WEBVTT 1 00:00:00.000 --> 00:00:02.550 Tom Field: Hi there. I'm Tom Field, senior vice president of 2 00:00:02.550 --> 00:00:05.550 editorial with Information Security Media Group. I am at 3 00:00:05.550 --> 00:00:08.580 our Government Cybersecurity Summit in Washington DC, 4 00:00:08.880 --> 00:00:12.540 privileged to be talking about zero trust. Speaking with Dennis 5 00:00:12.540 --> 00:00:15.150 Reilly, the vice president, public sector for Gigamon. 6 00:00:15.180 --> 00:00:17.310 Dennis, pleasure to see you in person for change. 7 00:00:17.340 --> 00:00:18.120 Dennis Reilly: Thank you, Tom. 8 00:00:18.600 --> 00:00:21.900 Tom Field: So, zero trust. How has this conversation evolved, I 9 00:00:21.900 --> 00:00:25.350 would say over the past two and a half years, as it was the big 10 00:00:25.350 --> 00:00:30.360 commercial at RSA, and then particularly since last year, 11 00:00:30.570 --> 00:00:31.950 with the President's executive order. 12 00:00:31.650 --> 00:00:34.469 Dennis Reilly: Right, so, the conversation about zero trust 13 00:00:34.533 --> 00:00:38.634 started over 10 years ago. They really got supercharged with the 14 00:00:38.698 --> 00:00:42.543 Biden administration with the executive order, and improving 15 00:00:39.380 --> 00:00:56.150 Tom Field: Where were you seeing agencies, in particular, make 16 00:00:42.607 --> 00:00:46.644 the nation's cybersecurity. And since then, the administration, 17 00:00:46.708 --> 00:00:50.296 through OMB memorandas and funding through the Congress, 18 00:00:50.360 --> 00:00:52.860 has really made it a top-of-mind topic. 19 00:00:56.150 --> 00:00:58.850 progress and conforming with the executive order? 20 00:00:58.000 --> 00:01:01.390 Dennis Reilly: Right, so each agency starts from a different 21 00:00:58.000 --> 00:01:35.740 Talk about this a little bit, Dennis, because that was at the 22 00:01:01.390 --> 00:01:04.180 place, there's different strengths and different gaps 23 00:01:04.180 --> 00:01:06.670 that they want to fill. So, depending on where they find 24 00:01:06.670 --> 00:01:10.300 themselves, they're picking different areas. We're focused 25 00:01:10.300 --> 00:01:15.100 on the network pillar. No one vendor can solve all of the 26 00:01:15.100 --> 00:01:18.820 agency's issues. But what we're finding is that there's a lot of 27 00:01:18.820 --> 00:01:22.420 interest in getting visibility into what's happening on the 28 00:01:22.420 --> 00:01:25.930 network and deep observability. So, the agencies can take 29 00:01:26.080 --> 00:01:30.730 network-based action to improve cybersecurity and also find any 30 00:01:30.730 --> 00:01:32.710 bottlenecks that they might have in a hybrid cloud 31 00:01:33.190 --> 00:01:34.030 infrastructure. 32 00:01:35.740 --> 00:01:38.170 top of your presentation. You talked about network traffic 33 00:01:38.170 --> 00:01:41.500 visibility. What are you observing? And how are you 34 00:01:41.500 --> 00:01:43.030 helping organizations respond? 35 00:01:43.000 --> 00:01:47.650 Yeah, so what we're seeing is that agencies understand that if 36 00:01:47.650 --> 00:01:51.280 something happens on the network, there's going to be a 37 00:01:51.280 --> 00:01:54.370 record of that. It can be observed, either at the packet 38 00:01:54.370 --> 00:01:57.670 level or through metadata. And then, they can analyze that and 39 00:01:57.670 --> 00:02:01.840 then quickly take action to interrupt and attack. So, 40 00:02:01.870 --> 00:02:04.900 because of that, they've used programs in the past, like the 41 00:02:04.900 --> 00:02:07.540 tedious diagnostics and mitigation program, and now 42 00:02:07.540 --> 00:02:10.840 technology, modernization funds, and they own their own agencies' 43 00:02:10.840 --> 00:02:14.680 appropriations to put in infrastructure. In our case, 44 00:02:14.680 --> 00:02:17.800 it's a next-generation network packet broker, to give them that 45 00:02:17.800 --> 00:02:20.230 pervasive network visibility and that deep observability 46 00:02:20.230 --> 00:02:20.710 pipeline. 47 00:02:20.990 --> 00:02:23.090 Tom Field: Every time I talked to John Kindervag, he tells me 48 00:02:23.090 --> 00:02:26.240 that people still don't quite understand what zero trust is, 49 00:02:26.240 --> 00:02:29.360 and is not. Do you see some clarification in the public 50 00:02:29.360 --> 00:02:30.140 sector market? 51 00:02:30.210 --> 00:02:32.610 Dennis Reilly: I do. People recognize that it's a journey. 52 00:02:32.610 --> 00:02:36.390 We're seeing that from the DHS and the office of the CIO at 53 00:02:36.390 --> 00:02:41.040 DoD, and it's going to be a multi-year journey. It's an 54 00:02:41.040 --> 00:02:44.220 approach. And there's going to be different maturity levels and 55 00:02:44.220 --> 00:02:47.250 incremental progress over those multiple years. 56 00:02:47.430 --> 00:02:49.980 Tom Field: Where do you see leadership among the agencies? 57 00:02:50.020 --> 00:02:52.900 Dennis Reilly: So, that's interesting. I think we're 58 00:02:52.900 --> 00:02:56.440 seeing leadership out of CISA. At DHS, we're seeing leadership 59 00:02:56.440 --> 00:03:00.670 out of the office of CIO Randy Resnick and his team. But one 60 00:03:00.670 --> 00:03:03.160 particular agency that we've been impressed with has been the 61 00:03:03.190 --> 00:03:07.570 Department of Agriculture. CIO Gary Washington has used agency 62 00:03:07.570 --> 00:03:11.200 funds, as well as technology modernization funds, to 63 00:03:11.260 --> 00:03:14.410 supplement his budget on his journey to zero trust. 64 00:03:14.440 --> 00:03:16.000 Tom Field: It's good. And as you know, state and local 65 00:03:16.000 --> 00:03:19.360 governments are paying attention to what's going on, the private 66 00:03:19.360 --> 00:03:23.530 sector certainly is. What do you want our audience to know about 67 00:03:23.530 --> 00:03:27.040 Gigamon, and how you're helping organizations on their own zero 68 00:03:27.040 --> 00:03:27.790 trust journeys? 69 00:03:28.060 --> 00:03:30.850 Dennis Reilly: Sure. So, we agree that it's more than just 70 00:03:30.850 --> 00:03:32.920 government, also into the private sector, especially in 71 00:03:32.920 --> 00:03:36.430 the regulated industries. So we're helping agencies and 72 00:03:36.430 --> 00:03:39.520 private sector organizations make sure they can see what's 73 00:03:39.520 --> 00:03:42.790 happening on their network, that they get deep observability. So, 74 00:03:42.790 --> 00:03:46.210 they can then take action. The idea is, if you can't see what's 75 00:03:46.210 --> 00:03:48.970 happening on your network, you can't defend it. If you can't 76 00:03:48.970 --> 00:03:51.610 see an attack, you can't protect yourself against it. 77 00:03:51.700 --> 00:03:53.290 Tom Field: And this is much in line with the guidance we're 78 00:03:53.290 --> 00:03:54.640 seeing come out of the government as well. 79 00:03:54.940 --> 00:03:57.700 Dennis Reilly: Absolutely. Yeah. So we're happy to be involved in 80 00:03:57.700 --> 00:04:01.540 zero trust. We enjoy great relationships with industry and 81 00:04:01.540 --> 00:04:03.610 with government, and we look forward to continuing that. 82 00:04:03.640 --> 00:04:04.870 Tom Field: Well, Dennis, I look forward to having more 83 00:04:04.870 --> 00:04:06.850 conversation with you. Thank you so much for your time today and 84 00:04:06.850 --> 00:04:07.990 for your presentation as well. 85 00:04:08.000 --> 00:04:11.840 Tom Field: Topic has been zero trust. This is Dennis Riley. He 86 00:04:08.050 --> 00:04:08.770 Dennis Reilly: Thanks so much, Tom. 87 00:04:11.840 --> 00:04:15.620 is with Gigamon with the public sector. For Information Security 88 00:04:15.620 --> 00:04:18.620 Media Group, I'm Tom Field. Thank you for your time and 89 00:04:18.620 --> 00:04:19.220 attention today.