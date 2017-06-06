Cisco Systems, Inc. (NASDAQ:CSCO)

Bank of America Merrill Lynch 2017 Global Technology Conference Transcript

June 6, 2017 10:45 AM ET

Executives

David Ulevitch - SVP and GM, Security Business

Analysts

Tal Liani - Bank of America Merrill Lynch

Tal Liani

So, with no further ado, I’d like to welcome David Ulevitch, SVP and GM of Cisco Security Business. We’re going to talk a little bit about Cisco and a lot of the market. And as you know, Cisco’s security business is one of the fastest growing segments now. One of the most attractive segments went through a major turnaround. We’ve written a lot about it in the last note we published on the firewall market. We have showed a major turnaround in the markets where Cisco taking share from other companies and we would like to talk with David about this turnaround. But before that I know you have some statements to make so no one snooze you.

David Ulevitch

Yeah. That’d be good. I’m already -- I’m busy enough, Tal, thanks. So just the obligatory Safe Harbor statement, I might make forward-looking statements. If you want the real fact and the data go to the Investor Relations site at Cisco or checkout our filings and thanks for having me.

Tal Liani

Okay. Good. So that’s present also for my birthday by the way.

David Ulevitch

Yeah. Absolutely.

Tal Liani

I want to start with a very high level discussion about your strategy -- security strategy. You went through five years of some share losses and you had a major turnaround recently. What are the key milestones or key points -- focus points of your strategy, what are you going after and what did you change in the company in the last few years to go after the opportunities?

David Ulevitch

Okay. That’s a long multi-prong...

Tal Liani

I know, I told you, it’s going to -- we’re going to start high.

David Ulevitch

Yeah. So, I would start out with the market, which is that security remains our customers’ number one priority. So, it’s not the kind of topic that shows up in the board room once a year for an update, it’s on the permanent agenda of every major company around the world and I think that customers are looking for to figure out, who can help them really actually make sense of the IT landscape that they are now operating in. That IT landscape is dramatically different than the one we’ve had over the last 25 years, right.

So people work outside the office. They’re using all kinds of devices, often times their own devices. They are using cloud services. They are adopting public pods. So, the IT surface is dramatically different and they need help securing that and they tend to come to Cisco for help, because the idea of going to niche vendor is a buying point solutions has not worked out very well for them. We have security spending going up and we have breaches now really being reduced and so that for me as active as they ever have been.

And so at Cisco, we said where is our best place to be and we recognized that the network is a critical place to start with security and then build from there. And we really want to try to be from a strategic standpoint the nexus of information for visibility and enforcement when it comes to security.

So we focused on this idea of an architectural advantage. The idea that as we build out our security portfolio, our customers can actually get a force multiplier end value as they deploy more and more of our solutions, and we are able to do that, because we are able to drive automation, because we control more and more of the security stack.

So the customer benefits because they end up saving money. Cisco benefits because we’re able to drive better efficacy and tie that efficacy into the network and that’s at a high level our strategy is not only just try to be best-in-class in every product but make sure they all fit together.

And then from an architectural standpoint, make sure that we can actually take in data from even other vendors products that’s having an open architecture just like we do in networking and then leverage that to drive enforcement and that for us tends to be the biggest, I think, lever that we have in our business.

As we can go to our customer and say, look, we will protect you from the endpoint the network in the cloud in a way that you’d have to go buy multiple products from multiple vendors that don’t talk to each other in order to even get close to that same level of efficacy and really driving security efficacy is everything that we’re focused on. So that’s a -- I’m we’ll dig into that a little bit.

Tal Liani

Yes. Many years ago, the view of Cisco was that, you’ll take your security and stick it into a switch, picks and LAN cards and all other things that were part of the switch. What were the issues than and how did you change it, if you look at the change that happened over the last few years?

David Ulevitch

A few things happened. One is that there’s different -- often times different buying centers when it comes to networking and security. But also the security constituency inside of an organization has different criteria for deciding what they need from a security policy standpoint. So, I think, what we did over the last few years is really reframe and say, how do we become best-in-class in security and then once we’ve done that, we’ve done that across our portfolio and you can see that in our track record over the last few years, how do we are going to leverage the benefit of the network.

I mean, we can’t ignore the network. Today, if we have 10 billion devices on Internet and three years we’re going to go to 50 billion, but I used to say by 2020. But then I go -- I realized people don’t know when 2020 is, they think that’s like way off from the future. So now you say again three years we’re going to have 50 billion devices. Again you don’t think the network is just supremely critical to securing and enabling the connectivity for those devices, like there’s no other way it’s going to happen unless you add security to the network.

So now we have taken our portfolio, we have built this massive threat intelligence and research group called [ph] Tallus (6:36) and now we’re taking all that intelligence, all of our touch points and security, and we are actually tying it back to the network and you’re going to see more and more that.

In fact, I think that, I talked about the IT surface a moment ago, our customers who have their own data centers are now increasingly adopting public cloud, but they’re not going to remove their data center. So, they have this hybrid environment and they need security, they can apply policy across all of those IT services. So where we have our own switching equipment and routing equipment, we’ll do that.

If you look at the Meraki MX line, that’s now directly integrated with our AMP, our advanced malware protection technology is directly now has a connection to Cisco Umbrella, which is OpenDNS and so we’re using our touch points on the network wherever possible to drive security and wherever it’s not possible, we have security products.

Tal Liani

Again staying at the high level, the market level, where do you see the opportunities for us investors and analysts, we normally see firewall companies, but the market is very, very broader than firewall. So, where do you see the opportunities in the market?

David Ulevitch

Yeah. So, security is unique to me and that it’s a growing TAM. I think depending on how you slice is, I guess $70 billion plus TAM and we’re only playing a small subset to that today. So, we have lots of room to run in terms of expanding our TAM and network security is just one small part of it. We have a massively growing endpoint business and our goal is to be substantial a player in the endpoint business.

In particular because when you control the endpoint and you control the network, you can just drive much better automation and efficacy, from a security standpoint and now we’re augmenting with our cloud security portfolio to help protect people as they adopt SaaS services, as they move the workloads to ISE platforms. And so those are just the three main, I would say tranches of our security portfolio today. But there is adjacencies we don’t play in at all around identity, there’s adjacencies around encryption and application level security.

I think you’re going to see cloud security become a much and much larger TAM over the coming years, as more and more companies move to essentially change their workloads and applications to the cloud. And from what we said, we -- I mean we have a massive firewall business, so that’s a huge anchor part of our portfolio. But today it’s no longer the dominant part of our portfolio. We have a pretty diverse security portfolio.

Tal Liani

And you have the desire to kind of grow into these market adjacencies or do you see yourself mostly focusing on the three areas you mentioned?

David Ulevitch

Yeah. So, I think, we’re -- today we’re one of the largest securities companies in the world. But when I talked about that growing TAM, we still have single-digit market share. So for us we want to be not just the largest security company in the world, but we want to have our fair share of that market and so that to me means we have a tremendous amount of room to grow and that includes from services where we have a massive in service responsibilities and massive in security is different than massive in networking, right. These are all relative terms, but we have evidenced our response business, where we can go in with our partners and actually provide consultative and assessment driven security offerings.

And one of the things that tends to be unique in security is that unlike networking or even servers where the customer generally knows what they want and they just want more of it or they want faster or they want more integration and security, it’s highly assessment and consultative driven. So often can and we’ll find in fact when we think about how we go to market with our customers, we’ll find it, we can actually take the time in advance and not to sell them a firewall transactionally but actually going and doing assessment, understand what their current posture is, we can end-up going and doing a much, much more inclusive sale across our own whole portfolio and new services to help our customers to deploy it and as you think about Cisco’s transition from a traditional sort of hardware company to one that’s much more software driven and subscription driven, making sure that our customers deploy our products tends to be a paramount priority.

Tal Liani

So, in the last part of the answer takes me to the next level kind of the frontier enterprise are dealing with is elastic. Elastic meaning it’s no longer a rigid network with employees coming into the building or VPN into the building. Now it’s cloud, some applications are SaaS, some customers are going directly to the SaaS applications without even going through the network. How do you see this both a threat to your box base business, if I can call it at this way, an opportunity to sell something new and what do you need to do in order to address the new opportunities?

David Ulevitch

Absolutely. So, we have a massive firewall business, I think, we’re either number one or number two in market share in the firewall market, depending on how you slice it. And we know that in the future, firewalls will continue to be a key part of a network security infrastructure or even the cloud clustering infrastructure, but how that firewall gets delivered is going to continue to evolve.

So today we have traditional hardware firewall, we have a next-generation firewall, we also have virtual firewalls and you’re going to increasingly see us take the polices that people are setting in those firewalls, and actually use those policies to drive security enforcement in the public cloud. So whether it’s people using Azure AWS, they want to have a consistent way to get visibility into their security policies and apply policy.

All those things are still firewalls even without a box and as even startups in the space that are only focused on essentially like a software defined firewall and we actually joke internally that I’m sure everyone here knows the term SDN, we joke that the tech people inside the company, joke that SDN stands for still does nothing.

However, we think that maybe those stand for security-defined networking, because as more and more people deploy complex applications that have multiple pieces across multiple clouds where you have couple of that reasons instances and Amazon talking to active directory in Azure, you need a much more dynamic firewall policy that’s well orchestrated and well managed, and we think Cisco is in a really strong position to deliver that.

In fact, we have a product today in the market called CDO, that’s Cisco Defense Orchestrator, that’s all about getting visibility across diverse sets of firewalls even potentially firewalls that are not Cisco created and then applying policy consistently across, then see if the right policy for the right workloads and the right users and the right places at the right time. And that level of orchestration automation, I think, is almost impossible for a small startup to achieve but it’s something that Cisco is well-positioned to really deliver.

Tal Liani

So directly…

David Ulevitch

All those are firewalls.

Tal Liani

Right. So, directly the firewall -- in the fourth quarter the last data we have you grew your market share or you grew your revenues by 60% year-over-year, just firewall-to-firewall, the way we counted, the way that market research is counting it. Some of it was reclassification of intrusion prevention, but there is market share gain regardless of how we look at the numbers. Talk about the drivers that enabled the share gain and speak about your competition if you can? What can you do to regain share from competition?

David Ulevitch

Sure. So I think where you see us really winning, is first of all, you have to have a great products. So, we’re focusing on making sure we have great products. But I think where we can go and when with an untouchable story is when we leverage our potential advantage and we’re at a place today with our firewall business where it’s so tightly interconnected with our advanced network portfolio that we’re not just to remind on a firewall that has to leverage just what’s inside that box to decide what’s good and bad.

But it connects your -- our AMP cloud and AMP has the context -- the global context from every single file we’ve ever seen, every URL, every IP address and it shares that through our intelligence across all customers, it leverages the endpoint so that when unknown files are deducted, we can inform the firewall to start blocking it on the network for other users, it ties into our email security, right email security is a huge part of an effective security posture.

And then last but not least, we’ve actually tied it to the network in a way that’s pretty unique, and really differentiate from our competitors in the sense that, we have a product called ISE, which is the Identity Services Engine and helps to discover all kinds of devices on the network, we’ve now married an integration that’s automatic from customers between these two products, so that you can now have firewall policy, that says look, I want this firewall policy for known devices and I want to automatically apply this firewall policy for unknown devices and you can get very, very dynamic in how you apply these sort of constantly changing policies that are based off of the devices to users and what applications are being used, in a way that no other next-gen firewalls quite able to do and that comes out of the box.

We’re trying to essentially remove all of the programming that’s required for our customers to actually get an effective security posture by making the pieces fit together in the backend. So for instance, tying our next-gen firewall to AMP just happens out of the box, it’s just a check box, you can paste in your AMP and select your license key, and then you automatically have SAM box technology for unknown malware, you have benefits of our entire global context and that all happens automatically.

As for competitors, I think that they’re still focused on selling point solutions, because the security industry has just marked by niche vendors and it’s not to say that what they do and if they don’t do it well, it’s that they’re creating complexity for our customers without dramatically increasing capability, which is why I think we’re in this environment today where over the last two or three years our customers have spent an incredible amount of money on security and I think their Boards and their CEOs are now looking and saying, what do we have to show for it, and I’m not sure that they actually have a lot to show for it.

But I think when we look at our customers that have deployed our portfolio and we’ve been able to turn on that automation and actually raise their effective security processor by shortening the time to detection and the time to response. That is something that actually delivers value and so it’s not just a desire to consolidate spent but it’s really desire to consolidate product portfolio. So you actually can drive that automation that customers are looking for. So I think our competitors, I mean, I don’t which competitors you’re talking about, we have a lot in security, it’s like a vendor buffet.

Tal Liani

I’m waiting for you to say.

David Ulevitch

I’ll let you ask about that. I have some that are in cross areas and some that I don’t read their...

Tal Liani

Let me do more precise. We met you a few weeks ago and you said that you are waiting for a product refresh of Palo Alto and Fortinet in order to take market share, can you elaborate?

David Ulevitch

Sure. So I think, those two companies operated two ends of the spectrum and on the Palo Alto side, I mean the company clearly has a good product in the firewall space. But yeah, we think that they’re a refresh which is their first refresh at scale they’ve ever gone through, is our refresh opportunity. And so, we’re focused on making sure that our partners and our channel are really able to understand exactly the benefits of the Cisco’s architectural advantage and that where our product portfolio is to be as extraordinary competitive as possible.

I mean, they are squarely in our cross areas. I think on the Fortinet side, Fortinet is a company that has done a good job of having a lower cost product. It does a pretty good job. I think that we have the ability to go into the service providers and really talk about a much more integrated offering. We see more and more our security customers are looking to outsource their security. Frankly, they don’t necessarily know what -- I talked about this assessment in consultative-led security story.

Well, the genesis of that is that most customers don’t know what to buy. If they figure out what to buy, they don’t know how to deploy it and I’m not trying to trivialize customers because security is really hard, and if they don’t know how to deploy it, they certainly don’t have the talent or inclination to really manage it as an ongoing endeavor. And so they’re looking to outsource their security to manage security and service providers and we often times are seeing a lot of the B2B service providers, who’re wanting to move into that space and when they do it on top of the Cisco integrated architecture that is a full stack from endpoint VPN, network and cloud of managed security capabilities so we can offer an SP, and that’s one of the ways that we’re going to compete against Fortinet, where it might be cheaper at the outset, but it cost more in the long run, where as with Cisco, we think we can deliver savings over the long run and create a business for the service providers.

Tal Liani

Is the firewall market still attractive, three years of refresh, we went from old generation to next-generation, the market expanded, market growth went from 8% to 14% in state, but actually if I take out Cisco’s numbers from the market in the last six months, the market slowed down, so where is the attractiveness?

David Ulevitch

So firewall is a huge franchise. It will continue to be a huge franchise. I think how we think of firewall will change, right. So somebody who has a SaaS offering that manages AWS and Azure security policies through their APIs. That to me is a firewall. Looking at what startups like VMR and Lumia are doing. That to me is a firewall. So they don’t look like a traditional firewall, but they’re providing the same benefits and best practices of a firewall and so you can expect that we’re going to be making sure that our firewall portfolio satisfies those same used cases.

And that to me may require the people that sort of calculate market share to redefine how they think of a firewall traditionally. In fact, if you look at like the secured web gateway market, that’s increasingly consolidating into two buckets, either the next-gen firewall market or into the cloud delivered security bucket like Cisco Umbrella. And so if you look at secured gateway, you would say that the market is shrinking, but what I would say is really the spend is just migrating to NGFW and what we call our secured Internet gateway, which is what Cisco Umbrella is.

Tal Liani

We spoke about the firewall and competition, but there are a lot of let’s call them sensors in the network. Firewall is one of them including prevention you are filtering and so on and so forth the list is long. Splunk is there to try and maybe look at things more from higher level. Where is Cisco in this equation?

David Ulevitch

Yeah. So Splunk is a massive analytics and data storage system, that I think now has been creating security dashboards on top and its impressive how they’ve done that, I look at where Cisco plays is two key functions, like I have a view inside of Cisco and I’ve told my team this that I only believe that security is strategic from a vendor standpoint, if you’re in the line of fire of traffic or you aware the data is stored at rest.

All these other companies that do analytics or things on top of the data, but they don’t own the data and they’re not in the line of fire that’s not strategic to me, because I think that either the people on the edge of the network they have all the visibility and can do all the enforcement, that’s where Cisco plays. We can do all those things or the people that own the data at rest like Splunk can also do on the analytics.

And so, we really are playing strongly today, is really at the places where you get all the visibility and you do all the enforcement. Splunk needs us to generate that visibility whether it’s through net flow, whether it’s through PCaps and Caps on the network, whether it’s coming through out e-mail security appliances.

I mean we have the as an proof point are the two -- to me I think it’s like a two horserace left in e-mail security, which continues to be a growing market, like you need all that telemetry and we don’t play in the SIM space, where Splunk is sort of, I don’t know if they call it a SIM, but that’s effectively what they’re doing.

I think where the SIM markets need to evolve and where we’re looking very closely is really having all the data, like having big data is one thing, but actually turning that into actionable intelligence is a separate thing.

So, customers are looking to drive automation in fact we did a big announcement last week with IBM and IBM is probably the only other large enterprise security company beside Cisco and Symantec, and our portfolio is a very complementary in the sense that they focus on the data analytics piece, they have queue radar which is a SIM. Our product portfolio provides a visibility, and then we can drive all the enforcement as the analytics get generated.

So, I don’t think that we’re going to move into the SIM space anytime soon. We see that’s an ecosystem we’d like to play in as a partner. But certainly, it’s a key part of the security ecosystem. But to me, it’s much more fun to be in the line of fire deciding, how you generate insights from the network and how you then drive enforcement.

Tal Liani

Before we go deeper maybe into the network and the endpoint, going to talk about go-to-market and what did you have to do in the last three, four years to be more effective with your solution sales?

David Ulevitch

So, the point is we created a dedicated security specialist sales organization and that’s I think a reflection of what active security is consultative and assessment driven. We have also done acquisitions on our services side with Neohapsis and Portcullis, to really make sure that we have the smartest people in the room when it comes to talking about security, doing security research, doing in-service response and so that was major shift, making sure that we had the right people.

And in fact if you look at our security business over the last five years and I think it’s been almost five years since we acquired Sourcefire. Every single technical leader of every single acquisition we’ve done in securities since then is still helping to run the business, so Martin Roesch, the Founder of Sourcefire, our Chief Architect; Al Huger, who is the CEO of Immunet, is one of the leaders in our engineering organization, [ph] Doug Duran (22:57) a lot of us know, the Founder of BugTraq, the founder of [inaudible] (23:00).

All of these leaders remain helping to drive our business, because I think, if you’re in the securities space and you want to say where do you have the biggest impact, they find that Cisco is a place that has the biggest impact or the ability to have the biggest impact in security, because our customers want us to.

And so what we’ve done in organization is make sure that we are fully organized as a part of Cisco, but we have the ability to go and have the smartest security people in the room to augment our global sales force, to augment our partner organization and that has been a really strong partnership.

And in fact, I think that you’re seeing now more and more of our partners and the Cisco sort of mainline sellers, recognize that when you lead with security, you can actually pull-through everything from network refresh to master services engagements. And so even though our business numerically is relatively small to Cisco, I mean, and security I think our $2-plus-billion business is very large, but in Cisco it’s very small.

The benefits that small business though is that we can drive master refresh elsewhere in the portfolio. And we see this over and over again we see this with our Identity Services Engine, drive switching refresh. We see this with Stealthwatch which is an analytics platform for net flow data, drive switching refresh, we just see it over and over.

Tal Liani

The security business is a composition of many, many acquisitions that Cisco had done in the last few years. Do you get enough resources to strengthen the glue between the acquisitions and the products?

David Ulevitch

Look I’m a GM of a business, so I will always go to my CFO and ask for more money. That would be -- it would be derelict I think in my responsibilities if I didn’t. But I do think one of the things that you’ll notice, if you look at the last few acquisitions we’ve made is, because we’ve focused the last few years on having this open platform and really having everything have the ability to integrate and automate across our portfolio, that of the last few product acquisitions we’ve done, they’ve actually done integrations directly into the portfolio from between the time the deal was announced to when the deal closed.

So when OpenDNS was acquired in 2015, which I was the CEO of, we did the announcement and within 45 days when we closed the deal, we had already done an integration with Threat Grid, so when our Threat Grid sandbox technology discovered a threat by detonating in the sandbox, it automatically drove enforcement into Umbrella into OpenDNS’ product Umbrella. And that I think has made the acquisition experience much easier for people to come in, the fact that they’re now working with a bunch of other security leaders and visionaries makes it culturally a great place to work and then technically has made a much easier.

And now we have the sort of luxury of having the opportunity to really start to unify the look and feel of our products, so that it doesn’t look like a company of just acquisitions, like a basket but instead a much more consistent holistic experience. We’re pretty much done on the backend of making things automated and integrated, and now it’s about making sure that the frontends all look the same, driving single sign on across the products, and that really gives the customer a much more consistent experience, not to mention on automation, we’re driving on the backend, which is really where the value comes for the customer.

Tal Liani

You mentioned AMP and network security. There are other players in the space and it’s not a new space, it’s pretty old space, but it’s still growing fast. Can you discuss the opportunities there but not just in a context of AMP, but also in the context of the adjacent markets that could actually be connected to AMP?

David Ulevitch

Yeah. So AMP is that nexus essentially across our portfolio that advanced malware protection capability and it comes in a few flavors and the endpoint, we have AMP for endpoint, which will detect somebody putting a USB key into their laptop or downloading a file that maybe doesn’t get scanned at the network level, maybe they’re off network, maybe they’re off the VPN and they are not using Cisco Umbrella, like we have multiple layers to defend.

But if the user finds a way to turn off Umbrella and is off to be VPN, and there is bind of protecting network, then we have the AMP on the endpoint. Endpoint can detect an unknown file, check the AMP cloud, it can detonated in the sandbox. I mean, there was time a few years ago, I know you have the CFO of Fireye, here, but there was a time a few years ago that everyone thought that sandboxes were just as really specialized incredible technology, and it turns out actually the sandbox is the commodity, but how you tie that sandbox into your architecture to be able to make sure that anytime you have a file, you’ve never seen before, you can actually detonate it quickly and then drive that enforcement into every product in your portfolio, whether it’s e-mail, network, endpoint, cloud, we’ve done that with AMP.

And so that to me when we go out to customers and we can demonstrate very quickly, hey, we can put in a file that’s malicious that no one’s ever seen before, on to an endpoint and have immediately detected on that endpoint sent up to be analyzed in sandbox in the cloud, have it detonated and as soon as we detect it’s malicious, we’re automatically telling the network, the network starts blocking it.

From a network level, we tell the E-mail Security Appliance, we tell Cisco Umbrella and more than that, because we have things like retrospective technology, we can actually go back in time and show you all the other users on the network who downloaded that file before we knew that it was malicious and that kind of story you only get when you have an integrated architecture and that’s really an untouchable story against our competitors.

You can’t be Palo Alto and compete against that story. I think, you mentioned go-to-market a little bit earlier like, I look at where we have levers in the business and the levers in the business are just making sure that we can explain that security story and convert that story into selling merchants with our sellers and our partners, and that to me is, again, it’s untouchable like when I get into a room with customers and I demonstrate it and I don’t -- I think there’s other SVPs at Cisco that do demos, but I can show security demos all day long, because it’s on my laptop like we use it, and we use every product we sale at Cisco. On the security side, we use it at Cisco, so I can just demonstrate it. And that to me is a key part of why AMP is so unique in the market and it is difficult for people to compete against it. It just continues to get better and better.

Tal Liani

When we talked about your endpoint, you spoke about AMP. Can you discuss your endpoint more holistically and speak about the opportunities you see in the market, maybe tied in to the current endpoint solutions that customers have and reasons for them to upgrade?

David Ulevitch

Yeah. So, today the endpoint market is super interesting because it’s a barbell distribution. You have Symantec, McAfee and Trend Micro, they own more than half the market in the endpoint, after that, it’s a total cats and dogs, nobody has more than any -- like a couple -- maybe a couple low-single digits in market share and there’s nobody that has a meaningful position there, and yet we see the amount of spend happening in the endpoint increasing. We have customers that are demanding consolidation of endpoint agents.

You have companies like Tanium that are not traditional security companies that are growing in sort of the Fortune 500 market because they’re solving real needs around IT management and patch management. And so when we look at the endpoint market, I think you’ll see very quickly that AMP for endpoint is going to become the super minority of the everything that’s not in that first half, the trend Symantec, McAfee. And then the question for us is how do we go really, really big in the endpoint and what does the endpoint look like in a world where the operating system vendors are getting more and more robust in their own security.

So you look at what Apple has done, you look at what Microsoft now doing with Windows 10, like those of us are getting more secure, Android is even getting more secure, it starts to become much more about visibility, making sure the users aren’t getting their credentials harvested like phishing still remains the major attack, even if it doesn’t compromise the endpoint traditionally.

And so we look at AMP as a way of making sure that the endpoint stay secure, but we also have the visibility we need to understand when users are being brute-forced, when they’re having credentials harvested, whether it might be emails, so they’re clicking on links that they shouldn’t be clicking on. So it remains really important, but it will change over time.

I think this is the year that we’re going to figure out if Symantec and McAfee evolve their endpoint offerings, which today is sort of just a collection of our products to really compete against the upstarts like [inaudible] (30:40) they’re doing much more advanced endpoint detection or remediation.

So the traditional AV market that Symantec and people think of Symantec and McAfee as AV, but it’s really a broader portfolio that has IT patch management, it has DLP, it has a bunch of governance risk and compliance offerings. You’re going to see that they have to evolve because the bunch of those capabilities have been essentially de-prioritized by our customers like DLP on the endpoint is way less relevant than DLP on the network and the email and the cloud as it used to be.

And so this will be the year that we see I think Symantec and McAfee, they figure out how they’re going to more effectively compete against the EDR players and the EPP players than the traditional endpoint market. We do see that right now spend for [inaudible] (31:25) AMP for endpoint, its additive spend to traditional endpoint TAM, but I don’t think that can continue, because companies will continue to invest in security, but they’re not going to just keep throwing money solving the same problem over and over again.

Tal Liani

Right. Does it solve -- does your solution solve the compliance issues and requirements, compliance requirements?

David Ulevitch

Not yet. So, we’re still in the same bucket. I would say we’re highly competitive against Carbon Blacks and [inaudible] (31:50) all the advanced endpoint remediation companies and detection companies. We are not yet a replacement for McAfee EPO or Symantec SEP and those are the two main bases. And we will continue to pursue I think a strategy that looks for how do we make sure, that we have the right offering in the endpoint market to get as much of that market share as possible, I mean that’s a $5 billion plus TAM that we think is right for disruption.

Tal Liani

The endpoint -- so what I don’t understand about the endpoint market is that on one hand we see daily or weekly attacks on networks, companies are getting hurt, there are financial consequences of these attacks on the other hand. And also second point is endpoints are only 45% to 50%, Symantec is saying it 45% to 50% effective, so that means 50% of the tax go undetected, why haven’t you’ve seen the change so far?

David Ulevitch

I think there is, first of all, the endpoint market is almost entirely fulfilled through the channel, and so you have major partners and a lot of that business is in the mid-market, where people just deploy Symantec or McAfee because they’ve been told to and they just buy it because they know, they have to do it even if they know it’s not that effective.

I think that when you tie a real endpoint solution, that’s much more progressive than you tie that to the networking to use AMP to tie them together to me that delivers a much higher bar for efficacy and a much higher result for the customer. And that’s why again I say like this is the year that I think we’re going to see either massive changes at Symantec and McAfee to address their shortcomings or there is a -- there are right for disruption.

Tal Liani

Right.

David Ulevitch

Because the spend can’t continue without the efficacy. They were to shift that elsewhere and they -- at the same time Microsoft is doing an incredible job on the endpoint of locking it down and Apple is doing the same thing that you really want to shift now what is the focus of the endpoint is it about detecting what happened in your sticky USB VPN or you download a file when you’re off VPN and off network. There is still a key role for the endpoint, but it’s going to be different.

Tal Liani

So, put silence in the startup to side, when you look at the firewall companies they more or less say the same thing. Platform solution, if I can categorize what Palo Alto is saying and what you’re saying, it’s kind of the same buzzwords. Platform solutions, Fire Eyes basically saying that they have detection capabilities they’re going to take through the endpoint and to the network, which is basically what you’re saying, what makes you better than the others or what makes the others worse than you?

David Ulevitch

Look, I would expect that we’re going to continue to craft our marketing messengers for other companies...

Tal Liani

Yeah.

David Ulevitch

... for a long time. Like that, like for a long time Palo Alto would say all you need is a firewall. They said that. Then they brought Light Cyber, Cyber Light whatever, Light Cyber? Light Cyber, which is a NetFlow essentially company, but for a long time they said all you needs a firewall. You don’t need to have NetFlow and Stealthwatch. You don’t need to have that, but now they say you need it. Then they said you didn’t need endpoint. But then they got Traps.

So, like they’re realizing that actually is benefit to having structural advantage, but they’re years behind us in that. Traps is still a nescient and its ability to I think detect the same kind of threats and tie into an architecture the way we do, but they recognizing that customers need a much more integrated and architectural approach. We have it today, I think, there are few years out from actually having that and I assume that McAfee and others will use our marketing messaging as well.

Tal Liani

Yeah.

David Ulevitch

That what happens when you are leader in this space.

Tal Liani

We spoke about the security business standalone basically. No, not standalone, but your independent efforts to be successful. Can you also talk about the opportunity you see in selling into the installed base of switches and routers and Cisco’s installed base of everything else. How is security playing an important role in the other markets? I understand the other way around, but I want to understand the other markets, meaning not going after standalone solution, but rather what you have done five years ago, is there any value left there to be part of a switch, part of a router and selling it together with it?

David Ulevitch

Yeah. Absolutely and you’re going to see announcements from us that really recognize that we now do have the horsepower on that networking equipment, we have like the processing speeds and we have the ability to manage them in a way that have asked us to apply security. If you look at what we’ve done with Meraki, that’s a perfect example and you have to see that experience where its cloud managed of on-premise equipment switching, wireless access points and routing, that ties directly into the Cisco Security portfolio and it works incredibly well. And I think you’ll see that also switch over to the campus and data center networking environments as well.

There are capabilities that we deployed into the network many years ago like NetFlow. I mean, NetFlow is incredibly important for security and you’ll see us continue to innovate on top of NetFlow, because to me the network is the ultimate source of truth. Endpoints can lie, user credentials can get harvested, but the network is the ultimate source of truth. Regardless of where that network is, that network can be in the cloud, that network can be on-prem, it could be at the branch, it could be in the data center, but the network is ultimate source of truth.

And so we want to leverage our touch points wherever we can and whether it’s through our switching and routing hardware or if it’s in software defined way in the cloud to pull that network telemetry of the network and use that to then identify threats and then drive enforcement and we have those touch points almost everywhere.

So on the switching portfolio today, there is a lot of capabilities that we’re not yet harnessing, that allow us to really do a much more software defined approach to applying security policy, getting really, really granular not just like creating VLANs and doing segmentation in that way, but in a much more software defined way that actually ties and says this application can only talk to this database, it can only talk to this class of users and our security portfolio is built on top of that framework. So we actually leverage Cisco technologies like ACI and the data center to help drive that policy and the same thing is happening in the campus.

In fact, organizationally I don’t know if people know, but Cisco used to have a lot of different business units in the company, but now there’s really in the core franchises, there is only three business units, there is enterprise networking, there’s security and there’s data center, and all of that is now run by one leader, so even though my title says GM, I work for another GM, and David Goeckeler, who runs the core engineering franchise has basically put together the whole portfolio and really focuses on making sure that our products worked in the SIMs, so the SIMs between enterprise networking and security is incredibly important to our customers.

And so we’re as a group organized in a way that allows us to deliver that, and the same thing is true on the data center side. The SIMs between security and data center are incredibly important to our customers. That’s where they’re having the greatest challenges and that’s where Cisco I think has a great opportunity to deliver that integrated approach in a way that point solution vendors really are unable to do that.

Tal Liani

I want to go back to cloud you spoke about cloud, one of the concern, so Amazon is publicly saying they have 1,800 features -- security features, and one of the concerns that, that investors have is that security will also be offloaded if I could say to cloud vendors. What -- how do you see it?

David Ulevitch

Yeah. So I think that Amazon, first of all AWS is incredible, we use AWS at Cisco, we use a bunch of the other cloud offerings as well. And what you’ll find is they built an incredible sort of APIs, for customers to take advantage of, but that also creates to our complexity and in fact that’s not necessarily their core competence.

So they’re still looking. That’s what I talked about with the firewall, even though the Amazon provide APIs to drive essentially security policies, the glue is in the tools to enable us at a very complicated and they’re just primitives and they’re world class primitives, but they’re just the primitives.

Customers need to be able to translate their business use cases, their application requirements into those primitives and that’s the place we can operate and play in, the same way you would with the traditional next-gen firewall on the -- like a hardware next-gen firewall. I don’t know if people call next-gen firewall is traditional, but the hardware next-gen firewall. You need to be able to drive that same level of policy even if what you really doing is not applying policy to a hardware device, but you’re applying policy to set of APIs that get pushed out to Azure, to OpenStack, to AWS, to Google Compute.

So I think there is -- it’s highly unlikely the customers essentially remove their needs to run that kind of security to traditional security platform. I do think and I mentioned this earlier that more and more customers who outsource their security and it won’t look like the traditional secured works approach. That to me is like -- that MSSP model is like managed alerts, where customers really want is much more of managed security architecture and you’ll see companies move in that direction and in fact Cisco will also.

And we have in MSSP business and many of our partners in fact realized our VARs all the way up to our SIs recognized that our customers want help managing their security and they’re also moving in that business and we’re going to help to do that. I mean, we essentially are powering in MSSP in a box for many of our partners. In fact, Cisco Umbrella, which came in from opening us, a major part of that business comes through MSSPs that essentially price, package and provision that Cisco offering to their customers on our behalf.

Tal Liani

And how do you avoid competing with the channel?

David Ulevitch

So I think you have to define your trim lines and where you play. So depending on where our partners are and their sort of security journey in terms of offering security services, we will come meet them and that’s actually started to work out very, very well, so I’ll give an example. Some of our partners have the ability to come in and do a security assessment.

Some of that assessment is technology driven, some of its people and process driven, and then do that and they make a recommendation of the customer, hey, you need Cisco’s Firepower Threat Defense, next-gen firewall, you need Identity Services Engine, so your network segmentation and NAC, you need Cisco Umbrella and Cisco services will come in and help on the deployment side.

If the partner has deployment services, Cisco can come in within in the response trainer and say you look we’ll come in and be the SWAT team when it comes to rise an issue. You sell them the offering, you do the assessment, you do the deployment we’ll come and do an IR.

So the number of transactions is happening on our services business is going up, substantially because we play in the right swim lanes and we can engage our partners and our customers at the right point in their security journey.

Q - Tal Liani

Okay. We have -- I want to leave some time for questions. But before I have one question I know I’m going to get. The view today is that Cisco is going to try an increase substantially and you said it publicly many times you are CEO, increased substantially the recurring revenues and this is a metric you stared providing to invest this. How is security helping in achieving this goal?

David Ulevitch

Yeah. I mean, security to me is the tip of the sphere when it comes shifting, shifting of business from our traditional either perpetual licensing or hardware business to a software and subscription business. So today I think last quarter we announced 39% of our revenue, we grew deferred revenue 39%. And you’ll see that because there is actually a perfect alignment and I love this even as a vendor, there is a perfect alignment with customers of changing security from a transactional business to a subscription business, because aligns the interests of the customer saying, look, we’re going to continue to deliver you world-class security, invest ion threat research, invest in making sure that you have the ability to identify threats immediately and block them and you’ll continue to pay us money.

And it also focuses on some extra customers deploy security, because I don’t want to sell product on a shelf and then find out two years later, you never deployed it, you’re not going to renew, right, customers that don’t use products generally don’t keep paying for them, that’s like I’m a -- like a world-class CEO, but I’m pretty sure that’s how it works.

And so we focused on that adoption, we focused on driving that subscription business. If you look at the business that we brought in with both OpenDNS or we just did without dynamics elsewhere inside of Cisco, we have an incredible brain trust of talent that understands all the economics and the customer lifecycle motions around selling subscription services, driving that adoption, security is way ahead I think in that.

And now we’re helping the rest of Cisco, both in the system and they go to market motions and the customer success and adoption motions, making sure you find out way in advance how customers are doing before the renewal comes out, how to transact from process renewals in a partner enabled way. I mean we are -- that -- this is a multi-year transition the company is going through and I mean that can be intellectually it’s one of those exciting places I can imagine being.

Tal Liani

Got it. Good. We have time for questions. Anyone has any question, mic at the end, okay. We’ve probably answered almost everything.

David Ulevitch

All right.

Tal Liani

Last question. Is there any question from the audience, no, I can’t see because of the light. No, good. So last question is, is about understanding the sustainability of growth, we’ve seen Cisco’s security growing and you articulate very well the strategy across all the areas and I’m giving you here two buckets, you sold into existing base versus you expanded a market and found new customers and I know it’s difficult for Cisco, but it’s security is probably a less difficult. How much evidence you have that the growth you’ve seen so far and what’s in the pipeline is not just about selling to existing customer base, but rather also expanding the market and taking share?

David Ulevitch

Yeah. I mean, we look the numbers we published on AMP. Those are our net new customer additions. We do FireEye takeouts on a regular basis, because of our architecture wins against the point solution sandbox everybody. We do firewall takeouts, I mean the firewall business is incredibly competitive. We just see tremendous room for growth and we talked about this. We are in a growing TAM where nobody has double-digit market share.

So as well as we’re doing it’s all relative and our Board and our CEO are very clear they like security, has the ability to grow dramatically and that’s the expectation, I think thus far the expectation of all of you in the room and that’s our intention to deliver against that.

To me, I don’t necessarily look at somebody who has a legacy firewall as a refresh, to me, that’s a new sale and the new opportunity to go have a much more holistic in conversation with the customer say, look, you could just refresh your ASA to next-gen firewall, but let’s have a -- let’s come in and do an assessment, let’s actually talk about your overall steady process, we actually have the whole portfolio now and we have the services, whether they are partner-led or Cisco led, it actually help make sure that you actually really improve new capability and reduced complexity at the same time.

And to me, we’re able to turn this refresh opportunities and to major upsell opportunities and so I don’t think of that traditionally as just a refresh. I look at that as, how do we think that refresh and turn that into an upsell opportunity in a long-term subscription-based engagement.

Tal Liani

Excellent. Great. With that, I think we can finish here almost on time. We have 50 seconds if you want to say one last few words.

David Ulevitch

No. Great to be here. Thanks for having me, Tal.

Tal Liani

Thank you. Thanks, David.

