 From London, England. Extracting the signal from the noise. It's theCUBE. Cover Discover 2015. Brought to you by Hewlett Packard Enterprise. Now your hosts, John Furrier and Dave Vellante. Hey, welcome back around. We are here live in London, England for HP Enterprise Discover or hashtag HPE Discover. Go to crowdchat.net slash HPE Discover. Join the conversation. This is Silicon Angles theCUBE, our flagship program. We go out to the events and extract the signal from the noise. I'm John Furrier with my co-host Dave Vellante, our next guest is Sue Barcimian, who's the SVP and general manager of the Enterprise Security Products Group within HPE, HPE Enterprise. Welcome to theCUBE. Thank you, John. Thank you, Dave. It's great to be here. Exciting first official HPE Discover here in London. Yeah. Been a great success. You managed probably one of the most dynamic areas in the industry right now, security. It's kind of like the public secret that everyone won't talk about us talking about, which is everyone's scrambling because it's so dynamic. The technologies are shifting. The attack surface areas for hackers and criminals and just human mistakes inside enterprises are causing a lot of leaks, incidents, breaches, and a lot of damage. And certainly there's now kind of a cyber warfare, certainly between nations. Huge issues. What's, how do you survive every day? Give us a piece of your life. You know, it is, the sense of urgency is going up dramatically. And I think every time one of these public breaches happens, the urgency goes up even more. And, you know, the landscape is changing very significantly. The attacks are getting more sophisticated and more serious. It is nation states these days. It's no longer dorm room hackers. It's serious stuff. And the complexities of the landscape that you're trying to protect is dramatically different. You've got cloud, you've got mobile, you've got big data, which takes customer sensitive data and spreads it everywhere. That's a very complicated landscape to try to protect. And just, you know, in the news today, Toymaker V-Tech announced 190 gigs of child and parent photos and chat logs between parents and children from late 2014 to 2015. Exposed IP addresses, download history, five million accounts, names, email accounts, kids' names, genders, and birth dates. Huge data, just database today. That's today. I missed that one. It's interesting. That's breaking news today. Very typical. So this is very much what we're seeing. This is now the new thing. So new security methods are trying to be solved in real time. The perimeter is no longer guarded. Virtualization, technology could be an answer. Take us through. What are the critical things going on inside the Ivory Tower with an HP and also in the labs and in the product groups because you guys are probably squirming away, deering away, making new products. We need answers. What's the solution? Well, you said a couple things there, John. The perimeter is no longer the perimeter. You know, in the old days, I don't want to say security was easy, but it was certainly simpler than it is today. And that is largely because most of what you cared about was on a managed network. And most of the people that were accessing it were on managed devices that you controlled if you were IT. So if you look at the last 10 years of security spending, over half of it has gone into blocking known threats at the perimeter and at the endpoint. In today's environment, the information that you care about, some of it still sits on the corporate network. A lot of it is in the cloud, both the private cloud as well as the public cloud, which you don't control as much. And in the world of BYOD, you no longer have control over the endpoint. People are calling in from Starbucks on their mobile phone into a corporate application or into corporate data that sits in the public cloud. It's a very different environment. So what's the answer? We had Dominic Orron earlier talking about the awesomeness of what Aruba's doing with all the different software opportunities that he was kind of teasing out. He couldn't say he was smiling, but I can almost tease it out that there's some stuff going on between security group, big data, that takes the pressure off the revenue line that he has to produce called access point pricing. There's a lot of data involved. He can dissect that. So if I'm in Starbucks, there's a new thing that's coming. These are some of the things we're seeing. Can you give us some examples? Fundamentally, you need to shift from protecting the perimeter and the endpoint exclusively to focusing more on protecting the target. And when you protect the target, if you think about what everybody's after, they're after the data. 99% of breaches, let's say, are about the data. Most of that is about personally identifiable data or payment card data. 85% of the time, the route to the data is through an application. So we say the application actually is the new perimeter because the application wraps the data and the data is the target. So if you focus on hardening the data by securing it, by encrypting it, by tokenizing it and hardening the application through application security like our Fortify product line, that is a great place to start. Then when you look at the infrastructure that that sits on, whether it's the server, the storage or DOMs, you know, networking switches, you can also build security into the infrastructure layer and naturally, you would think that would be a great play for HP given that we're a significant infrastructure player. So my partners in crime, if you will, in security products business are my infrastructure. They have to integrate. I mean, totally. They have to integrate. It's a great play. And the overhead issue goes away now with compute becoming more advanced, lower cost. Yeah, overhead, yes, because in fact, I just came out of a customer meeting this morning and what we heard was make it seamless, don't bolt it on, build it in. And that is an important mantra for us. And that means build it into whatever hardware or software stack I'm running and build it into my IT processes. So if I'm developing my apps using a DevOps process, build security into DevOps. If I'm using an incident management process for managing incidents, manage security incidents the same way. So building it in is an important mantra for us in security. So you're talking about the shift from the perimeter to the target and how the access gets to that target. And you've rationalized your portfolio. You de-levered a tipping point, presumably to focus on that trend. I wonder if you could talk about that strategy a little bit. Yeah, absolutely. So we did just recently divest of tipping point. We still believe that network analytics is an important part of our SIM strategy. But if you look at really the two pillars of the strategy today, one is in the area that I talked about protecting the target. And for us that is application security and data security sitting on top of a secure infrastructure stack, all from HP, all in an open environment. The second is in what we would call detect and respond. And this is really where ArcSight comes in. Assuming you have been breached, you need to be able to find the threats, both the known threats at scale, as well as increasingly find unknown threats using analytics and machine learning. And that's all about ArcSight. And what ArcSight does to really be the command and control center for a security operations center. Yeah, so the stat I love, I don't know what the exact number is, but it's something like, on average, it's 250 days to detect intrusion. I think Stuxnet kind of changed everything, didn't it? And so how are you using specifically analytics to solve that problem? Yeah, so Stuxnet is a great example. The Sony breach is another great example. And I think the stat, Dave, that you mentioned, it was 254 days is the average length of time that the attackers are in, because it takes you some time. Once you get in, it takes you some time to figure out how you can compromise the servers, get to the data and do whatever it is you want to do. And if you look at the Sony breach as an example, that was a very sophisticated attack that included a whole host of things, including taking confidential IP and emails, exposing them to the internet, but also included essentially taking down servers in the data center. So very complicated landscape. Orchestrated, targeted. Very orchestrated and very targeted. If there's time to get in, which I would read, they want to kind of get in there high and then start poking around and seeing what they can steal, means that threat detection is key. So identifying the pattern, so big data, a good opportunity there. A new method is emerging around deception. Deception-based techniques. Where you're essentially not honeypaw, you're acting like a server, faking a server. Talk about these dynamics. Are these new techniques? Are they just recycled paradigms coming into a new era? What are some of the things that you guys are doing? You can look at, so a couple interesting threads there. One, deception, kind of next evolution of honeypots. Really baiting, if you will. Baiting the adversary so that you can watch and learn and why do you want to watch and learn, not just for sport, but so that you can become smarter and then mitigate future risks. You operate on the assumption that they're already in. To your point, they're going to come in and poke around. Yeah, and in fact, you see security spend shifting now to increasingly be on detection and response. Again, this is a balance. It's not one in lieu of the other. It's all a balance of how you spend and you see detection and response, investigation and forensics being really double-digit growth areas and security right now because they're in. You need to find them. You need to contain them and mitigate any damage from the fact that they're already in. So assuming that they're, you got to assume that they're in and then use techniques at whatever you got. Throw everything at it. And because these threats are changing so rapidly, the percentage of time that the threat is unknown as opposed to known, right? You can, once you know about a threat, you can create a rule, create a filter and ArcSight and other systems are great at finding known threats at scale. Finding an unknown threat is where you need the analytics and the machine learning because then what it's about is baselining normal, right? You want to create a baseline of what is normal behavior so that I can then detect abnormal behavior, which would be indicative of potentially malicious behavior. So I wonder if we could talk about encryption. It used to be, you'd love to encrypt everything if you could but it was expensive, processor intensive but now with sort of more processing power and you're seeing like Intel for instance really drive security into the chip. You've seen some others do that as well. Where does encryption fit? Is it sort of becoming a mainstream technology now or is there still trade-offs associated with it? Well it's really interesting because when you think about the fact that 99% of this is about getting to the data, you would think there was a lot more sophisticated encryption going on than there actually is. Most people encrypt but they encrypt at the level of the endpoint or the hard drive and what that does is that protects you in the event that somebody takes that drive out of the system and that's an interesting use case but that doesn't protect your data against a malicious adversary or malware or et cetera and really what you want to do then is have a comprehensive approach to encryption that protects the data at rest, in motion, in use, essentially as it's captured, as it's processed or wherever it's stored. The reason that hasn't happened more pervasively is that traditional encryption technologies don't preserve the format of the data which means you could take a 32 character last name or a 12 character social security number and encrypt it and it could end up 120 characters. That wreaks havoc on the applications that are trying to work with that data and that means that you're constantly encrypting, decrypting, encrypting, decrypting, that in and of itself is complex and risky. We have now format preserving encryption which really for the first time says if it's a 32 character name, it's going to be 32 characters encrypted but it's a 12 character social security number, it's going to stay 12 characters. That means you can move it around the system and apps can operate on it and know that it is legitimate even without decrypting it. That all of a sudden opens a much broader aperture to people encrypting at broader scale. If I understand it correctly, that would simplify the key management, is that right? So key management then rides fairly simply on top of this and we've had key management, actually what's interesting is key management is our longest running security business at HB. It actually came with Atala as part of the tandem acquisition through Compact. So key management we've been awesome at for decades. That sits now alongside our newest addition to the security portfolio, which is our encryption portfolio that came along with the voltage acquisition just this past April. And what about like sort of more futuristic stuff? I would have to ask you, we've had some guests in the cube and we've read about things like the Bitcoin blockchain and things like MIT's Enigma emerging where you don't have necessarily a trusted third party and you sort of eliminate that notion. Are there things on the horizon that we can expect to really sort of up the good guys game, if you will? Yeah, there is hope for the good guys. You should feel good about that. Yeah, I think there's a lot of disruptive things going on whether it's looking at, how does Bitcoin essentially change the game there? You've also heard about HP's new machine. And so when you think about the importance of analytics and machine learning to track unknown threats, but the processing intensive nature of doing that, how do you do that in an environment where you have much more unlimited capacity? The machine makes that a lot easier. The machine also by the nature of the way it's constructed actually becomes a simpler environment to secure. So what we're doing now is really kind of bridging towards, if you think about it in terms of horizons, we're bridging from the current horizon to the next horizon and eventually getting to the machine and being in I think a very different security world and one where we can start to really turn the tables. Where is the machine with the things you just said threaded together? How far along? When is that going to product be available? Yeah, so it's actually, I think when we first started talking about the machine it was commercially available in the three year timeframe. That's now a year and a half away. So we look at the first releases of the machine now being in 17 and that will obviously phase over time, but it's- And what's the stop-gap? Just throw a bunch of servers at the problem and well until the machine comes out. Yeah, you know, scale out environment. The machine allows you to do in a single unit what would take much more federated units together to do today. So what's the big conversation that you have with customers? So take us through the day in the life of customer interaction. Yeah. Are they stressed out? Are they calm? And obviously VTech today news is breach another big significant breach. I mean, what are the top three conversations that you have with customers? I think the more sophisticated the customers are, the more urgency they have around the topic because they're aware. I think there's a certain category of customers and you see those more in the mid-market that are not as far up the maturity curve, not as aware of the magnitude of threats out there, haven't themselves been on the receiving end of an attack. Right now you see that very large enterprise centric in terms of what you read about in the press. But I think what you see happening now is the adversaries are going mid-market because as the larger enterprises get better at protecting themselves, the mid-market becomes the easier target and they're not as far up the security maturity curve. So we hear two very different conversations and the large enterprise, it's really what we talked about earlier, build it in. I don't want to bolt it on. Depending upon the statistic you believe, large enterprises are running anywhere between 40 and 60 different security products. That's a lot. It's a lot to man. They try everyone new one that comes out. It's a lot to man. It's like why not try the new security product? But what sticks may not be? I mean. So the refrain needless to say from the large enterprises is build it in, I'm tired of bolting it on. So we spend a lot of time with those customers talking about from the hardware, to the app, to the data, how are we going to build it in? We think that would bode well for a large company like HP and some of your other larger competitors. Is the market swinging to those guys versus sort of point products? So we're, I mean this is really our strong point of view. Now in response to the cry from the customers that it's not only I can't manage all these products but think about it. What's the role of a security product? It spits out alerts, right? At some point you don't have the staff, the vacancy rates for cybersecurity analysts right now for frontline analysts, 40% vacancy rate, for first line managers, 58% vacancy rate. So you have an incredible staff shortage of people that are able to follow up on the alert. You can't scale your business. You can't scale your business, you can't scale your team. That's when machine learning comes in. This is where it's interesting. That's exactly, yeah. The huge gap in skills is an opportunity for software. So we try to take it, a build it in and then take it as far down the path to action as you possibly can so that you need the intervention of a human only in the last mile, if you will. The mid-market conversation is very different. Mid-market customers for the most part are not going to build and manage their own stocks. They're great customers for our managed security services. You can get that through Hewlett Packard Enterprise. You can get it through any number of 40 to 50 managed security providers that we provide infrastructure and software too. And that's a great proposition for the mid-market. We're here at Sue Barsemmi and the SVP internal manager security group here at HP Discover in London, it's theCUBE. Final question, what are you guys sharing with customers? What's the big news here for the security team? Your team here in London, obviously the first official post-split, even though you've been operating as a split company for a while, but November 1st was the fiscal year of the new split. What's the key story here for your customers? What are you guys sharing? Can you share with us? So today is the debut of the four transformation areas for Hewlett Packard Enterprise and protecting your digital enterprise is one of the four. And I would argue the most important of the four because if you can't secure it, the other three really don't matter. And so what we're doing here at Discover is laying out the portfolio of assets and the end-to-end value proposition for HP around protecting your digital enterprise. By the way, as you bring those security assets together, we're a top five security player in the enterprise space today, which most of our customers don't realize because we haven't brought what Dom's doing in security, what I'm doing in security, we haven't brought it together, but when you bring it together and you measure- You will. That's your goal. Yeah, we're bringing it together. And that is really the news is we're debuting that portfolio strategy here in Discover London. Bringing it all together, not bolting it on, but building it in. So you're a pillar in the transformation, but you're also building in cross-functionally. Sue, thanks for coming on theCUBE. Thank you, Dave. Really appreciate you spending the time. Great to have you. Congratulations. Obviously, big focus area. One of the key transformation areas is security. We're here talking about inside theCUBE. We'll be right back with more of our flagship product here live in London after this short break. I'm John Furrier with Dave Vellante. We'll be right back.