 Live from San Francisco, it's theCUBE. Covering Google Cloud Next 2018, brought to you by Google Cloud and its ecosystem partners. Hey, welcome back, everyone, it's theCUBE's live coverage here in Moscone South in San Francisco, California. For Google Next 2018, I'm John Furrier, Dave Vellante, we're here live coverage for three days theCUBE.NES, we're all the actions at SiliconANGLE.com for all the top stories and breaking news. Our next guest is Jeff Moncreef, Consulting Systems Engineer of Cloud Security, a stealth watch cloud with Cisco, really kind of cutting edge technology around how to bring network intelligence into the application, into the cloud. We covered this at Cisco Live in Orlando and previously in Barcelona. Jeff, thanks for joining us. My pleasure, glad to be here. So stealth watch cloud, I kind of gave it a little bit of an intro. I didn't really do justice, but I think this is the kind of future we're looking at. Using data and intelligence, abstracting away complexities, yet not compromising the benefit of the network. Take a minute to explain stealth watch, super important product, and how it's doing. Take a minute to explain stealth watch. Yeah, sure. So stealth watch cloud, what it does is, it aggregates network telemetry from your on-prem networks, your public cloud environments, particularly Google Cloud Platform. And what it does is it brings in all this telemetry and it really gives you visibility into every one of your endpoints or your assets. Assets that you may know about, assets that you may not know about. And it normalizes all of that data and it does baselining and anomaly detection. So it's essentially a security analytics platform that can also perform network operations, traffic visibility use cases. And there's a lot that we can do with the telemetry that we're gathering. You're familiar with NetFlow, I assume? Yeah, yep, right. So NetFlow is typically our primary data source for on-prem networks for stealth watch from a traditional standpoint. As we move to the public cloud, the NetFlow need is still there, all right? And that's where we get into VPC Flow Logs. And that's our primary source of telemetry in the public cloud also. What are the limitations? Dave and I, Dave has probably got some, a lot of questions, because we've, he's been talking about stove pipes for years. You got network guys, you got the security guys, you got your IT team, you know, classic stove piping of IT. But telemetry needs instrumentation. So one of the things that's interesting and I want to ask you and put you on the spot is, what's the instrumentation requirements for the environment and or the customers to have access to stealth watch? Because essentially what you're doing is essentially giving a full line, horizontally scalable observation space to network data, which then can be used with high-powered compute and AI operations to bring some analysis and potentially prescriptive analytics. It's very easy to spin up. It is our presence, our primary presence is in the public cloud for stealth watch cloud. And it's about a five-minute integration process into your Google cloud platform or other cloud platforms that you may be leveraging right now. And it's about an hour process to spin up on site to get full visibility into all of these internal endpoints and assets. And one thing that I do want to call out is that we're not necessarily just talking about IP addresses and operating systems these days anymore. That used to be what we talked a lot about, right? Is I need visibility into my hardware servers, right? Then it became I need visibility into my virtual machines, my virtual environments. Well, if you've heard anything on the buzz on the floor this week, it's been all about Kubernetes, right? And so we work really well also with Kubernetes, which is one of our unique differentiators because we can give you visibility into all of those assets, including your containerized environment that most organizations really, they've never had visibility into before. Well, I find that interesting. One of the things, we've had great conversations with Susie Wee who's doing the DevNet and DevNet Create, who's the kind of cloud native. And you're starting to see the same concepts of what Cisco is doing in the network layer, moving up the stack. So you're starting to see dynamic provisioning of services, like app services. Istio certainly is the new thing, shipping. This has got to be done in real time. So this is kind of interesting. So it's the network like, but it's not, this is network traffic, it's connections and services. Well, also, you know, I mentioned, I mentioned like virtual operating systems and IP addresses. Okay, as we move to the public cloud, we have to think beyond that. We have to think about things that are virtual distributed applications. Okay, so your virtual database instances, your virtual storage instances, all of these things are containerized. They don't necessarily have an IP address, but they're interacting with your VPCs. So you need visibility into what those are doing also. And that's something that StealthWatch Cloud can also help you with. Right, so you're giving that visibility, that you don't know what you don't know, or you know what you don't know, you're giving visibility to that. What's the customer conversation like, Jeff, with regard to, do you ever get, oh no, now I have more stuff to manage because I'm drowning. I don't know what to prioritize. I can't respond fast enough. What's that conversation like, and are you attacking that problem in any way? We do, so that's a great point. So whenever we effectively go in and do an evaluation with StealthWatch Cloud, I like to use the word illuminate. Okay, we illuminate or turn the floodlights on, on everything inside their environment, whether it's in the cloud or on-premise. And inevitably we're going to find things that they wish they hadn't seen. A lot of cockroaches scrambling in the floor. Yes, yes, and you know, they'll have that moment, if you will, where they, maybe they wish we hadn't turned the floodlights on. It's an awakening, not an enlightenment. It's almost like shooting a fish in a barrel. It really is. I mean, we can almost always find something. It's not necessarily always a breach. It's not always an indicator of compromise, but we can always find a policy violation, a segmentation violation, things like that. Things that they just, they had no idea about because they didn't have the visibility into what was actually going on in there. But as far as scalability goes, it's beautiful, especially when we talk about the public cloud, because it's a five minute back in API integration. It doesn't matter if you have one VPC or 1,000 VPCs, you know, 10 VMs or 10,000 VMs, it's instant visibility into all of them. So talk about the impact. And obviously this sounds super easy to use. You guys been successful with it, but I'm going to put Devils Advocate out there around. I'm a CIO or an executive at a large company and my team wants to do a lot of IoT. Sure. With a service area, it certainly increases. Certainly a use case everyone's trying to do too. This seems like a natural fit for IoT. Talk about how this would be used for an IoT deployment. It's a lot of times a lot of works being done on the architecture side around, you know, laying out the network with devices and or instrumenting them. Is it just plug and play, same kind of concept? How does this impact that? Something very unique about using your network as a giant security sensor grid, because that's essentially what you're doing with StealthWatch Cloud. We're not relying on firewall information. We're not relying on agent or endpoint telemetry. We really don't care, to be honest with you. If the device, IoT can touch the network, we're going to know about it. And that's a beautiful thing because I've got story after story that I can tell you about IoT type devices that I have. Well, tell one, it's a good example. Okay. How about a cafeteria vending machine that I found one time at a university on the West Coast that had bi-directional communication with pretty much every bad actor country you can imagine. Deployed StealthWatch, StealthWatch caught it immediately and we asked the IT staff, what is this cafeteria vending machine doing on the network? And they said, we didn't know it was on the network. It was mining Bitcoin too while I was at it. Who knows what it was doing? Even better, even better. So I said, well, did you know it's talking over remote desktop to every suspicious country in the world? And they said, we certainly didn't know that. They went a step further and they told me that it was actually a dirty tray vending machine that was designed for loss prevention so that students did not throw away or steal the trays, right? So it would spit out a coin. It's almost like the Aldi system, right? It would spit out a coin and that's where you would get a clean tray, right? You've returned the, put a coin back in and that's how you continue doing that over and over for loss prevention, right? And I said, well, did you realize that it was, you know, running Windows? And they said, we didn't know that either. These are all kinds of things that we can expose. And then light bulbs have IP addresses and fully threaded applications, old processors. I've found slot machines, X-ray machines, HVAC controllers, things that customers had no idea that were on their network, that StealthWatch is able to very, very quickly explain. So this is an insurance policy for one, but I love what you said. It's that the network is a security, what'd you say, a security? It's a giant sensor grid. It's a giant sensor grid for security opportunities and also kind of understanding where the holes are. Right. So talk about the role of data, how that role is changing in the context of security, how you're leveraging data to make organizations more secure. Yeah, so what we're doing with the data that we're getting, all right? Because network telemetry in itself is very valuable. I mean, we've been using NetFlow for 20 years now, the top talkers conversation, you know? But what we do with that data is very special. That's really where our secret sauce comes into play. We do a baseline and anomaly detection for every one of those assets, whether known or unknown or IoT like we talked about. And we look for indicators of compromise that might indicate malware, a breach, an APT that's in that customer's network, but it's very important because we're leveraging that giant data warehouse, if you will, and we're crunching those numbers and we're making sense of it. And that's really where our secret sauce comes into play because we're automating this security analytic solution. So the customer really doesn't have to invest much time. All right, the tool's designed to crunch those numbers. It has very high efficacy and it's designed to alert you when there could be a situation that you need to take a look at. And you're, you know, Cisco obviously an unbelievable position to play that role. John and I were at a conference last week, the CIO of the CIA said, something to be effective, the cloud on its worst day has better security than my client server systems will ever have. Now that's nice and it may be true. The problem is I can't put all my data into the cloud. So there you go, you guys are solving a real problem there. Right, we're aggregating everything into a single pane of glass and it is true that the cloud in general is more secure. I term I like to use as a second line of defense. This is a checks and balances system because inevitably there will be something that goes wrong with your security posture at your perimeter, whether it's on-prem or in the cloud. A tool like this will catch those violations. And that's a great thing is also, the perimeter is also leaking a bit too, as cloud is horizontally scalable. Jeff, I want to get your thoughts just kind of step back within Cisco. We've seen a cultural shift going on within the company. Obviously we saw Diane Greene on stage at Cisco live in Orlando. Cisco's the biggest show of the year. Cisco's announcement here around partnering on the cloud services platform. That's a huge coup for Google. You guys have great beach head within the enterprise, huge sales force, great discipline, tons of experience and a great culture. But the DevOps movement has come full circle to you guys. NetworkOps is now a new thing. Network DevOps where you guys are now network as code, not just infrastructure, specifically networking. And StealthWatch I think points to some of that greatness that's going on where speed, visibility, awakening and enlightenment, insights, all these things are going on where you're pushing it up for the developers without a lot of capabilities. That's true. How is that going on internally? Is there the haves and have nots? Is there a culture of the old Cisco? Is there what's the vibe? What's the culture? Do people get it? Are people like saying, hey, this is rockin' and rollin'? I would say that we have fully embraced what I would call the containerization era. And we're full speed ahead there. Pretty much every one of our business units are leveraging or looking to leverage containerization in some capacity. StealthWatch Cloud specifically. We have to think about Kubernetes again. We're here at the Google Max conference. Kubernetes is, it will be the de facto container orchestration mechanism moving forward. Folks don't realize that now, they soon will. And Kubernetes certainly shows that you guys are aware of some of the coolness, but also relevance and security at that level. But also what Istio shows is that as you get services that can be programmable. It looks a lot like network services up the stack. That's right. Oh, that's happening. Oh, great. Well, we are very impressed. We covered the DevNet teams. We see the traction in the Cisco ecosystem. Looking at coding. The cloud native movement, you guys are on it. Congratulations. Thank you. Thanks for coming on theCUBE, chair. I appreciate it. Okay, here's Cisco inside theCUBE. DevOps is going mainstream. Obviously it's been going for a while, but certainly now network intelligence, driving into the cloud. It's a symbionic relationship. It's what's going on in the cloud. This is the new normal in infrastructure, it's new normal in application development. It's theCUBE. We're bringing you all the coverage live here in Moscone in San Francisco. Stay with us for more after this short break.