 From our studios in the heart of Silicon Valley, Palo Alto, California, this is a CUBE Conversation. Hello everyone, welcome to this CUBE Conversation here in Palo Alto, California. I'm John Furrier, host of theCUBE. We're here with David Martin, who's the Senior Director of Product Management, Threat Response at Open Systems. Dave, thanks for coming in. Thanks John, very much for having me. So we were talking before we came on camera, both been around the industry for a while, seeing a lot of different waves of innovation. Security is the top one. We're seeing it being a really important, not just part of IT, and we want to get into a deep dive on the complexities around the security architecture versus cloud architecture, and it's just not another IT. So I want to dig deep with you. But before we start, talk about your product. You're the Senior Director of Product Management. You get the keys to the kingdom you're working on, the positioning, the next generation. Take a minute to talk about the product. Sure, have been sure of the product. Starting point is Open Systems in general, we're a global provider of secure SD-WAN, and essentially we deliver that as a service. So we deliver the connectivity and then all of the security that you need to make sure you can conduct business reliably and safely. I'm personally responsible for some of our managed services, managed continuous monitoring services. And essentially what we're doing is looking for advanced threats that have bypassed whatever companies existing security controls are, and in an effort to identify those and then ultimately contain them. You know, we were at the Amazon Web Services first cloud security conference, Reinforce. And it was interesting because it wasn't like your traditional industry event like RSA, Black Hat, or DEF CON, it was really more about cloud security. So it was really more of the folks thinking about the impact of cloud and what that means. So cloud certainly is relevant and it's expanding capabilities with applications. The on-premises piece really is the hybrid and obviously every company pretty much has multiple clouds, that's multi-cloud. But hybrid really is the top conversation. It's been really kind of on the table since like 2013 timeframe, but now more than ever. It's actually part of the operational thinking around architecting next generation infrastructure systems. Yes. How does security fit into those two things? Because you got to have the on-premise operational model, you got to have the cloud operational model. They got to be seamlessly working together. How does security fit within cloud and hybrid? Yeah, that's a great question. And certainly introducing the cloud into the equation adds complexity to the overall issue. And as you've highlighted, companies are now operating in a hybrid mode. They have on-premise, they have assets on-premise, they have assets in the cloud. And security teams is certainly over the course of time as this business transformation has happened, had to rethink how are we going to approach and secure these assets correctly. And it is non-trivial and the key is that you want to get telemetry from all of your potential attack surfaces. And you want to be thoughtful about how you're pulling in this data. This is a mistake that we unfortunately see a lot of customers making it, which is in a rush to provide visibility. They just aggregate and accept all log data from all different sources without much thought into what is the security relevant data there and what are my default rule sets going to be? How am I going to use this data in a threat detection kind of a capacity? And these are kind of the typical pitfalls that a lot of companies make, but to kind of bring it back to your point. Hold on, I just want to get at that one point. So they're taking too much data or like they're just ingesting way too much? Is that the issue? It's not necessarily the volume, it's more about the quality of what they're getting. And so, and a lot of the vendors, there's a product, many of the viewers will see, SIM, Sentry is a log collector and security teams use this piece of software to try and identify threats. And of course, for compliance and other reasons, a common thing to do is just throw data at the SIM so you could start collecting it. And that makes sense if you're just trying to store data, but when you're trying to actually figure out is has someone infiltrated my network, that's really a nightmare because you're sort of inundated and you've heard terms like alert fatigue and so on. And this is what happens. And so, we have a practice that we're essentially, when you bring in ingest a log source, do some upfront work about that log source and how are you going to use the data? What are the relevant fields that you're going to parse out and index on and have a purpose for doing that versus just sort of throwing, throwing, throwing. Yeah, I mean data quality is always some data cleaning and going into a pile of data versus a front end kind of vetting process, being intelligent about it. That's right, that's right. Yeah, and it's a tough thing, right? Because all the vendors in that space that they want you to use the tool, enterprises have made this investment, but we find that a lot of companies aren't getting the value out of some of their security tools because there isn't sort of a broader design. What is the architecture of the detection we're going to use to cover our potential attack surfaces? Yeah, that comes up a lot in our data science conversations and you hear correlation versus causation. A lot of data science naturally love correlation. They like to correlate, and they love the data, they get in the data, they get knee deep in the data, but then they can correlate, but they might not be understanding actually what's going on. This is highlighted with threat response because the acute nature of what a threat means to the business is not just knowing how to have the right ads serve up or some sort of retail sales proposition. Threat detection and threat response is super critical to the business because if you miss it, there's some consequences and you should go out of business. So that's really kind of a key focus. How do you guys do that? How do you work with customers? Because that's the core issue. Sure. How do I get the best data? Fastest way in. How do I identify the threats first and fast? I think you're on an incredibly important point, which is as an industry, we have to ask ourselves, why do damaging breaches continue to happen? And despite best efforts, right? There's very knowledgeable, talented people. There's a lot of money being spent. There's over $100 billion per year as an industry spent on security and security related software and yet these damaging breaches continue to occur. And I think a big challenge, a big reason for this is that as an industry, we've pursued a technology driven security model. And for years, we've sort of had the idea that if we purchased the latest antivirus or the latest ideas or web proxy or now we're starting to shift into ML and AI and sort of more higher level things that we'll be protected. That was sort of the idea and the promise. And I think that in general, people are realizing that that is a failed model and that really the best way to minimize risk is to combine those types of technology with continuous monitoring. And obviously we're in that business. We monitor people's networks, but there are many companies that do that. And security is a very complex system that doesn't have a feedback loop without continuous monitoring. And just like in life, any complex system should have a feedback loop to have it operating. Well, let's talk about that complex system. So I want to spend the next couple of minutes with you talking about the security architecture versus cloud architecture. We cover a lot of experts talking about cloud architecture. Here's how you architect for cloud. Here's how you architect for hybrid and so on. So it's super important. You get a data layer, you got to understand how data moves, when to move compute versus data, all kinds of things that are factoring in, essentially it's like an operating system kind of design. So it's distributed computing and everyone kind of knows that as in the business. But when you add in security as now the key driver, security architecture might supersede cloud architecture and or distributed architecture. So I've got to ask you, if security is a complex system and not just an IT purchase. What is the customer's ideal configuration? How do they either re-platform or course correct what they're currently doing? What's your thoughts on that? Sure. Well, do you agree that as a complex system it's not just another IT purchase? Absolutely. I think that's a great way to say that and that really is the way that sort of forward thinking companies think about their minimizing risk is they look at it for exactly as kind of you characterized it. And I think the key is to look at essentially look at your individual technology. Today they're in silos largely and you need continuous monitoring to kind of pull all of that data that you're getting together and then use that to adjust policy. And you need to do that continually and over time. I like to say security's a journey, not a destination. You're sort of never done if you're doing it well because threat actors evolve their techniques and the detection needs to evolve too along with that. So getting into that practice is a good practice to do. To minimize your risk. And CISOs are now, the staff being established, either working directly, peering with the CIO or for the CIO or vice versa, they're becoming more prominent. So the role of security, obviously I agree, it's always on. It's never off because it's never going to stop. But the question is how do you implement that? Because if I have continuous monitoring which I see is clearly valuable, do I have one firm for that? Can I have multiple firms for that? And then of the tools, if I'm the CISO, I'm probably trying to downshift into only a handful, not thousands of companies. No, you're absolutely right. The shrinkage, better monitoring, that's the trend. What's your response? Yeah, no, you're absolutely right. I think there's been studies that have shown the average large enterprise has about 32 security vendors that they have to deal with. And so certainly from a CISO perspective, a lot of the ones that I speak to are in the mode where they're trying to consolidate and simplify that landscape because it just makes things a lot easier. But I think in terms of the cloud and that whole piece, I'll give you one practical example. You can monitor all these cloud vendors have APIs, administrative APIs, and certainly you can monitor who's accessing the cloud. But you can also deduce things from these APIs. You can look for signs that the infrastructure may have been compromised, instances stopping and starting certificates that have been uploaded. So even though you may not have complete visibility, and by the way, it's getting better. Both the, all three major infrastructure as a service providers are starting to provide access to packet data, which is helpful in this context. But even just looking at from the outside, the administrative layer, there are things, abnormal behaviors with the way that infrastructure is working that you can use to indicate that, yeah, there might be an issue here. And then you'll want to go and use other data to figure that out for sure. You got to really dig into it. And so I'm going to get on the technology side. You guys had success with the product. It's not, you guys not a new company even around for decades. Great reviews on the product side. So congratulations. Thank you. What makes a product so successful? What's, what's, what are some of the notable highlights? Can you share the most successful pieces of the products? Sure. Why are people liking it so much? Sure. I mean, all of the, all the reasons why people look to outsource things, you know, certainly provide those value, the value, you know, more, less cost, more responsive. But I think what's unique about what we do is our delivery model. You know, we have a, there's a very popular DevOps sort of model in, in fashion these days, where essentially you have developers and QA people testing them together. And you know, there's various definitions, but from a network operations perspective, the people that run our network and our SOC are the developers. They're the ones writing the, and optimizing our platform. And so when there are issues, customers talk to knowledgeable people about that. It's not a traditional call center model. And then the other thing from a threat detection perspective is we're working on a model where, you know, we have essentially security analysts responsible for some number of customers and they get to know that environment really well. And that really informs the quality of the threat detection because, you know, the better you know the environment that you're monitoring, the better the accuracy of the threat detection is going to be. And as an outsource provider, a lot of companies don't do this. It's an expensive thing to do, but it does result in a better product. So that's one thing to focus on. I want to ask you, Dave, about AI. I'm a huge fan of AI, love it, because unlike IoT, which I love that too, because it's a setting area, my kids aren't talking about IoT at the dinner table. The AI is like the young people are getting energized and really kind of it's attracting a lot of people to the computer industry, which I think is awesome. But it's also AI is not really as big as people think it is, certainly it's going to be important. AI is machine learning with some bells and whistles, but most people say, I'll just throw AI at the problem. AI is not that yet advanced. I mean, what AI really truly can become. So I want to get your thoughts around that classic knee jerk response that a customer might get, you know, fed from a supplier, hey, we have AI op. So we're AI driven company. Like what the hell does that even mean? Like what is that? I mean, why is it important? And where does it really matter? Where are people using technology that is going to be a roadmap for AI as a machine learning? How do you guys see that customer equation? What's the snake oil pitch from others? What's real? What's not? Sure. Yeah, I often tell customers that I wouldn't want to be in their shoes because it's very confusing. You know, all the vendors throw around the terms ML and AI, you know, with the promise that it's going to cure all problems. And it's really difficult to tell, you know, the value that you're going to get from those technologies. And so I'll share with you my perspective on that, which is that, you know, certainly there's a legitimate technology there, but I think we are in this kind of hype cycle where there's an over promise of what it can deliver. And in a security context, I think ML techniques like machine learning and AI can be used to reduce noise and amplify signal. And I think the mistake a lot of people make is let's take the human out of the equation here. And I have to tell you that the human is fantastic in the little gray areas that threat actors love to exploit. You know, looking and saying, you know, this doesn't look quite right to me because I know this environment and this is not usually here. And you'd get that by working with the data. But in order to position yourself for success on that, you have to use sort of this technology you're highlighting to take care of the commodity kind of things. So that would otherwise create that. Do the non-differentiated stuff or like it's like heavy lifting that you want to assist the human. You want to assist the human in the process. That's exactly right. That's not a replacement of the human. That's right. And I think a lot of companies go wrong thinking that AI can replace this wholly. And maybe there's some very specific applications where that's true, but in general where you're managing managing very large diverse environments, you need to use these type of technologies to again reduce noise and amplify the signal for the human. You know, one of the things we've been riffing on theCUBE, certainly we can talk about on another topic on another time is that this whole movement of using machine learning and the AI infrastructure that's developing really fast, which is really exciting, is that's going to create a whole new creative class within IT and security where the creativity of the human becomes the intellectual property for the opportunity. Do you see that? I do, I think that's fair. I mean, I think we're kind of early on in the development cycle of these types of technologies and they show a lot of promise. And you know, it's the classic don't over index on it. And you know, again, even in the security context, you have a lot of SIM vendors now, you know, essentially adding analytics modules and AI and again, these can be helpful, but you know, don't count on them to solve all the problems. They need to be rationalized and- Well certainly security is really growing from a discipline within an enterprise to a much more holistic field, the aperture for whether it's management to technology experts and practitioners it's expanding rapidly. Yeah, David, thanks so much for coming on theCUBE. Dave Martin, Senior Director of Product Management, Threat Response at Open Systems, breaking down their opportunity in security and talking about some of the trends here on theCUBE, CUBE Conversation. I'm John Furrier, thanks for watching.