 Hi everybody we're back this is Dave Vellante of Wikibon.org and Mr. Silicon Angles the Cube where we extract the signal from the noise we bring you the best guests that we can find we drop into shows and we bring you folks that really know their domains I'm here with Jeff Frick my co-host today Jeff we've been going all day it's a great event we're here at Moscone the AWS Summit and we're here with Nisha Goshtine who's with alert logic we're going to go deep on security Jeff we've heard a lot about from Andy Jassy this morning and others at Amazon how security is a top priority for Amazon it's something that they see as a differentiator it's a hot topic and so we're going to go deep with with Misha first of all Misha welcome to the Cube. Thank you, long-time listener, first-time follower. Great to have you on. Who's going to say that? Yeah you don't call sports radio so it's your chance to do it right? It's a much shorter hold time here. So you were telling me off-camera over the booth that a couple things that you know you guys are growing like crazy so the the awareness of cloud and the importance of security is exploding your company is exploding Amazon's exploding it's just a major wave of big tsunami talk about let's start with alert logic who are you guys what do you do what you're what are you doing at the AWS Summit we'll get into it yeah you know we've been around for a long time we've been around for about ten years and started the company ten years ago as a software-as-a-service business long before software-as-a-service or cloud was really coined as terms so for the first five years of our life being a multi-tenant and really being a hosted security product was kind of a hindrance nobody really enjoyed buying security in the model and when cloud really became a driving force behind IT industry really started gaining momentum thanks that's when things really changed we always reasonably well but things really took off so security as a service is your is your game but but what does that mean because there's so many security so such a complex topic there's so many layers of the value chain where do you guys fit yes so there's several layers of security we offer and what we're focused on is cloud-enabled infrastructure so any environment that's being transitioned from traditional enterprise to cloud delivery model even something as simple as virtualization that's a very first step towards cloud computing long-term we provide security layers or for networks applications and systems somebody wants to do compliance or protection or defense we offer solutions for all of them so there's a suite of services that we offer including section is one of them vulnerability assessment is another log management and so we have both software technologies that deliver those and so he started 10 years ago and virtualization you know really hadn't taken hold in a huge way at that point in time so let's go back a little bit and help people understand sort of the complexities that virtualization itself brought in just from press because you know I always use the analogy you have a castle you build a moat you protect the queen queen wants to leave her castle you know things get get confusing and in virtualization sort of is an abstraction layer you don't know what's connected to what things are constantly changing talk about how you guys addressed that challenge and then we'll come into the sort of modern cloud era well one of the things that really helped us is we've been multi-tenant ever since inception so very first customer we had was a multi-tenant customer we've always had all of our customers in a single list of our software that helped us tremendously be able to go and work with customers that are virtualizing themselves but honestly virtualization is the easiest thing to deal with when you look at the security industry they've had a very easy time adopting themselves to virtualize models right everybody's got a service that works in the other right the cloud computing is much more complex and so beyond virtualization when you start to have elastic workloads when you start to have network to change every minute and every day that's when things get really complicated things that have to get reconfigured dynamically that that's where the most of the complexity comes in and we've really spent a lot of time on architecting that from the ground up for elastic environment so over the last couple of years even our software service model had to change to adapt itself to cloud computing so at this point we're 100% API driven we can support the elasticity folder so if somebody wants to use us on Amazon and autoscale we're one of the first yeah so um talk as well about how securities evolved I mean you know ten years ago it was starting to get this way but if you go back even a little further this the bad guys were sort of going in malware making a lot of noise haha I got a virus blah blah blah now they're very secretive right they get in there I read a stat the other day that the average detection time after an intrusion is over 400 days I was astounded by that statistic it gave me goosebumps every year I look back I say we're less we're less secure but I know you're working hard on that so so talk about how the bad guys the threat has changed and evolved and how you've responded to that you know that's always been the case we've always had extrusions where there's a certain brand of attackers that doesn't want to announce themselves right there's no upside in announcing that you've had somebody so there's always been two types of attackers right one one's that are very public the ones that are very private and really have financial game in mind over the last five years the ones that are financially motivated have really started being the dominant force behind most of the illicit activity out there what you see less frequently now are the big flashy attacks I mean for the first five years of our life we were literally chasing worms right I mean there were there were deep penetrations during that time as well but what made the news are where the big worms which really you don't hear much about it right because it's over right I mean what's the fun and compromising half the internet and saying hacked by Chinese right who makes money from that nobody so but things but things are happening in much more clandestine today it takes more time and more effort to really analyze something so notice how the security is changing the last five years five years ago it's all about automatically blocking everything that moves and now people are going back and saying we really got to slow down and think about this we really got to analyze things better we got to do much better analytics which is why technology we're developing now it's really around big data how do we make a ton of customer data we have about two petabytes of customer logs how do we turn that into security information so yeah I mean historically most of the investment that it practitioners make is on keeping the bad guys out but we know that bad guys get in and so you're saying that you're shifting your r&d emphasis in the industry will I would presume is shifting its spending on you gave an example of using analytics so how is talk about that a little bit more how is big data playing a role and making us more secure well if you think back to the days when security information management products were big tickets all of those products have built around traditional database or at least they were in their first generations they really couldn't ingest all the logs out so that's the reason why Splunk is a very different company than the ArcSide for example ArcSide literally just focused on security events Splunk was focused on all machine data right but whereas whereas whereas ArcSide can tell you a lot about security Splunk literally just gives you search and recording functions we're literally going to blend it that's that's the next wave of security information analytics you got to be able to develop technology they can go out there and look and do security calls against a ton of customer data that's the technology we've been building for the last five years so let me make sure I understand you're saying ArcSide has that high fidelity in the security domain but doesn't have the data Splunk has the data without the high fidelity you're you're bringing those two worlds together how are you doing that right so we spent a lot of time and money building a back end that lets us scale to look to those things so we have two petabytes of log data all of that log data is on spinning disk all of it is accessible by customers so the customer comes to us and says I want to inspect data that happened five years ago we do it just as fast as data that happened a year all of it happens in real time we have a grid of systems that can do log processing and do correlation that doesn't in parallel they reassemble the results it gives them to the user so similar technologies that are used by Google to do a large scale search optimizations we're applying those to security there's not a lot of those examples right now but you'll see them more and more and you use you use AWS as a back end infrastructure and you provide services to AWS customers both of those are we host our own infrastructure plus we use AWS to deliver some of our security services right so we have customers and pretty much every major cloud provider in about 25 a lot of times when you when you go to any cloud environment the question becomes who can really secure me alert logic is a company that can really deploy multiple cloud providers okay so we do have deployments everywhere so you're adding value on top of them and Amazon says it's it's its number one priority you're adding value on top of that the question is why does Amazon need you I mean big company you guys a little company what do you bring that Amazon can't do on its own you know what Amazon is really good at is making sure that their infrastructure services are secured and I think they do a tremendous job at that I mean if you look at what Amazon has done for cloud security they've made some really big advances in that but when it comes down to spinning up your cloud instance right so now you have your Linux VM running as a cloud instance who's going to secure that instance that become that becomes the customer's job right they still have to do all the work that's involved in doing that that's where we come in there's there's traditional toolkit of technologies out there the security guys are used to buying you just can't get those in Amazon because they're not built for Amazon right I mean think about most security products out there today that's the reason why this AWS show you don't see a lot of traditional security vendors most of what they sell are appliances or traditional client server products they're not they're not elastic they're not multi-tenant they can't really scale with Amazon so as a result there's not a whole lot of options is a really important point you should make it I mean people sometimes forget that that you know Amazon like you said takes care of the infrastructure but the customer still has a lot of responsibility maybe not to do a lot of that non differentiated heavy list heavy lifting but securing things like apps and so forth are you know critical okay so so that's that's clear now you just wrote this I don't know if you wrote it but alert logic just put out this this this kind of if you can see this let's see I'll hold it up here is that good yeah so no so get it out of there all right here we go kind of bright but so anyway stop by the alert logic we'll get this so take us through this I mean I read it pizza bit last night and went through it essentially you're making the case that the cloud is more secure than on-premises that is that writer am I reading we're not trying to make any particular case we think we have a unique vantage point because we're one of the few security companies out there that secures a lot of cloud environments and we have enterprise customers as well it's easy for us to say let's compare the two let's really see what what attacks we're seeing and how they're impacting our customers so we didn't go into trying to draw any particular conclusion we thought it was an interesting it was an interesting research project you know from our just empirical perspective we knew that you know most of our cloud deployments didn't seem that insecure but the data was pretty startling right I mean we do see more attacks and enterprises we do see them have much higher variance right there's obviously a larger expense exposes footprint I there's a you can speculate a lot about why that is but our findings really worried that even though people are anxious about the cloud and they're worried about moving applications the cloud environments because they're going to be less secure the data doesn't support that the data shows that that that cloud environments a lot of times are more secure they certainly leave a much smaller attack flip route out there and that's actually a big reason why cloud environments may be more secure right there it's easier to application as opposed to large data center well so so the data that you shared essentially suggested that the the exposure within the cloud is less the probability of a hit is less than it is on premise now part of that could be like you said you could speculate so I'm gonna speculate part of that could be that the value of data on premise is higher and and as the more data gets into the cloud that that could shift could it not absolutely I think the biggest difference is that whereas large data centers protect themselves by segmenting their networks and putting security appliances between your segment that's not the way it works in most cloud environments you know the customer that we see that Amazon is usually it's a line of business guy that has a business application he moves it to Amazon and figures out a secure just that application right so as a result all the all the security policies are tailored to that application they're they're much tighter tighter controlled and as in the attack footprint is just much smaller so whereas if it was living in a large data center would have kind of this blanket security policy that applies to all assets and Amazon it's literally app-by-app and it's much more tailored to it that's the reason why they're they're much more secure so because of the way cloud apps are constructed I think they're inherently actually more more secure just because we met they're more management because an application and even a data view right and you're protecting that app let me give you an example right patch management right patch management is very painful for any enterprise there's hundreds of millions of dollars being spent just on patching applications out there that's not the way it works in Amazon right in Amazon you literally have a new new new VM you test your patches you're rebooted to the new VM and you shut down the onwards right you never go in and schedule patching times you never sit there and wait for 30 days to figure out what can you patch or what can't you patch to test your patches you rebooted to the new environment that you've done that's a massive difference between what happens enterprise you can look at the vulnerability half-life that's the law that's how long it takes for our ability to become 50% less exposure it's a long time that's the reason why most enterprises are more exposed in the cloud it's just much easier to manage yeah yeah and when you make a fix you can you can apply it much much faster that's the real change that cloud computing brings it is more it is more complicated in some regards because it changes the way you manage things but at the same time it opens up what is your I'm just gonna pepper you with questions because when I get a security expert in here it's fantastic what about the notion of the network is the weakest link so I I mean I believe Amazon's network is very you know secure and it's all but at some point I got to bring data back into my own network and I would think that is the weakest link and security is it not I certainly think that's one of the one of the areas where that needs more attention right then the reason why networks are less secure is because they're difficult to wrap your arms around right that Amazon that's one of the most complicated problems right let's say you want to put an appliance in Amazon environment first of all you can't just deploy appliances in Amazon because you can't just ship your hardware to you know second Amazon doesn't give you easy way to look at network traffic somebody had to develop that that's literally what we spent the last two years doing is developing a layer of technologies that let us do network introspection in cloud environments right so whereas that's available in enterprises they use a totally different tool so the most advanced enterprise we do today are starting to pull back and say you know how we're going to get a visibility of all network threats across our on-premise and our cloud environments and that's not trivial helping first few customers do that but that's something that hasn't happened yet so I'm dominated the conversation I apologize for that Jeff I don't know if you have any questions you want to right you're going well I was just gonna say but you just bring up an interesting point in kind of the blended environment and how does the blended environment impact you know different avenues through the data center into the cloud or which is what you're saying is probably more likely than from the cloud back to the data center you know the biggest gap that we see right now is that enterprise IT doesn't seem to be involved in a whole lot of security decisions right because application owners take it upon themselves to move their applications to the cloud a lot of times IT guys the last to know they literally find out long after it's done and by that point they're sitting there scratching their heads going I don't know how to integrate this into my security toolkit right it's a big challenge for IT we're finally starting to see those renegade applications that we help me we secure a lot of renegade applications right I mean we'll do about 50 million dollar run rate by the end of the year all of that is cloud deployments right so that's there's a lot of cloud apps out there relatively few of them IT IT guys actually know about right so we're finally starting to get calls and saying I need help figuring out what these cloud deployments are doing and can you help me kind of build a single pane of glass across those cloud deployments of my on-premise IT solutions right we're at the very beginning of getting that figured out that's a that's a very early question I asked them I asked Pat Gelsinger it must have been two years ago now Pat Gelsinger of course the CEO of VMware now then he was at EMC and I asked him is his security a do-over because of cloud and he thought about it and he said yeah it is and I'm gonna ask you the same question is security a do-over when you think about the legacy sort of security approaches is security a do-over because of cloud I think there's a number of industries the cloud disrupts I think people are under arresting it how much it's going to disrupt the security I think I think security is going to be turned upside down the more deployments and look we're still very early right when you look at when you look at your server shipments right only 10% of them go to provider of some sort and they're not some of them are just so very few deployments are still done in the cloud but already we're starting to see that traditional security products don't work when traditional vendors try to put themselves in a cloud environment it doesn't quite work they're going to have to be rebuilt in the ground up so I think it's going to be very very big disruption all right Misha we're getting the hook thanks very much for coming by I appreciate you rapid fire responses it was a really a pleasure to meet you that's good all right everybody keep it right there we're live here at Moscone the AWS Summit I'm Dave Vellante he's Jeff Frick check out wikibond.org for all the research free research by the way check out silicon angle dot com the reference point for tech innovation we're here in San Francisco we'll be right back with our next guest welcome to AWS marketplace a new way to find and buy software that runs in the Amazon web services cloud finding the right software today can be time-consuming and expensive where to look who to trust software as a service server soft