Hello everyone, thank you for joining. I'm Heather Jerkovich for today's event, and in a moment I will turn things over to our speakers, but before doing so I have a few housekeeping notes to cover. Please note you've been muted; should you have any questions, please ask them by using the Q&A panel which is found at the bottom right of your screen. When submitting a question, please be sure to select All Panelists, and if you happen to experience any issues, please reach out to me directly. With that, let's get started.
This meeting is being recorded.
This is Marty Palka, Cisco's Investor Relations. Welcome to Cisco's Tech Talk on our security business. I would like to introduce today's speakers, Jeetu Patel, Executive Vice President of Security and Collaboration, and Tom Gillis, Senior Vice President of Security at Cisco. Jeetu and Tom will have an interactive conversation with Tal Liani, Managing Director and Research Analyst of Security and Networking at Bank of America. If you have a question, please enter it into the Q&A panel chat box at the bottom of the right hand of your screen. Before we begin, I'd like to remind you that we will be making forward-looking statements today. Actual results may differ materially from those forward-looking statements, and are subject to the risk and uncertainties found in our 10-Q and 10-K. With that, I'll turn it over to Tal Liani, Bank of America Managing Director.
Thanks, Marty. Thank you very much for joining us. We recently upgraded Cisco, and one of the reasons was expected improvements in security after Jeetu joined the group about 18 months ago, if I'm not wrong.
Tom joined 18 months ago. I joined three years ago.
3 years ago.
It's while they build out the team, you know.
Yes, I know. We're going to talk about basically the market and Cisco in the market and how Cisco is changing to address changing needs of the market. With that, I want to just welcome you, Jeetu and Tom. Thank you very much for doing this.
Thank you for doing this.
I want to start with a high-level question because we want to understand, you know, when we ask your competitors about how is Cisco in security, you're obviously one of the largest companies, if not the largest company in the space in certain markets, and they're talking about some share losses and you made changes in your strategy. What is the strategy of Cisco in cybersecurity? What are the markets you're addressing? What are you leveraging as a leading networking and security company? What are you leveraging out of all your assets in order to improve your position in cybersecurity?
It's a great question. There's a couple of questions in there, so let me just unfold them. Firstly, I think if you looked at us five years, six years ago, you know, we had some work to do on the product portfolio to make sure that the product portfolio was world-class. And Chuck talked about that at earnings, and, you know, we had gotten to work about three years, 3.5 years ago to make sure that we built a world-class platform because I think the industry is moving from a plethora of point solutions to integrated platforms. And as we so about two years ago, we launched this vision around the Cisco Security Cloud, which was our platform that abstracts, you know, security services from the hyperscalers, and you can basically acquire and steer any and all traffic to any of the, you know, cloud providers.
And as you move your workload from one to the other, you can persist policy. The interesting part over here was, as we thought about it, what are the big problems we want to solve in the security cloud? There were a few that, you know, came to mind, and that's how we constructed it. The first one was we have to make sure that it's built on the foundation of firewall. But we want to protect the user from any threats and attacks that they might have and the IP that they might actually be using. So user protection was the first objective. The second one was cloud infrastructure and cloud protection. And then the third one was breach protection, so you could actually make sure that in near real time, you could detect, respond, remediate, and recover from a breach.
And so we started building that, and the definition of a platform that's traditionally understood in the industry is, you know, you have to have common login, common telemetry, common design language, common, you know, set of policy objects so that you could have one way to go manage all of these solutions rather than having a bunch of different piece parts. We actually agreed to all of those, and we have done all of those, but we've taken one step further, which is I don't think in today's day and age, especially with AI being weaponized against humans, that you can have a platform that is actually not built natively with AI for the defenses. But one of the things we did was we said we have to have deep hooks into the infrastructure. To your point of, like, what are you doing with network?
I think networking and security are coming together. And if you don't have deep hooks into the infrastructure and deep hooks into the applications, I just don't think you would effectively do well. So the last point I'll make on where the strategy is really differentiated is if you assume for a moment that the endpoint is compromised and that the attackers are going to be in your system, and you assume that the end-to-end traffic is always encrypted. It's really hard to see what's happening and what's transpiring and what anomalies can you detect for the packets that are flowing through the network unless you have presence also on the server. You can see every I/O operation and every process that instantiates on the server and the kernel.
So not only do we have presence on the endpoint, not only do we have presence on what's happening on the network, but we also have presence now on the server. You know, built that out. We hired almost the entire NSX team to go do that, and it was, it's actually been fantastic. And they'll be generally available in the late July, August timeframe, but we are oversubscribed on early access. We cannot take that many more customers because there's that much demand coming in. So that's basically what we've done. Our move to the platform: AI at the fabric, identity at the fabric, user protection, cloud protection, breach protection on the foundation of firewall.
That's the strategy. Where are you on the journey to achieve your goals in terms of product availability, in terms of go-to-market, everything that makes a strategy into a reality?
Go ahead, Tom.
So the name of the game is product excellence, putting these pieces together in a way that it's easier for the customer to deploy and create a better security outcome. The user protection suite is the most advanced in this regard. We've taken what used to be seven separate functions: firewall, IPS, VPN, Zero Trust, browser isolation. We built this into a single integrated console. While logging, one set of policies, one set of capabilities the customer can deploy it, works on-prem, works in the cloud. That's the direction that we're going. The breach protection suite is probably next in terms of its maturity. We introduced new technology that we call Cisco XDR. It's a real-time analytics engine that can identify unique sources of telemetry, take the automated actions necessary. Then the cloud protection suite is the place where we're putting the current amount of focus.
Hypershield is a premier part of the cloud protection suite. That's where we are on the journey.
I'll say from a pure evolution, we've, since we launched the capabilities in the platform, in 2023, we probably have had more innovation in security than we did in the history of in the past previous decade combined. And I think 2024 we'll see multiples of 2023. So what you'll have seen is the kind of rate and pace of change within Cisco has actually just never been experienced before. And I think we've, overall the entire leadership team, we've invested a lot of dollars into this, and you're starting to see meaningful change in sentiment in the market from both partners and customers alike. You know, we recently had at The St. Regis about two months ago, 41 CISOs that came in that we wanted to give them early access to some of the stuff.
They all came in slightly skeptical, saying, "I'm not really sure." By the time they were leaving, 100% of them said, "This is one of the most game-changing strategies we've seen." And you're showing execution because everything we showed against that strategy were products we had built from the ground up that are in general availability other than Hypershield. So our SSE product available in market today, our XDR product available in market today, Multicloud Defense available in market today. Identity Intelligence will be available in market by next month. You talk about Hypershield will be available in market by August. So there's a fair amount of innovation that's happened to take these products to market.
We touched on many things, and I want to go back to something you said. You spoke about platformization, platform, and Palo Alto spoke about it. Microsoft is doing but what first of all, what is the difference between bundling and between platformization? And where are you on the platformization? What are the benefits that you bring to customers that will enable you to gain share on top of, as you said, on top of the firewall that you're having today?
Yeah, it's a great question. And so let's break this down a little bit because I think there's three stages that companies go through. The basic stage, which is just bundling, is just purely a discounting exercise. So that's interesting but not consequential. What actually gets to be really, really interesting is when you've got a common way of managing identity across the products, you have a common way to make sure that you can manage the policies. Your policy objects are commonly set, so even if you set them in different places, there's actually no contention between the policies. You have a common design language, which we have between not just our security products, but between networking and security. So those are the, you know, so and common telemetry. So the first aspect of the platform is common identity, common design language, common telemetry, common design language.
And then the second piece, which is what I talked about earlier, is deep hooks into the infrastructure. So if we happen to have Hypershield that we built, which is basically a distributed security fabric, you can have multiple enforcement points, and you take security to the workload. If you want to go out and secure a factory floor, you can do that. An IoT or OT device, you can do that. If you want to go secure a microservice or a Kubernetes container, you can do that. And security gets distributed in this hyper in a highly distributed manner. As you do that, one of the key things is where does that security actually get enforced? We can over time, we will be able to enforce security on a DPU sitting on a NIC on a server or even a top rack switch.
That is deep hooks into the infrastructure. The way you think about this is we've taken security, melted it into the fabric of the network. That's something, by the way, that no one else does quite the way that we do because we are, you know, if you think about what is the name of the game in security, it is to prevent lateral movement, assuming that the attacker is already in your environment and they're going to make hops to go out and steal data, right, and cause harm. Who knows the most about lateral movement, Cisco? Who has the most where does lateral movement happen on the network? And so the more you can go out and detect lateral movement, the better off you're going to be. And that's what we've been able to do.
That, we believe, is when you actually have a true platform and you have deep hooks into the infrastructure. Anything to add, Tom?
No, I think that's good. Yeah.
So we're a financial analyst, and we look at things in dollars and cents. And the question is, when you, you know, at the end of the day, in the last few quarters, you've grown submarket, meaning you've grown, you know, 3%, 4%, and there were times that you grew 10% and above. Two questions. Number one, can you break down your growth in the last few quarters for us? What are the growing parts? What are the declining parts? I'm sure it's a mix. And then second, how long does it take you or will it take you to translate all this innovation into better growth rate?
Yes, I can't comment about. We're in a quiet period right now, so I can't comment too much about specifics. But I'll give you some macro pieces on growth. In general, when you take something, you take on an endeavor like what we had taken on a few years ago. We basically rebuilt our platform, right? And there's a few things that need to happen. You have to make sure that you're building out the products. And you've actually got market recognition that that's happening. But there is a level of that that's organic where you can't just go tell them. People have to tell each other so that they start moving.
You've now finally started to see that momentum start to shift, and we've only started seeing that happen now in the past quarter or two where you could palpably see the difference in sentiment in partners and in customers. And we're now starting to replace, you know, some competitors as well, which is great. I think it's still a long game. It's not going to be something that next quarter all of a sudden you'll see. This is a consistent, steady movement. And the way that we think about this is we're in this for the long haul. We've built capabilities that we're going to continue to keep investing in.
We're going to make sure that we have deep hooks into the network, and we're going to utilize our advantage that we have in the network to also make sure that we drive security because where security meets the network is where we shine the most.
Yeah. Two questions. Competition and pricing. Cybersecurity is one of the most resilient spending areas in the network. But we see a lot of competition. For example, Microsoft that turned from a small player to a giant player in the space. How do you view competition? What are the areas where you think you're going to excel versus competition? And where do you see bigger competition? And then secondly, how is the pricing environment? Security? Is there any price element of the competition, or it's more about product, technology, benefits of platformization, etc.?
That's a great question. Why don't you start, and then I'll actually add on to it.
Yeah. So customers care about outcomes, right? And so we need to think about how we deliver a better outcome than our competitors. Now, when we think about in the eyes of the customer, who are the stalwarts of their IT infrastructure? Microsoft and Cisco are at the top of that list. So we don't view Microsoft as a direct competitor. We view ourselves as complementing Microsoft. They have unique capabilities on the endpoint and the application. We have unique capabilities and everything that connects the endpoint to the application. So folks that get much more into our competitive targets are going to be folks that are in that network security area: Palo Alto Networks, Fortinet, Zscaler. They're much more in that domain. And the way we can win is not just by coming up with some security feature that they could copy.
It's by coming up with things that are uniquely advantaged by integration into the network. And that's our core playbook: what can we do to put security into the fabric of the network that allows it to be more effective for our customers? And I think the market's been looking for that, frankly, right? The opportunity, in my opinion, is fairly obvious. And it's up to us to be able to articulate, "Here's how that works, and here's how customers can experience." And so as we start to roll this stuff out, we expect continued growth in terms of just our awareness, presence in the market, and customer adoption.
Let me add a little bit more color because I think this is where our acquisition of Splunk will be very strategic as well, and so will what we've done with Isovalent, and then how all of these things come together. So firstly, what are our high-level areas of differentiation? Three things. We want to make sure that we can have meaningful differentiation and efficacy. Our efficacy should be higher because we've actually got an end-to-end view of everything that's happening on the endpoint, on the network, on the pipe, as well as on the server and the host. Number two, our experience has to be better. The way in which we manage, we've got generative AI now as a user interface paradigm across most of our products at this point in time. We've got a SOC assistant. We've got a firewall assistant.
You can set policies in just natural language and English. And number three is the total cost of ownership for customers. The economics will be more favorable, right? Now, as you think about this from a competitive standpoint, I think it's important that we understand where the unique differentiation for us is. And like Tom said, when you think about the data on the endpoint and telemetry on the Cisco is a data game, right? And security is a data game. And the one who has the most data that can be most effectively correlated wins. We've got over 250 million endpoints with AnyConnect. We've got a fair amount of traffic that traverses our network. So you know what every packet and every email forward is and every web request is that's happening.
We now have presence on the host with Isovalent, with eBPF, and with Hypershield that we've built, where we'll know every single I/O operation and process that's getting kickstarted in the kernel without actually being in the kernel but sitting in the user space. That combination of telemetry, then combined with Splunk, is something that is very hard to go out and replicate overnight by competition.
So when customers are rethinking their architecture for AI-related data centers or for enterprise data centers or for the public cloud workloads, and they say, "What's the one end-to-end platform that we can bank on?" What we are starting to see is the light bulbs are going off saying, "Wow, Cisco has the breadth and the integration at this point where things like ThousandEyes are just seamlessly integrated into our product than we've ever had before." And so it does our challenge right now is how quickly can we get to awareness in the market? But we are starting to see that curve get to be pretty exciting to see at it.
My second question was on pricing. Is there any pricing pressure in cybersecurity on cybersecurity solutions?
I think the pricing dimensions are interesting because what's happening on pricing is we've been spending more money in security year after year, every year for the past couple of decades. If you sit on any audit committees, one of the first conversations that CISOs have is, "We need more money to go out and keep ourselves protected and our security posture in line." But what ends up happening is ransomware has not reduced any. And you're still being owed. And so the challenges that are there with pricing is it's more around the total cost of ownership that you have. Where point solutions are just no longer feasible because of the complexity and because of the amount of cost it takes to manage 70, 80 different policy engines. On average, most customers have about 70 different products today, right?
From a pricing standpoint, I think there's a lot of economics that can come into play where we can increase our ASP while simultaneously reducing the cost for the customer. I don't think those are mutually exclusive.
Okay. Maybe we'll I want to talk about your solutions and drill down to the solutions. You mentioned Hypershield multiple times. Can you take us through it? What is it? What value does it bring to customers, etc.?
There's a man who actually thought about it, so I'll let him talk.[crosstalk]
Sure thing. If you think about the way security controls have been built for decades, they've been built. They come in a box. The box sits in a place in the network, usually at the edge of the network. That's fine, but it has limited granularity and therefore limited effectiveness. So what we did is we said, "You know what? We want to put security everywhere. Not just kind of at the perimeters and at the corners, but everywhere." This is increasingly important in a world where applications are more spread out, right? Remember the little three-tier web app, web server, app server, database through big giant VMs? Now it's 300 or 3,000 microservices. Conversely, users are more spread out.
I probably don't need to elaborate, but it's iPhones and Android and tablets and not just users, but smart devices that are running in a factory floor or a hospital environment, etc. So Hypershield is designed to address exactly those trends. So it allows us. It's a distributed system that allows us to put the security enforcement where you need it, right up next to the application with a level of understanding of the application that wasn't available before. Jeetu talked about the new software constructs, one of which is called eBPF. It's kind of a nerdy name, but it's really powerful capability. It's an interface in Linux and Windows operating systems that lets us peer into the memory and the heart of the system and deeply understand the application. And that allows us to tune our security policies to match the vulnerabilities of an application.
Now, with AI, we have the ability to provide management for these systems that wasn't possible before. So this is literally a system that can write its own rules, that can test its own rules, deploy its own rules, lifecycle manage its own rules, remove them when they're not needed, and then upgrade itself with no human intervention. When customers see that, it's a startling leap forward, right? It's not an incremental improvement. This is something that's unlike anything they've ever seen before.
Let me just brag about Tom and his team over here for a second. And I'll tell you this. You might see a change of tone in my enthusiasm this year compared to ever before in security because I feel like the work we are doing is not just products that someone else has built that we've built a slightly better mousetrap. We are reimagining architectures that have never been done before. This is not the next generation of something that exists. It is literally the first generation of something completely new. And so three key problems tactically that Tom talked about that are really important for everyone to understand that we solve. If you assume that the attacker is already in your environment and you're trying to contain lateral movement, the way that you do it right now is by isolating the attacker through this technology called segmentation.
Segmentation is really hard, especially as you go into a hyper-distributed environment with microservices that are sitting on Kubernetes containers and everywhere else. What we've done is provided something that actually does autonomous segmentation with AI. So that's the first problem we solve. The second big problem we solve is if you look at the amount of time it takes from when a vulnerability is announced in the market to when an exploit happens. Some of the most recent vulnerabilities that were had, there was a three-day elapsed time between announcing of the vulnerability to an exploit happening. But it takes about 20 days-45 days to actually have a patch tested and deployed. So you've got this window that's really critical and has exposure for an organization of 45 days, but an exploit can happen as early as three days.
I think that's going to go down to hours and minutes. So the exploit time is getting compressed, but the actual vulnerabilities, the patching of the vulnerability is elongating because of the amount of vulnerabilities that you're detecting. It's about 1,000 a week in CVEs. So when you start looking at that, how do you go out and solve for that? We have a way that within minutes, you can get an automated compensating control in place to prevent you during that exposure time while you're testing and deploying the patch. So that's number two. And number three is updates are really hard. You usually have two change control windows a year. We've got a firewall. We've actually done a lot with our firewall to upgrade it. Every single time someone uses the new version of a firewall, you have between 20 points and 40 points of NPS improvements.
But only 40% of our customers are using the new version of the firewall because updates are hard. You have two change control windows a year. We now have a way to use upgrades in security infrastructure just like you do it on your iPhone, where there is a self-qualifying update. But because of hardware acceleration, you can now do things that just weren't possible before. So what Hypershield is, is not just a new product. It is an entirely new architecture to enable distributed kind of enterprise data centers, as well as hyperscalers to be able to utilize this technology in a very different way. And I think this is probably one of the we talked about this when we launched it a few weeks ago at McLaren. This is the most consequential innovation we have had in Cisco in the area of cybersecurity in the past 40 years.
Your target customers, are they mostly enterprise? You mentioned a lot hyperscalers. You mentioned a lot hyperscalers. Who are your target customers?
Enterprise customers.
Enterprise customers buying.[crosstalk]
We're building blocks for hyperscalers, and we're bringing it to the enterprise.
In the enterprise, we target the networking folks, and we target the CISO, and we target the SOC apps. Those are the three areas that kind of focus on us buying centers.
Okay. You mentioned Cisco Security Cloud, and you mentioned three components. Can you delve into it? First of all, what is the problem that this solution is solving? And how are you positioned better than others? How are you approaching this problem, etc.?
So let's take User Protection Suite. So by the way, what we did was we said, "Not only are we going to make sure that we solve these three problems, we're going to take our 30 products and thousands of SKUs, and now people can also transact as three suites if you want to, plus the firewall." And so we're simplifying the ability for people to do business with us. But in User Protection Suite, in each one of the suites that we have, we have a lead product that we can actually enter in with, right? And so in User Protection Suite, we have this product that we built called Secure Access. Might compete with Zscaler, might compete with Palo Alto.
Secure Access, essentially, is one single experience, whether you happen to be an employee or a contractor, whether you happen to be at home or at work, whether you happen to be connecting to a private application or a public application, a SaaS application or private application. One experience, one management console, one way. And you don't have to worry about, "Oh, I'm a user. I'm connecting to Jira. I need to log on to my VPN. I'm a user. I need to connect to Salesforce. I'm going to use ZTNA." We do all of that plumbing behind the scenes. All you do, we call it one of the most boring demos. You open your laptop, you log in, you connect, you get to work. There's nothing to do. There's nothing to demo, right? But that wasn't enough.
That's interesting, and that's better than what the market has today by a long shot. But we wanted to do more. So what we've done is we've also hydrated that with identity intelligence. And so we acquired a company called Oort, which actually does identity threat detection and response. And we built an identity graph that can correlate data. If I want to connect to Salesforce, the way that I do it today is an SSE product will ask an identity provider, "Hey, is Jeetu? Who's Jeetu.
Hey, I'm so sorry. We lost audio. Thank you. If you could go back just a few sentences. There we go.
Sorry, I think we got chopped off. We got automatically muted for some reason. That's also my fault because I run Linux, so. So I don't know when we got muted, so maybe someone can.
Heather, do you know when the mute went off?
I know it was just a few sentences ago.
Okay. All right. That's fine then. Perfect. So we spoke about platforms, and we spoke about products that are within a complete strategy and vision. What about point solutions? Where are customers when it comes to purchasing point solutions and then you need to compete product by product versus buying a platform? Meaning, how advanced is the market to get to this point of thinking the way you think, thinking about the journey of the package from the user to the end, etc.?
Yeah. I think the thing that more and more customers are starting to get around is efficacy is name of the game. And ease of management is name of the game. And when you think about efficacy, it is not that the features don't create efficacy, but the cross-use of telemetry so that you have better insights is what creates efficacy. And so it's not this notion I actually dispelled the notion that best of breed is even a thing because the reality is it's point solutions that have a very tunnel-vision view versus a broader aperture. And you can't take shortcuts in the product. You have to build great products.
But those great products have to integrate with other pieces seamlessly so that when we integrate our Secure Access product with Duo, with Identity, with ThousandEyes, the combined experience you get is very different because it's not just that you get a great experience, but when the experience is not great, we can tap into ThousandEyes and tell you exactly what the issue is. Is it your ISP? Is it your router? Is it your connection? Is it your application? And you'd be able to troubleshoot that in a very, very different way. And so our ability to connect between networking, security, observability, and the data platform, which Splunk, actually gives us an advantage, which is pretty exciting. And the more where customers are right now is when you talk to them and walk them through the vision, the light bulbs go off.
Our challenge is getting to that message at scale. That's why it's going to take a few more quarters because that's what we need to do.
What's happening behind the scenes at your level to enable this? Meaning, do you need to build a cloud? How big is the cloud? How much investment? What do you need to do to enable this kind of services? Because some of these are services. They're not products.
Well, one of the things we've been able to do is we kind of know how to build at-scale cloud infrastructure, right? I mean, we've built Webex that has hundreds of millions of users going out, and it's got 75 different data centers throughout the world. And so our data center know-how on how to go out and build for not just the private cloud, our own data centers, but also hyperscalers and public cloud tends to be pretty strong. And so what we've been able to do is utilize that know-how in the company to build capabilities, but the infrastructure has never been an issue for us because we're so good at that. And we're an infrastructure company. And so when you think about what we did with Secure Access, our data centers are managed by the same team that actually manages Webex.
So you're able to go out and drive this and get the scale portion from an enterprise data center. So the question was, what are our target markets? Cisco is fairly unique in that we have very, very broad market reach, and we can build products that meet the most sophisticated customers in the market, the very, very top of the market. But we also focus on simple, easy-to-use solutions that are often purchased in a self-serve motion. So customers hear about it. They're like, "Oh, Duo, I want to learn authentication." And you know what? While we're sitting on this call, I think we just closed a deal. Look, we just closed another one, right? So that machine is running down into the small and medium. It's the easiest to use.
When you combine, you bring those two elements together, you can build better products across all of these segments. So the answer is yes to our target customer, right? There's lots of them. I think it's important to also serve every segment in security because the weakest link, typically, in security determines the strength of the entire value chain. And if you don't have technology that actually not only supports your customers, but their customers all the way through, that network effect is a pretty important one.
Got it. Another question is, when you see Cisco, as a stated strategy, as a corporation, to migrate more to SaaS as subscription revenues, etc. Talk about how you help the corporation to get to their goal because when you look historically at Cisco, the majority of your revenues came from on-prem solutions. So talk about the journey from a business model, from the way you charge, how your new strategy helps you to get to these goals.
I think the first thing, we are now 50% recurring revenue as of last quarter. I think that was announced in the last earnings call. So the transition to recurring revenue has been a pretty successful one for Cisco over the years. All the new products that we're building that we talked about, SSE, XDR, Hypershield, Multicloud Defense, Identity Intelligence, all of these products are SaaS products, right? And we want to make sure that the way in which we and SaaS is not just a pricing model for subscription. It's a whole new way of building products. There's weekly and daily updates and builds. There's rapid innovation. There's kind of it's offered as a service. But we want to make sure that we're also deeply integrating that into our core networking platform.
So Hypershield is a SaaS product that can actually have an enforcement point on a server or potentially over time on a switch, on a top-of-rack switch. So what we're doing is we're taking advantage of our franchise on the hardware side, but we want to make sure that we build SaaS offerings. And the combination of those two is what I think this kind of distinction of hardware versus SaaS, I mean, it's interesting, but the thing that we have to think about is, how do we make sure that both of them together provide a complete solution for the customer?
Is your position in hardware, firewalls, appliances? Does it help to get to your journey? Does it mean that the fact that the customer think of. I'm thinking about it in simple terms. The fact that the customer is already a Cisco customer, on a firewall Cisco customer, how does it help them to get into the new strategy?
I'll give you a very concrete example. Our firewall customers use something called a Cisco Defense Orchestrator to manage the firewalls. Guess what they use to manage Hypershield? Cisco Defense Orchestrator. And so when you have common management across hardware and software, that's one big area that it helps. I also feel like you want to make sure that you provide customers a choice. So we provide customers deployment choice. You can actually go out and deploy it as a hardware appliance. You can deploy it as a virtual machine in the cloud. Or you can deploy it as a full multi-tenant firewall. And then we've got Hypershield, which is a completely different architecture, all of those being managed by the same management plane.
Got it. We only have a few minutes left. Do we have any questions from the audience? No? Okay. So I want to ask you about the SOC. Why is SOC so important?
I think you have to assume that it is not if a breach happens, but when a breach happens. When a breach happens, what customers do to be resilient, to recover from the breach, is almost more important than doing the things to prevent yourself from a breach occurring in the first place. So the recovery time from a breach occurring to when you can get back to operational rhythm within your business is super important. That typically requires near-real-time detection of a breach, remediation, response, and recovery from that breach, right? That happens in the SOC. The beauty about the SOC is, what we can do is we can correlate multiple datasets that would have otherwise, when looked at in isolation, made you ignore certain alerts that you can now graduate.
For example, if I have a funny-looking email that comes in, 80% of the breaches that happen still start from email. A funny-looking email that comes in from a prince from an exotic country that says, "Click on this link. Download your $10 million," that funny-looking email by itself might have gotten ignored. But when you see that that funny-looking email directed you to a website that didn't exist two hours ago, that then downloaded some piece of software on your device, which was malware, that kickstarted a process in PowerShell, that then started creating lateral movement within the organization, correlating those breaches so that you can graduate correlating that telemetry so you can graduate something as a breach versus just an alert that you should ignore is what the SOC does effectively when you actually can take a data platform-based approach.
Between what Splunk can do and between what we do in this area, it is phenomenal because Splunk has been very good at going out and solving and building the SOC of the future. What we do to that is we add network telemetry, endpoint telemetry, and identity telemetry to it. You've enriched the data for Splunk with other kinds of telemetry that just allows you to better correlate this stuff. Anything to add, Tom?
Well, I think that the technical building blocks that we have at our disposal, AI, distributed compute, and DPUs and GPUs that Jeetu was talking about, these new software constructs, they're going to allow us to change the procedures in a security operations center dramatically, not incremental change, but fundamentally change what the SOC is capable of doing. As Jeetu said, it's about responding to the breach. The breaches are going to happen. So it's about how you respond. And we think we can create much more automated, much more real-time, much more guided responses. And so the next couple of years are going to be a period of significant change. Change creates winners and losers, right, as we talked about. And I think Cisco is positioned to capitalize on these changes and be accelerating our position in the market, right?
Unfortunately, we ran out of time. Tom and Jeetu, thank you so much for the very, very detailed description of Cisco Security. And it is a new company, and I agree with you. Thank you.
All right.
Thank you, Tal Liani.
Thank you very much, Tal. We look forward to Jeetu and you continuing the conversation at the B of A Tech Conference, 6 June 2024. We'll have our quarterly call on 15 May 2024 and our Investor Day, 4 June 2024 Heather, you may close the call.
Thank you.
Thank you.