 Welcome back to theCUBE's live coverage here at Cisco Live, this is exclusive coverage. Our pop-up CUBE, I'm John Furrier with Dave Vellante, host of theCUBE, Tom Gillis, CUBE alumni, and Senior Vice President and General Manager of the Security Business Group at Cisco. Great to see you, thanks for coming on. Good to have you back, thanks guys. Really appreciate it, you know you got a lot of busy schedule in the short time. Customers. Customers. All these pesky customers. We appreciate your time. Yes. The security cloud, big part of the announcement before now, network cloud. What's the story coming together? Yeah, where I think the opportunity is where security meets the networking, Cisco can really shine, really, really shine. So let's think about secure access. I'm going to allow the finance team to access finance apps and the sales team to access sales apps, but you do not want sales people accessing finance apps. The way those apps are defined is networking, right? And so being able to implement that policy in a seamless way that works for legacy apps as well as new applications that works on-prem and remote, that's where security meets the network. And that's what we've been focusing on today at the show. The other piece of the announcement, I remember watching the preview under NDA and I saw you had this thing where you say, okay well, what pipe do you want to use for your water? Do you want to use copper? Do you want to use PVC? Like that's so dumb. Explain how that relates to VPN versus cloud services and what you've specifically done there. It's a great question. So yesterday we had a session with about 75 of our large customers and I asked him, show of hands, who has a zero trust project underway that they've implemented something? 75, yeah. 100% of them went up. And then I said, show of hands, who is also running a VPN next to the zero trust thing? So what happens is if you want to put an application into that zero trust framework, there's a gateway, a network interface that has to talk to that application. And the challenge is some applications don't like talking to that gateway. Some applications like SAP, they're multi-channel, some applications do what's called server side initiation. And so you can get some of the apps into a zero trust framework and others have to live in a VPN. So we put the burden on the user to know the difference. People probably relate to this like, oh, if I'm going to work day, I just log in and go, but if I want to go to SAP or JIRA, which is on-prem, I have to launch the VPN, a totally different experience, a different password, different policy. And that's the moral equivalent of asking a user who's getting a glass of water, do you want that delivered via copper pipe or iron pipe or plastic, what? Depending on what kind of water. Sparkling water, red flat water. You know what I want, I want to turn it on and fill my glass, turn it off, go on to my next day, right? And so the choice of VPN versus zero trust tunnel, that's plumbing, we're plumbers. And so one of the points of differentiation here at the show is that we brought together traditional VPN and modern zero trust into one seamless end user experience, no more plumbing. Is that secure with that, whether it's on-prem in the cloud, across clouds? Legacy apps, new apps, SaaS apps. And what we would call super cloud, yeah, that's super, right? Yeah, yeah, yeah. So super security cloud. So is that the secure access product you announced? Yes. Okay, that's okay. So it's on all environments. Yes. Edge? Well, so it's on-prem on campus and then anywhere that you would want to go on. I think you live on the edge, dude, right? So if you're living on the edge, then it's going to work. It's really about allowing users to access applications wherever they want. I think the edge thing you're referring to is can we move applications into computers that are sitting out there? That's a separate topic. You're talking about network device that you have and campus would be defined by endpoint. Yeah, your laptop. So a big part of the announcement is we announced with Apple, this is built in to iOS. So you're on an iPhone, an iPad. You want to be able to access legacy applications as well as the new applications. It just works. And the example you just gave, moving apps to the edge, that's futures, and it's technically feasible? Yes, can we see it? Oh yeah, absolutely. Yeah, okay. Edge computing needs some time. Needs some time. To figure out the edge. Congratulations on the security super cloud because that's what we've been reporting that this fabric layer that spans the environment's key is also a nuanced point in the keynote. I want to get your reaction and quick explanation. There was an AWS component it was called AWS. What's called multi-cloud defense. Yes, can you explain that? Yes. So there was really two big parts of the announcement and they both share a principle of zero trust. So the first was that secure access is let's make sure that the IT people can access IT apps and the finance people can access finance apps. That's the least privilege, right? You get to use the stuff you need and nothing else. Sometimes people forget that applications are people too and they should be treated the same way. So if you move a workload out onto Amazon, right now today you set up a connection between your private cloud and your public cloud. Everything can come back through that connection and go wherever it's going to go. There's no least privilege on that. So if I want to make it so that the marketing app on Amazon can talk to a customer database on-prem and only the customer database based on-prem, that's the least privilege concept. It's hard to do. And this is a problem that we solved uniquely. The reason it's hard is that a private cloud is all built around an IP address or networking, VLANs and VRS as the segment of identity or the basis of identity. On Amazon, it's services. It's things like Redshift, Lambda, S3 buckets. And so you need a translation layer that can speak the language of the public cloud and the language of the private cloud and set up that least privilege app-to-app communication. So two big announcements today. One to do least privilege user-to-app. And then the other is when an app wants to talk to another app, how we can do that across clouds. And that translation layer is a hunk of software. It's a, is it a pass? Is it a purpose-filled pass? It's a beautiful thing. It's software as a service and it's shipping now, right? And so it's called Cisco Multicloud Defense and you log into it in a cloud-delivered service, you put the little software gateway wherever you want it on, it works on every cloud. We talked about Amazon, but it works on Microsoft, it works on Google, right? So it's a true multi-cloud, cloud-native piece of software. Same experience across clouds? Same experience across clouds. It understands the language of each one of the clouds which is a little bit different. And you hide all that. And we hide all that and we make it a drop-down menu for the administrator to say, this app could talk to this customer database and only this customer database. What's in the reaction to customers to this? They're like, where have you been? This is a huge problem. Validate SuperCloud. Yeah, that's like SuperCloud. Cause it's not to say that clouds can't talk to each other. They can. But they just have unlimited talk to each other. And that's no bueno, right? So we've got to think about a way where we can put sensible controls in place for zero trust. I was raising my hand. I didn't get called on during the analyst executive session. They didn't recognize me. They knew you were getting a one-on-one private session. I was going to ask Chuck and the team. Multi-cloud, everyone has multiple clouds by default. Okay, acquisition. I got Microsoft, I got Amazon, I got a lot on-prem. It's not really multi-cloud. What you're bringing into is an architectural thing that allows multi-cloud or SuperCloud to happen. That software that you're running. I'll even put a little nuance on that. Multi-cloud's already happening. Everybody's already using multiple public clouds and private clouds. We're bringing security to it so that we can put those boundaries in place that the app can talk to another app with the least privilege. It's really, really important because as you get to scale, if you're an enterprise customer and you have tens, hundreds, now maybe a thousand applications running on the public cloud, they're all reaching back to different stuff on-prem. That's a really big attack surface out there. And if one of them has one little tiny problem, that's a pathway that attackers can go right into your source code repository. You don't want that. I've heard startups trying to do this cloud to multi-cloud thing from Amazon to Azure, but what's happening is the network owners, the Cisco customers, are still on-prem as with their, with their Cisco thinking. They're not fully in the cloud yet. So they're kind of controlling the table. They got ball control. But this gives that networking person the ability to speak the language of the cloud, whether it's private to public or public to public, as you said. And you've taken away the complexity of them having to figure out for each individual cloud. What I've, I had met with a bunch of customers and they're like, this is such a pain point for me now because when something moves on the public cloud and I'm trying to translate an IP address, I have to manually go configure hundreds of firewalls with a new IP address because a workload moved in Azure with our solution, it just happens auto-magically. So, raise my hand. Yes. Okay, I love this. So your customers saying, where were you? I'm meaning they were waiting for this. Yes. Who wins? Stack ranked the order of personas that win with this new solution. Yeah. Is it the network guy on-premise? Is it CIO? Is it the app guy? I think at the end of the day it's the firewall administrator, right? So, which is part of the network team but it has a security charter. Because this is fundamentally a security decision, right? Like I said, cloud-to-cloud connections work but they're wild, wild west or anything goes and we're like, hey, wait, wait, wait a minute. Let's put some common sense, watertight compartments in there so that if there's a problem it's not going to open up everything in the empire. That's so mistake prone. Yes, I mean. It's common sense, right? Like, you know, like- Does it change any routing, like whether it's MPLS or IP routing? No, no, no, no, no. So it's all an overlay on top. We use tags and identity. So it doesn't have to change any of the plumbing underneath. And it works on- Is there any overhead associated with that? Or is there any drop in it? Rotually done. So it's a gateway that is processing these packets at extremely high performance and it's a scale out architecture so it can run, you know, we have really no effective performance. All right, awesome. Where's this going? Shoot the arrow forward five years. What do you see happening from this enablement, this new connective tissue, this super security cloud capability? Yeah, well, you know, five years from now my view is that what you think of as a firewall will be long forgotten. And network security will be both auto-configuring, meaning it'll write its own policies. That's not science fiction, right? And it will also be auto-updating, meaning you'll never have to upgrade these things. These are manual processes today that burn a lot of cost, a lot of anxiety, and they create outages. Like if you remember Southwest Airlines and the other outages, that was a firewall outage, right? I was in fact, yeah. Yeah, so was I. I was kind of a little grumbly like, hey, God, firewall guys, you know, could you do better? Yes, we could do better. So building autonomous security that doesn't require a lot of manual setup and a lot of manual maintenance is well within our piece. I know you're super busy, but we're going to go deeper on this on July 18th. Tom's going to be back and we're going to have super cloud three. Nice. 30 seconds, 30 seconds left. AI, you didn't, no AI washing, clear low hanging fruit use cases on configuration and you built a product. Yeah, yeah, yeah. You built a product with AI. Yes, so we've been doing AI for 20 years, right? Going all the way back to my days at Ironport where we built a spam filter. It was AI that could read a million messages and say, this is spam and this one's not. And so what we're using AI for now is to solve that firewall problem. If you've ever looked at a firewall, the firewall rule set, there's hundreds of thousands of rules and it's like gibberish, right? IP port and protocol, very, very hard to understand. With generative AI, we can now put a layer on top where you can talk to your firewall. Literally, you can say, hey, does Tom have access to the resources he needs? Yes, these are the things that Tom can see. It's like Star Trek. Boys, computer, give me access. Tom Gillis, he's got to run, he's getting pulled out of here. We'll see you in the last minute. Thanks for coming on. Thanks for having me. It's always a pleasure to see you guys. July 18th, supercloud.world. Check that URL out. That's where we'll be going. It's a super cloud world and we're living in a name with theCUBE. I'm John Furrier, Dave Vellante with Tom Gillis. Senior Vice President General Manager of the Cisco Security Business Group. We'll be back with more coverage after this short break.