 from San Francisco, it's theCUBE. Covering RSA Conference 2020 San Francisco, brought to you by SiliconANGLE Media. Okay, welcome back everyone here at theCUBE coverage for RSA Conference in Moscone, south floor, bringing you all the action, day one of three days of CUBE coverage. Now where the security game is changing, the big players are making big announcements, the market's changing from on-premise to cloud, then hybrid, multi-cloud is seeing that wave coming. Got a great guest here, Rishi Baravka, DP of Product Strategy, and co-founder of Dimistu, which was acquired by Palo Alto Networks where he's employed now. Rishi, thanks for coming on. Thank you, absolutely, happy to be here. So first of all, great journey for your company. Close the year ago, half a billion roughly, give or take. You guys did well. Yes, 560, yes. 560, congratulations. Thank you. Big accomplishment. You guys were taken out right into your growth phase, and now at Palo Alto Networks, which we've been following as you know, very carefully, got a new CMO over there, Gene English, know we're very well. We're very bullish on Palo Alto, even though that the on-premise transition's happening to cloud, you guys are well positioned. How's things going? Things are going fantastic. I mean, we are investing a lot in the next-gen security business across the board. As you mentioned, Prisma Cloud is a big business, and then on the other side, which is what I'm part of, the Cortex Brillo family focused on the security operation center and the efficiencies. That's fantastic, and a lot of product innovations, investment, and the customer pull from a soft operations perspective as well. So, very excited with what you're doing. You guys had a big announcement on Monday, and then yesterday was the earnings, which really kind of points to the trend that we're seeing, which is the wave to the cloud, which you're well positioned for. Obviously this transition going on, but I want to get to the dues first. Then we get into some of the macro industry questions. You guys announced the XSOR, which is redefining security orchestration. What is this about? What's this news about? Tell us about it. Yeah, so this news is about, DeMisto was acquired about a year ago as we talked. This is taking that DeMisto platform and expanding it, and expanding it to include a very core piece, which is fit intel management. If you look at a traditional SOC, what has happened is those SOC teams have had a sim there, and over the last few years acquired a SOC platform, such as a DeMisto security orchestration automation and response platform. But the threat intel team has always been still separate. The threat intel feeds that came in were separate. With this, we are expanding the power of automation and applying that to the threat intelligence as well. And that's the big thing. What is the intelligence current state of the art right now? So the current state of the art of threat intelligence is the larger organizations typically subscribe to a lot of paid feeds, open source feeds, and aggregate them. But the challenge is they aggregate them, they sit in a repository, and nobody knows what to do with them. So the operationalization of those feeds is completely missing. So basically they just go into a data pile, corpus, they sit there, no one touches it, and then everyone's like, ah, it's too, it's a heavy lift. It's a heavy lift, and nobody, no CISO sees the value coming out of it. How do you proactively hunt using those? How do you put them to protecting proactively? Okay, so explain Cortex Exor. Yes. What is it, and what's the value? So the Cortex Exor as a platform, there are four core pieces. Three of which were the core tenants of DeMisto since the beginning. One is the automation and orchestration. So today we roughly integrate with close to 400 different products, security and IT products, via the API, and let customers build these workflows. We come out of the box with close to 80 or 90 different workflows. The idea of these workflows is being able to connect to one product, pull the data, go to another, take an action. So their automation orchestration builds a visual workflow. Second is case management, and this is very critical, right? I mean if you look at the process side of security, we have never focused as an industry on the process and the human side of security. So how do you make sure every security alert and the process, the case management, escalation, SLAs are all managed? So that's the second core piece of Cortex Exor. Third, collaboration. One of the core tenants of DeMisto was, we heard from customers that analysts do not talk to each other effectively, and when they do, nobody captures that knowledge. So DeMisto has an inbuilt boardroom, which now Cortex Exor has the collaboration boardroom, and that is now available to be able to chat among analysts, but not only that, chat with DeBot and take actions. The fourth piece, which is the new expanded platform, is the threat intel management, to be able to now use the power of orchestration, automation, collaboration, all for threat intelligence feeds as well, not only the alerts. So you're adding in the threat intelligence feeds. Yes. So is that visualized as AI on them? Is machine learning on that? So how is that being processed in real time, and how does that on demand work for that analyst? So the biggest piece is applying the automation and intelligence to automatically score that, and being able to customize the scoring to customers needs. Customize the confidence score per feed, and once you have the high-fidelity indicators, automatically go block them. As an example, if you get a very high-fidelity IOC from FBI that this particular domain is a malicious domain, you would want to block that in your firewall and use that to execute it immediately. And that is not happening today, and that is the code. And that's because the constraint is, I don't know the data. It's manual. We don't know the data, and it's manual. Some human needs to review it. Some human needs to go approve it. Just not being surfaced. Just not being surfaced. All right, so let's get back into some of the human pieces. I love the collaboration piece. One of the things that I hear all the time in my CUBE interviews across all the hundreds of events we go to is the human component. You mentioned that. At the end of the day, people are burnt out. I mean, these security guys, the joke was CIOs have good days once in a while. CISOs don't have any good days. And it's kind of a joke that's pejorative to that, but that's the reality is that people are overworked. Yes. We actually, you have another joke talking of jokes. We have this, which is, what do you call an overworked security analyst? A security analyst, because every one of them is overworked. So this is a huge thing. So like the AI and some of the predictive analytics, the trend is towards personalization towards the analyst. Exactly. This is a trend that we're seeing. What's your view on this? What's your, how do you see that? No, so absolutely, we're seeing that trend, which is how do you make sure analysts gets to see the data they're supposed to see at the right time, right? So there's one aspect is, what do you bring up to the analysts? What is relevant? And do you bring it up at the right time to be able to use it, respond with it? So that comes in, one, from an ML perspective in machine learning and our Cortex XDR suite of products actually does a fantastic job of bringing very rich data to the analyst at the right time. And then the second is, can we help analysts respond to it? Can we take the repetitive work away from them with a playbook approach? And that's what the Cortex platform brings to them. You know, I'd love to riff on some future scenarios. Kind of, I won't say sci-fi, but you kind of roll a little bit in the future. To me, I think security has to get to like a multiplayer gaming environment. Because imagine like a first-person shooter game, you know, or a collaborative game where it's fun. Cause once you start that collaboration, then you're going to have some ROI around, I saw that already, don't waste your time, or then you're going to get to know people. So sharing has been a big part. How soon do you think we're going to get to an environment where, you know, I won't say like gaming, but that notion of I got a headset on, I got some data, I know who you are, you got a reputation, you got your armor, you got your certifications. Put metaphorically putting, I think we have a lot of these aspects. And I think it's a very critical point you mentioned, right? So one of the things which we call the virtual water room in Cortex Exor, I was pointing out the fact that you can have analysts sit in front of a collaboration water room, not only chat with your peers, but chat with the bot to go take care of this, is equivalent to remember that Matrix movie, plugging in says, do you know how to fly this helicopter? Plug that in, now I do. That's exactly what it is. I think we need to move to a point where no matter what the security tool is, what your endpoint is, you should not have to learn every endpoint every time. The normalization of running those commands via the collaboration water room should be there. I would say we are starting to see in some of the customers who adopt Exor, they're using the collaboration water room to run those commands interactively. I would say though there's a big challenge, security vendors do not do a good job normalizing that data and that is where we are trying to get. Well Rishi, first of all, you get the award for bringing up a Matrix quote in the CUBE interview. So props to that. So you got blue team and red team, pick the pill. I mean, are people picking their teams? You know, what's going on? How do you see the whole red team, blue team thing happening? I think there's some really good stuff happening in my opinion, John. What's going on is right now, so far, if you see, if I go back three years, our adversaries were automating. Then we started to see this trend of red teaming automation with breach automation and bunch of companies starting to do that. With Cortex Exor and similar products, we are starting to now automate the blue team side of things, which is how do you automatically respond? How do you protect yourself? How do you put the response framework back there? I think the next trend I'm starting to see is these things coming together into a unified platform where the blue team and the red team are part of the same umbrella. They are sharing the data. They are sharing the information and the threat intel sharing. So I see we are on a very, very good path. Of course, the adversaries are not going to sit idle. Yeah, I mean, like you said about the DevOps mindset and having this notion of knowledge coming your way and having sharing package is all baked out for you. So you don't have to do the heavy lifting. That's really the problem. Data is a problem. There's too much of it. There's too much of it. And so much of it. And you don't know what is good and what is not good. Rishi, great, great conversations. Again, a lot of the matrix reference. Talk about your journey. You've been an entrepreneur. Yes. And sold you had a great exit. And again, Palo Alto Next is a world-class blue chip company in the industry, public. Going through a transition. What's it like from an entrepreneur now to the big company? What's your experience been like? Our journey has been amazing. I think our journey has been a very quick one. We've actually saw some crazy growth with the DEMISTO. And even after the acquisition, it's been incredibly fast-paced. It's very interesting. A lot of founders that talk to us like, hey, you must be now resting. It's like, nope. The journey is amazing. I think we as Palo Alto Networks fundamentally believe that we need to innovate really, really fast to keep the adversaries out. And that's been the journey. I mean, we have accelerated, in fact, some of our product plans that we had as a startup. And delivering much faster. So the journey has been incredible. And we have been seeing that growth. Well, they picked you guys right up. There's no vesting and resting going on when you guys were on the uphill, on the upslope growth. And certainly relevance for Palo Alto. So clearly, you know, you're having fun. People vest and rest when they're pretty much checked out. But you guys looking like you're doing good. So I got to ask you the question though. When you started, what was the original mission? Yes. And where is it now? I mean, is there any deviation? What's been the kind of the course direction? Actually, no, this is a very relevant question. It's very interesting. Right after the acquisition, we went and looked at our pitch deck, which we presented to VCs in mid-2015. Believe it or not, the mission has not changed. Not changed in IOTA. It had the same components of how do you make the life of a security person, a security analyst, easy. And it's not the same mission by automating mode, by applying AI and learning to help them further, by letting them collaborate. So all the aspects of case management process, collaboration, automation of extension, it's not changed. And that's actually very powerful because if you're on the same mission, of course you're adding more and more capabilities, but we're still on the same path and growing on that path. So every company's got their own little nuance, Moore's Law for Intel. What made you guys successful? Was it the culture of DevOps? It sounds like you guys had a certain ethos that was cut in, grain. The mission's great, by the way, making things easy. But you got to do it. You got to stay the course. What was the fundamental cultural feature? Yeah, there's one thing we really stand by, and I actually tweeted about a few weeks ago this, which is every idea is as good as its execution. So there's two things which we really focused on, which is customer focus. And we were really, really particular about customer focus. Customer needs to get the product, needs to use the product. Customer focus and execution. As we heard the customers loud and clear every small bit of it. And that's what made the journey possible. Did you guys have this agile mindset as well? Oh, absolutely, agile mindset and the DevOps mindset comes with the customer focus because we kind of did these micro-pivots. Customer wants this, like why do they want this? What is the end goal? Pivot it, learn it, move on to it very quickly. Make a decision, align and go. Amazon Web Services way. Yes. Debate, argue, align, go. And then go. And then once you said go, you're on. Rishi, great success story again. Start up right out of the gate, 2015. Acquire a couple years later. Congratulations to you and your team. Thank you. And looking forward to seeing your next Palo Alto Networks event or, absolutely. Thanks for coming on. Radiance site. We're here in theCUBE coverage. I'm John Furrier here on the ground floor of RSA Conference on Moscone. Getting all the signal, extracting it from the noise here on theCUBE. Thanks for watching.