VMware Explore 2024 | Umesh Mahajan | Broadcom

Clips
News
More from VMware Explore 2024

Umesh Mahajan

VP & GM, Application Networking & Security Division

Broadcom

Broadcom discusses how AI enterprise security is revolutionizing threat detection

Enterprise security is undergoing a transformative shift as AI and large language models redefine the boundaries of threat detection and prevention.With traditional AI and machine learning approaches hitting their limits, the integration of generative AI is opening new avenues to counter increasingly complex cyber threats. This evolution in enterprise security technology signals a significant leap forward, as companies leverage advanced AI to stay ahead in an ever-evolving threat landscape, according to Umesh Mahajan (pictured), vice president and general manager for application networking and security at Broadcom Inc.Umesh Mahajan of Broadcom talks with theCUBE during VMware Explore 2024

play_circle_outline Empowering SOC Analysts Through Co-Pilot Integration and AI Security Against Evolving Threats

play_circle_outline Avi Load Balancer analytics for availability and latency monitoring

play_circle_outline Add-on SKUs for firewall, threat protection, and Avi Load Balancer

play_circle_outline Future focus on improving adoption and integration for VCF customers.

Info
Transcript

Umesh Mahajan | Broadcom

Umesh Mahajan

VP & GM, Application Networking & Security Division Broadcom

At the Venetian Conference Center, Dave Vellante discusses enterprise security with Umesh Mahajan of Broadcom. They focus on the impact of AI and large language models (LLMs) on the threat landscape. These models help identify potential attacks and reduce the number of alerts for SOC analysts. New co-pilot tools are being developed to assist with threat prevention and security operations. Products like vDefend and Avi Load Balancer provide comprehensive security solutions for customers. Highly regulated industries are particularly interested in on-prem soluti... Read more

explore Keep Exploring

What impact is generative AI, especially large language models like GPT, having on security threats and how are they changing the threat landscape for organizations? add

What is the purpose of measuring latency at every hop with the Avi analytics tool in relation to a load balancer for application availability and scalability? add

What are some of the add-ons available for customers deploying VCF? add

What improvements do you hope to achieve in the next year for your VCF customers in terms of security and load balancing? add

bolt Powered by CUBE AI

Umesh Mahajan | Broadcom

search

Dave Vellante

>> Hi, everybody. Welcome back to VMware Explore 2024. We're here at the Venetian Conference Center. This is theCUBE. I'm Dave Vellante. This is our 15th year covering VMworld and now VMware Explore. I'm including a couple of years of COVID in there, but we're super excited to be back, double set, and a different vibe this year as we've been reporting, but really focused with key messages coming out from top management. And we're here to explore one of our favorite topics, which is the state of enterprise security. We want to dig into how AI and specifically, security around LLMs is changing the threat landscape and what Broadcom VMware are doing about it. We're here with Umesh Mahajan. Did I get that right? Umesh Mahajan.

Umesh Mahajan

>> Yes, you did. Thank you.

Dave Vellante

>> Umesh Mahajan.

Umesh Mahajan

>> Correct.

Dave Vellante

>> Sorry for the skip there. Umesh Mahajan is the Vice President and General Manager for application networking in the security division at Broadcom. Great to see you. Thanks for coming on theCUBE.

Umesh Mahajan

>> It's wonderful to be here and excited to be talking to you today.

Dave Vellante

>> So the buzz around... It's interesting, at RSA, last year, it was all about how LLMs are going to help bad actors write better phishing emails. This year the theme flipped and was more focused on, well actually you have to protect the LLMs and make sure that they're not exposures. How do you see it, the threat landscape, AI generally, but specifically large language models and the GPT heard around the world? How is that affecting security in your world?

Umesh Mahajan

>> So I think we were always using AI ML to learn and improve how do we figure out the threat campaigns, the rule recommendations, but we kind of had reached the limit. Along comes generative AI and with this large language models, suddenly we can model a much bigger model over there and we can look at all these behavioral attacks. And that's what these threat campaigns happen is we haven't seen exactly the same attack before. So you have to imagine, this plus this and third thing happening is potentially an attack. So now we can model them better. We can reduce the number of threat alerts. If we generate 500 alerts for the SOC analyst, he or she probably may not be able to keep up with them, but if we just give them 5 or 10, give them the context, "Hey, this is the threat campaign that's happening along these alerts," then they can ask the co-pilot, which we'll have, a chatbox over there. "Hey, I think this is a real alert. I agree looking at the context, but now how shall I protect against it?" And there itself, we will suggest these are the security remediation policies. You can click on them if you like them, and they'll get enforced so that somehow you're protecting the last part of the ransomware attack.

Dave Vellante

>> So you're directly affecting the SOC analyst experience in that example that you just gave, which is-

Umesh Mahajan

>> Yes, and let's say it's the virtualization guy who's running it because the SOC analyst is not the SOC analyst definitely. This person was running the firewall and suddenly bought this tool to start showing him all this information. Suddenly he can be a SOC. He or she can be a SOC analyst too, because giving him or her all the information and then they can take the remedial action. So it'll work for both sides of the house.

Dave Vellante

>> Interesting point you're making because most firms don't have a SOC analyst, right?

Umesh Mahajan

>> Yes.

Dave Vellante

>> Probably half the firms out there don't have a SOC at least. And so the virtualization admin all of a sudden, or the IT manager at a mid-sized company all of a sudden has to be a security expert.

Umesh Mahajan

>> They're a security expert because giving them the context, they can save the context. Tomorrow somebody ask them, "Why did you do this?" So that whole chat session, they can save it, later on if an auditor asks them, they can show it. If this is what is going on, that's why I did this.

Dave Vellante

>> That puts a lot of pressure on you Umesh because you're getting audited, right? Because basically Broadcom told me to do that.

Umesh Mahajan

>> Yes.

Dave Vellante

>> So you've got to be a trusted partner there. Tell me about these products that our audience may not be familiar with, and I'm sort of vaguely familiar with Avi Load Balancer and vDefend. What do they do? How do they fit into the whole network security stack?

Umesh Mahajan

>> So when it comes to network security, that's what vDefend is, right? We have two products over there, the Distribute Firewall, which is an excellent product for lateral security and Micro Segmentation, it prevents the lateral movement. We've had that for a decade, widely deployed by our customers. We keep improving it. And the other second product is Advanced Threat Protection. There we have malware and ransomware detection and prevention, IDS IPS, NTNDR, and then both these products, we kind of surround it with a security intelligence where we have real-time visibility, real-time analytics, shows what is an application. We think this is an application, but why is it talking to these other guys? These are all attacks happening or something incorrect. So lock down your application with these rules and cut off these other connections which are happening. Why suddenly exporting these things for no or reason or what happened over here? So what we've done is we've built an entire security stack with secure visibility, firewalling and threat prevention. It's one integrated stack, but that gives us the power. Like they're not buying security products from multiple vendors trying to stitch them together. It's all one integrated stack, one management policy layer, one UI. It comes in very nicely together. And by having it integrated, you can't let things get in. When you have multiple products, human is integrating them, maybe you're using Splunk to do something, but in between attacks get through. In our case, you have the full integrated stack and it gives you comprehensive lateral security for your normal attack separation and your malware and your ransomware. And that makes it very powerful.

Dave Vellante

>> Yeah, so what you're describing, well first of all, a lot of seams in those... When you cobble together multiple tools from multiple vendors and if and when they do get in, you're shutting down the lateral movement.

Umesh Mahajan

>> Yes.

Dave Vellante

>> Sorry, you're fencing that off and then you can take remedial action.

Umesh Mahajan

>> Yeah, I went to a Gartner Summit, security summit in June. They showed what is it for the entire ransomware life cycle for networking. And we have all the pieces over there, right? You need micro-segmentation, threat prevention, they all need to work together. One needs to feed into the other tool so that there is... You've closed all the gaps and that's what we are doing.

Dave Vellante

>> You referenced I think a coming co-pilot. We have been writing a lot about this. I mean, we call them sometimes agents. We talk about the agentic AI movement, multiple agents working together on behalf of humans. Security is obviously a great use case for this to have as much automation as possible, at least if it's trusted automation. So tell me about the co-pilot as part of, I guess as part of vDefend. Where are we at with that? What is it? When can I get it? Give us some details.

Umesh Mahajan

>> So we have two co-pilots in the security area. One is with this advanced security, NTNDR, through the SOC analyst. So that's the one which is going to reduce the alerts and will give you the context and let you figure out how you should prevent the attacks from happening. The other co-pilot we are working is for the security operators, they want to know is how do I deploy micro-segmentation in this area? Or how do I deploy IDS IPS? Instead of reading all our documentation and watching all our YouTube videos, they can ask the chatbox and tell them immediately. Second is day two, they're operating, they have a problem. They want to know how do I triage it? So we'll tell them, "Hey, this is how you go look in the security intelligence tool will tell you this is not protected. Or here are the logs, this is what's happening." So then the security operators, because there's limited staff, we want to make them much more productive with the second co-pilot. So those are the two co-pilots we have for security.

Dave Vellante

>> What's feeding that? Is that a RAG that you've built? What's the data source of that?

Umesh Mahajan

>> So we have all our own data. We know what our documentation is, we know what our analytics is, visibility. So we use all that information inside, which is in different places. You have to go five different places. Now this chatbox, you can just click and it'll give you in one location.

Dave Vellante

>> Do customers ask you, "Umesh, okay, I get that VMware obviously great engineering company, but I'm a little nervous if you're using public APIs and connecting to LLMs or open source LLM." How do you address that question?

Umesh Mahajan

>> So I think first of all is we are going to keep data privacy in mind. So we are only going to send something to the cloud where... If you have your own GPUs... Some large customers say, "I'll have my own GPUs, then nothing is going out." But in the case where they don't have any GPUs, and we used to have to use LLM model, we are going to keep most of the data on-prem, not let it go there, but just for the model part, we will use the model over there and minimize any exposure. We are not sending the entire data to the public cloud. It's expensive too. And then you lose the data privacy part.

Dave Vellante

>> But I have to trust that you're not leaking my data to the LLM vendor or to the public cloud vendor.

Umesh Mahajan

>> No.

Dave Vellante

>> You're taking care of that?

Umesh Mahajan

>> Yes, we are managing it. We are not using some general purpose offering they have. We are just using them as a LLM offering.

Dave Vellante

>> Got it. Can you talk Umesh to the uptake of your offerings? I know you've had a number of customer conversations. I'm particularly interested in highly regulated industries, financial services, healthcare, government, where they're the toughest customers because they've got compliance. Hock's talked about the three Cs of public cloud cost, complexity and compliance. How are the conversations going with highly regulated companies in those industries? What's the conversation and what are you doing for them?

Umesh Mahajan

>> So they absolutely want to modernize. So they want to use software, private clouds and products which can help achieve that. But at the same time, they want air gap products. By that I mean is they don't want any access to the public cloud. Because they don't want to go there and get compromised under any circumstances, especially like DoD and other federal agencies. They can't afford to have that. So what we've done is most of our product used to run on-prem, but for some stuff we were SaaS oriented, right? NDR. So NDR product is now fully, you can run it on on-prem gap mode. You don't need to go to the public cloud. So that's something very exciting for them because they couldn't take care of the advanced security. So that's already running on-prem and the malicious file download sandboxing tool that we are working quickly to bring that also on-prem. So once we have that... Had couple of conversations with some federal customers, absolutely as soon as you have it on-prem, we are buying it and deploying it.

Dave Vellante

>> What kind of analytics can I get out of the system? Where do they come from? Does that come from Avi Load Balancer? What kind of data can I get in analytics around VCF? Can you paint a picture as to how it all fits together?

Umesh Mahajan

>> We have two analytics tool, one security, but one Avi. Let me talk about Avi because we haven't covered that at all.

Dave Vellante

>> Perfect. Yeah.

Umesh Mahajan

>> So in the case of Avi, if you look at it, a load balancer is meant for availability of an application. How available it is and does it scale? So when it comes to availability, you want latency is also part of availability because you don't want to use an application from your iPhone, which is taking two minutes to respond back, this application is useless and I'm not going to use it. So that's very, very important. So we measure the latency at every hop with the Avi analytics tool, and that allows us... And then we keep a measurement. Hey, normally for the last year this was your latency at every hop. But today for whatever reason, the latency between the server and the load balancer is up four times. Something is wrong over here. So you need to go look at, did you upgrade the application, did you change the server or did you put too much loads on the server? Then you can troubleshoot from there. And we pull in data from vSphere, what's happening on the server itself. We have our own data proxy because proxy can look at every packet, what's going on, what is the round trip time? So we combine all this valuable data and we have networking data from NSX. We combine all these three varieties of data, we can compute the latency. And we have a time series, meaning we know what happened last month, what's happening today. If something's gone up, then we'll tell you, we suspect this is what's changed. Now go look at it and go fix it. And in load balancing, availability, the faster you can fix the problem, more availability the application has. So our operators really love this tool and it comes in free with our Avi Load Balancer.

Dave Vellante

>> Makes sense. Now, if I'm a developer, I might like to take some of that function from Avi Load Balancer, at least the benefits of that and add value upstream. What kind of integration do you have or is there integration with Tanzu?

Umesh Mahajan

>> So with Tanzu, what we have is they need load balancing. So we integrated with the Bosch part of the load balancer. Bosch is their equivalent of Kubernetes. So we integrate with that. We provide load balancing for tasks, the Tanzu offering. So that works very well because that's also software product. Software load balancer integrates nicely. And then we provide all the analytics. Same thing for the Tanzu environment. They use an FI or some other vendor's product. They will not get the same speed at how you set it up and let their developers use it. And secondly, you won't get the analytics and visibility information I talked about. So once we integrate with Tanzu, we can provide all that information and make that whole offering much more useful to the end customer.

Dave Vellante

>> And these are, I call them micro-SKUs, right? I mean, I know there's four big ones of 8,000 down to 4, but then you've got some sort of add-ons. This is part of the add-on, right? Can you explain that?

Umesh Mahajan

>> These are part of the add-on, because as customers are deploying VCF, they need security, lateral security, and they need load balancing. So not only are our products fit the virtual private cloud architecture software defined, but they're completely plug and play with VCF. So we are able to pull information out like no other vendor and seamless integration. So you don't need to send traffic to the firewall or load balancer. We discover ourselves, we are one company and we hook it up nicely. It's completely seamless plug and play, and it's managed from the same console. So yes, we have three add-on SKUs, one for the firewall, one for the advanced threat protection and one for Avi. We still have a lot of SKUs, some 75 SKUs. We reduced it to three.

Dave Vellante

>> Okay, got it. So consistent with Hock's mandate, I'll call it, not even vision, it's a mandate. Let's look ahead, a year from now, if we're at VMware Explorer 2025, I hope theCUBE is here. What do you want to be able to say a year from now that you're not able to say today?

Umesh Mahajan

>> So I want to make sure that the journey we are on to provide our VCF customers security and load balancing, that we have much more traction. They feel that our products are not only fit in the right architecture, but they are best of breed for them. That they are meeting all their needs when it comes to feature functionality, scale, meeting cutting-edge security requirements like we are building the co-pilot and making other improvements in malware detection and ransomware prevention. They feel confident about our products and they're going to deploy them even much more widely.

Dave Vellante

>> All about the adoption and that integration.

Umesh Mahajan

>> Yes.

Dave Vellante

>> Umesh, thanks so much for coming on theCUBE, it was great to have you.

Umesh Mahajan

>> Thank you so much.

Dave Vellante

>> Appreciate you explaining that. Super important topic, enterprise security and how it fits into the overall vision that Hock Tan laid out on the keynote yesterday. You're watching theCUBE's coverage of VMware Explorer 2024. My name is Dave Vellante. Rob Strechay is also in the house. Keep right there, we'll be back unpacking the event, extracting the from the noise right back.