Aviatrix CEO: Cisco And VMware Cloud Security Shortcomings, Palo Alto Networks’ Price ‘Gouging’

Aviatrix President and CEO Steve Mullaney says his company’s new Distributed Cloud Firewall is exposing the cloud security shortcomings of Cisco, VMware and Palo Alto Networks.

Ushering In A New Era of Distributed Cloud Firewalls

Aviatrix CEO Steve Mullaney says the launch of the company’s new Distributed Cloud Firewall once and for all exposes the traditional network firewall as a “bad security” solution that is “horribly expensive” with a nagging “performance bottleneck.”

The Aviatrix Distributed Cloud Firewall – which is aimed at redefining network security for the cloud era- for the first time distributes firewall functionality into the fabric of the network, said Mullaney.

“This is the only way to provide security in a perimeter-less zero trust environment,” said Mullaney. “Networking and network security have to be integrated into the fabric of the network. It is just something that the network does. It is what we call secure cloud networking. It is not two things. It is not a network where you share traffic with security. The network is secure. It is secure cloud networking.”

Mullaney said the Aviatrix Distributed Cloud Firewall opens the door for dramatic cost savings, improved security and better performance for customers compared with last generation network firewalls.

“It is not as expensive because you are not moving traffic around,” he said. “And when we add that functionality it is a heckuva lot cheaper than when you go to what I call a last-gen firewall not a next-gen firewall. You can’t call something next-gen when it is 15 years old and it’s built for a different time. It should be called LGFW – Last Generation Firewall.”

Customers are anxious to take advantage of the cost savings that come with the new Aviatrix Distributed Cloud Firewall, said Mullaney.

“One of the taglines we have is ‘Save a lot of money. Improve your Security,’” said Mullaney. “People – especially now in the recession- are coming back and telling us you had me at saving money. They are all getting mandated to cut cloud costs, some by as much as 30 percent. Customers are telling us they have to optimize their cloud. We go in and tell them we can optimize your cloud costs and improve your security. That’s a winning combination.”

Mullaney – a high profile former Palo Alto Networks, Nicira and VMware top executive who came out of retirement four years ago to take the helm at Aviatrix– said the launch of the Distributed Cloud Firewall amounts to the official launch of Aviatrix as a force to be reckoned with in cloud networking.

“What I have been doing the last four years is building that networking infrastructure, building a reliable, resilient, fault tolerant, highly capable cloud networking solution,” he said. “Distributed Cloud Firewall is the announcement of Aviatrix.”

As for solution providers, Mullaney said the message is: “Do you want to be on the LGFW (Last Generation Firewall) track or do you want to jump on to the new innovation. You are looking at the emergence of a powerhouse in networking and network security with Aviatrix. This is a Cisco circa 1992.”

When you were at Palo Alto Networks, you coined the term Next Generation Firewall. Why is Aviatrix now introducing what could be called next generation firewall with Distributed Cloud Firewall?

Everything drives off the application. Fifteen years ago (Palo Alto Networks founder and CTO) Nir (Zuk) (pictured) and crew created the next gen firewall and I coined it and we marketed and created that category. The reason was the applications changed. Fifteen years ago everything started coming in and out of the organization on Port 80 and HTTP. So the rule for those firewalls was allow everything. So basically the firewall wasn’t doing anything. Because the apps had changed and they were all coming on Port 80 and HTTP was the protocol.

So the next-gen firewall had to go deeper than just port protocol and had to set policy and inspect on things like the user, content and so forth. That basically reinvented the firewall for modern applications. Everything was great. You were on prem. You had this choke point called a firewall.

Now we have a new computing model. It is cloud. In cloud there is no perimeter. When you are on prem there is a front door and everything goes in and out of that front door. Put a firewall there and you can steer traffic through the choke point of this thing called a firewall. You can apply network security at front door.

Now you go to the cloud and there is no perimeter. There is access to the Internet and access to each other by design, by default.

The enterprise said, ‘Well I have to do network security, but it is a perimeter-less environment. So how do I apply my network security?’ So what they did was they took their network security from on prem which was the firewall and they jammed it into the cloud. And what did that do? It took this perimeter-less environment and tried to make it do an unnatural thing by steering all of the traffic to the firewall. So they took something that was perimeter-less and tried to make a perimeter. The problem is that is really complex operationally to try to steer all the traffic to this thing. So what happens to security? It’s bad security, bad operations and it is really complex. It is now a performance choke point because I am trying to steer as much of my traffic in the cloud as I can through this thing. So it is a performance bottleneck. It doesn’t scale very well because now I have to put a huge instance with many, many boxes and big boxes of VM Series in the case of Palo Alto Networks. It is horribly expensive. So it is bad security and expensive. Not only are you paying the Palo Alto Networks fees, but now a lot of your cost is data charges. You are now moving traffic around in the cloud.

It’s bad scale, bad performance and it is horribly expensive. They looked and said what else am I going to do? This is all I got. This is all the industry is giving me. That is what happens when you try to take the concept of a perimeter based on prem and jam it into the cloud.

What is needed is what we are doing which is Distributed Cloud Firewall. In cloud you have to distribute that functionality into the fabric of the network. This is the only way to provide security in a perimeter-less zero trust environment. Networking and network security have to be integrated into the fabric of the network. It is just something that the network does. It is what we call secure cloud networking. It is not two things. It is not a network where you share traffic with security. The network is secure. It is secure cloud networking. We do that function everywhere.

Operationally it is beautiful. Security is built into the network. It scales infinitely. There is no performance bottleneck. It is not as expensive because you are not moving traffic around. And when we add that functionality it is a heckuva lot cheaper than when you go to what I call a last-gen firewall not a next-gen firewall. You can’t call something next-gen when it is 15 years old and it’s built for a different time. It should be called LGFW – Last Generation Firewall.

Look at my background and what I have been doing: security with Palo Alto Networks and security with NSX and VMware. This is what we did at NSX. We integrated networking and security together. What I have been doing the last four years is building that networking infrastructure, building a reliable, resilient, fault tolerant, highly capable cloud networking solution. Distributed Cloud Firewall is the announcement of Aviatrix.

Well some might say I thought you were doing cloud networking. But really what we are doing is secure cloud networking, integrating that security into the fabric of the network. You have got to do the networking first though before you add the advanced services of security into it. And by the way it is really easy to say what we are doing, but it is hard to do. You have to implement this in a distributed fashion so to the customer it looks like one big giant firewall.

It is securing the network with little bits of firewall and capabilities everywhere, but to the customer it doesn’t look like thousands of points. It looks like one big point with a single policy and point of enforcement. It is just distributed into the fabric of the network.

So all the firewall vendors Palo Alto Networks, Checkpoint, Fortinet and including the cloud service providers, the AWS firewall and the Azure firewall are all last generation firewalls that are not distributed. Those are physical pieces of software that you insert out into the network. They have all the problems that I talked about. It is going to be incredibly difficult and take them years to do what we do. What are the cloud service providers going to integrate it into? Nothing.

Why did you have to build the multicloud networking architecture before you released this Distributed Cloud Firewall?

You have to do the network first because that is how you implement this function. It is a Distributed Cloud Firewall. It works with AWS, Azure, Google, Oracle and everything else. It’s all the same. It has to be multicloud. It can’t be one architecture for AWS and another architecture for Azure and another for Oracle, etc. It has got to be one implementation.It has to look like one giant firewall.

In order to do this it the architecture must be reliable, robust and resilient. That is how you deploy the inspection point. Think of it as the data plane for your firewall. You have to do that multi-cloud networking first. We have done that and have gotten to the point where we can add in the (distributed cloud firewall) commonality.

From a cost perspective there are multiple insertions for us (with the Aviatrix Distributed Cloud Firewall). The easiest insertion is this thing called AWS NAT (Network Address Translation) Gateway (for Virtual Private Cloud). It is a service within AWS. Azure has it as well, but I’m talking about AWS now.

You have a lot of applications that have to reach the internet with their service. There is APIs they are calling. It is a micro-services distributed world. The applications are not monolithic. So you need internet access for all these things. So when you are in this (AWS) VPC (Virtual Private Cloud) NAT is what allows you to access the internet with IP addressing. The problem with NAT is all it is is an address translation from private to public IPs (internet protocols). There is no visibility for troubleshooting and there is no security. So it allows you to connect to the internet but it is not secure.

So one customer of ours -a large retailer- is going to save $6 million a year by replacing their AWS NAT gateways with one little insertion of our Distributed Cloud Firewall.

One of the taglines we have is “Save a lot of money. Improve your Security.’ People – especially now in the recession- are coming back and telling us you had me at saving money. They are all getting mandated to cut cloud costs, some by as much as 30 percent. Customers are telling us they have to optimize their cloud. We go in and tell them we can optimize your cloud costs and improve your security. That’s a winning combination.

What kind of reaction have you gotten from AWS?

You know what’s interesting is AWS is helping us. We are jointly running a campaign because AWS has a customer for life mentality which means ‘I need to help you save money on AWS!’

It is actually smart on their part. Because if they do that what is the customer going to say: ‘I need to stay with you forever!’

We are running campaigns to try to find more of these types of people. Absolutely!.

What are you seeing in large corporations with respect to cloud security?

This dirty little secret is network security is all screwed up in the cloud. It is so screwed up you know what a lot of enterprises do? Nothing! Nothing! Security in the cloud is far worse than on prem because customers look and say what is my alternative? They have to take this LGFW (Last Generation Firewall) jam it into the cloud and steer traffic into it. Think about it: it is complicated, it doesn’t scale, performance is horrible, I am not able to steer all the traffic to it and it is expensive. You know what they say: screw it.

What percentage of customers are doing that?

It is a lot. It is a lot. We are running into that a lot. It is not a random occurrence. And everyone says, ‘Shhhhhhh don’t tell my company.’ So you know what our competition is with our Distributed Cloud Firewall? Nothing. So we are not going in ripping out Palo Alto Networks. We are going in and providing them security they never had.

So we are ripping out (AWS) NAT gateways to save those customers money and the other customers we are going into is actually giving them security they never had.

The third area we are seeing opportunity is there are a lot of angry Palo Alto Networks customers. Palo Alto Networks has been gouging and running up ELA (Enterprise License Agreement) charges every year. People are now a few years into this using (Palo Alto Networks) last generation firewalls- VM Series -in the cloud. They are realizing this isn’t a lot of fun. This is a horrible solution and it’s expensive. And with the recession the number one tool in every enterprise right now is the yellow highlighter. Customers are taking their costs and highlighting everything. And the one they keep highlighting and circling is Palo Alto Networks. They are asking: how much am I paying for this?

We go to them and say Distributed Cloud Firewall is fixing the problem of network security in the cloud. You need to go to this at some point. And they look at it and say it is the right thing to do architecturally and they are paying a lot right now on Checkpoint and Palo Alto Networks.

We are finding a lot of people that are interested in that I didn’t think we would run into this soon. Typically people don’t get fast and loose with security. They have a solution and they keep it. And you have to earn that trust. But because of the cost savings they are bringing us in and saying, ‘Come on in let’s have that conversation.’

What are the economics for the older firewalls like Palo Alto Networks that Distributed Cloud Firewall is aiming to replace?

So the economics is they force you to use really large instances for their (Palo Alto Networks) VM Series and they force you to use a lot of them. So you spread them around in a distributed fashion. Now you have got a lot of these. You could have hundreds or thousands of these things. The complexity of operationally managing them along with the cost that Palo Alto charges is an issue. They are not cheap. So a lot of people will say: ‘I don’t want to do that. So they will centralize them and steer all the traffic from the VPCs (Virtual Private Couds) and VNets to this Palo Alto Networks cluster. So maybe you have 20 that are all load balanced and are really, really big so you are charged a lot. And then you have all the data charges now of everything running around, going to and going back to your cloud to this firewall. It is like a water sewage treatment. It is like you are running everything to this central place. That is not how the cloud is supposed to be. The cloud is supposed to be agile and distributed and dynamic and real time and no bottlenecks. Now you are taking this concept from the on premise world, steering everything back. Then there are the data charges and big incident charges and the license charges of these guys like Palo Alto Networks. Every year those charges just increase 10 to 15 percent on their ELA (Enterprise Licensing Agreement) figuring customers are paying it no matter what.

How does the Aviatrix Distributed Cloud Firewall pricing compare to the old ELA firewall model?

When you distribute it and you are not moving traffic around you are not incurring data charges with AWS. That is cheaper.

With Distributed Cloud Firewall you now have distributed functionality into the fabric of the network. It’s just like with distributed processing. Every position in the network is now adding processing power to what logically looks like one big giant firewall.

Now you can do small (cloud) instances because the amount of traffic each one of those individually has to do is not that great because it is distributed.What made it difficult was how do you create that distributed system and make it operate and look like one?

All of our engineers are from Google. We have all Google guys. These are all Istio (programmable, application aware network service mesh) and Kubernetes guys. They understand distributed systems. They are not box guys. Most firewall people all their engineers are box people. They don’t know how to build a distributed system. That’s a Google world.

How long have the Aviatrix developers been working on this and how big a breakthrough is it?

We have been working on this for three years.

When I went to Nicira 15 years ago (as CEO), the first use case from Martin Casado (Nicira co-founder and chief technology officer) even before Nicira was a security use case for OpenFlow (an open source protocol developed by Casado that enabled software defined networking). That is why we called it NSX when we went to VMware (which acquired Nicira for $1.26 billion in 2012). It was micro-segmentation and integrating security into the network.

It was a security use case. Still to this day the number one and probably really the only use case for NSX was a security use case of integrating security into the fabric of the network. That is the way you need to do it in a kind of a modern way.

When I came to Aviatrix it was like – ‘Well I’ve seen this movie before! This is just like what I did at Nicira. But now it is for this multicloud world. So networking and network security are one thing. Security needs to be built into the fabric of the network environment like cloud. It has to be. It is the only way to do it. Architecture wins all the time in the enterprise. It might take a few years for every enterprise to realize they have to rip out their Palo Alto Networks (firewalls), but they will. We will earn that trust over time. Until that happens we have got all kinds of places to go after like (AWS) NAT gateway and areas where there is no security that we will be able to insert.

What does this do to VMware?

For good or for bad, NSX and Nicira as the best part of VMware was built for a different time. It was built for on prem. They have never made the move to cloud. They haven’t been relevant for years. What VMware and NSX went after is on premise data centers. They don’t do anything in the cloud.

If you are saving one retailer $6 million by replacing the AWS NAT gateway what are the savings for on premise firewalls?

If you look at the architecture for on premise and the last generation firewalls that Palo Alto Networks does for on prem is architecturally the right way to do it. You have to have a choke point. The firewall handles a lot of north -south traffic which means coming out of the data center and going into the data center. You have got a door. You can lock it. You have a choke point place where all the traffic is naturally passing through. So the architecture of having a firewall that you steer traffic through actually works. That is fine. Don’t change what you are doing on prem. The whole world is moving to cloud. Nobody is adding more to on prem. That game is over. It will be flat to down for the next 20 to 30 years. Everything anybody is doing is in the cloud.

But then when you look at the cloud the problem is there is no perimeter in the cloud. There is no front door. You have got thousands of data centers, VPCs (Virtual Private Clouds) and VNets(virtual networks). It’s all over the place. It is a natural architecture of direct access to the internet by default.

The cloud providers optimized around agility and connectivity to the internet. That is what they did. It was to get around the security controls of the enterprise. That is why people went to AWS 15 years ago. Screw you IT all you ever do is tell me No!. I have a credit card. I am going to swipe it. It is called Shadow IT and I am going to deploy everything on AWS. They went Woo Hoo! This is fantastic. There was no security controls. It was optimized for that. Then the enterprise get into the cloud. They say Hang on Here- We are in a regulated industry. We are an enterprise. You just can’t run around drinking Tequila with no security. We have got to have all those controls for trouble shooting. We are running SAP in the cloud now guys. This isn’t just some fun app we are doing. This is a business. We have got to have visibility, security controls, performance controls, cost control. We need all that. And we have auditors and regulators. We need security.

Now what do I do? I’m an enterprise and I want to move SAP and all these other business critical apps into the cloud. You need security. The only thing they had was last year’s model – last generation firewalls jammed into the cloud.

It doesn’t make any sense. Who else was going to come up with a Distributed Cloud Firewall?

Is the first go-to-market sales model the AWS NAT cost savings?

That is like a hot knife through butter. It’s easy. Who doesn’t want to save a lot of money and have better security. Everybody.

Some people will say I don’t use a lot of NAT. Then we’ll go to the next one which is what else are you doing in the cloud?

The third is I have everything locked down with Palo Alto Networks and I’m spending $20 million to $30 million a year. How is that working for you?

So the customers says – I just came out of a meeting with my CFO who says I need to cut 30 percent of my cloud costs. I have underlined and circled and highlighted that Palo Alto Networks expense- Is there anything you can do for me? Let’s have a conversation.

So what kind of reception are you getting as you go to drive public cloud cost savings with Distributed Cloud Firewall?

One of the responses has been you had me at cost savings. Companies are literally being mandated by their organizations to optimize costs in the cloud. There are no sacred cows. They are looking at everything and anything they can. It is daunting. It is a huge driver right now.

I have had literally 12 minute conversations with prospects. I don’t go through a whole hour long presentation. I tell them can save you money and improve your security posture in the cloud. Are you interested? They say great!

Who is going to take the biggest disruptive hit from this new Aviatrix Distributed Cloud Firewall?

It won’t be the (public) cloud guys. AWS strategically is doing the right thing. They will applaud this in terms of saving money. (AWS) customers may save a little money but guess what they are going to spend it all back with something else on AWS. They have a customer for life mentality which is the right thing to do.

The people that are going to be hurt by this are the network security vendors – those vendors like Palo Alto Networks that have done very well in the cloud- more than the others. Then I would say (cloud network security) helper companies.

The problem is network security needs to be reinvented. There are a tremendous amount of what I call helper companies that are hanging around in the cloud selling medication for symptoms. When you cure the disease those companies will get hurt.

If you have a medical problem it kicks off 20 symptoms: your knee hurts, you face has a rash. And it is all spawned from an allergy you have. When you cure that disease the 20 creams and patches and everything else you are using to medicate that you don’t need anymore.

When you cure network security – which is what we are going to do – there are a lot of things you won’t need anymore. Look at Wiz ( a cloud detection and response security software provider). Everybody is all excited about Wiz. It has a $10 billion valuation. Everybody is all excited. Guess what? A lot of that functionality we do built into the fabric of the network. And there are additional things that we do because we are in the network that they can’t do because they are not in the network. They go on the web and they find vulnerabilities, but what can they do about it? How do they remediate? They can’t. They have no enforcement point. All they are is a visibility tool.

Right now people have no visibility and no control over anything in the cloud. It is horrendous. So anybody hat gives them anything they will look at it. Companies are clamoring for it. Guess what? We do network security in the cloud the right way. We are integrating all that stuff.

A lot of vendors are going to hate me because they are going to go poof as we start inserting functionality. This is going to take years. It is not going to be day one.

When you ask who is going to get hurt the most it is going to be Palo Alto Networks eventually and it is going to be a lot of these other periphery cloud security posture management tools. There are hundreds of them. This is part of the problem. Enterprises right now have hundreds of tools for security in the cloud right now. The reason is with all these symptoms, tools, creams and patches they are not solving the problem. Solve the problem and these things go away.

What is going to happen is there is going to be a whole industry of people that are going to hate me. This is what happened when we came out with the next generation firewall at Palo Alto Networks. There were AV devices, instant messaging devices, URL filtering devices- what they call firewall helpers- that got hurt.

As soon as Palo Alto Networks came out with a real firewall- a next gen firewall for modern day- all those companies went away because it was all built into the firewall.

What kind of impact then do you see this announcement having on the industry?

Whether people know it or not, I say that May 18 is the day the bullet left the chamber. The one you are targeting may not die right way. But pay attention, we are going to look back on the launch of this and say that was the day that cloud network security was fixed.

It is the right architecture. I have not found one person that says architecturally this is not the way it should be done. From analysts to financial sell side analysts to customers and prospects everybody says this is the way it is going to have to be done. How we go from where we are today to where this needs to be remains to be seen. It might take years. I have years. We have time. This is all about the next 30 years for cloud. We can’t change it overnight. But the world will be changed on May 18 because it is going to show everybody architecturally this is the way to do it.

How important is architecture and do partners realize the importance of it when it comes to cloud security?

I have this phrase – It’s called – Architecture Matters. It is one of the foundational principles of Aviatrix and how we run things. Architecture matters. It does matter. I am building a house in Narragansett. Do you start just banging nails together? No, you hire an architect first. What kind of house would you get if you didn’t have an architect. A crappy one.

So if you have a good architecture you will have a pretty good house and a pretty good life. You don’t just go about your life. You architect it. You have a plan. It is the same with IT. Architecture matters. If you have a good architecture life is pretty good.

If you architect your network correctly things just kind of work. If you have a bad architecture things never work. It is horrible. That is the mode we are in right now: we are not architected for network security correctly in the cloud. We are jamming the old world concept of a last generation firewall and sticking them and lifting and shifting them into the cloud. And then we are surprised when things are horrendous. All aspects of it are bad. It is all bad. It’s the wrong architecture. Come in with the right architecture and all of a sudden things getting easier. All the symptoms go away. You architected it wrong.

The question is who was going to come up with the right architecture: Palo Alto Networks? They are not a networking company. Think any of these other security companies. So the only one who is going to do it is a networking company. Cisco? Cisco is not anywhere near the cloud at all. There is no innovation coming from them particularly for cloud. Who else? Arista? They are on prem, they are not in the cloud. Juniper? They are building routers for the internet. They are not in the cloud. It had to come from someone new. Who is new? There is only Aviatrix.

It could have come from VMware and the NSX engineers. But all the good ones left 10 years ago. They don’t have anyone that can innovate. They are stuck in on prem. They don’t think about cloud. That is why it had to be us. We are the only ones that were going to come up with this. This is architecturally the right answer.

How does the Aviatrix architecture with regard to cloud security differ from Cisco?

What you have to understand about Cisco is Cisco is a 100 percent on prem company. They say they are now a software company. They are not a cloud company. They may do software on prem.

They are 95 percent on prem. They are old world. They are last generation. They are the old computing model of PC client server. They are no where in the cloud. No where. They haven’t made acquisitions. They haven’t done anything organically. They are not there at all. So when they talk about integrating security, networking and this, that and the other thing they are talking about on prem. That is like innovating in the- mainframe market. Who cares? That is what they talk about.

They will agree with this launch we are doing. They will say we agree with Aviatrix that more security needs to be put into the network. The problem with Cisco is they don’t have anything in the cloud. So they agree with the concept, but what do they have? Nothing.

They will agree with the concept but they have no solution. They just acquired this little company called Valtix for $100 million or something minor. Valtix says a lot of the same things we say. They are like 5-10 percent of what we do- not even close. But the concept – what they say about their firewall is ‘we believe it should be better integrated into the network.’ But they are not a distributed cloud firewall. They are still not the right architecture. At least they are in the cloud. So it is a cloud firewall. It is not a distributed cloud firewall. At least Cisco has something that they can sell. But it is still very, very minor.

I think they’ll agree with what we say because they are a networking company. But they are an on prem networking company.

How do you see Valtix in terms of how they approach the market versus Aviatrix?

AWS and Azure have cloud firewalls. Valtix built their own native firewall service.

The problem is those are still the same (old) model. They are a physical instance of a firewall. It is not a distributed firewall. It is a last generation firewall kind of optimized for AWS and Azure.

Valtix did kind of the same thing. They did a better version of a next gen firewall that is a little more cloud friendly but it is still a single instance of a firewall. It is not distributed. It is just a firewall that you place somewhere.

I lump them in the same category with the next gen firewalls with Palo Alto Networks, Fortinet and Checkpoint as well as the AWS and Azure firewall. Now you have this Valtix firewall. They are all the same. It is just varying levels of cloud friendliness.

Is there any way of telling how many security breaches are caused by the old network firewalls?

That is the crazy thing about security. If there is a little monster under the table and you don’t see it there then you have plausible deniability.

So we go in with our ThreatIQ service with (Aviatrix) ThreatGuard. Basically we monitor all your VPCs and see if they are going to malicious IP sites. We install it for customers that have Palo Alto Networks and the thing lights up like a Christmas tree. Why? Because there is no way you can steer all this traffic to the firewall. It is very complex.

So what happens is they think they are secure. As long as they don’t know they have plausible deniability. It’s like all these customers that don’t have a lot of security in the cloud. They cross their fingers and they say Shhhhhh. They don’t see it.

This is partly why Wiz is getting a lot of traction because Wiz does give them a lot more visibility.

So we come in with ThreatIQ and people say I thought I was okay.

How big a step is this new Distributed Cloud Firewall for Aviatrix?

I actually think this is the launch of Aviatrix. What people want is secure cloud networking. They want a network that is secure. Security has to be integrated into the network. What that means is not just L4 (network services), but all the way through L7, IDS, IPS, Anomaly Detection, Scanning, you name it. Everything has to be built into the fabric of the network. We are launching that.

We are shipping the product now. Release 7.1 shipped last week. This isn’t some futuristic thing. We have been working on it for two to three years and now we are launching it.

So when you look at networking in the cloud- multicloud networking- we look it as just cloud networking is free. Some customers ask why shouldn’t I use just basic networking services from AWS and Azure. They don’t charge me that much. We go through it and show them al the reasons why.

When you look at security and the value of security in your infrastructure and how horrible it is and the big hole you have it is not in networking. It is in security. So in a sense what we are doing with security is what Google does with advertising and search. Is Google a search company or an advertising company. Well they created the world’s best search engine, they gave it away for free and then monetized that with advertising. If you look at Aviatrix that is what we are doing. We are the world’s best multicloud networking solution which is not free but effectively it should be free. Then we add value added services. Instead of advertising it is security. We do secure content networking. We integrate security intelligence and embed services into it. And we’re going to do other things like traffic engineering, application intelligence, threat intelligence and other intelligence into the fabric of the network. That is our differentiation. Because we are the network and we are everywhere we add a little bit more intelligence everywhere.

We have created a distributed system that makes it look like one. So operationally it is very simple, very cloud like. It is all integrated into the CI/CD pipeline and Terraform. It is all cloud native. One of the analysts said that our Distributed Cloud Firewall is more cloud native than the cloud native solutions. It is, but it is multicloud native. It is not just one cloud. It is all clouds.

When you look at the value of what we are providing to customer it is an order of magnitude or two greater than what we have now.

What is the message to partners selling old firewalls and old architecture?

At the end of the day what does a partner want to do? They want to make money. Do you want to be on the LGFW (Last Generation Firewall) track or do you want to jump on to the new innovation.

You are looking at the emergence of a powerhouse in networking and network security with Aviatrix. This is a Cisco circa 1992.

What we are going to go do is build our version of WWT by working with certain partners. We are going to find the next WWT. Maybe Enterprise Vision Technologies - which is working with us- is going to be the next WWT. Let’s go turn them into our version of WWT. We are going to have to build our own version.

What do you think Palo Alto Networks is going to say to a partner that starts selling a lot of Aviatrix. They are going to say 80 percent of revenue is with us- stop working with Aviatrix.

We are going to work with partners that are going to buy in and go all in with us. We are the disruptor. That is a small number of partners. By definition you have to say forget the incumbents.

We are looking for the disruptors.

How do you feel about the company now that you have the Distributed Cloud Firewall?

I feel great. This is the reason I came out of retirement four years ago. I didn’t come this far to come this far. This is that type of opportunity. It is a 30-year opportunity.

I didn’t come back just to make some money. I came back to build an epic, legendary company like how Cisco was- a 30 year company. The opportunity exists.

Now that we have got the whole network with security the speed with which we are going to start coming out with advanced services is going to shock people. We have now done all the hard work. The easy part is adding value on top of it. We are going to distribute all this to the edge, to branch offices with IoT.

This is what is happening to the cloud. People want to extend their cloud operating model to the edge. So things like SD-WAN and SASE are all dead. People don’t want to connect to the cloud. They want to extend the cloud to the edge. And all the security and the Distributed Cloud Firewall is another 10X expansion opportunity for us. We have been working on this for the last two to three years. All these things are a culmination of things I have been working on for four years. I just hadn’t told anybody because we weren’t ready. We weren’t shipping it.

What applications are driving this?

Every computing model is changed by the application. Look at the apps now. They are cloud first. They are not monolithic. They are micro services based. They are using APIs. They are very distributed.

Think about the applications now. They are not monolithic. They are all over the place. They use the internet. You are going to have multicloud apps. You are going to have this service from Google and that service from Azure. You are not going to limit yourself to services on just one cloud. You are blowing up the application. The infrastructure follows the app. I say the App rocks the network rolls.

When the application is distributed it forces you to this zero trust distributed environment. Networking and network security is not a thing on its own. What are we here for? We are here to support the application. When the application changes guess what has to happen? The infrastructure has to change along with it. It has to become more dynamic, more agile, and more distributed.