 Live from Las Vegas, it's theCUBE, covering AWS re-invent 2018. Brought to you by Amazon Web Services, Intel, and their ecosystem partners. Welcome back, here on theCUBE, we continue our coverage at AWS re-invent with Sands. This is actually one of seven sites all around town that are hosting various sessions. We've heard a lot of our guests saying, it's so exciting to go to this spot for this particular expertise. Then I, boo, Uber across town, I go to this spot because that's how big this show's become and how dynamic this show has become. We are on day three, and I'm here with Rebecca Knight and also joined by Eric Berger, who is a technology specialist at McAfee. Hello, Eric, good to see you. Hello, thanks for having me today. This is wonderful. You bet. Well, we've had a couple of your colleagues on already. I mean, Marcus Strauss is one who comes to mind, talking about the database. You're on the cloud side of things, cloud security. I am, I'm a technology specialist here at McAfee. My role is to help our customers as they're moving into the cloud, understanding where their security pitfalls may be, and implementing the right technologies and security tools to help make sure that their transition into the cloud is as secure as possible. So what's the big picture on that, all right? So security first and foremost in the cloud, that's probably, well, certainly one of the big questions people have, right? Absolutely, that tends to be the biggest question is, how can I make sure that as I'm doing this transition to the cloud that I'm not just throwing assets out there and finding that I have issues later, but how can I bake security into them from the beginning? And that's really where we at McAfee are trying to sit back and identify where customers are having their challenges and make sure that our tools are able to be positioned and developed correctly to address those issues. So what are some of the most common challenges that you see? So some of the most common challenges that we see in terms of problems are misconfigured accounts. That's a very common issue that we see in a lot of breach reports. Somebody set up a data repository that doesn't put the right security mechanisms in place and all of a sudden, now all the confidential data, that's been breached. Out the door. Second problem we see is a lot of, especially within the IaaS space, organizations are standing up new instances of workloads and the security teams aren't necessarily being informed that they're actually putting these workloads or computed assets online. So now they're coming online without any protections or any audit capability in place to make sure that they're meeting their own security best practices guidelines that their organizations may have developed. Yeah, we were talking earlier with probably one of your competitors actually. And they were talking about breaches. We're talking about, they said their estimation, 90% are created or I guess made possible by mistakes. Absolutely. Have you agreed with that? Is that a? I cannot agree anymore with that because the problem is that the ability and the agility of the cloud is both a positive. It allows us to be extremely flexible and agile as we're developing. But it also allows us to move so fast that we may be outpacing what our own knowledge levels are for being able to secure those. And that's tended to be one of the biggest hindrances that we see is a developer gets unable to go through and create an S3 bucket, put a lot of data in there. But at the same point, they don't implement any tools behind it or any security behind that. So it's not necessarily their fault, it's just they don't understand what security requirements are to implement in the cloud. And that's where you come in. So talk a little bit about your solutions and about how you approach the problem. Absolutely, so we have a wide variety of solutions here at McAfee to help address those issues. That's everything from our Skyhike McAfee-Casby product to help do account identifications and discovering of rogue accounts into some of our tools that are like our virtual network IPS. That's able to do packet level inspection to apply a deeper level of security onto those systems. And then of course our cloud workload security product. That's something that is able to help you discover any of those rogue assets and identify systems that may have already been breached based upon the network communication that's already occurring on these systems. Yeah, you're kind of in this cat and mouse game, aren't you, in terms of security? Because you're trying to stay one step ahead of some actors who are very skilled at maintaining an edge. Absolutely. So how do you sleep at night, Eric? So moving to the cloud is an area that once you have the right tools in place, it'll help you actually sleep a lot easier, knowing that there's audit tools in the background that are able to continuously monitor your workloads, identify if you have misconfigured accounts, if you have systems that are missing needed information. You may have a requirement to have something like an integrity monitoring tool in place for some of your workloads. And this is a, with our tools, we can actually monitor and tell you if you're out of compliance with any of those baseline requirements. So how do you help the companies, the customers that want to move to the cloud but also be a part of a hybrid or maybe keep some of their stuff on-prem? How do you make it easier for them? And that's a very common question that we hear over and over is, I want to move to the cloud but I'm not ready to go all in yet. So what we've actually done is we've developed a lot of our same discovery tools can be used on-premise. So that is they're building out their private clouds, whether it's in an open-stack implementation or via VMWare, we can still do the same discovery, the same identification of misconfigured workloads. Now that also brings us to, as they move more into the cloud, it already is there, it's able to help them with their hybrid environment space and that can either be managed on-premise or from the cloud directly so that when they're ready to move all their management infrastructure to the cloud, our tools are already there and ready for them. Now you're really good at what you do but as you know, you're not the only game in town. We're not. So what's your differentiation in terms of your cloud offering? What do you think, this is what McAfee does better than anybody else? So what we feel that we really do better than anybody else is be able to integrate a full security picture into unified console management. So this is giving us the ability to do deployment of our own tool sets, being able to do things such as integration with our sky-high product and being able to pull back from the CASB view to help pull into a unified view. That's where we really feel that we've got a lot of unique factors in the cloud space to help our customers as they're moving, plus the ability to be not just cloud focused but still hybrid, being able to protect those private data centers. We see a lot of companies who are going pure cloud but they say, well, if you had something on premise we don't care about it anymore because it's not in the cloud. We feel with our background and our strengths and security we can really help address those concerns. So you're a technology specialist, that is your job title. It is. But in so many of these migrations and big digital transformations the technology is really the easy part. And what's so much harder is getting the people on board with the changes, getting them to adopt and embrace and keep using the solutions. So, first of all, do you see this kind of resistance? And then also how do you overcome those challenges? Absolutely, the challenges in getting people to adopt to the cloud and then continually be integrated with the newest tools that are coming available from a security standpoint side is always a problem. The developers are very agile. They want to move at the speed of development which means going back and talking to security and saying, hey, by the way, I'm doing these things. That's an always happen. So this is where we want to be able to give you a continuous monitoring ability to say, hey, somebody went through and stood something up. Security was completely outside of the loop, bring them back in so that they can get the visibility, the alerting. And this is even where we've created some new features that we announced on stage yesterday to be able to be integrated with the Amazon Security Hub. This is where we really feel that being able to help augment as Amazon's developing tools, providing our security insights to make sure that once again, as the developers are taking advantage of some of the newest features, we're there with them. And what was the driver of that? I mean, how did you get to that point? So this is part of our partnership with Amazon. We actually have a great foundational relationship where we have a lot of our products who've gone through a best practices review and we have a well architected review stamps on a lot of the products that we have in the marketplace. This is due to this tight security integrations that we've had to work with Amazon, that we're invited to be one of the first partners into the Security Hub. And you're going to see this out of additional products as we move forward with our new capabilities in the cloud. You know, I hate to, I mean, we have just a few minutes left and I hate to dive into a big topic here, but on the other side of that security coin is compliance, right? You've got to be concerned about that. It's governance. You've got to be concerned about that. And that's a whole new can of worms, especially today, whether you're dealing with company concerns, state, federal concerns, and even European concerns. Absolutely, and the data privacy is another major concern with the compliance. It's not just what do I have, but how's it being used, how's it being utilized? And that's where with some of our products we've actually gone through and have built our full DLP engine into discovery of any of your data that exists in the cloud. So if you put data in S3, we can go through scan it, identify if there's any PII data, alert upon it, give you controls on that. And then from a workload perspective side, we have tools that can go through and feed in your own templates. Let's say I need to be a PCI compliant. I need to meet HIPAA compliance, be able to audit that workload and give a continuous summary report back to the management teams to say, hey, I have auditors coming in, how am I in compliance? And then tell me what I need to do to address those gaps that I found from my cloud workloads. Solving problems. Solving problems, that's our goal. All right, I want you around more often. Got a lot of problems to be solved, I appreciate it, Eric. Thank you for your time here at AWS re-invent. Thank you very much for the time today. Good to have you, thanks for the magnifying story. Back with more from Las Vegas right after this, you're watching theCUBE.