1 00:00:00,040 --> 00:00:04,080 60% of attacks have identity as a key component, meaning that 2 00:00:04,080 --> 00:00:06,200 without the identity piece, the attack would have never 3 00:00:06,200 --> 00:00:09,280 happened. And probably 80 to 90% involve 4 00:00:09,320 --> 00:00:13,720 identity in some way or another. And so like this identity crisis 5 00:00:13,920 --> 00:00:17,000 has been going on for several years, and it's just getting 6 00:00:17,000 --> 00:00:21,400 worse and worse and worse. And unfortunately, for whatever 7 00:00:21,400 --> 00:00:25,040 reason, our customers and identity practitioners out there 8 00:00:25,120 --> 00:00:28,000 haven't found an easy button to fix it. 9 00:00:28,080 --> 00:00:31,160 And and that's where we stand today in this identity crisis 10 00:00:31,160 --> 00:00:33,800 that we live in. I think you just summarized 11 00:00:33,800 --> 00:00:37,840 perfectly this whole identity security space and why it exists 12 00:00:37,840 --> 00:00:42,000 and why it's so important. You've talked about security 13 00:00:42,000 --> 00:00:47,240 first, IAM, and I want to know from your perspective, what does 14 00:00:47,240 --> 00:00:50,520 this, what does that mean? Yeah. 15 00:00:50,520 --> 00:00:54,960 So security first, IAM. And if you missed it, last week 16 00:00:54,960 --> 00:00:58,800 we announced Duo identity access Management and Social Security 17 00:00:58,800 --> 00:01:01,360 First IAM is really the reason why we did it. 18 00:01:01,680 --> 00:01:05,160 We felt that most of the IAM or identity players out there in 19 00:01:05,160 --> 00:01:08,720 the market were more focused on like helping people get to work 20 00:01:08,720 --> 00:01:10,920 and get access to the things they need and single sign on or 21 00:01:10,920 --> 00:01:14,480 reducing friction, which is all really good useful stuff. 22 00:01:14,680 --> 00:01:18,320 But security has always been sort of an afterthought in add 23 00:01:18,320 --> 00:01:23,560 on on the back burner to honest the Duo security first IAM is 24 00:01:23,560 --> 00:01:27,720 really about making security the default secure by default, 25 00:01:27,840 --> 00:01:30,680 making so that you can start from day zero with no passwords, 26 00:01:30,920 --> 00:01:33,680 make it really easy to go password list and doing that all 27 00:01:33,680 --> 00:01:36,680 within kind of the cost envelope with the base tier. 28 00:01:36,680 --> 00:01:38,720 So that's what we mean by security first. 29 00:01:38,720 --> 00:01:42,120 I am is like we're making that security set of capabilities 30 00:01:42,360 --> 00:01:47,440 part of the basic functionality. OK, and So what do you say to 31 00:01:47,440 --> 00:01:50,680 the pessimist who says, oh, another identity solution? 32 00:01:51,000 --> 00:01:53,520 We have a bunch of identity solutions. 33 00:01:53,920 --> 00:01:55,400 What's going to be different here? 34 00:02:00,640 --> 00:02:07,000 This is identity at the center if it has anything to do with 35 00:02:07,000 --> 00:02:12,960 IAM. This is the go to podcast now 36 00:02:12,960 --> 00:02:17,200 your hosts Jim McDonald and Jeff Steadman. 37 00:02:20,960 --> 00:02:22,600 Welcome to the Identity of the Center podcast. 38 00:02:22,600 --> 00:02:24,000 I'm Jeff, and that's Jim. Hey, Jim. 39 00:02:24,360 --> 00:02:27,040 Hey, Jeff, how are you? Oh, not so bad yourself. 40 00:02:27,520 --> 00:02:29,640 Doing great man. I'm glad to be back in the Home 41 00:02:29,640 --> 00:02:31,600 Office and excited for this episode. 42 00:02:32,440 --> 00:02:34,840 Yeah, this is a good one. We got a sponsored episode today 43 00:02:35,160 --> 00:02:37,600 brought to us by our friends over at Duo and you can find 44 00:02:37,600 --> 00:02:40,800 more about them at duo.com. We're going to welcome back a 45 00:02:40,920 --> 00:02:42,840 guest here in a second. But just to make it very crystal 46 00:02:42,840 --> 00:02:44,640 clear, right, they've sponsored this entire episode. 47 00:02:44,640 --> 00:02:47,440 So we do these from time to time in collaboration with our 48 00:02:47,440 --> 00:02:50,480 sponsors to to help apprise the industry of some of the things 49 00:02:50,480 --> 00:02:52,440 that they should be thinking about from AI. 50 00:02:52,440 --> 00:02:53,920 Guess you should say people in the industry about what they 51 00:02:53,920 --> 00:02:56,200 should be thinking about from an identity standpoint, security 52 00:02:56,200 --> 00:02:59,240 standpoint and some of the capabilities that are out there 53 00:02:59,240 --> 00:03:01,960 that people might want to take a look at by a trip over my own 54 00:03:02,040 --> 00:03:04,120 tongue right now. So let me go ahead and get right 55 00:03:04,120 --> 00:03:05,920 into it. Let's introduce Matt Caulfield. 56 00:03:05,920 --> 00:03:09,640 He's the VPO duo and identity at Cisco, all things identity. 57 00:03:09,680 --> 00:03:11,160 Welcome back to the show, Matt all. 58 00:03:12,280 --> 00:03:13,880 Right. Thank you, Jess and Jim. 59 00:03:13,880 --> 00:03:15,680 Good to see you guys again. Happy to be back. 60 00:03:16,480 --> 00:03:18,360 Yeah, it's been a little while. So I think the last time you 61 00:03:18,360 --> 00:03:22,200 were on was episode #247 we talked, I, I, I called the 62 00:03:22,200 --> 00:03:24,360 episode big areas of identity to solve, right? 63 00:03:24,360 --> 00:03:26,800 It was very thought provoking. I would encourage people to go 64 00:03:26,800 --> 00:03:28,800 back and listen to that because I'm not going to make you say 65 00:03:28,800 --> 00:03:30,960 how did you get into identity? You've already answered that 66 00:03:31,200 --> 00:03:34,640 you're a pro's pro for us. But it's been about a year and a 67 00:03:34,640 --> 00:03:36,920 half since then. So what have you been up to over 68 00:03:36,920 --> 00:03:39,440 that last year and a half? Yeah, what's new? 69 00:03:40,280 --> 00:03:44,000 A lot. I came back to Cisco about two 70 00:03:44,000 --> 00:03:45,680 years ago with the ORT acquisition. 71 00:03:45,720 --> 00:03:49,880 And then recently about a year ago, I started as the head of 72 00:03:49,880 --> 00:03:53,320 product for, for Duo, which I think a lot of people, a lot of 73 00:03:53,320 --> 00:03:56,640 the listeners here in identity understand that Duo has a 74 00:03:56,640 --> 00:04:00,040 storied past in identity and authentication and, and they 75 00:04:00,040 --> 00:04:02,920 know the Duo brand really well. And so I, I've been really happy 76 00:04:03,080 --> 00:04:04,920 to work with that team in particular. 77 00:04:04,920 --> 00:04:08,240 The Duo team is known in Cisco for its culture, for its ability 78 00:04:08,240 --> 00:04:11,280 to ship product, for its ability to be kind of market leading, 79 00:04:11,280 --> 00:04:13,480 focused on users. And so like, it's just been a 80 00:04:13,480 --> 00:04:17,120 real blessing to take over the leadership of the product team 81 00:04:17,120 --> 00:04:20,440 for Duo and help craft what we've been doing over the past 82 00:04:20,440 --> 00:04:22,280 year, which I'm also very excited to talk about. 83 00:04:22,960 --> 00:04:24,760 Yeah, I'm real excited to talk about it, Matt. 84 00:04:24,760 --> 00:04:28,120 And I was going to quote something that I've heard you 85 00:04:28,120 --> 00:04:32,600 say, which is that we have an identity crisis in this space. 86 00:04:33,000 --> 00:04:35,960 And you know, when you hear identity crisis, obviously it 87 00:04:35,960 --> 00:04:39,080 has, you know, there's, there's other meetings outside of 88 00:04:39,080 --> 00:04:41,520 digital identity. So I'm assuming you mean a 89 00:04:41,520 --> 00:04:44,600 digital identity crisis. And I'm wondering what is it 90 00:04:44,600 --> 00:04:46,480 that's contributing to this crisis? 91 00:04:46,480 --> 00:04:48,760 What? Why is that a major theme? 92 00:04:49,920 --> 00:04:51,440 Yeah. No, your assumption is right 93 00:04:51,440 --> 00:04:53,960 that it is a digital identity crisis and not so much like a 94 00:04:53,960 --> 00:04:57,160 personal like existential identity crisis, although some 95 00:04:57,160 --> 00:05:00,400 of us have those digital identity crisis. 96 00:05:00,640 --> 00:05:02,320 You know, it's really a couple of things. 97 00:05:02,760 --> 00:05:05,240 One piece is the rise in identity based attacks. 98 00:05:05,240 --> 00:05:07,240 And I feel like we've been talking about this for years, 99 00:05:07,240 --> 00:05:09,560 but it's still happening. So we're still talking about it. 100 00:05:10,480 --> 00:05:14,200 Fortunately now at Cisco, I get access to all this like really 101 00:05:14,200 --> 00:05:16,000 cool data. So we have this whole team 102 00:05:16,000 --> 00:05:19,120 called Cisco Talos and they go out and they study these things. 103 00:05:19,120 --> 00:05:21,600 They they deal with things like instant response and looking at 104 00:05:21,600 --> 00:05:24,160 threats out in the wild. And one thing that they've 105 00:05:24,160 --> 00:05:28,880 picked up on is that now it's not 60% of attacks involve 106 00:05:28,880 --> 00:05:33,000 identity, 60% of attacks have identity as a key component, 107 00:05:33,000 --> 00:05:35,200 meaning that without the identity piece, the attack would 108 00:05:35,200 --> 00:05:38,560 have never happened. And probably 80 to 90% involve 109 00:05:38,560 --> 00:05:43,000 identity in some way or another. And so like this identity crisis 110 00:05:43,200 --> 00:05:46,280 has been going on for several years and it's just getting 111 00:05:46,280 --> 00:05:50,680 worse and worse and worse. And unfortunately, for whatever 112 00:05:50,680 --> 00:05:54,320 reason, our customers and identity practitioners out there 113 00:05:54,400 --> 00:05:57,280 haven't found an easy button to fix it. 114 00:05:57,360 --> 00:06:00,440 And and that's where we stand today in this identity crisis 115 00:06:00,440 --> 00:06:03,040 that we live in. I think you just summarized 116 00:06:03,040 --> 00:06:07,080 perfectly this whole identity security space and why it exists 117 00:06:07,080 --> 00:06:11,240 and why it's so important. You've talked about security 118 00:06:11,240 --> 00:06:16,480 first, IAM, and I want to know from your perspective, what does 119 00:06:16,480 --> 00:06:19,760 this, what does that mean? Yeah. 120 00:06:19,760 --> 00:06:24,200 So security first, IAM. And if you missed it, last week 121 00:06:24,200 --> 00:06:28,040 we announced Duo identity access Management and Social Security 122 00:06:28,040 --> 00:06:30,640 First IAM is really the reason why we did it. 123 00:06:30,920 --> 00:06:34,440 We felt that most of the IAM or identity players out there in 124 00:06:34,440 --> 00:06:38,000 the market were more focused on like helping people get to work 125 00:06:38,000 --> 00:06:40,200 and get access to the things they need and single sign on or 126 00:06:40,200 --> 00:06:43,760 reducing friction, which is all really good useful stuff. 127 00:06:43,960 --> 00:06:47,600 But security has always been sort of an afterthought in add 128 00:06:47,600 --> 00:06:52,840 on on the back burner to honest the Duo security first IAM is 129 00:06:52,840 --> 00:06:56,960 really about making security the default secure by default, 130 00:06:57,080 --> 00:06:59,880 making so that you can start from day zero with no passwords, 131 00:07:00,160 --> 00:07:02,920 make it really easy to go password list and doing that all 132 00:07:02,920 --> 00:07:05,920 within kind of the cost envelope with the base tier. 133 00:07:05,920 --> 00:07:07,960 So that's what we mean by security first. 134 00:07:07,960 --> 00:07:11,360 I am is like we're making that security set of capabilities 135 00:07:11,600 --> 00:07:16,680 part of the basic functionality. OK, and So what do you say to 136 00:07:16,680 --> 00:07:19,920 the pessimist who says, oh, another identity solution? 137 00:07:20,240 --> 00:07:22,760 We have a bunch of identity solutions. 138 00:07:23,200 --> 00:07:24,680 What's going to be different here? 139 00:07:25,640 --> 00:07:27,200 Yeah, it's a good question. We get that a lot. 140 00:07:27,600 --> 00:07:31,240 For a long time, Duo has been known as MFA and like it's kind 141 00:07:31,240 --> 00:07:33,800 of built into the name like 2F AM FA. 142 00:07:34,000 --> 00:07:37,160 And for the longest time Duo has been really good at that. 143 00:07:37,160 --> 00:07:40,400 We have over 100,000 customers that use us for MFA. 144 00:07:40,880 --> 00:07:42,480 There are lots of other identity solutions. 145 00:07:42,480 --> 00:07:45,720 So you might ask and other people have asked the question 146 00:07:45,720 --> 00:07:48,760 like why would Duo get into the identity space? 147 00:07:49,040 --> 00:07:53,440 And a big part of it is because we saw that gap in that there 148 00:07:53,440 --> 00:07:56,120 are still attacks going on, they're still being successful. 149 00:07:56,280 --> 00:07:59,840 Traditional players are more focused on making single sign on 150 00:07:59,840 --> 00:08:02,040 and access management work and less focused on the security 151 00:08:02,040 --> 00:08:04,720 aspects to it. So we saw the need to come in 152 00:08:04,720 --> 00:08:07,640 with kind of security first approach. 153 00:08:07,640 --> 00:08:10,760 And the way that Duo is special is some of the end to end 154 00:08:10,760 --> 00:08:13,280 fishing resistance capabilities that we brought in in addition 155 00:08:13,280 --> 00:08:14,840 to the security first capabilities. 156 00:08:15,080 --> 00:08:18,320 Really sets it apart from a lot of the other options that are 157 00:08:18,320 --> 00:08:20,520 out there. Plus the reasons why people pick 158 00:08:20,520 --> 00:08:24,880 Duo today, which is it's a solution that our customers love 159 00:08:25,240 --> 00:08:29,120 because it focuses on the intersection of usability and 160 00:08:29,120 --> 00:08:32,360 security for admins and for end users. 161 00:08:32,919 --> 00:08:35,600 You know, I'm, I'm playing the role that Jeff normally plays, 162 00:08:35,600 --> 00:08:38,760 which is like the pessimist. But you know, I've seen over 163 00:08:38,760 --> 00:08:42,559 time, I've been in this space for 20 years and I was a big 164 00:08:42,559 --> 00:08:46,840 customer of both Oracle and CA. And they usually don't name drop 165 00:08:46,840 --> 00:08:48,440 in like any kind of negative light. 166 00:08:48,760 --> 00:08:54,680 But the big tech industry has kind of a history of going deep 167 00:08:54,800 --> 00:09:00,680 into acquiring different pieces of identity, of the identity 168 00:09:00,680 --> 00:09:04,760 stack, putting them together and then R&D dies on the vine. 169 00:09:05,000 --> 00:09:08,400 And so, you know, given that history that none of that 170 00:09:08,400 --> 00:09:13,280 implicates you, but given that history, what would you say 171 00:09:13,280 --> 00:09:14,840 that's not going to happen again? 172 00:09:15,800 --> 00:09:19,240 Yeah, that's a good question. So Cisco makes a lot of 173 00:09:19,240 --> 00:09:21,880 acquisitions. You mentioned like the number 174 00:09:21,880 --> 00:09:27,120 247 episodes, Cisco's done about 250 acquisitions over its 175 00:09:27,120 --> 00:09:29,560 history. So it's a lot, you know, it's 176 00:09:29,560 --> 00:09:33,200 averages, you know around 10 per year over the past few years 177 00:09:33,200 --> 00:09:37,320 give or take a few. Over time, those acquisitions 178 00:09:37,320 --> 00:09:41,160 get brought in and made part of the bigger portfolio with Duo 179 00:09:41,360 --> 00:09:45,040 and with ORT in particular. So we acquired A Duo six years 180 00:09:45,040 --> 00:09:47,920 ago, still going today. We're still investing, we're 181 00:09:47,920 --> 00:09:51,040 still making big launches, and we're still just as relevant as 182 00:09:51,040 --> 00:09:53,680 ever in the industry, especially in the authentication market. 183 00:09:54,200 --> 00:09:57,280 And then with ORT, which I was part of, I was the founder and 184 00:09:57,280 --> 00:09:59,000 CEO there. And we were an identity threat 185 00:09:59,000 --> 00:10:01,320 detection response company that was acquired 2 years ago. 186 00:10:01,560 --> 00:10:04,320 We've now made that part of Duo and Identity Intelligence, and 187 00:10:04,320 --> 00:10:06,880 we're continuing to invest in those capabilities. 188 00:10:06,880 --> 00:10:09,600 And we just announced a new capability as part of Identity 189 00:10:09,600 --> 00:10:12,360 Intelligence as well, which is this trust scoring mechanism 190 00:10:12,520 --> 00:10:15,680 that lets you pinpoint individual users and figure out 191 00:10:15,680 --> 00:10:18,600 which ones are actually compromised inside your 192 00:10:18,600 --> 00:10:20,760 organization. So you could have like 10,000 193 00:10:21,000 --> 00:10:22,440 users. And this will narrow it down to 194 00:10:22,440 --> 00:10:25,360 like, hey, these three accounts, you need to go scrub those. 195 00:10:25,360 --> 00:10:28,040 Like it's almost like a laptop. You need to go wipe that laptop 196 00:10:28,040 --> 00:10:30,320 with that account and start over again because those are 197 00:10:30,320 --> 00:10:32,240 definitely taking over at this point. 198 00:10:32,360 --> 00:10:36,400 So anyway, just some examples of Cisco does bring in companies 199 00:10:36,680 --> 00:10:39,520 and make them part of the bigger story, but at the same time 200 00:10:39,520 --> 00:10:42,680 continues to invest where it's needed, especially in areas of 201 00:10:42,680 --> 00:10:46,160 identity, because there's this realization that identity is a 202 00:10:46,160 --> 00:10:49,920 core pillar of security. It's the foundation of zero 203 00:10:49,920 --> 00:10:51,840 trust. And the whole industry has woken 204 00:10:51,840 --> 00:10:54,720 up to that. Yeah, I, you know, I think one 205 00:10:54,720 --> 00:10:59,400 of the one of the things that I recognize anyway is, you know, 206 00:10:59,400 --> 00:11:03,440 when you talk about ORT, you guys were kind of an innovator 207 00:11:03,440 --> 00:11:08,400 and a leading company. And now look, you got your as an 208 00:11:08,400 --> 00:11:14,040 individual running the show there in terms of duo identity. 209 00:11:15,040 --> 00:11:18,520 That's pretty telling. I mean, are you bringing with 210 00:11:18,520 --> 00:11:22,600 you that culture of innovation that you had or let's talk, 211 00:11:22,600 --> 00:11:23,880 let's talk about that for a minute. 212 00:11:23,880 --> 00:11:28,480 It was kind of that transition you made from, you know, founder 213 00:11:28,840 --> 00:11:33,360 and CEO at ORT and now you're a part of a bigger tech company. 214 00:11:33,600 --> 00:11:36,640 Would you bring the innovation or was it like you brought it, 215 00:11:36,640 --> 00:11:39,960 you came over and you're like, wow, this is a really innovative 216 00:11:39,960 --> 00:11:43,080 company. Yeah, it's, it's a really good 217 00:11:43,080 --> 00:11:44,440 question. I think you're picking up on a 218 00:11:44,440 --> 00:11:46,800 pattern that does exist. And it's not just me. 219 00:11:46,800 --> 00:11:51,200 Like plenty of other founders get acquired into Cisco and then 220 00:11:51,200 --> 00:11:54,760 get put into bigger roles, bigger responsibility expressly 221 00:11:54,760 --> 00:11:59,200 for the the value that they bring in terms of driving 222 00:11:59,200 --> 00:12:02,680 urgency and bringing in new ideas and innovation. 223 00:12:02,680 --> 00:12:05,360 And it's not because Cisco lacks that at all. 224 00:12:05,520 --> 00:12:08,360 It just really helpful to have new fresh ideas constantly 225 00:12:08,880 --> 00:12:11,320 coming in. And that's one of the ways that 226 00:12:11,520 --> 00:12:15,280 bigger Cisco and now Duo has done it is kind of bringing in 227 00:12:15,480 --> 00:12:17,640 talent through through acquisition. 228 00:12:17,640 --> 00:12:20,760 So myself, we've had other leaders, you know, just in the 229 00:12:20,760 --> 00:12:23,360 year that I was acquired, like Armor Blocks was acquired on the 230 00:12:23,360 --> 00:12:25,760 e-mail side. And DJ Sampath is running a lot 231 00:12:25,760 --> 00:12:28,800 of the AI strategy now for Cisco overall. 232 00:12:28,800 --> 00:12:32,240 So G2 Patel, who's our chief product officer and you know, 233 00:12:32,240 --> 00:12:36,120 president at Cisco now is really creating this, this culture of 234 00:12:36,280 --> 00:12:39,240 we need to think like a startup, even though we're a gigantic 235 00:12:39,240 --> 00:12:42,400 100,000 person company. Like we need to think like a 236 00:12:42,400 --> 00:12:45,640 startup, act like a startup, and bring startup people in in order 237 00:12:45,640 --> 00:12:48,440 to drive and continue to drive urgency. 238 00:12:48,920 --> 00:12:52,040 Yeah, I mean, that's that's kind of the answer I was expecting 239 00:12:52,040 --> 00:12:54,920 because, you know, when you talked about something like 240 00:12:54,920 --> 00:12:59,960 Tallows, I started to think, wow, like, imagine having the 241 00:12:59,960 --> 00:13:03,240 insights that they have and you can just sit down and have 242 00:13:03,240 --> 00:13:06,960 coffee with the people that are making it happen there. 243 00:13:07,360 --> 00:13:10,960 Tell us a little bit about Telus and some of that intelligence 244 00:13:10,960 --> 00:13:14,800 that they're bringing to the table that's influencing. 245 00:13:15,400 --> 00:13:20,000 You know, look, you guys are taking on some big bold stuff, 246 00:13:20,360 --> 00:13:23,880 and it sounds like that having that intelligence was kind of at 247 00:13:23,880 --> 00:13:26,720 the center of making some of these decisions. 248 00:13:27,880 --> 00:13:32,600 It is so understanding what's really going on for customers on 249 00:13:32,600 --> 00:13:35,240 their worst days when they're suffering from security breaches 250 00:13:35,240 --> 00:13:38,160 is the type of insights that the Talos team brings to the table. 251 00:13:38,160 --> 00:13:40,680 And then that that team is just for a while also came in through 252 00:13:40,680 --> 00:13:42,640 acquisition. I've looked through the Source 253 00:13:42,640 --> 00:13:45,240 Fire acquisition, which was one of our, you know, firewalls that 254 00:13:45,240 --> 00:13:47,000 we acquired. So that continues to this day 255 00:13:47,000 --> 00:13:50,280 and they've expanded from like just a focus on networking and 256 00:13:50,280 --> 00:13:54,360 network intelligence and network focused response into also 257 00:13:54,360 --> 00:13:57,520 things like understanding what's going on in the identity world, 258 00:13:57,520 --> 00:14:02,440 just because that's such a, a big aspect of the breaches that 259 00:14:02,440 --> 00:14:04,400 are occurring. It's a, it's a, it's a key 260 00:14:04,400 --> 00:14:06,480 component. And that's really the, the 261 00:14:06,480 --> 00:14:07,840 research that we're highlighting here. 262 00:14:07,840 --> 00:14:10,520 It's not just this year or just Talos saying it. 263 00:14:10,520 --> 00:14:12,920 We've, we've seen kind of corroborating evidence coming 264 00:14:12,920 --> 00:14:16,400 from like Verizon, DPIR and some of the research that crowd 265 00:14:16,400 --> 00:14:18,080 strike puts out. So it's, it's definitely not 266 00:14:18,080 --> 00:14:21,160 just us who are into it. But yes, I kind of get an inside 267 00:14:21,160 --> 00:14:24,760 track on, on getting the real details on what's happening in 268 00:14:24,760 --> 00:14:27,920 these attacks and what are the, what are the vectors through 269 00:14:27,920 --> 00:14:31,040 which these attackers are coming in so that we can build controls 270 00:14:31,040 --> 00:14:33,920 and detections into our products, into Duo, into 271 00:14:33,920 --> 00:14:35,920 identity intelligence to put a stop to that. 272 00:14:36,920 --> 00:14:39,160 Yeah. And I'm wondering, you know, so 273 00:14:39,160 --> 00:14:44,480 to me, the 2 interesting angles would be that piece, which is 274 00:14:44,480 --> 00:14:49,240 all the other companies within Cisco or, or products, however 275 00:14:49,240 --> 00:14:53,360 you want to, you know, call the structure, but then also the 276 00:14:53,360 --> 00:14:57,280 customer insights that you must be getting, be able to come into 277 00:14:57,280 --> 00:15:01,160 customer conversations. And I'm wondering like, what are 278 00:15:01,160 --> 00:15:03,400 some of the, the challenges you're seeing? 279 00:15:03,400 --> 00:15:07,280 Are you coming into clients and finding a lot of laggers? 280 00:15:07,280 --> 00:15:12,160 Are you seeing some clients that are just like, you know, 281 00:15:12,680 --> 00:15:15,480 innovating in ways that you're learning from? 282 00:15:15,720 --> 00:15:17,640 Kind of what are you seeing in that landscape? 283 00:15:18,960 --> 00:15:22,720 Yeah, customer insights are at a totally different scale at 284 00:15:22,720 --> 00:15:25,120 Cisco. So Duo alone has over 100,000 285 00:15:25,120 --> 00:15:27,680 customers. So much as I'd like to, I can't 286 00:15:27,680 --> 00:15:30,680 talk to all of them in a single lifetime Even. 287 00:15:30,760 --> 00:15:34,600 So we rely a lot on data and then select, you know, customer 288 00:15:34,600 --> 00:15:36,800 interviews. We just held one of our first 289 00:15:36,800 --> 00:15:39,720 duo customer advisory boards, strategic advisory boards in New 290 00:15:39,720 --> 00:15:42,040 York a few weeks ago. And that was really insightful 291 00:15:42,040 --> 00:15:46,240 because we got to sit down with 20 customers and really dig in a 292 00:15:46,240 --> 00:15:49,920 bit more into the problems that they're having in identity and 293 00:15:49,920 --> 00:15:53,160 that the common themes are things like fishing resistance. 294 00:15:53,880 --> 00:15:58,160 How do I get the password list? How do I deal with like non 295 00:15:58,160 --> 00:16:02,640 employee populations, like contractors, little bit of non 296 00:16:02,640 --> 00:16:06,560 human identity, little bit of agentic popping up. 297 00:16:06,560 --> 00:16:09,120 And we can talk, maybe say that for the end, but these are the 298 00:16:09,120 --> 00:16:12,120 things that are kind of top of mind for our customers. 299 00:16:12,120 --> 00:16:16,160 And, and, and going from, you know, what they have today, 300 00:16:16,160 --> 00:16:18,240 which might be like a mishmash of different identity 301 00:16:18,240 --> 00:16:22,280 technologies to an architecture that they feel confident in from 302 00:16:22,280 --> 00:16:24,720 a security perspective. That's really what they look 303 00:16:24,720 --> 00:16:26,920 into. A Cisco Duo 4 is like, OK, help 304 00:16:26,920 --> 00:16:30,320 me with these specific projects like fishing resistance and like 305 00:16:30,320 --> 00:16:32,720 password less. And then also help me think 306 00:16:32,720 --> 00:16:35,720 bigger picture of like, how do I tie this whole identity thing 307 00:16:35,720 --> 00:16:38,440 into my zero trust initiative, my zero trust architecture? 308 00:16:38,440 --> 00:16:41,040 And so this was really well positioned to help with both 309 00:16:41,040 --> 00:16:43,080 those things, those kind of tactical things as well as the 310 00:16:43,080 --> 00:16:46,080 strategic bigger picture because we have this much broader 311 00:16:46,120 --> 00:16:48,680 portfolio. Yeah, whenever we get a thought 312 00:16:48,680 --> 00:16:53,000 leader like yourself on, I wanted to ask some questions 313 00:16:53,000 --> 00:16:58,800 that are like maybe sound basic, but are are we solved? 314 00:16:58,880 --> 00:17:01,960 You brought a pastor list. Is authentication more or less 315 00:17:01,960 --> 00:17:06,280 solved and now it's just tactical getting it rolled out? 316 00:17:06,560 --> 00:17:08,960 Or is there still innovation to be had I. 317 00:17:10,160 --> 00:17:11,599 Think there's still innovation to be had? 318 00:17:11,599 --> 00:17:16,920 So if you look at it, how do you get to like NIST AAL 3 fishing 319 00:17:16,920 --> 00:17:20,079 resistance today? Usually you have to go buy a 320 00:17:20,079 --> 00:17:22,760 bunch of hardware tokens. And I have no issue with the 321 00:17:22,760 --> 00:17:24,440 folks who manufactured hardware tokens. 322 00:17:24,640 --> 00:17:26,359 They're a good product and I use them myself. 323 00:17:26,359 --> 00:17:29,360 But for organizations when they're staring down, you know, 324 00:17:29,360 --> 00:17:33,640 a $50 per token priced AG and then having to provide two of 325 00:17:33,640 --> 00:17:37,000 them for everybody in case they lose 1, like it's a really hard 326 00:17:37,000 --> 00:17:41,400 pill to swallow for most organizations that aren't, you 327 00:17:41,400 --> 00:17:44,560 know, maybe financial services, let's say. 328 00:17:45,520 --> 00:17:49,200 So that in particular is an area of innovation where Duo with 329 00:17:49,200 --> 00:17:52,360 recent announcements around and then fishing resistance, we've 330 00:17:52,360 --> 00:17:56,000 stepped into, we've announced this thing called proximity 331 00:17:56,000 --> 00:18:00,360 verification where you can get AAL 3 phishing resistant 332 00:18:00,360 --> 00:18:03,320 authentication where your your phone is your key. 333 00:18:03,320 --> 00:18:04,880 You've got Duo Mobile on the phone. 334 00:18:05,280 --> 00:18:08,520 It's using Bluetooth Low Energy between the phone and the 335 00:18:08,520 --> 00:18:10,720 device. And by virtue of them being near 336 00:18:10,720 --> 00:18:13,160 each other and the fact that I've registered both devices, my 337 00:18:13,160 --> 00:18:16,240 laptop and my phone, and by virtue of me doing a Face ID or 338 00:18:16,240 --> 00:18:19,920 Touch ID on my device, I now have enough factors to say, OK, 339 00:18:20,200 --> 00:18:22,440 this is phishing resistant. And an attacker would need to be 340 00:18:22,440 --> 00:18:26,080 in the room with me kind of pulling up a chair to my desk in 341 00:18:26,080 --> 00:18:28,560 order to insert themselves from the flow. 342 00:18:29,560 --> 00:18:31,440 So there is innovation in authentication still. 343 00:18:32,160 --> 00:18:34,320 That's good to hear because you know the it's not like the 344 00:18:34,320 --> 00:18:35,800 threats stop innovating either, right? 345 00:18:35,800 --> 00:18:37,600 So you kind of have to stay ahead of it as well. 346 00:18:37,840 --> 00:18:39,280 Yeah. And, and we do see that the 347 00:18:39,280 --> 00:18:42,160 attackers continue to innovate. But you know, we thought MFA was 348 00:18:42,160 --> 00:18:45,320 the silver bullet for the longest period of time where 349 00:18:45,320 --> 00:18:48,040 MFA, as long as you have MFA on your account, they're like, 350 00:18:48,160 --> 00:18:51,920 you're good, you're golden. But then we have things like SIM 351 00:18:51,920 --> 00:18:55,520 swapping or even more basic like push bombing, push fatigue. 352 00:18:55,840 --> 00:18:58,920 And so then we move to like number matching and you know, 353 00:18:58,920 --> 00:19:02,040 OTP and you know, other one time codes. 354 00:19:02,040 --> 00:19:04,480 And then you have attacker in the middle where they created 355 00:19:04,480 --> 00:19:07,760 proxy and put it in the middle. So it looks like your sign in 356 00:19:07,760 --> 00:19:11,480 Page and you put in your 4 digit or 6 digit code and then they 357 00:19:11,480 --> 00:19:13,560 steal that. And so we're constantly being 358 00:19:13,560 --> 00:19:16,320 pushed further and further towards eventually getting to 359 00:19:16,640 --> 00:19:20,720 where we are now with phishing resistant and hope is that this 360 00:19:20,720 --> 00:19:24,080 new dual proximity verification capabilities sort of the easy 361 00:19:24,560 --> 00:19:27,000 cheaper way to get to fishing resistant versus shipping 362 00:19:27,000 --> 00:19:28,720 everybody their own little Harvard key. 363 00:19:29,880 --> 00:19:31,920 I want to talk about the product here in a second, but I'm 364 00:19:31,920 --> 00:19:36,000 curious what your thoughts are from AAI perspective and some of 365 00:19:36,000 --> 00:19:38,680 the threats that we're seeing, You know, what using AI to 366 00:19:38,680 --> 00:19:41,760 leverage against some of the identity security that maybe 367 00:19:41,760 --> 00:19:43,240 we've built out over the decades. 368 00:19:43,600 --> 00:19:46,680 You know, gone is the poorly written e-mail from the poor 369 00:19:46,680 --> 00:19:49,680 Nigerian Prince. And now it is a very well 370 00:19:49,680 --> 00:19:53,920 crafted, very believable, you know, text or message or 371 00:19:53,920 --> 00:19:58,600 whatever it may be that AI is really empowering the the other 372 00:19:58,600 --> 00:20:01,080 side, right, to be better at that. 373 00:20:01,760 --> 00:20:06,040 How do you see AI impacting identity security, you know, as 374 00:20:06,040 --> 00:20:07,840 it stands today? And then what it what scares you 375 00:20:07,840 --> 00:20:10,040 the most when you start to think about these types of things and, 376 00:20:10,480 --> 00:20:13,520 and how you're going to defend against it or help others defend 377 00:20:13,520 --> 00:20:17,040 against it? Yeah, of course, I think it's 378 00:20:17,040 --> 00:20:19,120 twofold, right? There's there's one piece of it, 379 00:20:19,120 --> 00:20:21,880 which is like how do we think about identity for AI? 380 00:20:21,880 --> 00:20:27,280 And like identic identity or identic AI is almost like a 381 00:20:27,280 --> 00:20:29,600 human identity in that it's somebody that your organization 382 00:20:29,600 --> 00:20:31,680 hires and you need to give an identity to them. 383 00:20:32,000 --> 00:20:33,680 Let's set that aside for a second because that's probably 384 00:20:33,680 --> 00:20:36,240 it's own kind of can of worms which we can get to. 385 00:20:36,640 --> 00:20:41,200 The more pressing thing right now is AI has enabled attackers 386 00:20:41,200 --> 00:20:43,280 to do social engineering at scale. 387 00:20:43,520 --> 00:20:48,520 So they can find and literally use tools like chat, TPT and 388 00:20:48,520 --> 00:20:52,160 say, hey, go find me all the profiles on LinkedIn who have 389 00:20:52,160 --> 00:20:56,280 like a Microsoft certification for intra ID And they look like 390 00:20:56,280 --> 00:20:57,720 they've been in the industry for a few years. 391 00:20:57,720 --> 00:21:01,120 So they're probably a global admin and help me figure out 392 00:21:01,120 --> 00:21:03,600 like their home phone number. So I can try to call them up and 393 00:21:03,600 --> 00:21:07,160 convince them to turn over their, you know, their OTP or 394 00:21:07,160 --> 00:21:12,000 convince maybe their help desk to allow me to add my phone to 395 00:21:12,000 --> 00:21:14,280 their account so I can sign in as the attacker. 396 00:21:14,400 --> 00:21:17,400 And then once I do that, maybe I'll set up federation with my 397 00:21:17,400 --> 00:21:20,640 own IDP so I can persist in their environment and continue 398 00:21:20,640 --> 00:21:23,120 to log into their apps. Like those types of social 399 00:21:23,120 --> 00:21:25,760 engineering at scale and kind of doing the research part, 400 00:21:25,840 --> 00:21:28,960 Intelligence part just got a lot easier because like every 401 00:21:28,960 --> 00:21:32,880 individual attacker now has an army of bots, chat bots that 402 00:21:32,880 --> 00:21:36,000 they can go out and say, hey, do the research for me to figure 403 00:21:36,000 --> 00:21:38,560 out who I should go after and where the soft targets are and 404 00:21:38,560 --> 00:21:40,160 then even help me get in the front door. 405 00:21:40,160 --> 00:21:41,800 So you're kind of screening those targets. 406 00:21:41,960 --> 00:21:44,840 It's almost like hiring, right? You're like using an army of 407 00:21:44,840 --> 00:21:47,120 people to go find like good candidates and then screening 408 00:21:47,120 --> 00:21:50,280 them, except it's an attacker going and trying to find 409 00:21:50,280 --> 00:21:54,680 candidates or victims really. You know, I, I, maybe I'm one of 410 00:21:54,680 --> 00:21:57,560 those people who's just like taking in all the hype. 411 00:21:58,000 --> 00:22:02,440 But I heard a recent one, I think it was Open AI was hiring 412 00:22:02,440 --> 00:22:06,320 1000 developers and those thousand developers will each 413 00:22:06,320 --> 00:22:11,160 manage 1000 AI developers. So essentially, they're going to 414 00:22:11,160 --> 00:22:14,640 have a million developers if you do the math and you believe the 415 00:22:14,640 --> 00:22:18,920 height. I mean, are you guys leveraging 416 00:22:19,080 --> 00:22:23,960 AI in a way that you kind of like are now able to build the 417 00:22:23,960 --> 00:22:27,280 product faster, ship enhancements quicker, things 418 00:22:27,280 --> 00:22:29,120 like that? Does that resonate with you? 419 00:22:30,240 --> 00:22:31,880 It does. So I think the most immediate 420 00:22:31,880 --> 00:22:34,760 thing that comes to mind is that we just shipped the Duo AI 421 00:22:34,760 --> 00:22:37,120 assistant. So if you you're logging into 422 00:22:37,120 --> 00:22:40,160 the Duo admin console, there's an AI assistant there that you 423 00:22:40,160 --> 00:22:42,880 can ask questions to. So like, hey, why, you know, 424 00:22:42,880 --> 00:22:45,280 Jeff's having trouble logging into his account. 425 00:22:45,400 --> 00:22:48,600 Why can't Jeff log in and the AI assistant will go and kind of 426 00:22:49,200 --> 00:22:51,040 virtually click around the admin console. 427 00:22:51,040 --> 00:22:53,880 It's really talking to the API, but it's figuring out like, OK, 428 00:22:54,440 --> 00:22:56,040 what was Jeff's last error message? 429 00:22:56,280 --> 00:22:58,280 Why did that happen? What was it a policy? 430 00:22:58,280 --> 00:23:00,560 Was it some issue with the device he was coming from? 431 00:23:00,760 --> 00:23:03,280 Figure out what the issue is and then kind of spit out an answer 432 00:23:03,280 --> 00:23:06,240 is like, OK, Jeff couldn't log in because he was coming from an 433 00:23:06,240 --> 00:23:08,480 unregistered device. You know, something like that. 434 00:23:08,680 --> 00:23:11,880 Getting to those answers really quickly is a benefit that we see 435 00:23:12,000 --> 00:23:16,160 AI providing to do admin so that it can answer questions about 436 00:23:16,160 --> 00:23:19,720 how to set up the product or how to troubleshoot really easily 437 00:23:19,720 --> 00:23:22,120 and kind of write it there right at their fingertips. 438 00:23:22,120 --> 00:23:26,080 And then internally, we're also using AI for a whole slew of 439 00:23:26,080 --> 00:23:28,480 things. I think everybody is content's a 440 00:23:28,480 --> 00:23:30,840 good example. It makes it easier to write 441 00:23:30,840 --> 00:23:33,920 documentation for the product. It makes it easier to do a 442 00:23:33,920 --> 00:23:35,360 little bit of like market research. 443 00:23:35,360 --> 00:23:39,240 And then of course on the actual software engineering side, Cisco 444 00:23:39,240 --> 00:23:42,080 software engineering practice has kind of fully embraced AI 445 00:23:42,080 --> 00:23:45,960 and is trying to leverage it as much as possible to maximize and 446 00:23:45,960 --> 00:23:48,640 it's it's efficacy for for speeding up the software 447 00:23:48,640 --> 00:23:52,400 development process. That's such a super cool use of 448 00:23:52,400 --> 00:23:55,120 AII love being able to like say, OK, let me log in as an admin 449 00:23:55,120 --> 00:23:58,840 and say, OK, well, why doesn't Jeff work right rather than 450 00:23:58,840 --> 00:24:00,160 hunting around and pecking through? 451 00:24:00,360 --> 00:24:02,080 Now that might be a more existential question, but let's 452 00:24:02,080 --> 00:24:04,200 just focus on me not being able to authenticate, you know, for 453 00:24:04,200 --> 00:24:06,600 that scenario. So talk to me a little bit 454 00:24:06,600 --> 00:24:10,440 about, I guess Duo from a product perspective And you 455 00:24:10,440 --> 00:24:13,480 know, is, is Duo shifting kind of the mindset here? 456 00:24:13,480 --> 00:24:15,840 It sounds like it may be to a more broader identity and access 457 00:24:15,840 --> 00:24:18,880 management or is it, you know, you still focus on the 458 00:24:18,880 --> 00:24:21,120 authentication space? Like where do you see Duo kind 459 00:24:21,120 --> 00:24:23,720 of fitting today? Because everybody likes to be 460 00:24:23,720 --> 00:24:25,800 put into a box, right? Are you authentication? 461 00:24:25,800 --> 00:24:29,760 Are you IGA, are you Pam? You know what is Duo today and 462 00:24:29,760 --> 00:24:31,760 where do you think it'll be, you know, in the next few years? 463 00:24:32,880 --> 00:24:36,280 Yeah, I think I can answer that with it is a repositioning of of 464 00:24:36,280 --> 00:24:38,560 Duo really. You know, historically, whether 465 00:24:38,560 --> 00:24:41,640 we like it or not, the perception of Duo has been MFA 466 00:24:41,640 --> 00:24:45,600 and that's been a blessing and a curse because Duo is MFA and MFA 467 00:24:45,600 --> 00:24:46,840 is Duo. It's almost in the name. 468 00:24:46,840 --> 00:24:52,520 Like I like I said earlier, this is really a repositioning and 469 00:24:52,680 --> 00:24:56,440 reinvention of what Duo is to our customers. 470 00:24:56,440 --> 00:24:59,040 It's not just multi factor authentication, it's not just 471 00:24:59,040 --> 00:25:01,040 how you add MFA to your account. It's still that. 472 00:25:01,040 --> 00:25:03,240 And like we do that really well, exceptionally well. 473 00:25:03,880 --> 00:25:07,360 But this is the expansion of what Duo is into Duo identity 474 00:25:07,360 --> 00:25:09,520 and access management. We're really entering that 475 00:25:09,520 --> 00:25:13,840 broader IAM market and tying that to the broader Cisco 476 00:25:14,200 --> 00:25:17,120 portfolio in a, in a big way, which is our, you know our 477 00:25:17,120 --> 00:25:22,480 broader strength as a company. So it is a more of a revolution 478 00:25:22,480 --> 00:25:24,360 than an evolution of how you think about duo. 479 00:25:24,600 --> 00:25:27,680 So I've always noticed that Duo is very sticky with 480 00:25:27,680 --> 00:25:30,560 organizations, which is a real testament I think to the use 481 00:25:30,560 --> 00:25:32,760 case that it's been solved traditionally, right? 482 00:25:32,760 --> 00:25:35,680 The MFA side, you see a lot of organizations that have an IDP 483 00:25:35,680 --> 00:25:39,120 that has MFA capability, but they like Duo and they just stay 484 00:25:39,120 --> 00:25:43,160 with it. I'm curious from a, a product 485 00:25:43,160 --> 00:25:47,280 standpoint, given how your customers maybe have measured 486 00:25:47,280 --> 00:25:49,720 success in the past around this might have been, you know, 487 00:25:49,720 --> 00:25:53,440 enrollments or things like that number of MFA prompts, you know, 488 00:25:53,640 --> 00:25:56,720 whatever that might be how? Do you see that shifting in the 489 00:25:56,720 --> 00:25:59,720 future as part of this, you know, evolution of of the duo 490 00:25:59,720 --> 00:26:03,720 sort of identity security stack? Yeah, I think that how we 491 00:26:03,720 --> 00:26:05,360 measure success is an important question. 492 00:26:05,360 --> 00:26:08,680 It's one that we hold our product management team too. 493 00:26:08,680 --> 00:26:12,240 We have lots of individual contributor product managers and 494 00:26:12,560 --> 00:26:15,560 the question for them is, OK, you want to build this feature, 495 00:26:16,320 --> 00:26:19,880 what is the metric of success? And so the metric of success 496 00:26:20,280 --> 00:26:24,240 for, you know, this launch that we've done and for our customers 497 00:26:24,240 --> 00:26:26,360 who are starting to adopt these features, especially on the 498 00:26:26,360 --> 00:26:30,200 password this front, it's almost the inverse, which is how many 499 00:26:30,200 --> 00:26:33,320 authentications have we saved because we're now gone password 500 00:26:33,320 --> 00:26:35,360 less. How can we make it so that each 501 00:26:35,360 --> 00:26:39,560 individual on average has one or fewer authentication, 502 00:26:39,560 --> 00:26:41,800 interactive authentications per day? 503 00:26:41,840 --> 00:26:45,680 And so the ideal kind of dream state scenario is you walk into 504 00:26:45,680 --> 00:26:48,640 your office, you put your phone down on your desk next to your 505 00:26:48,640 --> 00:26:51,960 laptop or your, your desktop, whatever you're using, you log 506 00:26:51,960 --> 00:26:53,960 into the operating system through this kind of proximity 507 00:26:53,960 --> 00:26:56,480 verification that I described earlier. 508 00:26:56,720 --> 00:26:57,880 And then you're on with your day. 509 00:26:57,880 --> 00:27:00,720 You don't need to when you log into your browser or that 510 00:27:00,720 --> 00:27:03,400 browser or this, the client need to go through another 511 00:27:03,400 --> 00:27:05,520 interactive auth. You've already established like 512 00:27:05,800 --> 00:27:08,960 Matt's in his office in front of his computer, like let's just 513 00:27:09,320 --> 00:27:11,680 go. And I think that is now our 514 00:27:11,680 --> 00:27:14,640 metric of success. So Cisco itself, Cisco, IT 515 00:27:14,960 --> 00:27:17,880 rolled this out with Duo over the past couple years. 516 00:27:17,880 --> 00:27:20,520 They get early access to all the things that we build. 517 00:27:20,840 --> 00:27:24,000 And we're now at a point where the number of authentications 518 00:27:24,200 --> 00:27:28,200 for employees are less than 5 per week per employee on 519 00:27:28,200 --> 00:27:31,440 average. And like that is a major win for 520 00:27:31,440 --> 00:27:33,600 me personally as an employee here at Cisco. 521 00:27:33,800 --> 00:27:35,520 It's great. Like that user experience is 522 00:27:35,520 --> 00:27:37,760 really good. Was a big, it's a big win for 523 00:27:37,760 --> 00:27:40,960 for Duo and for the Cisco customer base more broadly. 524 00:27:41,960 --> 00:27:45,520 I love that procs card and really what the description you 525 00:27:45,520 --> 00:27:48,840 made there kind of reminds me just like continuous 526 00:27:48,840 --> 00:27:53,280 authentication that can happen in the background and it's more 527 00:27:53,280 --> 00:27:57,800 than just, you know, logging in and you walk away, someone pops 528 00:27:57,800 --> 00:28:00,280 into your cube and does this set or the other. 529 00:28:00,520 --> 00:28:03,400 You can really use the technology that you're talking 530 00:28:03,400 --> 00:28:05,360 about to prevent a scenario like that. 531 00:28:05,840 --> 00:28:11,280 And the reason I chimed in was I wanted to ask, is your IM 532 00:28:11,960 --> 00:28:16,560 solution going to be focused on that workforce internal 533 00:28:16,560 --> 00:28:21,240 population or is it going to be the customer side or both? 534 00:28:21,760 --> 00:28:23,640 Yeah, it's a good question. There are plenty of good 535 00:28:23,640 --> 00:28:27,080 solutions out there for the, you know, the customer side, you 536 00:28:27,080 --> 00:28:30,760 know, and plenty of awesome start-ups in that space as well 537 00:28:30,760 --> 00:28:32,120 that we, we talk to you frequently. 538 00:28:32,960 --> 00:28:35,760 What was launched here is, is for two major use cases. 539 00:28:35,760 --> 00:28:38,480 One is workforce, but then there's also extended workforce 540 00:28:38,480 --> 00:28:41,200 and B to B. We have a ton of customers using 541 00:28:41,200 --> 00:28:47,040 Duo for partners, contractors, vendors, third parties and how 542 00:28:47,040 --> 00:28:52,440 they log in to, to, to, to, to, to solutions inside the 543 00:28:52,440 --> 00:28:56,600 environment. We do have some customer IM use 544 00:28:56,600 --> 00:29:00,040 cases that are more on the B to B side than the traditional Siam 545 00:29:00,040 --> 00:29:03,800 stuff that you would expect. So for example, you can imagine 546 00:29:03,800 --> 00:29:06,240 that if I'm building a SAS product which is more 547 00:29:06,240 --> 00:29:09,520 infrastructure focused and so that I have like admins who need 548 00:29:09,520 --> 00:29:12,320 to log into it. We've seen Duo embedded for 549 00:29:12,320 --> 00:29:14,720 those use cases as well where you want to provide a really 550 00:29:14,720 --> 00:29:19,680 easy to adopt an MFA for privileged access for certain 551 00:29:19,680 --> 00:29:23,880 types of infrastructure. Often times we'll see Duo used 552 00:29:23,880 --> 00:29:26,640 for access like network devices because you know, Cisco is like, 553 00:29:26,640 --> 00:29:30,040 hey, I need the SSH into that router or that switch over there 554 00:29:30,040 --> 00:29:33,440 to change the the configuration on and you know, update the 555 00:29:33,440 --> 00:29:37,560 routing table, whatever. I will often put Duo in line for 556 00:29:37,560 --> 00:29:38,840 those types of use cases as well. 557 00:29:38,840 --> 00:29:42,280 So yeah, really workforce, extended workforce and sprinkle 558 00:29:42,280 --> 00:29:44,760 of of kind of B to B Siam as well. 559 00:29:46,160 --> 00:29:48,800 I love this idea of proximity based authentication. 560 00:29:48,800 --> 00:29:51,040 I think this is something that it's, it's not new. 561 00:29:51,040 --> 00:29:52,640 It's been around for a little bit. 562 00:29:52,680 --> 00:29:56,120 I, I can think of like Windows has had it built in for a little 563 00:29:56,120 --> 00:29:58,920 while, but frankly, it hasn't really worked very well for my 564 00:29:59,320 --> 00:30:00,600 from for when I've tried to use it. 565 00:30:01,120 --> 00:30:04,600 Talk to me about this idea of proximity based authentication. 566 00:30:04,720 --> 00:30:09,360 Is it I enroll my phone and I sit down and there is a 567 00:30:09,360 --> 00:30:12,680 Bluetooth beacon and you know, whether it's in the laptop or 568 00:30:12,680 --> 00:30:14,840 maybe some sort of add on or something that is picking that 569 00:30:14,840 --> 00:30:17,320 up. Can I use something other than a 570 00:30:17,320 --> 00:30:19,640 phone to authenticate that same way? 571 00:30:20,080 --> 00:30:22,240 Like maybe a ring? I mean, I wear a smart ring or 572 00:30:22,240 --> 00:30:24,120 maybe an Apple Watch or something else like that. 573 00:30:24,800 --> 00:30:27,560 Yeah, it's a great question. So the the way that this 574 00:30:27,560 --> 00:30:30,440 proximity verification works is yes, exactly right. 575 00:30:30,440 --> 00:30:35,160 It is Bluetooth low Energy. So you do have the laptop in a 576 00:30:35,160 --> 00:30:40,600 beaconing out a or broadcasting out a cryptographically signed 577 00:30:40,600 --> 00:30:44,960 nonce that is specific to the user and their their phone. 578 00:30:44,960 --> 00:30:48,640 And so your phone will pick up on that when it's, it senses, 579 00:30:48,640 --> 00:30:50,840 hey, I'm, I'm getting this Bluetooth low energy signal. 580 00:30:51,000 --> 00:30:53,720 It's this nonce. It's for me in particular. 581 00:30:53,840 --> 00:30:57,240 And then it will allow you to then use the phone to prove that 582 00:30:57,240 --> 00:31:00,680 it's you and, and dance between the phone and the laptop allows 583 00:31:00,680 --> 00:31:02,840 you to then log into the operating system or into the 584 00:31:02,840 --> 00:31:05,120 application that you're trying to access. 585 00:31:05,960 --> 00:31:09,640 This is great because it, unlike other solutions that rely on 586 00:31:09,640 --> 00:31:13,200 like GPS, for example, like that's not very reliable or it 587 00:31:13,200 --> 00:31:15,240 relies on IP address, also not reliable. 588 00:31:15,240 --> 00:31:19,120 Easily spoof both of those. You can't really spoof being in 589 00:31:19,120 --> 00:31:22,840 the same kind of radio frequency distance, you know, within like 590 00:31:22,960 --> 00:31:27,200 20 ish feet of of the laptop. So like that is fairly unique 591 00:31:27,200 --> 00:31:29,680 compared to these other approaches for proximity that 592 00:31:29,680 --> 00:31:32,600 have been tried in the past. We're relying on the physical 593 00:31:32,600 --> 00:31:35,560 medium between between the two of them. 594 00:31:35,840 --> 00:31:37,360 And yeah, we're not stopping here. 595 00:31:37,360 --> 00:31:41,360 Like this is one of many kind of frictionless experiences that 596 00:31:41,360 --> 00:31:43,000 we're providing for authentication. 597 00:31:43,320 --> 00:31:47,440 But there's a whole set of other problems to solve, especially in 598 00:31:47,440 --> 00:31:50,200 spaces like retail and healthcare where you want to 599 00:31:50,200 --> 00:31:53,960 provide frictionless access to systems without having to take 600 00:31:53,960 --> 00:31:56,560 your phone out of your pocket, for example, where we're going 601 00:31:56,560 --> 00:31:58,920 to continue to innovate and then everybody else will get the 602 00:31:58,920 --> 00:32:02,840 benefits of of all that you mentioned, like the, you know, 603 00:32:02,840 --> 00:32:05,440 Apple Watch in particular, who has an Apple Watch, you know, 604 00:32:05,440 --> 00:32:09,080 app on today, as well as an Android watch app. 605 00:32:09,080 --> 00:32:12,840 And you can use those today if you want to unlock, you know, or 606 00:32:12,840 --> 00:32:14,680 go through push based authentication. 607 00:32:14,680 --> 00:32:17,160 I think we'll continue to see more innovation around that. 608 00:32:17,320 --> 00:32:20,560 Other areas that are interesting are like NFC and trying to 609 00:32:20,560 --> 00:32:23,160 figure out if we want to do something in that space or other 610 00:32:23,160 --> 00:32:25,960 types of like badge based access. 611 00:32:25,960 --> 00:32:29,360 So more more to come. And this all strikes me as a 612 00:32:29,360 --> 00:32:32,280 really good way to get to that sort of passwordless Nirvana 613 00:32:32,280 --> 00:32:34,720 that I think everybody's been trying to get to. 614 00:32:34,720 --> 00:32:36,680 And, you know, you've got your phone or some sort of, you know, 615 00:32:36,680 --> 00:32:40,520 possession based authentication. It strikes me as very fishing 616 00:32:40,520 --> 00:32:43,800 resistance to where, you know, if it's based on especially 617 00:32:43,800 --> 00:32:47,280 proximity to something, it's going to be kind of hard to like 618 00:32:47,880 --> 00:32:50,680 fish if you have someone sitting there in front of you and try to 619 00:32:50,680 --> 00:32:52,520 block your, you know, Bluetooth signals. 620 00:32:53,160 --> 00:32:55,600 Talk to me about phishing resistance and and where does 621 00:32:55,600 --> 00:32:58,520 that play in in sort of the strategy of rolling out things 622 00:32:58,520 --> 00:33:00,360 like proximity based authentication or maybe other 623 00:33:00,360 --> 00:33:02,240 methods that Duo was looking at too? 624 00:33:03,200 --> 00:33:05,760 Yeah, so phishing resistance is really what's important here. 625 00:33:05,760 --> 00:33:09,480 And we've seen, you know, phishing at every part of the 626 00:33:09,480 --> 00:33:12,440 user's journey, whether it's enrollment or it's operating 627 00:33:12,440 --> 00:33:15,440 system, log in, application, log in, mid session security like 628 00:33:15,440 --> 00:33:19,520 session hijacking or for recovery use cases, attackers 629 00:33:19,520 --> 00:33:21,120 have phished every step of the way. 630 00:33:21,120 --> 00:33:23,680 So when we came out with phishing resistance, it wasn't 631 00:33:23,680 --> 00:33:26,440 enough to say, hey, we've got proximity verification now. 632 00:33:26,440 --> 00:33:29,440 Like we're good. There's there's more to it. 633 00:33:29,440 --> 00:33:33,160 Like for enrollment, we had to go with identity verification. 634 00:33:33,160 --> 00:33:36,800 And so we're partnering on the kind of government ID based 635 00:33:37,480 --> 00:33:39,080 enrollment flow. So you can use your government 636 00:33:39,080 --> 00:33:43,640 ID in a selfie in order to enroll into an account for same 637 00:33:43,640 --> 00:33:46,560 thing is true for help desk use cases and for recovery use 638 00:33:46,560 --> 00:33:49,680 cases, you use a government ID because you're now missing your 639 00:33:49,680 --> 00:33:50,680 phone that you're using before you. 640 00:33:50,680 --> 00:33:52,360 So you need a new kind of root of trust. 641 00:33:52,680 --> 00:33:55,920 And we just went through a whole hackathon with the California 642 00:33:55,920 --> 00:33:59,200 DMV to use verifiable credentials that the state 643 00:33:59,200 --> 00:34:01,720 issues in order to verify. Oh, that's really you. 644 00:34:01,720 --> 00:34:04,840 You have a verifiable credential from the state of California and 645 00:34:04,840 --> 00:34:07,840 you can, you can prove it to me. That's a really cool way to 646 00:34:07,840 --> 00:34:09,800 bootstrap into the process as well. 647 00:34:09,840 --> 00:34:12,719 But once you're in it, then we can rely on these cool things 648 00:34:12,719 --> 00:34:15,280 like, OK, I'm in it. I've registered my laptop, I've 649 00:34:15,280 --> 00:34:16,920 registered my phone on my account. 650 00:34:17,520 --> 00:34:20,360 Both of those are trusted devices with, you know, some 651 00:34:20,360 --> 00:34:22,600 sort of certificate built into the TPM. 652 00:34:22,600 --> 00:34:25,199 So I know cryptographically it's really that device. 653 00:34:25,440 --> 00:34:27,840 I know they're near each other and I know that, you know, it's 654 00:34:27,840 --> 00:34:30,800 me log into the device because I have my fingerprint or my face 655 00:34:30,800 --> 00:34:33,120 ID. Those kind of four factors 656 00:34:33,120 --> 00:34:35,239 really combined to make it phishing resistant because at no 657 00:34:35,239 --> 00:34:38,719 point along the way there are you entering something in 658 00:34:38,719 --> 00:34:41,600 whether username, a password or a code. 659 00:34:42,120 --> 00:34:44,960 And at no point along the way in there is it easy to man in the 660 00:34:44,960 --> 00:34:48,960 middle or attacker in the middle between any step of that flow. 661 00:34:48,960 --> 00:34:52,320 And so like that's really what gets us to that fishing 662 00:34:52,320 --> 00:34:54,400 resistance for application and OS login. 663 00:34:54,400 --> 00:34:58,840 And then the last piece I want to mention is the mid session 664 00:34:58,840 --> 00:35:01,040 security. So session hijacking. 665 00:35:01,040 --> 00:35:03,120 So great. You did all this work to go and 666 00:35:03,120 --> 00:35:05,760 build a kind of foolproof fishing resistant enrollment 667 00:35:05,760 --> 00:35:08,800 process and application login process. 668 00:35:09,160 --> 00:35:13,000 But what if the attacker is on your device and in your browser 669 00:35:13,000 --> 00:35:15,400 and they just steal your your session cookie out of there like 670 00:35:15,800 --> 00:35:17,560 it was all for nothing? Because the session cookie is 671 00:35:17,560 --> 00:35:19,920 basically with the credential at that point, and it's easily 672 00:35:19,920 --> 00:35:21,880 fishable. It can be replayed no matter 673 00:35:21,880 --> 00:35:25,960 what device it's coming from. We've gotten rid of cookies with 674 00:35:25,960 --> 00:35:29,320 this latest Duo announcement. We've gone to a cookieless 675 00:35:29,320 --> 00:35:31,920 architecture for our session management. 676 00:35:32,120 --> 00:35:34,920 So if you're logging in for Duo, you're not getting a, you're not 677 00:35:34,920 --> 00:35:37,400 getting a cookie. You are setting up the kind of 678 00:35:37,400 --> 00:35:42,000 cryptographic trust between your device and our back end, and 679 00:35:42,000 --> 00:35:44,920 then we're relying on that for subsequent authentication. 680 00:35:44,920 --> 00:35:47,560 So never is there a point in time where we're storing 681 00:35:47,760 --> 00:35:51,560 something that can be replayed in your browser such that an 682 00:35:51,560 --> 00:35:54,080 attacker could pull it out and put it into their own browser. 683 00:35:55,040 --> 00:35:57,040 So you kind of stole my my question that I was going to 684 00:35:57,040 --> 00:35:59,560 follow up with was that, you know, how do you how do you 685 00:35:59,560 --> 00:36:02,360 prevent session hijacking and man in the middle attacks and 686 00:36:02,360 --> 00:36:03,520 kind of things like that. So you got that. 687 00:36:03,520 --> 00:36:06,040 So I'm going to pivot to something else that Jim, I think 688 00:36:06,040 --> 00:36:09,120 touched on earlier was around this idea of continuous identity 689 00:36:09,120 --> 00:36:12,120 or continuous authentication. It seems to me like this is 690 00:36:12,120 --> 00:36:14,920 another area where something like this could be very handy 691 00:36:14,920 --> 00:36:18,600 and not just the point in time login, but as long as, you know, 692 00:36:18,600 --> 00:36:21,760 I think I've heard it referred to as butts in seats or, you 693 00:36:21,760 --> 00:36:23,760 know, something along those lines is like as long as you are 694 00:36:23,760 --> 00:36:27,440 still in that same area, you're constantly emitting signals of 695 00:36:27,440 --> 00:36:32,080 some sort to say, yes, this is Jeff versus maybe, you know, 696 00:36:32,080 --> 00:36:34,800 someone else who maybe has come over to that same device or 697 00:36:34,800 --> 00:36:37,040 something like that. How do you feel about that sort 698 00:36:37,040 --> 00:36:40,320 of idea of continuous authentication and leveraging 699 00:36:40,320 --> 00:36:43,120 those signals? Yeah, it's really interesting. 700 00:36:43,240 --> 00:36:45,920 There's a few things that we do on that front, especially with 701 00:36:46,520 --> 00:36:49,000 posture. So for a long time Duo has had 702 00:36:49,000 --> 00:36:51,920 Duo, a health agent which is now part of Duo Desktop that 703 00:36:51,920 --> 00:36:55,240 provides continuous posture signals from the device to the 704 00:36:55,240 --> 00:36:57,720 back end. Such as if the posture changes 705 00:36:58,000 --> 00:37:02,000 or any aspects of what the user's trying to do changes, we 706 00:37:02,000 --> 00:37:04,280 can kill that session and force a reauthentication. 707 00:37:04,680 --> 00:37:06,960 Same thing is true with risk based authentication. 708 00:37:06,960 --> 00:37:09,880 At the time of authentication, we're able to see, OK, here are 709 00:37:09,880 --> 00:37:13,080 these IP address, the Geo information, the device 710 00:37:13,080 --> 00:37:15,280 information. And so we can say for each 711 00:37:15,280 --> 00:37:17,600 authentication for any application like, all right, 712 00:37:17,800 --> 00:37:20,960 something's different here. Let's step up authentication or 713 00:37:20,960 --> 00:37:23,320 block entirely if it looks a little bit weird. 714 00:37:23,600 --> 00:37:25,480 So that's a piece. Risk based authentication is 715 00:37:25,480 --> 00:37:29,600 part of this. The posture based authentication 716 00:37:29,600 --> 00:37:32,520 is part of this. Identity intelligence is where 717 00:37:32,520 --> 00:37:35,040 we not just don't just get signals from Duo. 718 00:37:35,560 --> 00:37:38,360 Duo signals are great. See a lot of information, but 719 00:37:38,360 --> 00:37:42,840 identity Intelligence is able to pull information from your other 720 00:37:42,840 --> 00:37:47,640 identity priors from ACTA, from ENTRA, from you can pull data 721 00:37:47,640 --> 00:37:50,960 from your HR system, you can pull data from specific 722 00:37:50,960 --> 00:37:54,000 applications to really form a user 360 profile. 723 00:37:54,240 --> 00:37:57,040 And so we might get a much stronger signal on like a user 724 00:37:57,040 --> 00:38:00,480 trust score, so that if that score changes over time, we know 725 00:38:00,480 --> 00:38:03,000 that the reputation of that user's account isn't as 726 00:38:03,000 --> 00:38:05,280 trustworthy as it used to be. So that's important. 727 00:38:05,280 --> 00:38:08,560 And then to kind of pull all this together, we've invested a 728 00:38:08,560 --> 00:38:12,960 ton into shared signals. So SSF on the shared signals 729 00:38:12,960 --> 00:38:14,840 framework and, and, and the Cape standard. 730 00:38:15,120 --> 00:38:20,240 We've been working with quite a few other companies in these 731 00:38:20,240 --> 00:38:24,600 Gartner IAM interops that they've been holding in order to 732 00:38:24,920 --> 00:38:27,160 understand, hey, does, does our solution work with your 733 00:38:27,160 --> 00:38:29,160 solution? So we work with like signal with 734 00:38:29,160 --> 00:38:31,120 App Omni. And we've shown like, yeah, 735 00:38:31,120 --> 00:38:34,160 there's real interoperability here when we all implement 736 00:38:34,480 --> 00:38:36,760 shared signals. And so even if Duo can't detect 737 00:38:36,760 --> 00:38:40,000 something today on its own through shared signals, we can 738 00:38:40,000 --> 00:38:42,440 get signals from other providers that say, hey, it looks like, 739 00:38:42,680 --> 00:38:43,720 you know, something's fishy here. 740 00:38:43,720 --> 00:38:45,200 Something's a little bit unusual. 741 00:38:45,400 --> 00:38:48,360 Maybe you should log the user out of their session or or have 742 00:38:48,360 --> 00:38:52,000 them re authenticate. We don't have to just solve, you 743 00:38:52,000 --> 00:38:53,360 know, the whole problem on our own. 744 00:38:53,360 --> 00:38:58,200 We can work with industry partners to build up a pretty 745 00:38:58,200 --> 00:39:01,160 robust solution that can find these kind of behavioral 746 00:39:01,160 --> 00:39:03,920 differences in terms of what users are doing. 747 00:39:04,960 --> 00:39:07,920 That really pulls it all together from an identity 748 00:39:07,920 --> 00:39:11,400 security perspective. It's interesting. 749 00:39:11,400 --> 00:39:14,800 As you're talking and I was off camera, I was thinking, man, 750 00:39:14,800 --> 00:39:18,320 this sounds a lot like the Sassy framework, especially with the 751 00:39:18,320 --> 00:39:21,640 continuous authentication piece. So I went out. 752 00:39:22,000 --> 00:39:26,880 I googled to try to, you know, see if I can find a good concise 753 00:39:26,880 --> 00:39:29,600 summary. The 1st result that came back 754 00:39:29,600 --> 00:39:31,880 was from Cisco. So there you go. 755 00:39:33,240 --> 00:39:35,000 I guess her marketing team is doing a good job. 756 00:39:36,080 --> 00:39:38,240 Yeah. So Sassy secure access Service 757 00:39:38,240 --> 00:39:40,960 Edge, A big part of that is identity. 758 00:39:40,960 --> 00:39:44,320 But what most companies don't provide is the identity piece. 759 00:39:44,320 --> 00:39:46,400 A lot of the sassy vendors out there, they're just doing 760 00:39:46,400 --> 00:39:48,920 networking for you. It's like, hey, get my packets 761 00:39:48,920 --> 00:39:52,280 from point A to point B. Not realizing, like the 762 00:39:52,280 --> 00:39:54,800 foundation of zero trust is identity. 763 00:39:55,000 --> 00:39:59,120 So Cisco is literally the only solution in the industry that 764 00:39:59,120 --> 00:40:02,840 has an integrated identity stack now with our Sassy solution. 765 00:40:02,840 --> 00:40:05,920 So you can take all that from Cisco and integrate super 766 00:40:05,920 --> 00:40:10,960 tightly and you get end to end of Sassy with Identity. 767 00:40:10,960 --> 00:40:15,080 So you establish trust using identity and then parlay that 768 00:40:15,080 --> 00:40:18,760 into the network so you can then get access to just the resources 769 00:40:18,760 --> 00:40:23,080 that that user or that IoT device or you know that. 770 00:40:23,640 --> 00:40:27,080 Agents running in the cloud need access to that can all go 771 00:40:27,080 --> 00:40:28,800 through Sassy backed by Identity. 772 00:40:29,640 --> 00:40:33,000 Well, you heard it here first. You know, the, the thing I was 773 00:40:33,000 --> 00:40:36,600 talking about earlier, Matt was kind of, you know, this whole 774 00:40:36,640 --> 00:40:40,840 innovation piece R&D and you brought up something about 775 00:40:40,840 --> 00:40:45,320 shared signals framework. And I was like, man, to me, 776 00:40:45,320 --> 00:40:47,520 that's like where things are heading. 777 00:40:47,960 --> 00:40:53,880 And you must kind of see it the same way to say, because it's, I 778 00:40:53,880 --> 00:40:57,120 wouldn't say it's like in the here and now, it kind of feels 779 00:40:57,120 --> 00:41:01,800 like the most innovative companies, it's in the here and 780 00:41:01,800 --> 00:41:07,080 now for them. But when you look at like most 781 00:41:07,080 --> 00:41:10,440 organizations, I don't think they're that far in terms of 782 00:41:10,440 --> 00:41:15,800 adopting, adopting Cape in the signals framework for you to be 783 00:41:15,800 --> 00:41:18,320 investing in that, that's really innovative. 784 00:41:19,240 --> 00:41:23,360 Talk to us a little bit about that and why you made it, why 785 00:41:23,360 --> 00:41:25,720 you felt like that was important to invest in. 786 00:41:27,000 --> 00:41:29,000 Yeah. So that I mean among other 787 00:41:29,000 --> 00:41:32,280 things, we're always trying to solve this kind of complex 788 00:41:32,280 --> 00:41:34,760 equation for where we should spend our kind of limited 789 00:41:34,760 --> 00:41:37,680 engineering bandwidth. And that that's the problem that 790 00:41:37,680 --> 00:41:40,280 product management is is tasked with with solving, right. 791 00:41:40,280 --> 00:41:43,360 It's like where should we spend, you know, limited resources. 792 00:41:43,680 --> 00:41:47,720 That one in particular I think is super important for two, two 793 00:41:47,720 --> 00:41:51,280 reasons. 1 is we need that internally. 794 00:41:51,280 --> 00:41:55,920 So Cisco has dozens of products that need to share signals about 795 00:41:55,920 --> 00:41:59,560 identities all the time. I for a long time, identity 796 00:41:59,560 --> 00:42:02,760 services engine, which is a product that I'm I'm familiar 797 00:42:02,760 --> 00:42:05,800 with here at Cisco, is how we tied identity into the network. 798 00:42:05,800 --> 00:42:08,120 And they had a published, you know, published subscribe 799 00:42:08,120 --> 00:42:11,800 mechanism called PX Grid, which does pretty much exactly that. 800 00:42:11,800 --> 00:42:15,560 And shared signals we see as a kind of natural successor or 801 00:42:15,560 --> 00:42:18,480 complementary technology to how that technology operated. 802 00:42:18,480 --> 00:42:21,800 So for a long time we've known like you need this kind of 803 00:42:21,800 --> 00:42:24,800 shared bus to share identity signals. 804 00:42:25,000 --> 00:42:26,440 So like that, that's nothing new. 805 00:42:26,440 --> 00:42:28,320 But yeah, back, back to your question of like how do we 806 00:42:28,320 --> 00:42:31,280 continue to innovate in the face of all these different 807 00:42:31,280 --> 00:42:34,920 technologies, It's really the ones that drive our connectivity 808 00:42:34,920 --> 00:42:37,120 into what a customer might have showed. 809 00:42:37,120 --> 00:42:40,240 So things that that really work with other things in the 810 00:42:40,240 --> 00:42:42,480 industry and that's very much because that's how Duo has 811 00:42:42,480 --> 00:42:45,240 always operated. We are sort of an ecosystem 812 00:42:45,360 --> 00:42:48,120 player. We understand we are not just a, 813 00:42:48,240 --> 00:42:51,000 you know, an island in a much bigger industry. 814 00:42:51,000 --> 00:42:55,680 We integrate with other solutions in identity, other 815 00:42:55,680 --> 00:42:57,880 solutions in networking. And so it's really important 816 00:42:57,880 --> 00:43:02,040 that we do invest our limited engineering bandwidth into 817 00:43:02,200 --> 00:43:05,000 building stronger bridges so that we can do more with them. 818 00:43:05,200 --> 00:43:11,800 Not just, you know, sample, but also OIDC and Skim and SFF and 819 00:43:11,800 --> 00:43:14,520 and and so on and so on. Like we need to make sure that 820 00:43:14,520 --> 00:43:17,240 these bridges are really strong and we invest in the protocols 821 00:43:17,520 --> 00:43:20,560 that make them possible. Maybe model context protocol is 822 00:43:20,560 --> 00:43:23,440 the next one, Who knows? So you can kind of tell I 823 00:43:23,440 --> 00:43:27,400 dropped the pessimistic angle about 1/2 hour ago, right? 824 00:43:27,600 --> 00:43:30,600 I'm sitting, I'm literally sitting here thinking we should 825 00:43:30,600 --> 00:43:33,720 be paying Matt for being on here with us and like sharing this 826 00:43:33,720 --> 00:43:35,440 knowledge. So I'm going to pick your brain 827 00:43:35,440 --> 00:43:38,960 a little bit more. What, what should we be thinking 828 00:43:38,960 --> 00:43:41,400 about as the identity practitioners are listening to 829 00:43:41,400 --> 00:43:43,040 you? What should we be thinking about 830 00:43:43,520 --> 00:43:46,800 for the future? Yeah, I think the seizures hard 831 00:43:46,800 --> 00:43:49,120 to predict this fishing resistance thing. 832 00:43:49,200 --> 00:43:51,800 I even know we're talking about it here and now is like it's 833 00:43:51,800 --> 00:43:53,960 going to be a long road, but we got to start implementing that. 834 00:43:53,960 --> 00:43:57,000 That's really important if we want to see that 60% number drop 835 00:43:57,000 --> 00:44:00,600 down to, you know, below 50 and hopefully closer to like 10 or 836 00:44:00,600 --> 00:44:03,480 zero. I the investment in password 837 00:44:03,480 --> 00:44:06,320 list fishing resistance, you know, biometric based 838 00:44:06,320 --> 00:44:09,240 cryptographically secure password list like I can't 839 00:44:09,240 --> 00:44:11,840 emphasize that enough. Like there's the here and now 840 00:44:11,840 --> 00:44:14,560 and we've got the tools now to go and do it and that that's 841 00:44:14,560 --> 00:44:16,560 really important. But if we look out input on, you 842 00:44:16,560 --> 00:44:19,760 know, or goggles for what's happening 5 to 10 years in the 843 00:44:19,760 --> 00:44:23,560 future, there's a lot of interesting innovation happening 844 00:44:23,960 --> 00:44:27,560 both in terms of human identity, but in terms of machine and 845 00:44:27,560 --> 00:44:29,880 agentic identity. And they're all super 846 00:44:29,880 --> 00:44:31,480 interesting. Machine identity is kind of, 847 00:44:31,840 --> 00:44:34,480 it's been up and down in the hype curve like a few different 848 00:44:34,480 --> 00:44:35,960 times. I think it's like ping ponging 849 00:44:35,960 --> 00:44:39,080 back and forth about whether there's a real market there and 850 00:44:39,080 --> 00:44:42,000 enough to go after. I think there is. 851 00:44:42,440 --> 00:44:47,040 There's there's such a need for strongly identifying and 852 00:44:47,040 --> 00:44:50,080 authenticating devices, not just when they connect to the 853 00:44:50,080 --> 00:44:53,160 network, but also when they go and access resources and whether 854 00:44:53,160 --> 00:44:56,080 the devices or workloads. There's a ton of innovation 855 00:44:56,080 --> 00:44:58,040 that's required around machine identity. 856 00:44:58,480 --> 00:45:00,360 Same thing's going to be true for identic identity. 857 00:45:00,600 --> 00:45:05,040 If I'm hiring a team of 10 agents to do various things for 858 00:45:05,040 --> 00:45:06,920 me, I need to give them identities. 859 00:45:07,320 --> 00:45:09,920 I need to figure out what permissions I can delegate to 860 00:45:09,960 --> 00:45:14,120 them and when to delegate them to them, and then let them have 861 00:45:14,120 --> 00:45:17,440 the connectivity to go and access resources, but really 862 00:45:17,760 --> 00:45:21,480 closely watch what they're doing with the access that I gave them 863 00:45:21,480 --> 00:45:23,680 so I can quickly take it away. Then the thing that's really 864 00:45:23,680 --> 00:45:26,960 interesting is, you know, you can corrupt a person, maybe by 865 00:45:26,960 --> 00:45:29,760 bribing them or figuring out what their intentions are and 866 00:45:29,880 --> 00:45:33,040 and manipulating them. Agents, it's just like so much 867 00:45:33,040 --> 00:45:35,960 easier. Their value system is, is 868 00:45:35,960 --> 00:45:39,920 written in, in plain English and they they're easy to corrupt in 869 00:45:39,920 --> 00:45:43,040 such a way that we need to worry about the insider threat thing 870 00:45:43,040 --> 00:45:46,360 all over again, because each agent has the potential to 871 00:45:46,400 --> 00:45:49,560 easily become an insider threat just because it read like a 872 00:45:49,560 --> 00:45:52,000 weird PDF at some point in the past day. 873 00:45:52,000 --> 00:45:54,440 It's like, oh, he'd accidentally read this PDF and now it's 874 00:45:54,440 --> 00:45:56,560 malicious. Like that doesn't happen to 875 00:45:56,560 --> 00:45:59,160 people, it happens to agents and it, it's just bananas. 876 00:45:59,160 --> 00:46:01,280 And I think that's, that's a really interesting problem to 877 00:46:01,280 --> 00:46:03,200 solve from an identity perspective because it gets to 878 00:46:03,200 --> 00:46:05,800 like, yeah, that agent is who it says it is. 879 00:46:05,800 --> 00:46:07,760 It still is. We can still authenticate, it 880 00:46:07,760 --> 00:46:11,840 still has that certificate, but like it's gone off the walls. 881 00:46:11,840 --> 00:46:14,240 It's crazy. We we need to shut down what it 882 00:46:14,240 --> 00:46:16,520 can do. Those problems around the Gentic 883 00:46:16,600 --> 00:46:19,200 identity and Gentic AI are, are fun to think about. 884 00:46:19,320 --> 00:46:22,000 I think we'll see how much of it really comes to fruition, but 885 00:46:22,000 --> 00:46:24,160 I'm, I'm pretty excited about that in particular. 886 00:46:25,160 --> 00:46:27,000 I mean, there was a whole movie about this called The Matrix. 887 00:46:27,000 --> 00:46:30,520 So we've got Neo and, you know, Agent Smith. 888 00:46:30,520 --> 00:46:33,320 And if you think about it, both are a gentic AI is kind of 889 00:46:33,320 --> 00:46:35,400 battling each other right through all the different levels 890 00:46:35,440 --> 00:46:38,680 of of the Matrix. I want to project us from the 891 00:46:38,680 --> 00:46:41,320 here and now into the future. I'm going to wrap up the episode 892 00:46:41,320 --> 00:46:46,560 here and you know, we're at Ideniverse as this goes live. 893 00:46:47,080 --> 00:46:49,200 So, but we're not there physically yet, right? 894 00:46:49,200 --> 00:46:52,320 So we're going to use the power of time travel for the three of 895 00:46:52,320 --> 00:46:54,840 us. What is something that you are 896 00:46:54,840 --> 00:46:57,360 hoping to see at Ideniverse this year? 897 00:46:57,360 --> 00:47:01,400 Is there a specific topic, any sort of trends that you want to 898 00:47:01,400 --> 00:47:02,800 see? I have to imagine like AI is 899 00:47:02,800 --> 00:47:05,280 going to be kind of everywhere in this idea of non human 900 00:47:05,280 --> 00:47:06,920 identity. But like, what are you most 901 00:47:06,920 --> 00:47:09,680 looking forward to hearing more about at the Identifiers 902 00:47:09,680 --> 00:47:11,920 conference that we are all at right now? 903 00:47:12,800 --> 00:47:17,000 Yes, here we are. So there's a ton of things and 904 00:47:17,000 --> 00:47:20,280 and yeah, you can't ignore AII think I'm interested to see what 905 00:47:20,280 --> 00:47:22,760 start-ups emerge around the agentic identity space. 906 00:47:22,760 --> 00:47:24,840 I'm already seeing a few really interesting ones. 907 00:47:24,840 --> 00:47:27,560 And you know, from my ventures point at Cisco, I, I get a sneak 908 00:47:27,560 --> 00:47:29,760 peek into like what's going on in the startup industry and 909 00:47:29,760 --> 00:47:32,400 that's pretty cool. The machine identity stuff. 910 00:47:32,400 --> 00:47:34,160 We've been talking about non human identity for a couple 911 00:47:34,160 --> 00:47:35,800 years now. There's been a crop of start-ups 912 00:47:35,800 --> 00:47:37,800 that came about. I'm really interested to see 913 00:47:38,080 --> 00:47:41,040 where that goes. It's like, do we get beyond just 914 00:47:41,160 --> 00:47:43,360 visibility and observability there? 915 00:47:43,360 --> 00:47:45,760 It feels like we're, we're, we're there like when are we 916 00:47:45,760 --> 00:47:48,760 going to get an IDP for machines and when are we going to get an 917 00:47:48,760 --> 00:47:51,320 IDP for agents? And what are the sort of things 918 00:47:51,320 --> 00:47:53,480 that would make this happen? So then those things in 919 00:47:53,480 --> 00:47:54,440 particular. Interesting. 920 00:47:54,440 --> 00:47:57,040 I think the identity governance problem is still very real. 921 00:47:57,040 --> 00:47:59,920 It's like we still don't have least privilege authorization. 922 00:48:00,480 --> 00:48:04,200 One hypothesis that I find super interesting that I'm going to be 923 00:48:04,200 --> 00:48:07,160 looking out for an Identiverse or am looking out for since 924 00:48:07,160 --> 00:48:12,160 we're there is whether this agentic AI problems forces us to 925 00:48:12,160 --> 00:48:16,400 finally solve the hard problem of authorization that 926 00:48:16,400 --> 00:48:19,120 everybody's been kicking the can down the road on for for so 927 00:48:19,120 --> 00:48:20,120 long. Because it's hard. 928 00:48:20,240 --> 00:48:23,040 It's hard to figure out beyond the application level what 929 00:48:23,040 --> 00:48:25,440 permissions people should have and how to grant them and take 930 00:48:25,440 --> 00:48:28,480 them away in, you know, in an instant. 931 00:48:28,480 --> 00:48:31,480 But with agents, like we were talking about, things can go 932 00:48:31,480 --> 00:48:34,800 wrong in an instant, and they can go wrong at scale, and you 933 00:48:34,800 --> 00:48:37,560 can cause really, really big problems if you don't have 934 00:48:37,560 --> 00:48:40,440 control over it. I think we might finally see 935 00:48:40,800 --> 00:48:44,560 solutions to authorization that not just work for agents, but we 936 00:48:44,560 --> 00:48:47,320 actually get the benefit from them for humans as well, and 937 00:48:47,320 --> 00:48:49,600 it's going to make our lives easier and more secure. 938 00:48:49,760 --> 00:48:51,760 Jim, what are you looking forward to at the Identiverse 939 00:48:51,760 --> 00:48:53,040 that we are currently at right now? 940 00:48:53,640 --> 00:48:57,880 Yeah, well, look, I'm going to force the lighter note. 941 00:48:58,560 --> 00:49:02,720 I'm looking forward to improvements in the swag. 942 00:49:03,240 --> 00:49:06,560 I think it's very important that each booth give away something 943 00:49:06,560 --> 00:49:09,400 good. I don't need any more squeeze 944 00:49:09,400 --> 00:49:12,160 balls. I don't need one of those like 945 00:49:12,160 --> 00:49:15,400 window dealings that covers your camera when you don't want to be 946 00:49:15,400 --> 00:49:19,440 on camera. What I would like I I'm a fan of 947 00:49:19,440 --> 00:49:22,160 socks. Like I think giving away socks 948 00:49:22,160 --> 00:49:23,720 is a good thing. I know you're that's not your 949 00:49:23,720 --> 00:49:25,360 thing. I don't understand it. 950 00:49:25,600 --> 00:49:29,280 Everybody likes socks like I I have 0 interest, less than 0 951 00:49:29,280 --> 00:49:30,600 interest. I would give them away if I had 952 00:49:30,600 --> 00:49:34,560 someone give them to me. So socks I think is good because 953 00:49:34,560 --> 00:49:39,040 you, you know, you wear them a few times and then like you got 954 00:49:39,040 --> 00:49:40,880 them for free so you can just throw them away. 955 00:49:41,680 --> 00:49:45,360 I think somebody should have scarves, like how much would it 956 00:49:45,360 --> 00:49:48,840 cost to have a custom scarf or do something a little bit 957 00:49:48,840 --> 00:49:51,080 different. You want to say you think 958 00:49:51,080 --> 00:49:54,360 different than give away different swag at the at your 959 00:49:54,360 --> 00:49:57,040 booth? That's my pro tip. 960 00:49:57,920 --> 00:49:59,920 Matt, any response to that as as a vendor? 961 00:49:59,920 --> 00:50:02,920 Yeah. No, I think the scar scarves in 962 00:50:02,920 --> 00:50:05,880 Vegas, in the in, in, in, in June is like really? 963 00:50:06,360 --> 00:50:10,240 That's going to be really good. It's going to be like 100° or 964 00:50:10,400 --> 00:50:13,880 when you're listening to this, it's probably 100° outside, but 965 00:50:13,880 --> 00:50:16,240 you get to stay inside in the it's. 966 00:50:16,280 --> 00:50:17,960 Chilly. No, I'm with Jim though, on 967 00:50:17,960 --> 00:50:19,560 socks. I I love the socks. 968 00:50:20,440 --> 00:50:21,840 Sorry, Jeff. No, hey, that's fine. 969 00:50:21,840 --> 00:50:23,480 Look, I know. I know what's super popular. 970 00:50:23,480 --> 00:50:26,320 We have a lot of folks that have, you know, expressed 971 00:50:26,320 --> 00:50:28,960 interest in that. You know, I just, I don't get 972 00:50:28,960 --> 00:50:30,280 it. I think the most important thing 973 00:50:30,280 --> 00:50:33,240 for any type of swag is that you don't want to be the piece of 974 00:50:33,240 --> 00:50:37,200 swag that gets left behind in the hotel room because like, I'm 975 00:50:37,200 --> 00:50:39,360 not going to use this thing. That's just a waste for 976 00:50:39,360 --> 00:50:42,480 everybody. So it also means that your swag 977 00:50:42,480 --> 00:50:45,640 was not memorable enough to, to, to throw in the suitcase or into 978 00:50:45,640 --> 00:50:46,760 the bag or whatever you're doing. 979 00:50:46,760 --> 00:50:48,760 So pro tip for all the vendors out there, right? 980 00:50:48,760 --> 00:50:51,640 Come up with something good. Who I appreciate most are 981 00:50:51,640 --> 00:50:54,080 vendors who give me stuff that I can give to my kids as 982 00:50:54,080 --> 00:50:56,920 souvenirs. It just like saves me a trip. 983 00:50:57,840 --> 00:51:01,280 I was at RSAA few years back and somebody was giving out like 984 00:51:01,280 --> 00:51:04,920 lightsabers. And so of course that was a very 985 00:51:04,920 --> 00:51:06,680 popular, you know, giveaway for people. 986 00:51:07,040 --> 00:51:10,000 And I'll never forget getting on to the flight back home from San 987 00:51:10,000 --> 00:51:11,680 Francisco and just that time we've been going back to 988 00:51:11,680 --> 00:51:13,720 Chicago. So United flight and I get on 989 00:51:13,720 --> 00:51:17,000 the flight and I just see a whole bunch of lightsabers on 990 00:51:17,000 --> 00:51:19,960 the seats with all the people who had attended RSA and they 991 00:51:19,960 --> 00:51:21,840 were carrying back this thing. I don't know what company it 992 00:51:21,840 --> 00:51:24,280 was, but it was a very memorable swag on them. 993 00:51:24,280 --> 00:51:28,800 So, you know, a unique memory as part of business travel of, you 994 00:51:28,800 --> 00:51:30,760 know, getting on board with what I assume are a whole bunch of 995 00:51:30,760 --> 00:51:33,600 Jedi and Sith Lords, you know, going back to Chicago. 996 00:51:33,600 --> 00:51:37,360 So you never know. Hey, I should mention though, 997 00:51:37,520 --> 00:51:41,320 Identity Center is recording. We're at a booth in the Expo 998 00:51:41,320 --> 00:51:45,640 hall and we will have stickers. So even if we're recording and 999 00:51:45,640 --> 00:51:52,320 can't stop and talk and grab a sticker, and if we are there and 1000 00:51:52,320 --> 00:51:54,120 we're not recording, we'd love to say hi. 1001 00:51:54,760 --> 00:51:57,240 Yep, always. All right, let's go to wrap it 1002 00:51:57,240 --> 00:51:59,560 up. Matt, any final words of wisdom 1003 00:51:59,560 --> 00:52:02,400 that you'd like to impart upon the global identity community 1004 00:52:02,400 --> 00:52:04,200 that you're talking to? No pressure. 1005 00:52:05,240 --> 00:52:09,120 OK, check out the new Duo. You know, go to duo.com, there's 1006 00:52:09,360 --> 00:52:11,200 Duo Identity access management is pretty cool. 1007 00:52:11,200 --> 00:52:13,080 We've got a directory now that's the big news. 1008 00:52:13,120 --> 00:52:16,080 Let's go check that out. If it's not Thursday yet of 1009 00:52:16,080 --> 00:52:18,960 Identiverse, check out my keynote on Thursday. 1010 00:52:19,440 --> 00:52:22,320 I'll be talking in the morning and if it's past that date, you 1011 00:52:22,320 --> 00:52:24,360 know, feel free to check out the other recording of it 1012 00:52:24,360 --> 00:52:26,680 afterwards. But no, that's that's I 1013 00:52:26,680 --> 00:52:27,880 appreciate you guys having me on. 1014 00:52:28,680 --> 00:52:30,200 Well, Matt, it's always a pleasure having you here. 1015 00:52:30,520 --> 00:52:32,280 We're going to give you a virtual fist bump for now and 1016 00:52:32,280 --> 00:52:34,720 hopefully make that a real fist bump in a couple days there. 1017 00:52:35,720 --> 00:52:36,960 Yeah. So we'll have links in our show 1018 00:52:36,960 --> 00:52:42,520 notes, duo.com, duo.com and connect with us on LinkedIn and 1019 00:52:42,800 --> 00:52:45,800 what else like and subscribe to all that fun stuff and show 1020 00:52:45,800 --> 00:52:47,680 appreciation for the guests that we get on like Matt. 1021 00:52:47,680 --> 00:52:50,440 So with that, we'll go ahead and wrap it up for this week. 1022 00:52:50,880 --> 00:52:53,680 Thanks everyone for watching and or listening and we'll talk with 1023 00:52:53,680 --> 00:52:58,160 you all in the next one. You've been listening to 1024 00:52:58,200 --> 00:53:02,120 Identity at the Center. We hope you've enjoyed the show. 1025 00:53:02,280 --> 00:53:06,400 Make sure to like, rate and review, and we'll be back soon. 1026 00:53:06,680 --> 00:53:08,920 But in the meantime, hit the website at 1027 00:53:08,920 --> 00:53:15,320 identity@thecenter.com. See you next time on Identity at 1028 00:53:15,320 --> 00:53:16,200 the Center.