1 00:00:00,000 --> 00:00:01,740 All right, well, let's kick it off here. 2 00:00:01,740 --> 00:00:04,400 So happy New Year, everybody. 3 00:00:04,400 --> 00:00:06,840 It's Wednesday, January 17th. 4 00:00:06,840 --> 00:00:08,960 It is 2024. 5 00:00:08,960 --> 00:00:12,300 Welcome to the first Security in 45 show of the year. 6 00:00:12,300 --> 00:00:16,360 Last episode, we covered the introduction to this session. 7 00:00:16,360 --> 00:00:19,040 We had Sudhir on with Ed as well, 8 00:00:19,040 --> 00:00:20,960 and we were talking about an introduction 9 00:00:20,960 --> 00:00:23,160 to cloud security and the great benefits 10 00:00:23,160 --> 00:00:25,000 that come with moving data, apps, 11 00:00:25,000 --> 00:00:27,600 and resources up to the cloud. 12 00:00:27,600 --> 00:00:31,040 And then we kind of started alluding into a big misconception 13 00:00:31,040 --> 00:00:34,920 in the industry, which is the assumption that our cloud 14 00:00:34,920 --> 00:00:37,040 resources are safe. 15 00:00:37,040 --> 00:00:39,720 Now, cloud-specific attacks, including the ones 16 00:00:39,720 --> 00:00:42,200 we talked about on the last call, big ones, Facebook, 17 00:00:42,200 --> 00:00:46,040 LinkedIn, those collectively cost customers billions 18 00:00:46,040 --> 00:00:47,120 of dollars. 19 00:00:47,120 --> 00:00:50,440 So unless you have a security-specific agreement 20 00:00:50,440 --> 00:00:52,800 with your cloud provider, please do not 21 00:00:52,800 --> 00:00:55,840 assume your resources are safe. 22 00:00:55,840 --> 00:00:58,880 Now, today is the follow-up to that previous session. 23 00:00:58,880 --> 00:01:02,000 And we are going to focus on the security aspect 24 00:01:02,000 --> 00:01:04,880 here with an exciting new product called 25 00:01:04,880 --> 00:01:07,040 Cisco Multi-Cloud Defense. 26 00:01:09,760 --> 00:01:11,000 Yeah, Mike, thank you. 27 00:01:11,000 --> 00:01:14,240 And happy New Year to everybody here. 28 00:01:14,240 --> 00:01:19,320 Happy New Year to everybody listening in for Security in 45. 29 00:01:19,320 --> 00:01:21,680 I can't believe it's 2024. 30 00:01:21,680 --> 00:01:22,440 I know, man. 31 00:01:22,440 --> 00:01:23,960 I know. 32 00:01:23,960 --> 00:01:25,360 It's crazy. 33 00:01:25,360 --> 00:01:29,480 But no, for anybody who missed the previous episode, 34 00:01:29,480 --> 00:01:32,320 it was an entrance to cloud security, as Mike just 35 00:01:32,320 --> 00:01:33,440 mentioned. 36 00:01:33,440 --> 00:01:34,520 It was really nice. 37 00:01:34,520 --> 00:01:39,880 We got to hear from our experts on what 38 00:01:39,880 --> 00:01:41,800 are the things that we need to consider, 39 00:01:41,800 --> 00:01:43,520 talking about security in the cloud. 40 00:01:43,520 --> 00:01:44,960 It was really nice. 41 00:01:44,960 --> 00:01:49,480 And the product that we're covering today is interesting. 42 00:01:49,480 --> 00:01:53,320 It's something new that actually that happened really quick. 43 00:01:53,320 --> 00:01:56,520 It happened last year, and we're really integrated 44 00:01:56,520 --> 00:01:58,320 into a lot of our products. 45 00:01:58,320 --> 00:02:03,920 And for today, our guests, Jason and Sudhir are here. 46 00:02:03,920 --> 00:02:07,840 They're two experts in cloud security. 47 00:02:07,840 --> 00:02:10,480 And we're super excited to have them here. 48 00:02:10,480 --> 00:02:17,520 And of course, we have a great lineup, 49 00:02:17,520 --> 00:02:20,440 like we always want to have every episode. 50 00:02:20,440 --> 00:02:23,360 So we're super happy to be joined by Jason and Sudhir. 51 00:02:23,360 --> 00:02:26,360 So let's get started. 52 00:02:26,360 --> 00:02:27,280 All right, awesome. 53 00:02:27,280 --> 00:02:28,040 Yeah. 54 00:02:28,040 --> 00:02:30,040 Sudhir, Jason, glad to have you on the show. 55 00:02:30,040 --> 00:02:31,880 Sudhir, are we talking about it? 56 00:02:31,880 --> 00:02:32,480 Absolutely. 57 00:02:32,480 --> 00:02:33,920 And Jason, I know you specifically 58 00:02:33,920 --> 00:02:35,480 work with this product. 59 00:02:35,480 --> 00:02:38,200 So I really appreciate the time from both of you. 60 00:02:38,200 --> 00:02:40,280 Well, let's jump into it. 61 00:02:40,280 --> 00:02:43,720 Jason, I'll start with you being the product expert here 62 00:02:43,720 --> 00:02:46,000 on this specific solution. 63 00:02:46,000 --> 00:02:48,200 Could you give us just kind of a high level, what 64 00:02:48,200 --> 00:02:51,000 is multi-cloud defense? 65 00:02:51,000 --> 00:02:53,840 What kind of problems is it trying to solve? 66 00:02:53,840 --> 00:02:54,840 Yeah, man. 67 00:02:54,840 --> 00:02:56,160 Thanks for having me, by the way. 68 00:02:56,160 --> 00:02:56,720 Appreciate it. 69 00:02:56,720 --> 00:03:00,320 Any opportunity to talk about it is going to be taken. 70 00:03:00,320 --> 00:03:03,880 So yeah, at a high level, really what this product is 71 00:03:03,880 --> 00:03:06,240 and what it gives us is, and let me actually 72 00:03:06,240 --> 00:03:07,640 step back, pre-acquisition. 73 00:03:07,640 --> 00:03:09,800 It was a company called Valtix. 74 00:03:09,800 --> 00:03:12,240 And it was ex-Cisco engineers who started the company. 75 00:03:12,240 --> 00:03:14,880 They saw a niche that wasn't necessarily 76 00:03:14,880 --> 00:03:16,320 being addressed at the time. 77 00:03:16,320 --> 00:03:19,880 Everything originally, pre-this, was 78 00:03:19,880 --> 00:03:21,880 people trying to take something that they knew, 79 00:03:21,880 --> 00:03:27,680 like a virtual version of a Palo or an ASA or an FTD, 80 00:03:27,680 --> 00:03:30,640 and trying to port it over to the cloud and use it over there. 81 00:03:30,640 --> 00:03:32,080 And to some extent, it works. 82 00:03:32,080 --> 00:03:33,920 There's always going to be some hurdles. 83 00:03:33,920 --> 00:03:36,240 But they weren't purpose-built for the cloud. 84 00:03:36,240 --> 00:03:40,120 So what they tried to do is create a cloud-native solution, 85 00:03:40,120 --> 00:03:43,800 something that was purpose-built for the cloud, that would, 86 00:03:43,800 --> 00:03:46,600 one, allow us to reduce tool sprawl, 87 00:03:46,600 --> 00:03:49,240 because all these cloud providers, as you guys know, 88 00:03:49,240 --> 00:03:50,800 they all speak different languages. 89 00:03:50,800 --> 00:03:54,120 So they might call something, one thing's a VPC. 90 00:03:54,120 --> 00:03:56,880 It's a VNet over here, VPC again over here. 91 00:03:56,880 --> 00:03:59,800 All those constructs make the infrastructure 92 00:03:59,800 --> 00:04:00,840 kind of hard to handle. 93 00:04:00,840 --> 00:04:03,320 For somebody who may be new to cloud, even somebody who's 94 00:04:03,320 --> 00:04:05,640 well-versed in cloud, like myself, sometimes I go in there 95 00:04:05,640 --> 00:04:07,240 and I stumble around trying to kick up 96 00:04:07,240 --> 00:04:10,000 architectures and infrastructure. 97 00:04:10,000 --> 00:04:11,840 So they tried to ease that. 98 00:04:11,840 --> 00:04:15,080 How can we take away some of the infrastructure complexity, 99 00:04:15,080 --> 00:04:16,960 take it off our customers' plates, 100 00:04:16,960 --> 00:04:21,200 and move them more to where they're consuming security 101 00:04:21,200 --> 00:04:22,800 more easily? 102 00:04:22,800 --> 00:04:24,160 And that's exactly what they did. 103 00:04:24,160 --> 00:04:26,080 They went out there and they said, hey, 104 00:04:26,080 --> 00:04:28,080 how can we automate the vast majority 105 00:04:28,080 --> 00:04:31,880 of this infrastructure, kind of overhead that we have? 106 00:04:31,880 --> 00:04:34,160 Even if we're moving a physical appliance 107 00:04:34,160 --> 00:04:35,560 in a virtual format over, you have 108 00:04:35,560 --> 00:04:38,080 to configure all the underlying infrastructure. 109 00:04:38,080 --> 00:04:41,360 So they automate that to the best of their abilities. 110 00:04:41,360 --> 00:04:44,720 You can't meet every use case, but the 80-20 rule 111 00:04:44,720 --> 00:04:45,400 kind of applied. 112 00:04:45,400 --> 00:04:46,960 They said, hey, let's automate what 113 00:04:46,960 --> 00:04:49,080 we can from an infrastructure perspective, 114 00:04:49,080 --> 00:04:51,360 and then let's lay these gateways down. 115 00:04:51,360 --> 00:04:53,520 And this reduces tool sprawl. 116 00:04:53,520 --> 00:04:56,200 All these vendors, they have different services 117 00:04:56,200 --> 00:05:00,320 for things like IPS, IDS, anti-malware, data loss 118 00:05:00,320 --> 00:05:01,160 prevention. 119 00:05:01,160 --> 00:05:03,880 How can we reduce that sprawl of tooling 120 00:05:03,880 --> 00:05:05,920 that customers are having to kind of use 121 00:05:05,920 --> 00:05:09,320 and move it into maybe the guise of a single tool? 122 00:05:09,320 --> 00:05:12,280 And that's really what we're doing here. 123 00:05:12,280 --> 00:05:14,040 That's great. 124 00:05:14,040 --> 00:05:15,880 I know we'll get more into it, but I'm 125 00:05:15,880 --> 00:05:18,400 real interested to hear about how it does. 126 00:05:18,400 --> 00:05:21,520 You mentioned the abstraction of the clouds 127 00:05:21,520 --> 00:05:24,720 and kind of this is a product of simplicity, 128 00:05:24,720 --> 00:05:27,160 which everyone in the world is looking for, 129 00:05:27,160 --> 00:05:28,880 because as you mentioned, the tool sprawl. 130 00:05:28,880 --> 00:05:31,240 So I know we'll get to kind of you 131 00:05:31,240 --> 00:05:33,920 mentioned you being very familiar with how 132 00:05:33,920 --> 00:05:38,720 these each individual cloud providers work, AWS, Azure, GCP. 133 00:05:38,720 --> 00:05:39,920 But I'll be curious. 134 00:05:39,920 --> 00:05:41,880 I know we'll talk more about that coming up. 135 00:05:41,880 --> 00:05:46,720 But my takeaway so far, native built into the cloud. 136 00:05:46,720 --> 00:05:50,360 It's abstracting how each individual cloud works 137 00:05:50,360 --> 00:05:52,560 and kind of simplifying all of that. 138 00:05:52,560 --> 00:05:57,120 I don't know if anybody else has a comment there, takeaway. 139 00:05:57,120 --> 00:06:00,280 Looks like it's going to bring a lot of great features 140 00:06:00,280 --> 00:06:02,120 and simplicity. 141 00:06:02,120 --> 00:06:05,680 Everybody's looking for simplicity today, 142 00:06:05,680 --> 00:06:08,800 network, security, all the things that we do 143 00:06:08,800 --> 00:06:10,640 get very complicated at times. 144 00:06:10,640 --> 00:06:13,440 So that's really good to hear. 145 00:06:13,440 --> 00:06:19,120 So let me ask you real quick, what about, 146 00:06:19,120 --> 00:06:20,560 how's the deployment work? 147 00:06:20,560 --> 00:06:21,760 Is it turnkey? 148 00:06:21,760 --> 00:06:27,880 Is this a solution that it is just we deploy and we're 149 00:06:27,880 --> 00:06:29,800 good to go? 150 00:06:29,800 --> 00:06:33,000 Can you tell us a little bit about that if you don't mind? 151 00:06:33,000 --> 00:06:34,520 Sure. 152 00:06:34,520 --> 00:06:40,840 So the solution itself is, while it's individual 153 00:06:40,840 --> 00:06:47,960 for each customer, depending on which clouds they have deployed, 154 00:06:47,960 --> 00:06:52,600 whether it's Google or Microsoft or Amazon, 155 00:06:52,600 --> 00:06:56,720 it does come down to a single basic framework 156 00:06:56,720 --> 00:07:02,360 that you go and you click a couple of buttons 157 00:07:02,360 --> 00:07:05,720 and you have it install into that network. 158 00:07:05,720 --> 00:07:13,680 Now, I think for me, the biggest part of the deployment for me 159 00:07:13,680 --> 00:07:16,720 was getting all the information together. 160 00:07:16,720 --> 00:07:22,840 And I would say it maybe took 45 minutes to an hour at most, 161 00:07:22,840 --> 00:07:26,840 with the majority of that being the information collection 162 00:07:26,840 --> 00:07:30,520 phase once I plugged everything into the scripts. 163 00:07:30,520 --> 00:07:33,800 And I think we'll talk about this in a little bit later on. 164 00:07:33,800 --> 00:07:37,320 But it's all automated. 165 00:07:37,320 --> 00:07:43,920 And basically, one click of a button, fill the information out, 166 00:07:43,920 --> 00:07:48,160 and you have deployed virtual private networks or VPCs 167 00:07:48,160 --> 00:07:53,720 on, I believe, both Google and AWS. 168 00:07:53,720 --> 00:07:59,760 And outside of that, it's fairly simple. 169 00:07:59,760 --> 00:08:03,320 The one cool thing you can do, or not the cool thing you can do, 170 00:08:03,320 --> 00:08:08,280 but to get to multi-cloud defense, it's very simple as well. 171 00:08:08,280 --> 00:08:12,880 You just go through Defense Orchestrator. 172 00:08:12,880 --> 00:08:15,120 So like CDO, right? 173 00:08:15,120 --> 00:08:16,960 Yeah, CDO. 174 00:08:16,960 --> 00:08:18,960 Cisco Defense Orchestrator. 175 00:08:18,960 --> 00:08:20,560 I love all the acronyms. 176 00:08:20,560 --> 00:08:23,320 I'm not good at the acronyms, so I apologize. 177 00:08:23,320 --> 00:08:24,920 Yeah, the CDO. 178 00:08:24,920 --> 00:08:27,440 You go through CDO to get to it. 179 00:08:27,440 --> 00:08:32,760 And it's very straightforward from there. 180 00:08:32,760 --> 00:08:36,400 Basically, you click the link in the According menu on the left, 181 00:08:36,400 --> 00:08:39,760 and you get to multi-cloud defense. 182 00:08:39,760 --> 00:08:42,880 Well, just to clarify, all that's done from our SAT, 183 00:08:42,880 --> 00:08:44,160 there's two portions of this, right? 184 00:08:44,160 --> 00:08:45,880 The SAS controller, which is where 185 00:08:45,880 --> 00:08:48,440 he's kind of referring to all the control and management, 186 00:08:48,440 --> 00:08:50,160 like that a customer would log in would 187 00:08:50,160 --> 00:08:51,760 be done from that controller. 188 00:08:51,760 --> 00:08:54,280 But the deployment of the infrastructure, 189 00:08:54,280 --> 00:08:57,160 which we deliver as PaaS, Platform as a Service, 190 00:08:57,160 --> 00:09:00,560 is actually, so all the VPCs, the VNets, the security 191 00:09:00,560 --> 00:09:03,320 gateways, those are all actually deployed in the customer's 192 00:09:03,320 --> 00:09:04,480 infrastructure, right? 193 00:09:04,480 --> 00:09:06,600 So again, keeping all that, and we'll 194 00:09:06,600 --> 00:09:08,160 talk about the security features later, 195 00:09:08,160 --> 00:09:10,080 but keeping all that data kind of local 196 00:09:10,080 --> 00:09:11,920 to a customer's infrastructure. 197 00:09:11,920 --> 00:09:14,760 So we're not shipping data off to somebody else's cloud 198 00:09:14,760 --> 00:09:16,080 to provide security, right? 199 00:09:16,080 --> 00:09:20,720 It's all done locally within their cloud environments. 200 00:09:20,720 --> 00:09:21,480 That's good. 201 00:09:21,480 --> 00:09:24,960 I mean, I think going again with the simplicity 202 00:09:24,960 --> 00:09:29,040 just makes a lot of sense to, like if it's 203 00:09:29,040 --> 00:09:32,640 that simple to just implement that, 204 00:09:32,640 --> 00:09:35,280 that sounds like a really good solution, I guess. 205 00:09:35,280 --> 00:09:36,920 What about scaling? 206 00:09:36,920 --> 00:09:40,040 As my cloud resources grow, is this 207 00:09:40,040 --> 00:09:44,880 going to scale with the growth of my business? 208 00:09:44,880 --> 00:09:46,320 Assuming, yes. 209 00:09:46,320 --> 00:09:47,680 Yes. 210 00:09:47,680 --> 00:09:51,800 Yeah, and it's pretty linear with the load, 211 00:09:51,800 --> 00:09:54,800 as load increases. 212 00:09:54,800 --> 00:09:59,280 The provisioning of resources on the multi-cloud defense side 213 00:09:59,280 --> 00:10:00,880 also crack of that. 214 00:10:00,880 --> 00:10:01,440 I like that. 215 00:10:01,440 --> 00:10:02,240 Yeah. 216 00:10:02,240 --> 00:10:02,800 I like that. 217 00:10:02,800 --> 00:10:04,000 There's vertical scaling. 218 00:10:04,000 --> 00:10:06,560 So like the gateways that we deploy within every cloud 219 00:10:06,560 --> 00:10:09,320 provider, there's several, we call them vertical scaling 220 00:10:09,320 --> 00:10:12,760 options where you can do two, four, eight virtual CPUs. 221 00:10:12,760 --> 00:10:17,040 But then we also do horizontal auto scaling horizontally, 222 00:10:17,040 --> 00:10:19,600 meaning per availability zone, if you initially 223 00:10:19,600 --> 00:10:22,520 deploy a single gateway, we actually 224 00:10:22,520 --> 00:10:26,520 add SLAs on the controller where if bandwidth, CPU, 225 00:10:26,520 --> 00:10:29,160 or memory actually exceeds a predefined threshold, 226 00:10:29,160 --> 00:10:31,520 we'll actually scale those out for you 227 00:10:31,520 --> 00:10:33,760 without customers having to do anything. 228 00:10:33,760 --> 00:10:36,080 And then as soon as that threshold is kind of crossed 229 00:10:36,080 --> 00:10:38,640 in the other direction for a specific period of time, 230 00:10:38,640 --> 00:10:40,280 we'll actually scale them back in. 231 00:10:40,280 --> 00:10:42,120 So you're again, very cloud native. 232 00:10:42,120 --> 00:10:43,920 You're only kind of using what you actually 233 00:10:43,920 --> 00:10:46,840 need at any given point in time. 234 00:10:46,840 --> 00:10:48,600 That's awesome. 235 00:10:48,600 --> 00:10:54,320 Now, some of the internal trainings that I've seen here 236 00:10:54,320 --> 00:10:57,560 at Cisco talk a lot about what it 237 00:10:57,560 --> 00:10:59,840 means to have a unified policy. 238 00:10:59,840 --> 00:11:03,240 So I'd like to, Jason, ask you a little bit about what 239 00:11:03,240 --> 00:11:07,280 a unified policy is and kind of how 240 00:11:07,280 --> 00:11:08,840 that relates into the product. 241 00:11:08,840 --> 00:11:10,560 And I'm assuming that this is going 242 00:11:10,560 --> 00:11:13,240 to tie in with various different cloud providers 243 00:11:13,240 --> 00:11:15,760 and unifying it all together. 244 00:11:15,760 --> 00:11:16,760 Yeah, exactly. 245 00:11:16,760 --> 00:11:20,960 And I always call it the utopian vision for policies. 246 00:11:20,960 --> 00:11:23,000 It's something everybody strives for, 247 00:11:23,000 --> 00:11:26,480 but very rarely achieved. 248 00:11:26,480 --> 00:11:28,160 And you can't do it with this product. 249 00:11:28,160 --> 00:11:29,560 That's the thing. 250 00:11:29,560 --> 00:11:32,200 It is achievable, but it's commonly 251 00:11:32,200 --> 00:11:34,600 operational problems on the customer side 252 00:11:34,600 --> 00:11:38,400 or just disparate teams that cause it not to actually happen. 253 00:11:38,400 --> 00:11:41,240 But that vision is that you can have a single policy, 254 00:11:41,240 --> 00:11:44,840 like my cloud workload out to the internet policy, 255 00:11:44,840 --> 00:11:47,640 a single policy that could be applied to security devices, 256 00:11:47,640 --> 00:11:52,440 gateways, in Google Cloud, AWS, Azure, OCI. 257 00:11:52,440 --> 00:11:55,360 And that single policy that you have 258 00:11:55,360 --> 00:11:59,440 could work regardless of where it's physically put. 259 00:11:59,440 --> 00:12:02,120 And we do that by a couple of means. 260 00:12:02,120 --> 00:12:04,920 One is when we connect those cloud accounts 261 00:12:04,920 --> 00:12:08,360 to multi-cloud defense, we're actually 262 00:12:08,360 --> 00:12:11,640 reading an inventory, very similar to what 263 00:12:11,640 --> 00:12:14,160 you'd see from a cloud security posture management system. 264 00:12:14,160 --> 00:12:18,760 Like Jupiter 1 or our Panoptica with LightSpin solution, 265 00:12:18,760 --> 00:12:21,920 where we can pull inventory information, metadata, 266 00:12:21,920 --> 00:12:25,440 and then we can use that metadata to group things together 267 00:12:25,440 --> 00:12:28,560 into object groups, or we can define policy against it, 268 00:12:28,560 --> 00:12:30,560 or a combination of both. 269 00:12:30,560 --> 00:12:32,600 But it makes it to where, instead of using 270 00:12:32,600 --> 00:12:36,680 your common network boundaries, like IP address or CIDR blocks, 271 00:12:36,680 --> 00:12:39,520 we can say things like, hey, if your environment equals 272 00:12:39,520 --> 00:12:42,120 production, we're going to allow you to get out to the internet. 273 00:12:42,120 --> 00:12:43,760 If your environment equals production, 274 00:12:43,760 --> 00:12:46,400 we're not going to allow you to talk to environment dev. 275 00:12:46,400 --> 00:12:48,400 It becomes, one, much more human readable, 276 00:12:48,400 --> 00:12:51,280 and two, very dynamic, because then any additional workloads 277 00:12:51,280 --> 00:12:56,160 that pop up in what is a very ephemeral cloud environment, 278 00:12:56,160 --> 00:12:58,560 we're going to be able to apply policy pretty much 279 00:12:58,560 --> 00:13:00,080 in real time. 280 00:13:00,080 --> 00:13:03,560 So in that rule, you said production 281 00:13:03,560 --> 00:13:06,040 can maybe reach out to a different group 282 00:13:06,040 --> 00:13:08,160 or out to wherever. 283 00:13:08,160 --> 00:13:10,600 As I onboard more resources, I can just 284 00:13:10,600 --> 00:13:12,000 drop them in that production group, 285 00:13:12,000 --> 00:13:13,440 and I don't need to worry about on the back end 286 00:13:13,440 --> 00:13:15,840 which cloud they're part of and how that's set up. 287 00:13:15,840 --> 00:13:18,040 I just add them to the group. 288 00:13:18,040 --> 00:13:18,760 Exactly. 289 00:13:18,760 --> 00:13:21,080 And that's one thing I've been evangelizing. 290 00:13:21,080 --> 00:13:24,240 When I go out and do tech days in these events, 291 00:13:24,240 --> 00:13:28,200 Cisco Live presentations, it's having a source of truth 292 00:13:28,200 --> 00:13:31,080 for tagging and labeling becomes super important 293 00:13:31,080 --> 00:13:35,600 when you start to use this metadata defined policy. 294 00:13:35,600 --> 00:13:37,760 Because now you have a place that you 295 00:13:37,760 --> 00:13:40,600 can go to that, if you have ServiceNow workflows that 296 00:13:40,600 --> 00:13:43,160 are kicking up workloads, they can automatically 297 00:13:43,160 --> 00:13:45,800 pull from this source of truth to apply the proper tags 298 00:13:45,800 --> 00:13:46,360 and labels. 299 00:13:46,360 --> 00:13:47,520 But then you have to start protecting 300 00:13:47,520 --> 00:13:48,640 that source of truth, right? 301 00:13:48,640 --> 00:13:52,000 Because it becomes, if tags and metadata 302 00:13:52,000 --> 00:13:54,600 is starting to define policy, a user theoretically 303 00:13:54,600 --> 00:13:58,600 could go in and just manipulate tags to manipulate policy. 304 00:13:58,600 --> 00:14:00,000 Makes sense. 305 00:14:00,000 --> 00:14:05,080 And let me ask you, Jason, is, and I 306 00:14:05,080 --> 00:14:08,680 know this is kind of industry standard in cloud security. 307 00:14:08,680 --> 00:14:10,880 Everybody is getting into the motion 308 00:14:10,880 --> 00:14:16,040 of adding tags into workloads or instances and things like that. 309 00:14:16,040 --> 00:14:18,280 But is there a possibility that we 310 00:14:18,280 --> 00:14:21,400 can use anything different other than tags 311 00:14:21,400 --> 00:14:24,600 for creating that policy? 312 00:14:24,600 --> 00:14:25,480 Yeah, yeah. 313 00:14:25,480 --> 00:14:28,040 We bring in, so we don't bring in all inventory. 314 00:14:28,040 --> 00:14:30,320 But what they did bring in was what they thought 315 00:14:30,320 --> 00:14:32,240 was important to network security. 316 00:14:32,240 --> 00:14:35,560 So you're going to see things like VPC IDs, 317 00:14:35,560 --> 00:14:36,840 actually a really good question. 318 00:14:36,840 --> 00:14:38,160 I appreciate that. 319 00:14:38,160 --> 00:14:40,840 Because a lot of people, they move into the cloud 320 00:14:40,840 --> 00:14:44,120 and they're like, hey, we still want to use subnet boundaries. 321 00:14:44,120 --> 00:14:47,440 We still, we know that this IP cider block 322 00:14:47,440 --> 00:14:48,840 can talk to this one. 323 00:14:48,840 --> 00:14:52,000 We kind of urge them, hey, while that's still applicable, 324 00:14:52,000 --> 00:14:53,960 you can very much do it within the system. 325 00:14:53,960 --> 00:14:56,680 Let's think outside the box in more cloud native terms. 326 00:14:56,680 --> 00:14:59,880 And maybe use things like subnet IDs 327 00:14:59,880 --> 00:15:03,080 that are being provided through cloud-based metadata or VPC 328 00:15:03,080 --> 00:15:05,000 IDs that we can then use. 329 00:15:05,000 --> 00:15:07,400 And again, one, it's a little bit more dynamic. 330 00:15:07,400 --> 00:15:09,240 Two, it's a little bit more cloud native 331 00:15:09,240 --> 00:15:10,640 in terms of what construct you're 332 00:15:10,640 --> 00:15:13,760 using to define that policy. 333 00:15:13,760 --> 00:15:18,480 Yeah, I think that's what the standard is going to, 334 00:15:18,480 --> 00:15:22,280 to make sure everybody's tagging their infrastructure, 335 00:15:22,280 --> 00:15:24,840 everybody's putting some information there. 336 00:15:24,840 --> 00:15:27,680 Well, and the one thing you always have to have applied, 337 00:15:27,680 --> 00:15:29,720 like if you're thinking about AWS, for instance, 338 00:15:29,720 --> 00:15:31,880 you always have to have a security group applied. 339 00:15:31,880 --> 00:15:34,440 You can actually group things together by security group 340 00:15:34,440 --> 00:15:36,120 within AWS, for instance. 341 00:15:36,120 --> 00:15:39,120 We can use security group identifiers 342 00:15:39,120 --> 00:15:42,000 as a basis to group things together or define policy 343 00:15:42,000 --> 00:15:42,480 again. 344 00:15:42,480 --> 00:15:44,320 So again, just kind of changing the way 345 00:15:44,320 --> 00:15:46,120 we think a little bit as we move to cloud 346 00:15:46,120 --> 00:15:49,400 and the ways we think about policy. 347 00:15:49,400 --> 00:15:50,000 That's nice. 348 00:15:50,000 --> 00:15:52,080 That's nice. 349 00:15:52,080 --> 00:15:55,280 I guess, Sudhir, I have the next question for you. 350 00:15:55,280 --> 00:15:58,160 And this is more on all the things 351 00:15:58,160 --> 00:16:01,800 that we see about multi-cloud defense, what we have, 352 00:16:01,800 --> 00:16:03,400 for example, in our page. 353 00:16:03,400 --> 00:16:07,080 There's a big call about visibility. 354 00:16:07,080 --> 00:16:09,320 If you don't mind sharing with us, 355 00:16:09,320 --> 00:16:12,760 what do you get to see with multi-cloud defense 356 00:16:12,760 --> 00:16:14,960 when we talk about visibility? 357 00:16:14,960 --> 00:16:15,440 Sure. 358 00:16:15,440 --> 00:16:20,840 So in terms of visibility, multi-cloud defense 359 00:16:20,840 --> 00:16:26,440 does act on both north-south traffic, so on-premises 360 00:16:26,440 --> 00:16:29,560 to cloud or cloud-to-on-premises or cloud 361 00:16:29,560 --> 00:16:33,480 to external other clouds, as well as east-west traffic, 362 00:16:33,480 --> 00:16:36,080 which is internal to that cloud. 363 00:16:36,080 --> 00:16:43,240 So within AWS, different parts of your network in the cloud, 364 00:16:43,240 --> 00:16:44,680 you get visibility into that. 365 00:16:44,680 --> 00:16:49,000 And the multi-cloud defense does act on that traffic. 366 00:16:49,000 --> 00:16:52,520 Now, a little kind of gotcha here. 367 00:16:52,520 --> 00:16:55,760 You won't necessarily see logs for that activity 368 00:16:55,760 --> 00:17:01,360 until you enable log profiling, stuff like that, where 369 00:17:01,360 --> 00:17:03,200 by default, you're not going to see anything. 370 00:17:03,200 --> 00:17:08,240 But if you do enable those logs, sorry, when I say by default, 371 00:17:08,240 --> 00:17:11,480 you will see activity and you will see data 372 00:17:11,480 --> 00:17:13,880 within Defense Orchestrator. 373 00:17:13,880 --> 00:17:18,200 But for external tools and for getting things out 374 00:17:18,200 --> 00:17:21,880 to Splunk, as an example, we do have specific connectors 375 00:17:21,880 --> 00:17:22,760 for that. 376 00:17:22,760 --> 00:17:27,080 So Google's log collector or Splunk or Datadog 377 00:17:27,080 --> 00:17:33,680 is another one that we have a native connector for to provide 378 00:17:33,680 --> 00:17:36,760 additional logging capabilities out to those sources. 379 00:17:36,760 --> 00:17:41,120 Because what we like to do is we like 380 00:17:41,120 --> 00:17:49,120 to have more complete logging versus just sending 128 bytes 381 00:17:49,120 --> 00:17:53,640 or 300 bytes of a syslog message out to whatever 382 00:17:53,640 --> 00:17:55,080 that connection was. 383 00:17:55,080 --> 00:17:58,560 The log connectors themselves give you 384 00:17:58,560 --> 00:18:03,960 a much more complete view of all the traffic going in 385 00:18:03,960 --> 00:18:05,840 and through the network. 386 00:18:05,840 --> 00:18:06,920 So that's what we do. 387 00:18:06,920 --> 00:18:08,880 And it's pre-formatted, right? 388 00:18:08,880 --> 00:18:13,000 Yeah, it could be in JSON instead of just raw text. 389 00:18:13,000 --> 00:18:15,720 Right, exactly, exactly. 390 00:18:15,720 --> 00:18:17,800 What about integration with any type of, 391 00:18:17,800 --> 00:18:21,120 I'm just thinking threat feeds or any way to? 392 00:18:21,120 --> 00:18:23,480 Yeah, so in terms of threat feeds, 393 00:18:23,480 --> 00:18:26,800 you can import feeds from Bright Cloud, 394 00:18:26,800 --> 00:18:32,080 from TALOS, different sources to give you 395 00:18:32,080 --> 00:18:37,120 a bit more security intelligence into what you're doing. 396 00:18:37,120 --> 00:18:40,880 Yeah, it'll actually, if you are bringing your VPC or VNet flow 397 00:18:40,880 --> 00:18:46,320 logs and multi-cloud defense has some vantage point 398 00:18:46,320 --> 00:18:48,400 into what's actually flying around in your cloud 399 00:18:48,400 --> 00:18:49,520 environments. 400 00:18:49,520 --> 00:18:54,160 It does bring in TrustWave, Bright Cloud for malicious IP 401 00:18:54,160 --> 00:18:55,000 feeds, right? 402 00:18:55,000 --> 00:18:56,800 So that we can at least correlate, 403 00:18:56,800 --> 00:18:59,400 hey, you've got some workloads that are maybe talking out 404 00:18:59,400 --> 00:19:02,760 bound to known malicious IPs or FQDNs. 405 00:19:02,760 --> 00:19:05,400 And it might be some low hanging fruit for people to go in 406 00:19:05,400 --> 00:19:08,600 and kind of pick off or investigate. 407 00:19:08,600 --> 00:19:15,080 Now, so that's great visibility, east, west, north, south. 408 00:19:15,080 --> 00:19:19,200 And I've been on customer calls where customers are moving away 409 00:19:19,200 --> 00:19:21,800 from the traditional, hey, I'm manually 410 00:19:21,800 --> 00:19:25,240 managing some type of virtual firewall in the cloud 411 00:19:25,240 --> 00:19:29,240 and moving to this multi-cloud defense solution. 412 00:19:29,240 --> 00:19:32,960 I'm curious what kind of, in terms of controls, 413 00:19:32,960 --> 00:19:35,360 like if we're replacing a virtual firewall, 414 00:19:35,360 --> 00:19:40,560 I'm assuming there's similar or more controls 415 00:19:40,560 --> 00:19:41,920 in this solution as well. 416 00:19:41,920 --> 00:19:44,280 How about if you can touch on the controls, 417 00:19:44,280 --> 00:19:47,000 maybe any type of automation would be cool? 418 00:19:47,000 --> 00:19:47,680 Yeah, yeah. 419 00:19:47,680 --> 00:19:51,080 So pretty much anything you get with the standard next gen 420 00:19:51,080 --> 00:19:53,040 firewall, you're going to get with this solution. 421 00:19:53,040 --> 00:19:55,200 They built part of the intellectual property 422 00:19:55,200 --> 00:19:56,840 of this was the security pipeline 423 00:19:56,840 --> 00:19:59,640 that the developers actually built, 424 00:19:59,640 --> 00:20:01,760 which the developers were actually the founders, funny 425 00:20:01,760 --> 00:20:02,920 enough. 426 00:20:02,920 --> 00:20:06,960 They built what's called a flexible single pass data path 427 00:20:06,960 --> 00:20:07,480 pipeline. 428 00:20:07,480 --> 00:20:09,880 And that's a mouthful, I know. 429 00:20:09,880 --> 00:20:11,800 But what it is is a very efficient pipeline 430 00:20:11,800 --> 00:20:13,880 that's only going to be passed through a single time. 431 00:20:13,880 --> 00:20:16,160 There's no looping back through specific portions 432 00:20:16,160 --> 00:20:16,840 of the pipeline. 433 00:20:16,840 --> 00:20:18,520 So it really minimizes the impact 434 00:20:18,520 --> 00:20:21,000 of bandwidth and latency. 435 00:20:21,000 --> 00:20:22,600 But it's everything you could imagine. 436 00:20:22,600 --> 00:20:26,080 So you're going to go through your typical layer three, 437 00:20:26,080 --> 00:20:28,720 layer four firewall stuff, so your matching criteria, 438 00:20:28,720 --> 00:20:32,840 like source and destination IP port protocol. 439 00:20:32,840 --> 00:20:34,800 In addition to that, actually, there 440 00:20:34,800 --> 00:20:40,480 was a lot of use cases early on to push out some, 441 00:20:40,480 --> 00:20:41,800 and I'm sure, squid proxies. 442 00:20:41,800 --> 00:20:43,480 So squid proxies were very prevalent. 443 00:20:43,480 --> 00:20:45,760 And a lot of major enterprises. 444 00:20:45,760 --> 00:20:48,360 But once you get hundreds of squid proxies out there, 445 00:20:48,360 --> 00:20:50,720 they become a little bit cumbersome to manage. 446 00:20:50,720 --> 00:20:54,280 So they agreed to move to multi-cloud defense 447 00:20:54,280 --> 00:20:56,360 if we had an FQDN match criteria. 448 00:20:56,360 --> 00:20:57,520 So very similar. 449 00:20:57,520 --> 00:21:00,880 How can I match a flow based on source or destination IP 450 00:21:00,880 --> 00:21:01,920 or port? 451 00:21:01,920 --> 00:21:04,360 Now they've added FQDN matching so 452 00:21:04,360 --> 00:21:08,040 that we can identify a specific flow based on, hey, 453 00:21:08,040 --> 00:21:11,760 something's egressing to this domain. 454 00:21:11,760 --> 00:21:13,520 Beyond that, though, everything you 455 00:21:13,520 --> 00:21:17,320 could imagine in terms of TLS based decryption, 456 00:21:17,320 --> 00:21:20,840 being able to do IPS, IDS, we do have the snort engine running, 457 00:21:20,840 --> 00:21:25,600 anti-malware, we do data loss prevention, and URL filtering, 458 00:21:25,600 --> 00:21:28,200 which is distinctly different from FQDN filtering, 459 00:21:28,200 --> 00:21:29,800 as most of us know. 460 00:21:29,800 --> 00:21:32,880 But yeah, it's a fully featured security pipeline. 461 00:21:32,880 --> 00:21:34,880 And any of those can be turned off or on, 462 00:21:34,880 --> 00:21:36,600 much like you'd see with Firepower, 463 00:21:36,600 --> 00:21:37,520 on a per rule basis. 464 00:21:37,520 --> 00:21:38,920 So you could come in and say, hey, 465 00:21:38,920 --> 00:21:41,040 I don't want any advanced security running 466 00:21:41,040 --> 00:21:42,000 with regards to this flow. 467 00:21:42,000 --> 00:21:44,480 Just match it based on the five tuple header 468 00:21:44,480 --> 00:21:47,520 and permit or deny, and then let it go. 469 00:21:47,520 --> 00:21:51,280 Or you could selectively add on any of those additional security 470 00:21:51,280 --> 00:21:52,800 features. 471 00:21:52,800 --> 00:21:56,720 So a couple you mentioned, the TLS decryption, the IPS, 472 00:21:56,720 --> 00:22:00,200 the anti-virus, like file type inspections, URL filtering, 473 00:22:00,200 --> 00:22:01,840 domain filtering. 474 00:22:01,840 --> 00:22:05,320 What about geolocation? 475 00:22:05,320 --> 00:22:07,680 Can this solution, does it have any type of geo stuff 476 00:22:07,680 --> 00:22:08,520 filled into it? 477 00:22:08,520 --> 00:22:09,480 Yeah, absolutely. 478 00:22:09,480 --> 00:22:12,040 They have all the predefined blocks for every country 479 00:22:12,040 --> 00:22:12,760 in the world. 480 00:22:12,760 --> 00:22:14,520 So you can go in and selectively, 481 00:22:14,520 --> 00:22:16,480 and use that as part of your matching criteria. 482 00:22:16,480 --> 00:22:18,960 Same thing, actually, now that you bring it up. 483 00:22:18,960 --> 00:22:21,440 Malicious IPs can be, and we baked those in 484 00:22:21,440 --> 00:22:23,520 from a predefined threat feed now. 485 00:22:23,520 --> 00:22:26,240 So yeah, you can selectively deny stuff or permit stuff 486 00:22:26,240 --> 00:22:29,960 from different countries. 487 00:22:29,960 --> 00:22:31,560 Any DLP? 488 00:22:31,560 --> 00:22:34,160 Yes, the data loss prevention is all control. 489 00:22:34,160 --> 00:22:36,880 Of course, it operates better if we can see into the payload. 490 00:22:36,880 --> 00:22:39,760 So if it's encrypted, have a decryption profile. 491 00:22:39,760 --> 00:22:41,960 But it's all using Parallel Compatible RedWax. 492 00:22:41,960 --> 00:22:45,640 Super stupid flexible in terms of implementation. 493 00:22:45,640 --> 00:22:48,520 And all this, mind you, can be done through Terraform. 494 00:22:48,520 --> 00:22:50,560 Like this was purpose built for the cloud. 495 00:22:50,560 --> 00:22:53,840 So what they did, and apologies if you hear my dog, 496 00:22:53,840 --> 00:22:55,360 all of this was done. 497 00:22:55,360 --> 00:22:56,120 Wait, not dogs. 498 00:22:56,120 --> 00:22:59,080 I've got, Andre says that little Hope dog that's 499 00:22:59,080 --> 00:23:00,120 always on his shoulder. 500 00:23:00,120 --> 00:23:02,960 And oh, there he is. 501 00:23:02,960 --> 00:23:05,000 And I've got those two great dancers. 502 00:23:05,000 --> 00:23:08,360 Sidir, I know you're a big dog guy too. 503 00:23:08,360 --> 00:23:10,560 Anything you do through click ops in our UI 504 00:23:10,560 --> 00:23:11,560 can be done with Terraform. 505 00:23:11,560 --> 00:23:14,080 And we actually, our Terraform provider 506 00:23:14,080 --> 00:23:16,480 is probably better documented than our UI. 507 00:23:16,480 --> 00:23:18,880 And everything that you do in the UI, 508 00:23:18,880 --> 00:23:21,120 there is a corresponding Terraform export 509 00:23:21,120 --> 00:23:22,480 for that specific object. 510 00:23:22,480 --> 00:23:25,840 So you can move literally from no Terraform experience 511 00:23:25,840 --> 00:23:30,120 to everything being baked in using a Terraform or CI-CD 512 00:23:30,120 --> 00:23:30,960 pipeline. 513 00:23:30,960 --> 00:23:33,320 It's very slick. 514 00:23:33,320 --> 00:23:35,920 I want to ask you something. 515 00:23:35,920 --> 00:23:38,240 And hopefully I'm not derailing the whole thing. 516 00:23:38,240 --> 00:23:41,360 But wanted to ask you, for customers that, let's say, 517 00:23:41,360 --> 00:23:45,320 they do have a cloud presence and they're 518 00:23:45,320 --> 00:23:49,080 looking to connect their on-prem infrastructure 519 00:23:49,080 --> 00:23:58,200 to multi-cloud defense, what is required from them 520 00:23:58,200 --> 00:24:00,440 on their end? 521 00:24:00,440 --> 00:24:02,120 Oh, who's been whispering in your ear? 522 00:24:02,120 --> 00:24:04,880 Has someone been telling you? 523 00:24:04,880 --> 00:24:05,400 No. 524 00:24:05,400 --> 00:24:07,280 We actually have VPN coming out. 525 00:24:07,280 --> 00:24:08,760 It's supposed to be out in February. 526 00:24:08,760 --> 00:24:09,440 I've seen it. 527 00:24:09,440 --> 00:24:11,240 It's an engineering preview. 528 00:24:11,240 --> 00:24:14,840 So we're going to have VPN functionality for on-prem 529 00:24:14,840 --> 00:24:17,240 to cloud, cloud to cloud. 530 00:24:17,240 --> 00:24:20,960 And that's going to be supplemented with BGP. 531 00:24:20,960 --> 00:24:24,560 So we're going to have the ability to do IPsec as well 532 00:24:24,560 --> 00:24:28,320 as BGP routing from the gateways themselves. 533 00:24:28,320 --> 00:24:30,160 It's actually a long story, right? 534 00:24:30,160 --> 00:24:34,360 But the short version of it is, think of companies like Aviatrix 535 00:24:34,360 --> 00:24:37,640 who do multi-cloud connectivity very well. 536 00:24:37,640 --> 00:24:39,680 They went into it with the mindset of, hey, 537 00:24:39,680 --> 00:24:42,720 let's get cloud networking done right. 538 00:24:42,720 --> 00:24:44,200 Security was kind of an afterthought. 539 00:24:44,200 --> 00:24:47,760 We went into it with security is our main focus. 540 00:24:47,760 --> 00:24:50,640 Networking is kind of going to be an afterthought, right? 541 00:24:50,640 --> 00:24:52,520 So now it's coming kind of full circle 542 00:24:52,520 --> 00:24:55,680 where now that we're integrated with Cisco, 543 00:24:55,680 --> 00:24:57,840 we're really moving into how do we 544 00:24:57,840 --> 00:24:59,880 integrate some advanced networking capabilities, 545 00:24:59,880 --> 00:25:02,360 really ease that cloud transition for our customers, 546 00:25:02,360 --> 00:25:05,800 not only in terms of security, but also connectivity. 547 00:25:05,800 --> 00:25:06,560 Well, that's good. 548 00:25:06,560 --> 00:25:07,600 That's good information. 549 00:25:07,600 --> 00:25:11,400 I think I've heard a few customers 550 00:25:11,400 --> 00:25:12,560 asking about those things. 551 00:25:12,560 --> 00:25:16,840 So just wanted to make sure that I'll put it in there. 552 00:25:16,840 --> 00:25:19,080 I guess for the next question I have, 553 00:25:19,080 --> 00:25:21,160 Sudhir, if you don't mind, this one 554 00:25:21,160 --> 00:25:29,200 is based on alerting what do we get, like when we see a tread, 555 00:25:29,200 --> 00:25:33,360 what are the things that we can tell from the management 556 00:25:33,360 --> 00:25:34,360 perspective? 557 00:25:34,360 --> 00:25:36,200 Yeah, so a couple of things. 558 00:25:36,200 --> 00:25:39,680 And it really depends how you have things 559 00:25:39,680 --> 00:25:42,000 set up in your environment. 560 00:25:42,000 --> 00:25:49,720 By going from like a zero nothing environment, 561 00:25:49,720 --> 00:25:54,360 not much in the way of actual, no really repercussions 562 00:25:54,360 --> 00:25:56,520 for things that are going on. 563 00:25:56,520 --> 00:25:59,160 You'll get alerts for them, but you may not 564 00:25:59,160 --> 00:26:05,320 get the behavior you expect from a traditional ASA firewall, 565 00:26:05,320 --> 00:26:09,000 where the bottom line is it blocks everything. 566 00:26:09,000 --> 00:26:11,480 So it actually brings up a great point 567 00:26:11,480 --> 00:26:14,000 that one of the things we do recommend 568 00:26:14,000 --> 00:26:16,880 when you do set this product up, when you do set multi-cloud 569 00:26:16,880 --> 00:26:22,000 defense up, is to go in and say, hey, I 570 00:26:22,000 --> 00:26:26,480 want to make sure that I've only set my configuration says 571 00:26:26,480 --> 00:26:29,440 I know exactly what traffic needs to go from one place 572 00:26:29,440 --> 00:26:31,160 to another, and that's it. 573 00:26:31,160 --> 00:26:34,280 So one thing we do recommend, strongly recommend, 574 00:26:34,280 --> 00:26:37,680 is to set up a baseline deny everything rule. 575 00:26:37,680 --> 00:26:39,240 Just black hole it. 576 00:26:39,240 --> 00:26:43,440 Because when we're talking about security, 577 00:26:43,440 --> 00:26:46,000 we talked about this in the last section as well, 578 00:26:46,000 --> 00:26:49,560 but you define your own security posture. 579 00:26:49,560 --> 00:26:51,760 The clouds aren't going to define the security posture. 580 00:26:51,760 --> 00:26:56,160 And I think you even mentioned this at one point, Andres, 581 00:26:56,160 --> 00:27:01,120 not today, but in the past, it's kind of flipping around 582 00:27:01,120 --> 00:27:04,520 what a firewall does, where it's allowing everything 583 00:27:04,520 --> 00:27:07,120 until you put blocks in to stop things. 584 00:27:07,120 --> 00:27:11,360 So you need to go through, look at the alerts that come in, 585 00:27:11,360 --> 00:27:15,240 and that's one thing that's great about multi-cloud 586 00:27:15,240 --> 00:27:17,920 defense being within Defense Orchestrator 587 00:27:17,920 --> 00:27:20,440 is that we also have the tie-in to XDR, 588 00:27:20,440 --> 00:27:24,000 where you can come through and build out automations. 589 00:27:24,000 --> 00:27:25,320 You can do different things. 590 00:27:25,320 --> 00:27:29,560 And also being Terraform native, where you can come through 591 00:27:29,560 --> 00:27:32,120 and say, hey, if I see this traffic, 592 00:27:32,120 --> 00:27:34,680 I don't want this traffic. 593 00:27:34,680 --> 00:27:39,160 Let's set an automation to run, or let's do something that 594 00:27:39,160 --> 00:27:42,240 says, hey, if I see this, send it back through 595 00:27:42,240 --> 00:27:44,400 and make sure a rule is in place to block it. 596 00:27:44,400 --> 00:27:48,560 Or utilizing dynamic access lists as an example. 597 00:27:48,560 --> 00:27:50,600 And what Jason mentioned earlier regarding 598 00:27:50,600 --> 00:27:55,120 the IDs for the networks and the IDs for the subnets, 599 00:27:55,120 --> 00:27:57,760 hey, I see this traffic trying to reach this one subnet 600 00:27:57,760 --> 00:27:59,880 I don't want it to go to. 601 00:27:59,880 --> 00:28:04,000 Utilizing that subnet ID and being completely dynamic, 602 00:28:04,000 --> 00:28:09,080 you can go and very granularly control what traffic comes in, 603 00:28:09,080 --> 00:28:13,720 goes out in, I guess, I don't want to say cloud native again, 604 00:28:13,720 --> 00:28:19,520 but in a very automated way that happens today versus in the past 605 00:28:19,520 --> 00:28:22,360 where you'd have to go in and say, 606 00:28:22,360 --> 00:28:27,240 deny all IP any, any whatever. 607 00:28:27,240 --> 00:28:28,000 Completely agree. 608 00:28:28,000 --> 00:28:31,840 AWS, by the way, is full whitelist only. 609 00:28:31,840 --> 00:28:34,920 Even when you go in to do an AWS security group, 610 00:28:34,920 --> 00:28:36,320 it's a deny all. 611 00:28:36,320 --> 00:28:39,800 They make you explicitly define what traffic you want to allow. 612 00:28:39,800 --> 00:28:42,720 And it's really the way, we've been preaching zero trust 613 00:28:42,720 --> 00:28:45,080 for years and years and years. 614 00:28:45,080 --> 00:28:47,400 And very few have actually implemented it. 615 00:28:47,400 --> 00:28:49,880 And at least they're urging us or pushing us 616 00:28:49,880 --> 00:28:52,480 a little bit in that direction. 617 00:28:52,480 --> 00:28:55,880 Yeah, I think it's going in that direction at some point. 618 00:28:55,880 --> 00:29:00,400 And just to give credit on that sentence to flip the firewall, 619 00:29:00,400 --> 00:29:04,520 I think I heard about this on the Talos podcast, 620 00:29:04,520 --> 00:29:07,160 probably like two episodes before, 621 00:29:07,160 --> 00:29:08,680 the one from December or November, 622 00:29:08,680 --> 00:29:11,560 but it was very interesting. 623 00:29:11,560 --> 00:29:13,960 It kept me thinking for like five minutes, 624 00:29:13,960 --> 00:29:16,160 flip the firewall, how do we do that? 625 00:29:16,160 --> 00:29:19,720 And so that's that's like way on that. 626 00:29:19,720 --> 00:29:24,480 Definitely a different way of thinking about writing your rules. 627 00:29:24,480 --> 00:29:25,880 One thing I was going to mention, 628 00:29:25,880 --> 00:29:31,560 Siri, you mentioned XDR and how we can automate do workflows. 629 00:29:31,560 --> 00:29:34,040 So we did have a session on Cisco XDR. 630 00:29:34,040 --> 00:29:37,040 So, you know, everybody go back and check that out if you didn't see. 631 00:29:37,040 --> 00:29:40,600 And it'll make a lot more sense if you're wondering what is XDR, 632 00:29:40,600 --> 00:29:42,080 how does it integrate? 633 00:29:42,080 --> 00:29:47,240 And we on that episode, we did talk about specifically Cisco XDR as well. 634 00:29:47,240 --> 00:29:51,480 So I think that will benefit a lot of people. 635 00:29:51,480 --> 00:29:54,560 All right. 636 00:29:54,560 --> 00:29:58,840 I think a question on a lot of people's minds is, 637 00:29:58,840 --> 00:30:03,880 I like the simplicity of this product and then the breadth of it. 638 00:30:03,880 --> 00:30:06,680 And I don't have to know about these individual clouds, 639 00:30:06,680 --> 00:30:08,720 which is great, abstracting all that. 640 00:30:08,720 --> 00:30:13,840 But is this just on top of basically, 641 00:30:13,840 --> 00:30:17,360 do I need to buy additional security if I own this product? 642 00:30:17,360 --> 00:30:24,680 Is this product a true replacement for the virtual firewalls I may have already? 643 00:30:24,680 --> 00:30:30,720 Is it all I need? Is it all I need to secure my cloud presence? 644 00:30:30,720 --> 00:30:33,080 Yeah, we actually we get this a lot, right? 645 00:30:33,080 --> 00:30:35,120 We have kind of two camps. 646 00:30:35,120 --> 00:30:37,760 We have the camp where they've they've went the virtual route. 647 00:30:37,760 --> 00:30:40,160 They're kind of deploying their own thing, 648 00:30:40,160 --> 00:30:44,640 whether that's a Cisco, Palo, Fortinet. 649 00:30:44,640 --> 00:30:47,240 They're just pushing those virtual appliances out there and they're running with it 650 00:30:47,240 --> 00:30:48,640 because they're familiar with it, right? 651 00:30:48,640 --> 00:30:49,880 And they work, right? 652 00:30:49,880 --> 00:30:52,600 But there's still a lot of overhead and then management. 653 00:30:52,600 --> 00:30:55,560 And then when you start to think about things like HA, 654 00:30:55,560 --> 00:31:00,520 we're just much simpler because we were built specifically for the cloud. 655 00:31:00,520 --> 00:31:02,600 Can we replace them? Yes, absolutely. 656 00:31:02,600 --> 00:31:04,400 We do every day. 657 00:31:04,400 --> 00:31:06,360 Same thing with cloud native tools. 658 00:31:06,360 --> 00:31:08,520 So you think about things like the Azure firewalls, 659 00:31:08,520 --> 00:31:11,520 same thing in Google Cloud, you know, security groups, 660 00:31:11,520 --> 00:31:15,040 security groups like within AWS, they're still going to be in the mix, right? 661 00:31:15,040 --> 00:31:18,040 Because they have to be attached to VNICs. 662 00:31:18,040 --> 00:31:21,840 But what we do is we kind of add additional security capabilities. 663 00:31:21,840 --> 00:31:24,760 You can have a permit all in your security group. 664 00:31:24,760 --> 00:31:28,400 You're still going to get advanced network security using our gateways. 665 00:31:28,400 --> 00:31:33,320 What we do see a lot, though, is customers are kind of locked into the cloud provider 666 00:31:33,320 --> 00:31:37,400 or cloud native tooling, like the specific things like the the GCP firewall, 667 00:31:37,400 --> 00:31:39,120 the Azure firewall. 668 00:31:39,120 --> 00:31:44,120 And, yeah, we can we can replace those two, which becomes very nice 669 00:31:44,120 --> 00:31:47,200 for a lot of customers because those are very expensive in terms of a lot 670 00:31:47,200 --> 00:31:50,480 of those firewalls from the cloud providers charge based on like 671 00:31:50,480 --> 00:31:55,200 how much bandwidth you're pushing, which can get crazy, stupid expensive. 672 00:31:55,200 --> 00:31:56,800 It was just going to mention that. 673 00:31:56,800 --> 00:31:59,960 Was just going to mention that in terms of scaling, too. 674 00:31:59,960 --> 00:32:03,200 If you if you if you're scaling up, you're going to have to pay more 675 00:32:03,200 --> 00:32:06,200 if you're using a cloud specific firewall. 676 00:32:06,200 --> 00:32:07,400 100 percent. Yeah. 677 00:32:07,400 --> 00:32:11,640 So we've seen like some customers drastically reduce their cloud charges 678 00:32:11,640 --> 00:32:15,040 by moving to multi cloud defense and just decommissioning those products. 679 00:32:15,040 --> 00:32:18,240 Because, again, now you're if you think about it, that could the 680 00:32:18,240 --> 00:32:22,120 firewalling capabilities within Azure, you could be using a very minimal 681 00:32:22,120 --> 00:32:25,560 set of capabilities within there and still have pretty exorbitant charges. 682 00:32:25,560 --> 00:32:29,960 We're actually going to give you a point solution that can be used 683 00:32:29,960 --> 00:32:33,960 across all your different cloud providers from a single SAS controller 684 00:32:33,960 --> 00:32:37,960 that is normally going to be significantly cheaper in the long run. 685 00:32:37,960 --> 00:32:43,960 Interesting. And I'm just thinking in terms of staging it and having kind of 686 00:32:43,960 --> 00:32:46,960 a zero downtime or at least zero downtime in terms of security. 687 00:32:46,960 --> 00:32:49,400 Can I deploy multi cloud defense out? 688 00:32:49,400 --> 00:32:52,760 Can I have my existing firewalls in place, deploy multi cloud 689 00:32:52,760 --> 00:32:56,920 defense on top of them initially, see everything working well and then go 690 00:32:56,920 --> 00:33:01,480 back and decommission those individual Azure firewalls and just leaving 691 00:33:01,480 --> 00:33:04,120 multi cloud defense in place at that point? 692 00:33:04,120 --> 00:33:05,960 Now, good question, Mike. Absolutely. 693 00:33:05,960 --> 00:33:07,560 That's our primary use case. 694 00:33:07,560 --> 00:33:08,760 Like people are already in the cloud. 695 00:33:08,760 --> 00:33:12,520 They've got brownfield operating as it is right there on Internet gateways, 696 00:33:12,520 --> 00:33:17,960 et cetera. You can deploy again, even from a fully orchestrated 697 00:33:17,960 --> 00:33:21,720 standpoint, you can deploy all your centralized kind of hub security 698 00:33:21,720 --> 00:33:26,920 VPCs or VNets, deploy the gateways to find the rules and all that can be 699 00:33:26,920 --> 00:33:30,720 done with your existing infrastructure kind of just doing its thing. 700 00:33:30,720 --> 00:33:35,720 When it's time to cut over, we can actually handle all the route plumbing 701 00:33:35,720 --> 00:33:39,160 as well, meaning you can go in and say, hey, I want to connect this kind of 702 00:33:39,160 --> 00:33:43,880 spoke VPC to our new security hub and we will actually attach it to transit 703 00:33:43,880 --> 00:33:47,720 gateways or do peerings and then adjust the routing to go over those 704 00:33:47,720 --> 00:33:51,720 peerings rather than out the local Internet gateway for those spokes. 705 00:33:51,720 --> 00:33:52,720 That's great. 706 00:33:52,720 --> 00:33:53,720 It's a mouthful. 707 00:33:53,720 --> 00:34:00,480 But that's interesting to hear all that information. 708 00:34:00,480 --> 00:34:05,360 I really like all the details that we've gone through. 709 00:34:05,360 --> 00:34:10,160 So I guess everybody in the audience is going to appreciate that. 710 00:34:10,160 --> 00:34:13,920 And I think that was one of the questions that we mainly wanted to hear. 711 00:34:13,920 --> 00:34:18,480 I know it was a little bit controversial with the existing infrastructure 712 00:34:18,480 --> 00:34:19,520 and things like that. 713 00:34:19,520 --> 00:34:27,280 But the other question that is on people's minds today is how do we get started? 714 00:34:27,280 --> 00:34:32,160 And if you don't mind mentioning some of how customers will get started, 715 00:34:32,160 --> 00:34:37,720 POVs, trials, what do we do to start playing with multi cloud defense? 716 00:34:37,720 --> 00:34:38,960 Yeah, it's funny. 717 00:34:38,960 --> 00:34:44,880 This question is coming up because Corey also asked it in the Q&A panel where 718 00:34:44,880 --> 00:34:50,840 basically if you have defense orchestrator now on the accordion menu on 719 00:34:50,840 --> 00:34:55,960 the left hand side of the screen for defense orchestrator, there is a 720 00:34:55,960 --> 00:34:59,200 multi cloud defense tie in. 721 00:34:59,200 --> 00:35:03,600 Click there and then you can start playing around with multi cloud defense. 722 00:35:03,600 --> 00:35:09,080 If you don't have defense orchestrator, you can always spin up a trial for that 723 00:35:09,080 --> 00:35:13,760 and multi cloud defense trial is kind of built into that as well. 724 00:35:13,760 --> 00:35:17,600 So there are a number of ways you can get to it. 725 00:35:17,600 --> 00:35:22,400 Then once you do that, definitely reach out to if you know your Cisco security 726 00:35:22,400 --> 00:35:27,360 team, your security sales specialist or your security account manager, 727 00:35:27,360 --> 00:35:33,880 reach out to them and we can get you tied in with whatever level of technical 728 00:35:33,880 --> 00:35:38,440 depth and whatever detail you need to make the trial successful and then make 729 00:35:38,440 --> 00:35:40,400 the implementation successful. 730 00:35:40,400 --> 00:35:46,520 I think Jason mentioned this a bit earlier where the guys who built out 731 00:35:46,520 --> 00:35:53,640 multi cloud defense, but it was Voltex, they're still with us. 732 00:35:53,640 --> 00:35:59,520 They're here at Cisco now and depending on the level of need, they can even step 733 00:35:59,520 --> 00:36:02,800 in and say, hey, this is where we intended to go. 734 00:36:02,800 --> 00:36:06,280 This is what we think will be beneficial to you, Mr. 735 00:36:06,280 --> 00:36:11,640 Customer, to be successful in your deployment. 736 00:36:11,640 --> 00:36:17,080 The process itself is click, click, click and you have a trial, maybe four. 737 00:36:17,080 --> 00:36:18,200 Always compare it. 738 00:36:18,200 --> 00:36:19,480 Do you guys have kids? 739 00:36:19,480 --> 00:36:22,360 There was a show called Oh So Special. 740 00:36:22,360 --> 00:36:24,280 Do you guys ever watch this? 741 00:36:24,280 --> 00:36:25,480 It's like a bear, right? 742 00:36:25,480 --> 00:36:29,040 And he was always solving these mysteries and it was always three simple steps. 743 00:36:29,040 --> 00:36:31,160 Our wizard is actually three simple steps. 744 00:36:31,160 --> 00:36:34,680 It's like literally onboarding telemetry security. 745 00:36:34,680 --> 00:36:36,400 It's stupid simple to go through. 746 00:36:36,400 --> 00:36:39,880 We've done POVs where we've had people soup to nuts, like where they didn't have 747 00:36:39,880 --> 00:36:44,320 anything deployed, so they had multi cloud defense, gateways running and passing 748 00:36:44,320 --> 00:36:47,200 traffic in 90 minutes. 749 00:36:47,200 --> 00:36:47,720 Nice. 750 00:36:47,720 --> 00:36:52,400 And Sidhu, you had mentioned you set this up on your own and the biggest part was 751 00:36:52,400 --> 00:36:55,840 when you mentioned the gathering of information, were you talking about like 752 00:36:55,840 --> 00:36:58,320 the inventory of where your cloud assets are? 753 00:36:58,320 --> 00:37:04,600 Yeah, just making sure that the admin user was there properly, the type of admin 754 00:37:04,600 --> 00:37:08,840 user and making sure we just actually, we just talked about permissions and making 755 00:37:08,840 --> 00:37:13,320 sure like zero trust side of things, but making sure that the users I wanted to 756 00:37:13,320 --> 00:37:18,040 use for multi cloud defense were actually users that had the minimum amount of 757 00:37:18,040 --> 00:37:22,920 permissions to have a successful deployment of multi cloud defense. 758 00:37:22,920 --> 00:37:24,200 Yeah. 759 00:37:24,200 --> 00:37:24,680 That's awesome. 760 00:37:24,680 --> 00:37:27,960 That's often the stumbling block for POVs is customers just figuring out what 761 00:37:27,960 --> 00:37:32,280 accounts they can use to onboard the accounts that has sufficient privileges. 762 00:37:32,280 --> 00:37:35,040 Once they get past that, it's clear as hell. 763 00:37:35,040 --> 00:37:38,960 And bottom line is we come in and Cisco is going to give some assistance there to 764 00:37:38,960 --> 00:37:40,880 get someone up and running. 765 00:37:40,880 --> 00:37:44,720 I assume so, like basically all products. 766 00:37:44,720 --> 00:37:50,760 What about package tiers or like offering levels? 767 00:37:50,760 --> 00:37:54,840 Yeah, so there are currently two offerings. 768 00:37:54,840 --> 00:37:59,000 I mean, I think it would be cool if we had three offerings, but I guess, you know, 769 00:37:59,000 --> 00:38:03,880 we're not doing the whole essentials advantage in Premiere for multi cloud 770 00:38:03,880 --> 00:38:06,600 defense, we're just doing advantage in Premiere. 771 00:38:06,600 --> 00:38:11,480 But actually, in my opinion, I guess if you don't need it, you don't need it. 772 00:38:11,480 --> 00:38:18,520 But a couple of my customers this past quarter had asked me about APIs and about 773 00:38:18,520 --> 00:38:23,080 making sure that their APIs weren't getting abused. 774 00:38:23,080 --> 00:38:28,760 So let's say one of my customers had a bunch of Lambda functions in AWS. 775 00:38:28,760 --> 00:38:35,000 How do we make sure that people can't brute force those APIs and, you know, 776 00:38:35,000 --> 00:38:39,360 you're kind of stuck at the end of the day since there's no real there isn't a 777 00:38:39,360 --> 00:38:47,440 real like DDoS solution for cloud based materials, cloud based services. 778 00:38:47,440 --> 00:38:51,560 A cool thing about the Premiere package for multi cloud defense is that it does 779 00:38:51,560 --> 00:38:53,280 contain that capability. 780 00:38:53,280 --> 00:38:58,400 So that's, in my opinion, one of coming from more of a programming side, one of 781 00:38:58,400 --> 00:39:02,720 the biggest differentiators for me between Premiere and advantage is getting 782 00:39:02,720 --> 00:39:08,480 the ability to actually do that rate limiting. 783 00:39:08,480 --> 00:39:14,880 Another thing that's cool is that you can now do more of a like an upload 784 00:39:14,880 --> 00:39:20,680 download system or you can file share within the clouds. 785 00:39:20,680 --> 00:39:26,480 And with the Premiere package, you get antivirus, anti malware built into that 786 00:39:26,480 --> 00:39:31,160 outside of, you know, on the advantage side, you have your basic ideas. 787 00:39:31,160 --> 00:39:35,280 Some of the features we chatted about before, but then on the Premiere side, 788 00:39:35,280 --> 00:39:42,880 you get antivirus and you also get the I think Joel mentioned this in a question. 789 00:39:42,880 --> 00:39:45,960 What if we want to replace our web application firewall? 790 00:39:45,960 --> 00:39:49,800 That's one of the other features that is brought through with the Premiere package 791 00:39:49,800 --> 00:39:53,080 that you actually get a web application firewall replacement. 792 00:39:53,080 --> 00:39:58,280 So maybe you have, you know, I think we mentioned this earlier, a bunch of 793 00:39:58,280 --> 00:40:03,480 different products that are kind of bolted into the cloud and aren't exactly, 794 00:40:03,480 --> 00:40:07,960 sorry, again, cloud native, but cloud native, they're not exactly cloud native. 795 00:40:07,960 --> 00:40:13,560 So with the Premiere side, you can actually go through and actually rip out 796 00:40:13,560 --> 00:40:18,360 everything, you know, as Joel was asking, the straight replacement of all these 797 00:40:18,360 --> 00:40:18,640 things. 798 00:40:18,640 --> 00:40:22,800 Yeah, literally is a straight replacement of all these things. 799 00:40:22,800 --> 00:40:25,520 Yeah, thanks for the question, Joel. 800 00:40:25,520 --> 00:40:26,960 That's a good one. 801 00:40:26,960 --> 00:40:29,240 And thank you, Sudhir, for the answer. 802 00:40:29,240 --> 00:40:34,480 Real brief, and I don't know, Jason, you work specifically on this product. 803 00:40:34,480 --> 00:40:38,800 So I don't know if you had any customer success stories or anything you can share 804 00:40:38,800 --> 00:40:42,280 about any customers that have done this journey. 805 00:40:42,280 --> 00:40:48,720 Yeah, yeah, actually, Teradata, there's a publicly referenceable white paper from 806 00:40:48,720 --> 00:40:53,440 Cisco on Teradata, who's probably to date our largest customer with thousands of 807 00:40:53,440 --> 00:40:54,320 gateways deployed. 808 00:40:54,320 --> 00:41:00,120 It'll kind of tell the success criteria from them as to like what both 809 00:41:00,120 --> 00:41:04,280 operational and technology benefits they gained by moving from what they were 810 00:41:04,280 --> 00:41:07,120 using to multi-cloud defense, which were many, right? 811 00:41:07,120 --> 00:41:08,880 And they're a full Terraform shop. 812 00:41:08,880 --> 00:41:13,040 So as they like onboard new customers, they actually fully automate the 813 00:41:13,040 --> 00:41:17,720 provisioning of the gateways, the service VPCs and the rule sets as they kind of 814 00:41:17,720 --> 00:41:19,520 onboard new customers. 815 00:41:19,520 --> 00:41:20,720 Very good read. 816 00:41:20,720 --> 00:41:22,160 Yeah, and that's great. 817 00:41:22,160 --> 00:41:23,240 It's publicly available. 818 00:41:23,240 --> 00:41:27,000 So we'll put that in the webinar notes as well. 819 00:41:27,000 --> 00:41:30,360 So that's outstanding. 820 00:41:30,360 --> 00:41:34,880 Well, that's all the questions that we had for our guests. 821 00:41:34,880 --> 00:41:38,800 Let's move on to some serious business now. 822 00:41:38,800 --> 00:41:44,320 And I don't know how I feel about these questions because they're a little funny, 823 00:41:44,320 --> 00:41:48,360 but I'm just going to jump right into it. 824 00:41:48,360 --> 00:41:55,280 So Jason, I wanted to tell you about over the break, I did spin up Cisco's cloud 825 00:41:55,280 --> 00:41:59,720 email security solution over Christmas break. 826 00:41:59,720 --> 00:42:01,800 So just not going to talk for. 827 00:42:01,800 --> 00:42:02,720 OK, that's all right. 828 00:42:02,720 --> 00:42:04,440 That's all right. 829 00:42:04,440 --> 00:42:08,080 Now, it worked great at first, this email solution. 830 00:42:08,080 --> 00:42:13,240 But I had to take it for some therapy sessions because it was feeling 831 00:42:13,240 --> 00:42:16,160 overwhelmed shortly after I enabled it. 832 00:42:16,160 --> 00:42:22,520 Any idea why it was feeling overwhelmed and so stressed out? 833 00:42:22,520 --> 00:42:23,200 No idea. 834 00:42:23,200 --> 00:42:24,600 Did it get sick? 835 00:42:24,600 --> 00:42:28,720 It had too many attachment issues. 836 00:42:28,720 --> 00:42:30,080 Oh, my gosh. 837 00:42:30,080 --> 00:42:32,840 So yeah. 838 00:42:32,840 --> 00:42:38,160 We got those attachment issues resolved, and my email security solution's 839 00:42:38,160 --> 00:42:39,800 doing great now. 840 00:42:39,800 --> 00:42:40,840 Awesome. 841 00:42:40,840 --> 00:42:42,680 Let's see if I can pop that one out, Mike. 842 00:42:42,680 --> 00:42:47,880 I told you, I told you, I wasn't sure how I felt about these ones, but OK. 843 00:42:47,880 --> 00:42:48,800 Awesome. 844 00:42:48,800 --> 00:42:51,720 Now, we're talking about therapy. 845 00:42:51,720 --> 00:42:55,400 And speaking of cloud-specific therapy issues, 846 00:42:55,400 --> 00:43:00,400 I heard that Azure AD started taking therapy sessions as well. 847 00:43:00,400 --> 00:43:02,760 Do you guys know why? 848 00:43:02,760 --> 00:43:03,600 No. 849 00:43:03,600 --> 00:43:09,920 Apparently, it has a lot of identity problems it's working through. 850 00:43:09,920 --> 00:43:12,400 I'll give you that. 851 00:43:12,400 --> 00:43:15,760 How about another thing I did over Christmas break, 852 00:43:15,760 --> 00:43:19,480 there was a really nice wedding I went to. 853 00:43:19,480 --> 00:43:21,560 There were two 5G towers. 854 00:43:21,560 --> 00:43:23,760 They were getting married. 855 00:43:23,760 --> 00:43:26,640 How do you think the wedding went? 856 00:43:26,640 --> 00:43:28,320 Everybody got COVID. 857 00:43:28,320 --> 00:43:31,120 Yes. 858 00:43:31,120 --> 00:43:35,720 The ceremony was kind of average, but the reception was amazing. 859 00:43:38,480 --> 00:43:40,960 Probably got time for one more, Andres. 860 00:43:40,960 --> 00:43:42,800 Promise is the last one. 861 00:43:42,800 --> 00:43:47,360 Did you guys see the news reports about restaurants 862 00:43:47,360 --> 00:43:52,040 trying to find more people who are good at Microsoft Excel? 863 00:43:52,040 --> 00:43:54,880 Have you guys heard about that? 864 00:43:54,880 --> 00:43:58,440 Because apparently, it's very hard to find food industry workers who 865 00:43:58,440 --> 00:44:00,120 are really good at joining tables. 866 00:44:02,760 --> 00:44:04,200 I worked at a restaurant for years. 867 00:44:04,200 --> 00:44:07,200 I don't think I could join two tables on Microsoft Excel, 868 00:44:07,200 --> 00:44:11,160 so I won't be able to apply for that restaurant job. 869 00:44:11,160 --> 00:44:12,240 Oh, that's great. 870 00:44:12,240 --> 00:44:14,120 That's great. 871 00:44:14,120 --> 00:44:19,040 So thanks for containing yourself, everyone, during those amazing dad 872 00:44:19,040 --> 00:44:20,640 jokes. 873 00:44:20,640 --> 00:44:25,720 And Andres, I guess let's wrap this up and conclude it out. 874 00:44:25,720 --> 00:44:29,560 My personal takeaways, I know Jason started off 875 00:44:29,560 --> 00:44:33,000 giving that kind of high level overview. 876 00:44:33,000 --> 00:44:35,360 It's a SaaS-based offering. 877 00:44:35,360 --> 00:44:38,960 And one of the things you mentioned or you alluded to 878 00:44:38,960 --> 00:44:44,400 was that this is going to be single or multi-cloud. 879 00:44:44,400 --> 00:44:45,880 So I thought that was cool. 880 00:44:45,880 --> 00:44:47,840 Even if I just have my resources in one cloud, 881 00:44:47,840 --> 00:44:50,160 this still works just the same. 882 00:44:50,160 --> 00:44:54,160 It's called multi-cloud defense, but even single or multi-cloud. 883 00:44:54,160 --> 00:44:58,360 And that being a turnkey, ready-to-go solution. 884 00:44:58,360 --> 00:45:02,760 And you guys both talked multiple times about native integrations, 885 00:45:02,760 --> 00:45:04,160 which is key here. 886 00:45:04,160 --> 00:45:07,280 It's pre-built into the various cloud providers. 887 00:45:07,280 --> 00:45:10,200 And I really like the unified policy. 888 00:45:10,200 --> 00:45:13,120 For me, one of the biggest things, takeaways today, 889 00:45:13,120 --> 00:45:19,480 was that I don't need to be an expert on how AWS works versus Azure versus Google. 890 00:45:19,480 --> 00:45:21,680 This product is abstracting those differences 891 00:45:21,680 --> 00:45:27,160 because they really shouldn't matter when I'm doing intent-based security. 892 00:45:27,160 --> 00:45:33,240 And then Sudhir, we talked about, I think that went to you, visibility. 893 00:45:33,240 --> 00:45:36,840 Not just the north-south, but the east-west. 894 00:45:36,840 --> 00:45:37,800 Pretty cool there. 895 00:45:37,800 --> 00:45:39,640 And we talked about some of those threat feeds. 896 00:45:39,640 --> 00:45:45,320 I think you mentioned Datadog and the others, Asplunk. 897 00:45:45,320 --> 00:45:47,120 Those were the log profiles, yeah. 898 00:45:47,120 --> 00:45:49,120 Those are the log providers, yes, yes. 899 00:45:49,120 --> 00:45:50,840 Thank you, Jason. 900 00:45:50,840 --> 00:45:54,160 So yeah, those were my main takeaways. 901 00:45:54,160 --> 00:45:56,080 Andres? 902 00:45:56,080 --> 00:46:02,080 Yeah, I really feel the takeaways that I have for me, 903 00:46:02,080 --> 00:46:07,680 similar things that we do have with infrastructure today with next generation firewalls, 904 00:46:07,680 --> 00:46:15,160 which is geolocation, the IPS, the malware prevention, things like that. 905 00:46:15,160 --> 00:46:17,280 We already have in our infrastructures. 906 00:46:17,280 --> 00:46:20,360 It makes a lot of sense to also have it there. 907 00:46:20,360 --> 00:46:26,440 I know we mentioned the LP, and I know we also squeezing a little bit on the WAF piece, 908 00:46:26,440 --> 00:46:29,280 which I think was super interesting. 909 00:46:29,280 --> 00:46:35,280 The alerting, those things, those connectors that we can have with multiple sources 910 00:46:35,280 --> 00:46:41,200 and multiple things just to make sure that we make sense of alerts and things that we see. 911 00:46:41,200 --> 00:46:46,040 And the other one that I was thinking that it was interesting to hear, 912 00:46:46,040 --> 00:46:53,920 and it's going to be that multi-cloud defense is looking like it's everything that we need 913 00:46:53,920 --> 00:46:59,120 if we're going to a cloud with no additional things to think about. 914 00:46:59,120 --> 00:47:04,800 The last thing, just like any other product that we work with here in Cisco, 915 00:47:04,800 --> 00:47:09,200 is that ease or simplicity on how we get started. 916 00:47:09,200 --> 00:47:14,240 Just make sure you know about Cisco Defense Orchestrator. 917 00:47:14,240 --> 00:47:19,600 That's the place where you can start a trial, start playing with multi-cloud defense. 918 00:47:19,600 --> 00:47:24,080 So with that, I think that's all I had. 919 00:47:24,080 --> 00:47:27,920 And Jason, to make sure I got that right with the specific connectors, 920 00:47:27,920 --> 00:47:32,080 Splunk, Datadog, and Google Log Collector. 921 00:47:32,080 --> 00:47:33,360 Yeah, GCP Logging. 922 00:47:33,360 --> 00:47:36,720 I've got some others, but yeah, they're all in there. 923 00:47:36,720 --> 00:47:39,600 Wanted to make sure I had that right. Thank you so much. 924 00:47:39,600 --> 00:47:43,040 Jason, Sudhir, thank you both so much. 925 00:47:43,040 --> 00:47:48,080 Not just for today's call, but just the keeping our industry safe. 926 00:47:48,080 --> 00:47:50,320 So much appreciation there. 927 00:47:50,320 --> 00:47:53,520 Absolutely. It's been a great conversation. 928 00:47:53,520 --> 00:48:00,480 Next call or next episode, February 21st, as we will discuss the security intelligence brains 929 00:48:00,480 --> 00:48:06,160 behind all of Cisco Security Products. That's the Talos organization. 930 00:48:06,160 --> 00:48:09,440 We're also going to cover incident response on that same session. 931 00:48:09,440 --> 00:48:14,080 So I hope everyone has enjoyed today's conversation on multi-cloud defense. 932 00:48:14,720 --> 00:48:17,200 Jason, Sudhir, Andre, it's been a pleasure. 933 00:48:17,200 --> 00:48:25,520 Stay secure and we will see you on the next one.