 Hello everyone, welcome to the CUBE special CUBE conversation. I'm John Furrier here in the Massachusetts studio. We've got a great special conversation here about cybersecurity with good friend of the CUBE, Nourish Kumar VP and general manager of product management at Zscaler with some big news happening. Nourish, great to see you and thanks for coming on this special CUBE conversation, cybersecurity conversation. Thanks for having me, John and it's a pleasure to be here at CUBE. It's great to welcome you. Actually all the latest tech breakthroughs here on the CUBE and this has been all about cybersecurity. We saw a lot of hacks have Microsoft just announced something this past week just on the deadline of this new SEC rule that you have to disclose everything under a certain time period. They snuck it in really kind of just an elementary hack still making impact and cybersecurity landscape is constantly being pounded by threats. People are trying to figure things out and today you guys are bringing as you guys say game-changing announcement from Zscaler. You guys are a leader in cloud security. You guys pioneered the segment but this is about disrupting traditional SD-WAN solutions. You guys are taking a different angle on this announcing a zero trust SASE solution that's looking at about a thing of the past. What are you guys announcing? What is the news? Why is this news important for you? Tell us what it is. Yeah, definitely. We are very excited to announce our zero trust SASE platform which is built based on zero trust AI capabilities and what we are specifically announcing and launching is a zero trust SD-WAN solution and it is completely built with zero trust principles and thinking to make sure that enterprises can leverage the technology for branch offices, factories, sites, data centers. It's all about bringing zero trust for not just users beyond users into those IoT, OD systems, those printers, those cameras and all the critical infrastructure in the data centers. It's all about bringing zero trust for those endpoints within these branch offices and redefining this as SD-WAN. That's about the announcement. And as part of this, we are introducing some plug and play appliances with new capabilities which we are very excited about to talk. So I want to dig into the product side of its platform plus there's some hardware here. I want to get that architecture and the solution but before we do that Nourish, can you explain what zero trust SASE is and how it differs from traditional SD-WAN security solutions? Yeah, SD-WAN is there for about close to nine or 10 years, right? And the SASE is relatively a new concept in the past two years where the whole idea is how to bring the network and security capabilities together until now, if you see, the entire networking products and solutions were completely deployed in a silo compared to the security products and capabilities. And with the users going mobile and working from home and all of this whole hybrid work is here to stay. And with those, the access needs are completely changing. So the assumptions that everybody is going to be in office behind a perimeter and secure those edges is what traditional SD-VANs are built. And we at Zscaler are taking this a completely fresh look at what this access means. How do we connect these users, these machines in a complete zero trust principles so that customers can take advantage of that end to end platform capabilities we offer in a true zero trust manner. That's what we want to disrupt and solve for our customers. Take us through the problem statement and elaborate more on this benefits of connecting users and locations and clouds through the zero trust platform called exchange platform. What's the problem that you guys are solving specifically? And how does that, and how does it extend zero trust beyond users? Yeah, a very good question. So let's look at the problem in terms of if you look at connectivity. So especially if you look at users connectivity when they're in office, they're assumed that they go through firewalls, VPNs to connect to the applications in the data center. And with all adoption of SaaS applications and cloud, the applications are not anymore in the data centers. They're completely migrated to the cloud. And similarly, the user is not anymore sitting in the same office location. They are moving to coffee shops, airports, or even working from home or wherever their choice they want to work from. So you can't have a security and restriction in terms of what they can access, defined differently in different parts. That's what was happening all along. So that's where things like remote access VPN or any form of VPN generally bring a lateral threat movement from a compromised standpoint. Or even if you were to put a firewall appliances or VPN appliances, stretching to the cloud or SaaS applications or wherever the applications are hosted, you're simply extending the attack surface. So these two fundamental problems of lateral threat movement and attack surface are at the core of any VPN based architecture and approach. And what we saw is that's the same approach everybody out there, especially from a SD-WAN perspective are using. And what we wanted to solve for customers is how could you bring the traffic without having a need for VPN and get into the platform through Zscaler Zero Trust Exchange so that the user doesn't know where the application is hosted and application does not know how to reach the user. That fundamentally will break the model of giving over privileges, which is all about Zero Trust approach and philosophy. I really appreciate that. That's a great little masterclass there on the description. So a follow-up on that if you don't mind is what's the customer's pain point? What are they feeling? Why would they call you? What's the phone call? What's the email? Hey, I'm having problems with blank. What's the sign that they're really needing this solution versus are they the frog and boiling water if they're sitting with the old SD-WAN solution? When do they know they need to lean in to Zscaler's solution and portfolio of hardware? What's the burning symptom, if you will? Yeah, so it's interesting. Usually customers have spent billions of dollars across the decade by putting more firewalls at every time they have a breach. And yet the breaches are raising and the attacks are increasing. So oftentimes the first thing customers reach to us is we have this attack. We have this scenario happen. We have all the security in place. How do we Zscaler can help solve us, right? And for us at Zscaler it's all about business risk. So we wanted to look at everything from a perspective of how could we help the customers transform not just a security layer, but at application layer, at a network layer because all of these application transformation security transformation and network transformation have to work hand in hand very tightly. That is where the whole idea of the foundational approach you take from a connectivity perspective, the cyber security and cyber threat protection portfolio we leverage is consistent. So the comprehensive security is what customers look for. I have this user sitting in home or sitting in branch office or coming from a third party location in a B2V scenario. How would I have a consistent comprehensive security stack which is applicable to everybody in equal way so that I can prevent and protect the risks from business standpoint? That's the triggering point for most of our customers. Okay, so the next natural question is what's the top use cases organizations have successfully transitioned to from these older methods of SD-WAN and SASC? What were some of the key challenges and benefits they experienced during this transition when you guys looked at rule on the side? What were some of those key transition points? What were the benefits that they saw? What were the key areas that they achieved success in and what challenges they overcome? Yeah, there are four key use cases, especially from SD-WAN perspective, customers are working with us and we are seeing a significant benefits which I'll talk about. The first use case is around many customers have this zero trust initiative across the organization, not just for users, but how do, what does zero trust mean for a printer? What does zero trust mean for a set-up box, a feedback kiosk machine? Remember, all of these individual devices are connected to the enterprise network. They are sharing a part of your network and they're accessing resources. So that's the first thing about, I'm securing these users in a sophisticated way using Zscaler internet access, Zscaler private access and so on, but how do I extend those kind of zero trust capabilities onto these feedback machines, feedback kiosks or printers and cameras? So that's where most of customers are using us in the use case of site-to-site VPN replacement because most often times the branch offices talk to data centers, especially for these devices, whether it's a print server or any other type of application. So that's the first use case. The second use case we see a lot of traction, especially a lot of global customers do frequently acquisitions and mergers. So in case of these acquisitions, what we see is every time they acquire a small company, five, 10, 30, 50 locations, they have to go through this exercise of redefining their network because you have overlapping IPs, network challenges, everybody is belated in a different way. How do I make day one, day two, day zero type of operations much simpler? So we, with these zero trust SDVAN solution, enable customers to significantly reduce those from months to few days and hours in some scenarios. So that's the second popular use case we see across our customers. And the third use case we see a lot of traction is around secure OT access. Many manufacturing customers, healthcare customers and different verticals constantly work with third-party suppliers. They work with vendors where there is a need for allowing access for those contractors, vendors to some mission critical systems like HVAC systems, building management systems or things of those nature. So oftentimes VPN is the solution. They'll put a VPN appliance, they give a VPN agent to these contractors and they'll connect these two things. And that's exactly where many supply chain attacks and so on we have seen in the past one year, hugely there. So with the solution we offer, customers can simplify their connectivity in a true zero trust manner. So a lot of benefit for OT access in a secure way, whether it is for a user accessing those applications or a application accessing the application for updates and so on and so forth. And a third, fourth use case which is very powerful is zero trust starts with visibility. So a lot of times customers do not know in a branch office how many devices they have, whether it's a printer or it's a set up box they have no clue. So providing that visibility is the top use case and that's one. So these are the top four and off many use cases which customers really get benefited by bringing those security to their connectivity needs. Thanks for laying that out. I got to ask that OT piece must be really popular given the, you know, a lot of legacy out there want that secure big time. Absolutely and the OT if you see for decades it is kept as like very tight access controls. There are in a podium model deployments you see like layers of these, the PLCs cannot talk to elsewhere. There is a lot of restrictions around it because those are mission critical. It could have impact and implication on the entire business lines. So that's where having zero trust for those networks and IT and OT is also kind of working hand in hand because again, that's the promise of SASE. How do you bring IT OT security teams together to define one centralized security posture, one zero trust approach for every connectivity need. That's where we see customers get benefited from. You know, Zscaler, the legacy, I don't say legacy, not this legacy or anything but it's your brand and well-known core comp C cloud security. You guys are clearly moving in. Jay was at the super cloud event in our studios where you're at now in Palo Alto. He said we're, you know, I'm paraphrased now, we're gonna be an AI company. Obviously AI is super hot, it's not new to you guys. I know for a fact machine learning has been a big part of what Zscaler has been doing for a long, long time but I have to ask you with respect to zero trust and SASE leveraging AI and artificial intelligence to answer security. It's been a big discussion. In fact, you know, there's a premium for companies that have AI in there either networking and or their products. You saw that with some recent acquisitions out there. I think it was missed AI had kind of pioneered this idea of networks and, you know, managing based on traffic, kind of smart using AI. I'm sure there's a lot more that you guys are doing in your world. Can you share how in this news there's an AI angle that you guys use? Can you elaborate on what do you have? If so, what does it do to enhance security and reduce complexity? Yeah, absolutely. Before I talk about AI a little bit about the shift you talked in terms of even in the networking space. So in seventies and eighties, you have seen a lot of IBM SNA type of technology was the primary thing which connects networks. Then came IP and TCP IP changed the whole world in nineties through 2000s and beyond where everything is IP networking. So what we see and strongly believe is the future of networking is gonna change which is zero trust networking, right? That's where we believe that every connectivity, whether it is a user, machine, doesn't matter or a workload in the cloud, all of them will have to fundamentally take a zero trust approach in connection, in connectivity to anything they are connecting. So the zero trust networking is the next two or three decades thing what we see as a future going to be. And that's what we are building our product to align to that and give customers that transition from where they are into a zero trust networking world. And AI plays a central role in all of this because the data, effectively these connectivity needs and everything if you see every endpoint is accessing some data or producing some data and data is at the center of all of these. And we at Zscaler have hundreds of billions of transactions and logs we have and the sophistication in AI particularly in the generative side, what we have seen to take advantage of that, you cannot work on public data. You need a enterprise specific data, the models have to get trained on their local models, local data. So that's where Zscaler has an advantage of offering capabilities to customer through our data cloud and a lot of innovations we are doing in terms of predicting the breaches or in terms of identifying sort of a data thefts or over privileges and things and so on. So AI has amazing advantage, especially when you have a lot of data which has more context which you can take advantage so that you can drive a meaningful outcomes. So this is a interesting overlap of zero trust networking powered by AI is going to transform the way we all exchange information, look at things and connect things and so on. So a lot of innovations coming from Zscaler on that front. You know, I'm just looking at my notes here and I wanna bring this up because it was recently in the news, last week Microsoft's nation-stated actor Midnight Blizzard called by other names depending upon if you're talking to Mandiant or CrowdStrike certainly they were attacking Microsoft's network, they had to reveal this by the new SEC laws I mentioned that earlier, is top news, companies have to disclose now by law after only like four days of their breach of any hacks. This Microsoft attack was not a vulnerability on any of their products. It was like an amateur hack, they got in. So again, this is where I see AI in IT operations really moving the ball to that part of the world where AI should be able to handle this low level, simple hack, I mean it's an amateur hack. Microsoft got hoodwinked so to speak, they never should have been in there. Yeah, absolutely. They should have been identified. This is kind of the things that we see AI. Is that what you mean by leveraging the AI from what the data you have, you guys see the patterns, does that help on the threat detection and the recovery and the backup protection? Absolutely, so that's where if you see we have announced some capabilities around co-pilot. The role of AI is more going to be a co-pilot rather than the pilot itself. So it is going to assist the SOC tools or SOC analysts with a lot more information. A, not only just identifying things much quickly, even on the remediation side, even on prevention side, yeah, definitely those security co-pilots alongside the regular threat analysis is going to be a big, big wave of change going to happen in that space, yeah. The network is where the action is, you can see the footprints, so to speak, the packets, we've got to move around. So good to have that zero trust. People are concerned about these co-pilots and like the security, I had one of Microsoft's customers tell me privately at the conference in Seattle that they're turning off all the co-pilot until they can trust it. This becomes kind of, I won't say safety issues, but more it's more trust. Like how do I know it's trustful? So as you guys look at the SASE, zero trust SASE, this kind of plays into that new dynamic. How do you guys guarantee or talk to the trust issue? Yeah, again, the approach, as I said, ours is trust but verify, right? Don't have a default trust. That's where the traditional firewalls were built on. Trust zone, untrust zone, and you allow kind of, it stays there forever. So fundamentally taking that approach of assuming that every connection could have a breach and how you could contain the breach, how could you minimize the privileges which are allowed to access a particular resource. Those are the type of things we'll minimize it and bring the blast radius to significantly smaller. And that's the promise of zero trust architecture and not just applying to users, but you need to apply that for every connection in an enterprise. Whether it is a machine or it's a feedback machine or even a badgerator to enter your office, everything has to be put in that zero trust principles and thinking would minimize a lot of this. We love your approach with the data. We'll keep an eye on you guys, making sure we keep tracking that. I love that data angle. I think that's a real advantage you guys have and a lot of companies are moving in that direction to make sure their data's working on their behalf in a very safe, secure way. Okay, since you did a great job on that, Nirash, I love to get into the plug for the company's release. Take us through the product deployment. What's being announced specifically in the news? Is it hardware? Is it virtual devices, appliances? Is it platform, software, all the above? Can you explain the product specifically how it's announced and what you're releasing and how it's deployed? Yeah, definitely. I would start with one of the follow up questions you asked earlier on Zscaler, being a cloud security company, is entering into the space of providing a plug and play appliances. And the most important thing here is customer obsession. Be here to our customers all the time and they are connecting to our platform through different endpoints at the edge in branch offices, factories, and sites. So when we talked to customers about the ZeroTrust, they asked us to simplify this even at the edge level that is branch offices and factories. And that's where customer first. We want to hear them. We partnered with SDVans prior to this until now and now it is time for us to really go and bring that ZeroTrust end to end. So as part of this launch, what we are announcing is a few plug and play appliances. We call them ZeroTrust devices. There are three flavors of these appliances we are announcing. ZT400, which is a four port 200 megabit throughput appliance. ZT600, which is a six port 500 megabit throughput appliance. ZT800, which is a eight port one gigabit throughput appliance. And for those sites where the needs are more than one gig, we have a solution in form of a virtual machine which can scale and accommodate multiple gig throughput. So all in all, these Z connector appliances deployed at the edges of the branch offices, factories and data centers would bring the traffic onto our platform where we can completely replace the need for having a traditional site to site VPN based technology. So that's one advantage. The second benefit is they can take advantage of all the comprehensive security capabilities we offer on our cloud today, which is driven by AI. And in this process, we are completely eliminating a routable overlay network because those are the foundational concepts you will see in any site to site VPN where you have to distribute the routes and so on. All of that brings lateral threat movement and challenges. The second big thing we are eliminating for customers is attack surface. We are minimizing and reducing the attack surface altogether and which in turn benefit from not having a lateral threat movement altogether. So those are the complexities, challenges and things we eliminate for customers. And customers can really have a simplified and secure connectivity through zero trust approach. They can extend the benefits of what we are offering on the platform, taking advantage of the one true zero trust sassy platform capabilities. Well, these guys went doing extremely well. We've been following the business success as well as the technology success and cloud security. Thanks for coming on. And again, I think SD-WAN is being disrupted now. So you got security risks and more complexity as distributed computing evolves to the edge. You got a lot more CPU GPU TPUs, more data coming. I think we're going to see a lot more people looking at the internet of things market as just internet and it's going to be refactored. Great to get your news. I guess in summary, what's the, how would you say the bumper sticker would be for this news? So you have to summarize this in the sentence, this news and what it means for customers in the industry. How would you put a bumper sticker on this news? Yeah, AI powered SSE plus zero trust SD-WAN is equal to zero trust sassy. And all enterprises are looking for that. And we are very proud and happy and excited to announce this zero trust sassy capabilities for our customers. All right, Nuresh Kumar, VP and GM of product management at ZScale. Got the keys to the kingdom and the product management side. Thanks for sharing and good luck with this business. We'll be tracking you and thanks for coming on theCUBE. Thank you so much, John. It was very exciting conversation and looking forward to talk to you again. Okay, thanks everyone. This is theCUBE. I'm John Furrier here in Massachusetts studio talking with our remote studio in Palo Alto. Thanks for watching.