. Very excited about this week. It brings a lot of optimism. Well, great story, Mike, and excited to watch it to continue to unfold. We appreciate you giving us some time. All right, thanks for stopping by. Thanks. Bye to Caesar. I'm Jeff Frick. You're watching theCUBE from RSA North America 2018. Thanks for watching. Catch you next time.