>> theCUBE's live coverage is made possible by funding from Dell Technologies. Creating technologies that drive human progress. (ambient music) >> Lisa: Hey everyone, welcome back to Barcelona, Spain. It's theCUBE Live at MWC 23. Lisa Martin with Dave Vellante. This is day two of four days of cube coverage but you know that, because you've already been watching yesterday and today. We're going to have a great conversation next with EnterpriseWeb and Red Hat. We've had great conversations the last day and a half about the Telco industry, the challenges, the opportunities. We're going to unpack that from this lens. Please welcome Dave Duggal, founder and CEO of EnterpriseWeb and Azhar Sayeed is here, Senior Director Solution Architecture at Red Hat. >> Guys, it's great to have you on the program. >> Yes. >> Thank you Lisa, >> Great being here with you. >> Dave let's go ahead and start with you. Give the audience an overview of EnterpriseWeb. What kind of business is it? What's the business model? What do you guys do? >> Okay so, EnterpriseWeb is reinventing middleware, right? So the historic middleware was to build vertically integrated stacks, right? And those stacks are now such becoming the rate limiters for interoperability for so the end-to-end solutions that everybody's looking for, right? Red Hat's talking about the unified platform. You guys are talking about Supercloud, EnterpriseWeb addresses that we've built middleware based on serverless architecture, so lightweight, low latency, high performance middleware. And we're working with the world's biggest, we sell through channels and we work through partners like Red Hat Intel, Fortnet, Keysight, Tech Mahindra. So working with some of the biggest players that have recognized the value of our innovation, to deliver transformation to the Telecom industry. >> So what are you guys doing together? Is this, is this an OpenShift play? >> Is it? >> Yeah. >> Yeah, so we've got two projects right her on the floor at MWC throughout the various partners, where EnterpriseWeb is actually providing an application layer, sorry application middleware over Red Hat's, OpenShift and we're essentially generating operators so Red Hat operators, so that all our vendors, and, sorry vendors that we onboard into our catalog can be deployed easily through the OpenShift platform. And we allow those, those vendors to be flexibly composed into network services. So the real challenge for operators historically is that they, they have challenges onboarding the vendors. It takes a long time. Each one of them is a snowflake. They, you know, even though there's standards they don't all observe or follow the same standards. So we make it easier using models, right? For, in a model driven process to on boards or streamline that onboarding process, compose functions into services deploy those services seamlessly through Red Hat's OpenShift, and then manage the, the lifecycle, like the quality of service and the SLAs for those services. >> So Red Hat obviously has pretty prominent Telco business has for a while. Red Hat OpenStack actually is is pretty popular within the Telco business. People thought, "Oh, OpenStack, that's dead." Actually, no, it's actually doing quite well. We see it all over the place where for whatever reason people want to build their own cloud. And, and so, so what's happening in the industry because you have the traditional Telcos we heard in the keynotes that kind of typical narrative about, you know, we can't let the over the top vendors do this again. We're, we're going to be Apifi everything, we're going to monetize this time around, not just with connectivity but the, but the fact is they really don't have a developer community. >> Yes. >> Yet anyway. >> Then you have these disruptors over here that are saying "Yeah, we're going to enable ISVs." How do you see it? What's the landscape look like? Help us understand, you know, what the horses on the track are doing. >> Sure. I think what has happened, Dave, is that the conversation has moved a little bit from where they were just looking at IS infrastructure service with virtual machines and OpenStack, as you mentioned, to how do we move up the value chain and look at different applications. And therein comes the rub, right? You have applications with different requirements, IT network that have various different requirements that are there. So as you start to build those cloud platform, as you start to modernize those set of applications, you then start to look at microservices and how you build them. You need the ability to orchestrate them. So some of those problem statements have moved from not just refactoring those applications, but actually now to how do you reliably deploy, manage in a multicloud multi cluster way. So this conversation around Supercloud or this conversation around multicloud is very >> You could say Supercloud. That's okay >> (Dave Duggal and Azhar laughs) >> It's absolutely very real though. The reason why it's very real is, if you look at transformations around Telco, there are two things that are happening. One, Telco IT, they're looking at partnerships with hybrid cloud, I mean with public cloud players to build a hybrid environment. They're also building their own Telco Cloud environment for their network functions. Now, in both of those spaces, they end up operating two to three different environments themselves. Now how do you create a level of abstraction across those? How do you manage that particular infrastructure? And then how do you orchestrate all of those different workloads? Those are the type of problems that they're actually beginning to solve. So they've moved on from really just putting that virtualizing their application, putting it on OpenStack to now really seriously looking at "How do I build a service?" "How do I leverage the catalog that's available both in my private and public and build an overall service process?" >> And by the way what you just described as hybrid cloud and multicloud is, you know Supercloud is what multicloud should have been. And what, what it originally became is "I run on this cloud and I run on this cloud" and "I run on this cloud and I have a hybrid." And, and Supercloud is meant to create a common experience across those clouds. >> Dave Duggal: Right? >> Thanks to, you know, Supercloud middleware. >> Yeah. >> Right? And, and so that's what you guys do. >> Yeah, exactly. Exactly. Dave, I mean, even the name EnterpriseWeb, you know we started from looking from the application layer down. If you look at it, the last 10 years we've looked from the infrastructure up, right? And now everybody's looking northbound saying "You know what, actually, if I look from the infrastructure up the only thing I'll ever build is silos, right?" And those silos get in the way of the interoperability and the agility the businesses want. So we take the perspective as high level abstractions, common tools, so that if I'm a CXO, I can look down on my environments, right? When I'm really not, I honestly, if I'm an, if I'm a CEO I don't really care or CXO, I don't really care so much about my infrastructure to be honest. I care about my applications and their behavior. I care about my SLAs and my quality of service, right? Those are the things I care about. So I really want an EnterpriseWeb, right? Something that helps me connect all my distributed applications all across all of the environments. So I can have one place a consistency layer that speaks a common language. We know that there's a lot of heterogeneity down all those layers and a lot of complexity down those layers. But the business doesn't care. They don't want to care, right? They want to actually take their applications deploy them where they're the most performant where they're getting the best cost, right? The lowest and maybe sustainability concerns, all those. They want to address those problems, meet their SLAs meet their quality service. And you know what, if it's running on Amazon, great. If it's running on Google Cloud platform, great. If it, you know, we're doing one project right here that we're demonstrating here is with with Amazon Tech Mahindra and OpenShift, where we took a disaggregated 5G core, right? So this is like sort of latest telecom, you know net networking software, right? We're deploying pulling elements of that network across core, across Amazon EKS, OpenShift on Red Hat ROSA, as well as just OpenShift for cloud. And we, through a single pane of deployment and management, we deployed the elements of the 5G core across them and then connected them in an end-to-end process. That's Telco Supercloud. >> Dave Vellante: So that's an O-RAN deployment. >> Yeah that's >> So, the big advantage of that, pardon me, Dave but the big advantage of that is the customer really doesn't care where the components are being served from for them. It's a 5G capability. It happens to sit in different locations. And that's, it's, it's about how do you abstract and how do you manage all those different workloads in a cohesive way? And that's exactly what EnterpriseWeb is bringing to the table. And what we do is we abstract the underlying infrastructure which is the cloud layer. So if, because AWS operating environment is different then private cloud operating environment then Azure environment, you have the networking is set up is different in each one of them. If there is a way you can abstract all of that and present it in a common operating model it becomes a lot easier than for anybody to be able to consume. >> And what a lot of customers tell me is the way they deal with multicloud complexity is they go with mono cloud, right? And so they'll lose out on some of the best services >> Absolutely >> If best of, so that's not >> that's not ideal, but at the end of the day, agree, developers don't want to muck with all the plumbing >> Dave Duggal: Yep. >> They want to write code. >> Azhar: Correct. >> So like I come back to are the traditional Telcos leaning in on a way that they're going to enable ISVs and developers to write on top of those platforms? Or are there sort of new entrance and disruptors? And I know, I know the answer is both >> Dave Duggal: Yep. >> but I feel as though the Telcos still haven't, traditional Telcos haven't tuned in to that developer affinity, but you guys sell to them. >> What, what are you seeing? >> Yeah, so >> What we have seen is there are Telcos fall into several categories there. If you look at the most mature ones, you know they are very eager to move up the value chain. There are some smaller very nimble ones that have actually doing, they're actually doing something really interesting. For example, they've provided sandbox environments to developers to say "Go develop your applications to the sandbox environment." We'll use that to build an net service with you. I can give you some interesting examples across the globe that, where that is happening, right? In AsiaPac, particularly in Australia, ANZ region. There are a couple of providers who have who have done this, but in, in, in a very interesting way. But the challenges to them, why it's not completely open or public yet is primarily because they haven't figured out how to exactly monetize that. And, and that's the reason why. So in the absence of that, what will happen is they they have to rely on the ISV ecosystem to be able to build those capabilities which they can then bring it on as part of the catalog. But in Latin America, I was talking to one of the providers and they said, "Well look we have a public cloud, we have our own public cloud, right?" What we want do is use that to offer localized services not just bring everything in from the top >> But, but we heard from Ericson's CEO they're basically going to monetize it by what I call "gouge", the developers >> (Azhar laughs) >> access to the network telemetry as opposed to saying, "Hey, here's an open platform development on top of it and it will maybe create something like an app store and we'll take a piece of the action." >> So ours, >> to be is a better model. >> Yeah. So that's perfect. Our second project that we're showing here is with Intel, right? So Intel came to us cause they are a reputation for doing advanced automation solutions. They gave us carte blanche in their labs. So this is Intel Network Builders they said pick your partners. And we went with the Red Hat, Fort Net, Keysite this company KX doing AIML. But to address your DevX, here's Intel explicitly wants to get closer to the developers by exposing their APIs, open APIs over their infrastructure. Just like Red Hat has APIs, right? And so they can expose them northbound to developers so developers can leverage and tune their applications, right? But the challenge there is what Intel is doing at the low level network infrastructure, right? Is fundamentally complex, right? What you want is an abstraction layer where develop and this gets to, to your point Dave where you just said like "The developers just want to get their job done." or really they want to focus on the business logic and accelerate that service delivery, right? So the idea here is an EnterpriseWeb they can literally declaratively compose their services, express their intent. "I want this to run optimized for low latency. I want this to run optimized for energy consumption." Right? And that's all they say, right? That's a very high level statement. And then the run time translates it between all the elements that are participating in that service to realize the developer's intent, right? No hands, right? Zero touch, right? So that's now a movement in telecom. So you're right, it's taking a while because these are pretty fundamental shifts, right? But it's intent based networking, right? So it's almost two parts, right? One is you have to have the open APIs, right? So that the infrastructure has to expose its capabilities. Then you need abstractions over the top that make it simple for developers to take, you know, make use of them. >> See, one of the demonstrations we are doing is around AIOps. And I've had literally here on this floor, two conversations around what I call as network as a platform. Although it sounds like a cliche term, that's exactly what Dave was describing in terms of exposing APIs from the infrastructure and utilizing them. So once you get that data, then now you can do analytics and do machine learning to be able to build models and figure out how you can orchestrate better how you can monetize better, how can how you can utilize better, right? So all of those things become important. It's just not about internal optimization but it's also about how do you expose it to third party ecosystem to translate that into better delivery mechanisms or IOT capability and so on. >> But if they're going to charge me for every API call in the network I'm going to go broke (team laughs) >> And I'm going to get really pissed. I mean, I feel like, I'm just running down, Oracle. IBM tried it. Oracle, okay, they got Java, but they don't they don't have developer jobs. VMware, okay? They got Aria. EMC used to have a thing called code. IBM had to buy Red Hat to get to the developer community. (Lisa laughs) >> So I feel like the telcos don't today have those developer shops. So, so they have to partner. [Azhar] Yes. >> With guys like you and then be more open and and let a zillion flowers bloom or else they're going to get disrupted in a big way and they're going to it's going to be a repeat of the over, over the top in, in in a different model that I can't predict. >> Yeah. >> Absolutely true. I mean, look, they cannot be in the connectivity business. Telcos cannot be just in the connectivity business. It's, I think so, you know, >> Dave Vellante: You had a fry a frozen hand (Dave Daggul laughs) >> off that, you know. >> Well, you know, think about they almost have to go become over the top on themselves, right? That's what the cloud guys are doing, right? >> Yeah. >> They're riding over their backbone that by taking a creating a high level abstraction, they in turn abstract away the infrastructure underneath them, right? And that's really the end game >> Right? >> Dave Vellante: Yeah. >> Is because now, >> they're over the top it's their network, it's their infrastructure, right? They don't want to become bid pipes. >> Yep. >> Now you, they can take OpenShift, run that in any cloud. >> Yep. >> Right? >> You can run that in hybrid cloud, enterprise web can do the application layer configuration and management. And together we're running, you know, OSI layers one through seven, east to west, north to south. We're running across the the RAN, the core and the transport. And that is telco super cloud, my friend. >> Yeah. Well, >> (Dave Duggal laughs) >> I'm dominating the conversation cause I love talking super cloud. >> I knew you would. >> So speaking of super superpowers, when you're in customer or prospective customer conversations with providers and they've got, obviously they're they're in this transformative state right now. How, what do you describe as the superpower between Red Hat and EnterpriseWeb in terms of really helping these Telcos transforms. But at the end of the day, the connectivity's there the end user gets what they want, which is I want this to work wherever I am. >> Yeah, yeah. That's a great question, Lisa. So I think the way you could look at it is most software has, has been evolved to be specialized, right? So in Telcos' no different, right? We have this in the enterprise, right? All these specialized stacks, all these components that they wire together in the, in you think of Telco as a sort of a super set of enterprise problems, right? They have all those problems like magnified manyfold, right? And so you have specialized, let's say orchestrators and other tools for every Telco domain for every Telco layer. Now you have a zoo of orchestrators, right? None of them were designed to work together, right? They all speak a specific language, let's say quote unquote for doing a specific purpose. But everything that's interesting in the 21st century is across layers and across domains, right? If a siloed static application, those are dead, right? Nobody's doing those anymore. Even developers don't do those developers are doing composition today. They're not doing, nobody wants to hear about a 6 million lines of code, right? They want to hear, "How did you take these five things and bring 'em together for productive use?" >> Lisa: Right. How did you deliver faster for my enterprise? How did you save me money? How did you create business value? And that's what we're doing together. >> I mean, just to add on to Dave, I was talking to one of the providers, they have more than 30,000 nodes in their infrastructure. When I say no to your servers running, you know, Kubernetes,running open stack, running different components. If try managing that in one single entity, if you will. Not possible. You got to fragment, you got to segment in some way. Now the question is, if you are not exposing that particular infrastructure and the appropriate KPIs and appropriate things, you will not be able to efficiently utilize that across the board. So you need almost a construct that creates like a manager of managers, a hierarchical structure, which would allow you to be more intelligent in terms of how you place those, how you manage that. And so when you ask the question about what's the secret sauce between the two, well this is exactly where EnterpriseWeb brings in that capability to analyze information, be more intelligent about it. And what we do is provide an abstraction of the cloud layer so that they can, you know, then do the right job in terms of making sure that it's appropriate and it's consistent. >> Consistency is key. Guys, thank you so much. It's been a pleasure really digging through EnterpriseWeb. >> Thank you. >> What you're doing >> with Red Hat. How you're helping the organization transform and Supercloud, we can't forget Supercloud. (Dave Vellante laughs) >> Fight Supercloud. Guys, thank you so much for your time. >> Thank you so much Lisa. >> Thank you. >> Thank you guys. >> Very nice. >> Lisa: We really appreciate it. >> For our guests and for Dave Vellante, I'm Lisa Martin. You're watching theCUBE, the leader in live tech coverage coming to you live from MWC 23. We'll be back after a short break.

(lively music) >> Hello, everyone. Welcome back to the Supercloud presentation here. I'm theCUBE, I'm John Furrier, your host. What a great segment here. We're going to unpack the networking aspect of the cloud, how that translates into what Supercloud architecture and platform deployment scenarios look like. And demystify multi-cloud, hybridcloud. We've got two great experts. Amir Khan, the Co-Founder and CEO of Alkira, Atif Khan, Co-Founder and CTO of Alkira. These guys been around since 2018 with the startup, but before that story, history in the tech industry. I mean, routing early days, multiple waves, multiple cycles. >> Welcome three decades. >> Welcome to Supercloud. >> Thanks. >> Thanks for coming on. >> Thank you so much for having us. >> So, let's get your take on Supercloud because it's been one of those conversations that really galvanized the industry because it kind of highlights almost this next wave, this next side of the street that everyone's going to be on that's going to be successful. The laggards on the legacy seem to be stuck on the old model. SaaS is growing up, it's ISVs, it's ecosystems, hyperscale, full hybrid. And then multi-cloud around the corners cause all this confusion, everyone's hand waving. You know, this is a solution, that solution, where are we? What do you guys see as this supercloud dynamic? >> So where we start from is always focusing on the customer problem. And in 2018 when we identified the problem, we saw that there were multiple clouds with many diverse ways of doing things from the network perspective, and customers were struggling with that. So we delved deeper into that and looked at each one of the cloud architectures completely independent. And there was no common solution and customers were struggling with that from the perspective. They wanted to be in multiple clouds, either through mergers and acquisitions or running an application which may be more cost effective to run in something or maybe optimized for certain reasons to run in a different cloud. But from the networking perspective, everything needed to come together. So that's, we are starting to define it as a supercloud now, but basically, it's a common infrastructure across all clouds. And then integration of high lift services like, you know, security or IPAM services or many other types of services like inter-partner routing and stuff like that. So, Amir, you agree then that multi-cloud is simply a default result of having whatever outcomes, either M&A, some productivity software, maybe Azure. >> Yes. >> Amazon has this and then I've got on-premise application, so it's kinds mishmash. >> So, I would qualify it with hybrid multi-cloud because everything is going to be interconnected. >> John: Got it. >> Whether it's on-premise, remote users or clouds. >> But have CTO perspective, obviously, you got developers, multiple stacks, got AWS, Azure and GCP, other. Not everyone wants to kind of like go all in, but yet they don't want to hedge too much because it's a resource issue. And I got to learn this stack, I got to learn that stack. So then now, you have this default multi-cloud, hybrid multi-cloud, then it's like, okay, what do I do? How do you spread that around? Is it dangerous? What's the the approach technically? What's some of the challenges there? >> Yeah, certainly. John, first, thanks for having us here. So, before I get to that, I'll just add a little bit to what Amir was saying, like how we started, what we were seeing and how it, you know, correlates with the supercloud. So, as you know, before this company, Alkira, we were doing, we did the SD-WAN company, which was Viptela. So there, we started seeing when people started deploying SD-WAN at like a larger scale. We started like, you know, customers coming to us and saying they needed connectivity into the cloud from the SD-WAN. They wanted to extend the SD-WAN fabric to the cloud. So we came up with an architecture, which was like later we started calling them Cloud onRamps, where we built, you know, a transit VPC and put like the virtual instances of SD-WAN appliances extended from there to the cloud. But before we knew, like it started becoming very complicated for the customers because it wasn't just connectivity, it also required, you know, other use cases. You had to instantiate or bring in security appliances in there. You had to secure all of that stuff. There were requirements for, you know, different regions. So you had to bring up the same thing in different regions. Then multiple clouds, what did you do? You had to replicate the same thing in multiple clouds. And now if there was was requirement between clouds, how were you going to do it? You had to route traffic from somewhere, and come up with all those routing controls and stuff. So, it was very complicated. >> Like spaghetti code, but on network. >> The games begin, in fact, one of our customers called it spaghetti mess. And so, that's where like we thought about where was the industry going and which direction the industry was going into? And we came up with the Alkira where what we are doing is building a common infrastructure across multiple clouds, across in, you know, on-prem locations, be it data centers or physical sites, branches sites, et cetera, with integrated security and network networking services inside. And, you know, nowadays, networking is not only about connectivity, you have to secure everything. So, security has to be built in. Redundancy, high availability, disaster recovery. So all of that needs to be built in. So that's like, you know, kind of a definition of like what we thought at that time, what is turning into supercloud now. >> Yeah. It's interesting too, you mentioned, you know, VPCs is not, configuration of loans a hassle. Nevermind the manual mistakes could be made, but as you decide to do something you got to, "Oh, we got to get these other things." A lot of the hyper scales and a lot of the alpha cloud players now, and cloud native folks, they're kind of in that mode of, "Wow, look at what we've built." Now, they're got to maintain, how do I refresh it? Like, how do I keep the talent? So they got this similar chaotic environment where it's like, okay, now they're already already through, so I think they're going to be okay. But then some people want to bypass it completely. So there's a lot of customers that we see out there that fit the makeup of, I'm cloud first, I've lifted and shifted, I move some stuff to the cloud. But I want to bypass all that learnings from all the people that are gone through the past three years. Can I just skip that and go to a multi-cloud or coherent infrastructure? What do you think about that? What's your view? >> So yeah, so if you look at these enterprises, you know, many of them just to find like the talent, which for one cloud as far as the IT staff is concerned, it's hard enough. And now, when you have multiple clouds, it's hard to find people the talent which is, you know, which has expertise across different clouds. So that's where we come into the picture. So our vision was always to simplify all of this stuff. And simplification, it cannot be just simplification because you cannot just automate the workflows of the cloud providers underneath. So you have to, you know, provide your full data plane on top of it, fed full control plane, management plane, policy and management on top of it. And coming back to like your question, so these nowadays, those people who are working on networking, you know, before it used to be like CLI. You used to learn about Cisco CLI or Juniper CLI, and you used to work on it. Nowadays, it's very different. So automation, programmability, all of that stuff is the key. So now, you know, Ops guys, the DevOps guys, so these are the people who are in high demand. >> So what do you think about the folks out there that are saying, okay, you got a lot of fragmentation. I got the stacks, I got a lot of stove pipes, if you will, out there on the stack. I got to learn this from Azure. Can you guys have with your product abstract the way that's so developers don't need to know the ins and outs of stack's, almost like a gateway, if you will, the old days. But like I'm a developer or team develop, why should I have to learn the management layer of Azure? >> That's exactly what we started, you know, out with to solve. So it's, what we have built is a platform and the platform sits inside the cloud. And customers are able to build their own network or a virtual network on top using that platform. So the platform has its own data plane, own control plane and management plane with a policy layer on top of it. So now, it's the platform which is sitting in different clouds, but from a customer's point of view, it's one way of doing networking. One way of instantiating or bringing in services or security services in the middle. Whether those are our security services or whether those are like services from our partners, like Palo Alto or Checkpoint or Cisco. >> So you guys brought the SD-WAN mojo and refactored it for the cloud it sounds like. >> No. >> No? (chuckles) >> We cannot said. >> All right, explain. >> It's way more than that. >> I mean, SD-WAN was wan. I mean, you're talking about wide area networks, talking about connected, so explain the difference. >> SD-WAN was primarily done for one major reason. MPLS was expensive, very strong SLAs, but very low speed. Internet, on the other hand, you sat at home and you could access your applications much faster. No SLA, very low cost, right? So we wanted to marry the two together so you could have a purely private infrastructure and a public infrastructure and secure both of them by creating a common secure fabric across all those environments. And then seamlessly tying it into your internal branch and data center and cloud network. So, it merely brought you to the edge of the cloud. It didn't do anything inside the cloud. Now, the major problem resides inside the clouds where you have to optimize the clouds themselves. Take a step back. How were the clouds built? Basically, the cloud providers went to the Ciscos and Junipers and the rest of the world, built the network in the data centers or across wide area infrastructure, and brought it all together and tried to create a virtualized layer on top of that. But there were many limitations of this underlying infrastructure that they had built. So number of routes per region, how inter region connectivity worked, or how many routes you could carry to the VPCs of V nets? That all those were becoming no common policy across, you know, these environments, no segmentation across these environments, right? So the networking constructs that the enterprise customers were used to as enterprise class carry class capabilities, they did not exist in the cloud. So what did the customer do? They ended up stitching it together all manually. And that's why Atif was alluding to earlier that it became a spaghetti mess for the customers. And then what happens is, as a result, day two operations, you know, troubleshooting, everything becomes a nightmare. So what do you do? You have to build an infrastructure inside the cloud. Cloud has enough raw capabilities to build the solutions inside there. Netflix's of the world. And many different companies have been born in the cloud and evolved from there. So why could we not take the raw capabilities of the clouds and build a network cloud or a supercloud on top of these clouds to optimize the whole infrastructure and seamlessly connecting it into the on-premise and remote user locations, right? So that's your, you know, hybrid multi-cloud solution. >> Well, great call out on the SD-WAN in common versus cloud. 'Cause I think this is important because you're building a network layer in the cloud that spans out so the customers don't have to get into the, there's a gap in the system that I'm used to, my operating environment, of having lockdown security and network. >> So yeah. So what you do is you use the raw capabilities like bandwidth or virtual machines, or you know, containers, or, you know, different types of serverless capabilities. And you bring it all together in a way to solve the networking problems, thereby creating a supercloud, which is an abstraction layer which hides all the complexity of the underlying clouds from the customer, right? And it provides a common infrastructure across all environments to that customer, right? That's the beauty of it. And it does it in a way that it looks like, if they have the networking knowledge, they can apply it to this new environment and carry it forward. One way of doing security across all clouds and hybrid environments. One way of doing routing. One way of doing large-scale network address translation. One way of doing IPAM services. So people are tired of doing individual things and individual clouds and on-premise locations, right? So now they're getting something common. >> You guys brought that, you brought all that to bear and flexible for the customer to essentially self-serve their network cloud. >> Yes, yeah. Is that the wave? >> And nowadays, from business perspective, agility is the key, right? You have to move at the pace of the business. If you don't, you are losing. >> So, would it be safe to say that you guys have a network supercloud? >> Absolutely, yeah. >> We, pretty much, yeah. Absolutely. >> What does that mean to our customer? What's in it for them? What's the benefit to the customer? I got a network supercloud, it connects, provides SLA, all the capabilities I need. What do they get? What's the end point for them? What's the end? >> Atif, maybe you can talk some examples. >> The IT infrastructure is all like distributed now, right? So you have applications running in data centers. You have applications running in one cloud. Other cloud, public clouds, enterprises are depending on so many SaaS applications. So now, these are, you can call these endpoints. So a supercloud or a network cloud, from our perspective, it's a cloud in the middle or a network in the middle, which provides connectivity from any endpoint to any endpoint. So, you are able to connect to the supercloud or network cloud in one way no matter where you are. So now, whichever cloud you are in, whichever cloud you need to connect to. And also, it's not just connecting to the cloud. So you need to do a lot of stuff, a lot of networking inside the cloud also. So now, as Amir was saying, every cloud has its own from a networking, you know, the concept perspective or the construct, they are different. There are limitations in there also. So this supercloud, which is sitting on top, basically, your platform is sitting into the cloud, but the supercloud is built on top of using your platform. So that abstracts all those complexities, all those limitations. So now your limitations are whatever the limitations of that platform are. So now your platform, that platform is in our control. So we can keep building it, we can keep scaling it horizontally. Because one of the things is that, you know, in this cloud era, one of the things is autoscaling these services. So why can't the network now autoscale also, just like your other services. >> Network autoscaling is a genius idea, and I think that's a killer. I want to ask the the follow on question because I think, first of all, I love what you guys are doing. So, I think it's a great example of this new innovation. It's not obvious until you see it, right? Geographical is huge. So, you know, single instance, global instances, multiple instances, you're seeing global. How do you guys look at that global equation? Because as companies expand their clouds into geos, and then ultimately, you know, it's obviously continent, region and locales. You're going to have geographic issues. So, this is an extension of your network cloud? >> Amir: It is the extension of the network cloud because if you look at this hyperscalers, they're sitting pretty much everywhere in the globe. So, wherever their regions are, the beauty of building a supercloud is that you can by definition, be available in those regions. It literally takes a day or two of testing for our stack to run in those regions, to make sure there are no nuances that we run into, you know, for that region. The moment we bring it up in that region, all customers can onboard into that solution. So literally, what used to take months or years to build a global infrastructure, now, you can configure it in 10 minutes basically, and bring it up in less than one hour. Since when did we see any solution- >> And by the way, >> that can come up with. >> when the edge comes out too, you're going to start to see more clouds get bolted on. >> Exactly. And you can expand to the edge of the network. That's why we call cloud the new edge, right? >> John: Yeah, it is. Now, I think you guys got a good solutions, network clouds, superclouds, good. So the question on the premise side, so I get the cloud play. It's very cool. You can expand out. It's a nice layer. I'm sure you manage the SLAs between latency and all kinds of things. Knowing when not to do things. Physics or physics. Okay. Now, you've got the on-premise. What's the on-premise equation look like? >> So on-premise, the kind of customers, we are working with large enterprises, mid-size enterprises. So they have on-prem networks, they have deployed, in many cases, they have deployed SD-WAN. In many cases, they have MPLS. They have data centers also. And a lot of these companies are, you know, moving the applications from the data center into the cloud. But we still have large enterprise- >> But for you guys, you can sit there too with non server or is it a box or what is it? >> It's a software stack, right? So, we are a software company. >> Okay, so no box. >> No box. >> Okay, got it. >> No box. >> It's even better. So, we can connect any, as I mentioned, any endpoint, whether it's data centers. So, what happens is usually these enterprises from the data centers- >> John: It's a cloud endpoint for you. >> Cloud endpoint for us. And they need highspeed connectivity into the cloud. And our network cloud is sitting inside the or supercloud is sitting inside the cloud. So we need highspeed connectivity from the data centers. This is like multi-gig type of connectivity. So we enable that connectivity as a service. And as Amir was saying, you are able to bring it up in minutes, pretty much. >> John: Well, you guys have a great handle on supercloud. I really appreciate you guys coming on. I have to ask you guys, since you have so much experience in the industry, multiple inflection points you've guys lived through and we're all old, and we can remember those glory days. What's the big deal going on right now? Because you can connect the dots and you can imagine, okay, like a Lambda function spinning up some connectivity. I need instant access to a new route, throw some, I need to send compute to an edge point for process data. A lot of these kind of ad hoc services are going to start flying around, which used to be manually configured as you guys remember. >> Amir: And that's been the problem, right? The shadow IT, that was the biggest problem in the enterprise environment. So that's what we are trying to get the customers away from. Cloud teams came in, individuals or small groups of people spun up instances in the cloud. It was completely disconnected from the on-premise environment or the existing IT environment that the customer had. So, how do you bring it together? And that's what we are trying to solve for, right? At a large scale, in a carrier cloud center (indistinct). >> What do you call that? Shift right or shift left? Shift left is in the cloud native world security. >> Amir: Yes. >> Networking and security, the two hottest areas. What are you shifting? Up or down? I mean, the network's moving up the stack. I mean, you're seeing the run times at Kubernetes later' >> Amir: Right, right. It's true we're end-to-end virtualization. So you have plumbing, which is the physical infrastructure. Then on top of that, now for the first time, you have true end-to-end virtualization, which the cloud-like constructs are providing to us. We tried to virtualize the routers, we try to virtualize instances at the server level. Now, we are bringing it all together in a truly end-to-end virtualized manner to connect any endpoint anywhere across the globe. Whether it's on-premise, home, multiple clouds, or SaaS type environments. >> Yeah. If you talk about the technical benefits beyond virtualizations, you kind of see in virtualization be abstracted away. So you got end-to-end virtualization, but you don't need to know virtualization to take advantage of it. >> Exactly. Exactly. >> What are some of the tech involved where, what's the trend around on top of virtual? What's the easy button for that? >> So there are many, many use cases from the customers and they're, you know, some of those use cases, they used to deliver out of their data centers before. So now, because you, know, it takes a long time to spend something up in the data center and stuff. So the trend is and what enterprises are looking for is agility. And to achieve that agility, they are moving those services or those use cases into the cloud. So another technical benefit of like something like a supercloud and what we are doing is we allow customers to, you know, move their services from existing data centers into the cloud as well. And I'll give you some examples. You know, these enterprises have, you know, tons of partners. They provide connectivity to their partners, to select resources. It used to happen inside the data center. You would bring in connectivity into the data center and apply like tons of ACLs and whatnot to make sure that you are able to only connect. And now those use cases are, they need to be enabled inside the cloud. And the customer's customers are also, it's not just coming from the on-prem, they're coming from the cloud as well. So, if they're coming from the cloud as well as from on-prem, so you need like an infrastructure like supercloud, which is sitting inside the cloud and is able to handle all these use cases. So all of these use cases have to be, so that requires like moving those services from the data center into the cloud or into the supercloud. So, they're, oh, as we started building this service over the last four years, we have come across so many use cases. And to deliver those use cases, you have to have a platform. So you have to have your own platform because otherwise you are depending on somebody else's, you know, capabilities. And every time their capabilities change, you have to change. >> John: I'm glad you brought up the platform 'cause I want to get your both reaction to this. So Bob Muglia just said on theCUBE here at Supercloud, that supercloud is a platform that provides programmatically consistent services hosted on heterogeneous cloud providers. So the question is, is supercloud a platform or an architecture in your view? >> That's an interesting view on things, you know? I mean, if you think of it, you have to design or architect a solution before we turn it into a platform. >> John: It's a trick question actually. >> So it's a, you know, so we look at it as that you have to have an architectural approach end to end, right? And then you build a solution based on that approach. So, I don't think that they are mutually exclusive. I think they go hand in hand. It's an architecture that you turn into a solution and provide that agility and high availability and disaster recovery capability that it built into that. >> It's interesting that these definitions might be actually redefined with this new configuration. >> Amir: Yes. >> Because architecture and platform used to mean something, like, aight here's a platform, you buy this platform. >> And then you architecture solution. >> Architect it via vendor. >> Right, right, right. >> Okay. And they have to deal with that architecture in the place of multiple superclouds. If you have too many stove pipes, then what's the purpose of supercloud? >> Right, right, right. And because, you know, historically, you built a router and you sold it to the customer. And the poor customer was supposed to install it all, you know, and interconnect all those things. And if you have 40, 50,000 router network, which we saw in our lifetime, 'cause there used to be many more branches when we were growing up in the networking industry, right? You had to create hierarchy and all kinds of things to figure out how to solve that problem. We are no longer living in that world anymore. You cannot deploy individual virtual instances. And that's what approach a lot of people are taking, which is a pure overly network. You cannot take that approach anymore. You have to evolve the architecture and then build the solution based on that architecture so that it becomes a platform which is readily available, highly scalable, and available. And at the same time, it's very, very easy to deploy. It's a SaaS type solution, right? >> So you're saying, do the architecture to get the solution for the platform that the customer has. >> Amir: Yes. >> They're not buying a platform, they end up with a platform- >> With the platform. >> as a result of Supercloud path. All right. So that's what's, so you mentioned, that's a great point. I want to double click on what you just said. 'Cause I like that what you said. What's the deployment strategy in your mind for supercloud? I'm an architect. I'm at an enterprise in the Midwest. I'm an insurance company, got some cloud action going on. I'm mostly on-premise. I've got the mandate to transform the company. We have apps. We'll be fully transformed in five years. What's my strategy? What do I do? >> Amir: The resources. >> What's the deployment strategy? Single global instance, code in every region, on every cloud? >> It needs to be a solution which is available as a SaaS service, right? So from the customer's perspective, they are onboarding into the supercloud. And then the supercloud is allowing them to do whatever they used to do, you know, historically and in the new world, right? That needs to come together. And that's what we have built is that, we have brought everything together in a way that what used to take months or years, and now taking an hour or two hours, and then people test it for a week or so and deploy it in production. >> I want to bring up something we were talking about before we were on camera about the TCP/IP, the OSI model. That was a concept that destroyed the proprietary narcissist. Work operating systems of the mini computers, which brought in an era of tech prosperity for generations. TCP/IP was kind of the magical moment that allowed for that kind of super networking connection. Inter networking is what's called as a category. It feels like something's going on here with supercloud. The way you describe it, it feels like there's this unification idea. Like the reality is we've got multiple stuff sitting around by default, you either clean it up or get rid of it, right? Or it's almost a, it's either a nuance, a new nuisance or chaos. >> Yeah. And we live in the new world now. We don't have the luxury of time. So we need to move as fast as possible to solve the business problems. And that's what we are running into. If we don't have automated solutions which scale, which solve our problems, then it's going to be a problem. And that's why SaaS is so important in today's world. Why should we have to deploy the network piecemeal? Why can't we have a solution? We solve our problem as we move forward and we accomplish what we need to accomplish and move forward. >> And we don't really need standards here, dude. It's not that we need a standards body if you have unification. >> So because things move so fast, there's no time to create a standards body. And that's why you see companies like ours popping up, which are trying to create a common infrastructure across all clouds. Otherwise if we vent the standardization path may take long. Eventually, we should be going in that direction. But we don't have the luxury of time. That's what I was trying to get to. >> Well, what's interesting is, is that to your point about standards and ratification, what ratifies a defacto anything? In the old days there was some technical bodies involved, but here, I think developers drive everything. So if you look at the developers and how they're voting with their code. They're instantly, organically defining everything as a collective intelligence. >> And just like you're putting out the paper and making it available, everybody's contributing to that. That's why you need to have APIs and terra form type constructs, which are available so that the customers can continue to improve upon that. And that's the Net DevOps, right? So that you need to have. >> What was once sacrilege, just sayin', in business school, back in the days when I got my business degree after my CS degree was, you know, no one wants to have a better mousetrap, a bad business model to have a better mouse trap. In this case, the better mouse trap, the better solution actually could be that thing. >> It is that thing. >> I mean, that can trigger, tips over the industry. >> And that that's where we are seeing our customers. You know, I mean, we have some publicly referenceable customers like Coke or Warner Music Group or, you know, multiple others and chart industries. The way we are solving the problem. They have some of the largest environments in the industry from the cloud perspective. And their whole network infrastructure is running on the Alkira infrastructure. And they're able to adopt new clouds within days rather than waiting for months to architect and then deploy and then figure out how to manage it and operate it. It's available as a service. >> John: And we've heard from your customer, Warner, they were just on the program. >> Amir: Yes. Okay, okay. >> So they're building a supercloud. So superclouds aren't just for tech companies. >> Amir: No. >> You guys build a supercloud for networking. >> Amir: It is. >> But people are building their own superclouds on top of all this new stuff. Talk about that dynamic. >> Healthcare providers, financials, high-tech companies, even startups. One of our startup customers, Tekion, right? They have these dealerships that they provide sales and support services to across the globe. And for them to be able to onboard those dealerships, it is 80% less time to production. That is real money, right? So, maybe Atif can give you a lot more examples of customers who are deploying. >> Talk about some of the customer activity. What are they like? Are they laggards, they innovators? Are they trying to hit the easy button? Are they coming in late or are you got some high customers? >> Actually most of our customers, all of our customers or customers in general. I don't think they have a choice but to move in this direction because, you know, the cloud has, like everything is quick now. So the cloud teams are moving faster in these enterprises. So now that they cannot afford the network nor to keep up pace with the cloud teams. So, they don't have a choice but to go with something similar where you can, you know, build your network on demand and bring up your network as quickly as possible to meet all those use cases. So, I'll give you an example. >> John: So the demand's high for what you guys do. >> Demand is very high because the cloud teams have- >> John: Yeah. They're going fast. >> They're going fast and there's no stopping. And then network teams, they have to keep up with them. And you cannot keep deploying, you know, networks the way you used to deploy back in the day. And as far as the use cases are concerned, there are so many use cases which our customers are using our platform for. One of the use cases, I'll give you an example of these financial customers. Some of the financial customers, they have their customers who they provide data, like stock exchanges, that provide like market data information to their customers out of data centers part. But now, their customers are moving into the cloud as well. So they need to come in from the cloud. So when they're coming in from the cloud, you cannot be giving them data from your data center because that takes time, and your hair pinning everything back. >> Moving data is like moving, moving money, someone said. >> Exactly. >> Exactly. And the other thing is like you have to optimize your traffic flows in the cloud as well because every time you leave the cloud, you get charged a lot. So, you don't want to leave the cloud unless you have to leave the cloud, your traffic. So, you have to come up or use a service which allows you to optimize all those traffic flows as well, you know? >> My final question to you guys, first of all, thanks for coming on Supercloud Program. Really appreciate it. Congratulations on your success. And you guys have a great positioning and I'm a big fan. And I have to ask, you guys are agile, nimble startup, smart on the cutting edge. Supercloud concept seems to resonate with people who are kind of on the front range of this major wave. While all the incumbents like Cisco, Microsoft, even AWS, they're like, I think they're looking at it, like what is that? I think it's coming up really fast, this trend. Because I know people talk about multi-cloud, I get that. But like, this whole supercloud is not just SaaS, it's more going on there. What do you think is going on between the folks who get it, supercloud, get the concept, and some are who are scratching their heads, whether it's the Ciscos or someone, like I don't get it. Why is supercloud important for the folks that aren't really seeing it? >> So first of all, I mean, the customers, what we saw about six months, 12 months ago, were a little slower to adopt the supercloud kind of concept. And there were leading edge customers who were coming and adopting it. Now, all of a sudden, over the last six to nine months, we've seen a flurry of customers coming in and they are from all disciplines or all very diverse set of customers. And they're starting to see the value of that because of the practical implications of what they're doing. You know, these shadow IT type environments are no longer working and there's a lot of pressure from the management to move faster. And then that's where they're coming in. And perhaps, Atif, if you can give a few examples of. >> Yeah. And I'll also just add to your point earlier about the network needing to be there 'cause the cloud teams are like, let's go faster. And the network's always been slow because, but now, it's been almost turbocharged. >> Atif: Yeah. Yeah, exactly. And as I said, like there was no choice here. You had to move in this industry. And the other thing I would add a little bit is now if you look at all these enterprises, most of their traffic is from, even from which is coming from the on-prem, it's going to the cloud SaaS applications or public clouds. And it's more than 50% of traffic, which is leaving your, you know, what you used to call, your network or the private network. So now it's like, you know, before it used to just connect sites to data centers and sites together. Now, it's a cloud as well as the SaaS application. So it's either internet bound or the public cloud bound. So now you have to build a network quickly, which caters to all these use cases. And that's where like something- >> And you guys, your solution to me is you eliminate all that work for the customer. Now, they can treat the cloud like a bag of Legos. And do their thing. Well, I oversimplify. Well, you know I'm talking about. >> Atif: Right, exactly. >> And to answer your question earlier about what about the big companies coming in and, you know, now they slow to adopt? And, you know, what normally happens is when Cisco came up, right? There used to be 16 different protocols suites. And then we finally settled on TCP/IP and DECnet or AppleTalk or X&S or, you know, you name it, right? Those companies did not adapt to the networking the way it was supposed to be done. And guess what happened, right? So if the companies in the networking space do not adopt this new concept or new way of doing things, I think some of them will become extinct over time. >> Well, I think the force and function too is the cloud teams as well. So you got two evolutions. You got architectural relevance. That's real as impact. >> It's very important. >> Cost, speed. >> And I look at it as a very similar disruption to what Cisco's the world, very early days did to, you know, bring the networking out, right? And it became the internet. But now we are going through the cloud. It's the cloud era, right? How does the cloud evolve over the next 10, 15, 20 years? Everything's is going to be offered as a service, right? So slowly data centers go away, the network becomes a plumbing thing. Very, you know, simple to deploy. And everything on top of that is virtualized in the cloud-like manners. >> And that makes the networks hardened and more secure. >> More secure. >> It's a great way to be secure. You remember the glory days, we'll go back 15 years. The Cisco conversation was, we got to move up to stack. All the manager would fight each other. Now, what does that actually mean? Stay where we are. Stay in your lane. This is kind of like the network's version of moving up the stack because not so much up the stack, but the cloud is everywhere. It's almost horizontally scaled. >> It's extending into the on-premise. It is already moving towards the edge, right? So, you will see a lot- >> So, programmability is a big program. So you guys are hitting programmability, compatibility, getting people into an environment they're comfortable operating. So the Ops people love it. >> Exactly. >> Spans the clouds to a level of SLA management. It might not be perfectly spanning applications, but you can actually know latencies between clouds, measure that. And then so you're basically managing your network now as the overall infrastructure. >> Right. And it needs to be a very intelligent infrastructure going forward, right? Because customers do not want to wait to be able to troubleshoot. They don't want to be able to wait to deploy something, right? So, it needs to be a level of automation. >> Okay. So the question for you guys both on we'll end on is what is the enablement that, because you guys are a disruptive enabler, right? You create this fabric. You're going to enable companies to do stuff. What are some of the things that you see and your customers might be seeing as things that they're going to do as a result of having this enablement? So what are some of those things? >> Amir: Atif, perhaps you can talk through the some of the customer experience on that. >> It's agility. And we are allowing these customers to move very, very quickly and build these networks which meet all these requirements inside the cloud. Because as Amir was saying, in the cloud era, networking is changing. And if you look at, you know, going back to your comment about the existing networking vendors. Some of them still think that, you know, just connecting to the cloud using some concepts like Cloud OnRamp is cloud networking, but it's changing now. >> John: 'Cause there's apps that are depending upon. >> Exactly. And it's all distributed. Like IT infrastructure, as I said earlier, is all distributed. And at the end of the day, you have to make sure that wherever your user is, wherever your app is, you are able to connect them securely. >> Historically, it used to be about building a router bigger and bigger and bigger and bigger, you know, and then interconnecting those routers. Now, it's all about horizontal scale. You don't need to build big, you need to scale it, right? And that's what cloud brings to the customer. >> It's a cultural change for Cisco and Juniper because they have to understand that they're still could be in the game and still win. >> Exactly. >> The question I have for you, what are your customers telling you that, what's some of the anecdotal, like, 'cause you guys have a good solution, is it, "Oh my god, you guys saved my butt." Or what are some of the commentary that you hear from the customers in terms of praise and and glory from your solution? >> Oh, some even say, when we do our demo and stuff, they say it's too hard to believe. >> Believe. >> Like, too hard. It's hard, you know, it's >> I dont believe you. They're skeptics. >> I don't believe you that because now you're able to bring up a global network within minutes. With networking services, like let's say you have APAC, you know, on-prem users, cloud also there, cloud here, users here, you can bring up a global network with full routed connectivity between all these endpoints with security services. You can bring up like a firewall from a third party or our services in the middle. This is a matter of minutes now. And this is all high speed connectivity with SLAs. Imagine like before connecting, you know, Singapore to U.S. East or Hong Kong to Frankfurt, you know, if you were putting your infrastructure in columns like E-connects, you would have to go, you know, figure out like, how am I going to- >> Seal line In, connect to it? Yeah. A lot of hassles, >> If you had to put like firewalls in the middle, segmentation, you had to, you know, isolate different entities. >> That's called heavy lifting. >> So what you're seeing is, you know, it's like customer comes in, there's a disbelief, can you really do that? And then they try it out, they go, "Wow, this works." Right? It's deployed in a small environment. And then all of a sudden they start taking off, right? And literally we have seen customers go from few thousand dollars a month or year type deployments to multi-million dollars a year type deployments in very, very short amount of time, in a few months. >> And you guys are pay as you go? >> Pay as you go. >> Pay as go usage cloud-based compatibility. >> Exactly. And it's amazing once they get to deploy the solution. >> What's the variable on the cost? >> On the cost? >> Is it traffic or is it. >> It's multiple different things. It's packaged into the overall solution. And as a matter of fact, we end up saving a lot of money to the customers. And not only in one way, in multiple different ways. And we do a complete TOI analysis for the customers. So it's bandwidth, it's number of connections, it's the amount of compute power that we are using. >> John: Similar things that they're used to. >> Just like the cloud constructs. Yeah. >> All right. Networking supercloud. Great. Congratulations. >> Thank you so much. >> Thanks for coming on Supercloud. >> Atif: Thank you. >> And looking forward to seeing more of the demand. Translate, instant networking. I'm sure it's going to be huge with the edge exploding. >> Oh yeah, yeah, yeah, yeah. >> Congratulations. >> Thank you so much. >> Thank you so much. >> Okay. So this is Supercloud 2 event here in Palo Alto. I'm John Furrier. The network Supercloud is here. Checkout Alkira. I'm John Furry, the host. Thanks for watching. (lively music)

Hello and welcome back to Supercloud 2 where we examine the intersection of cloud and data in the 2020s. My name is Dave Vellante. Our Supercloud panel, our power panel is back. Maribel Lopez is the founder and principal analyst at Lopez Research. Sanjeev Mohan is former Gartner analyst and principal at Sanjeev Mohan. And Keith Townsend is the CTO advisor. Folks, welcome back and thanks for your participation today. Good to see you. >> Okay, great. >> Great to see you. >> Thanks. Let me start, Maribel, with you. Bob Muglia, we had a conversation as part of Supercloud the other day. And he said, "Dave, I like the work, you got to simplify this a little bit." So he said, quote, "A Supercloud is a platform." He said, "Think of it as a platform that provides programmatically consistent services hosted on heterogeneous cloud providers." And then Nelu Mihai said, "Well, wait a minute. This is just going to create more stove pipes. We need more standards in an architecture," which is kind of what Berkeley Sky Computing initiative is all about. So there's a sort of a debate going on. Is supercloud an architecture, a platform? Or maybe it's just another buzzword. Maribel, do you have a thought on this? >> Well, the easy answer would be to say it's just a buzzword. And then we could just kill the conversation and be done with it. But I think the term, it's more than that, right? The term actually isn't new. You can go back to at least 2016 and find references to supercloud in Cornell University or assist in other documents. So, having said this, I think we've been talking about Supercloud for a while, so I assume it's more than just a fancy buzzword. But I think it really speaks to that undeniable trend of moving towards an abstraction layer to deal with the chaos of what we consider managing multiple public and private clouds today, right? So one definition of the technology platform speaks to a set of services that allows companies to build and run that technology smoothly without worrying about the underlying infrastructure, which really gets back to something that Bob said. And some of the question is where that lives. And you could call that an abstraction layer. You could call it cross-cloud services, hybrid cloud management. So I see momentum there, like legitimate momentum with enterprise IT buyers that are trying to deal with the fact that they have multiple clouds now. So where I think we're moving is trying to define what are the specific attributes and frameworks of that that would make it so that it could be consistent across clouds. What is that layer? And maybe that's what the supercloud is. But one of the things I struggle with with supercloud is. What are we really trying to do here? Are we trying to create differentiated services in the supercloud layer? Is a supercloud just another variant of what AWS, GCP, or others do? You spoken to Walmart about its cloud native platform, and that's an example of somebody deciding to do it themselves because they need to deal with this today and not wait for some big standards thing to happen. So whatever it is, I do think it's something. I think we're trying to maybe create an architecture out of it would be a better way of saying it so that it does get to those set of principles, but it also needs to be edge aware. I think whenever we talk about supercloud, we're always talking about like the big centralized cloud. And I think we need to think about all the distributed clouds that we're looking at in edge as well. So that might be one of the ways that supercloud evolves. >> So thank you, Maribel. Keith, Brian Gracely, Gracely's law, things kind of repeat themselves. We've seen it all before. And so what Muglia brought to the forefront is this idea of a platform where the platform provider is really responsible for the architecture. Of course, the drawback is then you get a a bunch of stove pipes architectures. But practically speaking, that's kind of the way the industry has always evolved, right? >> So if we look at this from the practitioner's perspective and we talk about platforms, traditionally vendors have provided the platforms for us, whether it's distribution of lineage managed by or provided by Red Hat, Windows, servers, .NET, databases, Oracle. We think of those as platforms, things that are fundamental we can build on top. Supercloud isn't today that. It is a framework or idea, kind of a visionary goal to get to a point that we can have a platform or a framework. But what we're seeing repeated throughout the industry in customers, whether it's the Walmarts that's kind of supersized the idea of supercloud, or if it's regular end user organizations that are coming out with platform groups, groups who normalize cloud native infrastructure, AWS multi-cloud, VMware resources to look like one thing internally to their developers. We're seeing this trend that there's a desire for a platform that provides the capabilities of a supercloud. >> Thank you for that. Sanjeev, we often use Snowflake as a supercloud example, and now would presumably would be a platform with an architecture that's determined by the vendor. Maybe Databricks is pushing for a more open architecture, maybe more of that nirvana that we were talking about before to solve for supercloud. But regardless, the practitioner discussions show. At least currently, there's not a lot of cross-cloud data sharing. I think it could be a killer use case, egress charges or a barrier. But how do you see it? Will that change? Will we hide that underlying complexity and start sharing data across cloud? Is that something that you think Snowflake or others will be able to achieve? >> So I think we are already starting to see some of that happen. Snowflake is definitely one example that gets cited a lot. But even we don't talk about MongoDB in this like, but you could have a MongoDB cluster, for instance, with nodes sitting in different cloud providers. So there are companies that are starting to do it. The advantage that these companies have, let's take Snowflake as an example, it's a centralized proprietary platform. And they are building the capabilities that are needed for supercloud. So they're building things like you can push down your data transformations. They have the entire security and privacy suite. Data ops, they're adding those capabilities. And if I'm not mistaken, it'll be very soon, we will see them offer data observability. So it's all works great as long as you are in one platform. And if you want resilience, then Snowflake, Supercloud, great example. But if your primary goal is to choose the most cost-effective service irrespective of which cloud it sits in, then things start falling sideways. For example, I may be a very big Snowflake user. And I like Snowflake's resilience. I can move from one cloud to another cloud. Snowflake does it for me. But what if I want to train a very large model? Maybe Databricks is a better platform for that. So how do I do move my workload from one platform to another platform? That tooling does not exist. So we need server hybrid, cross-cloud, data ops platform. Walmart has done a great job, but they built it by themselves. Not every company is Walmart. Like Maribel and Keith said, we need standards, we need reference architectures, we need some sort of a cost control. I was just reading recently, Accenture has been public about their AWS bill. Every time they get the bill is tens of millions of lines, tens of millions 'cause there are over thousand teams using AWS. If we have not been able to corral a usage of a single cloud, now we're talking about supercloud, we've got multiple clouds, and hybrid, on-prem, and edge. So till we've got some cross-platform tooling in place, I think this will still take quite some time for it to take shape. >> It's interesting. Maribel, Walmart would tell you that their on-prem infrastructure is cheaper to run than the stuff in the cloud. but at the same time, they want the flexibility and the resiliency of their three-legged stool model. So the point as Sanjeev was making about hybrid. It's an interesting balance, isn't it, between getting your lowest cost and at the same time having best of breed and scale? >> It's basically what you're trying to optimize for, as you said, right? And by the way, to the earlier point, not everybody is at Walmart's scale, so it's not actually cheaper for everybody to have the purchasing power to make the cloud cheaper to have it on-prem. But I think what you see almost every company, large or small, moving towards is this concept of like, where do I find the agility? And is the agility in building the infrastructure for me? And typically, the thing that gives you outside advantage as an organization is not how you constructed your cloud computing infrastructure. It might be how you structured your data analytics as an example, which cloud is related to that. But how do you marry those two things? And getting back to sort of Sanjeev's point. We're in a real struggle now where one hand we want to have best of breed services and on the other hand we want it to be really easy to manage, secure, do data governance. And those two things are really at odds with each other right now. So if you want all the knobs and switches of a service like geospatial analytics and big query, you're going to have to use Google tools, right? Whereas if you want visibility across all the clouds for your application of state and understand the security and governance of that, you're kind of looking for something that's more cross-cloud tooling at that point. But whenever you talk to somebody about cross-cloud tooling, they look at you like that's not really possible. So it's a very interesting time in the market. Now, we're kind of layering this concept of supercloud on it. And some people think supercloud's about basically multi-cloud tooling, and some people think it's about a whole new architectural stack. So we're just not there yet. But it's not all about cost. I mean, cloud has not been about cost for a very, very long time. Cloud has been about how do you really make the most of your data. And this gets back to cross-cloud services like Snowflake. Why did they even exist? They existed because we had data everywhere, but we need to treat data as a unified object so that we can analyze it and get insight from it. And so that's where some of the benefit of these cross-cloud services are moving today. Still a long way to go, though, Dave. >> Keith, I reached out to my friends at ETR given the macro headwinds, And you're right, Maribel, cloud hasn't really been about just about cost savings. But I reached out to the ETR, guys, what's your data show in terms of how customers are dealing with the economic headwinds? And they said, by far, their number one strategy to cut cost is consolidating redundant vendors. And a distant second, but still notable was optimizing cloud costs. Maybe using reserve instances, or using more volume buying. Nowhere in there. And I asked them to, "Could you go look and see if you can find it?" Do we see repatriation? And you hear this a lot. You hear people whispering as analysts, "You better look into that repatriation trend." It's pretty big. You can't find it. But some of the Walmarts in the world, maybe even not repatriating, but they maybe have better cost structure on-prem. Keith, what are you seeing from the practitioners that you talk to in terms of how they're dealing with these headwinds? >> Yeah, I just got into a conversation about this just this morning with (indistinct) who is an analyst over at GigaHome. He's reading the same headlines. Repatriation is happening at large scale. I think this is kind of, we have these quiet terms now. We have quiet quitting, we have quiet hiring. I think we have quiet repatriation. Most people haven't done away with their data centers. They're still there. Whether they're completely on-premises data centers, and they own assets, or they're partnerships with QTX, Equinix, et cetera, they have these private cloud resources. What I'm seeing practically is a rebalancing of workloads. Do I really need to pay AWS for this instance of SAP that's on 24 hours a day versus just having it on-prem, moving it back to my data center? I've talked to quite a few customers who were early on to moving their static SAP workloads onto the public cloud, and they simply moved them back. Surprising, I was at VMware Explore. And we can talk about this a little bit later on. But our customers, net new, not a lot that were born in the cloud. And they get to this point where their workloads are static. And they look at something like a Kubernetes, or a OpenShift, or VMware Tanzu. And they ask the question, "Do I need the scalability of cloud?" I might consider being a net new VMware customer to deliver this base capability. So are we seeing repatriation as the number one reason? No, I think internal IT operations are just naturally come to this realization. Hey, I have these resources on premises. The private cloud technologies have moved far along enough that I can just simply move this workload back. I'm not calling it repatriation, I'm calling it rightsizing for the operating model that I have. >> Makes sense. Yeah. >> Go ahead. >> If I missed something, Dave, why we are on this topic of repatriation. I'm actually surprised that we are talking about repatriation as a very big thing. I think repatriation is happening, no doubt, but it's such a small percentage of cloud migration that to me it's a rounding error in my opinion. I think there's a bigger problem. The problem is that people don't know where the cost is. If they knew where the cost was being wasted in the cloud, they could do something about it. But if you don't know, then the easy answer is cloud costs a lot and moving it back to on-premises. I mean, take like Capital One as an example. They got rid of all the data centers. Where are they going to repatriate to? They're all in the cloud at this point. So I think my point is that data observability is one of the places that has seen a lot of traction is because of cost. Data observability, when it first came into existence, it was all about data quality. Then it was all about data pipeline reliability. And now, the number one killer use case is FinOps. >> Maribel, you had a comment? >> Yeah, I'm kind of in violent agreement with both Sanjeev and Keith. So what are we seeing here? So the first thing that we see is that many people wildly overspent in the big public cloud. They had stranded cloud credits, so to speak. The second thing is, some of them still had infrastructure that was useful. So why not use it if you find the right workloads to what Keith was talking about, if they were more static workloads, if it was already there? So there is a balancing that's going on. And then I think fundamentally, from a trend standpoint, these things aren't binary. Everybody, for a while, everything was going to go to the public cloud and then people are like, "Oh, it's kind of expensive." Then they're like, "Oh no, they're going to bring it all on-prem 'cause it's really expensive." And it's like, "Well, that doesn't necessarily get me some of the new features and functionalities I might want for some of my new workloads." So I'm going to put the workloads that have a certain set of characteristics that require cloud in the cloud. And if I have enough capability on-prem and enough IT resources to manage certain things on site, then I'm going to do that there 'cause that's a more cost-effective thing for me to do. It's not binary. That's why we went to hybrid. And then we went to multi just to describe the fact that people added multiple public clouds. And now we're talking about super, right? So I don't look at it as a one-size-fits-all for any of this. >> A a number of practitioners leading up to Supercloud2 have told us that they're solving their cloud complexity by going in monocloud. So they're putting on the blinders. Even though across the organization, there's other groups using other clouds. You're like, "In my group, we use AWS, or my group, we use Azure. And those guys over there, they use Google. We just kind of keep it separate." Are you guys hearing this in your view? Is that risky? Are they missing out on some potential to tap best of breed? What do you guys think about that? >> Everybody thinks they're monocloud. Is anybody really monocloud? It's like a group is monocloud, right? >> Right. >> This genie is out of the bottle. We're not putting the genie back in the bottle. You might think your monocloud and you go like three doors down and figure out the guy or gal is on a fundamentally different cloud, running some analytics workload that you didn't know about. So, to Sanjeev's earlier point, they don't even know where their cloud spend is. So I think the concept of monocloud, how that's actually really realized by practitioners is primary and then secondary sources. So they have a primary cloud that they run most of their stuff on, and that they try to optimize. And we still have forked workloads. Somebody decides, "Okay, this SAP runs really well on this, or these analytics workloads run really well on that cloud." And maybe that's how they parse it. But if you really looked at it, there's very few companies, if you really peaked under the hood and did an analysis that you could find an actual monocloud structure. They just want to pull it back in and make it more manageable. And I respect that. You want to do what you can to try to streamline the complexity of that. >> Yeah, we're- >> Sorry, go ahead, Keith. >> Yeah, we're doing this thing where we review AWS service every day. Just in your inbox, learn about a new AWS service cursory. There's 238 AWS products just on the AWS cloud itself. Some of them are redundant, but you get the idea. So the concept of monocloud, I'm in filing agreement with Maribel on this that, yes, a group might say I want a primary cloud. And that primary cloud may be the AWS. But have you tried the licensed Oracle database on AWS? It is really tempting to license Oracle on Oracle Cloud, Microsoft on Microsoft. And I can't get RDS anywhere but Amazon. So while I'm driven to desire the simplicity, the reality is whether be it M&A, licensing, data sovereignty. I am forced into a multi-cloud management style. But I do agree most people kind of do this one, this primary cloud, secondary cloud. And I guarantee you're going to have a third cloud or a fourth cloud whether you want to or not via shadow IT, latency, technical reasons, et cetera. >> Thank you. Sanjeev, you had a comment? >> Yeah, so I just wanted to mention, as an organization, I'm complete agreement, no organization is monocloud, at least if it's a large organization. Large organizations use all kinds of combinations of cloud providers. But when you talk about a single workload, that's where the program arises. As Keith said, the 238 services in AWS. How in the world am I going to be an expert in AWS, but then say let me bring GCP or Azure into a single workload? And that's where I think we probably will still see monocloud as being predominant because the team has developed its expertise on a particular cloud provider, and they just don't have the time of the day to go learn yet another stack. However, there are some interesting things that are happening. For example, if you look at a multi-cloud example where Oracle and Microsoft Azure have that interconnect, so that's a beautiful thing that they've done because now in the newest iteration, it's literally a few clicks. And then behind the scene, your .NET application and your Oracle database in OCI will be configured, the identities in active directory are federated. And you can just start using a database in one cloud, which is OCI, and an application, your .NET in Azure. So till we see this kind of a solution coming out of the providers, I think it's is unrealistic to expect the end users to be able to figure out multiple clouds. >> Well, I have to share with you. I can't remember if he said this on camera or if it was off camera so I'll hold off. I won't tell you who it is, but this individual was sort of complaining a little bit saying, "With AWS, I can take their best AI tools like SageMaker and I can run them on my Snowflake." He said, "I can't do that in Google. Google forces me to go to BigQuery if I want their excellent AI tools." So he was sort of pushing, kind of tweaking a little bit. Some of the vendor talked that, "Oh yeah, we're so customer-focused." Not to pick on Google, but I mean everybody will say that. And then you say, "If you're so customer-focused, why wouldn't you do a ABC?" So it's going to be interesting to see who leads that integration and how broadly it's applied. But I digress. Keith, at our first supercloud event, that was on August 9th. And it was only a few months after Broadcom announced the VMware acquisition. A lot of people, myself included said, "All right, cuts are coming." Generally, Tanzu is probably going to be under the radar, but it's Supercloud 22 and presumably VMware Explore, the company really... Well, certainly the US touted its Tanzu capabilities. I wasn't at VMware Explore Europe, but I bet you heard similar things. Hawk Tan has been blogging and very vocal about cross-cloud services and multi-cloud, which doesn't happen without Tanzu. So what did you hear, Keith, in Europe? What's your latest thinking on VMware's prospects in cross-cloud services/supercloud? >> So I think our friend and Cube, along host still be even more offended at this statement than he was when I sat in the Cube. This was maybe five years ago. There's no company better suited to help industries or companies, cross-cloud chasm than VMware. That's not a compliment. That's a reality of the industry. This is a very difficult, almost intractable problem. What I heard that VMware Europe were customers serious about this problem, even more so than the US data sovereignty is a real problem in the EU. Try being a company in Switzerland and having the Swiss data solvency issues. And there's no local cloud presence there large enough to accommodate your data needs. They had very serious questions about this. I talked to open source project leaders. Open source project leaders were asking me, why should I use the public cloud to host Kubernetes-based workloads, my projects that are building around Kubernetes, and the CNCF infrastructure? Why should I use AWS, Google, or even Azure to host these projects when that's undifferentiated? I know how to run Kubernetes, so why not run it on-premises? I don't want to deal with the hardware problems. So again, really great questions. And then there was always the specter of the problem, I think, we all had with the acquisition of VMware by Broadcom potentially. 4.5 billion in increased profitability in three years is a unbelievable amount of money when you look at the size of the problem. So a lot of the conversation in Europe was about industry at large. How do we do what regulators are asking us to do in a practical way from a true technology sense? Is VMware cross-cloud great? >> Yeah. So, VMware, obviously, to your point. OpenStack is another way of it. Actually, OpenStack, uptake is still alive and well, especially in those regions where there may not be a public cloud, or there's public policy dictating that. Walmart's using OpenStack. As you know in IT, some things never die. Question for Sanjeev. And it relates to this new breed of data apps. And Bob Muglia and Tristan Handy from DBT Labs who are participating in this program really got us thinking about this. You got data that resides in different clouds, it maybe even on-prem. And the machine polls data from different systems. No humans involved, e-commerce, ERP, et cetera. It creates a plan, outcomes. No human involvement. Today, you're on a CRM system, you're inputting, you're doing forms, you're, you're automating processes. We're talking about a new breed of apps. What are your thoughts on this? Is it real? Is it just way off in the distance? How does machine intelligence fit in? And how does supercloud fit? >> So great point. In fact, the data apps that you're talking about, I call them data products. Data products first came into limelight in the last couple of years when Jamal Duggan started talking about data mesh. I am taking data products out of the data mesh concept because data mesh, whether data mesh happens or not is analogous to data products. Data products, basically, are taking a product management view of bringing data from different sources based on what the consumer needs. We were talking earlier today about maybe it's my vacation rentals, or it may be a retail data product, it may be an investment data product. So it's a pre-packaged extraction of data from different sources. But now I have a product that has a whole lifecycle. I can version it. I have new features that get added. And it's a very business data consumer centric. It uses machine learning. For instance, I may be able to tell whether this data product has stale data. Who is using that data? Based on the usage of the data, I may have a new data products that get allocated. I may even have the ability to take existing data products, mash them up into something that I need. So if I'm going to have that kind of power to create a data product, then having a common substrate underneath, it can be very useful. And that could be supercloud where I am making API calls. I don't care where the ERP, the CRM, the survey data, the pricing engine where they sit. For me, there's a logical abstraction. And then I'm building my data product on top of that. So I see a new breed of data products coming out. To answer your question, how early we are or is this even possible? My prediction is that in 2023, we will start seeing more of data products. And then it'll take maybe two to three years for data products to become mainstream. But it's starting this year. >> A subprime mortgages were a data product, definitely were humans involved. All right, let's talk about some of the supercloud, multi-cloud players and what their future looks like. You can kind of pick your favorites. VMware, Snowflake, Databricks, Red Hat, Cisco, Dell, HP, Hashi, IBM, CloudFlare. There's many others. cohesive rubric. Keith, I wanted to start with CloudFlare because they actually use the term supercloud. and just simplifying what they said. They look at it as taking serverless to the max. You write your code and then you can deploy it in seconds worldwide, of course, across the CloudFlare infrastructure. You don't have to spin up containers, you don't go to provision instances. CloudFlare worries about all that infrastructure. What are your thoughts on CloudFlare this approach and their chances to disrupt the current cloud landscape? >> As Larry Ellison said famously once before, the network is the computer, right? I thought that was Scott McNeley. >> It wasn't Scott McNeley. I knew it was on Oracle Align. >> Oracle owns that now, owns that line. >> By purpose or acquisition. >> They should have just called it cloud. >> Yeah, they should have just called it cloud. >> Easier. >> Get ahead. >> But if you think about the CloudFlare capability, CloudFlare in its own right is becoming a decent sized cloud provider. If you have compute out at the edge, when we talk about edge in the sense of CloudFlare and points of presence, literally across the globe, you have all of this excess computer, what do you do with it? First offering, let's disrupt data in the cloud. We can't start the conversation talking about data. When they say we're going to give you object-oriented or object storage in the cloud without egress charges, that's disruptive. That we can start to think about supercloud capability of having compute EC2 run in AWS, pushing and pulling data from CloudFlare. And now, I've disrupted this roach motel data structure, and that I'm freely giving away bandwidth, basically. Well, the next layer is not that much more difficult. And I think part of CloudFlare's serverless approach or supercloud approaches so that they don't have to commit to a certain type of compute. It is advantageous. It is a feature for me to be able to go to EC2 and pick a memory heavy model, or a compute heavy model, or a network heavy model, CloudFlare is taken away those knobs. and I'm just giving code and allowing that to run. CloudFlare has a massive network. If I can put the code closest using the CloudFlare workers, if I can put that code closest to where the data is at or residing, super compelling observation. The question is, does it scale? I don't get the 238 services. While Server List is great, I have to know what I'm going to build. I don't have a Cognito, or RDS, or all these other services that make AWS, GCP, and Azure appealing from a builder's perspective. So it is a very interesting nascent start. It's great because now they can hide compute. If they don't have the capacity, they can outsource that maybe at a cost to one of the other cloud providers, but kind of hiding the compute behind the surplus architecture is a really unique approach. >> Yeah. And they're dipping their toe in the water. And they've announced an object store and a database platform and more to come. We got to wrap. So I wonder, Sanjeev and Maribel, if you could maybe pick some of your favorites from a competitive standpoint. Sanjeev, I felt like just watching Snowflake, I said, okay, in my opinion, they had the right strategy, which was to run on all the clouds, and then try to create that abstraction layer and data sharing across clouds. Even though, let's face it, most of it might be happening across regions if it's happening, but certainly outside of an individual account. But I felt like just observing them that anybody who's traditional on-prem player moving into the clouds or anybody who's a cloud native, it just makes total sense to write to the various clouds. And to the extent that you can simplify that for users, it seems to be a logical strategy. Maybe as I said before, what multi-cloud should have been. But are there companies that you're watching that you think are ahead in the game , or ones that you think are a good model for the future? >> Yes, Snowflake, definitely. In fact, one of the things we have not touched upon very much, and Keith mentioned a little bit, was data sovereignty. Data residency rules can require that certain data should be written into certain region of a certain cloud. And if my cloud provider can abstract that or my database provider, then that's perfect for me. So right now, I see Snowflake is way ahead of this pack. I would not put MongoDB too far behind. They don't really talk about this thing. They are in a different space, but now they have a lakehouse, and they've got all of these other SQL access and new capabilities that they're announcing. So I think they would be quite good with that. Oracle is always a dark forest. Oracle seems to have revived its Cloud Mojo to some extent. And it's doing some interesting stuff. Databricks is the other one. I have not seen Databricks. They've been very focused on lakehouse, unity, data catalog, and some of those pieces. But they would be the obvious challenger. And if they come into this space of supercloud, then they may bring some open source technologies that others can rely on like Delta Lake as a table format. >> Yeah. One of these infrastructure players, Dell, HPE, Cisco, even IBM. I mean, I would be making my infrastructure as programmable and cloud friendly as possible. That seems like table stakes. But Maribel, any companies that stand out to you that we should be paying attention to? >> Well, we already mentioned a bunch of them, so maybe I'll go a slightly different route. I'm watching two companies pretty closely to see what kind of traction they get in their established companies. One we already talked about, which is VMware. And the thing that's interesting about VMware is they're everywhere. And they also have the benefit of having a foot in both camps. If you want to do it the old way, the way you've always done it with VMware, they got all that going on. If you want to try to do a more cross-cloud, multi-cloud native style thing, they're really trying to build tools for that. So I think they have really good access to buyers. And that's one of the reasons why I'm interested in them to see how they progress. The other thing, I think, could be a sleeping horse oddly enough is Google Cloud. They've spent a lot of work and time on Anthos. They really need to create a certain set of differentiators. Well, it's not necessarily in their best interest to be the best multi-cloud player. If they decide that they want to differentiate on a different layer of the stack, let's say they want to be like the person that is really transformative, they talk about transformation cloud with analytics workloads, then maybe they do spend a good deal of time trying to help people abstract all of the other underlying infrastructure and make sure that they get the sexiest, most meaningful workloads into their cloud. So those are two people that you might not have expected me to go with, but I think it's interesting to see not just on the things that might be considered, either startups or more established independent companies, but how some of the traditional providers are trying to reinvent themselves as well. >> I'm glad you brought that up because if you think about what Google's done with Kubernetes. I mean, would Google even be relevant in the cloud without Kubernetes? I could argue both sides of that. But it was quite a gift to the industry. And there's a motivation there to do something unique and different from maybe the other cloud providers. And I'd throw in Red Hat as well. They're obviously a key player and Kubernetes. And Hashi Corp seems to be becoming the standard for application deployment, and terraform, or cross-clouds, and there are many, many others. I know we're leaving lots out, but we're out of time. Folks, I got to thank you so much for your insights and your participation in Supercloud2. Really appreciate it. >> Thank you. >> Thank you. >> Thank you. >> This is Dave Vellante for John Furrier and the entire Cube community. Keep it right there for more content from Supercloud2.

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back everyone. We're so glad that you're still with us. It's the Cube Live at the MGM Grand. This is our second day of coverage of Palo Alto Networks Ignite. This is takeaways from Ignite 22. Lisa Martin here with two really smart guys, Dave Valante. Dave, we're joined by one of our cube alumni, a friend, a friend of the, we say friend of the Cube. >>Yeah, otc. A friend of the Cube >>Karala joined us. Guys, it's great to have you here. It's been an exciting show. A lot of cybersecurity is one of my favorite topics to talk about. But I'd love to get some of the big takeaways from both of you. Dave, we'll start with you. >>A breathing room from two weeks ago. Yeah, that was, that was really pleasant. You know, I mean, I know was, yes, you sat in the analyst program, interested in what your takeaways were from there. But, you know, coming into this, we wrote a piece, Palo Alto's Gold Standard, what they need to do to, to keep that, that status. And we hear it a lot about consolidation. That's their big theme now, which is timely, right? Cause people wanna save money, they wanna do more with less. But I'm really interested in hearing zeus's thoughts on how that's playing in the market. How customers, how easy is it to just say, oh, hey, I'm gonna consolidate. I wanna get into that a little bit with you, how well the strategy's working. We're gonna get into some of the m and a activity and really bring your perspectives to the table. Well, >>It's, it's not easy. I mean, people have been calling for the consolidation of security for decades, and it's, it's, they're the first company that's actually made it happen. Right? And, and I think this is what we're seeing here is the culmination of this long term strategy, this company trying to build more of a platform. And they, you know, they, they came out as a firewall vendor. And I think it's safe to say they're more than firewall today. That's only about two thirds of their revenue now. So down from 80% a few years ago. And when I think of what Palo Alto has become, they're really a data company. Now, if you look at, you know, unit 42 in Cortex, the, the, the Cortex Data Lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have, right? And bringing that together into one big data lake. >>And then they're able to use that to, to do faster threat notification, forensics, things like that. And so I think the old model of security of create signatures for known threats, it's safe to say it never really worked and it wasn't ever gonna work. You had too many day zero exploits and things. The only way to fight security today is with a AI and ML based analytics. And they have, they're the gold standard. I think the one thing about your post that I would add the gold standard from a data standpoint, and that's given them this competitive advantage to go out and become a platform for a security. Which, like I said, the people have tried to do that for years. And the first one that's actually done it, well, >>We've heard this from some of the startups, like Lacework will say, oh, we treat security as a data problem. Of course there's a startup, Palo Alto's got, you know, whatever, 10, 15 years of, of, of history. But one of the things I wanted to explore with you coming into this was the notion of can you be best of breed and develop a suite? And we, we've been hearing a consistent answer to that question, which is, and, and do you need to, and the answer is, well, best of breed in security requires that full spectrum, that full view. So here's my question to you. So, okay, let's take Esty win relatively new for these guys, right? Yeah. Okay. And >>And one of the few products are not top two, top three in, right? Exactly. >>Yeah. So that's why I want to take that. Yeah. Because in bakeoffs, they're gonna lose on a head-to-head best of breed. And so the customer's gonna say, Hey, you know, I love your, your consolidation play, your esty win's. Just, okay, how about a little discount on that? And you know, these guys are premium priced. Yes. So, you know, are they in essentially through their pricing strategies, sort of creating that stuff, fighting that, is that friction for them where they've got, you know, the customer says, all right, well forget it, we're gonna go stove pipe with the SD WAN will consolidate some of the stuff. Are you seeing that? >>Yeah, I, I, I still think the sales model is that way. And I think that's something they need to work on changing. If they get into a situation where they have to get down into a feature battle of my SD WAN versus your SD wan, my firewall versus your firewall, frankly they've already lost, you know, because their value prop is the suite and, and is the platform. And I was talking to the CISO here that told me, he realizes now that you don't need best of breed everywhere to have best in class threat protection. In fact, best of breed everywhere leads to suboptimal threat protection. Cuz you have all these data data sets that are in silos, right? And so from a data scientist standpoint, right, there's the good data leads to good insights. Well, partial data leads to fragmented insights and that's, that's what the best, best of breed approach gives you. And so I was talking with Palo about this, can they have this vision of being best of breed and platform? I don't really think you can maintain best of breed everywhere across this portfolio this big, but you don't need to. >>That was my second point of my >>Question. That's the point. >>Yeah. And so, cuz cuz because you know, we've talked about this, that that sweets always win in the long run, >>Sweets >>Win. Yeah. But here's the thing, I, I wonder to your your point about, you know, the customer, you know, understanding that that that, that this resonates with them. I, my guess is a lot of customers, you know, at that mid-level and the fat middle are like still sort of wed, you know, hugging that, that tool. So there's, there's work to be done here, but I think they, they, they got it right Because if they devolve, to your point, if they devolve down to that speeds and feeds, eh, what's the point of that? Where's their valuable? >>You do not wanna get into a knife fight. And I, and I, and I think for them the, a big challenge now is convincing customers that the suite, the suite approach does work. And they have to be able to do that in actual customer examples. And so, you know, I I interviewed a bunch of customers here and the ones that have bought into XDR and xor and even are looking at their sim have told me that the, the, so think of soc operations, the old way heavily manually oriented, right? You have multiple panes of glass and you know, and then you've got, so there's a lot of people work before you bring the tools in, right? If done correctly with AI and ml, the machines would do all the heavy lifting and then you'd bring people in at the end to clean up the little bits that were missed, right? >>And so you, you moved to, from something that was very people heavy to something that's machine heavy and machines can work a lot faster than people. And the, and so the ones that I've talked that have, that have done that have said, look, our engineers have moved on to a lot different things. They're doing penetration testing, they're, you know, helping us with, with strategy and they're not fighting that, that daily fight of looking through log files. And the only proof point you need, Dave, is look at every big breach that we've had over the last five years. There's some SIM vendor up there that says, we caught it. Yeah. >>Yeah. We we had the data. >>Yeah. But, but, but the security team missed it. Well they missed it because you're, nobody can look at that much data manually. And so the, I I think their approach of relying heavily on machines to fight the fight is actually the right way. >>Is that a differentiator for them versus, we were talking before we went live that you and I first hit our very first segment back in 2017 at Fort Net. Is that, where do the two stand in your >>Yeah, it's funny cuz if you talk to the two vendors, they don't really see each other in a lot of accounts because Fort Net's more small market mid-market. It's the same strategy to some degree where Fort Net relies heavily on in-house development and Palo Alto relies heavily on acquisition. Yeah. And so I think from a consistently feature set, you know, Fort Net has an advantage there because it, it's all run off their, their their silicon. Where, where Palo's able to innovate very quickly. The, it it requires a lot of work right? To, to bring the front end and back ends together. But they're serving different markets. So >>Do you see that as a differentiator? The integration strategy that Palo Alto has as a differentiator? We talk to so many companies who have an a strong m and a strategy and, and execution arm. But the challenge is always integrating the technology so that the customer to, you know, ultimately it's the customer. >>I actually think they're, they're underrated as a, an acquirer. In fact, Dave wrote a post to a prior on Silicon Angle prior to Accelerate and he, he on, you put it on Twitter and you asked people to rank 'em as an acquirer and they were in the middle of the pack, >>Right? It was, it was. So it was Oracle, VMware, emc, ibm, Cisco, ServiceNow, and Palo Alto. Yeah. Or Oracle got very high marks. It was like 8.5 out of, you know, 10. Yeah. VMware I think was 6.5. Nice. Era was high emc, big range. IBM five to seven. Cisco was three to eight. Yeah. Yeah, right. ServiceNow was a seven. And then, yeah, Palo Alto was like a five. And I, which I think it was unfair. >>Well, and I think it depends on how you look at it. And I, so I think a lot of the acquisitions Palo Altos made, they've done a good job of integrating their backend data and they've almost ignored the front end. And so when you buy some of the products, it's a little clunky today. You know, if you work with Prisma Cloud, it could be a little bit cleaner. And even with, you know, the SD wan that took 'em a long time to bring CloudGenix in and stuff. But I think the approach is right. I don't, I don't necessarily believe you should integrate the front end until you've integrated the back end. >>That's >>The hard part, right? Because UL ultimately what you're gonna get, you're gonna get two panes of glass and one pane of glass and it might look pretty all mush together, but ultimately you're not solving the bigger problem, right. Of, of being able to create that big data like the, the fight security. And so I think, you know, the approach they've taken is the right one. I think from a user standpoint, maybe it doesn't show up as neatly because you don't see the frontend integration, but the way they're doing it is the right way to do it. And I'm glad they're doing it that way versus caving to the pressures of what, you know, the industry might want >>Showed up in the performance of the company. I mean, this company was basically gonna double revenues to 7 billion from 2020 to >>2023. Three. Think about that at that, that >>Make a, that's unbelievable, right? I mean, and then and they wanna double again. Yeah. You know, so, well >>What did, what did Nikesh was quoted as saying they wanna be the first cyber company that's a hundred billion dollars. He didn't give a timeline market cap. >>Right. >>Market cap, right. Do what I wanna get both of your opinions on what you saw and heard and felt this week. What do you think the likelihood is? And and do you have any projections on how, you know, how many years it's gonna take for them to get there? >>Well, >>Well I think so if they're gonna get that big, right? And, and we were talking about this pre-show, any company that's becoming a big company does it through ecosystem >>Bingo. >>Right? And that when you look around the show floor, it's not that impressive. And if that, if there's an area they need to focus on, it's building that ecosystem. And it's not with other security vendors, it's with application vendors and it's with the cloud companies and stuff. And they've got some relationships there, but they need to do more. I actually challenge 'em on that. One of the analyst sessions. They said, look, we've got 800 cortex partners. Well where are they? Right? Why isn't there a cortex stand here with a bunch of the small companies here? So I do think that that is an area they need to focus on. If they are gonna get to that, that market caps number, they will do so do so through ecosystem. Because every company that's achieved that has done it through ecosystem. >>A hundred percent agree. And you know, if you look at CrowdStrike's ecosystem, it's pretty similar. Yeah. You know, it doesn't really, you know, make much, much, not much different from this, but I went back and just looked at some, you know, peak valuations during the pandemic and shortly thereafter CrowdStrike was 70 billion. You know, that's what their roughly their peak Palo Alto was 56, fortune was 59 for the actually diverged. Right. And now Palo Alto has taken the, the top mantle, you know, today it's market cap's 52. So it's held 93% of its peak value. Everybody else is tanking. Even Okta was 45 billion. It's been crushed as you well know. But, so Palo Alto wasn't always, you know, the number one in terms of market cap. But I guess my point is, look, if CrowdStrike could got to 70 billion during Yeah. During the frenzy, I think it's gonna take, to answer your question, I think it's gonna be five years. Okay. Before they get back there. I think this market's gonna be tough for a while from a valuation standpoint. I think generally tech is gonna kind of go up and down and sideways for a good year and a half, maybe even two years could be even longer. And then I think there's gonna be some next wave of productivity innovation that that hits. And then you're gonna, you're almost always gonna exceed the previous highs. It's gonna take a while. Yeah, >>Yeah, yeah. But I think their ability to disrupt the SIM market actually is something I, I believe they're gonna do. I've been calling for the death of the sim for a long time and I know some people at Palo Alto are very cautious about saying that cuz the Splunks and the, you know, they're, they're their partners. But I, I think the, you know, it's what I said before, the, the tools are catching them, but they're, it's not in a way that's useful for the IT pro and, but I, I don't think the SIM vendors have that ecosystem of insight across network cloud endpoint. Right. Which is what you need in order to make a sim useful. >>CISO at an ETR roundtable said, if, if it weren't for my regulators, I would chuck my sim. >>Yes. >>But that's the only reason that, that this person was keeping it. So, >>Yeah. And I think the, the fact that most of those companies have moved to a perpetual MO or a a recurring revenue model actually helps unseat them. Typically when you pour a bunch of money into something, you remember the old computer associate days, nobody ever took it out cuz the sunk dollars you spent to do it. But now that you're paying an annual recurring fee, it's actually makes it easier to take out. So >>Yeah, it's it's an ebb and flow, right? Yeah. Because the maintenance costs were, you know, relatively low. Maybe it was 20% of the total. And then, you know, once every five years you had to do a refresh and you were still locked into the sort of maintenance and, and so yeah, I think you're right. The switching costs with sas, you know, in theory anyway, should be less >>Yeah. As long as you can migrate the data over. And I think they've got a pretty good handle on that. So, >>Yeah. So guys, I wanna get your perspective as a whole bunch of announcements here. We've only been here for a couple days, not a big conference as, as you can see from behind us. What Zs in your opinion was Palo Alto's main message and and what do you think about it main message at this event? And then same question for you. >>Yeah, I, I think their message largely wrapped around disruption, right? And, and they, in The's keynote already talked about that, right? And where they disrupted the firewall market by creating a NextGen firewall. In fact, if you look at all the new services they added to their firewall, you, you could almost say it's a NextGen NextGen firewall. But, but I do think the, the work they've done in the area of cloud and cortex actually I think is, is pretty impressive. And I think that's the, the SOC is ripe for disruption because it's for, for the most part, most socks still, you know, run off legacy playbooks. They run off legacy, you know, forensic models and things and they don't work. It's why we have so many breaches today. The, the dirty little secret that nobody ever wants to talk about is the bad guys are using machine learning, right? And so if you're using a signature based model, all they're do is tweak their model a little bit and it becomes, it bypasses them. So I, I think the only way to fight the the bad guys today is with you gotta fight fire with fire. And I think that's, that's the path they've, they've headed >>Down and the bad guys are hiding in plain sight, you know? >>Yeah, yeah. Well it's, it's not hard to do now with a lot of those legacy tools. So >>I think, I think for me, you know, the stat that we threw out earlier, I think yesterday at our keynote analysis was, you know, the ETR data shows that are, that are that last survey around 35% of the respondents said we are actively consolidating, sorry, 44%, sorry, 35 says we're actively consolidating vendors, redundant vendors today. That number's up to 44%. Yeah. It's by far the number one cost optimization technique. That's what these guys are pitching. And I think it's gonna resonate with people and, and I think to your point, they're integrating at the backend, their beeps are technical, right? I mean, they can deal with that complexity. Yeah. And so they don't need eye candy. Eventually they, they, they want to have that cuz it'll allow 'em to have deeper market penetration and make people more productive. But you know, that consolidation message came through loud and clear. >>Yeah. The big change in this industry too is all the new startups are all cloud native, right? They're all built on Amazon or Google or whatever. Yeah. And when your cloud native and you buy a cloud native integration is fast. It's not like having to integrate this big monolithic software stack anymore. Right. So I I think their pace of integration will only accelerate from here because everything's now cloud native. >>If a customer comes to you or when a customer comes to you and says, Zs help us with this cyber transformation we have, our board isn't necessarily with our executives in terms of execution of a security strategy. How do you advise them where Palo Alto is concerned? >>Yeah. You know, a lot, a lot of this is just fighting legacy mindset. And I've, I was talking with some CISOs here from state and local governments and things and they're, you know, they can't get more budget. They're fighting the tide. But what they did find is through the use of automation technology, they're able to bring their people costs way down. Right. And then be able to use that budget to invest in a lot of new projects. And so with that, you, you have to start with your biggest pain points, apply automation where you can, and then be able to use that budget to reinvest back in your security strategy. And it's good for the IT pros too, the security pros, my advice to, to it pros is if you're doing things today that aren't resume building, stop doing them. Right? Find a way to automate the money your job. And so if you're patching systems and you're looking through log files, there's no reason machines can't do that. And you go do something a lot more interesting. >>So true. It's like storage guys 10 years ago, provisioning loans. Yes. It's like, stop doing that. Yeah. You're gonna be outta a job. And so who, last question I have is, is who do you see as the big competitors, the horses on the track question, right? So obviously Cisco kind of service has led for a while and you know, big portfolio company, CrowdStrike coming at it from end point. You know who, who, who do you see as the real players going for that? You know, right now the market's three to 4%. The leader has three, three 4% of the market. You know who they're all going for? 10, 15, maybe 20% of the market. Who, who are the likely candidates? Yeah, >>I don't know if CrowdStrike really has the breadth of portfolio to compete long term though. I I think they've had a nice run, but I, we might start to see the follow 'em. I think Microsoft is gonna be for middle. They've laid down the gauntlet, right? They are a security vendor, right? We, we were at Reinvent and a AWS is the platform for security vendors. Yes. Middle, somewhere in the middle. But Microsoft make no mistake, they're in security. They've got some good products. I think a lot of 'em are kind of good enough and they, they tie it to the licensing and I'm not sure that works in security, but they've certainly got the ear of a lot of it pros. >>It might work in smb. >>Yeah. Yeah. It, it might. And, and I do like Zscaler. I, I know these guys poo poo the proxy model, but they've, they've done about as much with proxies as you can. And I, I think it's, it's a battle of, I love the, the, the near, you know, proxies are dead and Jay's model, you know, Jay over at c skater throw 'em back at 'em. So I, it's good to see that kind of fight going on between the two. >>Oh, it's great. Well, and, and again, ZScaler's coming at it from their cloud security angle. CrowdStrike's coming at it from endpoint. I, I do think CrowdStrike has an opportunity to build out the portfolio through m and a and maybe ecosystem. And then obviously, you know, Palo Alto's getting it done. How about Cisco? >>Yeah. Cisco's interesting. And I, I think if Cisco can make the network matter in security and it should, right? We're talking about how a lot of you need a lot of forensics to fight security today. Well, they're gonna see things long before anybody else because they have all that network data. If they can tie network security, I, I mean they could really have that business take off. But we've been saying that about Cisco for 20 years. >>But big install based though. Yeah. It's hard for a company, any company to just say, okay, hey Cisco customer sweep the floor and come with us. That's, that's >>A tough thing. They have a lot of good peace parts, right? And like duo's a good product and umbrella's a good product. They've, they've not done a good job. >>They're the opposite of these guys. >>They've not done a good job of the backend integration that, that's where Cisco needs to, to focus. And I do think g G two Patel there fixed the WebEx group and I think he's now, in fact when you talk to him, he's doing very little on WebEx that that group's running itself and he's more focused in security. So I, I think we could see a resurgence there. But you know, they have a, from a revenue perspective, it's a little misleading cuz they have this big legacy base that's in decline while they're moving to cloud and stuff. So, but they, but they, there's a lot of work there're trying to, to tie to network. >>Right. Lots of fuel for conversation. We're gonna have to carry this on, on Silicon angle.com guys. Yes. And Wikibon, lets do see us. Thank you so much for joining Dave and me giving us your insights as to this event. Where are you gonna be next? Are you gonna be on vacation? >>There's nothing more fun than mean on the cube, so, right. What's outside of that though? Yeah, you know, Christmas coming up, I gotta go see family and do the obligatory, although for me that's a lot of travel, so I guess >>More planes. Yeah. >>Hopefully not in Vegas. >>Not in Vegas. >>Awesome. Nothing against Vegas. Yeah, no, >>We love it. We >>Love it. Although I will say my year started off with ces. Yeah. And it's finishing up with Palo Alto here. The bookends. Yeah, exactly. In Vegas bookends. >>Well thanks so much for joining us. Thank you Dave. Always a pleasure to host a show with you and hear your insights. Reading your breaking analysis always kicks off my prep for show and it's always great to see, but predictions come true. So thank you for being my co-host bet. All right. For Dave Valante Enz as Carla, I'm Lisa Martin. You've been watching The Cube, the leader in live, emerging and enterprise tech coverage. Thanks for watching.

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back everyone. We're so glad that you're still with us. It's the Cube Live at the MGM Grand. This is our second day of coverage of Palo Alto Networks Ignite. This is takeaways from Ignite 22. Lisa Martin here with two really smart guys, Dave Valante. Dave, we're joined by one of our cube alumni, a friend, a friend of the, we say friend of the Cube. >>Yeah, F otc. A friend of the Cube >>Karala joins us. Guys, it's great to have you here. It's been an exciting show. A lot of cybersecurity is one of my favorite topics to talk about. But I'd love to get some of the big takeaways from both of you. Dave, we'll start with >>You. A breathing room from two weeks ago. Yeah, that was, that was really pleasant. You know, I mean, I know was, yes, you sat in the analyst program, interested in what your takeaways were from there. But, you know, coming into this, we wrote a piece, Palo Alto's Gold Standard, what they need to do to, to keep that, that status. And we hear it a lot about consolidation. That's their big theme now, which is timely, right? Cause people wanna save money, they wanna do more with less. But I'm really interested in hearing zeus's thoughts on how that's playing in the market. How customers, how easy is it to just say, oh, hey, I'm gonna consolidate. I wanna get into that a little bit with you, how well the strategy's working. We're gonna get into some of the m and a activity and really bring your perspectives to the table. Well, >>It's, it's not easy. I mean, people have been calling for the consolidation of security for decades, and it's, it's, they're the first company that's actually made it happen. Right? And, and I think this is what we're seeing here is the culmination of this long-term strategy, this company trying to build more of a platform. And they, you know, they, they came out as a firewall vendor. And I think it's safe to say they're more than firewall today. That's only about two thirds of their revenue now. So down from 80% a few years ago. And when I think of what Palo Alto has become, they're really a data company. Now, if you look at, you know, unit 42 in Cortex, the, the, the Cortex Data Lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have, right? And bringing that together into one big data lake. >>And then they're able to use that to, to do faster threat notification, forensics, things like that. And so I think the old model of security of create signatures for known threats, it's safe to say it never really worked and it wasn't ever gonna work. You had too many days, zero exploits and things. The only way to fight security today is with a AI and ML based analytics. And they have, they're the gold standard. I think the one thing about your post that I would add, they're the gold standard from a data standpoint. And that's given them this competitive advantage to go out and become a platform for security. Which, like I said, the people have tried to do that for years. And the first one that's actually done it, well, >>We've heard this from some of the startups, like Lacework will say, oh, we treat security as a data problem. Of course there's a startup, Palo Alto's got, you know, whatever, 10, 15 years of, of, of history. But one of the things I wanted to explore with you coming into this was the notion of can you be best of breed and develop a suite? And we, we've been hearing a consistent answer to that question, which is, and, and do you need to, and the answer is, well, best of breed in security requires that full spectrum, that full view. So here's my question to you. So, okay, let's take Estee win relatively new for these guys, right? Yeah. Okay. And >>And one of the few products are not top two, top three in, right? >>Exactly. Yeah. So that's why I want to take that. Yeah. Because in bakeoffs, they're gonna lose on a head-to-head best of breed. And so the customer's gonna say, Hey, you know, I love your, your consolidation play, your esty win's. Just, okay, how about a little discount on that? And you know, these guys are premium priced. Yes. So, you know, are they in essentially through their pricing strategies, sort of creating that stuff, fighting that, is that friction for them where they've got, you know, the customer says, all right, well forget it, we're gonna go stove pipe with the SD WAN will consolidate some of the stuff. Are you seeing that? >>Yeah, I, I, I still think the sales model is that way. And I think that's something they need to work on changing. If they get into a situation where they have to get down into a feature battle of my SD WAN versus your SD wan, my firewall versus your firewall, frankly they've already lost, you know, because their value prop is the suite and, and is the platform. And I was talking with the CISO here that told me, he realizes now that you don't need best of breed everywhere to have best in class threat protection. In fact, best of breed everywhere leads to suboptimal threat protection. Cuz you have all these data data sets that are in silos, right? And so from a data scientist standpoint, right, there's the good data leads to good insights. Well, partial data leads to fragmented insights and that's, that's what the best, best of breed approach gives you. And so I was talking with Palo about this, can they have this vision of being best of breed and platform? I don't really think you can maintain best of breed everywhere across this portfolio this big, but you don't need to. >>That was my second point of my question. That's the point I'm saying. Yeah. And so, cuz cuz because you know, we've talked about this, that that sweets always win in the long run, >>Sweets win. >>Yeah. But here's the thing, I, I wonder to your your point about, you know, the customer, you know, understanding that that that, that this resonates with them. I, my guess is a lot of customers, you know, at that mid-level and the fat middle are like still sort of wed, you know, hugging that, that tool. So there's, there's work to be done here, but I think they, they, they got it right Because if they devolve, to your point, if they devolve down to that speeds and feeds, eh, what's the point of that? Where's their >>Valuable? You do not wanna get into a knife fight. And I, and I, and I think for them the, a big challenge now is convincing customers that the suite, the suite approach does work. And they have to be able to do that in actual customer examples. And so, you know, I I interviewed a bunch of customers here and the ones that have bought into XDR and xor and even are looking at their sim have told me that the, the, so think of soc operations, the old way heavily manually oriented, right? You have multiple panes of glass and you know, and then you've got, so there's a lot of people work before you bring the tools in, right? If done correctly with AI and ml, the machines would do all the heavy lifting and then you'd bring people in at the end to clean up the little bits that were missed, right? >>And so you, you moved to, from something that was very people heavy to something that's machine heavy and machines can work a lot faster than people. And the, and so the ones that I've talked that have, that have done that have said, look, our engineers have moved on to a lot different things. They're doing penetration testing, they're, you know, helping us with, with strategy and they're not fighting that, that daily fight of looking through log files. And the only proof point you need, Dave, is look at every big breach that we've had over the last five years. There's some SIM vendor up there that says, we caught it. Yeah. >>Yeah. We we had the data. >>Yeah. But, but, but the security team missed it. Well they missed it because you're, nobody can look at that much data manually. And so the, I I think their approach of relying heavily on machines to fight the fight is actually the right way. >>Is that a differentiator for them versus, we were talking before we went live that you and I first hit our very first segment back in 2017 at Fort Net. Is that, where do the two stand in your >>Yeah, it's funny cuz if you talk to the two vendors, they don't really see each other in a lot of accounts because Fort Net's more small market mid-market. It's the same strategy to some degree where Fort Net relies heavily on in-house development in Palo Alto relies heavily on acquisition. Yeah. And so I think from a consistently feature set, you know, Fort Net has an advantage there because it, it's all run off their, their their silicon. Where, where Palo's able to innovate very quickly. The, it it requires a lot of work right? To, to bring the front end and back ends together. But they're serving different markets. So >>Do you see that as a differentiator? The integration strategy that Palo Alto has as a differentiator? We talk to so many companies who have an a strong m and a strategy and, and execution arm. But the challenge is always integrating the technology so that the customer to, you know, ultimately it's the customer. >>I actually think they're, they're underrated as a, an acquirer. In fact, Dave wrote a post to a prior on Silicon Angle prior to Accelerate and he, he on, you put it on Twitter and you asked people to rank 'em as an acquirer and they were in the middle of the pack, >>Right? It was, it was. So it was Oracle, VMware, emc, ibm, Cisco, ServiceNow, and Palo Alto. Yeah. Or Oracle got very high marks. It was like 8.5 out of, you know, 10. Yeah. VMware I think was 6.5. Naira was high emc, big range. IBM five to seven. Cisco was three to eight. Yeah. Yeah, right. ServiceNow was a seven. And then, yeah, Palo Alto was like a five. And I, which I think it was unfair. Well, >>And I think it depends on how you look at it. And I, so I think a lot of the acquisitions Palo Alto's made, they've done a good job of integrating the backend data and they've almost ignored the front end. And so when you buy some of the products, it's a little clunky today. You know, if you work with Prisma Cloud, it could be a little bit cleaner. And even with, you know, the SD wan that took 'em a long time to bring CloudGenix in and stuff. But I think the approach is right. I don't, I don't necessarily believe you should integrate the front end until you've integrated the back end. >>That's >>The hard part, right? Because UL ultimately what you're gonna get, you're gonna get two panes of glass and one pane of glass and it might look pretty and all mush together, but ultimately you're not solving the bigger problem, right. Of, of being able to create that big data lake to, to fight security. And so I think, you know, the approach they've taken is the right one. I think from a user standpoint, maybe it doesn't show up as neatly because you don't see the frontend integration, but the way they're doing it is the right way to do it. And I'm glad they're doing it that way versus caving to the pressures of what, you know, the industry might want or >>Showed up in the performance of the company. I mean, this company was basically gonna double revenues to 7 billion from 2020 to >>2023. Think about that at that. That makes, >>I mean that's unbelievable, right? I mean, and then and they wanna double again. Yeah. You know, so, well >>What did, what did Nikesh was quoted as saying they wanna be the first cyber company that's a hundred billion dollars. He didn't give a timeline market >>Cap. Right. >>Market cap, right. Do what I wanna get both of your opinions on what you saw and heard and felt this week. What do you think the likelihood is? And and do you have any projections on how, you know, how many years it's gonna take for them to get there? >>Well, >>Well I think so if they're gonna get that big, right? And, and we were talking about this pre-show, any company that's becoming a big company does it through ecosystem >>Bingo >>Go, right? And that when you look around the show floor, it's not that impressive. No. And if that, if there's an area they need to focus on, it's building that ecosystem. And it's not with other security vendors, it's with application vendors and it's with the cloud companies and stuff. And they've got some relationships there, but they need to do more. I actually challenge 'em on that. One of the analyst sessions. They said, look, we've got 800 cortex partners. Well where are they? Right? Why isn't there a cortex stand here with a bunch of the small companies here? So I do think that that is an area they need to focus on. If they are gonna get to that, that market caps number, they will do so do so through ecosystem. Because every company that's achieved that has done it through ecosystem. >>A hundred percent agree. And you know, if you look at CrowdStrike's ecosystem, it's, I mean, pretty similar. Yeah. You know, it doesn't really, you know, make much, much, not much different from this, but I went back and just looked at some, you know, peak valuations during the pandemic and shortly thereafter CrowdStrike was 70 billion. You know, that's what their roughly their peak Palo Alto was 56, fortune was 59 for the actually diverged. Right. And now Palo Alto has taken the, the top mantle, you know, today it's market cap's 52. So it's held 93% of its peak value. Everybody else is tanking. Even Okta was 45 billion. It's been crushed as you well know. But, so Palo Alto wasn't always, you know, the number one in terms of market cap. But I guess my point is, look, if CrowdStrike could got to 70 billion during Yeah. During the frenzy, I think it's gonna take, to answer your question, I think it's gonna be five years. Okay. Before they get back there. I think this market's gonna be tough for a while from a valuation standpoint. I think generally tech is gonna kind of go up and down and sideways for a good year and a half, maybe even two years could be even longer. And then I think there's gonna be some next wave of productivity innovation that that hits. And then you're gonna, you're almost always gonna exceed the previous highs. It's gonna take a while. Yeah. >>Yeah, yeah. But I think their ability to disrupt the SIM market actually is something that I, I believe they're gonna do. I've been calling for the death of the sim for a long time and I know some people of Palo Alto are very cautious about saying that cuz the Splunks and the, you know, they're, they're their partners. But I, I think the, you know, it's what I said before, the, the tools are catching them, but they're, it's not in a way that's useful for the IT pro and, but I, I don't think the SIM vendors have that ecosystem of insight across network cloud endpoint. Right. Which is what you need in order to make a sim useful. >>CISO at an ETR round table said, if, if it weren't for my regulators, I would chuck my sim. >>Yes. >>But that's the only reason that, that this person was keeping it. No. >>Yeah. And I think the, the fact that most of those companies have moved to a perpetual MO or a a recurring revenue model actually helps unseat them. Typically when you pour a bunch of money into something, you remember the old computer associate says nobody ever took it out cuz the sunk dollars you spent to do it. But now that you're paying an annual recurring fee, it's actually makes it easier to take out. So >>Yeah, it's just an ebb and flow, right? Yeah. Because the maintenance costs were, you know, relatively low. Maybe it was 20% of the total. And then, you know, once every five years you had to do a refresh and you were still locked into the sort of maintenance and, and so yeah, I think you're right. The switching costs with sas, you know, in theory anyway, should be less >>Yeah. As long as you can migrate the data over. And I think they've got a pretty good handle on that. So, >>Yeah. So guys, I wanna get your perspective as a whole bunch of announcements here. We've only been here for a couple days, not a big conference as, as you can see from behind us. What Zs in your opinion was Palo Alto's main message and and what do you think about it main message at this event? And then same question for you. >>Yeah, I, I think their message largely wrapped around disruption, right? And, and they, and The's keynote already talked about that, right? And where they disrupted the firewall market by creating a NextGen firewall. In fact, if you look at all the new services they added to their firewall, you, you could almost say it's a NextGen NextGen firewall. But, but I do think the, the work they've done in the area of cloud and cortex actually I think is, is pretty impressive. And I think that's the, the SOC is ripe for disruption because it's for, for the most part, most socks still, you know, run off legacy playbooks. They run off legacy, you know, forensic models and things and they don't work. It's why we have so many breaches today. The, the dirty little secret that nobody ever wants to talk about is the bad guys are using machine learning, right? And so if you're using a signature based model, all they gotta do is tweak their model a little bit and it becomes, it bypasses them. So I, I think the only way to fight the the bad guys today is with you're gonna fight fire with fire. And I think that's, that's the path they've, they've headed >>Down. Yeah. The bad guys are hiding in plain sight, you know? Yeah, >>Yeah. Well it's, it's not hard to do now with a lot of those legacy tools. So >>I think, I think for me, you know, the stat that we threw out earlier, I think yesterday at our keynote analysis was, you know, the ETR data shows that are, that are that last survey around 35% of the respondents said we are actively consolidating, sorry, 44%, sorry, 35 says who are actively consolidating vendors, redundant vendors today that number's up to 44%. Yeah. It's by far the number one cost optimization technique. That's what these guys are pitching. And I think it's gonna resonate with people and, and I think to your point, they're integrating at the backend, their beeps are technical, right? I mean, they can deal with that complexity. Yeah. And so they don't need eye candy. Eventually they, they, they want to have that cuz it'll allow 'em to have deeper market penetration and make people more productive. But you know, that consolidation message came through loud and clear. >>Yeah. The big change in this industry too is all the new startups are all cloud native, right? They're all built on Amazon or Google or whatever. Yeah. And when your cloud native and you buy a cloud native integration is fast. It's not like having to integrate this big monolithic software stack anymore. Right. So I, I think their pace of integration will only accelerate from here because everything's now cloud native. >>If a customer comes to you or when a customer comes to you and says, Zs help us with this cyber transformation we have, our board isn't necessarily aligned with our executives in terms of execution of a security strategy. How do you advise them where Palo Alto is concerned? >>Yeah. You know, a lot, a lot of this is just fighting legacy mindset. And I've, I was talking with some CISOs here from state and local governments and things and they're, you know, they can't get more budget. They're fighting the tide. But what they did find is through the use of automation technology, they're able to bring their people costs way down. Right. And then be able to use that budget to invest in a lot of new projects. And so with that, you, you have to start with your biggest pain points, apply automation where you can, and then be able to use that budget to reinvest back in your security strategy. And it's good for the IT pros too, the security pros, my advice to the IT pros is, is if you're doing things today that aren't resume building, stop doing them. Right. Find a way to automate the money your job. And so if you're patching systems and you're looking through log files, there's no reason machines can't do that. And you go do something a lot more interesting. >>So true. It's like storage guys 10 years ago, provisioning loans. Yes. It's like, stop doing that. Yeah. You're gonna be outta a job. So who, last question I have is, is who do you see as the big competitors, the horses on the track question, right? So obviously Cisco kind of service has led for a while and you know, big portfolio company, CrowdStrike coming at it from end point. You know who, who, who do you see as the real players going for that? You know, right now the market's three to 4%. The leader has three, three 4% of the market. You know who they're all going for? 10, 15, maybe 20% of the market. Who, who are the likely candidates? Yeah, >>I don't know if CrowdStrike really has the breadth of portfolio to compete long term though. I I think they've had a nice run, but I, we might start to see the follow 'em. I think Microsoft is gonna be for middle. They've laid down the gauntlet, right? They are a security vendor, right? We, we were at Reinvent and a AWS is the platform for security vendors. Yes. Middle, somewhere in the middle. But Microsoft make no mistake, they're in security. They've got some good products. I think a lot of 'em are kind of good enough and they, they tie it to the licensing and I'm not sure that works in security, but they've certainly got the ear of a lot of it pros. >>It might work in smb. >>Yeah, yeah. It, it might. And, and I do like Zscaler. I, I know these guys poo poo the proxy model, but they've, they've done about as much with prox as you can. And I, I think it's, it's a battle of, I love the, the, the near, you know, proxies are dead and Jay's model, you know, Jay over at csca, throw 'em back at 'em. So I, it's good to see that kind of fight going on between the >>Two. Oh, it's great. Well, and, and again, ZScaler's coming at it from their cloud security angle. CrowdStrike's coming at it from endpoint. I, I do think CrowdStrike has an opportunity to build out the portfolio through m and a and maybe ecosystem. And then obviously, you know, Palo Alto's getting it done. How about Cisco? >>Yeah, Cisco's interesting. And I I think if Cisco can make the network matter in security and it should, right? We're talking about how a lot of you need a lot of forensics to fight security today. Well, they're gonna see things long before anybody else because they have all that network data. If they can tie network security, I, I mean they could really have that business take off. But we've been saying that about Cisco for 20 years. >>But big install based though. Yeah. It's hard for a company, any company to say, okay, hey Cisco customer sweep the floor and come with us. That's, that's >>A tough thing. They have a lot of good peace parts, right? And like duo's a good product and umbrella's a good product. They've, they've not done a good job. >>They're the opposite of these guys. >>They've not done a good job of the backend integration and that, that's where Cisco needs to, to focus. And I do think g G two Patel there fixed the WebEx group and I think he's now, in fact when you talk to him, he's doing very little on WebEx that that group's running itself and he's more focused in security. So I, I think we could see a resurgence there. But you know, they have a, from a revenue perspective, it's a little misleading cuz they have this big legacy base that's in decline while they're moving to cloud and stuff. So, but they, but they, there's a lot of Rick there trying to, to tie to network. >>Lots of fuel for conversation. We're gonna have to carry this on, on Silicon angle.com guys. Yes. And Wi KeePon. Lets do see us. Thank you so much for joining Dave and me giving us your insights as to this event. Where are gonna be next? Are you gonna be on >>Vacation? There's nothing more fun than mean on the cube. So what's outside of that though? Yeah, you know, Christmas coming up, I gotta go see family and be the obligatory, although for me that's a lot of travel, so I guess >>More planes. Yeah. >>Hopefully not in Vegas. >>Not in Vegas. >>Awesome. Nothing against Vegas. Yeah, no, >>We love it. We love >>It. Although I will say my year started off with ces. Yeah. And it's finishing up with Palo Alto here. The bookends. Yeah, exactly. In Vegas bookends. >>Well thanks so much for joining us. Thank you Dave. Always a pleasure to host a show with you and hear your insights. Reading your breaking analysis always kicks off my prep for show. And it, it's always great to see, but predictions come true. So thank you for being my co-host bet. All right. For Dave Valante Enz as Carla, I'm Lisa Martin. You've been watching The Cube, the leader in live, emerging and enterprise tech coverage. Thanks for watching.

>> From "theCube" Studios in Palo Alto in Boston bringing you data-driven insights from "theCube" and ETR. This is "Breaking Analysis" with Dave Vellante. >> As an independent pure play company, Palo Alto Networks has earned its status as the leader in security. You can measure this in a variety of ways. Revenue, market cap, execution, ethos, and most importantly, conversations with customers generally. In CISO specifically, who consistently affirm this position. The company's on track to double its revenues in fiscal year 23 relative to fiscal year 2020. Despite macro headwinds, which are likely to carry through next year, Palo Alto owes its position to a clarity of vision and strong execution on a TAM expansion strategy through acquisitions and integration into its cloud and SaaS offerings. Hello and welcome to this week's "Wikibon Cube Insights" powered by ETR and this breaking analysis and ahead of Palo Alto Ignite the company's user conference, we bring you the next chapter on top of the last week's cybersecurity update. We're going to dig into the ETR data on Palo Alto Networks as we promised and provide a glimpse of what we're going to look for at "Ignite" and posit what Palo Alto needs to do to stay on top of the hill. Now, the challenges for cybersecurity professionals. Dead simple to understand. Solving it, not so much. This is a taxonomic eye test, if you will, from Optiv. It's one of our favorite artifacts to make the point the cybersecurity landscape is a mosaic of stovepipes. Security professionals have to work with dozens of tools many legacy combined with shiny new toys to try and keep up with the relentless pace of innovation catalyzed by the incredibly capable well-funded and motivated adversaries. Cybersecurity is an anomalous market in that the leaders have low single digit market shares. Think about that. Cisco at one point held 60% market share in the networking business and it's still deep into the 40s. Oracle captures around 30% of database market revenue. EMC and storage at its peak had more than 30% of that market. Even Dell's PC market shares, you know, in the mid 20s or even over that from a revenue standpoint. So cybersecurity from a market share standpoint is even more fragmented perhaps than the software industry. Okay, you get the point. So despite its position as the number one player Palo Alto might have maybe three maybe 4% of the total market, depending on what you use as your denominator, but just a tiny slice. So how is it that we can sit here and declare Palo Alto as the undisputed leader? Well, we probably wouldn't go that far. They probably have quite a bit of competition. But this CISO from a recent ETR round table discussion with our friend Eric Bradley, summed up Palo Alto's allure. We thought pretty well. The question was why Palo Alto Networks? Here's the answer. Because of its completeness as a platform, its ability to integrate with its own products or they acquire, integrate then rebrand them as their own. We've looked at other vendors we just didn't think they were as mature and we already had implemented some of the Palo Alto tools like the firewalls and stuff and we thought why not go holistically with the vendor a single throat to choke, if you will, if stuff goes wrong. And I think that was probably the primary driver and familiarity with the tools and the resources that they provided. Now here's another stat from ETR's Eric Bradley. He gave us a glimpse of the January survey that's in the field now. The percent of IT buyers stating that they plan to consolidate redundant vendors, it went from 34% in the October survey and now stands at 44%. So we fo we feel this bodes well for consolidators like Palo Alto networks. And the same is true from Microsoft's kind of good enough approach. It should also be true for CrowdStrike although last quarter we saw softness reported on in their SMB market, whereas interestingly MongoDB actually saw consistent strength from its SMB and its self-serve. So that's something that we're watching very closely. Now, Palo Alto Networks has held up better than most of its peers in the stock market. So let's take a look at that real quick. This chart gives you a sense of how well. It's a one year comparison of Palo Alto with the bug ETF. That's the cyber basket that we like to compare often CrowdStrike, Zscaler, and Okta. Now remember Palo Alto, they didn't run up as much as CrowdStrike, ZS and Okta during the pandemic but you can see it's now down unquote only 9% for the year. Whereas the cyber basket ETF is off 27% roughly in line with the NASDAQ. We're not showing that CrowdStrike down 44%, Zscaler down 61% and Okta off a whopping 72% in the past 12 months. Now as we've indicated, Palo Alto is making a strong case for consolidating point tools and we think it will have a much harder time getting customers to switch off of big platforms like Cisco who's another leader in network security. But based on the fragmentation in the market there's plenty of room to grow in our view. We asked breaking analysis contributor Chip Simington for his take on the technicals of the stock and he said that despite Palo Alto's leadership position it doesn't seem to make much difference these days. It's all about interest rates. And even though this name has performed better than its peers, it looks like the stock wants to keep testing its 52 week lows, but he thinks Palo Alto got oversold during the last big selloff. And the fact that the company's free cash flow is so strong probably keeps it at the one 50 level or above maybe bouncing around there for a while. If it breaks through that under to the downside it's ne next test is at that low of around one 40 level. So thanks for that, Chip. Now having get that out of the way as we said on the previous chart Palo Alto has strong opinions, it's founder and CTO, Nir Zuk, is extremely clear on that point of view. So let's take a look at how Palo Alto got to where it is today and how we think you should think about his future. The company was founded around 18 years ago as a network security company focused on what they called NextGen firewalls. Now, what Palo Alto did was different. They didn't try to stuff a bunch of functionality inside of a hardware box. Rather they layered network security functions on top of its firewalls and delivered value as a service through software running at the time in its own cloud. So pretty obvious today, but forward thinking for the time and now they've moved to a more true cloud native platform and much more activity in the public cloud. In February, 2020, right before the pandemic we reported on the divergence in market values between Palo Alto and Fort Net and we cited some challenges that Palo Alto was happening having transitioning to a cloud native model. And at the time we said we were confident that Palo Alto would make it through the knot hole. And you could see from the previous chart that it has. So the company's architectural approach was to do the heavy lifting in the cloud. And this eliminates the need for customers to deploy sensors on prem or proxies on prem or sandboxes on prem sandboxes, you know for instance are vulnerable to overwhelming attacks. Think about it, if you're a sandbox is on prem you're not going to be updating that every day. No way. You're probably not going to updated even every week or every month. And if the capacity of your sandbox is let's say 20,000 files an hour you know a hacker's just going to turn up the volume, it'll overwhelm you. They'll send a hundred thousand emails attachments into your sandbox and they'll choke you out and then they'll have the run of the house while you're trying to recover. Now the cloud doesn't completely prevent that but what it does, it definitely increases the hacker's cost. So they're going to probably hit some easier targets and that's kind of the objective of security firms. You know, increase the denominator on the ROI. All right, the next thing that Palo Alto did is start acquiring aggressively, I think we counted 17 or 18 acquisitions to expand the TAM beyond network security into endpoint CASB, PaaS security, IaaS security, container security, serverless security, incident response, SD WAN, CICD pipeline security, attack service management, supply chain security. Just recently with the acquisition of Cider Security and Palo Alto by all accounts takes the time to integrate into its cloud and SaaS platform called Prisma. Unlike many acquisitive companies in the past EMC was a really good example where you ended up with a kind of a Franken portfolio. Now all this leads us to believe that Palo Alto wants to be the consolidator and is in a good position to do so. But beyond that, as multi-cloud becomes more prevalent and more of a strategy customers tell us they want a consistent experience across clouds. And is going to be the same by the way with IoT. So of the next wave here. Customers don't want another stove pipe. So we think Palo Alto is in a good position to build what we call the security super cloud that layer above the clouds that brings a common experience for devs and operational teams. So of course the obvious question is this, can Palo Alto networks continue on this path of acquire and integrate and still maintain best of breed status? Can it? Will it? Does it even have to? As Holger Mueller of Constellation Research and I talk about all the time integrated suites seem to always beat best of breed in the long run. We'll come back to that. Now, this next graphic that we're going to show you underscores this question about portfolio. Here's a picture and I don't expect you to digest it all but it's a screen grab of Palo Alto's product and solutions portfolios, network cloud, network security rather, cloud security, Sassy, CNAP, endpoint unit 42 which is their threat intelligence platform and every imaginable security service and solution for customers. Well, maybe not every, I'm sure there's more to come like supply chain with the recent Cider acquisition and maybe more IoT beyond ZingBox and earlier acquisition but we're sure there will be more in the future both organic and inorganic. Okay, let's bring in more of the ETR survey data. For those of you who don't know ETR, they are the number one enterprise data platform surveying thousands of end customers every quarter with additional drill down surveys and customer round tables just an awesome SaaS enabled platform. And here's a view that shows net score or spending momentum on the vertical axis in provision or presence within the ETR data set on the horizontal axis. You see that red dotted line at 40%. Anything at or over that indicates a highly elevated net score. And as you can see Palo Alto is right on that line just under. And I'll give you another glimpse it looks like Palo Alto despite the macro may even just edge up a bit in the next survey based on the glimpse that Eric gave us. Now those colored bars in the bottom right corner they show the breakdown of Palo Alto's net score and underscore the methodology that ETR uses. The lime green is new customer adoptions, that's 7%. The forest green at 38% represents the percent of customers that are spending 6% or more on Palo Alto solutions. The gray is at that 40 or 8% that's flat spending plus or minus 5%. The pinkish at 5% is spending is down on Palo Alto network products by 6% or worse. And the bright red at only 2% is churn or defections. Very low single digit numbers for Palo Alto, that's a real positive. What you do is you subtract the red from the green and you get a net score of 38% which is very good for a company of Palo Alto size. And we'll note this is based on just under 400 responses in the ETR survey that are Palo Alto customers out of around 1300 in the total survey. It's a really good representation of Palo Alto. And you can see the other leading companies like CrowdStrike, Okta, Zscaler, Forte, Cisco they loom large with similar aspirations. Well maybe not so much Okta. They don't necessarily rule want to rule the world. They want to rule identity and of course the ever ubiquitous Microsoft in the upper right. Now drilling deeper into the ETR data, let's look at how Palo Alto has progressed over the last three surveys in terms of market presence in the survey. This view of the data shows provision in the data going back to October, 2021, that's the gray bars. The blue is July 22 and the yellow is the latest survey from October, 2022. Remember, the January survey is currently in the field. Now the leftmost set of data there show size a company. The middle set of data shows the industry for a select number of industries in the right most shows, geographic region. Notice anything, yes, Palo Alto up across the board relative to both this past summer and last fall. So that's pretty impressive. Palo Alto network CEO, Nikesh Aurora, stressed on the last earnings call that the company is seeing somewhat elongated deal approvals and sometimes splitting up size of deals. He's stressed that certain industries like energy, government and financial services continue to spend. But we would expect even a pullback there as companies get more conservative. But the point is that Nikesh talked about how they're hiring more sales pros to work the pipeline because they understand that they have to work harder to pull deals forward 'cause they got to get more approvals and they got to increase the volume that's coming through the pipeline to account for the possibility that certain companies are going to split up the deals, you know, large deals they want to split into to smaller bite size chunks. So they're really going hard after they go to market expansion to account for that. All right, so we're going to wrap by sharing what we expect and what we're going to probe for at Palo Alto Ignite next week, Lisa Martin and I will be hosting "theCube" and here's what we'll be looking for. First, it's a four day event at the MGM with the meat of the program on days two and three. That's day two was the big keynote. That's when we'll start our broadcasting, we're going for two days. Now our understanding is we've never done Palo Alto Ignite before but our understanding it's a pretty technically oriented crowd that's going to be eager to hear what CTO and founder Nir Zuk has to say. And as well CEO Nikesh Aurora and as in addition to longtime friend of "theCube" and current president, BJ Jenkins, he's going to be speaking. Wendy Whitmore runs Unit 42 and is going to be several other high profile Palo Alto execs, as well, Thomas Kurian from Google is a featured speaker. Lee Claridge, who is Palo Alto's, chief product officer we think is going to be giving the audience heavy doses of Prisma Cloud and Cortex enhancements. Now, Cortex, you might remember, came from an acquisition and does threat detection and attack surface management. And we're going to hear a lot about we think about security automation. So we'll be listening for how Cortex has been integrated and what kind of uptake that it's getting. We've done some, you know, modeling in from the ETR. Guys have done some modeling of cortex, you know looks like it's got a lot of upside and through the Palo Alto go to market machine, you know could really pick up momentum. That's something that we'll be probing for. Now, one of the other things that we'll be watching is pricing. We want to talk to customers about their spend optimization, their spending patterns, their vendor consolidation strategies. Look, Palo Alto is a premium offering. It charges for value. It's expensive. So we also want to understand what kind of switching costs are customers willing to absorb and how onerous they are and what's the business case look like? How are they thinking about that business case. We also want to understand and really probe on how will Palo Alto maintain best of breed as it continues to acquire and integrate to expand its TAM and appeal as that one-stop shop. You know, can it do that as we talked about before. And will it do that? There's also an interesting tension going on sort of changing subjects here in security. There's a guy named Edward Hellekey who's been in "theCube" before. He hasn't been in "theCube" in a while but he's a security pro who has educated us on the nuances of protecting data privacy, public policy, how it varies by region and how complicated it is relative to security. Because securities you technically you have to show a chain of custody that proves unequivocally, for example that data has been deleted or scrubbed or that metadata does. It doesn't include any residual private data that violates the laws, the local laws. And the tension is this, you need good data and lots of it to have good security, really the more the better. But government policy is often at odds in a major blocker to sharing data and it's getting more so. So we want to understand this tension and how companies like Palo Alto are dealing with it. Our customers testing public policy in courts we think not quite yet, our government's making exceptions and policies like GDPR that favor security over data privacy. What are the trade-offs there? And finally, one theme of this breaking analysis is what does Palo Alto have to do to stay on top? And we would sum it up with three words. Ecosystem, ecosystem, ecosystem. And we said this at CrowdStrike Falcon in September that the one concern we had was the pace of ecosystem development for CrowdStrike. Is collaboration possible with competitors? Is being adopted aggressively? Is Palo Alto being adopted aggressively by global system integrators? What's the uptake there? What about developers? Look, the hallmark of a cloud company which Palo Alto is a cloud security company is a thriving ecosystem that has entries into and exits from its platform. So we'll be looking at what that ecosystem looks like how vibrant and inclusive it is where the public clouds fit and whether Palo Alto Networks can really become the security super cloud. Okay, that's a wrap stop by next week. If you're in Vegas, say hello to "theCube" team. We have an unbelievable lineup on the program. Now if you're not there, check out our coverage on theCube.net. I want to thank Eric Bradley for sharing a glimpse on short notice of the upcoming survey from ETR and his thoughts. And as always, thanks to Chip Symington for his sharp comments. Want to thank Alex Morrison, who's on production and manages the podcast Ken Schiffman as well in our Boston studio, Kristen Martin and Cheryl Knight they help get the word out on social and of course in our newsletters, Rob Hoof, is our editor in chief over at Silicon Angle who does some awesome editing, thank you to all. Remember all these episodes they're available as podcasts. Wherever you listen, all you got to do is search "Breaking Analysis" podcasts. I publish each week on wikibon.com and silicon angle.com where you can email me at david.valante@siliconangle.com or dm me at D Valante or comment on our LinkedIn post. And please do check out etr.ai. They've got the best survey data in the enterprise tech business. This is Dave Valante for "theCube" Insights powered by ETR. Thanks for watching. We'll see you next week on "Ignite" or next time on "Breaking Analysis". (upbeat music)

(gentle instrumental music) >> Okay, we're back with Tom Christensen who's the global technology advisor and executive analyst at Hitachi Vantara. And we're exploring how Hitachi Vantara drives customer success, specifically with partners. You know Tom, it's funny, back in the early part of the last decade, there was this big push around, remember it was called green IT, and then the 07-08 financial crisis sort of put that on the back burner. But sustainability is back, and it seems to be emerging as a mega trend in IT. Are you seeing this? Is it same wine new label? How real is this trend and where's the pressure coming from? >> Well, we clearly see that sustainability is a mega trend in the IT sector. And when we talk to CIOs or senior IT leaders or simply just invite them in for a round table on this topic, they all tell us that they get the pressure from three different angles. The first one is really end consumers, and end consumers nowadays are beginning to ask questions about the green profile and what are the company doing for the environment. And this one here is both private and public companies as well. The second pressure that we see, is coming from the government. The government thinks that companies are not moving fast enough, so they want to put laws in that are forcing companies to move faster. And we see that in Germany as an example, where they are giving a law into enterprise companies to follow the human rights and sustainability, three levels back in the supply chain. But we also see that in EU they are talking about a new law that they want to put into action, and that one will replicate to 27 countries in Europe. But this one is not only Europe, it's the rest of the world where governments are talking about forcing companies to move faster than we have done in the past. So we see two types of pressure coming in, and at the same time, this one here starts off at the CEO at a company, because they want to have the competitive edge and be able to be relevant in the market. And for that reason they're beginning to put KPIs on themselves as the CEO, but they also are hiring sustainability officers with sustainability KPIs. And when that happens, it replicates down in the organization and we can now see that some CIOs, they have a KPI, others are indirectly measured. So we see direct and indirect. The same with CFOs and other C levels, they all get measured on it, and for that reason it replicates down to IT people. And that's what they tell us on these round tables. I get that pressure every day, every week, every quarter. But where is the pressure coming from? Well, the pressure is coming from end consumers and new laws that are put into action, that force companies to think differently and have focus on their green profile and doing something good for the environment. So those are the three pressures that we see. But when we talk to CFOs as an example, we are beginning to see that they have a new score system where they put out request for proposal, and this one is in about 58% of all request for proposal that we receive, that they are asking for our sustainability take, what are you doing as a vendor? And in their store system, cost has the highest priority and number two is sustainability. It weighs about 15, 20 to 25% when they look at your proposal that you submit to a CFO. But in some cases the CFO say, "I don't even know where the pressure is coming from. I'm asked to do it." But they're asked to do it because end consumers, laws, and so on, are forcing them to do it. But I would answer, yeah sustainability has become a maker trend this year and it's even growing faster and faster every month we move forward. >> Yeah, Tom, it feels like it's here to stay this time. And your point about public policy is right on, and we saw the EU leading with privacy and GDPR, and it looks like it's going to lead again here. Just shifting gears, I've been to a number of Hitachi facilities in my day. Odawara is my favorite, because on a clear day you can see Mount Fuji but other plants I've been to as well. What does Hitachi do in the production facility to reduce CO2 emissions? >> Yeah, I think you're hitting a good point here. So what we have, we have a facility in Japan and we have one in Europe and we have one in America as well, to keep our production close to our customers and reduce transportation for the factory out to our customers. But you know, in the EMEA region, back in 2013, we created a new factory. And when we did that, we were asked to do it in an energy neutral way, which means that we are moving from being powered by black energy to green energy in that factory. And we built a factory with concrete walls that were extremely thick to make it cold in the summertime and hot in the wintertime, with minimum energy consumption. But we also put 17,000 square meters of solar panels on the roof to power that factory. We were collecting rain water to flush it in the toilet. We were removing light bulbs with LED. And when we send out our equipment to our customers, we put it in a rack, instead of sending out 25 packages to a customer. We want to reduce the waste as much as possible. And you know, this one was pretty new back in 2013. It was actually the biggest project in EMEA at that time. I will say if you want to build a factory today that's the way you are going to do it. But it has a huge impact for us when electricity is going up in price and oil and gas prices are coming up. We are running with energy neutral in our facility, which is a big benefit for us going forward. But it is also a competitive advantage to be able to explain what we have been doing the last eight, nine years in that factory. We are actually walking the talk, and we make that decision, even though it was a really hard decision to do back in 2013. When you do decisions like this one here, the return of investment is not coming the first couple of years. It's something that comes far out in the future, but right now we are beginning to see the benefit of the decision we made back in 2013. >> I want to come back to the economics, but before I do, I want to pick up on something you just said, because you hear the slogan, "Sustainability by design." A lot of people might think, "Okay, that's just a marketing slogan to vector into this mega trend," but it sounds like it's something that you've been working on for quite some time based on your last comments. Can you add some color to that? >> Yeah, so, the factory is just one example of what you need to do to reduce the CO2 emission in that part of the life of a product. The other one is really innovating new technology to drive down the CO2 emission. And here we are laser focused on what we call decarbonization by design. And this one is something that we have done the last eight years, so this is far from new for us. So between each generation of products that we have put out over the last eight years, we've been able to reduce the CO2 emission by up to 30 to 60% between each generation of products that we have put into the market. So we are laser focused on driving that one down but we are far from done, we still got eight years before we hit our first target net zero in 2030. So we got a roadmap where we want to achieve even more with new technology. At its core it's a technology innovator and our answer is to reduce the CO2 emission, and the decarbonization of the data center is going to be through innovating new technology because it has the speed, the scale, and the impact to make it possible to reach your sustainability objectives going forward. >> How about recycling? Where does that fit? I mean, the other day it was... A lot of times at a hotel you used to get bottled water now you get plant-based waters in a box and so we are seeing it all around us. But for a manufacturer of your size, recycling and circular economy, how does that fit into your plans? >> Yeah, let me try to explain what we are doing here because one thing is how you produce it. Another thing is how you innovate all that new technology, but you also need to combine that with service and software, otherwise you won't get the full benefit. So what we are doing here when it comes to exploring circular economics, it's kind of where we have an eternity mindset. We want to see if it is possible to get nothing out to the landfill. This is the aim that we are looking at. So when you buy a product today you get an option to keep it in your data center for up to 10 years. But what we want to do when you keep it for 10 years, is to upgrade only parts of the system. So let's say that you need more CPU power, you just switch the controller to next generation controller and you get more CPU power in your storage system, to keep it those 10 years. But you can also expand with new disk media, flash media, even media that doesn't exist today will be supported over those 10 years. You can change your protocol in the front end of your system to have new protocols and connect to your server environment with the latest and greatest technology. See, the benefit here is that, you don't have to put your system into a truck and a recycle process after three years, four years, five years, you can actually postpone that one for 10 years. And this one is reducing the emission again. But once we take it back, you put it on the truck and we take it into our recycling facility. And here we take our own equipment, like computer network and switches, but we also take competitive equipment in and we recycle as much as we can. In many cases, it's only 1% that goes to the landfill or 2% that goes to the landfill. The remaining material will go into new products either in our cycle or in other parts of the electronic industry. So it will be reused for other products. So when we look at what we've been doing for many years that has been linear economics, where you buy material, you make your product, you put it into production, and it goes into the landfill afterwards. The recycling economics is really, you buy material, you make your product, you put it into production, and you recycle as much as possible. The remaining part will go into the landfill. But where we are right now is exploring circular economics, where you actually buy material, make it, put it into production, and you reuse as much as you can. And only 1-2% is going into the landfill right now. So we have come along, and we honestly believe that the circular economics is the new economics going forward for many industries in the world. >> Yeah, and that addresses some of the things that we were talking about earlier about sustainability by design. You have to design that so that you can take advantage of that circular economy. I do want to come back to the economics, because in the early days of so-called green IT, there was a lot of talk about, "Well I'll never be able to lower the power bill, and the facilities people don't talk to the IT people," and that's changed. So explain why sustainability is good business, not just an expense item, but can really drive bottom line profitability. I understand it's going to take some time, but help us understand your experience there Tom. >> Yeah, let me try to explain that one. You often get the question about sustainability. Isn't that a cost? I mean how much does it cost to get that green profile? But you know, in reality, when you do a deep dive into the data center, you realize that sustainability is a cost saving activity. And this one is quite interesting, and we have now done more than 1,200 data center assessment around the world, where we have looked at data centers. And let me give you just an average number from a global bank that we work with. And this one is not different from all the other cases that we are doing. So when we look at the storage area, what we can do on the electricity by moving an old legacy data center into a new modernized infrastructure, is to reduce the electricity by 96%. This is a very high number, and a lot of money that you save, but the CO2 emission is reduced by 96% as well. The floor space can go up to 35% reduction as well. When we move down to the compute part, we are talking about 61% reduction in electricity on the compute part, just by moving from legacy to new modern infrastructure, and 61% on the CO2 emission as well. And see this one here is quite interesting, because you save electricity and you do something really good for the environment at the same time. In this case I'm talking about here, the customer was paying 2.5 million U.S. dollar annually, and by just modernizing that infrastructure, we could bring it down to 1.1 million. This is 1.4 million savings straight into your pocket and you can start the next activity here, looking at moving from virtual machine to containers. Containers only use 10% of the CPU resources compared to a virtual machine. Move up to the application layer if you have that kind of capability in your organization. Modernizing your application with sustainability by design and you can reduce the CO2 emission by up to 50%. There's so much we can do in that data center, but we often start at the infrastructure first and then we move up in the chain and we give customers benefit in all these different layers. >> Yeah, a big theme of this program today is what you guys are doing with partners. Are partners aware of this in your view? Are they in tune with it? Are they demanding it? What message would you like to give the channel partners, resellers, and distributors who may be watching? >> So the way to look at it is that we offer a platform with product, service and software, and that platform can elevate the conversation much higher up in the organization, and partners get the opportunity here to go up and talk to sustainability officers about what we are doing. They can even take it up to the CEO, and talk about how can you reach your sustainability KPI in the data center. What we've see in this round table when we have sustainability officers in the room, is that they are very focused on the green profile, and what is going out of the company. They rarely have a deep understanding of what is going on in the data center. Why? Because it's really technical and they don't have that background. So just by elevating the conversation to these sustainability officers, you can tell them what they should measure and how they should measure that. And you can be sure that that will replicate down to the CIO and the CFO, and there will immediately be a request for proposal going forward. So this one here is really a golden opportunity to take that story, go out and talk to different people in the organization, to be relevant, and have an impact, and make it more easy for you to win that proposal when it gets out. >> Well, really solid story on a super important topic. Thanks Tom, really appreciate your time and taking us through your perspectives. >> Thank you Dave, for the invitation. >> Yeah, you bet. Okay, in a moment we'll be back to summarize our final thoughts, keep it right there. (gentle instrumental music)

>>Partnerships in the technology business, they take many forms. For example, technology engineering partnerships, they drive value in terms of things like integration and simplification for customers. There are product partnerships. They fill gaps to create more comprehensive portfolios and more fluid relationships. Partner ecosystems offer high touch services. They offer managed services, specialty services, and other types of value based off of strong customer knowledge and years of built up trust partner. Ecosystems have evolved quite dramatically over the last decade with the explosion of data and the popularity of cloud models. Public, private, hybrid cross clouds. You know, yes it's true. Partnerships are about selling solutions, but they're also about building long term sustainable trust, where a seller learns the ins and outs of a customer's organization and can anticipate needs that are gonna drive bottom line profits for both sides of the equation, the buyer and the seller. >>Hello and welcome to our program. My name is Dave Ante and along with Lisa Martin, we're going to explore how Hitachi Van Tara drives customer success with its partners. First up, Lisa speaks with Kim King. She's the senior vice president of Strategic Partners and Alliances at Hitachi Van. And they'll set the table for us with an overview of how Hitachi is working with partners and where their priorities are focused. Then Russell Kingsley, he's the CTO and global VP of Technical sales at Hitachi Van Tara. He joins Lisa for a discussion of the tech and they're gonna get into cloud generally and hybrid cloud specifically in the role that partners play in the growing as a service movement. Now, after that I'll talk with Tom Christensen, he's the global technology advisor and executive analyst at Hitachi Vitara. And we're gonna talk about a really important topic, sustainability. We're gonna discuss where it came from, why it matters, and how it can drive bottom line profitability for both customers and partners. Let's get right to it. >>Where for the data driven, for those who understand clarity is currency. Believe progress requires precision and no neutral is not an option. We're for the data driven. The ones who can't tolerate failure, who won't put up with downtime or allow access to just anyone. We're for the data driven who act on insight instead of instinct. Bank on privacy instead of probabilities and rely on resilience instead of reaction. We see ourselves in the obsessive, the incessant, progressive, and the meticulously engineered. We enable the incredible identify with the analytical and are synonymous with the mission critical. We know what it means to be data driven because data is in our dna. We were born industrial and and we breathe digital. We speak predictive analytics so you can keep supply chains moving. We bleed in store and online insights so you can accurately predict customer preferences. We sweat security and digital privacy so you can turn complex regulations into competitive advantage. We break down barriers and eliminate silos. So you can go from data rich to data driven because it's clear the future belongs to the data driven. >>Hey everyone, welcome to this conversation. Lisa Martin here with Kim King, the SVP of Strategic Partners and Alliances at Hitachi Ventera. Kim, it's great to have you on the program. Thank you so much for joining me today. >>Thanks Lisa. It's great to be here. >>Let's talk about, so as we know, we talk about cloud all the time, the landscape, the cloud infrastructure landscape increasingly getting more and more complex. What are some of the biggest challenges and pain points that you're hearing from customers today? >>Yeah, so lot. There are lots, but I would say the, the few that we hear consistently are cost the complexity, right? Really the complexity of where do they go, how do they do it, and then availability. They have a lot of available options, but again, going back to complexity and cost, where do they think that they should move and how, how do they make that a successful move to the cloud? >>So talk to me, Hitachi Ventura has a great partner ecosystem. Where do partners play a role in helping customers to address some of the challenges with respect to the cloud landscape? >>Yeah, so part, our partners are really leading the way in the area of cloud in terms of helping customers understand the complexities of the cloud. As we talked about, they're truly the trusted advisor. So when they look at a customer's complete infrastructure, what are the workloads, what are the CRI critical applications that they work with? What's the unique architecture that they have to drive with that customer for a successful outcome and help them architect that? And so partners are truly leading the way across the board, understanding the complexities of each individual customer and then helping them make the right decisions with and for them. And then bringing us along as part of that, >>Talk to me a little bit about the partner landscape, the partner ecosystem at Hitachi Ventura. How does this fit into the overall strategy for the company? >>So we really look at our ecosystem as an extension of our sales organization and and really extension across the board, I would say our goal is to marry the right customer with the right partner and help them achieve their goals, ensure that they keep costs in check, that they ensure they don't have any security concerns, and that they have availability for the solutions and applications that they're trying to move to the cloud, which is most important. So we really, we really look at our ecosystem as a specialty ecosystem that adds high value for the right customers. >>So Kim, talk to me about how partners fit into Hitachi van's overall strategy. >>So I think our biggest differentiators with partners is that they're not just another number. Our partner organization is that valued extension of our overall sales pre-sales services organization. And we treat them like an extension of our organization. It's funny because I was just on a call with an analyst earlier this week and they said that AWS has increased their number of partners to 150,000 partners from, it was just under a hundred thousand. And I'm really not sure how you provide quality engagement to partners, right? And is how is that really a sustainable strategy? So for us, we look at trusted engagement across the ecosystem as a def differentiation. Really our goal is to make their life simple and profitable and really become their primary trusted partner when we go to market with them. And we see that paying dividends with our partners as they engage with us and as they expand and grow across the segments and then grow globally with us as well. >>And that's key, right? That synergistic approach when you're in customer conversations, what do you articulate as the key competitive differentiators where it relates to your partners? >>So really the, that they're the trusted advisor for that partner, right? That they understand our solutions better than any solution out there. And because we're not trying to be all things to our customers and our partners that we being bring best breaths of breed, best of breed solutions to our customers through our partner community, they can truly provide that end user experience and the successful outcome that's needed without, you know, sort of all kinds of, you know, crazy cha challenges, right? When you look at it, they really wanna make sure that they're driving that co-developed solution and the successful outcome for that customer. >>So then how do you feel that Hitachi Ventura helps partners really to grow and expand their own business? >>Wow, so that's, there's tons of ways, but we've, we've created a very simplified, what we call digital selling platform. And in that digital selling platform, we have allowed our partners to choose their own price and pre-approve their pricing and their promotions. They've actually, we've expanded the way we go to market with our partners from a sort of a technical capabilities. We give them online what we call Hitachi online labs that allow them to really leverage all of the solutions and demo systems out there today. And they have complete access to any one of our resources, product management. And so we really have, like I said, we actually provide our partners with better tools and resources sometimes than we do our own sales and pre-sales organization. So we, we look at them as, because they have so many other solutions out there that we have to be one step ahead of everybody else to give them that solution capability and the expertise that they need for their customers. >>So if you dig in, where is it that Hiti is helping partners succeed with your portfolio? >>Wow. So I think just across the board, I think we're really driving that profitable, trusted, and simplified engagement with our partner community because it's a value base and ease of doing business. I say that we allow them to scale and drive that sort of double digit growth through all of the solutions and and offerings that we have today. And because we've taken the approach of a very complex technical sort of infrastructure from a high end perspective and scale it all the way through to our mid-size enterprise, that allows them to really enter any customer at any vertical and provide them a really quality solution with that 100% data availability guarantee that we provide all of our customers. >>So then if we look at the overall sales cycle and the engagement, where is it that you're helping cus your partners rather succeed with the portfolio? >>Say that again? Sorry, my brain broke. No, >>No worries. So if we look at the overall sales cycle, where is it specifically where you're helping customers to succeed with the portfolio? >>So from the sales cycle, I think because we have the, a solution that is simple, easy, and really scaled for the type of customer that we have out there, it allows them to basically right size their infrastructure based on the application, the workload, the quality or the need that application may have and ensure that we provide them with that best solution. >>So then from a partner's perspective, how is it that Hitachi van is helping them to actually close deals faster? >>Yeah, so lots of great ways I think between our pre-sales organization that's on call and available a hundred percent of the time, I think that we've seen, again, the trusted engagement with them from a pricing and packaging perspective. You know, we, you know, two years ago it would take them two to three weeks to get a pre-approved quote where today they preapproved their own quotes in less than an hour and can have that in the hands of a customer. So we've seen that the ability for our partners to create and close orders in very short periods of time and actually get to the customer's needs very quickly, >>So dramatically faster. Yes. Talk about overall, so the partner relationship's quite strong, very synergistic that, that Hitachi Ventura has with its customers. Let's kind of step back out and look at the cloud infrastructure. How do you see it evolving the market evolving overall in say the next six months, 12 months? >>Yeah, so we see it significantly, we've been doing a lot of studies around this specifically. So we have a couple of different teams. We have our sort of our standard partner team that's out there and now we have a specialty cloud service provider team that really focuses on partners that are building and their own infrastructure or leveraging the infrastructure of a large hyperscaler or another GSI and selling that out. And then what we found is when we dig down deeper into our standard sort of partner reseller or value added reseller market, what we're seeing is that they are want to have the capability to resell the solution, but they don't necessarily wanna have to own and manage the infrastructure themselves. So we're helping both of them through that transition. We see that it's gonna, so it's funny cuz you're seeing a combination of many customers move to really the hyperscale or public cloud and many of them want to repatriate their infrastructure back because they see costs and they see challenges around all of that. And so our partners are helping them understand, again, what is the best solution for them as opposed to let's just throw everything in the public cloud and hope that it works. We're we're really helping them make the right choices and decisions and we're putting the right partners together to make that happen. >>And how was that feedback, that data helping you to really grow and expand the partner program as a whole? >>Yeah, so it's been fantastic. We have a whole methodology that we, we created, which is called PDM plan, develop monetize with partners. And so we went specifically to market with cloud service providers that'll, and we really tested this out with them. We didn't just take a solution and say, here, go sell it, good luck and have, you know, have a nice day. Many vendors are doing that to their partners and the partners are struggling to monetize those solutions. So we spend a lot of time upfront planning with them what is not only the storage infrastructure but your potentially your data resiliency and, and everything else that you're looking at your security solutions. How do we package those all together? How do we help you monetize them? And then who do you target from a customer perspective so that they've built up a pipeline of opportunities that they can go and work with us on and we really sit side by side with them in a co-development environment. >>In terms of that side by side relationship, how does the partner ecosystem play a role in Hitachi Venturas as a service business? >>So our primary go to market with our, as a service business is with and through partners. So our goal is to drive all, almost all of of our as a service. Unless it's super highly complex and something that a partner cannot support, we will make sure that they really, we leverage that with them with all of our partners. >>So strong partner relationships, very strong partner ecosystem. What would you say, Kim, are the priorities for the partner ecosystem going forward? The next say year? >>Yeah, so we have tons of priorities, right? I think really it's double digit growth for them and for us and understanding how a simpler approach that's customized for the specific vertical or customer base or go to market that they have that helps them quickly navigate to be successful. Our goal is always to facilitate trusted engagements with our partners, right? And then really, as I said, directionally our goal is to be 95 to a hundred percent of all of our business through partners, which helps customers and then really use that trusted advisor status they have to provide that value base to the customer. And then going back on our core tenants, which are, you know, really a trusted, simplified, profitable engagement with our partner community that allows them to really drive successful outcomes and go to market with us. And the end users >>Trust is such an important word, we can't underutilize it in these conversations. Last question. Sure. From a channel business perspective, what are some of the priorities coming down the pi? >>Oh, again, my biggest priority right, is always to increase the number of partner success stories that we have and increase the value to our partners. So we really dig in, we, we right now sit about number one or number two in, in our space with our partners in ease of doing business and value to our channel community. We wanna be number one across the board, right? Our goal is to make sure that our partner community is successful and that they really have those profitable engagements and that we're globally working with them to drive that engagement and, and help them build more profitable businesses. And so we just take tons of feedback from our partners regularly to help them understand, but we, we act on it very quickly so that we can make sure we incorporate that into our new program and our go to markets as we roll out every year. >>It sounds like a great flywheel of communications from the partners. Kim, thank you so much for joining me today talking about what Hitachi Vanta is doing with its partner ecosystem, the value in IT for customers. We appreciate your insights. >>Thank you very much. >>Up next, Russell Kingsley joins me, TTO and global VP of technical sales at Hitachi van you watch in the cube, the leader in live tech coverage. Hey everyone, welcome back to our conversation with Hitachi van Tara, Lisa Martin here with Russell Skillings Lee, the CTO and global VP of technical sales at Hitachi Van Russell. Welcome to the program. >>Hi Lisa, nice to be here. >>Yeah, great to have you. So here we are, the end of calendar year 2022. What are some of the things that you're hearing out in the field in terms of customers priorities for 2023? >>Yeah, good one. Just to, to set the scene here, we tend to deal with enterprises that have mission critical IT environments and this has been been our heritage and continues to be our major strength. So just to set the scene here, that's the type of customers predominantly I'd be hearing from. And so that's what you're gonna hear about here. Now, in terms of 20 23, 1 of the, the macro concerns that's hitting almost all of our customers right now, as you can probably appreciate is power consumption. And closely related to that is the whole area of ESG and decarbonization and all of that sort of thing. And I'm not gonna spend a lot of time on that one because that would be a whole session in itself really, but sufficient to say it is a priority for us and we, we are very active in, in that area. >>So aside from from that one that that big one, there's also a couple that are pretty much in common for most of our customers and, and we're in areas that we can help. One of those is in an exponential growth of the amount of data. It's, it's predicted that the world's data is going to triple by 2025 as opposed to where it was in 2020. And I think everyone's contributing to that, including a lot of our customers. So just the, the act of managing that amount of data is, is a challenge in itself. And I think closely related to that, a desire to use that data better to be able to gain more business insights and potentially create new business outcomes and business ideas are, is another one of those big challenges in, in that sense, I think a lot of our customers are in what I would kind of call, I affectionately call the, the post Facebook awakening era. >>And that, and what I mean by that is our traditional businesses, you know, when Facebook came along, they kind of illustrated, hey, I can actually make some use out of what is seemingly an enormous amount of useless data, which is exactly what Facebook did. They took a whole lot of people's Yeah. The minutia of people's lives and turned it into, you know, advertising revenue by gaining insights from, from those, you know, sort of seemingly useless bits of data and, you know, right. And I think this actually gave rise to a lot of digital business at that time. You know, the, this whole idea of what all you really need to be successful and disrupt the business is, you know, a great idea, you know, an app and a whole bunch of data to, to power it. And I think that a lot of our traditional customers are looking at this and wondering how do they get into the act? Because they've been collecting data for decades, an enormous amount of data, right? >>Yes. I mean, every company these days has to be a data company, but to your point, they've gotta be able to extract those insights, monetize it, and create real value new opportunities for the business at record speed. >>Yes, that's exactly right. And so being able to, to wield that data somehow turn it, it kind of turns out our customer's attentions to the type of infrastructure they've got as well. I mean, if you think about those, those companies that have been really successful in leveraging that data, a lot of them have, especially in the early days, leverage the cloud to be able to build out their capabilities. And, and the reason why the cloud became such a pivotal part of that is because it offered self-service. IT and, you know, easy development platforms to those people that had these great ideas. All they needed was access to, to, you know, the provider's website and a credit card. And now all of a sudden they could start to build a business from that. And I think a lot of our traditional IT customers are looking at this and thinking, now how do I build a similar sort of infrastructure? How do I, how do I provide that kind of self-service capability to the owners of business inside my company rather than the IT company sort of being a gatekeeper to a selected set of software packages. How now do I provide this development platform for those internal users? And I think this, this is why really hybrid cloud has become the defacto IT sort of architectural standard, even even for quite traditional, you know, IT companies. >>So when it comes to hybrid cloud, what are some of the challenges the customers are facing? And then I know Hitachi has a great partner ecosystem. How are partners helping Hitachi Ventura and its customers to eliminate or solve some of those hybrid cloud challenges? >>Yeah, it's, it, it's a great question and you know, it's, it's not 1975 anymore. It's not, it's not like you're going to get all of your IT needs from, from one, from one vendor hybrid by sort of, it's, you know, by definition is going to involve multiple pieces. And so there basically is no hybrid at all without a partner ecosystem. You really can't get everything at, at a one stop shop like you used to. But even if you think about the biggest public cloud provider on the planet, aws even, it has a marketplace for partner solutions. So, so even they see, even for customers that might consider themselves to be all in on public cloud, they are still going to need other pieces, which is where their marketplace come comes in. Now for, for us, you know, we are, we're a company that, we've been in the IT business for over 60 years, one of one of the few that could claim that sort of heritage. >>And you know, we've seen a lot of this type of change ourselves, this change of attitude from being able to provide everything yourself to being someone who contributes to an overall ecosystem. So partners are absolutely essential. And so now we kind of have a, a partner first philosophy when it comes to our routes to market on, you know, not just our own products in terms of, you know, a resale channel or whatever, but also making sure that we are working with some of the biggest players in hybrid infrastructure and determining where we can add value to that in our, in our own solutions. And so, you know, when it comes to those, those partner ecosystems, we're always looking for the spaces where we can best add our own capability to those prevailing IT architectures that are successful in the marketplace. And, you know, I think that it's probably fair to say, you know, for us, first and foremost, we, we have a reputation for having the biggest, most reliable storage infrastructure available on the planet. >>And, and we make no apologies for the fact that we tout our speeds and feeds and uptime supremacy. You know, a lot of our, a lot of our competitors would suggest that, hey, speeds and feeds don't matter. But you know, that's kind of what you say when, when you're not the fastest or not the most reliable, you know, of course they matter. And for us, what we, the way that we look at this is we say, let's look at who's providing the best possible hybrid solutions and let's partner with them to make those solutions even better. That's the way we look at it. >>Can you peel the, the onion a little bit on the technology underpinning the solutions, give a glimpse into that and then maybe add some color in terms of how partners are enhancing that? >>Yeah, let me, let me do that with a few examples here, and maybe what I can do is I can sort of share some insight about the way we think with partnering with, with particular people and why it's a good blend or why we see that technologically it's a good blend. So for example, the work we do with VMware, which we consider to be one of our most important hybrid cloud partners and in, and in fact it's, it's my belief, they have one of the strongest hybrid cloud stories in the industry. It resonates really strongly with, with our customers as well. But you know, we think it's made so much better with the robust underpinnings that we provide. We're one of the, one of the few storage vendors that provides a 100% data availability guarantee. So we, we take that sort of level of reliability and we add other aspects like life cycle management of the underpinning infrastructure. >>We combine that with what VMware's doing, and then when you look at our converged or hyper-converged solutions with them, it's a better together story where you now have what is one of the best hybrid cloud stories in the industry with VMware. But now for the on premise part, especially, you've now added a hundred percent data, data availability guarantee, and you've made managing the underlying infrastructure so much easier through the tools that we provide that go down to that level A level underneath where VMware are. And so that's, that's VMware. I've got a couple, couple more examples just to sort of fill, fill that out a bit. Sure. Cisco is another part, very strong partner of ours, a key partner. And I mean, you look at Cisco, they're a 50 billion IT provider and they don't have a dedicated storage infrastructure of their own. So they're going to partner with someone. >>From our perspective, we look at Cisco's, Cisco's customers and we look at them and think they're very similar to our own in terms of they're known to appreciate performance and reliability and a bit of premium in quality, and we think we match them them quite well. They're already buying what we believe are the best converge platforms in the industry from Cisco. So it makes sense that those customers would want to compliment that investment with the best array, best storage array they can get. And so we think we are helping Cisco's customers make the most of their decision to be ucs customers. Final one for, for you, Lisa, by way of example, we have a relationship with, with Equinix and you know, Equinix is the world's sort of leading colo provider. And the way I think they like to think of themselves, and I too tend to agree with them, is their, they're one of the most compelling high-speed interconnect networks in the world. >>They're connected to all of the, the, the significant cloud providers in most of the locations around the world. We have a, a relationship with them where we find we have customers in common who really love the idea of compute from the cloud. Compute from the cloud is great because compute is something that you are doing for a set period of time and then it's over you. Like you have a task, you do some compute, it's done. Cloud is beautiful for that. Storage on the other hand is very long lived storage doesn't tend to operate in that same sort of way. It sort of just becomes a bigger and bigger blob over time. And so the cost model around public cloud and storage is not as compelling as it is for compute. And so our, with our relationship with Equinix, we help our customers to be able to create, let's call it a, a data anchor point where they put our arrays into, into an Equinix location, and then they utilize Equinix as high speeding interconnects to the, to the cloud providers, okay. To take the compute from them. So they take the compute from the cloud providers and they own their own storage, and in this way they feel like we've now got the best of all worlds. Right. What I hope that illustrates Lisa is with those three examples is we are always looking for ways to find our key advantages with any given, you know, alliance partners advantages, >>Right? What are, when you're in customer conversations, and our final few minutes here, I wanna get, what are some of the key differentiators that you talk about when you're in customer conversations, and then how does the partner ecosystem fit into Hitachi vans as a service business? We'll start with differentiators and then let's move into the as service business so we can round out with that. >>Okay. Let's start with the differentiators. Yeah. Firstly and I, and hopefully I've kind of, I've hit this point hard, hard enough. We do believe that we have the fastest and most reliable storage infrastructure on the planet. This is kind of what we are known for, and customers that are working with us already sort of have an appreciation for that. And so they're looking for, okay, you've got that now, how can you make my hybrid cloud aspirations better? So we do have that as a fundamental, right? So, but secondly I'd say, I think it's also because we go beyond just storage management and, and into the areas of data management. You know, we've got, we've got solutions that are not just about storing the bits. We do think that we do that very well, but we also have solutions that move into the areas of enrichment, of the data, cataloging of the data, classification of the data, and most importantly, analytics. >>So, you know, we, we think it's, some of our competitors just stop at storing stuff and some of our competitors are in the analytics space, but we feel that we can bridge that. And we think that that's a, that's a competitive advantage for us. One of the other areas that I think is key for us as well is, as I said, we're one of the few vendors who've been in the marketplace for 60 years and we think this, this, this gives us a more nuanced perspective about things. There are many things in the industry, trends that have happened over time where we feel we've seen this kind of thing before and I think we will see it again. But you only really get that perspective if you are, if you are long lived in the industry. And so we believe that our conversations with our customers bear a little bit more sophistication. It's not just, it's not just about what's the latest and greatest trends. >>Right. We've got about one minute left. Can you, can you round us out with how the partner ecosystem is playing a role in the as service business? >>They're absolutely pivotal in that, you know, we, we ourselves don't own data centers, right? So we don't provide our own cloud services out. So we are 100% partner focused when it comes to that aspect. Our formula is to help partners build their cloud services with our solutions and then onsell them to their customers as as as a service. You know, and by what quick way of example, VMware for example, they've got nearly 5,000 partners selling VMware cloud services. 5,000 blows me away. And many of them are our partners too. So we kind of see this as a virtuous cycle. We've got product, we've got an an alliance with VMware and we work together with partners in common for the delivery of an as a service business. >>Got it. So the, as you said, the partner ecosystem is absolutely pivotal. Russell, it's been a pleasure having you on the program talking about all things hybrid cloud challenges, how Hitachi van is working with its partner ecosystems to really help customers across industries solve those big problems. We really appreciate your insights and your time. >>Thank you very much, Lisa. It's been great. >>Yeah, yeah. For Russell Stingley, I'm Lisa Martin. In a moment we're gonna continue our conversation with Tom Christensen. Stay tuned. >>Sulfur Royal has always embraced digital technology. We were amongst the first hospitals in the UK to install a full electronic patient record system. Unfortunately, as a result of being a pioneer, we often find that there's gaps in the digital solutions. My involvement has been from the very start of this program, a group of us got together to discuss what the problems actually were in the hospital and how we could solve this. >>The digital control center is an innovation that's been designed in partnership between ourselves, anti touch, and it's designed to bring all of the information that is really critical for delivering effective and high quality patient care. Together the DCC is designed not only to improve the lives of patients, but also of our staff giving us information that our demand is going to increase in the number of patients needing support. The technology that we're building can be replicated across sulfur, the NCA, and the wider nhs, including social care and community services. Because it brings all of that information that is essential for delivering high quality efficient care. >>The DCC will save time for both staff and more importantly our patients. It will leave clinicians to care for patients rather than administrate systems and it will allow the system that I work with within the patient flow team to effectively and safely place patients in clinically appropriate environments. >>But we chose to partner with Hitachi to deliver the DCC here at Sulfur. They were willing to work with us to co-produce and design a product that really would work within the environment that we find ourselves in a hospital, in a community setting, in a social care setting. >>My hopes for the DCC is that ultimately we will provide more efficient and reliable care for our patients. >>I do believe the digital control center will improve the lives of staff and also the patients so that we can then start to deliver the real change that's needed for patient care. >>Okay, we're back with Tom Christensen, who's the global technology advisor and executive analyst at Hitachi Van Tara. And we're exploring how Hitachi Van Tower drives customer success specifically with partners. You know Tom, it's funny, back in the early part of the last decade, there was this big push around, remember it was called green it and then the oh 7 0 8 financial crisis sort of put that on the back burner. But sustainability is back and it seems to be emerging as a mega trend in in it is, are you seeing this, is it same wine new label? How real is this trend and where's the pressure coming from? >>Well, we clearly see that sustainability is a mega trend in the IT sector. And when we talk to CIOs or senior IT leaders or simply just invite them in for a round table on this topic, they all tell us that they get the pressure from three different angles. The first one is really end consumers and end consumers. Nowaday are beginning to ask questions about the green profile and what are the company doing for the environment. And this one here is both private and public companies as well. The second pressure that we see is coming from the government. The government thinks that companies are not moving fast enough so they want to put laws in that are forcing companies to move faster. And we see that in Germany as an example, where they are giving a law into enterprise companies to following human rights and sustainability tree levels back in the supply chain. >>But we also see that in EU they are talking about a new law that they want to put into action and that one will replicate to 27 countries in Europe. But this one is not only Europe, it's the rest of the world where governments are talking about forcing companies to move faster than we have done in the past. So we see two types of pressure coming in and at the same time, this one here starts off at the CEO at a company because they want to have the competitive edge and be able to be relevant in the market. And for that reason they're beginning to put KPIs on themself as the ceo, but they're also hiring sustainability officers with sustainability KPIs. And when that happens it replicates down in the organization and we can now see that some CIOs, they have a kpi, others are indirectly measured. >>So we see direct and indirect. The same with CFOs and other C levels. They all get measured on it. And for that reason it replicates down to IT people. And that's what they tell us on these round table. I get that pressure every day, every week, every quarter. But where is the pressure coming from? Well the pressure is coming from in consumers and new laws that are put into action that force companies to think differently and have focus on their green profile and doing something good for the environment. So those are the tree pressures that we see. But when we talk to CFOs as an example, we are beginning to see that they have a new store system where they put out request for proposal and this one is in about 58% of all request for proposal that we receive that they are asking for our sustainability take, what are you doing as a vendor? >>And in their score system cost has the highest priority and number two is sustainability. It waits about 15, 20 to 25% when they look at your proposal that you submit to a cfo. But in some cases the CFO say, I don't even know where the pressure is coming from. I'm asked to do it. Or they're asked to do it because end consumers laws and so on are forcing them to do it. But I would answer, yeah, sustainability has become a make trend this year and it's even growing faster and faster every month we move forward. >>Yeah, Tom, it feels like it's here to stay this time. And your point about public policy is right on, we saw the EU leading with privacy and GDPR and it looks like it's gonna lead again here. You know, just shifting gears, I've been to a number of Hitachi facilities in my day. OWA is my favorite because on a clear day you can see Mount Fuji, but other plants I've been to as well. What does Hitachi do in the production facility to reduce CO2 emissions? >>Yeah, I think you're hitting a good point here. So what we have, we have a, a facility in Japan and we have one in Europe and we have one in America as well to keep our production close to our customers and reduced transportation for the factory out to our customers. But you know, in the, in the, in the May region back in 2020 13, we created a new factory. And when we did that we were asked to do it in an energy, energy neutral way, which means that we are moving from being powered by black energy to green energy in that factory. And we build a factory with concrete walls that were extremely thick to make it cold in the summertime and hot in the winter time with minimum energy consumption. But we also put 17,000 square meters of solar panel on the roof to power that factory. >>We were collecting rain waters to flush it in the toilet. We were removing light bulbs with L E D and when we sent out our equipment to our customers, we put it in a, instead of sending out 25 packages to a customer, we want to reduce the waste as much as possible. And you know, this one was pretty new back in 2013. It was actually the biggest project in EA at that time. I will say if you want to build a factory today, that's the way you are going to do it. But it has a huge impact for us when electricity is going up and price and oil and gas prices are coming up. We are running with energy neutral in our facility, which is a big benefit for us going forward. But it is also a competitive advantage to be able to explain what we have been doing the last eight, nine years in that factory. We are actually walking to talk and we make that decision even though it was a really hard decision to do back in 2013, when you do decisions like this one here, the return of investment is not coming the first couple of years. It's something that comes far out in the future. But right now we are beginning to see the benefit of the decision we made back in 2013. >>I wanna come back to the economics, but before I do, I wanna pick up on something you just said because you know, you hear the slogan sustainability by design. A lot of people might think okay, that's just a marketing slogan, slogan to vector in into this mega trend, but it sounds like it's something that you've been working on for quite some time. Based on your last comments, can you add some color to that? >>Yeah, so you know, the factory is just one example of what you need to do to reduce the CO2 emission and that part of the life of a a product. The other one is really innovating new technology to drive down the CO2 emission. And here we are laser focused on what we call decarbonization by design. And this one is something that we have done the last eight years, so this is far from you for us. So between each generation of products that we have put out over the last eight years, we've been able to reduce the CO2 emission by up to 30 to 60% between each generation of products that we have put into the market. So we are laser focused on driving that one down, but we are far from done, we still got eight years before we hit our first target net zero in 2030. So we got a roadmap where we want to achieve even more with new technology. At its core, it is a technology innovator and our answers to reduce the CO2 emission and the decarbonization of a data center is going to be through innovating new technology because it has the speed, the scale, and the impact to make it possible to reach your sustainability objectives going forward. >>How about recycling? You know, where does that fit? I mean, the other day it was, you know, a lot of times at a hotel, you know, you used to get bottled water, now you get, you know, plant based, you know, waters in a box and, and so we are seeing it all around us. But for a manufacturer of your size, recycling and circular economy, how does that fit into your plans? >>Yeah, let me try to explain what we are doing here. Cause one thing is how you produce it. Another thing is how you innovate all that new technology, but you also need to combine that with service and software, otherwise you won't get the full benefit. So what we are doing here, when it comes to exploring circular economics, it's kind of where we have an eternity mindset. We want to see if it is possible to get nothing out to the landfill. This is the aim that we are looking at. So when you buy a product today, you get an option to keep it in your data center for up to 10 years. But what we wanna do when you keep it for 10 years is to upgrade only parts of the system. So let's say that you need more CBU power, use your switch the controller to next generation controller and you get more CPU power in your storage system to keep it those 10 years. >>But you can also expand with new this media flash media, even media that doesn't exist today will be supported over those 10 years. You can change your protocol in the, in the front end of your system to have new protocols and connect to your server environment with the latest and greatest technology. See, the benefit here is that you don't have to put your system into a truck and a recycle process after three years, four years, five years, you can actually postpone that one for 10 years. And this one is reducing the emission again. But once we take it back, you put it on the truck and we take it into our recycling facility. And here we take our own equipment like compute network and switches, but we also take competitor equipment in and we recycle as much as we can. In many cases, it's only 1% that goes to the landfill or 2% that goes to the landfill. >>The remaining material will go into new products either in our cycle or in other parts of the electronic industry. So it will be reused for other products. So when we look at what we've been doing for many years, that has been linear economics where you buy material, you make your product, you put it into production, and it goes into land feed afterwards. The recycling economics, it's really, you buy material, you make your product, you put it into production, and you recycle as much as possible. The remaining part will go into the landfill. But where we are right now is exploring circle economics where you actually buy material, make it, put it into production, and you reuse as much as you can. And only one 2% is going into the landfill right now. So we have come along and we honestly believe that the circular economics is the new economics going forward for many industries in the world. >>Yeah. And that addresses some of the things that we were talking about earlier about sustainability by design, you have to design that so that you can take advantage of that circular economy. I, I do wanna come back to the economics because, you know, in the early days of so-called green, it, there was a lot of talk about, well, I, I, I'll never be able to lower the power bill. And the facilities people don't talk to the IT people. And that's changed. So explain why sustainability is good business, not just an expense item, but can really drive bottom line profitability. I, I understand it's gonna take some time, but, but help us understand your experience there, Tom. >>Yeah, let me try to explain that one. You know, you often get the question about sustainability. Isn't that a cost? I mean, how much does it cost to get that green profile? But you know, in reality when you do a deep dive into the data center, you realize that sustainability is a cost saving activity. And this one is quite interesting. And we have now done more than 1,200 data center assessment around the world where we have looked at data centers. And let me give you just an average number from a global bank that we work with. And this one is, it is not different from all the other cases that we are doing. So when we look at the storage area, what we can do on the electricity by moving an old legacy data center into a new modernized infrastructure is to reduce the electricity by 96%. >>This is a very high number and a lot of money that you save, but the CO2 mission is reduced by 96% as well. The floor space can go up to 35% reduction as well. When we move down to the compute part, we are talking about 61% reduction in electricity on the compute part just by moving from legacy to new modern infrastructure and 61% on the CO2 emission as well. And see this one here is quite interesting because you save electricity and you and you do something really good for the environment. At the same time, in this case I'm talking about here, the customer was paying 2.5 million US dollar annually and by just modernizing that infrastructure, we could bring it down to 1.1 million. This is 1.4 million savings straight into your pocket and you can start the next activity here looking at moving from virtual machine to containers. Containers only use 10% of the CPU resources compared to a virtual machine. Move up to the application layer. If you have that kind of capability in your organization, modernizing your application with sustainability by design and you can reduce the C, the CO2 emission by up to 50%. There's so much we can do in that data center, but we often start at the infrastructure first and then we move up in the chain and we give customers benefit in all these different layers. >>Yeah, A big theme of this program today is what you guys are doing with partners do, are partners aware of this in your view? Are they in tune with it? Are they demanding it? What message would you like to give the channel partners, resellers and, and distributors who may be watching? >>So the way to look at it is that we offer a platform with product, service and software and that platform can elevate the conversation much higher up in the organization. And partners get the opportunity here to go up and talk to sustainability officers about what we are doing. They can even take it up to the CEO and talk about how can you reach your sustainability KPI in the data center. What we've seen this round table when we have sustainability officers in the room is that they're very focused on the green profile and what is going out of the company. They rarely have a deep understanding of what is going on at the data center. Why? Because it's really technical and they don't have that background. So just by elevating the conversation to these sustainability officers, you can tell them what they should measure and how they should measure that. And you can be sure that that will replicate down to the CIO and the CFO and that immediately your request for proposal going forward. So this one here is really a golden opportunity to take that story, go out and talk to different people in the organization to be relevant and have an impact and make it more easy for you to win that proposal when it gets out. >>Well really solid story on a super important topic. Thanks Tom. Really appreciate your time and taking us through your perspectives. >>Thank you Dave, for the invitation. >>Yeah, you bet. Okay, in a moment we'll be back. To summarize our final thoughts, keep it right there. >>Click by click. The world is changing. We make sense of our world by making sense of data. You can draw more meaning from more data than was ever possible before, so that every thought and every action can build your path to intelligent innovation to change the way the world works. Hitachi Van Tara. >>Okay, thanks for watching the program. We hope you gained a better understanding of how Hitachi Ventura drives customer success with its partners. If you wanna learn more about how you can partner for profit, check out the partner togetherPage@hitachiventera.com and there's a link on the webpage here that will take you right to that page. Okay, that's a wrap for Lisa Martin. This is Dave Valante with the Cube. You a leader in enterprise and emerging tech coverage.

(upbeat music) >> From theCube Studios in Palo Alto in Boston, bringing you data driven insights from theCube and ETR. This is Breaking Analysis with Dave Vellante. >> While by no means a safe haven, the cybersecurity sector has outpaced the broader tech market by a meaningful margin, that is up until very recently. Cybersecurity remains the number one technology priority for the C-suite, but as we've previously reported the CISO's budget has constraints just like other technology investments. Recent trends show that economic headwinds have elongated sales cycles, pushed deals into future quarters, and just like other tech initiatives, are pacing cybersecurity investments and breaking them into smaller chunks. Hello and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis we explain how cybersecurity trends are reverting to the mean and tracking more closely with other technology investments. We'll make a couple of valuation comparisons to show the magnitude of the challenge and which cyber firms are feeling the heat, which aren't. There are some exceptions. We'll then show the latest survey data from ETR to quantify the contraction in spending momentum and close with a glimpse of the landscape of emerging cybersecurity companies, the private companies that could be ripe for acquisition, consolidation, or disruptive to the broader market. First, let's take a look at the recent patterns for cyber stocks relative to the broader tech market as a benchmark, as an indicator. Here's a year to date comparison of the bug ETF, which comprises a basket of cyber security names, and we compare that with the tech heavy NASDAQ composite. Notice that on April 13th of this year the cyber ETF was actually in positive territory while the NAS was down nearly 14%. Now by August 16th, the green turned red for cyber stocks but they still meaningfully outpaced the broader tech market by more than 950 basis points as of December 2nd that Delta had contracted. As you can see, the cyber ETF is now down nearly 25%, year to date, while the NASDAQ is down 27% and change. Now take a look at just how far a few of the high profile cybersecurity names have fallen. Here are six security firms that we've been tracking closely since before the pandemic. We've been, you know, tracking dozens but let's just take a look at this data and the subset. We show for comparison the S&P 500 and the NASDAQ, again, just for reference, they're both up since right before the pandemic. They're up relative to right before the pandemic, and then during the pandemic the S&P shot up more than 40%, relative to its pre pandemic level, around February is what we're using for the pre pandemic level, and the NASDAQ peaked at around 65% higher than that February level. They're now down 85% and 71% of their previous. So they're at 85% and 71% respectively from their pandemic highs. You compare that to these six companies, Splunk, which was and still is working through a transition is well below its pre pandemic market value and 44, it's 44% of its pre pandemic high as of last Friday. Palo Alto Networks is the most interesting here, in that it had been facing challenges prior to the pandemic related to a pivot to the Cloud which we reported on at the time. But as we said at that time we believe the company would sort out its Cloud transition, and its go to market challenges, and sales compensation issues, which it did as you can see. And its valuation jumped from 24 billion prior to Covid to 56 billion, and it's holding 93% of its peak value. Its revenue run rate is now over 6 billion with a healthy growth rate of 24% expected for the next quarter. Similarly, Fortinet has done relatively well holding 71% of its peak Covid value, with a healthy 34% revenue guide for the coming quarter. Now, Okta has been the biggest disappointment, a darling of the pandemic Okta's communication snafu, with what was actually a pretty benign hack combined with difficulty absorbing its 7 billion off zero acquisition, knocked the company off track. Its valuation has dropped by 35 billion since its peak during the pandemic, and that's after a nice beat and bounce back quarter just announced by Okta. Now, in our view Okta remains a viable long-term leader in identity. However, its recent fiscal 24 revenue guide was exceedingly conservative at around 16% growth. So either the company is sandbagging, or has such poor visibility that it wants to be like super cautious or maybe it's actually seeing a dramatic slowdown in its business momentum. After all, this is a company that not long ago was putting up 50% plus revenue growth rates. So it's one that bears close watching. CrowdStrike is another big name that we've been talking about on Breaking Analysis for quite some time. It like Okta has led the industry in a key ETR performance indicator that measures customer spending momentum. Just last week, CrowdStrike announced revenue increased more than 50% but new ARR was soft and the company guided conservatively. Not surprisingly, the stock got absolutely crushed as CrowdStrike blamed tepid demand from smaller and midsize firms. Many analysts believe that competition from Microsoft was one factor along with cautious spending amongst those midsize and smaller customers. Notably, large customers remain active. So we'll see if this is a longer term trend or an anomaly. Zscaler is another company in the space that we've reported having great customer spending momentum from the ETR data. But even though the company beat expectations for its recent quarter, like other companies its Outlook was conservative. So other than Palo Alto, and to a lesser extent Fortinet, these companies and others that we're not showing here are feeling the economic pinch and it shows in the compression of value. CrowdStrike, for example, had a 70 billion valuation at one point during the pandemic Zscaler top 50 billion, Okta 45 billion. Now, having said that Palo Alto Networks, Fortinet, CrowdStrike, and Zscaler are all still trading well above their pre pandemic levels that we tracked back in February of 2020. All right, let's go now back to ETR'S January survey and take a look at how much things have changed since the beginning of the year. Remember, this is obviously pre Ukraine, and pre all the concerns about the economic headwinds but here's an X Y graph that shows a net score, or spending momentum on the y-axis, and market presence on the x-axis. The red dotted line at 40% on the vertical indicates a highly elevated net score. Anything above that we think is, you know, super elevated. Now, we filtered the data here to show only those companies with more than 50 responses in the ETR survey. Still really crowded. Note that there were around 20 companies above that red 40% mark, which is a very, you know, high number. It's a, it's a crowded market, but lots of companies with, you know, positive momentum. Now let's jump ahead to the most recent October survey and take a look at what, what's happening. Same graphic plotting, spending momentum, and market presence, and look at the number of companies above that red line and how it's been squashed. It's really compressing, it's still a crowded market, it's still, you know, plenty of green, but the number of companies above 40% that, that key mark has gone from around 20 firms down to about five or six. And it speaks to that compression and IT spending, and of course the elongated sales cycles pushing deals out, taking them in smaller chunks. I can't tell you how many conversations with customers I had, at last week at Reinvent underscoring this exact same trend. The buyers are getting pressure from their CFOs to slow things down, do more with less and, and, and prioritize projects to those that absolutely are critical to driving revenue or cutting costs. And that's rippling through all sectors, including cyber. Now, let's do a bit more playing around with the ETR data and take a look at those companies with more than a hundred citations in the survey this quarter. So N, greater than or equal to a hundred. Now remember the followers of Breaking Analysis know that each quarter we take a look at those, what we call four star security firms. That is, those are the, that are in, that hit the top 10 for both spending momentum, net score, and the N, the mentions in the survey, the presence, the pervasiveness in the survey, and that's what we show here. The left most chart is sorted by spending momentum or net score, and the right hand chart by shared N, or the number of mentions in the survey, that pervasiveness metric. that solid red line denotes the cutoff point at the top 10. And you'll note we've actually cut it off at 11 to account for Auth 0, which is now part of Okta, and is going through a go to market transition, you know, with the company, they're kind of restructuring sales so they can take advantage of that. So starting on the left with spending momentum, again, net score, Microsoft leads all vendors, typical Microsoft, very prominent, although it hadn't always done so, it, for a while, CrowdStrike and Okta were, were taking the top spot, now it's Microsoft. CrowdStrike, still always near the top, but note that CyberArk and Cloudflare have cracked the top five in Okta, which as I just said was consistently at the top, has dropped well off its previous highs. You'll notice that Palo Alto Network Palo Alto Networks with a 38% net score, just below that magic 40% number, is healthy, especially as you look over to the right hand chart. Take a look at Palo Alto with an N of 395. It is the largest of the independent pure play security firms, and has a very healthy net score, although one caution is that net score has dropped considerably since the beginning of the year, which is the case for most of the top 10 names. The only exception is Fortinet, they're the only ones that saw an increase since January in spending momentum as ETR measures it. Now this brings us to the four star security firms, that is those that hit the top 10 in both net score on the left hand side and market presence on the right hand side. So it's Microsoft, Palo Alto, CrowdStrike, Okta, still there even not accounting for a Auth 0, just Okta on its own. If you put in Auth 0, it's, it's even stronger. Adding then in Fortinet and Zscaler. So Microsoft, Palo Alto, CrowdStrike, Okta, Fortinet, and Zscaler. And as we've mentioned since January, only Fortinet has shown an increase in net score since, since that time, again, since the January survey. Now again, this talks to the compression in spending. Now one of the big themes we hear constantly in cybersecurity is the market is overcrowded. Everybody talks about that, me included. The implication there, is there's a lot of room for consolidation and that consolidation can come in the form of M&A, or it can come in the form of people consolidating onto a single platform, and retiring some other vendors, and getting rid of duplicate vendors. We're hearing that as a big theme as well. Now, as we saw in the previous, previous chart, this is a very crowded market and we've seen lots of consolidation in 2022, in the form of M&A. Literally hundreds of M&A deals, with some of the largest companies going private. SailPoint, KnowBe4, Barracuda, Mandiant, Fedora, these are multi billion dollar acquisitions, or at least billion dollars and up, and many of them multi-billion, for these companies, and hundreds more acquisitions in the cyberspace, now less you think the pond is overfished, here's a chart from ETR of emerging tech companies in the cyber security industry. This data comes from ETR's Emerging Technologies Survey, ETS, which is this diamond in a rough that I found a couple quarters ago, and it's ripe with companies that are candidates for M&A. Many would've liked, many of these companies would've liked to, gotten to the public markets during the pandemic, but they, you know, couldn't get there. They weren't ready. So the graph, you know, similar to the previous one, but different, it shows net sentiment on the vertical axis and that's a measurement of, of, of intent to adopt against a mind share on the X axis, which measures, measures the awareness of the vendor in the community. So this is specifically a survey that ETR goes out and, and, and fields only to track those emerging tech companies that are private companies. Now, some of the standouts in Mindshare, are OneTrust, BeyondTrust, Tanium and Endpoint, Net Scope, which we've talked about in previous Breaking Analysis. 1Password, which has been acquisitive on its own. In identity, the managed security service provider, Arctic Wolf Network, a company we've also covered, we've had their CEO on. We've talked about MSSPs as a real trend, particularly in small and medium sized business, we'll come back to that, Sneek, you know, kind of high flyer in both app security and containers, and you can just see the number of companies in the space this huge and it just keeps growing. Now, just to make it a bit easier on the eyes we filtered the data on these companies with with those, and isolated on those with more than a hundred responses only within the survey. And that's what we show here. Some of the names that we just mentioned are a bit easier to see, but these are the ones that really stand out in ERT, ETS, survey of private companies, OneTrust, BeyondTrust, Taniam, Netscope, which is in Cloud, 1Password, Arctic Wolf, Sneek, BitSight, SecurityScorecard, HackerOne, Code42, and Exabeam, and Sim. All of these hit the ETS survey with more than a hundred responses by, by the IT practitioners. Okay, so these firms, you know, maybe they do some M&A on their own. We've seen that with Sneek, as I said, with 1Password has been inquisitive, as have others. Now these companies with the larger footprint, these private companies, will likely be candidate for both buying companies and eventually going public when the markets settle down a bit. So again, no shortage of players to affect consolidation, both buyers and sellers. Okay, so let's finish with some key questions that we're watching. CrowdStrike in particular on its earnings calls cited softness from smaller buyers. Is that because these smaller buyers have stopped adopting? If so, are they more at risk, or are they tactically moving toward the easy button, aka, Microsoft's good enough approach. What does that mean for the market if smaller company cohorts continue to soften? How about MSSPs? Will companies continue to outsource, or pause on on that, as well as try to free up, to try to free up some budget? Adam Celiski at Reinvent last week said, "If you want to save money the Cloud's the best place to do it." Is the cloud the best place to save money in cyber? Well, it would seem that way from the standpoint of controlling budgets with lots of, lots of optionality. You could dial up and dial down services, you know, or does the Cloud add another layer of complexity that has to be understood and managed by Devs, for example? Now, consolidation should favor the likes of Palo Alto and CrowdStrike, cause they're platform players, and some of the larger players as well, like Cisco, how about IBM and of course Microsoft. Will that happen? And how will economic uncertainty impact the risk equation, a particular concern is increase of tax on vulnerable sectors of the population, like the elderly. How will companies and governments protect them from scams? And finally, how many cybersecurity companies can actually remain independent in the slingshot economy? In so many ways the market is still strong, it's just that expectations got ahead of themselves, and now as earnings forecast come, come, come down and come down to earth, it's going to basically come down to who can execute, generate cash, and keep enough runway to get through the knothole. And the one certainty is nobody really knows how tight that knothole really is. All right, let's call it a wrap. Next week we dive deeper into Palo Alto Networks, and take a look at how and why that company has held up so well and what to expect at Ignite, Palo Alto's big user conference coming up later this month in Las Vegas. We'll be there with theCube. Okay, many thanks to Alex Myerson on production and manages the podcast, Ken Schiffman as well, as our newest edition to our Boston studio. Great to have you Ken. Kristin Martin and Cheryl Knight help get the word out on social media and in our newsletters. And Rob Hof is our EIC over at Silicon Angle. He does some great editing for us. Thank you to all. Remember these episodes are all available as podcasts. Wherever you listen, just search Breaking Analysis podcast. I publish each week on wikibond.com and siliconangle.com, or you can email me directly David.vellante@siliconangle.com or DM me @DVellante, or comment on our LinkedIn posts. Please do checkout etr.ai, they got the best survey data in the enterprise tech business. This is Dave Vellante for theCube Insights powered by ETR. Thanks for watching, and we'll see you next time on Breaking Analysis. (upbeat music)

(upbeat music) >> You got it, it's theCUBE. We are in Vegas. This is the Cube's live coverage day one of the full event coverage of AWS reInvent '22 from the Venetian Expo Center. Lisa Martin here with Dave Vellante. We love being in Vegas, Dave. >> Well, you know, this is where Super Cloud sort of was born. >> It is. >> Last year, just about a year ago. Steve Mullaney, CEO of of Aviatrix, you know, kind of helped us think it through. And we got some fun stories around. It's happening, but... >> It is happening. We're going to be talking about Super Cloud guys. >> I guess I just did the intro, Steve Mullaney >> You did my intro, don't do it again. >> Sorry I stole that from you, yeah. >> Steve Mullaney, joined just once again, one of our alumni. Steve, great to have you back on the program. >> Thanks for having me back. >> Dave: It's happening. >> It is happening. >> Dave: We talked about a year ago. Net Studio was right there. >> That was two years. Was that year ago, that was a year ago. >> Dave: It was last year. >> Yeah, I leaned over >> What's happening? >> so it's happening. It's happening. You know what, the thing I noticed what's happening now is the maturity of the cloud, right? So, if you think about this whole journey to cloud that has been, what, AWS 12 years. But really over the last few years is when enterprises have really kind of joined that journey. And three or four years ago, and this is why I came out of retirement and went to Aviatrix, was they all said, okay, now we're going to do cloud. You fast forward now three, four years from now, all of a sudden those five-year plans of evacuating the data center, they got one year left, two year left, and they're going, oh crap, we don't have five years anymore. We're, now the maturity's starting to say, we're starting to put more apps into the cloud. We're starting to put business critical apps like SAP into the cloud. This is not just like the low-hanging fruit anymore. So what's happening now is the business criticality, the scale, the maturity. And they're all now starting to hit a lot of limits that have been put into the CSPs that you never used to hit when you didn't have business critical and you didn't have that scale. They were always there. The rocks were always there. Just it was, you never hit 'em. People are starting to hit 'em now. So what's happening now is people are realizing, and I'm going to jump the gun, you asked me for my bumper sticker. The bumper sticker for Aviatrix is, "Good enough is no longer good enough." Now it's funny, it came in a keynote today, but what we see from our customers is it's time to upgrade the native constructs of networking and network security to be enterprise-grade now. It's no longer good enough to just use the native constructs because of a lack of visibility, the lack of controls, the lack of troubleshooting capabilities, all these things. "I now need enterprise grade networking." >> Let me ask you a question 'cause you got a good historical perspective on the industry. When you think about when Maritz was running VMWare. He was like any app, he said basically we're building a software mainframe. And they kind of did that, right? But then they, you know, hit the issue with scale, right? And they can't replicate the cloud. Are there things that we can draw from that experience and apply that to the cloud? What's the same, what's different? >> Oh yeah. So, 1992, do you remember what happened in 1992? I do this, weird German software company called SAP >> Yeah, R3. announced a release as R/3. Which was their first three-tier client-server application of SAP. Before that it ran on mainframes, TCP/IP. Remember that Protocol War? Guess what happened post-1992, everybody goes up like this. Infrastructure completely changes. Cisco, EMC, you name it, builds out these PCE client-server architectures. The WAN changes, MPLS, the campus, everything's home running back to that data center running SAP. That was the last 30 years ago. Great transformation of SAP. They've did it again. It's called S/4Hana. And now it's running and people are switching to S/4Hana and they're moving to the cloud. It's just starting. And that is going to alter how you build infrastructure. And so when you have that, being able to troubleshoot in hours versus minutes is a big deal. This is business critical, millions of dollars. This is not fun and games. So again, back to my, what was good enough for the last three or four years for enterprises no longer good enough, now I'm running business critical apps like SAP, and it's going to completely change infrastructure. That's happening in the cloud right now. And that's obviously a significant seismic shift, but what are some of the barriers that customers have been able to eliminate in order to get there? Or is it just good enough isn't good enough anymore? >> Barriers in terms of, well, I mean >> Lisa: The adoption. Yeah well, I mean, I think it's all the things that they go to cloud is, you know, the complexity, really, it's the agility, right? So the barrier that they have to get over is how do I keep the developer happy because the developer went to the cloud in the first place, why? Swipe the credit card because IT wasn't doing their job, 'cause every time I asked them for something, they said no. So I went around 'em. We need that. That's what they have to overcome in the move to the cloud. That is the obstacle is how do I deliver that visibility, that control, the enterprise, great functionality, but yet give the developer what they want. Because the minute I stop giving them that swipe the card operational model, what do you think they're going to do? They're going to go around me again and I can't, and the enterprise can't have that. >> That's a cultural shift. >> That's the main barrier they've got to overcome. >> Let me ask you another question. Is what we think of as mission critical, the definition changing? I mean, you mentioned SAP, obviously that's mission critical for operations, but you're also seeing new applications being developed in the cloud. >> I would say anything that's, I call business critical, same thing, but it's, business critical is internal to me, like SAP, but also anything customer-facing. That's business critical to me. If that app goes down or it has a problem, I'm not collecting revenue. So, you know, back 30 years ago, we didn't have a lot of customer-facing apps, right? It really was just SAP. I mean there wasn't a heck of a lot of cust- There were customer-facing things. But you didn't have all the digitalization that we have now, like the digital economy, where that's where the real explosion has come, is you think about all the customer-facing applications. And now every enterprise is what? A technology, digital company with a customer-facing and you're trying to get closer and closer to who? The consumer. >> Yeah, self-service. >> Self-service, B2C, everybody wants to do that. Get out of the middle man. And those are business critical applications for people. >> So what's needed under the covers to make all this happen? Give us a little double click on where you guys fit. >> You need consistent architecture. Obviously not just for one cloud, but for any cloud. But even within one cloud, forget multicloud, it gets worst with multicloud. You need a consistent architecture, right? That is automated, that is as code. I can't have the human involved. These are all, this is the API generation, you've got to be able to use automation, Terraform. And all the way from the application development platform you know, through Jenkins and all other software, through CICD pipeline and Terraform, when you, when that developer says, I want infrastructure, it has to go build that infrastructure in real time. And then when it says, I don't need it anymore it's got to take it away. And you cannot have a human involved in that process. That's what's completely changed. And that's what's giving the agility. And that's kind of a cloud model, right? Use software. >> Well, okay, so isn't that what serverless does, right? >> That's part of it. Absolutely. >> But I might still want control sometimes over the runtime if I'm running those mission critical applications. Everything in enterprise is a heterogeneous thing. It's like people, people say, well there's going to, the people going to repatriate back to on-prem, they are not repatriating back to on-prem. >> We were just talking about that, I'm like- >> Steve: It's not going to happen, right? >> It's a myth, it's a myth. >> And there's things that maybe shouldn't have ever gone into the cloud, I get that. Look, do people still have mainframes? Of course. There's certain things that you just, doesn't make sense to move to the new generation. There were things, certain applications that are very static, they weren't dynamic. You know what, keeping it on-prem it's, probably makes sense. So some of those things maybe will go back, but they never should have gone. But we are not repatriating ever, you know, that's not going to happen. >> No I agree. I mean, you know, there was an interesting paper by Andreessen, >> Yeah. >> But, I mean- >> Steve: Yeah it was a little self-serving for some company that need more funding, yeah. You look at the numbers. >> Steve: Yeah. >> It tells the story. It's just not happening. >> No. And the reason is, it's that agility, right? And so that's what people, I would say that what you need to do is, and in order to get that agility, you have to have that consistency. You have to have automation, you have to get these people out of the way. You have to use software, right? So it's that you have that swipe the card operational model for the developers. They don't want to hear the word no. >> Lisa: Right. >> What do you think is going to happen with AWS? Because we heard, I don't know if you heard Selipsky's keynote this morning, but you've probably heard the hallway talk. >> Steve: I did, yeah. >> Okay. You did. So, you know, connecting the dots, you know doubling down on all the primitives, that we expected. We kind of expected more of the higher level stuff, which really didn't see much of that, a little bit. >> Steve: Yeah. So, you know, there's a whole thing about, okay, does the cloud get commoditized? Does it not? I think the secret weapon's the ecosystem, right? Because they're able to sell through with guys like you. Make great margins on that. >> Steve: Yeah, well, yeah. >> What are your thoughts though on the future of AWS? >> IAS is going to get commoditized. So this is the fallacy that a lot of the CSPs have, is they thought that they were going to commoditize enterprise. It never happens that way. What's going to happen is infrastructure as a service, the lower level, which is why you see all the CSPs talking about what? Oracle Cloud, industry cloud. >> Well, sure, absolutely, yeah. >> We got to get to the apps, we got to get to SAP, we got to get to all that, because that's not going to get commoditized, right. But all the infrastructural service where AWS is king that is going to get commoditized, absolutely. >> Okay, so, but historically, you know Cisco's still got 60% plus gross margins. EMC always had good margin. How pure is the lone survivor in Flash? They got 70% gross margins. So infrastructure actually has always been a pretty good business. >> Yeah that's true. But it's a hell of a lot easier, particularly with people like Aviatrix and others that are building these common architectural things that create simplicity and abstract the way the complexities of underneath such that we allow your network to run an AWS, Azure, Google, Oracle, whatever, exactly the same. So it makes it a hell of a lot easier >> Dave: Super cloud. >> to go move. >> But I want to tap your brain because you have a good perspective of this because servers used to be a great margin business too on-prem and now it's not. It's a low margin business 'cause all the margin went to Intel. >> Yeah. But the cloud guys, you know, AWS in particular, makes a ton of dough on servers, so, or compute. So it's going to be interesting to see over time if that gets com- that's why they're going so hard after silicon. >> I think if they can, I think if you can capture the workload. So AWS and everyone else, as another example, this SAP, they call that a gravity workload. You know what gravity workload is? It's a black hole. It drags everything else with it. If you get SAP or Oracle or a mainframe app, it ain't going anywhere. And then what's going to happen is all your other apps are going to follow it. So that's what they're all going to fight for, is type of app. >> You said something earlier about, forget multicloud, for a moment, but, that idea of the super cloud, this abstraction layer, I mean, is that a real business value for customers other than, oh I got all these clouds, I need 'em to work together. You know, from your perspective from Aviatrix perspective, is it an opportunity for you to build on top of that? Or are you just looking at, look, I'm going to do really good work in AWS, in Azure? Now we're making the same experience. >> I hear this every single day from our customers is they look and they say, good enough isn't good enough. I've now hit the point, I'm hitting route limitations. I'm hitting, I'm doing things manually, and that's fine when I don't have that many applications or I don't have mission critical. The dogs are eating the dog food, we're going into the cloud and they're looking and then saying this is not an operational model for me. I've hit the point where I can't keep doing this, I can't throw bodies at this, I need software. And that's the opportunity for us, is they look and they say, I'm doing it in one cloud, but, and there's zero chance I'm going to be able to figure that out in the two or three other clouds. Every enterprise I talk to says multicloud is inevitable. Whether they're in it now, they all know they're going to go, because it's the business units that demand it. It's not the IT teams that demand it, it's the line of business that says, I like GCP for this reason. >> The driver's functionality that they're getting. >> It's the app teams that say, I have this service and GCP's better at it than AWS. >> Yeah, so it's not so much a cost game or the end all coffee mug, right? >> No, no. >> Google does this better than Microsoft, or better than- >> If you asked an IT person, they would rather not have multicloud. They actually tried to fight it. No, why would you want to support four clouds when you could support one right? That's insane. >> Dave and Lisa: Right. If they didn't have a choice and, and so it, the decision was made without them, and actually they weren't even notified until day before. They said, oh, good news, we're going to GCP tomorrow. Well, why wasn't I notified? Well, we're notifying you now. >> Yeah, you would've said, no. >> Steve: This is cloud bottle, let's go. >> Super cloud again. Did you see the Berkeley paper, sky computing I think they call it? Down at Berkeley, yep Dave Linthicum from Deloitte. He's talking about, I think he calls it meta cloud. It's happening. >> Yeah, yeah, yeah. >> It's happening. >> No, and because customers, customers want that. They... >> And talk about some customer example or two that you think really articulates the value of why it's happening and the outcomes that it's generating. >> I mean, I was just talking to Lamb Weston last night. So we had a reception, Lamb Weston, huge, frozen potatoes. They serve like, I dunno, some ungodly percentage of all the french fries to all the fast food. It's unbelievable what they do. Do you know, they have special chemicals they put on the french fries. So when you get your DoorDash, they stay crispy longer. They've invented that patented it. But anyway, it's all these businesses you've never heard of and they do all the, and again, they're moving to SAP or they're actually SAP in the cloud, they're one of the first ones. They did it through Accenture. They're pulling it back off from Accenture. They're not happy with the service they're getting. They're going to use us for their networking and network security because they're going to get that visibility and control back. And they're going to repatriate it back from a managed service and bring it back and run it in-house. And the SAP basis engineers want it to happen because they see the visibility and control that the infrastructure guy's going to get because of us, which leads to, all they care about is uptime and performance. That's it. And they're going to say the infrastructure team's going to lead to better uptime and better performance if it's running on Aviatrix. >> And business performance and uptime, business critical >> That is the business. That is the business. >> It is. So what are some of the things next coming down the pike from Aviatrix? Any secret sauce you can share? >> Lot of secrets. So, two secrets. One, the next thing people really want to do, embedded network security into the network. We've kind of talked about this. You're going to be seeing some things from us. Where does network security belong? In the network. Embedded in the fabric of the network, not as this dumb device called the next-gen firewall that you steer traffic to. It has to be into the fabric of what we do, what we call airspace. You're going to see us talk about that. And then the next thing, back to the maturity of the cloud, as they build out the core, guess what they're doing? It's this thing called edge, Dave, right? And guess what they're going to do? It's not about connecting the cloud to the edge to the cloud with dumb things like SD-WAN, right? Or SaaS. It's actually the other way around. Go into the cloud, turn around, look out at the edge and say, how do I extend the cloud out to the edge, and make it look like a VPC. That's what people are doing. Why, 'cause I want the operational model. I want all the things that I can do in the cloud out at the edge. And everyone knows it's been in networking. I've been in networking for 37 years. He who wins the core does what? Wins the edge, 'cause that's what happens. You do it first in the core and then you want one architecture, one common architecture, one consistent way of doing everything. And that's going to go out to the edge and it's going to look like a VPC from an operational model. >> And Amazon's going to support that, no doubt. >> Yeah, I mean every, you know, every, and then it's just how do you want to go do that? And us as the networking and network security provider, we're getting dragged to the edge by our customer. Because you're my networking provider. And that means, end to end. And they're trying to drag us into on-prem too, yeah. >> Lot's going on, you're going to have to come back- >> Because they want one networking vendor. >> But wait, and you say what? >> We will never do like switches and any of the keep Arista, the Cisco, and all that kind of stuff. But we will start sucking in net flow. We will start doing, from an operational perspective, we will integrate a lot of the things that are happening in on-prem into our- >> No halfway house. >> Copilot. >> No halfway house, no two architectures. But you'll take the data in. >> You want one architecture. >> Yeah. >> Yeah, totally. >> Right play. >> Amazing stuff. >> And he who wins the core, guess what's more strategic to them? What's more strategic on-prem or cloud? Cloud. >> It flipped three years ago. >> Dave: Yeah. >> So he who wins in the clouds going to win everywhere. >> Got it, We'll keep our eyes on that. >> Steve: Cause and effect. >> Thank you so much for joining us. We've got your bumper sticker already. It's been a great pleasure having you on the program. You got to come back, there's so, we've- >> You posting the bumper sticker somewhere? >> Lisa: It's going to be our Instagram. >> Oh really, okay. >> And an Instagram sto- This is new for you guys. Always coming up with new ideas. >> Raising the bar. >> It is, it is. >> Me advance, I mean, come on. >> I love it. >> All right, for our guest Steve Mullaney and Dave Vellante, I'm Lisa Martin. You're watching theCUBE, the leader in live enterprise and emerging tech coverage.

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

>>Okay. We're back at the area in Las Vegas, Falcon 22. You're watching the cube. My name is Dave Valante. Michael cent is here. He's the chief technology officer at CrowdStrike. Michael. Good to see you. Thanks. Thanks >>For >>Having me. Yeah. So this is your first time I think, on the cube. It is, and, and it's really a pleasure. I've been following you, watching you very closely. You're, you know, quite prominent and, and, you know, very articulate. I loved your keynote talking about what is XDR. I think you guys are gonna do really well in that space, cuz you've got clarity of vision and execution. Talk about some of the announcements that you made this week, particularly interested in, in insight. XDR what's that all about? >>Yeah. So I've been talking about XDR for a while and trying to help push the right narrative. There's a lot of marketing in the industry with XDR. So we've been talking a lot about what it, what it means that the benefit that it provides from a technology perspective, what you need in the architecture. So we firmly believe it's a philosophy and we build all of our technology to work together, but it's bringing in third parties. And that was really a lot of the, the announcements. My keynote was to show everybody the work that we've been doing to bring in data from Zscaler and Proofpoint. And we talked about bringing in data from a whole range of different vendors, firewall vendors, and we've been doing XDR use cases for a long time. So a big part of our strategy is to make security easy. And we've been doing a lot of XDR use cases with our Falcon insight module. So the announcement that I made was to relaunch Falcon insight as insight XDR and it means all of our close to 20,000 customers have access to the product. >>So that gets bundled right in it's like SAS automatically part of the portfolio >>Log off on Friday, come back on Monday and you're good to go. >>And then, and you, you just, you just called out Zscaler and Proofpoint you, I think you also mentioned Palo Alto network, Cisco for net as well. You're pulling in telemetry from, yeah, >>We've got a, we got a long map of, of people that we're integrating with. We talked about Cisco, we talked about for drop and for net, we announced that we're gonna be pulling in telemetry from, from Palo and a range of other vendors, Microsoft and others. And that's what XDR is about. It's about first party and third party integration and making all of the telemetry work together. >>I was talking to George about this yesterday is I think there's a lot of confusion. Sometimes when you have the dogma of cloud native, you know, snowflake, same thing, no, we're not doing OnPrem. This is hybrid. People think that that you're excluding on-prem data, but you're not, you can ingest on-prem data, right? >>We absolutely are not excluding on-prem. We will support and, and secure every workload, whether it's on-prem or in the cloud, whether it's connected to the internet or offline, a lot of the, the indicators of attack and the, and the detection techniques that we have are on the sensor itself. So you don't have to be connected anywhere for that capability to work. You get the benefit when you connect to the cloud of the additional visibility, the additional protection, but the core capabilities on the sensor that we have >>Given that you guys started 11 years ago, plus two days now, and you had that dogma cloud cloud, first cloud cloud, only Nate cloud native. Was there ever a point where you're like, you know, boy, we might be missing some of the market, you know? And, and you, you, you held true to your principles. Two part question. Did you ever question that and by focusing all your resources on cloud, what, what has that given you? >>It's there's been a Eliza focus on having a, a native cloud platform. It's easy to say cloud native. And if you look at a lot of the vendors in the industry today, if you are a, a customer and you ask them, Hey, can you gimme an on-premise product? I'm not gonna buy your product. They've got an on premise product. The problem is when you have two different versions, you end up having compromise. You have to manage two code bases, impact to your engineering team. Their features are different customers. Ultimately are the ones that miss out because if I have the on-prem version or if the cloud version, I may not get the same capability for us, it's been very clear. It's been a laser focus to be a cloud and cloud only from day one. >>You've renamed humo. I gotta stop using humo. I guess it's not called log scale, Falcon, complete log scale. You're bringing together security and observability. Although you're not doing the full spectrum of observability, you're just sort of focusing on, you know, part of it. Can you explain that? >>Yeah. So first of all, we did rebrand and bring the homeo brand closer to a crowd strike by renaming it Falcon log scale. And just to be clear, it's not just the rebranding of the name. We've been spending a lot of time. We made that acquisition in March of, of last year, and we've been doing a lot of work on the technology. We built out long, the Falcon long term retention. We built a whole bunch of capability into the product. So now was the right time to rebrand it as Falcon log scale. And at the same time, we also announced Falcon complete log scale. And it's part of the complete franchise. And that's where customers can get the value and the benefit of log scale, but they don't have to set it up. They don't have to manage it. They leave that to us. >>So you get pretty much involved in, in the, the M and a activity. You talked on stage yesterday about reify and, and what's going on there. You guys got, obviously gotta, still do that. You, but you made investments this week. You announced investments in salt security, the API specialist, and, and also Vanta compliance automation. What's the thinking behind that, you know, explain actually the fund that you guys are sprinkling around as a strategic investor and why those companies. Yeah. >>So there's two, two parts that, that I'm involved in on that part of my team. One is the M and a team. And one is the Falcon fund side of the business. Obviously two very different things. The, the M and a part of CrowdStrike, we're always looking to see for every technology space that we want to get into, you know, what is the best option build by a partner? Sometimes it's built sometimes it's a, it's a hybrid approach of build and partner. Other times we go down the path of M and a, and I was super excited about reify, great company, great technology. And as you said, we made announcements to we're investing as part of the fund into, into van and salt. We, we, we are very blessed. We're very fortunate to have achieved a lot of success in a short period of time. And we think we've got an opportunity to help fledgling companies to help them guide through the process of setting up the company, helping them with engineering principles and guidelines, helping them with the go to market perspective. So the fund is really about that. It's finding the next cybersecurity company working closely together, and it's been a huge success. You had banter and salt on earlier, and there's so much excitement about what they do. >>Yeah. I mean, it's clear, clear, compliment to what you guys are doing. I want to ask you about your lightweight agent. There, there are other firms that say they have a lightweight agent too. You know, what, what makes your lightweight agent so different? So special? >>Yeah. I've never seen a PowerPoint presentation. That's wrong. It's very easy to, to say your lightweight agent is, is, you know, super lightweight. And many times when you look at them, they're, they're not lightweight. They take a lot of effort to install. They need reboots. If you've got security, that's part of the operating system. If you've got security that requires to reboot, you can't go to a bank and say, Hey, you've got a hundred thousand machines. We're gonna install all of this technology, but you've gotta reboot it once, twice, three times. So what ends up happening is you see deployment cycles that go on for 12 months. I've spoken to organizations here this week that said we had budgeted to roll out your product in 18 months because of what we experienced in the past. And we did it in seven weeks. That's a lightweight agent with no reboot. And then you look at the updates. You look at the CPU resource utilization. So again, very easy to say lightweight. I haven't seen anything like what we've built at crowd strike. >>How do you keep an agent lightweight when you're both acquiring in companies and adding modules? I think you're, you're over 20 modules now. How, how is it that the, the agent can remain so lightweight? >>So we spent a lot of time building out the agent cloud architecture that we have, the, the concept of our agent is very different. It's not collecting data, storing it, trying to sell, send it up. We have a smart agent with smart filtering built in. So we're very careful in terms of the data that we collect, but think of the aperture on a camera. You know, if you wanna let more light in you, you widen the aperture. It's the same as our, our agent. If we wanna bring in more telemetry, we, we widen that aperture. So we're very efficient on the network. And we collect data. When machine process runs, we collect that telemetry. We use it in different ways, but we collect once and reuse it many times. So it's the same agent for NextGen AV for EDR, for our spotlight vulnerability management module. And when we're looking at M M and a, so coming back to your, your question, we will look at technology. And if we can't bring that technology and incorporate it into the agent that we already have, we won't acquire it. Worst thing in security is complexity. When you give an organization, 1, 2, 3, 5 plus agents, and then they have 3, 4, 5 plus management consoles. It's too hard when they're under attack. >>Well, it's like my, my business partner co-host John furrier says is that as an industry, we tend to solve complexity with more complexity. And it's, that's problematic. Can you talk about your, your threat graph? Like, what is that? Is it a, is it a graph database? Is it a purpose built? Is it a time series, database, a combination? What, what is >>That? Yeah, it is a graph database. When we, when, when the company was started, obviously the vision was to crowdsource telemetry from so many machines from millions of devices around the world. And the thesis at the time was as that capability scales out, there's nothing commercially available that will be able to ingest all of that data. And today we are processing over 7 trillion events every single week. We, we can't go and get something off the shelf. So we've had to build the, the technology from the ground up. That's the first part. Secondly, there is a temporal element to this. There's a time element. And we, we have an ontology built where we track the relationship between all the telemetry that we get. The reason why I believe we stand alone in EDI is because of that time element, the relationship that we have, and we just have so much context that makes it easy for the threat hunter speed and, and ease of use is critical in cyber. >>So you see in data in the database world, everything's kind of converging with all this function, you know, 11 years ago, these were pretty rudimentary. I shouldn't say rudimentary, but immature markets they've come a long way. If you had to start, if, if those capabilities that are there today with graph databases and time series databases were available in, in 2010, would you have used off the shelf technology, or would you have still developed your >>Own? We would've done the same thing that we've done today. >>And, and why can you explain what that, what that is it a performance thing? Is it just control? >>Yeah, look, it, it, it's everything that I talked about before, the, the benefit that you get from the approach that we've taken and the scalability that the requirements that we need, we still today, there's nothing that we can, we can go and get off the shelf that can scale and give us the performance that we need that can give us the ability to, to have that relationship data, the ontology of, of what we have in the platform and the way that we inter operate with all of the different modules that just wouldn't exist. We wouldn't have that capability. And what you'd find is we'd be pretty much the same as every other vendor where they have on-prem solutions, they have hybrid hosted solutions. And when you have those trade offs, you see it in the product. >>Yeah. So the, the point is you're very focused on the purpose of your, your proprietary technology. You're not trying to serve the all things to all people. You used the term yesterday in your keynote, which it, it caught my attention. You used the term ground truth, and it has very specific meaning. Can you explain what you meant by what is ground truth, you know, in the world? And what, what, what does it mean to CrowdStrike? Yeah, >>I was talking about ground truth as it relates to the acquisition of reify and the big thing for us, we wanted to bring additional capability to the platform, to give our customers external and internal visibility of all their assets and all their vulnerabilities. What's important with us, with our agent is today, we give you a single source of truth. When we put that agent onto a device, we tell you everything about the hardware. We tell you everything about who's logged in. We tell you everything about the applications that are running the relationships between the, of the device and the application. We're not a CMDB. We feed CMDB with information that is instant, that is live. And when we look at reify, it broadens again, I'll use the same word. It broadens the aperture. It gives us more visibility around what's going on. So we're, we're super excited about that because having information about all of your assets, all of your users, the applications they use, whether they're vulnerable, how you need to protect them, having it at your finger fingertips, it's a game changer >>Contract, can CrowdStrike be a generational company. And what do you have to do to ensure that that outcome occurs? We, >>We, I think we absolutely are. And, and we're we're path paving a path to, you know, really continuing to build out that platform. I said, in my keynote that I think we're at an early innings. I, if you buy, for example, as a customer, our insight module, cuz you wanna start with EDR, you've got 21 modules to go yesterday. Today we, we talked about discover 2.0, we talked about discover for IOT. I talked about the, the repository acquisition, a whole range of technology built on that single cloud agent architecture. And we've heard the success stories here this week from customers that have just gotten so much benefit. They've rolled out one agent and they've turned off eight or nine from other security vendors. So absolutely we can be a generational company with what we're doing. What >>Are the blockers to customers turning on those additional modules? Cause not, not all customers are using our modules. Is it that they've made an investment in an alternative technology and they're sort of hugging onto it or are there other technical blockers? Yes. >>It many times it's the investment, right? So if you've made a, an investment in the company, you've got a year to go, you might wanna sweat that asset. But typically what we find is the benefit that we have. It's a very simple conversation. If we can give people a cost and a technology benefit, they're gonna make the transition to move. There's so many technical benefits. We talked about the single agent, but the actual features of the modules themselves. But the big thing for us is we've done over 4,700 business value assessments where we sit down with an organization and we look at what they have. We look at what their spend is. We look at their FTEs, we look at the security outcomes that they get. And then we come out with a model that shows them technology and business value. And that's what really drives them to make the switch. >>So the business value in that VVA is not just a, a reduction in expected loss. That's part of it, better security you're gonna, you know, be, be, be lower your risk. But you're saying it's also the labor associated with that. Yeah, >>Absolutely. It's it's how do you operationalize the solution? How many people do you need? How long does it take you to respond? You know, how do you interact with third parties with your suppliers is taking in all of that data. We've spent a long time building out that model and it's, it's proving to be very successful customers. Love it. Is >>That, is that sort of novel ROI thinking in the security business or I'm trying to think of, I mean, I know for years it would watch art. Coviello stand up at RSA and tell us how, how this year's worse than last year. And so, but, but, but I never really heard, you know, a strong business case that would resonate with the, with the P and L manager, other than, you know, we gotta do this or we're gonna get hacked and you're gonna be screwed. Is that new thinking? Or am I, did I just miss it? >>I don't know if I wanna size new thinking. I think what happened, what changed was 10, 15 years ago at a conference you'd stand up and everybody would tell you ransomwares up and fishing is up. And at the end of it, people are trying to work out. Is that good? Or is that bad? It went up 20% based off what that doesn't work anymore. Everyone, you know, got tired of that. And a few of us have been doing it for a while. I I'm, I'm sort of two and a half decades into this. And if you, if you try to use that model of scaring people, they switch off, they want to understand the benefit. You know, the break in the car is so you can go and stop safely when you need it. And I look at security the same way we want to accelerate the company. We want to help companies do their job, but security is there to make sure they don't get into trouble. >>Yeah. It's like having two security guards by your side, right? I mean, they're gonna help you get through the crowd and move forward. So Michael, thanks so much for coming to the cube. Thanks for having me your time. You're you're very welcome. All right. Keep it right there. After this short break, Dave ante will be back with the cube live coverage from Falcon 22 at the area in Las Vegas.

>>Hey everyone. Welcome to the Cube's presentation of the AWS startup showcase. Season two, episode four, I'm your host. Lisa Martin. This topic is cybersecurity detect and protect against threats. Very excited to welcome a Cub alumni back to the program. SNA hall, autonomy, the co-founder and CEO of horizon three joins me SNA hall. It's great to have you back in the studio. >>Likewise, thanks for the invite. >>Tell us a little bit about horizon three. What is it that you guys do you we're founded in 2019? Got a really interesting group of folks with interesting backgrounds, but talk to the audience about what it is that you guys are aiming to do. >>Sure. So maybe back to the problem we were trying to solve. So my background, I was a engineer by trade. I was a CIO at G capital CTO at Splunk and helped, helped grows scale that company and then took a break from industry to serve within the department of defense. And in every one of my jobs where I had cyber security in my responsibility, I suffered from the same problem. I had no idea I was secure or that we were fixing the right vulnerabilities or logging the right data in Splunk or that our tools and processes and people worked together well until the bad guys had showed up. And by then it was too late. And what I wanted to do was proactively verify my security posture, make sure that my security tools were actually effective, that my people knew how to respond to a breach before the bad guys were there. And so this whole idea of continuously verifying my security posture through security testing and pen testing became a, a passion project of mine for over a decade. And I, through my time in the DOD found the right group of an early people that had offensive cyber experience that had defensive cyber experience that knew how to build and ship and, and deliver software at scale. And we came together at the end of 2019 to start horizon three. >>Talk to me about the current threat landscape. We've seen so much change in flux in the last couple of years globally. We've seen, you know, the threat actors are just getting more and more sophisticated as is the different types of attacks. What are you seeing kind of horizontally across the threat landscape? >>Yeah. The biggest thing is attackers don't have to hack in using zero days. Like you see in the movies. Often they're able to just log in with valid credentials that they've collected through some mechanism. As an example, if I wanted to compromise a large organization, say United airlines, one of the things that an attacker's gonna go off and do is go to LinkedIn and find all of the employees that work at United airlines. Now you've got, say 7,000 pilots of those pilots. You're gonna figure out quickly that their use varie and passwords or their use varie@leastarefirstnamelastinitialatunited.com. Cool. Now I have 7,000 potential logins and all it takes is one of them to reuse a compromise password for their corporate email. And now you've got an initial user in the system and most likely that initial user has local admin on their laptops. And from there, an attacker can dump credentials and find a path to becoming a domain administrator. >>And what happens oftentimes is security tools. Don't detect this because it looks like valid behavior in the organization. And this is pretty common. This idea of collecting information on an organization or a topic or target using open source intelligence, using a mix of credentialed spraying and kinda low priority or low severity exploitations or misconfigurations to get in. And then from there systematically dumping credentials, reusing those credentials and finding a path towards compromise and almost less than 2% of, of CVEs are actually used in exploits. Most of the time attackers chain together misconfigurations bad product defaults. And so really the threat landscape is attackers don't hack in. They log in and organizations have to focus on getting the basics right and fundamentals right first, before they layer on some magic, easy button that is some security AI tools hoping that that's gonna save their day. And that's what we found systemically across the board. >>So you're finding that across the board, probably pan industry, that, that a lot of companies need to go back to basics. We talk about that a lot when we're talking about security, why do you think that >>Is? I think it's because one, most organizations are barely treading water. When you look at the early rapid adopters of horizon threes, pen testing, product, autonomous pen testing, the early adopters tended to be teams where the it team and the security team were the same person and they were barely treading water. And the hardest part of my job as a CIO was deciding what not to fix because the bottleneck in the security processes, the actual capacity to fix problems. And so fiercely prioritizing issues becomes really important, but the, the tools and the processes don't focus on prioritizing what's exploitable, they prioritize, you know, by some arbitrary score from some arbitrary vulnerability scanner. And so we have as a fundamental breakdown of the small group of folks with the expertise to fix problems, tend to be the most overworked and tend to have the most noise to need to sift through. So they don't even have time to get to the basics. They're just barely treading water doing their day jobs. And they're often sacrificing their nights and weekends. All of us at horizon three were practitioners at one point in our career, we've all been called in on the weekend. So that's why, what we did was fiercely focus on helping customers and users fix problems that truly matter, and allowing them to quickly retack and verify that the problems were truly fixed. >>So when it comes to today's threat landscape, what is it that organizations across the board should really be focused on? >>I think systemically what we see are bad password or credential policies, least access, privileged management type processes, not being well implemented. The domain user tends to be the local admin on the box, no ability to understand what is a valid login versus a, a malicious login. Those are some of the basics that we see systemically. And if you layer that with, it's very easy to say misconfigure vCenter, or misconfigure a piece of Cisco gear, or you're not gonna be installing monitoring and OB observa security observability tools on that. HP integrated lights out server. And so on. What you'll find is that you've got people overworked that don't have the capacity to fix. You have the fundamentals or the basics, not, not well implemented. And you have a whole bunch of blind spots in your security posture, and defenders have to be right. Every time attackers only have to be right once. And so what we have is this asymmetric fight where attackers are very likely to get in. And we see this on the news all the time. >>So, and, and nobody of course wants to be the next headline. Right? Talk to me a little bit about autonomous pen testing as a service, what you guys are delivering and what makes it unique and different than other tools that have been out there as, as you're saying that clearly have >>Gaps. Yeah. So first and foremost was the approach we took in building our product. What we set up front was our primary users should be it administrators, network, engineers, and P. And that, that it intern who in three clicks should have the power of a 20 year pen testing expert. So the whole idea was empower and enable all of the fixers to find, fix in verify their security weaknesses continuously. That was the design goal. Most other security products are designed for security people, but we already know they're they're task saturated. They've got way too many tools under the belt. So first and foremost, we wanted to empower the fixers to fix problems. That truly matter, the second part was we wanted to do that without having to install credentialed agents all over the place or writing your own custom attack scripts, or having to do a bunch of configurations and make sure that it's safe to run against production systems so that you could, you could test your entire attack surface your on-prem, your cloud, your external perimeter. >>And this is where AWS comes in to be very important, especially hybrid customers where you've got a portion of your infrastructure on AWS, a portion on-prem and you use horizon three to be able to attack your complete attack surface. So we can start on Preem and we will find, say the AWS credentials file that was mistakenly saved on a, a share drive, and then reuse that to become admin in the cloud. AWS didn't do anything wrong. The cloud team didn't do anything wrong. A developer happened to share a password or save a password file locally. That's how attackers get in. So we can start from on-prem and show how we can compromise the cloud, start from the cloud and, and, and show how we can compromise. On-prem start from the outside and break in. And we're able to show that complete attack surface at scale for hybrid customers. >>So showing that complete attack surface sort of from the eyes of the attacker, >>That's exactly right, because while blue teams or the defenders have a very specific view of their environment, you have to look at yourself through the eyes of the attacker to understand what are your blind spots? What do do they see that you don't see? And it's actually a discipline that is well entrenched within military culture. And that's also important for us as the company. We're about a third of horizon, three served in us special operations or the intelligence community with the United States, and then do OD writ large. And a lot of that red team mindset view yourself through the eyes of the attacker and this idea of training. Like you fight in building muscle memories. So you know how to react to the real incident when it occurs is just ingrained in how we operate. And we disseminate that culture through all of our customers as well. >>And, and at this point in time, it's, every business needs to assume an attacker's gonna get in >>That's right. There are way too many doors and windows in the organization. Attackers are going to get in, whether it's a single customer that reused their Netflix password for their corporate email, a patch that didn't get applied properly, or a new zero day that just gets published a piece of Cisco software that was misconfigured, you know, not by anything more than it's easy to misconfigure. These complex pieces of technology attackers are going to get in. And what we want to understand as customers is once they're in, what could they do? Could they get to my crown Jewel's data and systems? Could they borrow and prepare for a much more complicated attack down the road? If you assume breach, now you wanna understand what can they get to, how quickly can you detect that breach and what are your ways to stifle their ability to achieve their objectives. And culturally, we would need a shift from talking about how secure I am to how defensible are we. Security is kind of a state, a point in time, state of your organization, defense ability is how quickly you can adapt to the attacker to stifle their ability to achieve their objective >>As things are changing >>Constantly. That's exactly right. >>Yeah. Talk to me about a typical customer engagement. If there's, you mentioned folks treading water, obviously there's the huge cybersecurity skills gap that we've been talking about for a long time. Now that's another factor there, but when you're in customer conversations, who were you talking to? What typically are, what are they coming to you for help? >>Yeah. One big thing is you're not gonna win and, and win a customer by taking 'em out to steak dinners. Not anymore. The way we focus on, on our go to market and our sales motion is cultivating champions. At the end of the proof of concept, our internal measure of successes is that person willing to get a horizon three tattoo. And you do that, not through state dinners, not through cool swag, not through marketing, but by letting your results do the talking. Now, part of those results should not require professional services or consulting it. The whole experience should be self-service frictionless and insightful. And that really is how we've designed the product and designed the entire sales motion. So a prospect will learn or discover about us, whether it's through LinkedIn, through social, through the website, but often because one of their friends or colleagues heard about us saw our result and is advocating on our behalf. >>When we're not in the room from there, they're gonna be able to self-service just log to our product through their LinkedIn ID, their Google ID. They can engage with a salesperson if they want to, they can run a pen test right there on the spot against their home, without any interaction with a sales rep, let those results do the talking, use that as a starting point to engage in a, in a more complicated proof of value. And the whole idea is we don't charge for these. We let our results do the talking. And at the end, after they've run us to find problems they've gone off and fixed those issues. And they've rerun us to verify that what they've fixed was properly fixed, then they're hooked. And we have a hundred percent technical win rate with our prospects when they hit that fine fix verify cycle, which is awesome. And then we get the tattoo for them, at least give them the template. And then we're off to the races >>That it sounds like you're making the process more simple. There's so much complexity behind it, but allowing users to be able to actually test it out themselves in a, in a simplified way is huge. Allowing them to really focus on becoming defensible. >>That's exactly right. And you know, the value is we're all, especially now in security, there's so much hype and so much noise. There's a lot more time being spent, self discovering and researching technologies before you engage in a commercial discussion. And so what we try to do is optimize that entire buying experience around enabling people to discover and research and learn the other part, right. Remember is offensive cyber and ethical hacking. And so on is very mysterious and magical to most defenders. It's such a complicated topic with many nuance tools that they don't have the time to understand or learn. And so if you surface the complexity of all those attacker tools, you're gonna overwhelm a person that is already overwhelmed. So we needed the, the experience to be incredibly simple and, and optimize that fine fix verify aha moment. And once again, be frictionless and be insightful, >>Frictionless and insightful. Excellent. Talk to me about results. You mentioned results. We, we love talking about outcomes. When a customer goes through the, the POC POB that you talked about, what are some of the results that they see that hook them? >>Yeah. The biggest thing is what attackers do today is they will find a low from machine one, plus a low from machine two equals compromised domain. What they're doing is they're chaining together issues across multiple parts of your system or your organization to hone your environment. What attackers don't do is find a critical vulnerability and exploit that single machine it's always a chain is always, always multiple steps in the attack. And so the entire product and experience in actually our underlying tech is around attack pads. Here is the path, the attack path an attacker could have taken. You know, that node zero, our product took here is the proof of exploitation for every step along the way. So, you know, this isn't a false positive, in fact, you can copy and paste the attacker command from the product and rerun it yourself and see it for yourself. >>And then here is exactly what you have to go fix and why it's important to fix. So that path proof impact and fix action is what the entire experience is focused on. And that is the results doing the talking, because remember, these folks are already overwhelmed. They're dealing with a lot of false positives. And if you tell them you've got another critical to fix their immediate reaction is Nope. I don't believe you. This is a false positive. I've seen this plenty of times. That's not important. So you have to in your product experience in sales process and adoption process immediately cut through that defensive or that reflex and its path proof impact. Here's exactly what you fix here are the exact steps to fix it. And then you're off to the races. What I learned at Splunk was you win hearts and minds of your users through amazing experience, product experience, amazing documentation, yes, and a vibrant community of champions. Those are the three ingredients of success, and we've really made that the core of the product. So we win on our documentation. We win on the product experience and we've cultivated pretty awesome community. >>Talk to me about some of those champions. Is there a customer story that you think really articulates the value of no zero and what it is that, that you are doing? Yeah. >>I'll tell you a couple. Actually, I just gave this talk at black hat on war stories from running 10,000 pen tests. And I'll try to be gentle on the vendors that were involved here, but the reality is you gotta be honest and authentic. So a customer, a healthcare organization ran a pen test and they were using a very well known, managed security services provider as their, as their security operations team. And so they initiate the pen test and they were, they wanted to audit their response time of their MSSP. So they run the pen test and we're in and out. The whole pen test runs two hours or less. And in those two hours, the pen test compromises, the domain gets access to a bunch of sensitive data. Laterally, maneuvers rips the entire entire environment apart. It took seven hours for the MSSP to send an email notification to the it director that said, Hey, we think something's suspicious is wow. Seven hours. That's >>A long time >>We were in and out in two, seven hours for notification. And the issue with that healthcare company was they thought they had hired the right MSSP, but they had no way to audit their performance. And so we gave them the, the details and the ammunition to get services credits to hold them accountable and also have a conversation of switching to somebody else. >>That accountability is key, especially when we're talking about the, the threat landscape and how it's evolving day to day. That's >>Exactly right. Accountability of your suppliers or, or your security vendors, accountability of your people and your processes, and not having to wait for the bad guys to show up, to test your posture. That's, what's really important. Another story is interesting. This customer did everything right. It was a banking customer, large environment, and they had Ford net installed as their, as their EDR type platform. And they, they initiate us as a pen test and we're able to get code execution on one of their machines. And from there laterally maneuver to become a domain administrator, which insecurity is a really big deal. So they came back and said, this is absolutely not possible. Ford net should have stopped that from occurring. And it turned out because we showed the path and the proof and the impact Forder net was misconfigured on three machines out of 5,000. And they had no idea. Wow. So it's one of those you wanna don't trust that your tools are working. Don't trust your processes. Verify them, show me we're secure today. Show me we're secured tomorrow. And then show me again, we're secure next week, because my environment's constantly changing. And the, and the adversary always has a vote, >>Right? The, the constant change in flux is, is huge challenge for organizations, but those results clearly speak for themselves. You, you talked about the speed in terms of time, how quickly can a customer deploy your technology, identify and remedy problems in their environment. >>Yeah. You know, this fine fix verify aha moment. If you will. So traditionally a customer would have to maybe run one or two pen tests a year and then they'd go off and fix things. They have no capacity to test them cuz they don't have the internal attack expertise. So they'd wait for the next pen test and figure out that they were still exploitable. Usually this year's pen test results look identical the last years that isn't sustainable. So our customers shift from running one or two pen tests a year to 40 pen tests a month. And they're in this constant loop of finding, fixing and verifying all of the weaknesses in their infrastructure. Remember there's infrastructure, pen testing, which is what we are really good at. And then there's application level pen testing that humans are much better at solving. Okay. So we focus on the infrastructure side, especially at scale, but can you imagine so 40 pen tests a month, they run from the perimeter, the inside from a specific subnet from work from home machines, from the cloud. And they're running these pen tests from many different perspectives to understand what does the attacker see from each of these locations in their organization and how do they systemically fix those issues? And what they look at is how many critical problems were found, how quickly were they fixed? How often do they reoccur? And that third metric is important because you might fix something. But if it shows up again next week, because you've got bad automation, you're not gonna you're in a rat race. So you wanna look at that reoccurrence rate also >>The recurrence rate. What are you most excited about as obviously the threat landscape continues to evolve, but what are you most excited about for the company and what it is that you're able to help organizations across industries achieve in such tumultuous times? Yeah. You >>Know, one of the coolest things is back because I was a customer for many of these products, I, I despised threat intelligence products. I despised them because they were basically generic blog posts maybe delivered as a, as a, as a data feed to my Splunk environment or something. But they're always really generic. Like you may have a problem here. And as a result, they weren't very actionable. So one of the really cool things that we do, it's just part of the product is this concept of, of flares flares that we shoot up. And the idea is not to be, to cause angst or anxiety or panic, but rather we look at threat intelligence and then because all, all the insights we have from your pen test results, we connect those two together and say your VMware horizon instance at this IP is exploitable. You need to fix it as fast as possible or as very likely to be exploited. >>And here is the threat intelligence and in the news from CSUN elsewhere, that shows why it's important. So I think what is really cool is we're able to take together threat intelligence out in the wild combined with very precise understanding of your environment, to give you very accurate and actionable starting points for what you need to go fix or test or verify. And when we do that, what we see is almost like, imagine this ball bouncing, that is the first drop of the ball. And then that drives the first major pen test. And then they'll run all these subsequent pen tests to continue to find and fix and verify. And so what we see is this tremendous amount of AC excitement from customers that we're actually giving them accurate, detailed information to take advantage of, and we're not causing panic and we're not causing alert, fatigue as a result. >>That's incredibly important in this type of environment. Last question for you. If, if autonomous pen testing is obviously critical and has tremendous amount of potential for organizations, but it's not, it's only part of the equation. What's the larger vision. >>Yeah. You know, we are not a pen testing company and that's something we decided upfront. Pen testing is a sensor. It collects and understands a tremendous amount of data for your attack surface. So the natural next thing is to analyze the pen test results over time, to start to give you a more accurate understanding of your governance risk and compliance posture. So now what happens is we are able to allow customers to go run 40 pen tests a month. And that kind of becomes the, the initial land or flagship product. But then from there we're able to upsell or increase value to our customers and start to compete and take out companies like security scorecard or risk IQ and other companies like that, where there tended to be. I was a user of all those tools, a lot of garbage in garbage out, okay, where you can't fill out a spreadsheet and get an accurate understanding of your risk posture. You need to look at your detailed pen, test results over time and use that to accurately understand what are your hotspots, what's your recurrence rate and so on. And being able to tell that story to your auditors, to your regulators, to the board. And actually it gives you a much more accurate way to show return on investment of your security spend also, which >>Is huge. So where can customers and, and those that are interested go to learn more. >>So horizon three.ai is the website. That's a great starting point. We tend to very much rely on social channels. So LinkedIn in particular to really get our stories out there. So finding us on LinkedIn is probably the next best thing to go do. And we're always at the major trade shows and events also. >>Excellent SNA. It's been a pleasure talking to you about horizon three. What it is that you guys are doing, why and the greater vision we appreciate your insights and your time. >>Thank you, likewise. >>All right. For my guest. I'm Lisa Martin. We wanna thank you for watching the AWS startup showcase. We'll see you next time.

>>EDR NDR, what are the differences, which one's better? Are they better together? Today's security stack contains a lot of different tools and types of data and fortunate, as you know, this creates data silos, which leads to vis visibility gaps. EDR is endpoint detection and response. It's designed to monitor and mitigate endpoint attacks, which are typically focused on computers and servers, NDR network detection, and response. On the other hand, monitors network traffic to gain visibility into potential or active cyber threats, delivering real time visibility across the broader network. One of the biggest advantages that NDR has over EDR is that bad actors can hide or manipulate endpoint data, pretty easily network data. On the other hand, much harder to manipulate because attackers and malware can avoid detection at the endpoint. NDR, as you're gonna hear is the only real source for reliable, accurate, and comprehensive data. >>All endpoints use the network to communicate, which makes your network data, the ultimate source of truth. My name is Lisa Martin, and today on the special cube presentation, Tom Binkowski senior director of product marketing at net scout, and I are gonna explore the trends and the vital reasons why relying upon EDR is not quite enough. We're also gonna share with you the growing importance of advanced NDR. Welcome to the series, the growing importance of advanced NDR in the first segment, Tom's gonna talk with me about the trends that are driving enterprise security teams to implement multiple cyber security solutions that enable greater visibility, greater protection. We're also gonna explore Gartner's concept of the security operations center, SOC visibility triad, and the three main data sources for visibility, SIM EDR and NDR in segment two, Tom. And I will talk about the role of NDR and how it overcomes the challenges of EDR as Tom's gonna discuss, as you'll hear EDR is absolutely needed, but as he will explain it, can't be solely relied upon for comprehensive cybersecurity. And then finally, we'll come back for a third and final segment to discuss why not all NDR is created equal. Tom's gonna unpack the features and the capabilities that are most important when choosing an NDR solution. Let's do this. Here comes our first segment. >>Hey, everyone kicking things off. This is segment one. I'm Lisa Martin with Tom Binowski, senior director of product marketing at nets scout. Welcome to the growing importance of advanced NDR. Tom, great to have you on the program, >>Glad to be here. >>So we're gonna be talking about the trends that are driving enterprise security teams to implement multiple cyber security solutions that really enable greater visibility and protection. And there are a number of factors that continue to expand the ECAC service for enterprise networks. I always like to think of them as kind of the spreading amorphously you shared had shared some stats with me previously, Tom, some cloud adoption stats for 2022 94% of all enterprises today use a cloud service and more than 60% of all corporate data is store in the cloud. So, Tom, what are some of the key trends that nets scout is seeing in the market with respect to this? >>Yeah, so just to continue that, you know, those stats that, that migration of workloads to the cloud is a major trend that we're seeing in that was exasperated by the pandemic, right along with working from home. Those two things are probably the most dramatic changes that we we see out there today. But along with that is also this growing sophistication of the network, you know, today, you know, your network environment, isn't a simple hub and spoke or something like that. It is a very sophisticated combination of, you know, high speed backbones, potentially up to a hundred gigabits combination with partner networks. You have, like we said, workloads up in, in private clouds, pub public clouds. So you have this hybrid cloud environment. So, and then you have applications that are multi-tiered, there are pieces and parts. And in all of that, some on your premise, some up in a private cloud, some on a public cloud, some actually pulling data off when you a customer network or potentially even a, a partner network. So really, really sophisticated environment today. And that's requiring this need for very comprehensive network visibility, not only for, for cybersecurity purposes, but also just to make sure that those applications and networks are performing as you have designed them. >>So when it comes to gaining visibility into cyber threats, I, you talked about the, the sophistication and it sounds like even the complexity of these networks, Gartner introduced the concept of the security operations, visibility triad, or the SOC visibility triad break that down for us. It consists of three main data sources, but to break those three main data sources down for us. >>Sure. So Gartner came out a few years ago where they were trying to, you know, summarize where do security operations team get visibility into threats and they put together a triad and the three sides of the trier consists of one, the SIM security information event manager, two, the endpoint or, or data that you get from EDR systems, endpoint detection, response systems. And the third side is the network or the data you get from network detection, response systems. And, you know, they didn't necessarily say one is better than the other. They're basically said that you need all three in order to have comprehensive visibility for cybersecurity purposes. >>So talk, so all, all three perspectives are needed. Talk about what each provides, what are the different perspectives on threat detection and remediation? >>Yeah. So let's start with the SIM, you know, that is a device that is gathering alerts or logs from all kinds of different devices all over your network. Be it routers servers, you know, firewalls IDs, or even from endpoint detection and network detection devices too. So it is, it is the aggregator or consumer of all those alerts. The SIM is trying to correlate those alerts across all those different data sources and, and trying to the best it can to bubble up potentially the highest priority alerts or drawing correlations and, and, and, and giving you some guidance on, Hey, here's something that we think is, is really of importance or high priority. Here's some information that we have across these disparate data sources. Now go investigate the disadvantage of the SIM is that's all it gives you is just these logs or, or, or information. It doesn't give you any further context. >>Like what happened, what is really happening at the end point? Can I get visibility into the, into the files that were potentially manipulated or the, the registry setting or what, what happened on the network? And I get visibility into the packet date or things like that. It that's, so that's where it ends. And, and that's where the, so there other two sides of the equation come in, the endpoint will give you that deeper visibility, endpoint detection response. It will look for known and or unknown threats, you know, at that endpoint, it'll give you all kinds of additional information that is occurring in endpoint, whether it be a registry setting in memory on the file, et cetera. But you know, one of, some of its disadvantages, it's really difficult because really difficult to deploy pervasive because it requires an agent and, you know, not all devices can accept an agent, but what it miss, what is lacking is the context on the network. >>So if I was an analyst and I started pursuing from my SIM, I went down to the end point and, and said, I wanna investigate this further. And I hit a, I hit a dead end from some sort, or I realize that the device that's potentially I should be alerted to, or should be concerned about is an IOT device that doesn't even have an agent on it. My next source of visibility is on the network and that's where NDR comes in. It, it sees what's traversing. The entire network provides you visibility into that from both a metadata and even a ultimately a packer perspective. And maybe, you know, could be deployed a little bit more strategically, but you know, it doesn't have the perspective of the endpoint. So you can see how each of these sort of compliments each other. And that's why, you know, Gartner said that, that you need 'em all, then they all play a role. They all have their pros and cons or advantage and disadvantages, but, you know, bringing them and using 'em together is, is the key. >>I wanna kinda dig into some of the, the EDR gaps and challenges, as you talked about as, as the things evolve and change the network, environment's becoming far more sophisticated and as well as threat actors are, and malware is. So can you crack that open more on some of the challenges that EDR is presenting? What are some of those gaps and how can organizations use other, other, other data sources to solve them? >>Yeah, sure. So, you know, again, just be clear that EDR is absolutely required, right? We, we need that, but as sort of these network environments get more complex, are you getting all kinds of new devices being put on the network that devices being brought into the network that may be, you didn't know of B Y O D devices you have, I T devices, you know, popping up potentially by the thousands in, in, in some cases when new applications or world that maybe can't accept an and endpoint detection or an EDR agent, you may have environments like ICS and skate environments that just, you can't put an endpoint agent there. However, those devices can be compromised, right? You have different environments up in the cloud or SaaS environments again, where you may not be able to deploy an endpoint agent and all that together leaves visibility gaps or gaps in, in, in the security operation triad. Right. And that is basically open door for exploitation >>Open door. Go ahead. Sorry. >>Yeah. And then, then you just have the malware and the, and the attackers getting more sophisticated. They, they have malware that can detect an EDR agent running or some anti malware agent running on device. And they'll simply avoid that and move on to the next one, or they know how to hide their tracks, you know, whether it be deleting files, registry, settings, things like that. You know, so it's, that's another challenge that, that, that just an agent faces. Another one is there are certain applications like my SQL that are, you know, have ministry administrative rights into certain parts of the windows operate system that EDR doesn't have visibility into another area that maybe EDR may not have visibility is, is, is in, you know, malware that tries to compromise, you know, hardware, especially like bios or something like that. So there's a number of challenges as sort of the whole network environment and sophistication of bad actors and malware increases. >>Ultimately, I think one of the things that, that we've learned, and, and we've heard from you in this segment, is that doing business in, in today's digital economy, demands, agility, table stakes, right? Absolutely essential corporate digital infrastructures have changed a lot in response to the dynamic environment, but its businesses are racing to the clouds. Dave Alane likes to call it the forced March to the cloud, expanding activities across this globally distributed digital ecosystem. They also sounds like need to reinvent cybersecurity to defend this continuously expanding threat surface. And for that comprehensive network, visibility is, as I think you were saying is really, really fundamental and more advanced network detection is, and responses required. Is that right? >>That's correct. You know, you know, we, we at ESCO, this is, this is where we come from. Our perspective is the network. It has been over for over 30 years. And, and we, as well as others believe that that network visibility, comprehensive network visibility is fundamental for cyber security as well as network performance and application analysis. So it, it, it's sort of a core competency or need for, for modern businesses today. >>Excellent. And hold that thought, Tom, cause in a moment, you and I are gonna be back to talk about the role of NDR and how it overcomes the challenges of EDR. You're watching the cube, the leader in enterprise tech coverage. Hey everyone, welcome back. This is segment two kicking things off I'm Lisa Martin with Tom Binkowski, senior director of product marketing at nets scout, Tom, great to have you back on the program. >>Good to be here. >>We're gonna be talking about the growing importance of advanced NDR in this series. In this segment specifically, Tom's gonna be talking about the role of NDR and how it overcomes the challenges of EDR. So Tom, one of the things that we talked about previously is one of the biggest advantages that NDR has over EDR is that bad actors can hide or manipulate endpoint data pretty easily, whereas network data, much harder to manipulate. So my question, Tom, for you is, is NDR the only real source for reliable, accurate, comprehensive data. >>I'm sure that's arguable, right? Depending on who you are as a vendor, but you know, it's, it's our, our answer is yes, NDR solutions also bring an analyst down to the packet level. And there's a saying, you know, the, the packet is the ultimate source or source of truth. A bad actor cannot manipulate a packet. Once it's on the wire, they could certainly manipulate it from their end point and then blast it out. But once it hits the wire, that's it they've lost control of it. And once it's captured by a network detection or, or network monitoring device, they can't manipulate it. They can't go into that packet store and, and manipulate those packets. So the ultimate source of truth is, is lies within that packet somewhere. >>Got you. Okay. So as you said in segment one EDR absolutely necessary, right. But you did point out it can't organizations can't solely rely on it for comprehensive cybersecurity. So Tom, talk about the benefits of, of this complimenting, this combination of EDR and NDR and, and how can that deliver more comprehensive cybersecurity for organizations? >>Yeah, so, so one of the things we talked about in the prior segment was where EDR, maybe can't be deployed and it's either on different types of devices like IOT devices, or even different environments. They have a tough time maybe in some of these public cloud environments, but that's where NDR can, can step in, especially in these public cloud environments. So I think there's a misconception out there that's difficult to get packet level or network visibility and public clouds like AWS or Azure or Google and so on. And that's absolutely not true. They have all kinds of virtual tapping capabilities that an NDR solution or network based monitoring solution could take advantage of. And one of the things that we know we spoke about before some of that growing trends of migrating workloads to the cloud, that's, what's driving that those virtual networks or virtual taps is providing visibility into the performance and security of those workloads. >>As they're migrated to public clouds, NDR can also be deployed more strategically, you know, prior segment talking about how the, in order to gain pervasive visibility with EDR, you have to deploy an agent everywhere agents can't be deployed everywhere. So what you can do with NDR is there's a lot fewer places in a network where you can strategically deploy a network based monitoring device to give you visibility into not only that north south traffic. So what's coming in and out of your network, but also the, the, the, the east west traffic too west traversing, you know, within your network environment between different points of your op your, your multi-tiered application, things like that. So that's where, you know, NDR has a, a, a little bit more advantage. So fewer points of points in the network, if you will, than everywhere on every single endpoint. And then, you know, NDR is out there continuously gathering network data. It's both either before, during, and even after a threat or an attack is, is detected. And it provides you with this network context of, of, you know, what's happening on the wire. And it does that through providing you access to, you know, layer two through layer seven metadata, or even ultimately packets, you know, the bottom line is simply that, you know, NDR is providing, as we said before, that that network context that is potentially missing or is missing in EDR. >>Can you talk a little bit about XDR that kind of sounds like a superhero name to me, but this is extended detection and response, and this is an evolution of EDR talk to us about XDR and maybe EDR NDR XDR is really delivering that comprehensive cybersecurity strategy for organizations. >>Yeah. So, you know, it's, it's interesting. I think there's a lot of confusion out there in the industry. What is, what is XDR, what is XDR versus an advanced SIM, et cetera. So in some cases, there are some folks that don't think it's just an evolution of EDR. You know, to me, XDR is taking, look at these, all these disparate data sources. So going back to our, when our first segment, we talked about the, the, the security operations center triad, and it has data from different perspectives, as we were saying, right? And XCR, to me is the, is, is trying to bring them all together. All these disparate data source sets or sources bring them together, conduct some level of analysis on that data for the analyst and potentially, you know, float to the top. The most, you know, important events are events that we, that you know, that the system deems high priority or most risky and so on. But as I, as I'm describing this, I know there are many advanced Sims out there trying to do this today too. Or they do do this today. So this there's this little area of confusion around, you know, what exactly is XDR, but really it is just trying to pull together these different sources of information and trying to help that analyst figure out, you know, what, where's the high priority event that's they should be looking at, >>Right? Getting those high priority events elevated to the top as soon as possible. One of the things that I wanted to ask you about was something that occurred in March of this year, just a couple of months ago, when the white house released a statement from president Biden regarding the nation's cyber security, it included recommendations for private companies. I think a lot of you are familiar with this, but the first set of recommendations were best practices that all organizations should already be following, right? Multifactor authentication, patching against known vulnerabilities, educating employees on the phishing attempts on how to be effective against them. And the next statement in the president's release, focus on data safety practices, also stuff that probably a lot of corporations doing encryption maintaining offline backups, but where the statement focused on proactive measures companies should take to modernize and improve their cybersecurity posture. It was vague. It was deploy modern security tools on your computers and devices to continuously look for and mitigate threats. So my question to you is how do, how do you advise organizations do that? Deploy modern security tools look for and mitigate threats, and where do the data sources, the SOC tri that we talked about NDR XDR EDR, where did they help fit into helping organizations take something that's a bit nebulous and really figure out how to become much more secure? >>Yeah, it was, it was definitely a little vague there with that, with that sentence. And also if you, if you, I think if, if you look at the sentence, deploy modern security tools on your computers and devices, right. It's missing the network as we've been talking about there, there's, there's a key, key point of, of reference that's missing from that, from that sentence. Right. But I think what they mean by deploying monitor security tools is, is really taking advantage of all these, these ways to gain visibility into, you know, the threats like we've been talking about, you're deploying advanced Sims that are pulling logs from all kinds of different security devices or, and, or servers cetera. You're, you're deploying advanced endpoint detection systems, advanced NDR systems. And so on, you're trying to use, you're trying to utilize XDR new technology to pull data from all those different sources and analyze it further. And then, you know, the other one we, we haven't even mentioned yet. It was the, so the security operation and automation, right. Response it's now, now what do we do? We've detected something, but now help me automate the response to that. And so I think that's what they mean by leveraging modern, you know, security tools and so on >>When you're in customer conversations, I imagine they're coming to, to Netscale looking for advice like what we just talked through the vagueness in that statement and the different tools that organizations can use. So when you're talking to customers and they're talking about, we need to gain visibility across our entire network, across all of our devices, from your perspective from net Scout's perspective, what does that visibility actually look like and deliver across an organization that does it well? >>Yeah, we, I mean, I think the simple way to put it is you need visibility. That is both broad and deep. And what I mean by broad is that you need visibility across your network, no matter where that network may reside, no matter what protocols it's running, what, you know, technologies is it, is it virtualized or, or legacy running in a hundred gigabits? Is it in a private cloud, a public cloud, a combination of both. So that broadness, meaning wherever that network is or whatever it's running, that's, that's what you need visibility into. It has to be able to support that environment. Absolutely. And the, the, absolutely when I, we talk about being deep it's, it has to get down to a packet level. It can't be, you know, as high as say, just looking at net flow records or something like that, that they are valuable, they have their role. However, you know, when we talk about getting deep, it has to ultimately get down to the packet level and that's, and we've said this in this time that it's ultimately that source of truth. So that, that's what that's, I think that's what we need. >>Got it. That that depth is incredibly important. Thanks so much, Tom, for talking about this in a moment, you and I are gonna be back, we're gonna be talking about why not all NDR is created equally, and Tom's gonna actually share with you some of the features and capabilities that you should be looking for when you're choosing an NDR solution. You're watching the cube, the leader in enterprise tech coverage, >>And we're clear. >>All right. >>10 45. Perfect. You guys are >>Okay. Good >>Cruising. Well, >>Welcome back everyone. This is segment three. I'm Lisa Martin with Tom gin. Kowski senior director of product marketing at nets scout. Welcome back to the growing importance of advanced NDR in this segment, Tom and I are gonna be talking about the fact that not all NDR is created equally. He's gonna impact the features, the capabilities that are most important when organizations are choosing an NDR solution. Tom, it's great to have you back on the program. >>Great, great to be here. >>So we've, we've covered a lot of content in the first two segments, but as we, as we see enterprises expanding their it infrastructure, enabling the remote workforce, which is here to stay leveraging the crowd cloud, driving innovation, the need for cybersecurity approaches and strategies that are far more robust and deep is really essential. But in response to those challenges, more and more enterprises are relying on NDR solutions that fill some of the gaps that we talked about with some of the existing tool sets in the last segment, we talked about some of the gaps in EDR solutions, how NDR resolves those. But we also know that not all NDR tools are created equally. So what, in your perspective, Tom are some of the absolutely fundamental components of NDR tools that organizations need to have for those tools to really be robust. >>Yeah. So we, we, we touched upon this a little bit in the previous segment when we talked about first and foremost, your NDR solution is providing you comprehensive network visibility that must support whatever your network environment is. And it should be in a single tool. It shouldn't have a one vendor per providing you, you know, network visibility in the cloud and another vendor providing network visibility in a local network. It should be a single NDR solution that provides you visibility across your entire network. So we also talked about it, not only does it need to be broadened like that, but also has to be deep too, eventually down to a packet level. So those are, those are sort of fundamental table stakes, but the NDR solution also must give you the ability to access a robust source of layer two or layer three metadata, and then ultimately give you access to, to packets. And then last but not least that solution must integrate into your existing cybersecurity stack. So in the prior segments, we talked a lot about, you know, the, the SIM, so that, that, that NDR solution must have the ability to integrate into that SIM or into your XDR system or even into your source system. >>Let's kind of double click on. Now, the evolution of NDR can explain some of the differences between the previous generations and advanced NDR. >>Yeah. So let's, let's start with what we consider the most fundamental difference. And that is solution must be packet based. There are other ways to get network visibility. One is using net flow and there are some NDR solutions that rely upon net flow for their source of, of, of visibility. But that's too shallow. You ultimately, you need to get deeper. You need to get down to a pack level and that's again where some, so, you know, you, you want to make sure that your NDR or advanced NDR solution is packet based. Number two, you wanna make sure that when you're pulling packets off the wire, you can do it at scale, that full line rate and in any environment, as we, as we spoke about previously, whether it be your local environment or a public cloud environment, number three, you wanna be able to do this when your traffic is encrypted. As we know a lot of, lot of not of network traffic is encrypted today. So you have the ability to have to have the ability to decrypt that traffic and then analyze it with your NDR system. >>Another, another, another one number four is, okay, I'm not just pulling packets off the wire, throwing full packets into a data storage someplace. That's gonna, you know, fill up a disc in a matter of seconds, right? You want the ability to extract a meaningful set of metadata from layer two to layer seven, the OSI model look at key metrics and conducting initial set of analysis, have the ability to index and compress that data, that metadata as well as packets on these local storage devices on, you know, so having the ability to do this packet capture at scale is really important, storing that packets and metadata locally versus up in a cloud to, you know, help with some compliance and, and confidentiality issues. And then, you know, last final least when we talk about integration into that security stack, it's multiple levels of integration. Sure. We wanna send alerts up into that SIM, but we also want the ability to, you know, work with that XDR system to, or that, that source system to drill back down into that metadata packets for further analysis. And then last but not least that piece of integration should be that there's a robust set of information that these NDR systems are pulling off the wire many times in more advanced mature organizations, you know, security teams, data scientists, et cetera. They just want access to that raw data, let them do their own analysis outside, say the user interface with the boundaries of a, of a vendor's user interface. Right? So have the ability to export that data too is really important and advance in the systems. >>Got it. So, so essentially that the, the, the breadth, the visibility across the entire infrastructure, the depth you mentioned going down to a packet level, the scale, the metadata encryption, is that what net scout means when you talk about visibility without borders? >>Yeah, exactly. You know, we, we have been doing this for over 30 years, pulling packets off of wire, converting them using patent technology to a robust set of metadata, you know, at, at full line rates up to a hundred in any network environment, any protocols, et cetera. So that, that's what we mean by that breadth. And in depth of visibility, >>Can you talk a little bit about smart detection if we say, okay, advanced NDR needs to deliver this threat intelligence, but it also needs to enable smart detection. What does net scout mean by that? >>So what you wanna make sure you have multiple methods of detection, not just a methods. So, you know, not just doing behavioral analysis or not just detecting threats based on known indicators or compromise, what you wanna wanna have multiple ways of detecting threats. It could be using statistical behavioral analysis. It could be using curated threat intelligence. It could be using, you know, open source signature engine, like from Sara COTA or other threat analytics, but to, but you also wanna make sure that you're doing this both in real time and have the ability to do it historically. So after a, a threat has been detected, for example, with another, with another product, say an EDR device, you now want the ability to drill into the data from the network that had occurred in, in, you know, prior to this. So historically you want the ability to comb through a historical set of metadata or packets with new threat intelligence that you've you've gathered today. I wanna be able to go back in time and look through with a whole new perspective, looking for something that I didn't know about, but you know, 30 days ago. So that's, that's what we, what we mean by smart detection. >>So really what organizations need is these tools that deliver a far more comprehensive approach. I wanna get into a little bit more on in integration. You talked about that in previous segments, but can you, can you give us an example of, of what you guys mean by smart integration? Is that, what does that deliver for organizations specifically? >>Yeah, we really it's three things. One will say the integration to the SIM to the security operations center and so on. So when, when an ed, when an NDR device detects something, have it send an alert to the SIM using, you know, open standards or, or, or like syslog standards, et cetera, the other direction is from the SIM or from the so, so one, you know, that SIM that, so is receiving information from many different devices that are, or detecting threats. The analyst now wants the ability to one determine if that's a true threat or not a false positive, if it is a true threat, you know, what help me with the remediation effort. So, you know, an example could be an alert comes into a SIM slash. So, and part of the playbook is to go out and grab the metadata packets associated with this alert sometime before and sometime after when that alert came in. >>So that could be part of the automation coming from the SIM slash. So, and then last one, not least is we alluded to this before is having the ability to export that robust set of layer two through layer seven metadata and or packets to a third party data lake, if you will, and where analysts more sophisticated analysts, data scientists, and so on, can do their own correlation, enrich it with their own data, combined it with other data sets and so on, do their own analysis. So it's that three layers of, of integration, if you will, that really what should be an advanced NDR system? >>All right, Tom, take this home for me. How does nets scout deliver advanced NDRs for organizations? >>We do that via solution. We call Omni the security. This is Netscout's portfolio of, of multiple different cyber security products. It all starts with the packets. You know, our core competency for the last 30 years has been to pull packets off the wire at scale, using patented technologies, for example, adapt service intelligence technologies to convert those broad packets into robust set of layer seven layer two through seven metadata. We refer to that data as smart data with that data in hand, you now have the ability to conduct multiple types of threat detection using statistical behavioral, you know, curative threat intelligence, or even open source. So rules engine, you have the ability to detect threats both in real time, as well as historically, but then a solution goes beyond just detecting threats or investigating threats has the ability to influence the blocking of threats too. So we have integrations with different firewall vendors like Palo Alto, for example, where they could take the results of our investigation and then, you know, create policies, blocking policies into firewall. >>In addition to that, we have our own Omni a E D product or our Arbor edge defense. That's, that's a product that sits in front of the firewall and protects the firewall from different types of attacks. We have integration that where you can, you can also influence policies being blocked in the a E and in last but not least, our, our solution integrates this sort of three methods of integration. As we mentioned before, with an existing security system, sending alerts to it, allowing for automation and investigation from it, and having the ability to export our data for, you know, custom analysis, you know, all of this makes that security stack that we've been talking about better, all those different tools that we have. That's that operations triads that we talked about or visibility triad, we talked about, you know, our data makes that entire triad just better and makes the overall security staff better and makes overall security just, just better too. So that, that that's our solution on the security. >>Got it. On the security. And what you've talked about did a great job. The last three segments talking about the differences between the different technologies, data sources, why the complimentary and collaborative nature of them working together is so important for that comprehensive cybersecurity. So Tom, thank you so much for sharing such great and thoughtful information and insight for the audience. >>Oh, you're welcome. Thank you. >>My pleasure. We wanna thank you for watching the program today. Remember that all these videos are available@thecube.net, and you can check out today's news on Silicon angle.com and of course, net scout.com. We also wanna thank net scout for making this program possible and sponsoring the cube. I'm Lisa Martin for Tomski. Thanks for watching and bye for now.