Cisco Systems, Inc. (CSCO) Earnings Call Transcript & Summary

Hi, everyone. Thanks for joining us in this fireside chat with Cisco, Empowering Security Teams with Visibility, Detection and Early Response. And before we get started, I have a few housekeeping notes to cover. [Operator Instructions], at the end of the session, a survey will automatically pop up. Please click continue to complete the survey. We really appreciate your feedback. With that, we are ready, so let's get started. Gio, in a few seconds, it's all yours.

Thank you so much, Mark. So welcome, everyone, to today's webinar. So we do have to go as fast as we can today. So before I know [indiscernible] record year. I just want to let you know that this webinar has been prerecorded ahead of time, and this is the Asia Pacific [ forecast ] of the same session that started globally. So let me quickly introduce you to the speakers today. So we have a guest speaker, Heath Mullins, senior analyst at Forrester. We have Crystal, who is the Product Director from Cisco Security. We have Sana who is our XDR product marketing leader at Cisco Security. And then we have Matt Robinson, distinguished engineer at Cisco Security. In a few moments time, you will hear from them. If you have any questions from today's content, please feel free to drop it into the Q&A chat. I expect they'll be here to help Separately, we will be sharing with you the recording post-webinar itself as well so you can keep a lookout for that. With that, [Indiscernible] can I get your help to [indiscernible] the recording.

Good morning, good afternoon, good evening, depending on where you are. I'm your host, Sana Yousuf, product marketing leader here at Cisco for e-mail, analytics and XDR. I welcome you all to this really exciting webinar, where we've got a slew of experts, and we're talking about a really exciting topic today. Forrester released its [ weight ] on network analysis and visibility in Q2 of 2023, and it's regarded as a really trusted source for data-driven insights and guidance in this space. So if you represent a business that aims to embrace modernization through implementation of a NAV solution or you have a dedicated practitioner on the front line determined to outsmart emerging threats using industry-leading machine learning and behavioral modeling, well, you're in the right place. So the NAV report is an in-depth assessment conducted by Forrester Research evaluating vendors in this space. So it offers a ton of valuable insights into the capabilities of different vendors, enabling organizations like yours to make well-informed decisions while you choose a network analysis solution. To learn more, log on to cisco.com/go/navbase. And if you've got questions as our panel of experts take on this topic, drop it in the Q&A panel. And over the next couple of minutes, as we get started, you would learn a ton of great information. You'll have to obtain an unbiased understanding of the NAV space, including its strength and capability and stay informed on the industry tends, the challenges the future expectations on this space. So with that, let me just get our panel introduced to you, and we'll get started. So we've got our guest speaker from Forrester. He's a senior analyst advising security and risk professionals and government agencies on topic like building resilient infrastructure, preventing threats and implementing Zero Trust. His research focuses on the U.S. government cybersecurity strategy, network analysis and visibility, secure Web gateway and deception technologies. And he's worked with pretty much part of the big names in the security industry space like Blue Coat, Symantec, CAN, Verizon and government, and the list is kind of endless there. And he is joined by our rock stars in the Cisco family, Crystal Storar, Director for Network Analytics and visibility portfolio and also on point for delivering our Cisco XDR vision in the market. She's got a tremendous amount of experience over 15 years in the SecOps space and has worked with two of the largest MSSPs in the world. And we have our last rock star, Matthew Robertson, who is a distinguished engineer in the security businesses group focused on threat detection and security analyst -- analytics. You probably see Matt speak at all of our industry events like RSA, Cisco Live and many, many more. So with that, I hand it over to Crystal to get us started and get the show running.

Thanks and Actually, I'm going to ask Heath to jump right in and maybe give us an overview of his research and what Forrester found in the space.

Sure. I'd be happy to do that. It's almost like we have that scripted. So hi, everybody. I'm Heath Mullins. So I'll start off with kind of why the [ NAV ] Was kicked off. So this is the -- while the space is very mature, it's been around since roughly 2010-ish, where it really got its beginnings. Forrester kind of coined the term network analysis and visibility around what we're supposed to be looking at from a network security perspective and how we can improve visibility and deep visibility into the network traffic, both North and South and East and West. And this is done really to make observations around lateral movement around malware, command and control, any of the bad things that you can see on your network. So this is the first evaluated research that's ever been performed in this space itself. So it just hasn't been done before. And I always was questioning kind of why don't we see this? The kind of the trend was to move away from this. So we've got this really great perimeter. We've got this really secure, defensive depth stack and our kill chain is amazing. We don't need to worry about East to West because we're strong and we're secure. Well, the advent of Zero Trust really kind of changed that paradigm and reinforced the concept that if you are blind to your network, you are blind to what's happening to you now in the future and in the past. You can't prepare for something that you don't know and you can't remediate something that you can't see. So when I was kind of going through here and going through all the vendors in the space, there's a lot of vendors in the space. A very mature market. So as I was going through, I picked up the top 13 vendors in the space and kind of assessed them against each other using Forrester's Wave Methodology, which is publicly available on our website, and did a true objective evaluation of all the vendors and their capabilities. So as we were kind of walking through this, I was like what are the things that are really standing out today? What are the really important things? So I kind of settled on three specific areas. And these were analyst experience. Everybody in the industry knows how hard it is to retain or obtain talent, for that matter. And something that works really well for a very seasoned professional may be just completely a different language for somebody that has perhaps a networking background, but not so strong in security or vice versa, or perhaps even somebody fresh out of college coming in and taking on these responsibilities and looking at what is quite possibly is to really scream and say, I have no idea what any of this means. So that was a very important key aspect in this evaluation. One of the other things that really came out is decryption. Now there is a pushback in the industry on decryption. It has been for quite a few years because it's expensive to do. It's resource-intensive. And what value may or may not it provide depending on the scenario and what you're trying to actually attack. So if you noticed an event, and you perform a packet capture, if you're not decrypting, then you have no visibility into that packet. Similarly, if you're performing DPI, deep packet inspection, if you don't have visibility into the payload of encrypted traffic, all you're really seeing is the heuristical behavior of that packet and what it's doing as it traverses your network. You have 0 insight in what the payload is, whether it's malicious, benign or indifferent. It just literally could be anything. And another thing that really came out was the integration with ZTNA aspect. So when we had a big push to work from home in 2020, and everybody is tired of hearing about it, but it actually happened, and it's something that is still being dealt with on a continual basis across all organizations, not just federal, not just commercial, it's everywhere. So really, the network expanded. We beyond a traditional VPN and said, "Hey, well, now I'm going from my home unit or wherever I may be, my work anywhere platform, and I'm going out to the cloud. I'm going out to our cloud properties. I'm going direct to net, and I'm going back into my four walls or my corporate clouds." So really expanding that network edge all the way out to wherever you are was a huge differentiator in this evaluation. So moving on into the high-level trends. So really the high-level trends that I saw, there's a lot of adoption of the MITRE ATT&CK framework. And this has become very important when troubleshooting and remediating issues. Not only does it provide guidance to the analyst that's observing, I'm looking at a screen. I'm looking at a console. How do I address this? I see a problem. Here's five alerts. They're correlated, but I don't know what they mean because perhaps it's something very insecure or just something that falls kind of outside of the silo they're typically working within and be it on the network side or on the security side or a little bit of both. So really making these determinations about what is good, bad and indifferent. The MITRE ATT&CK Framework maps very, very well to that. And additionally, the creation by leveraging that information, you can create workbooks, playbooks and kick off actions based on the discoveries and how they've mapped to the MITRE ATT&CK Framework. So vendors -- almost every vendor in this space did this to some degree. I'm not going to talk specific. You're welcome to read the report, if you like, for the very specific information. But that was really something that stood out among all the vendors. The UIs are another big thing that really stood out, and they are a big differentiator there is how easy it is to use. I'm all about form -- or I'm all about function over form, but you have to be cognizant of the fact that your operators need to understand what they're looking at intuitively. Wireshark was an amazing tool back in the early 2000s all the way through when I was using that stuff. And it was great if you were really good at networking and really good at packet analysis. These days, it's not necessarily something that the majority of SOC or NOC analysts may not be something that they're really good at or have a clear understanding of. So really being prescriptive about what needs to be done to remediate an issue was a huge thing that has just emerged here in the past couple of years. I'm very pleased to see it in the market, and I'm very pleased to see vendors moving forward with this. So when I start talking about these wave results, one of the questions that I get asked a lot. I've been on in the vendor world. I've been on the other side of the desk from the vendors and now as an analyst is -- so this is a valuated research, but what does that actually mean? This is not pay-to-play research. This is absolutely objective. The way that the questionnaire was built out for all the participating and nonparticipating vendors, it's very granular in detail because we wanted to be sure as Forrester that we were absolutely dead on spot accurate and the evaluation of the vendors in this space. So as these criteria, which are available in the report with you, as these criteria were built out, the little differentiators really started to come out and the weighting of the scores, it makes a lot of sense when you look at it from a holistic view and it really painted a very clear picture of who the leaders, the strong performers, the challengers and the, well, there's nobody down the far left. But you get the idea. It's really about these are accurate results based on proven objective data. I don't have any opinion in this. I just did data and looked at it. And I always think that's very important to point out because there are other firms in this space where that is not the view of that organization. Okay. So when we started to get into the core use cases and extended use cases here, these were really interesting. I spent a lot of time paying attention to these and saying, what are the most important things when you're having discussions not only from an acquisition purview, but a daily operations purview. And understanding what this means when it happens, what the ramifications are. And what aren't we seeing? What aren't we seeing and what should we be seeing? Now the big cloud push started around 2015, and everybody was going to go cloud, cloud, cloud, cloud. It was the most fantastic thing ever. We're going to cut our cost by millions of dollars a year, all these things. So there's a big push and then a slowdown, and now there's another big push to move into cloud. Now organizations that may be reliant upon what I consider to be integrated technology of still running unit servers in the basin, things that are not easy to protect, IoT and OT, all the things that are kind of -- were kind of pushed to the side or people really didn't know how to deal with them because we have to protect this, yes, but how do we do all the things around it to secure it? And how do we monitor this traffic? And how are we going to be sure that what we think is a good thing or a bad thing is going to be appropriately addressed rather than just knee-jerk reactions. I see something bad, stop it, kill it, and then you create all sorts of problems because you happen to take down application with 15 dependencies perhaps. Because just because you weren't aware of what it does because it's been around for so long. Now that's not to say that, that doesn't still occur with the newest iterations. DevSecOps and Agile really went well to rapid iterations of programs and applications. But quite often, you miss the dependencies associated with those things. So if you're in a cloud, multi-cloud or hybrid or multi federated for that matter, instantiation, you're looking at all these different aspects and trying to ascertain what happens if I stop this? Is this a normal path of traffic? Is it -- should it be calling home or should it not be calling home? There's a lot of dependencies that can cause that application to break that you end up chasing your own tail. So you want to be very clear on what these dependencies mean, not only to the organization, but from the daily operational perspective. Packet capture and retrospective analysis. Now this is something that I'm very keen on primarily because you really don't have time to go back and get very granular about this stuff. So when I'm talking packet capture, there is an event that has been generated the system kicks off a packet capture and then the analysis is provided along with that packet capture. That package capture is evidence. And this kind of goes back to the decryption conversation I started off with as well. As you need visibility into these packets to understand what really happened and what the impact may be, because you may have caught the lateral movement. You may have noticed some things associated with them. with some other threat intelligence feed or a native feed or something like that. But you really need to get additional information to truly understand what just occurred on your network. So when you're talking retrospective analysis, it's great. I've got all these packets saved, but there's a lot of considerations there. Is it a hardware intensive? Is it cloud intensive? Is it an elastic environment. How much [indiscernible] situations there, too, if you're not mindful of what you're capturing and why you're capturing it. Applying retrospective analysis to this captured data is also great. Now you may have a mandate or a requirement within your organization which states I am willing to capture x amount of days of metadata and x amount of days of full packet capture because I have to do so, either I've been mandated to do so or our internal processes dictate when I do so. That's great. I've got all this information sitting here over to the side or any container. I got it sitting somewhere. What happens when a new IOC comes in? Well, what you should be doing is the platform should be able to go back and apply this new IOC to data that has already been captured to this metadata to the full package captures themselves, if necessary, to ascertain whether or not we've already been hit. This is a net new zero-day threat it actually came into our network three months ago, and now we can see that. And that has been a very huge core use case when going through the scenario and conducting this wave. So data ingestion and correlation. This is another great thing that I've seen come out in the industry in the past few years is not just including EDR, but also XDR, IDP, all these things were kind of disparate things that hung out there were like, well, hey, why don't we know this on the network? We should know this because we can not only add value, but we can receive value from the telemetry provided by these other adjacent technologies. Vendors that had very tight integrations tended to do very well in this wave, generally thinking. Another core use case was really around the application dependency mapping. And I touched on this a little bit just around the cloud and the ZTNA stuff, but I really want to drive this point home. You can't rely on a spreadsheet. You cannot rely on something a handwritten note. And the passive churn in the IT and security industry kind of creates its own problems in this, that this information may be very out of date or it may be very recent. There's no real way to tell unless you have your hand directly on the pulse and you're very aware of what's happening in your network. Typically not the case, no offense to anybody listening, but that's typically not the case. And we're usually reliant upon some other methodology to determine what your dependencies are. Going back to the app dev, you're going to break things when you start to -- really start to -- especially if you're going down Zero Trust path. I'm starting to microsegment. Well, micro-segmentation is fantastic. It's an absolute requirement. But if you don't understand what that application developer dependency rather is then you're going to start breaking things and nobody is going to be happy. That was me. Okay. Thank you very much. I got a little ahead of myself.

No worries. Thank you, Heath. If you wanted to say anything else, feel free to [indiscernible]. All right. Well, that was very insightful, and thank you for sharing all of that with us. So Crystal Storar, Director of Product Management at Cisco. And we submitted for the Forrester Wave our Secure Network Analytics Solution, and we landed as a strong performer. Very proud of our position here, especially given that we take a slightly different approach to some of the things Heath is just talking about. And so we feel like that makes us really unique in the market, and there's a lot of opportunity for us to serve customers at scale. So really proud of the findings and how we performed in a number of the different categories that set us apart. And we'll spend some more time talking about that when I hand it over to Matt. But I wanted to start with just kind of like the high-level strategy for Cisco. Like what is it that we're doing? And what is it that from the top down actually is going to set us apart not only in the NAV space, but to help our security practitioners solve their problems much more effectively overall? So Cisco, as many of you guys may recognize there's been a lot of acquisitions in the security space. We have a bunch of different products, but that doesn't work, right? What we're doing is integrating all of those products to deliver end-to-end platforms and end-to-end outcomes for our customers. And so there has been a ton of work in how we bring our portfolio together to really deliver a solid solution that answers and addresses specific use cases and workflows that are very, very much built for the persona. And so you'll see that in a lot of our strategy going forward. When we look at network analytics and visibility, we have got a great solution. But it doesn't solve all of the customer problems in terms of what they're trying to achieve from a detection and response perspective. So Heath, I wish we could have used XDR as part of what we submitted in this evaluation, but it wasn't GA yet. But now Cisco XDR is GA and in the market. And so I can't wait for you to see this in your next evaluation because we put the analyst experience front and center here. Everything we're doing with Cisco XDR is about up-leveling that security analyst and allowing them to get their job done much more effectively with incredible automation, incredible visibility across all of their disparate tool sets. So we are really focused on that single solution for the SOC that is fully automated and cloud first. It's open and extensible. So what does that mean? We have truly gone to market with our competition. And it's exciting and uncomfortable, but we've really pushed the limits here and pushed the boundaries here. So for example, our XDR solution integrates not only Cisco products, like our Secure Endpoint or our Secure Network Analytics, but also third-party products. So we recognize that our customers don't have a single vendor environment, but they need better outcomes. So we have really focused on allowing customers to leverage their existing investments and then leverage Cisco XDR to really bring all of that together. So we're working really closely with both our internal teams as well as our competitors in these different spaces because we have a very big security portfolio. But working with best-of-breed products across the landscape to ensure that we can help those security analysts be much more effective in what they're getting done. The other thing that's really interesting about Cisco's XDR strategy, we know the endpoint is foundational, right? The endpoint has incredibly rich telemetry. But if you're just looking at the endpoint, you're not really an XDR solution. You have to dive deeper and you have to bring all these things together. And with our network prowess as Cisco, we believe the network, and whether that's your on-prem network or your public cloud network infrastructure, that's equally foundational to your XDR capabilities. And so a lot of what we're going to talk about is how our network analysis and visibility solutions, secured network analytics, not only operates as a really high-quality stand-alone NAV solution with tremendous differentiation. -- but it also supplies an important component of the overall XDR strategy for Cisco. So if I look at that, and what a customer would achieve in Cisco XDR. It's really the cross-correlation of data. So Secure Network Analytics does a great job of detection and finding things and taking in different telemetry sources, and my friend Matt will get into that a little while in terms of like the telemetry we ingest and how that drives our detection and response. But it's even more than that. How do we bring in data from e-mail solutions? How do we bring in data from the EDRs and the MDRs and the CMDRs and the ITDRs, right? We've got so many different D and R solutions feeding into XDR. I think it's really important that we understand how we bring all this together in a single experience for the SOC. Impact analysis, understanding not just do I have an incident or an alert from all these different tools. But is this thing important and how important? And so the risk-based analysis that we're doing based on the potential impact of financial loss is something that's truly unique in the market. So being able to understand not only is this an alert or is this a security incident, but then prioritizing that security incident using advanced techniques and real data understand the actual risk of this being a financial loss situation for the business. Being able to help our customers reduce the time to respond, bringing all of that information together and then giving them guided workflows. Heath, to your point earlier, the security analysts are overloaded. They're hard to train. They're hard to retain. It's hard to keep going in a world of chaos. And so Cisco XDR provides guided workflows that really help a customer or a Tier 1 security analyst know exactly what steps to take and how to do it and then automated response that security analysts shouldn't need to know that in my enterprise which solution is creating this event, for example. So let's say you've got a large enterprise. You've got Microsoft Defender running on some endpoint, They've got CrowdStrike running elsewhere. They've got some Cisco Secure Endpoint in other places., But really, what that security analyst needs to know this asset has this priority belongs to this user, and I want to quarantine it. And when they decide they want to quarantine it, they shouldn't have to pivot into 1 of 3 consoles and figure out what solution is running on that specific endpoint. So from Cisco XDR, they can take action immediately regardless of the different tools and technology that may be leveraged across their entire organization. So that is Cisco XDR that we are super excited about, but I want to dive or hand it over to Matt to really dive into Cisco Network -- Secure Network Analytics and what we're doing from that product perspective so you guys can get a feel for our NAV solution.

Thanks, Crystal. So when I look at what we can do with Cisco's secure network analytics and our strategy on how we achieve our outcomes, The major outcomes in Q3 major delivers. So versus is comprehensive network-wide visibility. Second being threat detection through analytics and then the third being accelerated response. So when we look at visibility and what we mean by multi telemetry ingest comprehensive visibility. The modern network is more than just the campus environment that used to be a stack of router switches, et cetera. It expands to remote workers. The edge devices, the cloud workloads that are part of it. And so when we look at what is an end-to-end flow or an end-to-end communication, they can easily span from a remote worker all the way to a cloud asset. And we need to be able to provide visibility into that. And so what we do is try to collect data from all of these different environments to native telemetry out of the endpoint where we can, native telemetry out of the network itself, which is the traditional way we'd look at the NAV market, but also telemetry of Edge devices, specialized devices such as firewalls, IDS's. And then native telemetry cloud environment, VPC, NSG Flow logs, for example, as well as unique telemetry that might be available the API for those environments, and we try to collect all of that together to create a comprehensive view of the environment. For secured network analytics, often one of our biggest differentiators and capabilities is the ability to put together an end-to-end view of a conversation between two entities, who's talking to who, with what, from where and when, how much, how long and any additional context that we can get from these additional telemetry sources. And we have, in that data set, basically one giant , we call it the flow table view of all of the network flows that have occurred east-west environment with basically now an [ inverted ] data that now is being the endpoints or users, devices that are connected to the network that we can identify their state of existence and then [ invert ] data, what did they do on the network and who would they do it to. And then we can put together that picture. That visibility feeds into those many different use cases. And with a major use case in why we collect data and put it into a giant database is to run analytics on it and run threat detection, which is my next slide, which is what is our threat detection inside of secure network analytics, we actually have. Inside of F&A, a number of different detection engines if I get really detailed into it, we have some that run on-premise bounded inside of the physical nature of the boxes that are -- make up the on-premise boxes. And then we have some that are running as in a cloud assisted model, meaning that we can send data from the on-premise boxes to the cloud, where we can then add additional either analytics that are not bounded by compute constraints inside of meadow. But we can also bring inflammatory that is not necessarily available in an on-premise deployment. And so if I break it down for starting from the left and we move towards the right, we have a pretty comprehensive behavioral analytics engine that's been around for years. It actually is made up of three different types of analytical engines, one that we call the core engine, which is made up of -- basically, the core engine identifies an entity, and then we'd be baseline. We rather -- we run about 98 different behavioral algorithms against that entity, baselining and understanding what historical statistical behavior looks like against those 98 algorithms. And we'll alarm when a post either deviates thresholds, which helps us get over the learn baseline behavior question that we often get or when they deviate [ around ] a baseline. We also inside of that on-premise behavioral analytics engine also have what we call the custom security event, which is a user to find an alarm that will fire when we see a [indiscernible] condition or attributes associated with that [indiscernible] condition. And then also relationship events. Relationship events are really interesting to see what is the difference between -- basically, it's like a traffic presence traffic absence type of conditions. What is the relationship between two object, how much traffic do they have, what does it look like, what's normal, what's not normal? There's about 11 different algorithms that are baselining the relationship between entities. And then moving on to converged analytics. Converged analytics is a relatively new analytical engine to S&A, which is bringing a whole new set of behavioral algorithms and a whole new data science model on top of the data that we have. And it's -- and we call it converged analytics because it runs on -- it's -- as an analytical engine is very similar to some of the ones we have running in the cloud, but also it is running on additional data sets beyond just the network flow data that we have inside of the product set. Number of new detections. What's also very interesting in some of these is where you have miter mappings built into the product in a number of these different detections, particularly in the converged analytics space. We see minor details for all the detections that surface. Going over to the cloud-assisted model. Cloud assisted, we're able to start to think more and we can run the types of compute that we're not necessarily bounded in time constraints or boxes that we would have in the physical world. We can start running different types of detections. We can take advantage of intel, for example, a global view of the world. We can also leverage behaviors that we observe in or across our multiple customer bases. We can profile the world and use our profiling of the world to influence the profiling of a model of a -- and how the world is either how your organization is interacting with the world or how the world is interacting with your organization and how organizations like you in the world are interacting with the world and so on. And we can actually begin to build a model to identify unique families of malware, unique occurrences in malware and/or unique attacks against your organization in some of these analytical engines that were running out there, something called global threat alerts. And then also, we can begin to, in XDR, extend to additional data sets beyond just network-centric analytics and network-centric data. We can start to decorate data from other products such as endpoint data from other EDRs into the data set that we would have for the network analytics and visibility. And then threat intelligence, which I have mentioned. And then for the next major use case on top of that data, we have the data. We found that the analytics and the threat detections that we're doing helps us -- is designed to surface things of interest in the data. So if we have an algorithm that fires inside something like oh suspect long flow, what we're saying is we're making an alteration. This flow is abnormal. It looks weird maybe you should take a look at it. It's an observation, right? [indiscernible] that you should look at. On the other hand, all of the data is there. And so a number of our customers like to reform with the data. The more sophisticated customers want to do threat hunting. They have a hypothesis, and they want to search in that data and find things of interest. Just because I say a flow is long does not necessarily mean that's the same as a long flow in your organization. You might have a very specific type of scenario that you want to search the data for, whether that is proactive hunting of threats or investigation, meaning secure network analytics could surface the detection, long flow, for example. And you might want to go, well, show me that flow. Or any other detection product might surface detection and just say, hey, this host is bad, and you want to go. What is a bad host mean? What else is bad about this host? Show me all of the communication this is host has done over the course of the last week, month, two months. Sometimes you get a detection that was, hey, 90 days ago, this host was bad, and you didn't know about it until today. Maybe you want to find out what happened 90 days ago. And that's what this database is really useful for, is they're able to go back in time and just see what communications happened inside of your environment.

Yes, and I hear that from customers a lot Matt, that a very common use case for secure network analytics beyond their detection capabilities is also looking at I have a detection from another source. And because of the richness of the telemetry that we collect and the ease of accessing the performance, the ability to ask the question and perhaps this tremendous data set and get answers in minutes instead of some of the other platforms out there that might take hours or even days to respond given the size of these telemetry sets. It's very helpful for them in the investigation workflow. So I got a detection from somewhere, and they come into secure network analytics to ask questions, like where else could this go? Where did this come from? What else does this endpoint been talking to? Where do I see similar communication patterns in the network? So I think that's really important. And then going on to the next slide, I think this is my last slide for you guys. I'm realizing we didn't put a slide in here about response, although that is something that is the next part of the evolution and somewhere that we also have a lot of strength within Cisco, our response management capabilities within secured network analytics and then extending up the [ indoo ] Cisco XDR, have a wide variety of integrations and sources as well as automatic remediation with other technologies so that we can help our customers very quickly resolve the threat or at least contain the threat. So that's also really important to us. The most important thing to us is our customers. And so I just wanted to call out that everything we do is driven by ensuring that our customers can be successful with the product. We have one of the most robust customer experience organizations and capability sets in the world. So if you're a customer, you're going to have access to expert resources that can help you quickly adopt the technology, great support, well-known support from Cisco comprehensive learning. So whether you are looking for how do I find this specific type of threat? Or how do I deal with this use case? Or I want to get more value out of the product. We have learning bites. We have more than 150 use cases documented in quick 5-minute videos as well as PDF documents that can help you understand exactly where to click and what to grab if you wanted to achieve a certain outcome. Lots of different learning class. And then any of our customers can request instructor-led training for their teams. So let's say you've got some new team members that want to learn how to use it, and they do best with hands on labs, that is available and that is included with all of our subscriptions. So making sure that our customers can adopt and deploy can get the telemetry into the system, know how to use it. That is at the heart of what we do. We put a lot of time and investment into making sure that our customers can be successful. So with that, Sana, I'm going to hand it back over to you.

[indiscernible], Crystal. That was an amazing conversation. So well, in closing, I want to thank all the speakers for sharing your thoughts and insights with us today. Your expertise and knowledge has been truly valuable. As Crystal and Matt, and he spoke about where is elements of what a successful NAV solution in your environment might look like and how Cisco can play a role in helping you take that journey with us, check out some of the resources Crystal mentioned. If you want to know more about the report, please go check cisco.com/go/navbase. You'd find a ton of good resources information there to continue your learning journey. Our vision here at Cisco is to simplify your security operations, and the role of analytics there cannot be undermined in doing so with greater speed, efficiency and confidence. So please don't be shy if you still have questions, drop them in the chat. And once again, thank you to our audience for being a part of this event. I hope you have a fantastic day ahead. Take care and thank you.

We have come to the end of the webinar. I know there are some questions that we're not able to get through this time. Not to worry, we will give an [indiscernible] so you can take a look of that. In addition, we will be sending this recording to you post event as long as far as the report is mentioned. So do take a look and you continue to reach out to any of our experts if you have the time. So thank you, everyone, for your time today, and we look forward to meeting you in the next webinar.

We'd like to thank you all for attending this webinar. We hope you found it informative. As a reminder, please take a moment to complete the confidential survey that has been posted in the chat panel, and it will also pop up in your browser as you exit. Also, the link to this recording will be e-mailed to you in the next few days. Thank you for joining, and have a great day.