This Week in Tech 520 Transcript

Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.

Curt Franklin (00:00:00):
This Week in Enterprise Tech, we talked about vulnerabilities in space. Apple, maybe bringing chips back to the us and how Gerardo, chief Marketing Officer from Catchpoint can help you know what's inside your network. Twi, oh on the set

VO (00:00:24):
Podcasts you love from people you trust. This is TWIT

Curt Franklin (00:00:36):
This week at Enterprise Tech episode 520, recorded Friday, November 18th, 2022. Catch point and release.

Lou Maresca (00:00:48):
This episode of This Week in Enterprise Tech is brought to you by Thanks Canary. Detect attackers on your network while avoiding irritating. Also alarms. Get the alerts that matter 10% off and a 60 day money back guarantee. You go to and N to the code TWiT. And now how do you hear about his spots? And by code comments, an original podcast from Red Hat that lets you listen in on two experienced technologies as they describe their building process, what they've learned from their experiences. Search for code comments in your podcast way and by Nare. Nare has simplified everything about meetings and classroom audio. You get great audio and systems that are easy to install and manage. Visit and get 50% off one nare HCL 300 system for midsize room when you get a live online demo and buy before December 16th, 2022.

Curt Franklin (00:01:44):
Welcome to TWiT, your source for all that's important in enterprise technology every week. I'm Kurt Franklin, senior analyst at AMIA and your host for this episode of twit. Now you'll notice that I am not our normal host, Lou Maka. He is off doing special things this week, but I am here along with my co-host Brian Chi, and we have a great show for you with lots of enterprise new news and a very special guest. We're gonna be talking about some some things that are rattling around in social consciousness this week and why they have a technology cause speaking of my co-host, Brian, welcome to twia. What's going on down on your end of the neighborhood today? Oh, you know, I've been tinkering with trying to figure out what my next build's gonna be and I found some really cool things with computer vision.

 The first team robotics first robotics teams, or however you pronounce that, and I are working on a robot that stacks cones onto long poles and using computer vision gets them extra points. So we've been kind of tinkering with that and introducing the kids to some really old, you know, more than a hundred year old technology on how to move levers quickly. So lots of fun, you know, that, that is cool. One of the great things about Maker Faire, especially the Orlando version, is that we are the gathering place for the first robotics teams and it's always great to see just how creative those young people can be and just how complex the problems they can solve are look forward to seeing what they come up with for next year's challenges. Well, speaking of challenges we have the challenge of getting on with our show and we start, as we always do with the blips.

According to a 2022 Dell Global Data Protection Index or GDP I survey of a thousand IT decision makers across the globe, organizations are struggling with mounting data losses, increased downtime and rising recovery costs due to cyber attacks. In a dark reading article on the survey, it was noted that organizations now face an impact of 1.06 million in costs per incident, along with an average of two terabytes of lost data and 19 hours of downtime. Among those responding to the survey, 63% said that they're not very confident that all business critical data can be reliably recovered in the event of a destructive cyber attack. Now, that number is especially notable in light of the 48% of organizations that did experience the cyber attack in the last 12 months, cyber attacks that prevented access to their data. Now, one of the primary reasons data protection strategies are failing is the lack of visibility of where that data resides and what it is.

Problem made more complicated and much worse by where the data resides. And in that is due to the rapid ongoing adoption of cloud native apps and the further complication of containers. The sheer scale and complexity of millions of individual data objects across thousands of data stored in multiple clouds multiplied by the near infinite combinations of rolls and permissions for thousands of users and machine identities would be challenging for CISOs to secure in a on-premises static architecture. In the dynamic world of the cloud, the situation is even more challenging. Now, in response to the urgent situation, zero trust is growing in popularity in enterprise security because not trusting users by default works well to reduce risk. You've heard us talk about zero trust often here on this week in enterprise tech. Indeed, virtually all the survey survey respondents indicate they intend to implement zero trust into their environments at some indeterminate point in the future. That's because actual deployment is not happening at a very rapid pace. Only 12% of those responding to the survey indicating that they have fully deployed zero trust architecture into their environments according to researchers. The main problem with getting zero trust deployed is one we have also talked about at length here on twit. It's a critical shortfall in IT skills, particularly as that shortfall relates to cyber recovery and data protection in the changing cloud universe. It seems like some things, well they just never change.

A big thank you to our friends at PC Mag for this story. And this one actually is kind of interesting. You know, Tim Cook says Apple will use chips made in America from 2024. Now I'm gonna preface this. This is PC Mag and myself and a few others speculating. We don't know for sure what's driving this decision. Apple has not really said anything yet. But here's the speculation. So if there's any signal that manufacturers are getting tired of a broken supply chain, it's this story from pcma. So with continuing covid shutdowns in China's manufacturing, heartland, one has to wonder if the rest of the world is jumping into the gap left by China's problems, especially the rest of East Asia like Vietnam and Taiwan. While I can't name names, right at the beginning of this outsourcing trend, a famous manufacturer in the US was forced to stop using mainland Chinese chip fabs due to their designs showing up in competitor's devices right down to their logo showing up on the microscope, while they also stopped using other components due to lack of consistency with that product. It occurs to me that much of our industries rush towards cheaper and cheaper manufacturing is coming back to bite us. Well, just remember how the US lost the capability to manufacture quite a few pieces of consumer electronics, for example. There are no TVs built in America anymore. I'll leave it up to you to ponder whether this is good or bad, but will this eventually happen for PCs or is the Apple move a harbinger of the IT world saying we need to bring, bring more of our key capability back on shore?

Well, a few nights ago, those of us here in central Florida got to watch Artemis take off. That's the largest rocket NASA has ever launched. And seeing that magnificent site brings into focus the fact that all of our spacecraft are now vulnerable to failure, thanks to a bug in a network protocol that's designed to bring the internet to outer space. According to researchers from the University of Michigan and nasa, the protocol which is known as time triggered ethernet or tte, reduces the cost of implementing networks for critical infrastructure devices by allowing multiple devices to use the same network without even having packaged collide. It also unfortunately provides attackers with an avenue of attack that is the stuff of science fiction drama, if not outright nightmares. According to a recent article on dark reading or recently discovered vulnerability in the networking protocol used for sharing critical messages in software for spacecraft, airplanes and critical infrastructure could be used to disrupt or cause failures in connected devices used in applications like crude missions to the asteroids, the moon or Mars.

The researchers tested the attack in several experiments and showed that it's practical for a simple device using electromagnetic interference to break the isolation. That is the cornerstone of security in the TTE protocol. The attack continues a trend of critical infrastructure and industrial control, industrial control systems being increasingly targeted by cyber attackers. Now, CISA worn in September that a p t actors had increased attacks against critical infrastructure like utilities and industrial targets. The modern TTE networks tend not to verify parts of the data packets sent through local subnets. They trust themselves and that makes the demonstrated attacks that much more achievable. During an attack, researchers gathered information from the targeted TTE network to create a special packet. It's one known as a protocol protocol control frame, and then injected that frame into the network while creating electromagnetic interference to undermine the switch's ability to control routing.

It sounds complicated, it's really not. As far as defending against such an attack, organizations can replace any copper ethernet cable with fiber optics and eliminate the impact of electromagnetic interference. In addition, network could be modified to prevent malicious synchronization control messages from accessing the same device as legitimate messages. Now, it's important to note with all of this calamity talk that this is not untact that's been seen in the wild and that government agencies and industry are working to make modifications that will make the attack less a threat still. It's just one more thing to worry about now that we're speeding up our efforts to head out into the black.

So geek wire, thank you so much. This story actually hit a lot of media outlets and no wonder with Amazon alluding to laying off upwards of 10,000 people into devices and services division responsible for their Echo fire TV ring cameras and their gaming service called Luna, they join Meta and Twitter contributing to around 35,000 people potentially being added to the unemployment list this holiday season. Sadly, this doesn't sound like the end since Amazon is doing layoffs on a division by division basis and final numbers will change as Amazon HR folks try to shuffle laid off workers into other divisions. You gotta know something is happening to the Amazon Echo numbers when emails were sent out to subscribers last Wednesday that for a single day you could buy a Echo dot third generation for a single dollar. And that was this last Wednesday. That's wild. Anyway, are estimating upwards of 120,000 tech workers have lost their jobs this year amid fears of a looming recession coming up this coming year. Spin this you want, but the interest rate hikes by the Fed starting in last administration and those folks want a second crack at our economy in the next election. So get out and vote please.

Well, that is it for the blips. We've got a great bite coming up that's gonna hit on a subject that a lot of people appreciate, but before we get there, we have to talk about one of our advertisers and to do that, we're bringing Luka back from wherever he is in the world. Lou, over to you.

Lou Maresca (00:14:36):
Well thank you guys. I'll get you back to your enterprise and IT news in just one moment. Before we do, we do have to thank a really great sponsor of This Week in Enterprise Tech, and that's Thanks Canary. Now, if there's anything we've learned from the last year is that companies must make it a priority to layer the security of their networks. Now, one of those layers needs to be thanks, Canary. Unfortunately, companies usually find out too late that they've been compromised even after they've already spent millions of dollars on it security. Now attackers are sneaky, unbeknownst to companies, they they pro your networks, they look for valuable data. But the great thing about Canary is that they turn that into an advantage for you and your organization. While attackers browse active directory for files and explore file servers, they're looking for documents and they'll try to default passwords against network devices and web services and they'll scan for open services across your network.

Now, things Canaries are designed to look like the things that hackers wanna get to. Now Canaries can be deployed throughout your entire network and you can make them look identical, identical to a router switch, a NAS server, a Linux box, or even a window server so attackers won't know they've been caught. Now you can put fake files on them and you can name them in ways that really get the hackers attention and you can even enroll them in active directory. Now, when attackers investigate further, they give themselves away and you're instantly notified. Canary Tokens act as tiny trip wires that you can drop into hundreds of places. Canary is designed to be installed and configured in minutes and you won't have to think about them again. And if an alert happens, Canary will actually notify you the way you want. You won't be inundated with those false alarms.

In fact, you can get alerts by email or text message or on your console through Slack, web Hooks, syslog, or even just their API data. Breaches happen typically through your staff, and when they do, companies often don't know they've been compromised. In fact, it takes an average of 191 days for a company to realize that there's been data breach. Canary solves that problem. Canary was created by people who have trained companies, militaries and governments on how to break into networks. And with that knowledge they built Canary. You'll find Canary is deployed all over the world and are one of the best tools against data breaches. Visit for just $7,500 per year. You'll get five canaries, your own hosted console, upgrades, support and maintenance. And if you use Code TWI in the how do you Hear About Us Box, you'll get 10% off the price for life. We know you'll love your things Canary, but if you're not happy, you can always return your Canaries with their two month money back guarantee for a full refund. That's Canary. Do tools slash TWI and enter the code TWiT. And then how do you hear about this box? And we think thanks Canary for their support of this week in enterprise tech. Back to you guys.

Curt Franklin (00:17:30):
Thanks Lou. We appreciate it. And now it's time for the bite. This is when we take a deeper look at a new story and this time we're gonna be talking about, well, I think it is a new old or old new way of looking at owning some common assets. Brian, what's going on out there in the big wide world? Okay, some of you have probably have heard of electrical co-ops. I know Kurt, you were part of an electrical co-op in Georgia when you lived there, and it's not a hard idea. It's basically when a fairly large group of people or homeowners all cooperate together to own a facility in common. So electrical co-op, they're the electric company. Well, in this ours Technica story, we start talking about how some Silicon Valley residents have formed a co-op internet service. Now, this is not a new idea.

 Some friends and I actually did a co-op in Boise, Idaho. And at that time a T1 was a big lot of money. We brought a T1 into someone's home, set up a router, and I helped them put up a big omnidirectional antenna so that a small neighborhood could share that t1 kind of a big deal. Great idea. Well, the article goes on to say that one of the big issues is the cost ob. The most obvious obstacle is, is price. So in this case, in Los Altos Hills, which by the way is a very posh neighborhood they're saying the the residents had to pay anywhere from 5,000 to $12,000 up front for fiber to the home internet. Well, they say the company that built the Los Altos Hills Network says its model isn't just for wealthy people. This is not the 1% solution as people derisively called to his face.

Next level network CEO David Barron told ours technical in a phone interview, Losal Hills was unique. Okay, so let me put some background on this. Los Altos is not your typical suburbia. There's a lot of space there, large lots, it's wooded, it's got winding roads. It's a nightmare to put fiber in. And Los Altos Hills is kind of poshed. They don't like overhead lines. So I gotta imagine the 5,000 to $12,000 upfront for fiber to the from the curb was unusual. Now, I've actually been involved with fiber to the curb on a curb on a couple of cases. The wireless internet service providers network. Wipa Pza is the conference held every year in Las Vegas. This was one of the big, big topics. Now, 60 gigahertz was the big topic on how to get the backbone set up some of the new 60 giggers like, you know, some, you know, we've had some of them on give you upwards of a 10 gigabit per second backbone.

And then you can drop off bandwidth at buildings. In fact, my business partner in Honolulu who's probably watching, he and I are talking about handling, you know, the two and three story hollow tile brick walkups that are also popular in certain areas. Well, here's the problem echoed by a lot of people at WUSA is that the big boys, the people that you know, the large ISPs like Spectrum or at and t or Comcast or whatever, aren't interested in buildings unless there's at least 40 customers. So the small guys are saying, well, we can do better and we can do it cheaper. So this kind of seems like a interesting middle ground. So here's the bottom line. The company that put in Los Altos, it's not only Los Altos. They're doing a whole bunch of different places and they are working with resi, you know, probably homeowners associations on how to get the fiber backbone in.

Now keep in mind some of the big technologies that are making this all possible is you don't have to run a dedicated fiber line to each and every customer. In fact, the at and t fiber that I have to my home actually has a splitter up on the pole. It actually peels off approximately 10% of the light and runs it on a single strand from the pole to my home. And I have a special, it's called a bd, B I D I SF p they also have BD SFP pluses. So my cable mode, my fiber modem actually as a bd SFP plus it is capable of providing me up to five gig per second. This type of change is what's driving a lot of this. So there's, there's actually two big changes. One, we can now drop off and run upwards of 40 kilometers on a single strand of fiber or couple strands of fiber.

As long as we don't peel off too much that light, we can drop it off to a whole bunch of homes. The technology is capable of, you know, couple hundred splits on a single strand. And your typical fiber is multiple strands. You don't have to worry about that. There's a lot of things, but you can go long, long distances. This starts becoming a lot more economical when you start talking about suburbia where the homes are relatively close to each other. The internet service provider just has to go down the street. So like for instance, the neighborhood that Kurt and I live in is undergoing an undergrounding project from Duke Energy. The idea is underground is a lot less susceptible to hurricane damage. Well, right behind them is the ability to go and run fiber. So at and t is eventually gonna pull their, their cables off the telephone poles cuz the telephone poles are gonna be be going away and they're gonna run down the street in a common area.

Typically it's that grassy strip in between the, your sidewalk and the street. Run it down. That. And at each house that you know, they're, they're gonna hit, they kind of have a loop that comes up into a little green can of some sort and that's where they can split off a fiber and run a single strategy your home. Now let's get back to the story. What happens when you have a aggressive homeowner's association and they say, why can't we do this? But the problem is they don't want to have to run the silly thing. You know, nobody wants to go and give up so much time. Especially, you know, if you have a community like us that's got a lot of retirees, we we wanna be retired, we don't want to have to run an is p that's where the next level folks come in.

So next level networks are founded by the c currently the cto Darrell Gentry who previously founded a phone company that provided DSL in the Midwest in the late 1990s and then later founded a wireless ISP in Missouri. He started thinking, well, let's go and say let's use a Kickstarter kind of model. Instead of next level having to go and pony up all the money and all the risk of lighting up a neighborhood he's gonna go in or someone from next level's gonna go in and talk to the HOA folks and say, Hey, you have, you know, facilities in common, you have streets sometimes the water's in common, you know, or whatever. Why not internet? It's gonna add to the value of your neighborhood. It's going to provide you with something that you own. It's part of, you know, your your neighborhood and should, here's our estimate on how much it's going to cost.

And the cool thing is they're, they've kind of taken a good pay, good you know, idea and said, Hey, we're not going to make this only us. Cuz that's been one of the big problems with a lot of facilities. Once someone goes in, you know, especially one of the big boys, they say, no one else can play. This is our fiber. Well, because the HOA is going to own this, that also means that they could prob they could go in and assign either dark fibers, you know, cuz you're never gonna run just a single strand. Or you can say you can have these frequencies because you can do, you know light multiplication, you know, bandwidth, multiplication on the fiber. So they're calling that an open access network. Pretty cool. Now this also means that by having a company like Next Level running it for you, the HOA can just say, okay, we're going to add X number of dollars to our monthly dues and that's gonna go to somebody like next level and they can run it.

Now Mr. Kurt, getting to the point you were, you've been involved with a couple of different HOAs of different flavors and what's involved, you know, what are the, have you seen any downsides to the concept of co-op in general? What kinds of things happen and could, could you predict maybe this might happen on a fiber someday? You know, cuz it, I'm certain it's not all peaches and cream in Georgia for power <laugh>. Well, you know, it, I think the issue and the one that's going to make the big difference is one of scale. I belonged when we lived in the Atlanta area to what was called a rural electric co-op. And these were very common in the middle part of the last century as a way for people who were not in an area that was readily served by one of the major power companies to electrify a rural area.

The farmers and business owners, many of whom were used to belonging to co-ops for farm equipment and for grain storage, things like that, got together, pool, their resource resources, and then went to the federal government and various other financial resources and said, we want to long term collectively get the money to electrify. Our area worked very well, and I've gotta say the electric co-op that I belonged to up there was my favorite electric utility ever. Not only was it reasonably priced it was very forward looking in terms of the load balancing, the conservation messages methods that they employed and the way that they provided financial incentives for members to participate in these load balancing and energy savings activities. But I've gotta say that my, my favorite part, because this was a rural electric co-op, was that every year there was an annual meeting of all the co-op members.

There would be a big picnic on the grounds of the co-op headquarters with barbecue, there would be a gospel quartet singing, and they would take the truck, the pickup truck with the highest mileage in the co-op fleet, and that was the door prize. So someone would go home with an F-150 with 340,000 miles on the odometer. It's hard to beat. Now, the good thing about the co-op was that it was large enough that we had professional management. The thing that I worry about with some of the neighborhood level things is getting back to what Brian has talked about with the HOA comparison. When we were looking for the house that we currently own, we very intentionally did not go for a neighborhood with a strong active hoa because frankly, I don't want to be involved with the people who tend to be officers in strong active HOAs.

 And so the, that is a concern. With that said, I think the model is very good and the place I would love to see it is in fact in some of these less served areas, both in urban areas and in rural areas the current administration has made some funds available to bring broadband access to people who don't currently have it. And it seems to me that the co-op model might very well be effective for taking advantage of some of these federal dollars that are available to boost connection speeds and bring broadband to a lot of people who are at best underserved and quite possibly absolutely unserved by broadband today. So I'm gonna toss out something for developers, you know, because like for instance, there's a vacant lot not far from us that just got plowed flat and it looked, it's pretty, I'm pretty sure they're gonna be developing it and putting in, you know, X number of homes.

The incremental cost of dropping conduit in the ground is not huge, especially when there's nothing there. So in Mililani, which is one of the big subdivisions it's developed by a company called Gentry in West Oahu in on Oahu in Hawaii, they actually, as a policy had a forward thinker. And while they're dropping the pipes in the ground for sewer, water, electrical traditional telco, they put in X, they didn't know what it was gonna be. They suspect it was probably gonna be fiber someday, but they didn't really know. They just put in empty conduit because the incremental cost was so low, it added a lot because it showed that they were forward thinking and provided the HOA away to control access to that conduit so that a single company couldn't take it over and say no one else can play. Now also, keep in mind, fiber optics has a really unique quality to it.

It can run literally bonded to electrical cables. In fact, Hawaiian Electric, I'm gonna use them as an example on their high voltage lines, the core of each conductor way up in the air on the high voltage lines actually had fiber optics right in the core. And until the Public Utilities Commission shut 'em down, they were actually leasing dark fiber to large corporations like Bank of Hawaii, which Fortune 500. Cool. they, bank of Hawaii loved it. If we can ever change the laws in, in Hawaii so that they can lease dark fiber, again, lots of IT directors are going to be really happy. So the point I'm making is if there are any developers or anyone on their board consider dropping another conduit in the ground, whenever you start tearing up the land, it's not gonna cost you that much, but boy, it's probably gonna add lots of value to the product that you're creating. Anyway, I like co-ops. I think Kurt likes co-ops too. He's not, oh, without question.

And anyway, I think we've beat this bite to death. There's lots of things that we'd love to see. I would love to see a co-op in our neighborhood, Kurt, that would be kind of cool. So, oh, I agree. And I, I've, you know, I've got a good pricing on my at and t fiber, but darn, it would be really cool if we could get better pricing. Ooh, I like that idea. Anyway I think it's time to go, go and see what Mr. Maka has to say about a quiet sponsor and we really ought to get to our guest. What do you say? I think you're exactly right. Oh, Lou, what do you have to tell us about another great quiet sponsor?

Lou Maresca (00:35:53):
Well, thank you guys. I will get you back to your enterprise and IT news in just a moment. But before we do, we do have to think another great sponsor of this week in Enterprise Tech. And that's Code Comments, an original podcast from Red Hat. Now, you know, when you're working on a project and you lead behind a small reminder in the code, a code comment, right? It can help others learn from your work. It can tell you from experience code comments can really help the user or the next person actually gain the context they need to be successful. This podcast takes that idea by letting you listen in on two experienced technologists as they describe the building process. There's a lot of work required to bring a project from a whiteboard to development. I can tell you from experience, it's not easy. None of us can do it alone.

Now, the host Bur Sutter, he's a Red Hatter and a lifelong developer advocate and a community organizer in each episode, bur sits down with experienced technologies from across the industry to trade stories and talk about what they've learned from their experiences. Now, the cool thing about this podcast is it brings real world experts to you to provide tools and techniques that apply to your scenarios. In fact, the Deep Learning episode brings you toolkits to help reduce the barrier for your organization and get rid of all the noise and get you there faster. Episodes are available anywhere you listen to your podcasts. And at Red comments podcast, search for code comments in your podcast player. We also include a link in the show notes, my thanks to code comments for their support of this week in enterprise tech. Back to you guys.

Curt Franklin (00:37:26):
Thanks Lou. We'll look forward to hearing from you again a little later in twit. Well, it's time now for our guest, and this is always a favorite part of twit. This week we have a special guest because we've got a special issue that we're gonna be talking about. You know, I mentioned in one of my blips that it's a huge problem when you're trying to keep up with all of the assets out on your network, especially when the network encompasses many different clouds, many different containers, many different apps and services and all the things. Well, our guest today, Gerardo Daa of Catchpoint, is gonna be talking about this issue of vulnerability. And even though he is their chief marketing officer, I think we're gonna find that he is technical enough for the twit crew. Gerardo, welcome to twit.

Gerardo Dada (00:38:29):
Thank you, Brian. Thank you Curtis for the opportunity to be here. Very happy to participate the twit.

Curt Franklin (00:38:36):
We appreciate it. And before we talk about looking into all of the things that make up our modern application delivery systems and networks, wanna talk about you for a minute. You know, we have a lot of different levels of experience, points in career among the people who listen to and watch twt. They're always fascinated to know how our guests came to be sitting in the chair. They occupy te Can you tell us a little bit about what has led you along the path to the CMOs office at Catchpoint?

Gerardo Dada (00:39:13):
So I started my career as a reseller, well, actually I would say as, as a computer user. My first computer was a time Sinclair, the one with one kilobyte of memory. Then evolved to COMMOD 64, learned basic 65 0 2 assembly language programming, moved to bigger computers, Pascal D based three back in the day and then started selling them. I became a reseller, started my own company deployed Artis and l networks and then novel network OX cable back in the day, help a lot of companies get their first land in place. And, and I started doing, representing US companies that wanted to do business in Latin America. And at some point, it's almost like a, an actor needs to go to Hollywood, a technology marketer needs to move to the Silicon Valley or the Silicon Hill. So I moved to Austin about 24 years ago, and I was fortunate to work at a, a number of interesting technology companies, including Rackspace Microsoft SolarWinds, and, and now with cashpoint. So I, I feel like I'm, I'm kind of in the intersection of technology and, and the business, and that's why I, I think led me to be a good marketer because I'm, I have a, a personal understanding not only the technology in the market, but how technologies think

Curt Franklin (00:40:32):
Outstanding. I I was smiling at part of what you said because back there on the shelf, just past my typewriters, there is a Timex Sinclair 1000 sitting on the oh wow. On the, the thing. You know, it's interesting because in, in many ways that history that you were talking about gets to one of the issues that we wanna talk about with you, and that is there is a wide variety of different technology still in use across networks. There's a wide variety of, of networking capability and, and of clouds. And it seems like when I go to a trade show or a conference about every other booth I see on the exhibit floor has the word visibility in it. So why is visibility such a challenge with our modern architectures? What, what kind of problem have we created for ourselves and and why is it seemed so intractable?

Gerardo Dada (00:41:40):
Well, I think it's, the bottom line is you cannot fix what you cannot see, right? And, and systems are getting more and more complex. Every, every piece of every system now with containers and different layers and application stack is getting more complex networks. In fact, we were, we were looking at we have a tool at Catchpoint to help people understand the dependencies of the websites. And we just to perform tested And as you can imagine, most websites they have, they depend on their DNS and on their cdn, and they usually have like videos hosted in some other place and have a payment processor. And so CNN in particular has 600 different dependencies. And the funny thing is, each one of those dependencies has its own dependencies, right? So you have a cdn that CDN itself depends on the DS working and on the ISP where it's working.

 As you, when you were talking about security earlier, companies are now deploying Z T and A, which usually means deploying sassi. And if you have sassi, that's yet another dependency for your users to access the network, especially now that your users are remote. So, so imagine, you know, now that a lot of companies are fully remote, you depend on the quality of your wife at home, of your router, of your IS p and that's just to get outta your house, right? Then there's all the connectivity back to your sassi, the reliability of that SASSI provider, and then back to either your SAS applications or your own corporate applications, which are traditionally more, more likely nowadays deployed in a cloud or multiple clouds or, or, or a colocation company, right? So the, the number of dependencies for people just to do their work is increasing and, and now everything is networked.

So I used to think that maybe a restaurant would be one of those businesses that will be more resilient to being able to operate without a network. But if you think about it without, without an internet connection, you cannot make a reservation on a, on a restaurant. If you get to the restaurant, there's no way to scan the barcode and look at the menu. And the people probably don't, cannot connect their, nowadays a lot of restaurants have those mobile devices to place the orders. You cannot do that. Their POS system probably doesn't work. So you cannot charge customers. So, so that even a restaurant nowadays cannot operate without a functioning network that has so many dependencies. And so visibility is a challenge because traditionally monitoring has been very specific to be able to give the context and to analyze exactly what's going on inside each one of those systems. And, and there's been advancements in application monitoring. I think APM tools nowadays are very mature. I re remember the original tools like New Relic and others, like I think it was like over 15 years ago. And, and now they're, they're in a, in a good state. But now there are other things that we cannot monitor in, in the current state of, of things like, especially larger companies, things not only like CD and dns, but things like bgp.

Curt Franklin (00:44:40):
Well, it's interesting to me to hear you talk about that. And one of the things that, that I wanted to ask you about, you, you talk about the complexity of these environments and all of the dependencies. When you go to talk to a team at a potential customer, do they tend to know everything that needs to be monitored? Or is part of what you are doing exposing someone's network to them, you know, are do you surprise them with what's actually involved in the network that they're running?

Gerardo Dada (00:45:16):
Yeah, I think for the most part people are surprised. It reminds me of about eight years ago when I, I, I was starting to sell some database monitoring technologies. And at the time, a lot of DBAs were not monitoring their databases, right? They, you expect them to work or they're using very primitive, just, it just, it just needs to be up. And, and today is the same situation where usually we, we find two customers. One is, those have had an incident recently that, that they say like, oh, I know this, this was broken. I have no visibility. I, I, I was asked by my boss and the CEO and the board ask my, our CEO to make sure that this does not happen again. And at that time, they, they're aware that they need to monitor something. And then there are other people that have not had the incident for which they, they are oftentimes very surprised about the complexity of the internet because you, you send an email or you go to a website and it loads up now, ideally in, in one or two seconds.

And, and if you look at everything that is happening behind the scenes and all the connections and requests, which is are usually hundreds to different places around the internet and the latency and the performance that is required for that to happen, it is really amazing the technology that, that it powers the internet, but at the same time, it's is much more fragile than people realize. So, so a lot of what we're trying to do is just educate people on, on what you need to monitor and what you need to be looking for as, especially if you are a global organization that depends on the internet for your business to survive.

Curt Franklin (00:46:51):
It's interesting that you talked about the survival of the network, because I think a lot of people, when they think about monitoring their entire network, they usually have one reason in mind. You know, some people might think it's about the reliability of the network. Some people might think it's about the performance of the network or the performance of a given application. And of course, you have the other group over here that's going to be wanting to monitor for security. Is there a commonality in why your customers bring you in for network monitoring? And does the monitoring tend to be for just one reason, or once you start, do you find that there are an awful lot of groups who want to know what's out there on the net?

Gerardo Dada (00:47:47):
So, so the main reason why we talk to people is because we, they're trying to achieve what we call internet resilience. So Gardner, for example, is talking about digital immunity, which is basically the same thing like that. Maintaining that connectivity and that network is, is essential now for every business, not only for your own application. If you are an e-commerce retailer, you, that's very obvious. But if you're a SaaS company, or even if your services company, you have all your, your employees are likely connected to different networks and different applications, different SaaS applications that, that they, they cannot do their job at all without that connectivity. So we, we like to think about the, the change that you were saying, like the, the teams that do monitoring, and it's, it's like the traditional network management teams we're looking at mtti, right? Meantime to in sense, Hey, it's not my problem anymore, but that, but that's kind of, you know, letting the problem exist and, and finding that somebody else needs to deal with it.

Sometimes this could be an external dependency. So what we're trying to get to is that if you really want to be internet resilience, you need to look at MTTR meantime to resolution. So the majority of our customers will start by saying like, we have this critical problem we need to solve, and they'll bring Catchpoint to monitor. I don't know, sometimes, you know, an api, like one, one of the largest auto manufacturers, more modern auto manufacturers uses our software to monitor the API that controls the robots. And so each robot is using an API connected to the cloud to get instructions about the cars and what's going on in the factory and what to do next. And their API needs to be active and performant all the time. And so they started with that use case, and now they realize this technology can be used for many other things, and it's now growing into other parts of the business as they realize that it can be a great tool not only for them to find that mttr, but to prevent problems, which is ultimately what you want when you have good disability, right? To catch those early signs, the warning signs so that you can fix a problem before you get a call from the help desk or before somebody gets upset or before your users or customers get, get impacted.

Curt Franklin (00:49:59):
Very good. Well, I wanna bring my co-host Brian in because just like you tend to monitor from people using it for a variety of reasons, we tend to bring questions from a couple of different points of view. Brian, over to you. Well, we're hopefully getting towards the tail end of a, our first pandemic in modern history. Obviously the Spanish flu hit, but it wasn't as well documented. And what I'm getting at is, man, the workplace sure has changed and what we do for monitoring, you know, when I first started getting into monitoring, it was all s and M p, which is great, but it's only point, you know, points of data. How do you see more, how do you see more of the system? How do you put things in perspective? And so I guess my question is, you obviously have seen the MO world of monitoring change over the last couple years, and now that we've all gone through a pandemic, what kinds of things do you think are changing that we need to watch out for that, you know, haven't been got getting enough press?

Gerardo Dada (00:51:20):
Well, I think that the role of the network manager and the network monitoring has, has changed dramatically. I mean, just think about 20 years ago, most companies, you would go to work for a company, you were inside the building and you had a local exchange server and maybe a local file server and a local print server, and that your network was maybe wifi, but usually you, you had internet cables and you had virus and searches, and that was it, right? Like the network was in your building and, and network management was about making sure that those routers and switches were good. And eventually you needed to look at the firewall for external connectivity and so on. Nowadays the land is gone for many companies or become mostly relevant. The majority of incidents are external. So that's a big thing that people need to think about.

What has changed. The second thing that has changed is that, that dependency on the internet, there's, there's more things that can break. So there was I think it was YouTube that, you know, there was a country that was trying to prevent their users to access YouTube. So they made a change to, I think it was the BGP routing tables, and they brought down the entire website for every user around the world, and the team was unable to determine what happened or why, and it took them a couple hours. You might have also seen that, you know, Facebook had an incident last year and it costed them tens of millions of dollars in advertising revenue. So now companies like that or you can imagine Microsoft with so many millions of users accessing teams and, and, and exchange, or actually Office 365 services, they need to be aware of anything like BGP hijack attempt root, flap root leaks, bad BGP data root withdrawal, and that's just within the bgp universe.

That is basically the postal service for the internet that's gonna bring the traffic to their servers. So all, all that is, is changing. And, and you were talking about snmp, which is kind of one methodology, and I like to think that all tools are useful for, for a particular purpose. We, we at Catchpoint have some performance analysis tools for, for web developers, but our our main you know, set of tools are a combination of RUM and synthetic monitoring. And, and those tools are only as, as good as as the implementation, right? In our case, in our synthetic monitoring product, we have over 2000 different vantage points around the world. So if you have, for example, customers in China, we have dozens of, of access points in China, we have access points inside isp. So we can tell you if, for example, you have end users who are having, are calling the help desk because they cannot connect to your application and you can connect to the application, we can alert you, look, your users in the Boston, New York area that are accessing through Verizon are having an issue.

And then you can go and talk to Verizon about why that is. We have, for example, the case of bgp. We have over a thousand BG P peers that provide, some of them provide real time data so that people can react faster. So the synthetic data is going to allow you to look at data on an ongoing, proactive basis while the real user monitoring data tells you the actual experience from users all over the world. So those are complimentary to SNMP tools that are useful. You still have Alan and to other tools that are necessary for proper monitoring.

Curt Franklin (00:54:45):
Well, it's a great conversation about complex tools for an incredibly complex environment. We want to ask some more questions, but before we do, it's time to go back and listen to Lou one more time as he tells us about another advertiser for this week in enterprise tech.

Lou Maresca (00:55:04):
Well, thank you guys. We'll get you back to your enterprise and IT news in just a moment. But before we do, we do have thank another great sponsor of this weekend enterprise tech, and that's Neva. Now today it pros, they're in a tough spot. The shift to hybrid working and learning means they must equip and support more spaces with audio and video conferencing systems. And at the same time, they're busier than ever with network security. The shift to the cloud-based solutions and infrastructure issues and a lot more things. These factors, along with products shortages and delays have put an unprecedented and strain on IT. Resources, people time, expertise, and budget. This has driven customers to demand intelligent products that require minimal effort from IT to deploy and manage at scale with the bonus of requiring zero end user training. When it comes to audio conferencing in large spaces, it's common to be faced with multicomponent systems that are complicated and costly to design, install, maintain, and manage.

Nora is changing that by offering solutions that deliver a high level of simplicity. With Nova, you get true full room mic coverage, pick up from just one or two microphone and speaker bars, compare that to the complicated maze of multiple mics, speakers, amps, DSPs, switchers, and other components and traditional systems you can install in the RVA system in most spaces in less than 30 minutes. For large spaces, it may take 60 minutes, amazingly simple to set up and get going. No special expertise required. Compare that with installations for traditional systems that can take your room offline for days, and some traditional systems may require you to go from room to room and use complicated software. Now with Nova, you can monitor, manage, update, and adjust all of your Neva systems from a powerful cloud-based platform called Nova console. Nova is very scalable for large organizations and their systems cost a fraction of traditional systems. And now you can get 50% off one nare ACL 300 system for midsize rooms when you get a live online demo and buy before December 16th, 2022. Visit, that's nur and we thank Neva for their support of this week and enterprise tech. Back to you guys.

Curt Franklin (00:57:29):
So, gee, it sounded, I, this is sounding great. I, I want it, but here, here's one of the questions that I get a lot from small to medium sized organizations. There's not, I can't, I can't buy an I P V four subnet anymore. I'm gonna end up with netted address space for my workers at home, and I'm gonna end up with netted address space for my internal network, but I still need to be able to go and have visibility into those. What kinds of technology? What, how do we get there? What kinds of things do we need to document? What kinds of things do we need to think about building if we wanna have visibility into na?

Gerardo Dada (00:58:24):
Well, so the, the Catchpoint is more focused on, on the users, right? So the way we monitor remote workers is not by looking at their IP V6 or I P V four, doing inventory of their MAC addresses or thinking about net transparency. I I think a lot of that will be provided by a lot of the more traditional network management tools that manage local networks. The, the way that cashpoint works is we actually can employ a small agent in, in all your remote workers and, and that remote work agent reports on the health of your wireless, on your router, on the connectivity. And we think about the internet connectivity, just like the, the IP transport and, and the, the experience that the user is, is having. So we measure things like obviously like latency and responsiveness, et cetera. We have a performance tool that allows you to look at how quickly a website loads for a user, et cetera.

So, so the idea is that a, a IT worker will look at a, a experience score for both customers and, and then users and can set up an alert when that experience score goes below a certain level. So, so imagine a user that is trying to access, I don't know, a salesperson is trying to access Salesforce if it takes more than five seconds to be able to log in. Or if you are, you are a bank and you have bank tellers all over the country, and a bank needs to be able to log in a complete transaction within 60 seconds, we can simulate that continuously 24 7 or monitor actually the actual behavior of the, of the teller and tell you whenever something breaks that, that, and allow you to quickly identify what is the root cause of that in between all the steps that are required for that connectivity to happen. So it's, it's more about understanding the actual experience than understanding the underlying network or, or IP address base of, of every, every network itself.

Curt Franklin (01:00:20):
Cool. It sounds like a great start on my homework. So if I was a viewer and I wanted to go and take a good hard look, Catchpoint, what kinds of things, what, what's my homework before we give you guys a call to get started?

Gerardo Dada (01:00:37):
Well, so if you are a small business or you are a web developer, we have a, a website called webpage, which is provides free tool so that you can understand the performance of website. You can look at any blog or eCommerce site, whatever, small or large, and it allow you to do even experiments about things you can actually do and see the, the potential benefit of those experiments so that you can see performance benefit and that's free and that's available for small and medium businesses. Catchpoint itself is more attractive for larger business, that, that care more about the, the health of that internet and gonna have more distributed users. So we've published a number of guides about how to monitor bgp, how to monitor cdn, how to monitor SASSI environments, and I think those will be useful, whether use catch or not.

Basically from a marketing perspective, I believe that the best form of marketing is education and offering value to your customers. So we have a lot of those tools, resources, online guides, like that SRE report that we just published. And, and those resources are for the most part completely educational and even independent of catch points. So they'll teach you how you should be monitoring about CDNs because many companies have multiple CDNs. So how do you hold them accountable to SLAs? How do you choose the right CDN for your system? How can you switch CDNs whenever one of them is not giving you the right response rate? And how do you monitor, for example, the cash sheet ratios on the cdn so you know, you have the right configuration. All those resources are on, on the website. And the more you learn about the internet and how to achieve internal resiliency, the more effective we can be in, in helping the, the company.

And, and we, we obviously offer free trials and free downloads and, and anything that, that can help a company go through the evaluation process. In fact, nowadays, you know, another thing that has changed with, with the changes in the world is that we've seen companies are, are laying off people at rapid paces and people are short on staff and there's not many people with some advanced skill sets. So we also offer monitoring as a service for some companies. So we offer naturally quick start and guide on helping people establish, decide what to monitor, set up their tests, all the way to monitoring for them. We also have something we call the internet resilience program, which you offer for retailers doing during the Black Friday season. So a number of them, like Blue Nile, for example, the jewelry store hire us and we, we make sure that the tests are correct. We set up a number of different synthetic and real tests, performance analysis. We've, in many cases reduce or, or improve the performance of the website by 50% and make sure that everything is working perfectly teaming with their own team so that they are in, in partnership. So to make sure that their, their website is gonna be not only available but also performant and, and resilient for users so that they're, they're not gonna get in trouble with the CEO for, for the website coming down during that most critical time of the year.

Curt Franklin (01:03:42):
Oh, sold, I want it. So where we go for information, let's, let's go and tell, you know, share that location again. Where can someone go to get more information about Catchpoint and work? Can they go about finding those demos?

Gerardo Dada (01:03:58):
Well just, just go to and follow us on, on Twitter. It's Follow us on, on LinkedIn sign up for our blog. Again, we try to make the blog not a sales pitch, but educational tool and, and look for those guys as you were showing on the screen a moment ago. Go into the resources section of our website and you'll find a lot of those white papers and videos that could be helpful for people to understand how to achieve internet resilience and ultimately how to how catchment can help them.

Curt Franklin (01:04:37):
Very good. Well, we'd like to thank our guest, Gerardo Dot, who's chief marketing officer at Catchpoint. Gerardo, thank you. You have been a great guest for us. We will look forward to at some point in the future having you on something tells me we didn't get to fully exhaust this topic.

Gerardo Dada (01:04:55):
Sounds great. Thank you, Brian. Thank you, Curtis, for the opportunity.

Curt Franklin (01:05:01):
Well, we thank you for watching as always, or listening as the case may be. Before we go though, want to touch base with my co-host, Brian. Brian, what do you have coming up for the next tricky fueled week? Actually, it's Turkey and more Turkey. You know, we got a small Turkey. It's actually roasting now. It's the remote alarm. Temperature alarm is gonna go off any minute now. And we'll see how that goes. In fact, there it goes. It's, it's stop, stop, stop, stop. <Laugh>. Anyway life is good. I've been talking about all kinds of different projects. My favorite way of talking about this is on Twitter and my Twitter handle is a D V N E T l A B advanced net lab. And we start talking about different things, and I've gotta turn off the remote timer, sorry. But people also respond.

Well, you know, Twitter's taken a lot of hits lately. There's a lot of people that don't like it. So I'm gonna try out, you know, some of the different social media venues, but nothing's gonna replace email. And my email address is sheer spelled C H E E B E R T twit tv. You're also welcome to send email to twit twit tv and that'll hit all the hosts mo our wireless Wonder, Oliver, our curmudgeon over at PC Mag, Lou, Kurt, and myself, we'd love to hear from you. Anyway, y'all take care and enjoy the Turkey day coming up. Not everybody celebrates Thanksgiving, but it's a great excuse to stuff yourself and stay safe, everybody.

That sounds absolutely great. We'll be over for dinner soon. As for us, we managed to snag tur zilla that we'll be taking care of on Thursday. Until then, I'm actually taking some time off, which I'm looking forward to gonna be doing a little traveling and a lot of riding. As for keeping up with me, you can do it on Twitter at KG four gwa. If you're someone who's been looking for an alternative to Twitter, you can also find me on Mastodon. I'm at KG four gwa Can keep up with me on LinkedIn, Curtis Franklin or any of the other social media. I'm just everywhere I can be. Please feel free to reach out. I had a couple of quiet listeners come up to me at Maker Fair Orlando, and I always appreciate seeing or hearing from you. Well, for all of us here at TWiT, thank you for being here. Until next time, remember, if you want to know everything that there is to know about what's truly important in enterprise technology, just

VO (01:08:15):
Keep quiet.

Ant Pruitt  (01:08:18):
Hey folks, I'm Ant Pruitt and I have a question for you. How do you think your hard working team with a Club TWI corporate subscription plan? Of course, show your appreciation and reward your tech team with the subscription to Club TWiT. Keep everyone informed and entertained with podcasts, covering the latest in tech With the Club TWI subscription, they get access to all of our podcasts ad free, and they also get access to our members only Discord access to exclusive outtakes and behind the scenes footage and special content like the fireside chats that I enjoy hosting. Plus, they also get shows like Hands on Mac, hands on Windows, and the Untitled Linux Show. So go to twit and look for corporate plans for complete details.

All Transcripts posts