 From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE Conversation. Hi everybody, this is Dave Vellante and welcome to this CUBE Conversation. We're going to talk about a topic that is obviously top of mind a lot of people situations right now, which is ensuring business continuity, business resiliency, given this work from home pivot is something that a lot of people are focused on. Many CIOs have told us that their business resiliency was way too focused on disaster recovery and we're going to talk about this in the context of VPNs. I'm going to love hate with VPNs. I mean, on the one hand they provide safeguards, they give us privacy, they give us protection, everything's encrypted, but they can bring forth performance problems. There could be service quality issues, you know, video or audio. And so the problem with VPNs is a lot of times they're a black box. You don't know what's going on inside. There are different types of VPNs and it's actually a pretty complicated situation. And with me to talk about that is Paul Barrett, the CTO of Enterprise at NetScout. Paul, good to see you. Great to be here. Yeah, so what did you see with regard to, you know, the trends that hit with COVID? Obviously there was this very rapid work from home pivot. VPNs had to be deployed for remote workers who typically would come into the office. What did you see? So with NetScout, we service the largest, most complex organizations, both in the US and globally. But for many of these organizations, the VPN services they provided really was for quite a small subset of their workforce. People working on the road, maybe they had a small subset of their employees working from home. And as you say, obviously, you know, as we all understand almost overnight, everyone found themselves struggling to work from home. And quite frankly, most organizations, VPN configurations were just never architected to deal with this kind of situation. One of the perhaps most important distinctions between the different types of VPN is whether you have a so-called full VPN service or a split VPN service, because that really impacted the ability of organizations to deliver VPN. So what does that mean, full versus split? I know there's sometimes there's free VPNs, you kind of get what you pay for. What does that mean, split versus full? So with a full VPN connection, everything that you connect to on the internet or any business service has to go over your VPN connection. You can't make any direct collections from your PC to the internet has to go through your enterprise network. So if you think about it, if you've suddenly moved tens of thousands of employees to working from home, every single communication activity performed by those employees goes through your VPN concentrators. With a split VPN, and for example, I use a split VPN, only when I need to connect to business services that are provided over my enterprise network to actually go directly to my enterprise network over the VPN. If I'm just going to Google or any other regular internet resource, then I get a direct connection to that internet resource. That really takes the pressure off the VPN concentrators. Okay, so the split VPN gives you more flexibility. I can't tell you how many times I've sent a link to somebody and say, oh, I can't open it. It's got to be my VPN blocking it. You're saying it gives you the sort of, you have your cake and eat it too, the split VPN. Well, right, yes. It just means that to say it's only the traffic that has to go into the corporate network goes through the corporate VPNs. What we observe is, as I say, as we deal with very large organizations, particularly in regulated industries such as financial services and healthcare, there was just the requirement that, hey, everything's got to come over the VPN. We don't want any traffic kind of leaking directly onto the internet. We want to have full control so everything goes through our security stack. So one of the things we're sort of seeing now with three months into the COVID situation, I would say most of our customers have got through the worst of it, but a lot of them would say they're still running very hot. And those of who were previously offering full VPN are saying, well, can I transition to offering a split VPN service? But it's not a trivial thing to do because especially if I say, if you're highly regulated, you've got compliance requirements, you've got to make sure that the traffic that has to go through your security stack does so and that you're comfortable with any traffic that's going direct to SaaS services like Office 365. You have to make sure that you're comfortable that that traffic is going direct over the internet. So I say it's the transition from full VPN to split is it's quite a challenge and say it's not trivial. Well, and I would imagine, I mean, if I'm the compliance officer, I'm saying, yeah, go full VPN and I don't care if there's a restriction and handcuffs placed on the users, if you're a line of business head, you're saying, hey, I want more flexibility. So the brute force approach, it's a two-edged sword. So how do you help solve that problem? I know you're focused on providing visibility, but explain where NetScout fits in the value chain. So yeah, everything NetScout does is about analyzing the traffic flow on networks. And we do it for helping customers ensure that the applications and services are healthy, that they're available. We have products that allow people to protect their applications against DDoS attacks. But in the case of VPN, it's really about understanding how the service is being used. If you actually look at the traffic coming on the enterprise side of your VPN concentrator, so after it's been decrypted, I can see who's accessing which business services. I can see if, for example, it's a full VPN connection, how I got users going to unimportant services like YouTube, which really isn't helping the situation. I can see whether, I might actually, because typically large organizations have multiple VPN concentrators around the country and even around the globe. And you get situations where one set of VPN concentrators are sitting there underutilized, whereas I've got another set of VPN concentrators that are sort of overwhelmed. And by getting this visibility of that kind of usage, I can actually think about getting some of my user groups to maybe use a different VPN concentrator. And as I was talking about the migration to a split VPN, having visibility of what applications are being used, hey, I have this particular sensitive application and I need all of that traffic to come through my security stack. But actually it turns out I didn't configure my split VPN correctly and it's all leaking directly over the public internet. Then I have the visibility I need to detect that kind of situation and to remedy it. So is the primary reason why people use NetScout in this use case really to, obviously to provide that visibility, but to make them more secure, is there a performance aspect as well in terms of what you guys are doing? Yeah, one of, I would say the facets of the move to working from home is increased emphasis on services such as unified communications. So voice and video, the use of collaboration services has greatly increased. Those types of service, particularly voice and video, their real-time services, they're very susceptible to poor network transmission, things like latency and packets being dropped. And as I said, people working from home are becoming much more reliant on these types of service than they are when they're in an office. And so it's critical to understand whether problems with, for example, voice and video quality are arising in your own network, because for example, you've saturated your VPN concentrator, or whether they're coming from your SaaS provider. So to give an example, if I'm using one of the well-known collaboration services, if I've got problems in my own network and I'm introducing packet loss into my voice feeds, if I send all of this sort of already corrupted traffic to the collaboration service and that gets reflected to all of my other users, everyone will go, oh, hey, there's a problem with the collaboration service and you're gonna waste time pointing your finger at the collaboration service provider who, let's be honest, at the moment has got much better things to do than to go chasing phantom problems when if you have visibility inside your own network, you can actually understand that, oh, hey, no, this is a problem of my own making, so I'm not gonna waste cycles pointing the finger at the other guy, I can actually get on with isolating the problem in my own network, figure out what I need to do and then remediate it. Yeah, so NetScout, you guys are doing some dirty work, you like Navy SEALs going in and going deep into the network. So talk a little bit about the intellectual property behind this, how does it work? What's the secret sauce that NetScout brings to the table? So our CEO and co-founder, Anil Singhal, over 30 years ago, the company's 35 years old, he recognized the growing importance of the computer network and he recognized the need to understand what's happening on these networks and of course now it's almost impossible to do anything without involving a network of some kind. So he persevered and continued to refine the technology of analyzing what happens on a network, but converting that raw traffic into actionable data. We call that the data we produce, the metadata adaptive service intelligence and we sometimes refer to it as smart data. And of course there's an emerging trend in the industry of AI ops saying, what can I do if I start to apply machine learning algorithms to all the data that's coming out of my environment? It's like the old garbage in garbage out. You can only perform high quality analytics if you have a high quality data source to work with. So that's really, that's always been our focus. How can we take all of that complex traffic on a network and map it to a very simple but actionable set of high quality data? Okay, so it always comes back to the data, doesn't it in these types of problems? But I wonder, what is the diversity and variety of the data set? Is it a fairly narrow and well understood data set or are there sort of conflicting data that you also have to rationalize? Well, our data model has multiple levels. Everything from we do store the raw packets and we're intelligent how we do that. We store the parts that you really need. We store rich data relating to individual transactions. That's very useful for troubleshooting. But what we were also able to do is to actually for most network protocols, we actually can map it to a common data model and that's extremely powerful because it means that in a single pane of glass, I can get insight into all of the different applications and protocols running on my network. Okay, so you've sort of addressed the data quality problem in that way. I wonder, I mean, as a CTO, I imagine you spend a fair amount of time with customers. Are there any sort of examples that you can give either name names or anonymous? Just in terms of the last 100 days, how you've helped customers, some of your favorite examples, perhaps? Well, as I say, I mean, a lot of energy has been put into providing that visibility around VPN services because quite honestly, it was never seen as a particularly critical component of the overall enterprise. It was that, as I said earlier, it was that kind of, oh, that's just something to help the guys on the road. And all of a sudden it became the most important piece. So as I say, and it's also not just been about, okay, let's give sufficient visibility for you to kind of keep the wheels on the truck. It's also helping the customers about thinking forward, about planning. We talked about planning a split, migration split VPN, but also thinking about their future needs. I mean, I think a lot of customers are looking to over provision and the ones that have already transitioned to virtualized infrastructure are actually in a stronger position because they've got a lot more flexibility and ability, for example, to spin up more VPN resources or more virtual desktop resources, for example. Yeah, and of course you mentioned that you guys deal with many types of industries, but specifically a lot of regulated industries, financial services, healthcare, government, et cetera. And so I would imagine that those guys really had to tap your services over the past 100 days. Well, yeah, exactly. And as we mentioned earlier, those are the organizations that are much more likely to be using full VPN and have a lot more constraints on their ability. So even if they do move to split VPN, then there's going to be limits on how much of the traffic that they can truly allow to go direct over the internet. I wonder if we could end just sort of riffing on the whole notion of digital transformation and automation. I mean, it's, prior to COVID, we talk a lot about automation, about digital transformation, but the reality is a lot of it was lip service. A lot of customers or companies would really kind of prioritize other initiatives, but overnight, if you weren't digital, you couldn't transact business and automation has really become imperative. People don't seem to be afraid of it anymore. They seem to be sort of glomming onto it and really as a productivity driver. How do you see automation in this post-isolation economy and what are the impacts to some of your customers? Well, as we all understand, digital transformation is all about trying to be agile, to be able to move as fast as possible, to be able to deploy new services quickly to respond to disruption in the marketplace and new opportunities. The only way you can really achieve that, as you mentioned, is through large-scale automation, but I like to make two observations of that automation. Automation is very good at taking a small building block and then replicating it and deploying it many hundreds or thousands of times over, but if you've got a bug or a defect in that building block, when you go and replicate it, you go and replicate whatever that failure mode was or that bug. So if you don't have visibility very quickly, you can find a very small little error that was overlooked by the quality guys that's got the huge implications. The other thing about wholesale automation and as we build these increasingly complex systems where we have machines talking to machines, largely unobserved, I'm always reminded of the stock market crash of 1987, so-called Black Monday on October the 19th. And this was one of the biggest crashes ever, something like a trillion dollars was wiped off the US markets alone. And although a lot of people said a correction was due, when we look back, we see that the thing that was different about that crash is that it was the first time we really had automated trading algorithms in play. Now, I don't believe anybody who wrote one of those algorithms was deliberately trying to crash the markets. They were trying to make money, right? But what no one had thought about is how all of these different algorithms by different people would interact with each other when they were pushed out of their comfort zone, if you like. And I think we have a very strong analogy with digital transformation. As I say, we continue to build increasingly complex systems with machines talking to machines. So for me, to operate these kind of environments without maximum visibility, it's almost terrifying. It's like driving a racing car without a safety harness. So, you know, visibility is absolutely key is when you move towards further automation. That's interesting. I mean, I wasn't around in the 1920s, but my understanding was when the stock market crash hit then, the impression that it took hours and hours and hours to determine, you know, when, what the market actually closed that. You actually saw that in the 60s as well. And then I remember, well, 1987, there were no, for you younger people in the audience, there were no real-time quotes then, unless you had a, you know, like a Bloomberg terminal, which we had one actually was at IDC at the time. And it took like many, many minutes to actually get a quote back. I mean, the volume was so high in the infrastructure it just really wasn't there. But now to your point, you see things happening today in the stock market, Paul, and they chalk it up to a computer glitch, which essentially means they have no idea what happened. And to your point about the complexity of machines to machines, if you think about AI, a lot of AI is again, back to this black box. So are you suggesting that you guys can actually provide visibility into some of that black box problem? Well, absolutely, what we can do is we can provide visibility into the interactions between all of these different systems. It's amazing how often in these large complex environments there may be dependencies that people didn't even know existed. I think we have that complex. So by looking at all of the traffic flowing between all of these different systems, we can help people understand what the dependencies are. Is a particular subcomponent starting to fail? Is it becoming slow? Is it generating errors? And if things do go wrong, it's about troubleshooting as fast as possible. We need to get these systems back up and running. So the ability to rapidly isolate problems and to get away from the situation where different organizations in IT are pointing the finger at each other because nobody really knows where to start. And that's kind of human nature. It's like, well, it could be my responsibility, but it could be the other guy. So I'll point the finger at the other guy. And what we do is we provide that information that first of all isolates the location of the problem so we can put the correct team working on it and the other guys can get back to their day jobs. And by providing evidence of a problem, you can actually allow someone to get to the bottom of a problem much faster. Right, you've got to have tooling with all this public internet, the public cloud. Now with IoT, it's just going to get more and more complicated. We'll probably look back on the 2010s and say that that was nothing compared to what we're entering here. But Paul, thanks so much for coming to theCUBE. It was great conversation. Really appreciate your insights. Thank you, I enjoyed it. It's my pleasure. All right, and thank you for watching everybody. This is Dave Vellante for theCUBE. We'll see you next time.