WEBVTT 1 00:00:00.000 --> 00:00:02.010 Mathew Schwartz: Hi, I am Mathew Schwartz with Information 2 00:00:02.010 --> 00:00:05.460 Security Media Group. And it's my pleasure to welcome back to 3 00:00:05.460 --> 00:00:10.140 the ISMG studio, Jeetu Patel and Tom Gillis of Cisco. Gentlemen, 4 00:00:10.320 --> 00:00:12.420 thank you so much for being here today. 5 00:00:12.480 --> 00:00:13.200 Tom Gillis: Thanks for having us. 6 00:00:13.320 --> 00:00:14.190 Jeetu Patel: Thanks for having us, Matt. 7 00:00:14.710 --> 00:00:16.330 Mathew Schwartz: My pleasure. Well, there's a lot to discuss 8 00:00:16.330 --> 00:00:19.930 here. Let's start with the topic of your keynote - threat 9 00:00:19.930 --> 00:00:24.460 response, Jeetu, you said needs new thinking, what's flawed with 10 00:00:24.460 --> 00:00:25.180 the old way? 11 00:00:25.780 --> 00:00:30.280 Jeetu Patel: Well, there's 3,500 vendors in the market. Most 12 00:00:30.280 --> 00:00:35.140 companies have 50 to 70 vendors. And despite all the investment, 13 00:00:35.140 --> 00:00:38.020 ransomware is on the rise. And so clearly, there's something 14 00:00:38.020 --> 00:00:42.370 that's not working. And the way that we look at this is the 15 00:00:42.370 --> 00:00:47.560 market really needs a different way to really to go out and have 16 00:00:47.560 --> 00:00:51.010 security defenses for the new, more increased sophistication of 17 00:00:51.010 --> 00:00:53.830 attacks that actually are happening. So if you think of a 18 00:00:53.830 --> 00:00:58.390 typical attack chain, it starts from email, you click on a link, 19 00:00:58.390 --> 00:01:01.600 it goes to the web, go to a website and download some kind 20 00:01:01.600 --> 00:01:05.290 of software on your machine, kicks off some process. And 21 00:01:05.290 --> 00:01:08.500 before you know it, your malware is starting to traverse the 22 00:01:08.500 --> 00:01:12.070 network through lateral movement. And that has been 23 00:01:12.100 --> 00:01:16.060 defended thus far, in isolated ways. There's someone that 24 00:01:16.060 --> 00:01:18.640 specializes in email, there's someone that specializes on the 25 00:01:18.640 --> 00:01:21.760 web, someone that specializes in the endpoint, and someone that 26 00:01:21.760 --> 00:01:24.520 specializes in the network. We'd like to make sure that we 27 00:01:24.520 --> 00:01:28.210 actually have a unified platform that can actually make sure that 28 00:01:28.210 --> 00:01:32.650 there's telemetry that's correlated across all of these 29 00:01:32.890 --> 00:01:34.930 rather than isolated, because when you actually have 30 00:01:34.930 --> 00:01:38.590 correlated telemetry, you can have far more signal. And the 31 00:01:38.590 --> 00:01:41.740 noise reduces as we go out, go out it and that's the big kind 32 00:01:41.740 --> 00:01:45.100 of announcement that we made. And actually, this gets even 33 00:01:45.100 --> 00:01:48.070 more important in the age of AI with the attacks are getting 34 00:01:48.070 --> 00:01:50.920 more sophisticated, but it's gonna be hard to discern between 35 00:01:50.920 --> 00:01:54.250 what's real-life activity. That's normally, what does Matt 36 00:01:54.250 --> 00:01:58.330 do on a day-to-day basis versus this is actually a threat. 37 00:01:59.380 --> 00:02:00.700 Mathew Schwartz: And if the threat is good enough, it can 38 00:02:00.700 --> 00:02:04.030 pretend to be what I'm doing on a daily basis. I want to bring 39 00:02:04.030 --> 00:02:07.210 Tom into the conversation. You talked about having a 40 00:02:07.210 --> 00:02:11.260 synchronized symphony of security defenses. This being 41 00:02:11.440 --> 00:02:14.230 the goal, because isolation of telemetry, as we were just 42 00:02:14.230 --> 00:02:18.820 discussing, is a big security Achilles' heel. 43 00:02:18.850 --> 00:02:19.060 Tom Gillis: Yes. 44 00:02:19.090 --> 00:02:19.870 Mathew Schwartz: How do we get there? 45 00:02:19.870 --> 00:02:22.390 Tom Gillis: Yeah, so let's think about the chain that Jeetu just 46 00:02:22.390 --> 00:02:25.630 referred to. So it starts with email, 80% of the ransomware 47 00:02:25.630 --> 00:02:27.970 attacks that we saw last year started with a phishing email. 48 00:02:28.570 --> 00:02:31.060 And remember, those phishing emails you get from the Nigerian 49 00:02:31.060 --> 00:02:34.240 prince, you know, they were kind of absurdly, he's out there, 50 00:02:34.240 --> 00:02:39.640 right. But with tools like ChatGPT and other AI tools, the 51 00:02:39.640 --> 00:02:42.280 attackers are now going to be able to craft a phishing email 52 00:02:42.490 --> 00:02:45.310 that is going to be from someone you know, referencing something 53 00:02:45.310 --> 00:02:47.800 you did. Hey, Tom, great to see you at the game on Saturday. I 54 00:02:47.800 --> 00:02:50.320 took some pictures of the kids. So who's not going to click on 55 00:02:50.320 --> 00:02:54.550 that? Right. And so, as these attacks become more and more 56 00:02:54.550 --> 00:02:57.760 like real life, we need to look across multiple different 57 00:02:57.760 --> 00:03:01.120 domains - email, web, endpoint and network. You have to look 58 00:03:01.120 --> 00:03:04.660 across all of them in a synchronized fashion to be able 59 00:03:04.660 --> 00:03:07.270 to identify friend from foe. That's the symphony we're talking about. 60 00:03:07.000 --> 00:03:10.390 Jeetu Patel: And by the way, the interesting part over here is an 61 00:03:07.270 --> 00:03:07.810 62 00:03:10.390 --> 00:03:14.020 attack. Typically, the first step of an attack is not just to 63 00:03:14.020 --> 00:03:16.360 go to a high-value asset, if you wanted to go out and steal 64 00:03:16.360 --> 00:03:19.240 credit card numbers, you don't start by going there. You start 65 00:03:19.240 --> 00:03:21.700 from an email, and you traverse through the different domains, 66 00:03:21.970 --> 00:03:24.460 so that eventually you get to the high-value asset, and then 67 00:03:24.460 --> 00:03:27.430 you exfiltrate the data. That's something that we have to keep 68 00:03:27.430 --> 00:03:30.310 in mind is, in order to get to that endpoint, you have to make 69 00:03:30.310 --> 00:03:32.500 sure that you follow the attack chain. 70 00:03:32.000 --> 00:03:34.845 Mathew Schwartz: So AI - bit of a buzzword - but I think a lot 71 00:03:34.908 --> 00:03:38.386 of potential there both for defensive, as we're talking 72 00:03:38.449 --> 00:03:42.306 about, but I was hearing at the RSA Conference, from some big 73 00:03:42.369 --> 00:03:45.973 names, they're extremely concerned about what AI is going 74 00:03:46.036 --> 00:03:49.893 to be doing, not least on the social engineering front as you 75 00:03:49.957 --> 00:03:53.624 feed things into it and get out what you need for attacks, 76 00:03:53.687 --> 00:03:57.291 targeted or otherwise. So as we're looking at AI, I guess 77 00:03:57.354 --> 00:04:01.085 there's a risk of focusing on how offenders are going to be 78 00:04:01.148 --> 00:04:04.879 using it. But how can we use AI more for good, for example, 79 00:04:04.942 --> 00:04:08.862 generating more enthusiasm in the SOC or helping SOC analysts? 80 00:04:08.925 --> 00:04:12.529 We've been talking for years about overload and trying to 81 00:04:12.592 --> 00:04:16.386 give them only what they need. What is the promise there and 82 00:04:16.449 --> 00:04:18.410 when are we going to get there? 83 00:04:18.690 --> 00:04:22.200 Jeetu Patel: So firstly, I think AI is not a new concept. But 84 00:04:22.200 --> 00:04:25.050 what happened on November 30th was there was a step function 85 00:04:25.050 --> 00:04:28.050 improvement because of ChatGPT and language models and the 86 00:04:28.050 --> 00:04:31.620 machines' understanding of reasoning, and being able to 87 00:04:31.620 --> 00:04:34.230 talk in natural language in a much more kind of intuitive way. 88 00:04:36.510 --> 00:04:39.180 You are right, yeah, there's a lot of good that can be done 89 00:04:39.180 --> 00:04:41.850 with AI. There's also a lot of areas that we have to be 90 00:04:41.850 --> 00:04:43.800 concerned about. And you have to take a balanced approach at 91 00:04:43.800 --> 00:04:47.010 this. You can't be rose-colored glasses on and you can't be 92 00:04:47.010 --> 00:04:50.130 completely pessimistic because any major technology innovation 93 00:04:50.130 --> 00:04:53.790 like this is going to have to have you know, the downsides 94 00:04:53.790 --> 00:04:56.280 that actually also accounted for especially given the scale of 95 00:04:56.280 --> 00:05:01.170 it. So where are we with AI? We think there's three major 96 00:05:01.170 --> 00:05:05.790 opportunities for AI in security. First one is what can you do 97 00:05:05.790 --> 00:05:09.900 with AI to simplify the security stack. And you talked about the 98 00:05:09.900 --> 00:05:12.570 SOC analysts, we actually showed a concept of what that would 99 00:05:12.570 --> 00:05:15.000 look like in the future. And I don't think we're that far from 100 00:05:15.000 --> 00:05:20.460 that future actually happening where, you know, the interface 101 00:05:20.460 --> 00:05:23.340 model that humans are going to use with machines might actually 102 00:05:23.340 --> 00:05:27.000 change quite a bit, where the mouse might not be the only 103 00:05:27.000 --> 00:05:29.730 dominant device for going out and providing input, you might 104 00:05:29.730 --> 00:05:32.550 actually have natural language and command prompts. But more 105 00:05:32.550 --> 00:05:35.910 importantly, you might have an interactive dialogue with the 106 00:05:35.910 --> 00:05:40.080 machine. And the way that we'd like to make sure that we think 107 00:05:40.080 --> 00:05:42.960 about this in the future is how does it augment human capacity 108 00:05:42.960 --> 00:05:46.890 and human knowledge, so that you can meaningfully increase the 109 00:05:46.890 --> 00:05:50.340 quality of insights that you're getting from AI. And not only 110 00:05:50.340 --> 00:05:54.960 automating the 80% that are is routine tasks so that you can 111 00:05:54.960 --> 00:05:58.230 focus on the 20% that aren't routine tasks, because right 112 00:05:58.230 --> 00:06:01.560 now, one of the big challenges that you see with SOC, is you 113 00:06:01.560 --> 00:06:04.980 just don't have enough people, to staff up everyone that you 114 00:06:04.980 --> 00:06:08.250 need. So if we can augment AI, that's actually going to be 115 00:06:08.250 --> 00:06:11.730 huge. So that's the first area AI for kind of simplifying the 116 00:06:11.730 --> 00:06:15.510 security stack. The second area is how can we make sure that as 117 00:06:16.200 --> 00:06:19.410 cyberattacks get more and more sophisticated, because of the 118 00:06:19.410 --> 00:06:22.680 use of AI, the Nigerian prince that Tom talked about, is 119 00:06:22.680 --> 00:06:26.070 actually going to become more sophisticated, because he's not 120 00:06:26.070 --> 00:06:28.140 going to have typos in his email, and it's actually going 121 00:06:28.140 --> 00:06:30.630 to look like he met you last week at your daughter's 122 00:06:30.630 --> 00:06:33.450 basketball game. And those are things that we have to make sure 123 00:06:33.450 --> 00:06:37.230 that we can discern so that it's and that's going to be the 124 00:06:37.230 --> 00:06:40.440 second area is how do you actually have security that can 125 00:06:40.440 --> 00:06:43.680 be specifically designed to detect threats that are being 126 00:06:43.680 --> 00:06:47.070 more sophisticatedly done, as a result and a function of AI? 127 00:06:47.400 --> 00:06:51.570 And the third one is what do you need to do to make sure that AI 128 00:06:51.570 --> 00:06:54.630 models themselves get more secure. And so those are the 129 00:06:54.630 --> 00:06:57.090 three areas that we're going to be investing a lot of, you know, 130 00:06:57.090 --> 00:07:00.360 kind of time and effort and resources on. And you should 131 00:07:00.360 --> 00:07:04.410 expect that this there's going to be a continuous movement. But 132 00:07:04.680 --> 00:07:07.950 the one area that we've actually told customers is expect us to 133 00:07:07.950 --> 00:07:12.120 be the most sophisticated AI-powered end-to-end security 134 00:07:12.120 --> 00:07:13.080 platform on the planet. 135 00:07:13.570 --> 00:07:15.550 Tom Gillis: If anything, I'd add one thing to the, you know, 136 00:07:15.550 --> 00:07:19.180 Jeetu, you've said a lot in AI data makes the difference. What 137 00:07:19.180 --> 00:07:22.420 do we use to train the models and an asset that we have that 138 00:07:22.420 --> 00:07:26.980 is kind of new and interesting. We've got 20 years of incident 139 00:07:26.980 --> 00:07:29.860 response capability. We've had various sophisticated technicians 140 00:07:29.860 --> 00:07:32.620 that have written documents, here's what happened, here's how 141 00:07:32.620 --> 00:07:35.770 we responded, imagine we feed that into this AI model, what we 142 00:07:35.770 --> 00:07:39.550 can do for the SOC 20 years of experience turned into software, 143 00:07:39.850 --> 00:07:40.810 it's really interesting. 144 00:07:40.810 --> 00:07:42.190 Jeetu Patel: That's a really important point Tom makes 145 00:07:42.190 --> 00:07:46.720 because if you really think about the generic models that 146 00:07:46.720 --> 00:07:49.990 are out there right now, they don't give you the specifics 147 00:07:49.990 --> 00:07:53.140 that are required for a domain in a specific industry 148 00:07:53.170 --> 00:07:54.910 Mathew Schwartz: And say, the giant models for 149 00:07:54.000 --> 00:07:57.600 Jeetu Patel: No for large language models, for example, if 150 00:07:57.600 --> 00:07:59.460 you look at the major large language models that are out 151 00:07:59.460 --> 00:08:02.670 there, they might not be able to give you details on what is 152 00:08:02.670 --> 00:08:06.630 happening in your environment in for a specific security incident 153 00:08:06.900 --> 00:08:09.990 that you might be going out and investigating. And that's where 154 00:08:09.990 --> 00:08:12.060 I think there's an opportunity is what's going to happen in the 155 00:08:12.060 --> 00:08:15.090 market is there's going to be more specialization of models. 156 00:08:15.150 --> 00:08:17.700 And there's going to be more specialized telemetry and data 157 00:08:17.880 --> 00:08:20.490 that will be fed to the model so that you can actually provide 158 00:08:21.090 --> 00:08:25.260 very custom bespoke experiences for certain domains. Bloomberg 159 00:08:25.260 --> 00:08:28.560 just launched BloombergGPT because they wanted to make sure 160 00:08:28.560 --> 00:08:30.960 that they did something very specific for the fintech 161 00:08:30.960 --> 00:08:31.380 industry. 162 00:08:32.620 --> 00:08:35.770 Mathew Schwartz: Let's talk about Cisco's new XDR 163 00:08:36.100 --> 00:08:39.430 announcement. How is this a game changer, Tom, for Cisco and for 164 00:08:39.430 --> 00:08:40.030 the industry? 165 00:08:40.020 --> 00:08:42.670 Tom Gillis: Well, we've alluded to this, it's too difficult. If 166 00:08:42.722 --> 00:08:45.633 you're only looking at one domain, it's too difficult to 167 00:08:45.685 --> 00:08:49.063 spot these patterns. So you have to look across multiple domains. 168 00:08:49.115 --> 00:08:52.390 So play that out in your head a little bit. Okay, so we need to 169 00:08:52.442 --> 00:08:55.353 look across email, web, the endpoint and the network. We 170 00:08:55.404 --> 00:08:58.575 want to have sensors that live in email, web, endpoint and in 171 00:08:58.627 --> 00:09:01.382 the network to gather that telemetry. So I think it's 172 00:09:01.434 --> 00:09:04.500 really accelerating the movement we've seen in the industry 173 00:09:04.552 --> 00:09:07.827 toward security platforms, where I'm dealing with a system that 174 00:09:07.879 --> 00:09:10.945 has multiple components not just a bunch of products, but a 175 00:09:08.650 --> 00:09:29.740 176 00:09:10.997 --> 00:09:14.116 system that has components that work in these, each of these 177 00:09:14.168 --> 00:09:17.079 domains, shares that common telemetry, one common policy 178 00:09:17.131 --> 00:09:20.509 framework. And this is very much in line with the announcement we 179 00:09:20.561 --> 00:09:23.940 made last year around our vision behind the Cisco Security Cloud. And so how is the Cisco XDR addressing the limitations of 180 00:09:29.740 --> 00:09:32.440 current XDR solutions? 181 00:09:32.510 --> 00:09:36.140 Yeah, there's two areas we've really focused on. The first is 182 00:09:36.440 --> 00:09:39.200 we have an open architecture. So we work with everything. But 183 00:09:39.200 --> 00:09:41.990 when we have native telemetry, meaning when we're in the data 184 00:09:41.990 --> 00:09:46.040 path, we get very high fidelity data that turns into security 185 00:09:46.040 --> 00:09:49.850 efficacy. The other area we focused on is the integration to 186 00:09:49.850 --> 00:09:53.450 respond. So we can do all kinds of clever things about, we saw 187 00:09:53.450 --> 00:09:55.730 something that looks a little suspicious. Let's take a 188 00:09:55.730 --> 00:09:59.150 snapshot. It looks even more suspicious. Let's do a Packet 189 00:09:59.150 --> 00:10:02.720 Capture. And then eventually you get to, it's a full-blown 190 00:10:02.720 --> 00:10:05.540 attack, we can stop it. But you've created an audit trail 191 00:10:05.540 --> 00:10:09.410 that allows you to automate the recovery process should a 192 00:10:09.470 --> 00:10:10.880 ransomware event occur. 193 00:10:12.070 --> 00:10:16.600 Mathew Schwartz: Excellent. Lots of changes. I mean, ChatGPT, as 194 00:10:16.600 --> 00:10:19.180 you said, just at the end of last year, we're seeing so much 195 00:10:19.180 --> 00:10:22.270 innovation at a pace that possibly we've never, ever seen 196 00:10:22.270 --> 00:10:26.020 before. Certainly XDR is going to be changing. So where do you 197 00:10:26.020 --> 00:10:27.190 think we go from here? 198 00:10:27.990 --> 00:10:29.790 Tom Gillis: You know, I think that there's a movement in the 199 00:10:29.790 --> 00:10:34.350 industry to think about platforms. And XDR is the best 200 00:10:34.380 --> 00:10:38.520 evidence of that. If that's really true, if we can actually 201 00:10:38.520 --> 00:10:42.360 demonstrate greater levels of efficacy with a platform, it's 202 00:10:42.360 --> 00:10:45.990 going to redefine the vendor landscape. Remember the 3,500 203 00:10:46.020 --> 00:10:50.040 different vendors that are out there, and the 75 solutions that 204 00:10:50.040 --> 00:10:53.880 the customer has to ingest? You know, the movement toward 205 00:10:53.880 --> 00:10:56.640 platform is heading is a significant shift in the 206 00:10:56.640 --> 00:10:59.580 industry. And it redefines how we think about product 207 00:10:59.580 --> 00:11:02.880 excellence, where's the product grade? I'm gonna argue, it's at 208 00:11:02.880 --> 00:11:05.970 the platform level, right? When the whole is greater than the 209 00:11:05.970 --> 00:11:08.580 sum of the parts, we can do some magical things. 210 00:11:08.000 --> 00:11:11.600 Jeetu Patel: I probably say the other thing that you have to 211 00:11:11.600 --> 00:11:14.660 keep in mind, as we've been talking about platforms for a 212 00:11:14.660 --> 00:11:19.940 long time. The reason that it becomes really pertinent now is 213 00:11:19.940 --> 00:11:25.010 because the sophistication of attacks has gotten to be, you 214 00:11:25.010 --> 00:11:28.640 know, has improved so much that it's hard to tell between a 215 00:11:28.640 --> 00:11:33.350 normal course of activity and an actual threat that could 216 00:11:33.350 --> 00:11:38.300 threaten your enterprise. And the only way to do go out and 217 00:11:38.300 --> 00:11:40.550 handle this is through machine scale, you can't do it through 218 00:11:40.550 --> 00:11:44.660 human scale anymore. And in machine scale, like Tom alluded, 219 00:11:44.720 --> 00:11:48.320 what's really important is the quantity of data and the quality 220 00:11:48.320 --> 00:11:52.280 of data that you actually ingested. And, the correlation 221 00:11:52.280 --> 00:11:55.040 between different data sets across different domains. Those 222 00:11:55.040 --> 00:11:56.930 things can't be done through point solutions, they can only 223 00:11:56.930 --> 00:11:57.800 be done through a platform. 224 00:11:57.870 --> 00:12:00.300 Mathew Schwartz: Yeah, I mean, you were talking ransomware. The 225 00:12:00.300 --> 00:12:03.000 continuing innovation we've seen as criminals are trying to find 226 00:12:03.000 --> 00:12:05.940 new ways to make money and using any tool at their disposal to do 227 00:12:05.940 --> 00:12:09.930 so. I think that presages increasing sophistication, not 228 00:12:09.930 --> 00:12:10.350 less. 229 00:12:10.360 --> 00:12:12.520 Jeetu Patel: Yeah. And it's not just ransomware. It's insider 230 00:12:12.520 --> 00:12:15.850 attacks. It's, you know, espionage, nation-state attacks, 231 00:12:15.880 --> 00:12:18.940 all of these things actually kind of play into the mix over 232 00:12:18.940 --> 00:12:24.190 there. So it is essential at this point in time for companies 233 00:12:24.190 --> 00:12:27.190 who cannot go out and manage the complexity with 70 vendors and 234 00:12:27.190 --> 00:12:29.830 70 different policy engines within their environment, they 235 00:12:29.830 --> 00:12:32.140 have to say, I need to make sure I have fewer platforms, they'll 236 00:12:32.140 --> 00:12:35.260 probably be half a dozen platforms, we will be one of 237 00:12:35.260 --> 00:12:37.540 them, Microsoft will be one of them. Palo Alto might be one of 238 00:12:37.540 --> 00:12:39.880 them. And then there'll be others that will actually try to 239 00:12:39.880 --> 00:12:42.310 aggregate to go out and become a platform, but there's not going 240 00:12:42.310 --> 00:12:44.800 to be that many, there's not going to be 3,500. There's not 241 00:12:44.800 --> 00:12:47.020 even going to be a dozen. There's going to be very few 242 00:12:47.020 --> 00:12:48.250 platforms that are end to end. 243 00:12:49.180 --> 00:12:51.610 Mathew Schwartz: Jeetu, you run the security business, you also 244 00:12:51.610 --> 00:12:54.130 run the collaboration business at Cisco. We've seen major 245 00:12:54.130 --> 00:12:58.690 changes in how collaboration is happening. Do these two things 246 00:12:58.720 --> 00:13:00.040 tie together? If so, how? 247 00:13:00.360 --> 00:13:03.360 Jeetu Patel: Well, they actually very interestingly, tie together 248 00:13:03.360 --> 00:13:06.240 much more relevantly than any of us had imagined because of what 249 00:13:06.240 --> 00:13:08.640 happened during COVID. And if you think about the pattern of 250 00:13:08.640 --> 00:13:11.400 work, right now, it's largely hybrid. Some people work from 251 00:13:11.400 --> 00:13:13.320 home, some people work from the office, some people work 252 00:13:13.320 --> 00:13:16.260 somewhere in the middle. And you're not always going to be 253 00:13:16.260 --> 00:13:21.240 connecting to systems to get your work done from a secure 254 00:13:21.240 --> 00:13:24.600 location on a secure network on a secure device. You might be on 255 00:13:24.600 --> 00:13:27.690 an unmanaged device at a local coffee shop, going out and 256 00:13:27.690 --> 00:13:32.340 connecting to your network and making sure that you have some 257 00:13:32.340 --> 00:13:34.710 very sensitive intellectual property that you're taking a 258 00:13:34.710 --> 00:13:38.760 look at. So security is actually going to play an increasingly 259 00:13:38.760 --> 00:13:41.670 more important role in hybrid work so that you can establish 260 00:13:41.670 --> 00:13:43.920 trust for the user and for the organization that they're going 261 00:13:43.920 --> 00:13:46.740 to be okay, and allowing that flexibility for users to work 262 00:13:46.740 --> 00:13:51.030 from anywhere. The second thing to keep in mind is, you know, if 263 00:13:51.030 --> 00:13:57.870 you look at the overall kind of domain, as people move from one 264 00:13:57.870 --> 00:14:00.510 location to the other, it's not that everyone works from the 265 00:14:00.510 --> 00:14:02.640 coffee shop all the time, it's not that they work from home all 266 00:14:02.640 --> 00:14:04.410 the time, it's not they work from the office all the time, 267 00:14:04.680 --> 00:14:07.320 you can't have different experiences. So you need to have 268 00:14:07.320 --> 00:14:10.650 the same experience no matter where you work from. And so that 269 00:14:10.920 --> 00:14:14.790 level of clarity of and simplicity of the experience 270 00:14:14.790 --> 00:14:17.070 that no matter where you are, you open up your laptop, you 271 00:14:17.070 --> 00:14:19.350 connect, and you're going to be fine for any application, 272 00:14:19.620 --> 00:14:22.080 whether it be a public application, like Workday or 273 00:14:22.080 --> 00:14:24.510 Salesforce, whether it be a private application, like your 274 00:14:24.510 --> 00:14:26.760 Order Management System, whether it be directly connected to 275 00:14:26.790 --> 00:14:30.330 cnn.com, we should make sure that the experience for the user 276 00:14:30.330 --> 00:14:33.150 is no different so that they don't have to say, well, you 277 00:14:33.150 --> 00:14:35.610 know what, for this particular application, I gotta log on to 278 00:14:35.610 --> 00:14:37.980 VPN; for this particular application, I got to make sure 279 00:14:37.980 --> 00:14:40.560 that I have ZTNA. Over here, I don't need to do either of those 280 00:14:40.560 --> 00:14:43.470 things. Those get super confusing for the end user. And 281 00:14:43.470 --> 00:14:46.110 one of the big challenges we have to do is simplify the 282 00:14:46.110 --> 00:14:49.770 experience for the user so that they don't have to go out and 283 00:14:49.770 --> 00:14:52.740 have a lot of errors that they might be prone to because that 284 00:14:52.740 --> 00:14:56.100 actually causes more of a risk surface increase for breaches. 285 00:14:56.600 --> 00:14:58.730 Mathew Schwartz: Definitely, you want to maintain assurance with 286 00:14:58.730 --> 00:15:02.420 users that they are being secured. But at the same time, 287 00:15:02.420 --> 00:15:04.250 as you were saying, with a synchronized symphony of 288 00:15:04.250 --> 00:15:06.650 security defenses, that has probably gotten a lot more 289 00:15:06.650 --> 00:15:09.500 difficult with all this remote work, and, you know, trying to 290 00:15:09.500 --> 00:15:11.840 deliver these productivity tools, anytime, anywhere. 291 00:15:11.000 --> 00:15:13.250 Jeetu Patel: It's gotten more difficult, it's gotten more 292 00:15:13.250 --> 00:15:17.570 risky. So we have to make sure that, you know, there's a level 293 00:15:17.570 --> 00:15:22.700 of kind of thinking going around, how are you going to 294 00:15:22.700 --> 00:15:26.270 make sure that something is productive for the user, and 295 00:15:26.270 --> 00:15:29.630 something is also secure. And those can be opposing 296 00:15:30.200 --> 00:15:32.630 characteristics. You can't have someone say, do you want to be 297 00:15:32.630 --> 00:15:36.230 productive or do you want to be secure? It has to be an and. And 298 00:15:36.380 --> 00:15:39.020 that's an area where we feel like we need to spend a lot of 299 00:15:39.020 --> 00:15:42.560 time and we've actually done a tremendous amount of work. And 300 00:15:43.070 --> 00:15:46.400 we do as much work as we do on the backend plumbing on making 301 00:15:46.400 --> 00:15:49.970 sure that the user experience is brain-dead simple for the user. 302 00:15:50.150 --> 00:15:53.480 The moment you do that the negligence, the risk, the 303 00:15:53.480 --> 00:15:55.460 breaches because of negligence go down quite a bit. 304 00:15:55.520 --> 00:15:57.980 Tom Gillis: The goal is to frustrate attackers, not users. 305 00:15:57.980 --> 00:15:58.550 Jeetu Patel: Not users. 306 00:15:58.570 --> 00:15:59.830 Mathew Schwartz: That's a great mission statement. 307 00:15:59.830 --> 00:16:00.040 Tom Gillis: Yeah! 308 00:16:00.000 --> 00:16:02.940 Mathew Schwartz: Excellent. Well and hopefully we'll see more of 309 00:16:02.940 --> 00:16:05.820 that in the future as an industry because we definitely 310 00:16:06.120 --> 00:16:09.300 need that. Well, gentlemen, it's been a fascinating conversation. 311 00:16:09.300 --> 00:16:11.760 We've touched on a lot of things. Thanks so much for your 312 00:16:11.820 --> 00:16:12.870 time and insights today. 313 00:16:12.000 --> 00:16:14.520 Tom Gillis: Thank you. 314 00:16:14.570 --> 00:16:15.860 Mathew Schwartz: I'm Mathew Schwartz with Information 315 00:16:15.860 --> 00:16:18.350 Security Media Group. Thank you for joining us.