Episode 273 Deep Dive: Jeetu Patel | The Future of Security

[00:00:00] Speaker A: My strong belief is monopolies are bad categorically for the industry. It stifles competition. It actually creates the wrong kind of incentive structures. And so I believe that free markets that are highly competitive are great. I also believe that in security, the problem is not monopolies. The problem is very high amount of fractured markets. As a result, the complexity that is increased because of the fracturing of the markets is so high that it's very hard for the C servers to actually keep the head above water, because on average, most companies have about 50 to 70 different members in their cybersecurity stack, or 50 to 70 different products. [00:00:49] Speaker B: This is KBC. [00:00:51] Speaker A: Are they completely cyber? As a primary target for ransomware campaigns, security and testing, and performance and scalability. [00:00:58] Speaker C: We can actually automate that, take that data and use it. Joining me back on the show for a deep dive interview is Jeetu Patel, executive vice president and chief product officer from Cisco. And today we're discussing the future of cybersecurity and the potential impacts on the reliance of cloud based software. So, g two, welcome back. [00:01:18] Speaker A: Thank you for having me, Parisa. Good to be back. [00:01:21] Speaker C: So recently there have been some events that have caused major disruptions that you obviously aware of for businesses. So maybe talk me through this whole thing just from your perspective, and maybe even if there's customers that have been sort of reaching out to you and that are worried about this, you know, no one sort of wakes up and sort of predicts this. It was, you know, perhaps it blinds out a lot of people in particular. So I'm keen to sort of hear your thoughts. [00:01:44] Speaker A: These are interesting times we live in, where our first priority, firstly, is whenever a customer calls us, because we want to make sure that right now we're supporting our customers in any way we can. And so that's a given. That's the core foundation. But when you look at these kind of outages that we've seen, it should be a stark reminder for us of the sheer interconnectedness of our world, the criticality of having resilience within your organization, to say, hey, these things are going to happen. And when they do happen, it's more important to have the kind of infrastructure in place so that you can be resilient and you can come back up as fast as possible. And so the way I think about this, when this happened was it's just a reminder of how important it is for us to maintain a healthy security posture, but also how important it is for us to just know that even when there is not a breach, something could go wrong because of just some level of micro just can happen by anyone. It's human error that can happen for anyone. So I'm not a big fan of assigning blame and pointing blame, and I actually feel that we should look at this as a learning opportunity within the industry to know what the ripple effects of an incident like this can have and what the consequences are of an outage, whether it's caused by a breach, whether it's caused by an unforced error. I think these are not only disruptive outages that cause inconvenience, they can, you know, cost lives. And we ought to make sure that kind of keep that in mind. One of the things that we had done was at splunk. There was a recent cost of downtime report, and it revealed over there that there was like $540,000 per hour that that's cost for organizations when they have downtime. And downtime can happen because of a multitude of different reasons, which is why we think of it like, you have to make sure that you tie them all together because it could happen because you've got a productivity outage, it could happen because you've got API overage. It could happen because you had a breach, it could happen because of any other of them. Number of reasons. But when that does happen, knowing why that happened and being able to go resolve that as quickly as possible is probably the thing that will separate the good companies from the great companies. [00:04:04] Speaker C: Okay, so there's a couple of things in that you said, which was interesting, you said, take this situation recently as a learning opportunity. So what would be some of the learnings that you could sort of explain today? [00:04:14] Speaker A: Well, the learnings are that in this particular situation, that updates are hard. There's unforced errors that happen in updates. When you have to update infrastructure, you just have to make sure that there's a different mode of operating than the way that we might exist. We're more connected now than ever before, and we need to understand the ripple effect consequence of this, and that this trend isn't going to slow down, it is only going to speed up where there's going to be both unforced errors as well as breaches that might occur. And when that happens, organizations have to have a posture of resilience, of digital resilience that can actually get them back up. So what's the big learning? Updates are hard, and what we need to do is make sure that we start to think about architectures and solutions that can allow us to actually have more elegant ways that these kind of things can get done over time. We've been working on some of these pieces ourselves and a product that we have called hypershield. How do you go about doing an update so that it doesn't, you know, you've tested everything out in your live environment. Rather than bringing it down and testing it out in the sandbox, we can test it out in the live environment, live data to see how the neo update is performing before you actually switch over to it. That's just one example of how these things are going to actually work out over time. The other learning I have is it can continuously improving process. To go out and fix these issues in a compressed amount of time is going to be pretty important as well. That's something that I just don't feel you can ever be complacent that you've gotten good enough. You can always get better because every minute of downtime costs millions, cost billions throughout the world. And more importantly, it actually has risked lives. And what each one of these things does, unfortunately, it gives adversaries ideas of different ways that they can actually start to bring down society. So the learning over here is very much around making sure that you have more resilient infrastructure, making sure that you solve problems like updates and patching and segmentation, all of these which can actually be controls that are put in place. And then lastly, you know, ensuring that you've got the right kind of processes and speed with which you can actually, again, you have to call it back. [00:06:40] Speaker C: Yeah, you make some great points. So I want to explore that a little bit more because I think these are the things that, you know, when we zoom out, you're saying bring down society. Like the ripple effect. Obviously this incident happened recently. Do you think people were rattled by this? Now I say this because I was getting calls from people like, what's going on? Like my brother in law works in like finance and was trying to like short a longer stock. So like, he's one set of people. I've spoken to people this week, executives trying to fly from the US to Australia couldn't get their flight. All of their, you know, roadshows would, you know, change. You know, there were people stuck here in Australia and they're like, oh my gosh, I'm a student. I can't get a flight because x, you know, airline company not going to pay for my hotel, what do I do? So it's like people have been impacted by different ways, but people seem really rattled out there hard. So I want to talk a little bit more about this, because look how far and wide that this impacts impacted people and businesses. So you think people understand the full effect of that? Like, maybe since this incident, but I mean, you said before this is going to speed up, so we're very likely to see this situation happen again. [00:07:42] Speaker A: Yeah, I think in my mind, the thing that probably has, I mean, we are in the industry, so, you know, I'm not surprised when I see something like this, because we talk about this, that a bad cyber attack can bring down society, it can bring down your power grid, it can bring down your water supply system, it could bring down a financial services system, it can bring down the transportation system, and on and on and on. But when you see it in real life, you say, oh, my goodness, look at how connected we are and look at how easily the entire system can stop functioning. There's a level of kind of. No. People do get taken aback a bit. In my mind, these are healthy reminders for us to get even more paranoid, because the delta right now, between the readiness of organizations for either a cyber attack or an outage and being resilient to it versus their sentiment of feeling confident is of massive distance from each other. And we've done studies where I. 80% of the people feel like they've got everything covered, but only a small, single digit percentage of people actually are ready. When you look at it, that delta, that dissonance, is actually what you have to bridge the gap of, because you can't solve these problems and you can't get a better posture if you don't admit that there is actually a need for a better posture. And then the second thing you have to have is you have to simplify this quite dramatically for our practitioner community, because I think the job of the CISO right now is one of the hardest jobs in the industry. There's liability in that job. There is complexity, and there's a shortage of funding. And all those three things together can be a pretty difficult thing for someone to deal with. And so I think the tech community has to come together. And in fact, one of the ways that I think it has to come together is we have to have a fundamental mental model shift from being this very capitalistic. And I don't mean capitalism. I think capitalism is great. Capitalism is even the wrong word, this highly competitive market, really understanding who the enemy is. The enemy is actually not my competitor. The enemy is the adversary. And if I can actually collaborate with even my competitors to exchange data so that when an adverse event happens, which, by the way, is not a matter of if it is guaranteed a way that we are all collaborating with each other to help the customer out, I think that's the more mature way to do it, to actually save humanity. And I know I sound hyperbolic when I say to save humanity, but these things could have meaningful, consequential impacts on society in ways that we haven't fully figured out or imagined. And I think we have to make sure that the ecosystem interoperability and exchange of data and exchange of knowledge and exchange of whats happening with bad actors is something that we dont actually hide from each other because of competitive advantage. But we are very open in sharing it with amongst the different providers in the market. And I think thats a very counterintuitive concept. But frankly, thats the only way forward. And I would invite all of my like, in this case, you know, I want to make sure that we actually offer all the support we can to Crowdstrike and to Microsoft and others to say if theres anything that Cisco could do, were here to help. [00:11:19] Speaker C: So the part thats interesting is I want to go back to your points here, but I get back one step. You saw that companies being resilient, but how do you sort of know if you are or not? And the reason why I asked that question is, like, companies last week were probably waking up like, great, we're going to get all these people halfway across the world that, oh, all, you know, all of our systems is not working at all. So they probably, in their mind, have this version of, oh, we're resilient. And then all of a sudden, you know, look what happened. Everything came tumbling down like a domino effect, quite rapidly as well. But how do people sort of wake up and they can confidently say to you, you know what, g two, I think we're resilient. Do you have people actually saying that those to you? [00:11:59] Speaker A: One of the things that at least we've been thinking about as we offer advice to our customers is making sure that the outages are recovering from. An outage is a data game, and it's actually finding a needle in the haystack and the amount of time that's taken, find out what went wrong and what do we need to do to go out and revert. There's a fair amount of time that's taken in that the way that we think about it is correlating the data, knowing when there's a connectivity outage versus a security breach versus an API, and making sure that the data gets correlated with each other so that you can pinpoint at a much faster level. And it's not about reactively defending an attack that might have happened or an outage that might have occurred, but it is about proactively creating the right amount of stability in the infrastructure and having the right amount of backups in the infrastructure to make that happen. I think this is not an easy question to. There's not one single silver bullet answer. What you have to do is systematically continue to keep pruning and keeping on getting your systems better so that they're. While they're talking to each other, there's enough data exchange between them, and you're able to go out in a short amount of time, find out what's going wrong, and then do something about what's going wrong in record time. Like, I'll give you an example, the amount of time that it takes to detect something right now, and then investigate when you feel like there's a breach that's occurred, for example, in security, and then remediate, that should all start to get compressed, and that's what we want to do. And so one of the things, one of the big reasons why we bought Splunk was for that reason, which is take an investigation and compress the time to investigation, but also make sure that you can detect at a better pace because you've got more data to detect what's going wrong, going wrong, and then also orchestrate a response. And so technologies like XDR and Sim and Soar, which were all siloed in different parts in the world before. Now, with Splunk and Cisco, you have a single platform that can actually say, okay, I can do, you know, way better detections because I can get telemetry from the network. I can get telemetry from the endpoint. I'm going to then feed that data in this, but I'm going to only feed a subset of the data. I'm not going to feed everything. But one of the challenges we have right now is when you feed too much data into something, it's still a needle in the haystack issue. And so what we do is rather than feeding high volume, low fidelity data, what you do is you feed low volume, high fidelity data to prevent lateral movement. And then once you've done that, you can compress your time to investigation. Another way to think about this, actually, Carissa, is take a step back and say, if you assume for a moment in security that an attack has already infiltrated your organization, the attacker is already in your system. The name of the game is preventing lateral movement. And the way that you prevent lateral movement is by actually, where does lateral movement happen the most? It happens on the network. And so what we have to do is be effective at correlating the data in the network from the endpoint, from the web, so that low level alerts, which you would have otherwise ignored in different parts of the infrastructure when correlated together, it can tell you about a high level alert that you shouldn't ignore and therefore mediate and respond to that as quickly as possible. [00:15:32] Speaker C: Okay, you mentioned before, ecosystem, this one is, this one's really interesting. So you saw competitors, if you had to hypothesize, if competitors worked better together, like you mentioned before, and I actually heard you speak about this at Cisco Live in Melbourne last year. Remember that explicitly. Do you believe that if everyone worked together, Palos and Ford and all these people, right, work together and not to your point, like trying to compete and not, you know, withhold information because they have the competitive advantage, they'll be so focused on that and you know, who is the real, you know, not competing against each other? It's the bad guys, right? Would you assume that we would reduce outages and then incidents if that was a thing that happened in a perfect world? [00:16:15] Speaker A: It would be hard, hard to imagine that you wouldn't given the fact that each one of us has a purview of certain amount of data, that if you correlate together you'd actually have a better, you know, kind of scope or visibility. So its almost a guarantee that if theres cooperation youll have better outcome. And by the way, I think the industry is starting to do that. So I give my competitors a lot of credit towards it. Microsoft and Crowdstrike are competitors and in this particular case they came together to go out and resolve this issue. Theres aspects where we compete with Microsoft. Microsoft, the head of security of Microsoft, Vasu, was on stage with me at Cisco Live where I invited her on my keynote and said let's make sure that we actually extend the gesture working together and actually start this partnership between platform providers and the ecosystem. We take telemetry from about 13 major providers into our XTR system because we want to make sure that that telemetry enriches the kind of detections that we can do on our side. So I actually think the market is starting to see that you have to work together in an interoperable ecosystem. It's almost guaranteed that the power of the collective is greater than the power of any individual one. I'm pretty long on ecosystem advantages also because I feel like for the longest time in software. We have operated from this notion of a zero sum game. In order for me to win, someone has to lose. And I personally just tend to reject that notion, because if you can add meaningful value to the customer, there are scenarios that are very prominent with. Both parties can win. If it's me and one of my competitors and we work well together, and not only does the customer win, but as a function of the customer winning, the two of us win. Does that make sense? [00:18:12] Speaker C: Absolutely. I think 100% it makes sense. And this is the part, I mean, even I've spoken about it, that you make a great point. The real issue are the cyber criminals, not, you know, Palo alto or whoever it is. Like, this is the part where I think some people may get lost in, well, Cisco won the deal over me, and now I'm annoyed. Like, these. This is the part where I think people are they. I mean, are they in it for the right reasons? Like, are you really in it to, you know, to protect customers and people and society, or you're in it for your own self gain? So I guess this becomes a bigger, you know, a bigger question, but it's just more so hearing you say that from your position where you sit, your tenure in the game of, we actually work more together, you know, we're going to get a better outcome. So do you sort of envision this will start to happen over the years? Like, I know, in a couple more years, I see you again at Cisco Live, and I say, hey, g two, how's this whole collaboration thing going? You know, is that. Do you think that gap will close in time, or you're not sure? [00:19:10] Speaker A: I think Gap has already started closing. I'll give you an example in collaboration, like, you. You've got a collaboration. Let me give you an example there. Microsoft Teams is a big competitor of Webex, but we also make hardware devices. And we decided to say, you know what? Even though Microsoft Teams competes with us, we will run Microsoft Teams natively on our devices. And not only will we do that, we will move some of the software capabilities with AI enrichment that we've built in our Webex stack to the firmware level of the devices, so that that device can actually run that. That piece of code, like noise cancellation or video focus areas or kind of video optimizations and all of that. And those will then be applied to Microsoft Teams. So we literally worked hard to make Microsoft Teams work better with the capabilities that we had innovated in Webex because we felt like that would be good for the industry, and it would actually commercially also be good for us. So this is not an either or. Like, I know you juxtapositioned this earlier, saying, do you do this for self gain or do you do this for the right reasons of helping society? I think you do it for both. Theres always a commercial interest. But I had this kind of a friend of mine years ago taught me this lesson 25 years ago or so. I was at his place. There was a guy named Mike Tuchen who just recently retired and he used to at the time run a business at Microsoft. And I was talking to him about something and I asked him a question like, doesnt that scare you folks? And hes like, facts shouldnt scare a business. The reality is when someone has more than 20% market share, and if you dont integrate with that piece of technology, then youre just going to be left out of the action for that percentage of the market. And so it actually makes good commercial sense to integrate. It's not just good for the customer and for the industry, it also makes good commercial sense to integrate. And so I actually feel like there is far more reason to be open, to be interoperating, to be collaborative with your competitors than it is to be closed. And I feel like it's a very 1990s and a mindset to say that I'm going to go out and do my thing and someone else does their thing and we're just going to compete all the time. Because in tech right now, there is no two companies that probably don't have some overlap when they're at scale. I can't think of a single company that Cisco might not have some overlap with somewhere very few companies. But that doesn't mean that you don't learn how to collaborate with them and cooperate with them, because if you don't, you will lose out on the opportunities that could be created by that collaboration. [00:21:58] Speaker C: No, that's a good point. That's a good point. And that, and that sort of leads me into sort of my next question. Market shares. So when this incident happened, for example, I started to do some, like, reconnaissance on forums and social media, just sort of seeing what people are saying. And like people were sort of saying out there, you know, should one company have the monopoly and have that market share? And then I've heard people sort of say, oh, you know, they should spread the risk and all of that. So what are your sort of thoughts then to that? Like this whole problem that people are sort of saying, we have this over reliance then on these big players. Are we too reliant on them? [00:22:33] Speaker A: My strong belief is monopolies are bad categorically for the industry. It stifles competition, it actually creates the wrong kind of incentive structures. And so I believe that free markets that are highly competitive are great. I also believe that in security the problem is nothing. Monopolies, the problem is very high amount of fractured markets. As a result, the complexity that is increased because of the fracturing of the markets is so high that its very hard for the C servers to actually keep the head above water. Because on average most companies have about 50 to 70 different members in their cybersecurity stack, or 50 to 70 different products, and theres about 3500 vendors in the market and no one owns more than 15% of the share. And when you start thinking of that, that complexity is untenable to carry forward moving. So you have to have some kind of a platform approach which allows for simplicity in the operating environment, for security. And so I think that's very important. So I think both of those things are all true. You have to have simplicity and data exchange and a platform approach so that there is simplicity that gets injected into the way that an IT practitioner can go out and manage the security environment. And you also need to make sure that there's a right level of regulation to prevent, you know, bad behavior for monopolies that might emerge. So I think both of those two things are all true simultaneously. [00:24:12] Speaker C: So what does bad behavior for monopolies look like, would you say? [00:24:15] Speaker A: I mean, bad behavior, monopolies is ineffective use of your power for stifling the ecosystem. That's bad behavior. And I think there's enough checks and balances in the system to go out and stop that. But we always have to be aware of that, because like for example, at my heart, I'm a startup guy, I admire entrepreneurs, I admire startups, I admire what they do to go out, the grit that they have, and what they've been able to do to struggle to overcome the odds. And I feel like a vibrant startup ecosystem is what makes America so amazing and what makes tech so amazing. It's actually the countries in the world that are getting more and more vibrant, the startup ecosystem are actually seeing progress following, right? So you look at different geographies that are growing and different countries that grow, there's a very vibrant startup ecosystem. And so I personally feel like that startup ecosystem has to be protected, hydrated and encouraged in the economy. I think it's very good for the progress of humankind. I also feel that at scale motions are very good for the progress of humankind in areas where theres a high amount of complexity thats come in, or a very inefficient use of capital. For example, in security. Right now, were spending an enormously greater amount of money than we were 20 years ago, and ransomware is on the rise, and were no safer today than we were 20 years ago. Something has to change in that equation. The way that that equation needs to change is you have to have some simplicity injected into the system. There has to be greater efficacy, there has to be a better experience, there has to be a better set of economics in play. And if you don't have those three things, then I just don't think you'd be able to serve the customers and the customer community in the right way. So I feel like you just have to make sure that whenever someone starts getting too big or too powerful, that there's checks and balances for that. And so I do agree that you need to make sure that there is checks and balances for that. But I also agree that that can also simultaneously hold true with creating a platform effect, because the complexity of a very, very fractioned environment is actually is not healthy, nor is it safe. And the interesting part in this entire equation is the very reason that startups and security emerge for this kind of point solution. Best of breed approach was to increase efficacy. But what ended up happening is because there were so many of them all over the place, they kind of, sort of did the same thing, but each one of them had their own policy engine. Each one of them would have, if you have 70 players in the market that are helping you solve your problems at cybersecurity, that's 70 different policy engines, that's 70 different places where contention can occur. In policy. That's a tremendously complex environment to go train your it staff to go out and manage. And so those are the things that have to get. The very reason that that ecosystem got so fractured was to go improve efficacy is the reason why efficacy is getting impacted negatively. So I think there's going to be a shift in security to more of a certain set of integrated platforms. And the reason for that is because security is a data game, and the one who goes out and correlates the most amount of data is the one who's going to be able to make sure that they can keep the world safer by doing better detections, better investigation, better response remediation, better prevention, all the entire kind of life cycle. [00:27:55] Speaker C: Okay, so, still following this train of thought for a moment, you were mentioning the four simplicity, et cetera, platform approach. Do you sort of envision now that this incident happened and as we've sort of spoken about today, market share, the monopoly people are worried now. Do you start to see people shifting? Do you think people are going to get worried now because they feel like, oh, we got this over reliance? What do you sort of think is going to happen now with incident on how much it's impacted people and businesses, etcetera? What do you sort of see from your experience people will start doing now? [00:28:28] Speaker A: The changes are going to be incremental. They're not going to be like one fell swoop of change that is going to change. What I've seen customers do even today is they have a multi vendor strategy. I don't know if a single company that has a single vendor strategy that says I'm going to buy all my security from only one vendor, and that said no one else, that does not exist. You just need to make sure that there's enough redundancies in the system that if one part goes down, you can bring it up with the other. And that aspect of a multi vendor strategy I think most companies use. This just happened to be one of those incidents where even if you have a multi vendor strategy, there are going to be companies who are going to have a large footprint. And when they have a large footprint and an incident happens, there's going to be a challenge that has to be resolved. I don't think there's an easy silver bullet answer in this thing. Besides, testing before deployment is good is a good practice. Automation of some of those pieces in a way that can actually have testing of live data without actually moving over to that environment. So you can see what the differentials might be super valuable to have. And so there might be different techniques that start to emerge to mitigate against some of these risks that we have to avoid situations like the one that we just saw. Basically, if you think about what we are doing with a product called Hypershield, that is exactly what we are doing because we have seen three big problems that I think the industry has not been able to solve. Segmentation is really hard, especially in a hyper distributed world where you have to go out and write segmentation rules, and that gets to be a very, very complex problem. Patching is hard. It takes about three to five days from the time that a vulnerability is announced to the time that an exploit occurs. It takes 45 days for a patch to be applied. That gives you days and days and days of exposure where vulnerability is out there in the market announced and you don't have a patch against it. We got to solve for that. And then the third one is, updates are hard like we just talked about. And so for each one of those, I think with given technologies like AI, you can add a lot of automation to solve some of these problems. So we've actually constructed things that can do autonomous segmentation based on the behavior of the application. You can change the boundaries of segmentation dynamically. You can do distributed exploit protection. So within minutes of a vulnerability being announced, you can have a compensating control that can be applied until the batch is going to be applied. And once the batch gets applied, the compensation control is smart enough to be taken away. And then you have this dual path upgrading that we do, which is like if you have version one and version two and you want to upgrade from version one to version two, the way that we are starting to do it now is very similar. The way that you can do it in an automated way with your consumer technologies where you can say, okay, you don't even have to think about or miscarriage. I'm going to make sure that you upgrade from version one to version two in a way that you have both version one and version two running in parallel in your system for some days. You do a differential at the end. You try to figure out if the systems are working as you would have expected them to work. And when you start to get good evidence with data that's working exactly the way you want it to work, you can swap them and make the primary, the shadow path and the shadow the primary path. And that's how upgrades will happen in the future. So I think these are like foundational elements that have been broken in the past that I think we have an opportunity to fix because of some of the new technologies coming about in the realm of hardware acceleration or observability or. [00:32:14] Speaker C: AI, just pressing a little bit more with the three broken things about this industry. So segmentation, patching updates. So if I, you know, in my experience of, you know, almost doing 300 episodes now, someone else I'd interview go, well, you know what, KB? It's about the basics. They'll say it's about patching, which, you know, as you mentioned before, that's hard. We've been trying to talk about doing this for 20 years, still isn't fixed. So they undertone what you're saying. If someone else were to come on here, they'd say, oh, it's, it's, they're all basics, but it's not that basic, though. This is the part that I've spoken about at length with people. They come on and they say it's all about basic patch management and, you know, updates and all that. But you've just clearly articulated here that these things are hard to do. And it's like, people don't acknowledge that they're hard. [00:32:58] Speaker A: The practitioners acknowledge their hard. But there has not been an elegant solution. So here's the challenge. Okay, so let's dig into this a little bit, because this is important. Up until now, there weren't elegant ways. I equate this to an analogy that I give people sometimes, which is, imagine if Amazon.com were founded in the year 1475. It would be an epic disaster of a company. Why? Because there was no shipping and logistics infrastructure. There was no Internet. There was no personal computing revolution. There was no mobile revolution. All the core foundational building blocks which were needed on top of which Amazon could be built didn't exist. It wouldn't have made any sense. That's actually what's happened with patching and updates and segmentation is all that four building blocks that needed to be there really weren't available in its full form of maturity until very recently. So the three that I talk about that we have used that are really important are kernel level visibility, AI, and hardware acceleration. Those three things give you a purview that historically did not exist, as a result of which you weren't able to do the things that we can do today to make patching very easy or updates very easy. We couldn't have done this ten years ago. The elegant solution that we've come up with right now just simply would be very, very hard to have actually put into place ten years ago. And so part of it is just the technology maturity levels now in certain core domains have had such step function improvements that you can then build on top of that to solve these problems that historically weren't as eligibly solvable in the past. And then you have to say, all right, so once you have that, the world becomes a very different set of possibilities. You're not thinking about building the next version of something that already exists. What you're doing is building the first version of something completely new that was not even possible because the core building blocks did exist. [00:35:04] Speaker C: Yeah, I totally hear your point, but that's the part that sort of still gets me g two about people, and they, you know, talking to me on this show, they're like, oh, you know, implement the basics. But like you were saying, this wasn't even. You couldn't even possibly have done something like this. To make it easy for people ten years ago. This problem has been a huge problem for multiple decades. But people say, oh, it's so basic. [00:35:23] Speaker A: And it's not solvable because it wasn't solvable in the old way because it required. You had a massive talent shortage, you had a skill shortage. People had way too much volume. Here's the statistic that's mind boggling to me that I, when I discovered it, only 20% of the vulnerabilities that get discovered ever get patched. 80% of the vulnerabilities discovered never get patched. Think about that for a second. We are all living in a very exposed environment. And, I mean, if there were ten ways to get into your house and you only lock two of those doors at any point in time, and then just prayed that no one's going to break in, that's kind of the world we're living in right now. We have to come up with more creative solves than the ones that we've had to date. And I think what I'm excited about, about AI and about some of these technologies like EBPF, with visibility and observability, and all of that is the more you can observe on what is happening in your environment, the better you're going to be at being able to pinpoint and say, therefore, we need to stop XYZ. And with the way that AI is maturing right now at the base that it's maturing, the kind of solutions that we can start to imagine now because of the power of the silicon and because of the power of AI, is so much more advanced, such a short period of time. And that exponential kind of innovation curve, I think, is going to continue over the course of the next five to ten years. And Im really, really encouraged to see the kind of things we can do because ill tell you the kindest innovations weve had. I told our customers publicly in one of the keynotes, Im like, in 2023, we had more innovation in Cisco and security than previous decade combined. And 24 was a multiple of 23 were only halfway through the year. That trajectory is going to continue. That's exciting stuff. But I think we will see this kind of balance that has a potential of tipping in favor of the defender from the adversary because of AI, because we will be able to create a data advantage for the past 20 years, 30 years. We've always said the adversary has the advantage because they have to be right once. You have to be right as a defender every single time. That's just an imbalance that can't be gone, solved. While that still is the case, you will have a tremendous data advance, which makes it much easier to predict and prevent, rather than reactively detect and respond. [00:37:56] Speaker C: So in light of everything that's happened and what we discussed, what do you think happens now? G two, what do you, where do you think we go from here as an industry, as a society? What are your thoughts? [00:38:07] Speaker A: There's a few things that have to happen. Let me tell you what I think must happen. I think we have to make sure that security gets simplified not just for the management aspect, but also for the use by an average consumer. Right now. It is way, way too complicated and it's very intimidating. So if you ask, take an exercise and ask your family, who's like one generation ahead of you, on how they use security, and you'll find that they actually find it very, very scary and intimidating. We got to make sure that we solve that, because security is a problem which addresses every digital worker on the planet with billions of people. Let's maybe not all 8 billion, because not every one of the 8 billion is digital, but a lion's share of the majority. The first thing you have to do is make sure that you make security simple. Both management by the IT practitioner, but also for the end user. And historically, security has never focused on that because they've always been focused on power user scenarios. And so one of the big things I think, is a cultural shift that needs to be done in security is you need to have a very different kind of profile of people attracted to the industry. We need to have more women, we need to have more people from liberal arts back. We need to have more people with design backgrounds so that we can make sure that they can humanize security. Because in the absence of humanization of security, security cannot actually help protect us because people won't know, like the human errors are going to be too many because it's not going to be intuitive to use. So that's number one. The other thing that must happen is you have to accommodate for the new architectures and say, what are the things that need to be done? Given the change in architectures, we are in a hyper distributed world. We are going to be in a world with epic scale proportion with AI. We are going to be in a world where there is going to be a degree of acceleration of threats because the attack surfaces increase so much. You have to respond to that. With automation, you no longer can actually have security at human scale. You must incorporate machine scale. The first thing is humanize security, but second thing is you can't address security at human scale. You have to address it at machine scale. And then the third thing is you have to make sure that security is a data game. And that if you wanted to prevent this notion of lateral movement, the companies that most effectively correlate the data so that they can find a needle in the haystack are the ones that are going to be the most relevant companies of the future. And so security is a data game, and we have to make sure that we utilize the data and share the data with the ecosystem effectively so that we can stay a step ahead of the adversaries. [00:40:53] Speaker C: I think it was a great summary, but I will just ask one final question. Do you have any closing comments or final thoughts you'd like to leave our audience with today? [00:41:01] Speaker A: G two while this seems very kind of intimidating, and sometimes it seems what's the world coming to? I think there's a tremendous amount of, I'm an optimist at heart about the future of humanity, and especially because of security, because I think we're going to make as a community. I'm confident of it, and I'm hoping that I can do my part in it. As an industry, we're going to make sure that we actually cooperate together and do things to keep the adversaries at bayou. And while this is going to be a very complex undertaking over the course of the next few decades, I do think that companies will come together, governments will come together. There'll be better public private partnership, there'll be better use of AI, there'll be better regulation so that safety can actually be practiced. All of those things. We have to make sure as a community that we're trying to drive towards thoughtful implementation of all of those pieces. If we do our jobs right, I think the next generation is going to have a bright future. But we'll have to make sure that we do our jobs right and not get too myopic about, well, these aspects, because the downside effects are not ones that we should ignore, but the upside is something that we should keep our eye on. The price for. [00:42:26] Speaker B: This is KVcast, the voice of Cyberez. [00:42:31] Speaker C: Thanks for tuning in. For more industry leading news and thought provoking articles, visit KBI Media to get access today. [00:42:39] Speaker B: This episode is brought to you by Mercsec, your smarter route to security talent. Mercsec's executive search has helped enterprise organizations find the right people from around the world since 2012. Their on demand talent acquisition team helps startups and mid sized businesses scale faster and more efficiently. Find out [email protected]. [00:43:02] Speaker C: Today.