hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

>>Welcome back to the cubes coverage of dr khan 2021. I'm john for your host of the cube. We're here with Amanda Silver, corporate vice president, product developer division at Microsoft. Amanda, Great to see you you were on last year, Dr khan. Great to see you again a full year later were remote. Thanks for coming on. I know you're super busy with build happening this week as well. Thanks for making the time to come on the cube for Dr khan. >>Thank you so much for having me. Yeah, I'm joining you like many developers around the globe from my personal home office, >>developers really didn't skip a beat during the pandemic and again, it was not a good situation but developers, as you talked about last year on the front lines, first responders to creating value quite frankly, looking back you were pretty accurate in your prediction, developers did have an impact this year. They did create the kind of change that really changed the game for people's lives, whether it was developing solutions from a medical standpoint or even keeping systems running from call centres to making sure people got their their their goods or services and checks and and and kept sanity together. So. >>Yeah absolutely. I mean I think I think developers you know get the M. V. P. Award for this year because you know at the end of the day they are the digital first responders to the first responders and the pivot that we've had to make over the past year in terms of supporting remote telehealth, supporting you know online retail, curbside pickup. All of these things were done through developers being the ones pushing the way forward remote learning. You know my kids are learning at home right behind me right now so you might hear them during the interview that's happening because developers made that happen. >>I don't think mom please stop hogging the band with, they've got a gigabit. Stop it. Don't be streaming. My kids are all game anyway, Hey, great to have you on and you have to get the great keynote, exciting to see you guys continue the collaboration with Docker uh with GIT hub and Microsoft, A great combination, it's a 123 power punch of value. You guys are really kind of killing it. We heard from scott and dan has been on the cube. What's your thoughts on the partnership with the developer division team at Microsoft with Doctor, What's it all about this year? What's the next level? >>Well, I mean, I think, I think what's really awesome about this partnership is that we all have, we all are basically sharing a common mission. What we want to do is make sure that we're empowering developers, that we're focused on their productivity and that we're delivering value to them so they can do their job better so that they can help others. So that's really kind of what drives us day in and day out. So what we focus on is developer productivity. And I think that's a lot of what dana was talking about in her session, the developer division. Specifically, we really try to make sure that we're improving the state of the art from modern developers. So we want to make sure that every keystroke that they take, every mouse move that they make, it sounds like a song but every every one of those matter because we want to make sure that every developers writing the code that only they can write and in terms of the partnership and how that's going. You know my team and the darker team have been collaborating a ton on things like dr desktop and the Doctor Cli tool integrations. And one of the things that we do is we think about pain points and various workflows. We want to make sure that we're shaving off the edges of all of the user experience is the developers have to go through to piece all of these applications together. So one of the big pain points that we have heard from developers is that signing into the Azure cloud and especially our sovereign clouds was challenging. So we contributed back to uh back to doctor to actually make it easier to sign into these clouds. And so dr developers can now use dr desktop and the Doctor Cli to actually change the doctor context so that its Azure. So that makes it a lot easier to connect the other. Oh, sorry, go ahead. No, I was just >>going to say, I love the reference of the police song. Every breath you take, every >>mouth moving. Great, >>great line there. Uh, but I want to ask you while you're on this modern cloud um, discussion, what is I mean we have a lot of developers here at dr khan. As you know, you guys know developers in your ecosystem in core competency. From Microsoft, Kublai khan is a very operator like focus developed. This is a developer conference. You guys have build, what is the state of the art for a modern cloud developer? Could you just share your thoughts because this comes up a lot. You know, what's through the art? What's next jan new guard guard? It's his legacy. What is the state of the art for a modern cloud developer? >>Fantastic question. And extraordinarily relevant to this particular conference. You know what I think about often times it's really what is the inner loop and the outer loop look like in terms of cycle times? Because at the end of the day, what matters is the time that it takes for you to make that code change, to be able to see it in your test environment and to be able to deploy it to production and have the confidence that it's delivering the feature set that you need it to. And it's, you know, it's secure, it's reliable, it's performance, that's what a developer cares about at the end of the day. Um, at the same time, we also need to make sure that we're growing our team to meet our demand, which means we're constantly on boarding new developers. And so what I take inspiration from our, some of the tech elite who have been able to invest significant amounts in, in tuning their engineering systems, they've been able to make it so that a new developer can join a team in just a couple of minutes or less that they can actually make a code change, see that be reflected in their application in just a few seconds and deploy with confidence within hours. And so our goal is to actually be able to take that state of the art metric and democratize that actually bring it to as many of our customers as we possibly can. >>You mentioned supply chain earlier in securing that. What are you guys doing with Docker and how to make that partnership better with registries? Is there any update there in terms of the container registry on Azure? >>Yeah, I mean, you know, we, we we have definitely seen recent events and and it almost seems like a never ending attacks that that you know, increasingly are getting more and more focused on developer watering holes is how we think about it. Kind of developers being a primary target um for these malicious hackers. And so what it's more important than ever that every developer um and Microsoft especially uh really take security extraordinarily seriously. Our engineers are working around the clock to make sure that we are responding to every security incident that we hear about and partnering with our customers to make sure that we're supporting them as well. One of the things that we announced earlier this week at Microsoft build is that we've actually taken, get have actions and we've now integrated that into the Azure Security Center. And so what this means is that, you know, we can now do things like scan for vulnerabilities. Um look at things like who is logging in, where things like that and actually have that be tracked in the Azure security center so that not just your developers get that notification but also your I. T. Operations. Um In terms of the partnership with dR you know, this is actually an ongoing partnership to make sure that we can provide more guidance to developers to make sure that they are following best practices like pulling from a private registry like Docker hub or at your container registry. So I expect that as time goes on will continue to more in partnership in this space >>and that's going to give a lot of confidence. Actually, productivity wise is going to be a big help for developers. Great stuff is always good, good progress. They're moving the needle. >>Last time we >>spoke we talked about tools and setting Azure as the doctor context duty tooling updates here at dot com this year. That's notable. >>Yeah, I mean, I think, you know, there's one major thing that we've been working on which has a big dependency on docker is get help. Code space is now one of the biggest pain points that developers have is setting up a new DEV box, which they often have to do when they are on boarding a new employee or when they're starting a new project or even if they're just kicking the tires on a new technology that they want to be able to evaluate and sometimes creating a developer environment can actually take hours um and especially when you're trying to create a developer environment that matches somebody else's developer environment that can take like a half a day and you can spend all of your time just debugging the differences in environment variables, for example, um, containers actually makes that much easier. So what you can do with this, this services, you can actually create death environment spun up in the cloud and you can access it in seconds and you get from there are working coding environment and a runtime environment and this is repeatable via containers. So it means that there's no inadvertent differences introduced by each DEV. And you might be interested to know that underneath this is actually using Docker files and dr composed to orchestrate the debits and the runtime bits for a whole bunch of different stacks. And so this is something that we're actually working on in collaboration with the with the doctor team to have a common the animal format. And in fact this week we actually introduced a couple of app templates so that everybody can see this all in action. So if you check out a ca dot m s forward slash app template, you can see this in action yourself. >>You guys have always had such a strong developer community and one thing I love about cloud as it brings more agility, as we always talk about. But when you start to see the enterprise grow into, the direction is going now, it's almost like the developer communities are emerging, it's no longer about all the Lennox folks here and the dot net folks there, you've got windows, you've got cloud, >>it's almost >>the the the solidification of everyone kind of coming together. Um and visual studio, for instance, last year, I think you were talking about that to having to be interrogated dr composed, et cetera. >>How do you see >>this melting pot emerging? Because at the end of the day, you pick the language you love and you got devops, which is infrastructure as code doesn't matter. So give us your take on where we are with that whole progress of of making that happen. >>Well, I mean I definitely think that, you know, developer environments and and kind of, you know, our approach to them don't need to be as dogmatic as they've been in the past. I really think that, you know, you can pick the right tool and language and stand developer stack for your team, for your experience and you can be productive and that's really our goal. And Microsoft is to make sure that we have tools for every developer and every team so that they can build any app that they want to want to create. Even if that means that they're actually going to end up ultimately deploying that not to our cloud, they're going to end up deploying it to AWS or another another competitive cloud. And so, you know, there's a lot of things that we've been doing to make that really much easier. We have integrated container tools in visual studio and visual studio code and better cli integrations like with the doctor context that we had talked about a little bit earlier. We continue to try to make it easier to build applications that are targeting containers and then once you create those containers it's much easier to take it to another environment. One of the examples of this kind of work is now that we have WsL and the Windows subsystem for Lennox. This makes it a lot easier for developers who prefer a Windows operating system as their environment and maybe some tools like Visual Studio that run on Windows, but they can still target Lennox with as their production environment without any impedance mismatch. They can actually be as productive as they would be if they had a Linux box as their Os >>I noticed on this session, I got to call this out. I want to get your reaction to it interesting. Selection of Microsoft talks, the container based development. Visual studio code is one that's where you're going to show some some some container action going on with note and Visual Studio code. And then you get the machine learning with Azure uh containers in the V. S. Code. Interesting how you got, you know, containers with V. S. And now you've got machine learning. What does that tell the world about where Microsoft's at? Because in a way you got the cutting edge container management on one side with the doctor integration. Now you get the machine learning which everyone's talking about shifting, left more automation. Why are these sessions so important? Why should people attend? And what's the what's the bottom line? >>Well, like I said, like containers basically empower developer productivity. Um that's what creates the reputable environments, that's what allows us to make sure that, you know, we're productive as soon as we possibly can be with any text act that we want to be able to target. Um and so that's kind of almost the ecosystem play. Um it's how every developer can contribute to the success of others and we can amor ties the kinds of work that we do to set up an environment. So that's what I would say about the container based development that we're doing with both visual studio and visual studio code. Um in terms of the machine learning development, uh you know, the number of machine learning developers in the world is relatively small, but it's growing and it's obviously a very important set of developers because to train a machine learning uh to train an ml model, it actually requires a significant amount of compute resources, and so that's a perfect opportunity to bring in the research that are in a public cloud. Um What's actually really interesting about that particular develop developer stack is that it commonly runs on things like python. And for those of you who have developed in python, you know, just how difficult it is to actually set up a python environment with the right interpreter, with the right run time, with the right libraries that can actually get going super quickly, um and you can be productive as a developer. And so it's actually one of the hardest, most challenging developer stacks to actually set up. And so this allows you to become a machine learning developer without having to spend all of your time just setting up the python runtime environment. >>Yeah, it's a nice, nice little call out on python, it's a double edged sword. It's easier to sling code around on one hand, when you start getting working then you gotta it gets complicated can get well. Um Well the great, great call out there on the island, but good, good, good project. Let me get your thoughts on this other tool that you guys are talking about project tie. Uh This is interesting because this is a trend that we're seeing a lot of conversations here on the cube about around more too many control planes. Too many services. You know, I no longer have that monolithic application. I got micro micro applications with microservices. What the hell is going on with my services? >>Yeah, I mean, I think, you know, containers brought an incredible amount of productivity in terms of having repeatable environments, both for dev environments, which we talked about a lot on this interview already, but also obviously in production and test environments. Super important. Um and with that a lot of times comes the microservices architecture that we're also moving to and the way that I view it is the microservices architecture is actually accompanied by businesses being more focused on the value that they can actually deliver to customers. And so they're trying to kind of create separations of concerns in terms of the different services that they're offering, so they can actually version and and kind of, you know, actually improve each of these services independently. But what happens when you start to have many microservices working together in a SAS or in some kind of aggregate um service environment or kind of application environment is it starts to get unwieldy, it's really hard to make it so that one micro service can actually address another micro service. They can pass information back and forth. And you know what used to be maybe easy if you were just building a client server application because, you know, within the server tear all of your code was basically contained in the same runtime environment. That's no longer the case when every microservices actually running inside of its own container. So the question is, how can we improve program ability by making it easier for one micro service that's being used in an application environment, be to be able to access another another service and kind of all of that context. Um and so, you know, you want to be able to access the service is the the api endpoint, the containers, the ingress is everything, make everything work together as though it felt just as easy as as um you know, server application development. Um And so what this means as well is that you also oftentimes need to get all of these different containers running at the same time and that can actually be a challenge in the developer and test loop as well. So what project tie does is it improves the program ability and it actually allows you to just write a command like thai run so that you can actually in stan she ate all of these containers and get them up and running and basically deploy and run your application in that environment and ultimately make the dev testing or loop much faster >>than productivity gain. Right. They're making it simple to stand up. Great, great stuff. Let me ask you a question as we kind of wrap down here for the folks here at Dakar Con, are >>there any >>special things you'd like to talk about the development you think are important for the developers here within this space? It's very dynamic. A lot of change happening in a good way. Um, but >>sometimes it's hard to keep >>track of all the cool stuff happening. Could you take a minute to, to share your thoughts on what you think are the most important develops developments in this space? That that might be interesting to ducker con attendees. >>I think the most important things are to recognize that developer environments are moving to containerized uh, environments themselves so that they can be repeated, they can be shared, the work, configuring them can be amortized across many developers. That's important thing. Number one important thing. Number two is it doesn't matter as much what operating system you're running as your chrome, you know, desktop. What matters is ultimately the production environment that you're targeting. And so I think now we're in a world where all of those things can be mixed and matched together. Um and then I think the next thing is how can we actually improve microservices, uh programming development together um so that it's easier to be able to target multiple micro services that are working in aggregate uh to create a single service experience or a single application. And how do we improve the program ability for that? >>You know, you guys have been great supporters of DACA and the community and open source and software developers as they transform and become quite frankly the superheroes for the transformation, which is re factoring businesses. So this has been a big thing. I'd love to get your thoughts on how this is all coming together inside Microsoft, you've got your division, you get the developer division, you got GIT hub, got Azure. Um, and then just historically, and he put this up last year army of an ecosystem. People who have been contributing encoding with Microsoft and the partners for many, many decades. >>Yes. The >>heart Microsoft now, how's it all working? What's the news? I get Lincoln, Lincoln, but there's no yet developer model there yet, but probably is soon. >>Um Yeah, I mean, I think that's a pretty broad question, but in some ways I think it's interesting to put it in the context of Microsoft's history. You know, I think when I think back to the beginning of my career, it was kind of a one stack shop, you know, we was all about dot net and you know, of course we want to dot net to be the best developer environment that it can possibly be. We still actually want that. We still want that need to be the most productive developer environment. It could we could possibly build. Um but at the same time, I think we have to recognize that not all developers or dot net developers and we want to make sure that Azure is the most productive cloud for developers and so to do that, we have to make sure that we're building fantastic tools and platforms to host java applications, javascript applications, no Js applications, python applications, all of those things, you know, all of these developers in the world, we want to make sure it can be productive on our tools and our platforms and so, you know, I think that's really kind of the key of you know what you're speaking of because you know, when I think about the partnership that I have with the GIT hub team or with the Azure team or with the Azure Machine learning team or the Lincoln team, um A lot of it actually comes down to helping empower developers, improving their productivity, helping them find new developers to collaborate with, um making sure that they can do that securely and confidently and they can basically respond to their customers as quickly as they possibly can. Um and when, when we think about partnering inside of Microsoft with folks like linkedin or office as an example, a lot of our partnership with them actually comes down to improving their colleagues efficiency. We build the developer tools that office and lengthen are built on top of and so every once in a while we will make an improvement that has, you know, 5% here, 3% there and it turns into an incredible amount of impact in terms of operations, costs for running these services. >>It's interesting. You mentioned earlier, I think there's a time now we're living in a time where you don't have to be dogmatic anymore, you can pick what you like and go with it. Also that you also mentioned just now this idea of distributed applications, distributed computing. You know, distributed applications and microservices go really well together. Especially with doctor. >>Can you share >>your thoughts on the framework that you guys released called Dapper? >>Yeah, yeah. We recently released Dapper. It's called D A P R. You can look it up on GIT hub and it's a programming model for common microservices pattern, two common microservices patterns that make it really easy and automatic to create those kinds of microservices. So you can choose to work with your favorite state stores or databases or pub sub components and get things like cloud events for free. You can choose either http or g R B C so that you can get mesh capabilities like service discovery and re tries and you can bring your own secret store and easily be able to call it from any environment variable. It's also like I was talking about earlier, multi lingual. Um so you don't need to embrace dot net, for example, as you're programming language to be able to benefit from Dapper, it actually supports many programming languages and Dapper itself is actually written and go. Um and so, you know, all developers can benefit from something like Dapper to make it easier to create microservices applications. >>I mean, always great to have you on great update. Take a minute to give an update on what's going on with your division. I know you had to build conference this week. V. S has got the new preview title. We just talked about what are the things you want to get to plug in for? Take a minute to get to plug in for what you're working on, your goals, your objectives hiring, give us the update. >>Yeah, sure. I mean, you know, we we built integrated container tools in visual studio uh and the Doctor extension and Visual Studio code and cli extensions. Uh and you know, even in this most recent release of our Visual Studio product, Visual Studio 16 10, we added some features to make it easier to use DR composed better. So one of the examples of this is that you can actually have uh Oftentimes you need to be able to use multiple doctor composed files together so that you can actually configure various different container environments for a single single application. But it's hard sometimes to create the right Yeah. My file so that you can actually invoke it and invoke the the container and the micro services that you need. And so what this allows you to do is to actually have just a menu of the different doctor composed files so that you can select the runtime and test environment that you need for the subset of the portion of the application that you're working on at the end of the day. This is always about developer productivity. You know, like I said, every keystroke matters. Um and we want to make sure that you as a developer can focus on the code that only you can Right. >>Amanda Silver, corporate vice president product development division of Microsoft. Always great to see you and chat with you remotely soon. We'll be back in in real life with real events soon as we come out of the pandemic and thanks for sharing your insight and congratulations on your success this year and and congratulations on your announcement here at Dakar Gone. >>Thank you so much for having me. >>Okay Cube coverage for Dunkirk on 2021. I'm John for your host of the Cube. Thanks for watching. Mhm

>>Hi, everyone. Good afternoon. Thank you for joining this session. I feel honored to be invited to speak here today. And I also appreciate entity research Summit members for organ organizing and giving this great opportunity. Please let me give a quick introduction. First, I'm a Takashi from Marvin American population, and I'm leading technology scouting and global ation with digital health companies such as Business Alliance and Strategically Investment in North America. And since we started to focus on this space in 2016 our team is growing. And in order to bring more new technologies and services to Japan market Thesis year, we founded the new service theories for digital health business, especially, uh, in medical diagnosis space in Japan. And today I would like to talk how health care has been transformed for my micro perspective, and I hope you enjoy reasoning it. So what's happened since the US identify the first case in the middle of January, As everyone knows, unfortunately, is the damaged by this pandemic was unequal amongst the people in us. It had more determined tal impact on those who are socially and economically vulnerable because of the long, long lasting structural program off the U. S. Society and the Light Charity about daily case rating elevator country shows. Even in the community, the infection rate off the low income were 4.5 times higher than, uh, those of the high income and due to czar straight off the Corvette, about 14 million people are unemployed. The unique point off the U. S. Is that more than 60% of insurance is tied with employment, so losing a job can mean losing access to health care. And the point point here is that the Corvette did not create healthcare disparity but, uh nearly highlighted the underlying program and necessity off affordable care for all. And when the country had a need to increase the testing capacity and geographic out, treat the pharmacies and retails joined forces with existing stakeholders more than 90% off the U. S Corporation live within five miles off a community pharmacy such as CVS and Walgreen, so they can technically provide the test to everyone in all the community. And they also have a huge workforce memory pharmacist who are eligible to perform the testing scale, and this very made their potential in community based health care. Stand out and about your health has provided on alternative way for people to access to health care. At affordable applies under the unusual setting where social distancing, which required required mhm and people have a fear of infection. So they are afraid to take a public transportacion and visit >>the doctor the same thing supplied to doctor and the chart. Here is a number of total visit cranes by service type after stay at home order was issued across the U. S. By Ali April patient physical visits to doctor's offices or clinics declined by ALAN 70%. On the other hand, that share, or telehealth, accounted for 25% of the total total. Doctor's visit in April, while many states studied to re opening face to face visit is gradually recovering. And overall Tele Health Service did not offset the crime. Physician Physical doctor's visit and telehealth John never fully replace in person care. However, Telehealth has established a new way to provide affordable care, especially to vulnerable people, and I don't explain each player's today. But as an example, the chart shows the significant growth of the tell a dog who is one of the largest badger care and tell his provider, I believe there are three factors off paradox. Success under the pandemic. First, obviously tell Doc could reach >>the job between those patients and doctors. Majority of the patients who needed to see doctors who are those who have underlying health conditions and are high risk for Kelowna, Bilis and Secondary. They showed their business model is highly scalable. In the first quarter of this year, they moved quickly to expand their physical physicians network to increase their capacity and catch up growing demand. To some extent, they also contributed to create flexible job for the doctors who suffered from Lydia's appointment and surgery. They utilized. There are legalism to maximize the efficiency for doctors and doing so, uh, they have university maintained high quality care at affordable applies Yeah, and at the same time, the government recognize the body of about your care and de regulated traditional rules to sum up she m s temporary automated to pay a wide range of tell Her services, including hospital visit and HHS temporarily waived hip hop minorities for telehealth cases and they're changed allowed provider to use communication tools such as facetime and the messenger. During their appointment on August start, the government issued a new executive order to expand tell his services beyond the pandemic. So the government is also moving to support about your health care. So it was a quick review of the health care challenges and somewhat advancement in the pandemic. But as you understand, since those challenges are not caused by the pandemic, problems will stay remain and events off this year will continuously catalyze the transformation. So how was his cherished reshaped and where will we go? The topic from here can be also applied to Japan market. Okay, I believe democratization and decentralization healthcare more important than ever. So what does A. The traditional healthcare was defined in a framework over patient and a doctor. But in the new normal, the range of beneficiaries will be expanded from patient to all citizens, including the country uninsured people. Thanks to the technology evolution, as you can download health management off for free on iTunes stores while the range of the digital health services unable everyone to participate in new health system system. And in this slide, I put three essential element to fully realize democratization and decentralization off health care, health, literacy, data sharing and security, privacy and safety in addition, taken. In addition, technology is put at the bottom as a foundation off three point first. Health stimulus is obviously important because if people don't understand how the system works, what options are available to them or what are the pros and cons of each options? They can not navigate themselves and utilize the service. It can even cause a different disparity. Issue and secondary data must be technically flee to transfer. While it keeps interoperability ease. More options are becoming available to patient. But if data cannot be shared among stakeholders, including patient hospitals in strollers and budget your providers, patient data will be fragmented and people cannot yet continue to care which they benefited under current centralized care system. And this is most challenging part. But the last one is that the security aspect more players will involving decentralized health care outside of conventional healthcare system. So obviously, both the number of healthcare channels and our frequency of data sharing will increase more. It's create ah, higher data about no beauty, and so, under the new health care framework, we needed to ensure patient privacy and safety and also re examine a Scott write lines for sharing patient data and off course. Corbett Wasa Stone Catalyst off this you saved. But what folly. Our drivers in Macro and Micro Perspective from Mark Lowe. The challenges in healthcare system have been widely recognized for decades, and now he's a big pain. The pandemic reminded us all the key values. Misha, our current pain point as I left the church shores. Those are increasing the population, health sustainability for doctors and other social system and value based care for better and more affordable care. And all the elements are co dependent on each other. The light chart explained that providing preventive care and Alan Dimension is the best way threes to meet the key values here. Similarly, the direction of community based care and about your care is in line with thes three values, and they are acting to maximize the number of beneficiaries form. A micro uh, initiative by nonconventional players is a big driver, and both CBS and Walmart are being actively engaged in healthcare healthcare businesses for many years. And CBS has the largest walking clinic called MinuteClinic, Ottawa 1100 locations, and Walmart also has 20 primary clinics. I didn't talk to them. But the most interesting things off their recent innovation, I believe, is that they are adjusted and expanded their focus, from primary care to community health Center to out less to every every customer's needs. And CBS Front to provide affordable preventive health and chronic health monitoring services at 1500 CBS Health have, which they are now setting up and along a similar line would Mark is deploying Walmart Health Center, where, utilizing tech driven solutions, they provide affordable one stop service for core healthcare. They got less, uh, insurance status. For example, more than 40% of the people in U. S visit will not every big, so liberating the huge customer base and physical locations. Both companies being reading decentralization off health care and consumer device company such as Apple and Fitbit also have helped in transform forming healthcare in two ways. First, they are growing the boundaries between traditional healthcare and consumer product after their long development airport available, getting healthcare device and secondary. They acted as the best healthcare educators to consumers and increase people's healthcare awareness because they're taking an important role in the enhancement, health, literacy and healthcare democratization. And based on the story so far, I'd like to touch to business concept which can be applied to both Japan and the US and one expected change. It will be the emergence of data integration plot home while the telehealth. While the healthcare data data volume has increased 15 times for the last seven years and will continuously increase, we have a chance to improve the health care by harnessing the data. So meaning the new system, which unify the each patient data from multiple data sources and create 360 degrees longitudinal view each individual and then it sensitized the unified data to gain additional insights seen from structure data and unable to provide personal lives care. Finally, it's aggregate each individual data and reanalyzed to provide inside for population health. This is one specific model I envision. And, uh, health care will be provided slew online or offline and at the hospital or detail store. In order to amplify the impact of health care. The law off the mediator between health care between hospital and citizen will become more important. They can be a pharmacy toe health stand out about your care providers. They provide wide range of fundamental care and medication instruction and management. They also help individuals to manage their health care data. I will not explain the details today, but Japan has similar challenges in health care, such as increasing healthcare expenditure and lack of doctors and care givers. For example, they people in Japan have physical physician visit more than 20 times a year on average, while those in the U. S. On >>the do full times it sounds a joke, but people say because the artery are healthy, say visit hospitals to see friends. So we need to utilize thes mediators to reduce cost while they maintained social place for citizens in Japan, the government has promoted, uh, usual family, pharmacist and primary doctors and views the community based medical system as a policy. There was division of dispensing fees in Japan this year to ship the core load or pharmacist to the new role as a health management service providers. And so >>I believe we will see the change in those spaces not only in the U. S, but also in Japan, and we went through so unprecedented times. But I believe it's been resulting accelerating our healthcare transformation and creating a new business innovation. And this brings me to the end of my presentation. Thank you for your attention and hope you could find something somehow useful for your business. And if you have any questions >>or comments, please for you feel free to contact me.

>>Hi, everyone. Good afternoon. Thank you for joining this session. I feel honored to be invited to speak here today. And I also appreciate entity research Summit members for organ organizing and giving this great opportunity. Please let me give a quick introduction. First, I'm a Takashi from Marvin American population, and I'm leading technology scouting and global ation with digital health companies such as Business Alliance and Strategically Investment in North America. And since we started to focus on this space in 2016 our team is growing. And in order to bring more new technologies and services to Japan market Thesis year, we founded the new service theories for digital health business, especially, uh, in medical diagnosis space in Japan. And today I would like to talk how health care has been transformed for my micro perspective, and I hope you enjoy reasoning it. So what's happened since the US identify the first case in the middle of January, As everyone knows, unfortunately, is the damaged by this pandemic was unequal amongst the people in us. It had more determined tal impact on those who are socially and economically vulnerable because of the long, long lasting structural program off the U. S. Society and the Light Charity about daily case rating elevator country shows. Even in the community, the infection rate off the low income were 4.5 times higher than, uh, those of the high income and due to czar straight off the Corvette, about 14 million people are unemployed. The unique point off the U. S. Is that more than 60% of insurance is tied with employment, so losing a job can mean losing access to health care. And the point point here is that the Corvette did not create healthcare disparity but, uh nearly highlighted the underlying program and necessity off affordable care for all. And when the country had a need to increase the testing capacity and geographic out, treat the pharmacies and retails joined forces with existing stakeholders more than 90% off the U. S Corporation live within five miles off a community pharmacy such as CVS and Walgreen, so they can technically provide the test to everyone in all the community. And they also have a huge workforce memory pharmacist who are eligible to perform the testing scale, and this very made their potential in community based health care. Stand out and about your health has provided on alternative way for people to access to health care. At affordable applies under the unusual setting where social distancing, which required required mhm and people have a fear of infection. So they are afraid to take a public transportacion and visit >>the doctor the same thing supplied to doctor and the chart. Here is a number of total visit cranes by service type after stay at home order was issued across the U. S. By Ali April patient physical visits to doctor's offices or clinics declined by ALAN 70%. On the other hand, that share, or telehealth, accounted for 25% of the total total. Doctor's >>visit in April, while many states studied to re opening face to face visit is gradually recovering. And overall Tele Health Service did not offset the crime. Physician Physical doctor's visit and telehealth John never fully replace in person care. However, Telehealth has established a new way to provide affordable care, especially to vulnerable people, and I don't explain each player's today. But as an example, the chart shows the significant growth of >>the tell a dog who is one of the largest badger care and tell his provider, I believe there are three factors off paradox. Success under the pandemic. First, obviously tell Doc could reach >>the job between those patients and doctors. Majority of the patients who needed to see doctors who are those who have underlying health conditions and are high risk for Kelowna, Bilis and Secondary. They showed their business model is highly scalable. In the first quarter of this year, they moved quickly to expand their physical physicians network to increase their capacity and catch up growing demand. To some extent, they also contributed to create flexible job for the doctors who suffered from Lydia's appointment and surgery. They utilized. There are legalism to maximize the efficiency for doctors and doing so, uh, they have university maintained high quality care at affordable applies Yeah, and at the same time, the government recognize the body of about your care and de regulated traditional rules to sum up she m s temporary automated to pay a wide range of tell Her services, including hospital visit and HHS temporarily waived hip hop minorities for telehealth cases and they're changed allowed provider to use communication tools such as facetime and the messenger. During their appointment on August start, the government issued a new executive order to expand tell his services beyond the pandemic. So the government is also moving to support about your health care. So it was a quick review of the health care challenges and somewhat advancement in the pandemic. But as you understand, since those challenges are not caused by the pandemic, problems will stay remain and events off this year will continuously catalyze the transformation. So how was his cherished reshaped and where will we go? The topic from here can be also applied to Japan market. Okay, I believe democratization and decentralization healthcare more important than ever. So what does A. The traditional healthcare was defined in a framework over patient and a doctor. But in the new normal, the range of beneficiaries will be expanded from patient to all citizens, including the country uninsured people. Thanks to the technology evolution, as you can download health management off for free on iTunes stores while the range of the digital health services unable everyone to participate in new health system system. And in this slide, I put three essential element to fully realize democratization and decentralization off health care, health, literacy, data sharing and security, privacy and safety in addition, taken. In addition, technology is put at the bottom as a foundation off three point first. Health stimulus is obviously important because if people don't understand how the system works, what options are available to them or what are the pros and cons of each options? They can not navigate themselves and utilize the service. It can even cause a different disparity. Issue and secondary data must be technically flee to transfer. While it keeps interoperability ease. More options are becoming available to patient. But if data cannot be shared among stakeholders, including patient hospitals in strollers and budget your providers, patient data will be fragmented and people cannot yet continue to care which they benefited under current centralized care system. And this is most challenging part. But the last one is that the security aspect more players will involving decentralized health care outside of conventional healthcare system. So obviously, both the number of healthcare channels and our frequency of data sharing will increase more. It's create ah, higher data about no beauty, and so, under the new health care framework, we needed to ensure patient privacy and safety and also re examine a Scott write lines for sharing patient data and off course. Corbett Wasa Stone Catalyst off this you saved. But what folly. Our drivers in Macro and Micro Perspective from Mark Lowe. The challenges in healthcare system have been widely recognized for decades, and now he's a big pain. The pandemic reminded us all the key values. Misha, our current pain point as I left the church shores. Those are increasing the population, health sustainability for doctors and other social system and value based care for better and more affordable care. And all the elements are co dependent on each other. The light chart explained that providing preventive care and Alan Dimension is the best way threes to meet the key values here. Similarly, the direction of community based care and about your care is in line with thes three values, and they are acting to maximize the number of beneficiaries form. A micro uh, initiative by nonconventional players is a big driver, and both CBS and Walmart are being actively engaged in healthcare healthcare businesses for many years. And CBS has the largest walking clinic called MinuteClinic, Ottawa 1100 locations, and Walmart also has 20 primary clinics. I didn't talk to them. But the most interesting things off their recent innovation, I believe, is that they are adjusted and expanded their focus, from primary care to community health Center to out less to every every customer's needs. And CBS Front to provide affordable preventive health and chronic health monitoring services at 1500 CBS Health have, which they are now setting up and along a similar line would Mark is deploying Walmart Health Center, where, utilizing tech driven solutions, they provide affordable one stop service for core healthcare. They got less, uh, insurance status. For example, more than 40% of the people in U. S visit will not every big, so liberating the huge customer base and physical locations. Both companies being reading decentralization off health care and consumer device company such as Apple and Fitbit also have helped in transform forming healthcare in two ways. First, they are growing the boundaries between traditional healthcare and consumer product after their long development airport available, getting healthcare device and secondary. They acted as the best healthcare educators to consumers and increase people's healthcare awareness because they're taking an important role in the enhancement, health, literacy and healthcare democratization. And based on the story so far, I'd like to touch to business concept which can be applied to both Japan and the US and one expected change. It will be the emergence of data integration plot home while the telehealth. While the healthcare data data volume has increased 15 times for the last seven years and will continuously increase, we have a chance to improve the health care by harnessing the data. So meaning the new system, which unify the each patient data from multiple data sources and create 360 degrees longitudinal view each individual and then it sensitized the unified data to gain additional insights seen from structure data and unable to provide personal lives care. Finally, it's aggregate each individual data and reanalyzed to provide inside for population health. This is one specific model I envision. And, uh, health care will be provided slew online or offline and at the hospital or detail store. In order to amplify the impact of health care. The law off the mediator between health care between hospital and citizen will become more important. They can be a pharmacy toe health stand out about your care providers. They provide wide range of fundamental care and medication instruction and management. They also help individuals to manage their health care data. I will not explain the details today, but Japan has similar challenges in health care, such as increasing healthcare expenditure and lack of doctors and care givers. For example, they people in Japan have physical physician visit more than 20 times a year on average, while those in the U. S. On the do full times it sounds a joke, but people say because the artery are healthy, say visit hospitals to see friends. So we need to utilize thes mediators to reduce cost while they maintained social place for citizens in Japan, the government has promoted, uh, usual family, pharmacist and primary doctors and views the community based medical system as a policy. There was division of dispensing fees in Japan this year to ship the core load or pharmacist to the new role as a health management service providers. And so I believe we will see the change in those spaces not only in the U. S, but also in Japan, and we went through so unprecedented times. But I believe it's been resulting accelerating our healthcare transformation and creating a new business innovation. And this brings me to the end of my presentation. Thank you for your attention and hope you could find something somehow useful for your business. And if you have any questions >>or comments, please for you feel free to contact me. Thank you.

>>thank you everyone for joining. I'm here today to talk about English controllers. AP Gateways and service mention communities three very hot topics that are also frequently confusing. So I'm Richard Lee, founder CEO of Ambassador Labs, formerly known as Data Wire. We sponsor a number of popular open source projects that are part of the Cloud Native Computing Foundation, including telepresence and Ambassador, which is a kubernetes native AP gateway. And most of what I'm going to talk about today is related to our work around ambassador. Uh huh. So I want to start by talking about application architecture, er and workflow on kubernetes and how applications that are being built on kubernetes really differ from how they used to be built. So when you're building applications on kubernetes, the traditional architectures is the very famous monolith, and the monolith is a central piece of software. It's one giant thing that you build, deployed run, and the value of a monolith is it's really simple. And if you think about the monolithic development process, more importantly, is the architecture er is really reflecting that workflow. So with the monolith, you have a very centralized development process. You tend not to release too frequently because you have all these different development teams that are working on different features, and then you decide in advance when you're going to release that particular pieces offering. Everyone works towards that release train, and you have specialized teams. You have a development team which has all your developers. You have a Q A team. You have a release team, you have an operations team, so that's your typical development organization and workflow with a monolithic application. As organization shift to micro >>services, they adopt a very different development paradigm. It's a decentralized development paradigm where you have lots of different independent teams that are simultaneously working on different parts of the application, and those application components are really shipped as independent services. And so you really have a continuous release cycle because instead of synchronizing all your teams around one particular vehicle, you have so many different release vehicles that each team is able to ship a soon as they're ready. And so we call this full cycle development because that team is >>really responsible, not just for the coding of that micro service, but also the testing and the release and operations of that service. Um, >>so this is a huge change, particularly with workflow. And there's a lot of implications for this, s o. I have a diagram here that just try to visualize a little bit more the difference in organization >>with the monolith. You have everyone who works on this monolith with micro services. You have the yellow folks work on the Yellow Micro Service, and the purple folks work on the Purple Micro Service and maybe just one person work on the Orange Micro Service and so forth. >>So there's a lot more diversity around your teams and your micro services, and it lets you really adjust the granularity of your development to your specific business need. So how do users actually access your micro services? Well, with the monolith, it's pretty straightforward. You have one big thing. So you just tell the Internet while I have this one big thing on the Internet, make sure you send all your travel to the big thing. But when you have micro services and you have a bunch of different micro services, how do users actually access these micro services? So the solution is an AP gateway, so the gateway consolidates all access to your micro services, so requests come from the Internet. They go to your AP gateway. The AP Gateway looks at these requests, and based on the nature of these requests, it routes them to the appropriate micro service. And because the AP gateway is centralizing thing access to all the micro services, it also really helps you simplify authentication, observe ability, routing all these different crosscutting concerns. Because instead of implementing authentication in each >>of your micro services, which would be a maintenance nightmare and a security nightmare, you put all your authentication in your AP gateway. So if you look at this world of micro services, AP gateways are really important part of your infrastructure, which are really necessary and pre micro services. Pre kubernetes Unhappy Gateway Well valuable was much more optional. So that's one of the really big things around. Recognizing with the micro services architecture er, you >>really need to start thinking much more about maybe a gateway. The other consideration within a P A gateway is around your management workflow because, as I mentioned, each team is actually response for their own micro service, which also means each team needs to be able to independently manage the gateway. So Team A working on that micro service needs to be able to tell the AP at Gateway. This this is >>how I want you to write. Request to my micro service, and the Purple team needs to be able to say something different for how purple requests get right into the Purple Micro Service. So that's also really important consideration as you think about AP gateways and how it fits in your architecture. Because it's not just about your architecture. It's also about your workflow. So let me talk about a PR gateways on kubernetes. I'm going to start by talking about ingress. So ingress is the process of getting traffic from the Internet to services inside the cluster kubernetes. From an architectural perspective, it actually has a requirement that all the different pods in a kubernetes cluster needs to communicate with each other. And as a consequence, what Kubernetes does is it creates its own private network space for all these pods, and each pod gets its own I p address. So this makes things very, very simple for inter pod communication. Cooper in any is, on the other hand, does not say very much around how traffic should actually get into the cluster. So there's a lot of detail around how traffic actually, once it's in the cluster, how you routed around the cluster and it's very opinionated about how this works but getting traffic into the cluster. There's a lot of different options on there's multiple strategies pot i p. There's ingress. There's low bounce of resource is there's no port. >>I'm not gonna go into exhaustive detail on all these different options on. I'm going to just talk about the most common approach that most organizations take today. So the most common strategy for routing is coupling an external load balancer with an ingress controller. And so an external load balancer can be >>ah, Harvard load balancer. It could be a virtual machine. It could be a cloud load balancer. But the key requirement for an external load balancer >>is to be able to attack to stable I people he address so that you can actually map a domain name and DNS to that particular external load balancer and that external load balancer, usually but not always well, then route traffic and pass that traffic straight through to your ingress controller, and then your English controller takes that traffic and then routes it internally inside >>kubernetes to the various pods that are running your micro services. There are >>other approaches, but this is the most common approach. And the reason for this is that the alternative approaches really required each of your micro services to be exposed outside of the cluster, which causes a lot of challenges around management and deployment and maintenance that you generally want to avoid. So I've been talking about in English controller. What exactly is an English controller? So in English controller is an application that can process rules according to the kubernetes English specifications. Strangely, Kubernetes is not actually ship with a built in English controller. Um, I say strangely because you think, well, getting traffic into a cluster is probably a pretty common requirement. And it is. It turns out that this is complex enough that there's no one size fits all English controller. And so there is a set of ingress >>rules that are part of the kubernetes English specifications at specified how traffic gets route into the cluster >>and then you need a proxy that can actually route this traffic to these different pods. And so an increase controller really translates between the kubernetes configuration and the >>proxy configuration and common proxies for ingress. Controllers include H a proxy envoy Proxy or Engine X. So >>let me talk a little bit more about these common proxies. So all these proxies and there >>are many other proxies I'm just highlighting what I consider to be probably the most three most well established proxies. Uh, h a proxy, uh, Engine X and envoy proxies. So H a proxy is managed by a plastic technology start in 2000 and one, um, the H a proxy organization actually creates an ingress controller. And before they kept created ingress controller, there was an open source project called Voyager, which built in ingress Controller on >>H a proxy engine X managed by engine. Xing, subsequently acquired by F five Also open source started a little bit later. The proxy in 2004. And there's the engine Xing breast, which is a community project. Um, that's the most popular a zwelling the engine Next Inc Kubernetes English project which is maintained by the company. This is a common source of confusion because sometimes people will think that they're using the ingress engine X ingress controller, and it's not clear if they're using this commercially supported version or the open source version, and they actually, although they have very similar names, uh, they actually have different functionality. Finally. Envoy Proxy, the newest entrant to the proxy market originally developed by engineers that lift the ride sharing company. They subsequently donated it to the cloud. Native Computing Foundation Envoy has become probably the most popular cloud native proxy. It's used by Ambassador uh, the A P a. Gateway. It's using the SDO service mash. It's using VM Ware Contour. It's been used by Amazon and at mesh. It's probably the most common proxy in the cloud native world. So, as I mentioned, there's a lot of different options for ingress. Controller is the most common. Is the engine X ingress controller, not the one maintained by Engine X Inc but the one that's part of the Cooper Nannies project? Um, ambassador is the most popular envoy based option. Another common option is the SDO Gateway, which is directly integrated with the SDO mesh, and that's >>actually part of Dr Enterprise. So with all these choices around English controller. How do you actually decide? Well, the reality is the ingress specifications very limited. >>And the reason for this is that getting traffic into the cluster there's a lot of nuance into how you want to do that. And it turns out it's very challenging to create a generic one size fits all specifications because of the vast diversity of implementations and choices that are available to end users. And so you don't see English specifying anything around resilience. So if >>you want to specify a time out or rate limiting, it's not possible in dresses really limited to support for http. So if you're using GSPC or Web sockets, you can't use the ingress specifications, um, different ways of routing >>authentication. The list goes on and on. And so what happens is that different English controllers extend the core ingress specifications to support these use cases in different ways. Yeah, so engine X ingress they actually use a combination of config maps and the English Resource is plus custom annotations that extend the ingress to really let you configure a lot of additional extensions. Um, that is exposing the engineers ingress with Ambassador. We actually use custom resource definitions different CRTs that extend kubernetes itself to configure ambassador. And one of the benefits of the CRD approach is that we can create a standard schema that's actually validated by kubernetes. So when you do a coup control apply of an ambassador CRD coop Control can immediately validate and tell >>you if you're actually applying a valid schema in format for your ambassador configuration on As I previously mentioned, ambassadors built on envoy proxy, >>it's the Gateway also uses C R D s they can to use a necks tension of the service match CRD s as opposed to dedicated Gateway C R D s on again sdo Gateway is built on envoy privacy. So I've been talking a lot about English controllers. But the title of my talk was really about AP gateways and English controllers and service smashed. So what's the difference between an English controller and an AP gateway? So to recap, an immigrant controller processes kubernetes English routing rules and a P I. G. Wave is a central point for managing all your traffic to community services. It typically has additional functionality such as authentication, observe, ability, a >>developer portal and so forth. So what you find Is that not all Ap gateways or English controllers? Because some MP gateways don't support kubernetes at all. S o eso you can't make the can't be ingress controllers and not all ingrates. Controllers support the functionality such as authentication, observe, ability, developer portal >>that you would typically associate with an AP gateway. So, generally speaking, um, AP gateways that run on kubernetes should be considered a super set oven ingress controller. But if the A p a gateway doesn't run on kubernetes, then it's an AP gateway and not an increase controller. Yeah, so what's the difference between a service Machin and AP Gateway? So an AP gateway is really >>focused on traffic into and out of a cluster, so the political term for this is North South traffic. A service mesh is focused on traffic between services in a cluster East West traffic. All service meshes need >>an AP gateway, so it's Theo includes a basic ingress or a P a gateway called the SDO gateway, because a service mention needs traffic from the Internet to be routed into the mesh >>before it can actually do anything Omelet. Proxy, as I mentioned, is the most common proxy for both mesh and gateways. Dr. Enterprise provides an envoy based solution out of the box. >>Uh, SDO Gateway. The reason Dr does this is because, as I mentioned, kubernetes doesn't come package with an ingress. Uh, it makes sense for Dr Enterprise to provide something that's easy to get going. No extra steps required because with Dr Enterprise, you can deploy it and get going. Get exposed on the Internet without any additional software. Dr. Enterprise can also be easily upgraded to ambassador because they're both built on envoy and interest. Consistent routing. Semantics. It also with Ambassador. You get >>greater security for for single sign on. There's a lot of security by default that's configured directly into Ambassador Better control over TLS. Things like that. Um And then finally, there's commercial support that's actually available for Ambassador. SDO is an open source project that has a has a very broad community but no commercial support options. So to recap, ingress controllers and AP gateways are critical pieces of your cloud native stack. So make sure that you choose something that works well for you. >>And I think a lot of times organizations don't think critically enough about the AP gateway until they're much further down the Cuban and a journey. Considerations around how to choose that a p a gateway include functionality such as How does it do with traffic management and >>observe ability? Doesn't support the protocols that you need also nonfunctional requirements such as Does it integrate with your workflow? Do you offer commercial support? Can you get commercial support for this on a P? A. Gateway is focused on north south traffic, so traffic into and out of your kubernetes cluster. A service match is focused on East West traffic, so traffic between different services inside the same cluster. Dr. Enterprise includes SDO Gateway out of the box easy to use but can also be extended with ambassador for enhanced functionality and security. So thank you for your time. Hope this was helpful in understanding the difference between a P gateways, English controllers and service meshes and how you should be thinking about that on your kubernetes deployment

>> From theCUBE studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is a CUBE Conversation. >> Hello, everybody, this is Dave Vellante, and welcome to this breaking analysis. I'm here with Erik Bradley, who's the managing director of ETR and runs their VENN program. Erik, good to see you. >> Very nice to see you too, Dave. Hope you're doing well. >> Yeah, I'm doing okay, hanging in there. You know, you guys in New York are fighting the battle, looks like we're making some progress here, so all the best to you and your family and the wider community. I'm really excited to have you on today because I had the pleasure of sitting in on a CIO/CISO panel last week and we're going to explain sort of what that's all about but one of the things that ETR does that I really like is they go deeper with anecdotal information, and it's almost like in depth interviews in these round tables. So they compliment their quarterly surveys and their other drilldown surveys with other anecdotal information from people in their communities, so it's a tried and true survey practice that adds some color to the data set. So guys, if you'd bring up the agenda, I want to share with the audience what we're going to talk about today. So, we'll talk a little bit about, you know, we just did intros. I wanted to ask Erik what ETR VENN is and then we will go through some of the guests, but if we go back to Erik, explain a little bit about VENN and the whole process, and how you guys do that? >> Yes, sure we should hire you for marketing, you just did a great job actually describing that, but about three years ago, what we decided was, ETR does an amazing job collecting the data. It can tell you what's happening, who it's happening to, and when it's happening, but it can't always tell you why it's happening. So leveraging a lot of my background in 20 plus years in journalism and the institution of Wall Street research, we decided to take the ETR community, the people that actually take the surveys and start doing interviews with them, and start doing events with them. And in enable to doing that, we're basically just trying to complement the survey findings and the data. So what we always say is that ETR will give you the quantitative answer and VENN will give you the qualitative answer. >> Now guys, let's bring up the agenda slide again, let's take a look at the folks that participated in the round table, now, for ETR's clients, they actually know the names and the titles and well the company that these guys work for. We've anonymized it for the public, but you had a CIO of a global auto supplier, a CISO of a diversified holdings firm who actually had some hospitality exposure, but also some government contract manufacturing exposure, a chief architect of a software ISV, and a VP and CISO of a global hospitality resort chain. So you had three out of the four, Erik were really in industries that are getting hit hard, obviously you know the software company, may be a little bit better but, maybe you could add some color to that? >> Well actually the software company unfortunately was getting hit hard as well because they're a software ISV that actually plays into the manufacturing space as well so this particular panel of CIOs and CISOs were actually in a very hard hit industries and are going to make sure we do two more follow ups with different industry verticals to make sure we're getting a little bit of a wider berth and collect all of that information in a better way. But coming back to this particular call the whole reason we did this and as you know you spoke to my colleague and friend Sagar Kadakia who is the director of research for ETR. And we were nimble enough to actually change our survey while it was in the field to start collecting data on what the real time impact was on the COVID-19 pandemic. We were able to take that information, extrapolate it and then say, okay, let's start reaching out to these people and dig deeper, find out why it's happening and even more so is it permanent? And which vendors are going to win and which vendors might lose from it? So that was the whole reason we set up a series of calls, we've only conducted one so far, we have another one this coming Tuesday as well with four entirely new panelists that are going to be from different industry verticals 'cause as you astutely pointed out, these verticals were very hard hit and not all of them are as hard as others, so it's important to get a wider cross-section. >> So guys, let's take a look at some of the budget impacts, the anecdotal sort of evidence that we gathered here, so let me just scan through it and then Erik, I'll ask you to comment. So, I mean like Erik said, some hard hit industries. All major projects, anything sort of next-gen have been essentially shelved, that was the ISV and then another one we cut at least 70% of the big projects moving forward, he mentioned ServiceNow actually called him out, but ServiceNow is a SaaS company, probably you know weather the storm here, but he did say, we've put that on hold. The best comment you know As-a-Service has Saved our Saas, (laughs) that one's great. And then we're going to get into some of the networking commentary, some really interesting things about how to support the work from home, you know we're kind of shifting from a hardened top into users, remote workers and then a lot of commentary on security, so you know that's sort of a high level scan and there's just so much information here, Erik but maybe you could sort of summarize on some of those, that commentary? >> Yeah, we should definitely dig in to each of those sectors a little more, but to summarize what we're seeing here was the real winners and losers are clear. Not everyone was prepared to have a work from home strategy. Not everyone was prepared to send their workers out, their VPN didn't have enough bandwidth so there was a real quick uptake in spending, but longer term we're starting to see that these changes will become more permeant. So the real winners and losers right now, we're going to see on the losers side traditional networking, the MPLS networking is in a lot of trouble according to all the data and the commentary that we're seeing, it's expensive, it's difficult to ramp up bandwidth as quickly as you need and it doesn't support remote. So we're seeing that lose out and the winners there are in the SD-WAN space, it's going to be impossible to ignore that going forward and some of our CIO and even CISO panelists said that change will be permanent. Also we're seeing at the same time, what they were calling a run SaaS and cloud, now we know these trends obviously were already happening but they're being exacerbated, they're happening even more quickly and more strong and I don't see that changing any time soon. That of course is at the expense of data centers, whether it be your own or hosted. Which has huge ramifications on on-prem hardware, even the firewall providers. So what we're seeing here is obviously we know things are going to be impacted by this situation, we didn't necessarily expect all of our community members and IT decision makers to talk about them being possibly permanent, so that on a high level was something that was extremely interesting. And the last one that I would bring up is that as we make this shift towards working from home, towards remote access, you also have to align yourself with the security that can support that. And one of the things that we're seeing in our data side on ETR, is a widening bifurcation between the next-gen security vendors and the more traditional security or the legacy security players, that bifurcation just keeps getting wider and wider and this situation could be the last straw. >> So I want to follow up on a couple of those things, you talked about sort of the network shift and toward SD-WAN, what people have described to me is that they've got a hardened top, it's a hierarchal network, it's very well understood, and it's safe right, and now all of a sudden you got all these remote workers and so you've got to completely sort of rethink your whole network architecture, the other thing I want to grill into is your cloud commentary. There's a comment that I saw Erik, that really stood out, one of the folks said, I would like to see the data centers be completely deleted, if you will or closed down, I mean I think we're going to see you know, a lot more of this, obviously. Not only from the standpoint of, and you heard this a lot the kind of pay by the drink, but just generally getting rid of all that sort of so called non-differentiated heavy lifting as we often hear about. >> That is a extreme comment, I don't think everyone feels that way, but yes, the comment was made and we've heard that comment from other people as you and I both know the larger the enterprise the harder that is to go completely SaaS, but yeah, when a situation like this happens and seeing the inflexibility of their on-prem infrastructure, yes it becomes something that really has to be addressed and it can become a permanent change, I was also shocked about that comment. That gentleman also stated that his executives outside of the IT area, the CEO, the CFO had never ever, ever wanted to discuss cloud, they did not want to discuss work from home, they did not want to discuss remote access. He said that conversation has changed immediately and to the credit of the actual IT companies out there, the technology companies, they're doing everything they can with this opportunity to make that happen. >> Yeah and so, right, I mean the whole work from home conversation that's to your point earlier, Erik, big chunks of COVID, you know the post COVID world are going to remain permanent, guys bring up the SaaS slide if you will, the SaaS commentary "As-a-Service-Saved our SaaS" as the wittiest quip award according to ETR, you know but you had, it was very interesting to hear folks, in fact I think somebody even called out, hey you know we expected Oracle to be auditing us but they're actually being very supportive as is IBM, SalesForce was an interesting comment Erik, one of the folks said they would share accounts you know on-prem but when they all do the work from home they had to actually buy some more. You also got Cisco with big props, Microsoft was called out, a lot of organizations actually allowing them to defer payments, so the SaaS vendors actually got very high marks, didn't they? >> They really did and even I wrote that summary and it was difficult to write that about Oracle because we all know that they're infamous for auditing their own customers in 2009, right after we we came out of the financial crisis. They have notoriously been a bad act, I don't know if they found religion and they decided to be nice to their customers, but every single person mentioned them as one of the vendors that was actually helping. That was very shocking. And then we all know that when bad situations happen people become opportunistic and right now it's really seeming that the SaaS vendors understand that they need a longterm relationship with these customers and they're being altruistic instead which is really nice to see. >> Yeah, I think the, I think anybody with a cloud realizes that hey, we have an opportunity here, the lifetime value of that customer whereas maybe in 2009 when Oracle didn't have a cloud they had to get people in a headlock to try to preserve their you know income statement. If we, let's go to the networking drilldown guys, that next slide, because Fortinet, some of the things that we've been reporting on is the sort of divergence in valuations between Fortinet and Palo Alto before this whole thing hit. Fortinet has done a really good job with it's cloud offerings, Palo Alto struggled a little bit with trying to figure out the sales compensation, is maybe a little bit behind, although both companies got strong props and I've talked to a number of customers and Palo Alto's going to be in the mix, but Fortinet from a cloud standpoint seems to be doing quite well, obviously networking, you know Cisco is the big gorilla there, but so and we also got call outs from guys like Trend Micro, which was interesting from some of the folks so your thoughts on this Erik? >> Yeah, I'll start in the networking side because this is something that I really, I've dug into quite amount in not only this panel but a lot of interviews and it really seems as if as networking refresh starts to come up and it's coming up with a lot of large importers, when your network refresh comes up, people are going to do an RFP for SD-WAN. They are sick and tired of paying MPLS network vendors and they really want to look at something else. That was even prior to this situation. Now what we're hearing is this is a permanent change, I particularly had one person say, I wanted to find this quote real quickly if I can, but basically they were basically saying that from a permanency perspective, the freedom from MPLS will reduce our network spend by over half, while more than doubling or tripling our bandwidth. You can't ignore that, you're going to save me money and triple my bandwidth. And hey, by the way, my refresh is due, it's something that's coming and it's going to happen. And yes you mentioned a few, right, there's Viptela, there's VeloCloud, there's some big players like Cisco. But Palo Alto just acquired CloudGenix in the midst of all of this. They just went and got an SD-WAN player themselves and they just keep acquiring a portfolio to shift from their on-prem to next-gen. It's going to take some time, 'cause 70% plus of their revenue is still on-prem hardware, but I do believe that their portfolio that they're creating is the way the world is moving and that's just one comment on the traditional networking versus the next-gen SD-WAN. >> And the customers have indicated you know it's not easy just to get off of their MPLS networks. I mean it takes time, it's like slowly pulling off the bandaid, but like many things COVID-19 is sort of accelerating that, we haven't talked about digital transformation, that came up. As a maybe more strategic initiative, but one that you know very clearly has legs. >> You know David, it's very simple, you just said it, people, when things are going well and they're comfortable they don't change and that's the same for an enterprise or a company, hey everything's great, our revenue's fine, why would we do this? We'll worry about that next year. Then something like this happens and you realize wow, we've been dragging our feet. That digital transformation that we've been talking about and we've been a little bit slow to accept, we need to accept it, we need to move now. And yes, it was another one of the major themes and it sounds silly for researchers like you and I, because we know this is a theme, we know cloud adoption is there, we know digital transformation is there, but there are still a lot of people that haven't moved as quickly as they should and this is going to be that final catalyst to get them there without a doubt. Quickly on your point of Fortinet, I was actually very impressed with the commentary that came from that because Fortinet is sometimes one of those names that you think of that maybe plays in a smaller pool or isn't as big as some of the 800 pound gorillas out there, but in other interviews besides this I heard the phrase point of 40 everything, so through our R&D and through acquisitions, Fortinet has really expanded their portfolio. And right now is their time to shine because when you have smaller satellite you know offices and branches that you need to connect, they're really, really good at it. And you don't always want to call a Palo Alto and pay that price, when you have smaller branch offices and I actually I was glad you brought up Fortinet because it's not a name that we get to herald that often and it was deserving from this panel. >> Yeah and you know companies that can secure gateways, secure endpoints are obviously going to have momentum, Zscaler came up, you know I think that's and I tell you looking at I've done a couple of breaking analysis on security, and Fortinet has been strong in two dimensions, you know ETR as our audience is I think getting to know, we really look at two key metrics, one is a net score which is a measure of spending momentum and the other is market share, which is a measure of pervasiveness, and companies like Fortinet in security, you know show up on both of those dimensions so it's notable. >> Yes, it certainly is, it is and I'm glad you brought up Zscaler too, very recently by strong request we did a very in depth research on Zscaler versus Palo Alto Prisma access. And they were very interested and this was before all this happened. You know does Palo Alto have a chance of catching up, taking share from Zscaler? And I've had the pleasure myself personally hosting Jay, the CEO of Zscaler at an event in New York City. And I have nothing but incredible respect for the company. But what we found out through this research is Zscaler at the moment their technology is still ahead according to their answers there is no doubt, however there doesn't seem to be any real secret sauce that will stop Palo Alto from catching up. So we do believe that parody of a feature set will shrink over time and then it'll come down to Palo Alto who obviously has a wider end-user interface. Now, what's happening today might change that because if I had to make a decision right now for my company on secure web gateway, I'm still probably going to got to Zscaler, it's the name. If I had to choose that in a year from now, Palo Alto might have had a better chance, so in this panel as you brought up, Zscaler was mentioned numerous times as just the wave of the future along with CASB Brokers, right, whether you're talking about a Netskope or Forcepoint, all those people that also play in the CASB space, to secure your access, zero trust is no longer a marketing hype term, it is real and it is becoming more real by the week. >> And so I want to kind of end on one of the other comments that really struck me because we're constantly talking about okay, do you go with a portfolio of a suite of services or do you go with best of breed, what about startups? Are startups more risky in a crisis like this? And one of your panelists, I just loved his comment, he said, one of the things that I've always done, he said, you always hear about the guy, oh we're going to to the garden, we're going to check out the magic water, we'll pick out three guys in the upper right hand corner and test them out, he says, one of the things that I've always liked to do, is I'll pick two from the upper right, and I'll take one from the lower left, one of the emerging techs and I'll give them a shot, they won't win every time but then he called out FireEye as one of the organizations that he found early that gave them competitive advantage. >> Right. >> Love that comment. >> It's a great comment and honestly if you're in charge of procurement, you'd be stupid not to do that. Not only just to see what the technology is, but now I can play you off the big guys because I have negotiation leverage and I can say, oh well I can always just take their contract. So it's silly not to do it from a business perspective, but from a technology perspective what we kept hearing from these people with the smaller vendors and my partner Peter Steube, my colleague and I we did the host together, we asked this question, really believing that the financial insecurity of the moment in the times would make smaller vendors not viable. We heard the exact opposite, what our panelists said was no, I'd be happy to work with a smaller vendor right now because they're going to give me pricing flexibility, they're going to work with me right now, I don't need to pay them upfront because we're seeing a permanent shift from CAPEX to OPEX and the smaller vendors are willing to work with me and I can pay them later. So we were actually surprised to hear that and glad to hear it because to connect to your other point, the other person who was talking about security in a platform approach versus best of breed, he said listen, platform approaches you're already with the vendor you can bundle a little bit, but the problem is if you're just going to acquire a new technology every time there's a new threat, the bad guys are just going to switch the threat and you can't acquire indefinitely so therefore best of breed with security will always beat platform and that's kind of a message to Palo Alto and Cisco in my opinion because they seem to be the ones fighting that out, even Microsoft now trying to say that they're a platform approach in security. >> Wow and it says to me the security business is going to as we predicted is going to stay fragmented because you're still going to get that best of breed, you know just like cloud is going to be fragmented and it's you know multiple vendors, ever since I've been in this business people are trying to consolidate the number of vendors but technology moves so quickly, it gives competitive advantage, Erik, awesome thank you so much for joining us, I'm looking forward to next Tuesday with the next VENN and love to have you back and talk about it any time, you're a great guest, thanks so much. >> Certainly! I'll do my best to get a better AV connection the next time guys, I apologize for that, but it was great talking to you guys. >> Hey, we're all learning you know, so thank you everybody for watching, this Dave Vellante for theCUBE and we'll see you next time. (upbeat music)

>>law from Las Vegas. It's the Q covering a ws re invent 2019. Brought to you by Amazon Web service is and in along with its ecosystem partners. >>Okay, Welcome back, everyone. Cube coverage. Las Vegas live action. It was re invent 2019 3rd day of a massive show where our seventh year of the eight years of Abel documenting the history and the rise in the changing landscape of the business. I'm John for Bruce. To Minutemen, my co host. Our next guest Bill McGee, senior vice president, general manager of the Hybrid Cloud Security group within Trend Micro. So, this company, those guys now lead executive of the Cloud Hybrid. I have rid Cloud Security hybrid in there looking cute. >>And I've been to every reinvent, every single one. >>Congratulations. Thank you. >>Thank you. Nice to be >>here. So, eight years, what's changed in your mind? Real quick. >>Uh, wow. The Yeah, certainly. The amount of a dot Uh, the amount of adoption is now massive mainstream. You don't have the question. Should I go to the cloud? It's all about how and how much. Probably the biggest change we've seen is how it's really being embraced all around the world where a global company we saw initially a US on Australia type focused you K. Now it's all over the place and it's really relevant everywhere, >>you know, at least from my standpoint. And I have enough friends of mine in the security industry. When we first started coming to show, I mean security was here. Security is not only is so front and center in the discussion of cloud that they had all show for it here, so you know, it gives the 2019 view of security inside that the broader hybrid cloud discussion here, a re >>investor. Let me tell you a couple of things, kind of what we're seeing within our customer base and then what matters from a security perspective. So we see, you know, some organizations doing cloud migration moving. We're close to the cloud of various forms. Had a couple of meetings yesterday. One was college evacuating their data center. The other one was celebrating that two weeks ago they closed their data center, So that's a big step. Windows and Lennox workloads moving to the cloud and really changing existing security controls toe work better in the cloud. But certainly what a lot of these cloud builders are here for is, you know, developing cloud native applications. Originally back 78 years ago, that was on top of what's now seem like pretty simple. Service is like s three E. C two. I've got containers and server lists and other platforms that that people are using. And then the last thing. A lot of companies are establishing a cloud centre of excellence, and they're trying to optimize the use of the cloud. They still have compliance requirements that they need to achieve. So these are what we see happening and really the challenge for the customer. How do we secure all this? How do we secure the aggressive, aggressive cloud Native application development? How do we help a customer achieve compliance easily from a cloud centre of excellence? So that's where we see us fitting. And we made a big announcement a couple of weeks ago about a new platform that we've created. I would love to talk to >>love that. Let's dig into that. But first we were at reinforces Amazons First security, Carver's David Locked and I were talking about cloud security was on Prem security and then what's happening here and had a conversation with someone who was close to the C I. A. Can't say his or her name. And they said Cloud has changed the game for them because they're cost line was pretty much flat. But the demand for missions were squirrels going scaling. So we're seeing that same dynamic. You were referring to it earlier that costs and data centers is kind of flat. But the demand for application new stuff's happened, so there's a real increased her demand for APS. Sure, this is the real driver, how people are flexing and deploying technology. So the security becomes really the built in conversation, cracked comment on that dynamic. And what do you recommend? Well, so here's a couple >>of things we've seen, Really? You know, again, we've been doing private security for about a decade, and really it was primarily focused on one service of eight of us, which is easy to now that's a pretty darn big service and widely used within their customer base. There's no 170 service's, I think is the most recent number. So the developers are embracing all these new service is we acquired a new capability in October. Company called Cloud Conformity, based in Sydney, Australia, very focused on AWS, analyzes implementations against the eight of US well-architected framework. So the first step we see for customers is you gotta get visibility into use of the cloud for the security team. What service is air being used, then? Can you set up a set of security guard rails to allow those service is to be used in a secure manner. Then we help our customers turn to more detailed, specialized protection of easy to or containers or server list. So that's what we've recognized ourselves. We had to create a very modest version of what Amazon has created themselves, which is a platform that allows builders to connect to and choose what security service is they want. >>Road is your service bases and all the service's air. You guys now pick and choose the wall. Yeah, there's a main ones. What does highlight? So >>there's Yeah, I'll give you the ones where we provide a very large breath of protection. So in the what we're calling Cloud one conformity service. So that's this technology we acquired a couple months ago. It cuts across about 70 service is right now and gives you visibility of potential security configuration errors that you have in your environment now if it's in a deaf team, maybe not such a big deal. But if it's in production, that is a big deal. Even better, you can scan your cloud formacion templates on the way to being live. Then we have a set of specialized protection that you know will run on a workload and protect it protected containerized environment. A library that can sit within a server lis application. That's kind of how we look at it. All right, >>So, Bill, one of things of going to the more and more cloud for customers is that there's that shared responsibility. Modern. We know that security is everyone's responsibility. It needs to be built in from the ground up. How are your customers doing with that shift? And are they understanding what they need to do? There have been some pretty visible, like a weight. I really had to configure that. I've thought about that Amazons trying to close the gap on song. But for some of those, >>we've seen a big positive change over the years. Initially I would say that there was what I would call a naive perception that the cloud with magic and it was perfectly secure and that I don't have to worry about it, right. Amazon data did the industry a real favor by establishing the shared responsibility model and making crystal clear what they've got covered that you don't need to worry about anymore as a customer. And then what are the capabilities you still need? Toe worry about? They've delivered a set of security tools that help their customers, and then they rely on partners like us. Thio deliver a set of more in depth tools. Thio, you know, specialized market. >>You actually used a word that we've been talking about a lot this week. Naive. Yeah. So we said, there's, you know, the one letter difference between being cloud native meeting Cloud naive there. Yeah. What does it mean to be cloud native in the security world? >>Well, I would say what allows you to be so first, the most important thing in every customer's mind. I don't care how good the security capabilities you're helping with me with. If you're going to slow down the improvements that I've just made to my development lifecycle. I'm not interested. So that is the most important thing is, are you able to inject your security technology and allow the customer to deliver at the rate that they're currently or continuing to improve? That is by far the most important thing. Then it's our your controls, fitting into an environment in a way that that are as easy as possible for the customer. One part that's been very critical for us. We've been a lead adopter of the AWS marketplace, allowing customers too procure security technology easily. They don't actually have to talk to us to buy our product. That's pretty revolutionary >>about the number of breaches that I'm going on, What's changed with you guys over the year because new vectors air coming out at this more surface area. Obviously, it's been discussed. What's changed most in your I'll >>tell you what we're worried about and what we expect to see, although I would say the evidence. It's early, uh, the reality in our traditional data centers. They were so porous at runtime in terms of the infrastructure and vulnerabilities that it was relatively easy for Attackers to get in the cloud has actually improved the level of security because of automation, less configuration errors. Unfortunately, what we expect his Attackers >>to move to. >>The developers moved to the depth pipeline, injecting code not a run time, but injecting it earlier in the life cycle. We've seen evidence of container images up on Dr Hub getting infected and then developers just pulling in without thinking about it. That's where Attackers are going to move to the depth pipeline. And we need to move some of our security technology to the dead pipeline toe, help customers defend themselves. >>What about International Geo Geo issues around compliance. How is that changing the game or slowing it down? Or I'm sailing it or you talk about that dynamic with regions? Are you >>sure you know us is the most innovative market and the most risk taking market, and therefore people moved to the cloud quite bravely over this over this decade. Some of the markets So, for example, were Japanese headquarters company. In general, Japanese companies, you know, really taken to a lot of considerations before they make that type of big bet. But now we're seeing it. We're seeing auto manufacturers embrace the cloud. So I think those it was a struggle for us in the early days. How regional the adoption of Cloud was. That's not the case anymore. It's really a relevant conversation in every one of our markets. >>Bill. Thank you for coming on the Cuban Sharing your insights Hybrid Cloud Security Got to ask you to end the segment. Yeah, What is going on for you This year? I'll see hybrids in your title. Operating models. Cloud center, gravity clouds going to the edge or data center. Just operate model. What's on your mind this year? What are you trying to do? Accomplish what you excited >>about? What? We're really excited about what this product announcement we made, called Cloud One. And what Cloud one is, is a set of Security Service's, which customers can access through common common access common building infrastructure, common cloud account management and choose what to use. You know, Andy put it pretty well in his keynote where you know he talked about He doesn't think of aws, a Swiss Army knife. He thinks of it as a specialized set of tools that builders get to adopt. We want to create a set of security tools in a similar way where customers can choose which of these specialized security service is that they want to adopt >>Bill. Great pleasure to meet you and have this conversation pro and then security area entrepreneur sold his company to Trend Micro. This is the hybrid world. It's all about the cloud operating model. So about agility and getting things done with application developers. This cube bringing all the data from reinvent stables for more coverage after this short break.

>>LA from Las Vegas. It's the cube covering AWS reinvent 2019 brought to you by Amazon web services and along with its ecosystem partners. >>Okay. Welcome back everyone. Cube coverage, Las Vegas live action ADA was reinvent 2019 third day of a massive show where our seventh year of the eight years of Ava when documenting the history and the rise and the changing landscape of the business. I'm Jon Favreau, Stu Miniman, my cohost, our next guest, bill McGee, senior vice president, general manager of the hybrid cloud security group within trend micro sold this company, those guys now lead executive of the cloud and hybrid hybrid cloud security. You've got hybrid in there looking through the queue and I've been to every re-invent every single one. Congratulations. Welcome to the cube. Nice to be here. So eight years. What's changed in your mind real quick? >>Ah, wow. The um, yeah, certainly the amount of adop uh, the amount of adoption is now massive mainstream. You don't have the question, should I go to the cloud? It's all about how and how much. Probably the biggest change we've seen is how it's really being embraced all around the world. We're a global company. We saw initially a U S on Australia type focused UK. Now it's all over the place and so really relevant everywhere. Oh Phil. I, you know, at least from my standpoint, and I have enough friends of mine in the security industry when we first started coming to the show, I mean security was here, security is not only is so front and center in the discussion of cloud that they had a whole show for it here. So, you know, give us the 2019 view of security inside that the, the broader hybrid cloud discussion here at Reinventure. >>Let me tell you a couple of things. Kind of what we're seeing within our customer base and then what matters from a security perspective. So we see some organizations doing cloud migration, moving workloads to the cloud. A various farms had a couple of meetings yesterday. One was call it evacuating their data center. The other one was celebrating that two weeks ago they closed their data center. So that's a big step. Windows and Linux workloads moving to the cloud and really changing existing security controls to work better in the cloud. But certainly what a lot of these cloud builders are here for is, uh, you know, developing cloud native applications. And originally, you know, back seven, eight years ago, that was on top of what's now seemed like pretty simple services like S three. Now you've got containers and serverless and other platforms that people are using. >>And then the last thing, a lot of companies are establishing a cloud center of excellence and they're trying to optimize their use of the cloud. They still have compliance requirements that they need to achieve. So these are what we see happening and really the challenge for the customer, okay, how do we secure all this? How do we secure the aggressive, aggressive cloud native application development? How do we help a customer achieve compliance easily from a cloud center of excellence? So that's where we see fitting. And we made a big announcement a couple of weeks ago about a new platform that we've created and you know, I'd love to talk to. >>Yeah, let's dig into that. Let's dig into that. But first when we were at was Amazon's first security conference, Dave latte and I were talking about wow, cloud security versus on prem security. And then what's happening here is I had a conversation with someone who was close to the CIA, can't say his or her name and that, and they said cloud has changed the game for them because their cost line was pretty much flat, but the demand for missions, which we're growing scaling. So we're seeing that same dynamic you were referring to it earlier, that cost in data centers is kind of flat, but the demand for application new stuff's happened. So there's a real increased her demand for apps. This is the real driver of how people are flexing and deploying technology. So the security becomes really the built in conversation. Correct. Comment on that dynamic. And what do you recommend while, so here's a couple of things >>as we've seen really. Uh, you know, again, we've been doing cloud security for about a decade and really it was primarily focused on one service of AWS, which is. Now that's a pretty darn big service. And, uh, you know, widely used within their customer base. There's now 170 services I think is the, you know, the most recent number. Um, so developers are embracing all these new services. We acquired a new capability in October company called cloud conformity based in Sydney, Australia. Very focused on AWS analyzes implementations against the AWS well architected framework. So the first step we see for customers is you got to get visibility into your use of the cloud for the security team. What services are being used? Then can you set up a set of security guard rails to allow those services to be used in a secure manner? Then we help our customers turn to more detailed specialized protection of or containers or serverless. So that's what we've recognized ourselves. We had to create a very modest version of what Amazon has created themselves, which is a platform that allows builders to connect to and choose what security services they want >>to help. Lota how broad is your service base? Is it all the services? Are you guys now pick and choose? I can't. It's hard to do all, but yeah, there's the main ones. What are the highlights? >>Yeah, I'll give you the ones where we provide, uh, a very large breadth of protection. So in the, what we're calling cloud one conformity service, so that's this, uh, technology we acquired a couple months ago. Um, it cuts across about 70 services right now and gives you visibility of potential security configuration errors that you have in your environment. Now, if it's in a dev team, maybe not such a big deal, but if it's in production, it is a big deal. Even better, you can scan your cloud formation templates on the way to, to, to being live. Then we have a set of specialized protection that will, you know, will run on a workload and protect it, protect a containerized environment, a library that can sit within a serverless application. So that's kinda how we look at it. >>They'll want, one of the things of going to the more and more cloud for customers is that there's that shared responsibility model. We know that security is everyone's responsibility. It needs to be built in from the ground up. How are your customers doing with that shift and how are they understanding what they need to do? There've been some pretty visible like, Oh wait, I really had to configure that. I'm not about that. And Amazon's trying to close the gap on some, bring us through some of those. >>We've seen a big positive change over the years. Initially I would say that there was what I would call a naive perception that the cloud was magic and it was perfectly secure and that I don't have to worry about it. Right. Amazon did a, did the industry a real favor by establishing the shared responsibility model and making crystal clear what they've got covered that you don't need to worry about anymore as a customer and then what are the capabilities you still need to worry about? They've delivered a set of security tools that help their customers and then they rely on partners like us to deliver a set of more in depth tools to a, you know, specialized markets. >>You actually used a word that we've been talking about a lot this week. Naive. So we said there's, you know, the one letter difference between being cloud native, I mean cloud naive there. What does it mean to be cloud native in the security world? >>Well, I would say what allows you to be so first the most important thing in every customer's mind. I don't care how good the security capabilities you're helping me with. If you're going to slow down the improvements that I've just made to my development life cycle, I'm not interested. So that is the most important thing is are you able to inject your security technology and allow the customer to deliver at the rate that they're currently or continuing to improve? That is by far the most important thing. Then it's are your controls fitting into an environment in a way that that are as easy as possible for the customer? One part that's been very critical for us. We've been a lead adopter of the AWS marketplace allowing customers to procure security technology easily. They don't actually have to talk to us to buy our product. That's pretty revolutionary. >>Talking about the number of breaches that have gone on and what's changed with you guys over the year because new vectors are coming out, there's more surface area. Obviously it's been been discussed what's changed most in years? I'll tell you what we're worried about and what we expect to see. Although I would say the evidence, it's early. Uh, the reality in our traditional data centers, they were so porous at runtime in terms of the infrastructure and vulnerabilities that it was relatively easy for attackers to get in. The cloud has actually improved the level of security because of automation, less configuration errors. Unfortunately, what we expect as attackers to move to the developers move to the dev pipeline, injecting code, not at runtime, but injecting it earlier in the life cycle. We've seen evidence of container images, uh, up on Docker hub getting infected and then developers just pulling in without thinking about it. >>That's where attackers are going to move to the dev pipeline and we need to move some of our security technology to the dev pipeline to help customers defend themselves. What about international geo geo issues around compliance? How is that changing the game or slowing it down or I'd say doubling it or can you talk about that dynamic? Because I'm sure with regions, I'm sure you know, the U S is the most innovative market and the most risk taking market and therefore people move to the cloud quite bravely. Uh, you know, over this over this decade. Um, and some of the markets, so for example, we're Japanese headquartered company, um, in general Japanese companies, you know, really, uh, take into a lot of considerations before they make that type of big bet. But now we're seeing it, we're seeing auto manufacturers, uh, embrace the cloud. So I think those, it was a struggle for us in the early days, how regional the adoption of cloud was. >>That's not the case anymore. It's really a relevant conversation in every one of our markets. Bill, thank you for coming on the Cuban sharing your insights on hybrid cloud security. I got to ask you to end the segment. Yeah. What is going on for you this year? I see hybrids in your title. That's obviously the, the operating model is clouds and are gravity clouds going to the edge or data center and just operating model. What's on your mind this year? What are you trying to do and accomplish? What's, what are you excited about? What we're really excited about was this a product announcement that we made called cloud one and what cloud one is, is a set of security services which customers can access through, you know, common, uh, common access, common billing infrastructure, common cloud account management, and choose what to use. You know, Andy put it pretty well in his keynote where, you know, he talked about, he doesn't think of AWS as, as a Swiss army knife. >>He thinks of it as a specialized set of tools that builders get to adopt. We want to create a set of security tools in a similar way where customers can choose which of these specialized security services that they want to adopt. Bill, great pleasure to meet you and have this conversation pro and then security area entrepreneur sold this company to trend micro. This is the hybrid world is all about the cloud operating model. So all about agility and getting things done with application developers, just cube bringing you all the data from re-invent. Stay with us for more coverage after this short break.

>>live from Las Vegas. It's the Cube covering Splunk dot com. 19. Brought to You by spunk. >>Hey, welcome back. Everyone's live Cube coverage in Las Vegas. That's plunks dot com. 2019 thistles their annual customer conference, where they unleash all the new technologies, announce all the new things. Everyone's here. It's the 10th anniversary of Splunk dot com cubes. Seventh year we've been covering slung been quite the journey from scrappy, startup going public growth phase. Now market leader on Outside has to come to success from the products and the engineering. And, of course, the people in the field that that served customers. And we're here with Susan St Leger, who's the president of worldwide field operations. Thanks for coming back to see you. >>Thank you, John. It's exciting to be here. >>So in the keynote, bringing data to every outcome is really the theme. Um, you seem to got a spring to your step here. You excited this year? What an amazing successful show because you got a platform. But the proof is out there. You got that ecosystem. You got people building APS on top of it. It's kind of all coming together this year, >>It sure is experience. It's it's it's just it's a huge leap forward, and I think so. Much of it is a vision of data to everything. And if you think about it, we talk about. We want to bring data to every question, every problem in every action. And the biggest thing you're going to see that you did see in the show is it's no longer just about the Splunk index. We're going to help you get you get value out of data wherever it lives. >>You had some big news on acquisition front Signal FX. Big chunk of change for that company. Private hot category. Observe ability, which really taste is out. That next 20 mile stare in the marketplace, which is cloud native. >>That's a >>cloud Service is, which comes together in the platform with logging coming together. >>Yeah, so exciting Way looked hard at that entire market, and signal FX was definitely the right answer. They operated a scale similar to us. They know how to how to operate it that scale, and so they're gonna be able to serve our customers well. And our view of the world is it's going to be hybrid for a very long time. But they serve that new cloud native world better than anybody else. It's It's when you do monitoring the cloud native world. It's really interesting to think about it. It's all made up of Micro service is right. So thousands of Micro Service's hundreds, thousands of Micro Service's and so in traditional monitoring, it's always you're tryingto monitor things you know could go wrong. In a microt service landscape, you don't know everything that could possibly go wrong. And so it's a level of complexity that's just very different. And so it's all about instrument ing, so that when something does go wrong, you can solve it. >>You guys have a very loyal based customer base, and that's again testament success. But the product has changed, and the value problems is emerging even further with data. That's a big theme. Data to everywhere, everything and security has come up on the radar a few years ago, here, the show. But this almost is a full blown security show at this point, because security center of everything you can't ignore it's become a centerpiece of everything data, the access to the diversity, How is that impacting the field because you're not. I mean, I guess you're a security company enabler and solve security problems. Date is a big part of it. Sure, I was at shaping your operations, >>So I think the thing to understand is correct. We're not just a security company, but we are number one in the security Magic quadrant. We're number one in both I. D. C and Gardner, and so that's important. But what happens is all the data the equal act for security can also be used for all these other use cases. So, generally speaking, whatever you're collecting for security is also valuable for I t operations, and it's also valuable for many other use cases. So I'll give you an example. Dominoes, which is a great customer of ours. They're gone 65% of their orders now come in digitally, okay? And so they monitor the entire intend customer experience. But they monitor it not only from a nightie operations perspective. That same data that they used righty operations also tells them you know what's being ordered, what special orders are being made and they use that data for promotions based upon volume and traffic and timing. they actually create promotion. So now you're talking about the same data that he collected for security night operations you can actually use for promotions, which is marketing is >>not a lot of operating leverage in data. You're getting out this. The old model was is a database. Make a queer. You get a report. Little time problem there. But now you have. Well, that other date is over there in another database. Who runs that data? So the world has certainly changes now, data needs to be addressable. This seems to be a big theme here on undercurrent. I know data to everywhere is kind of global theme, but don't diverse data feeds a I cracked and address ability allows for application access. >>Correct. So we look at the entire data landscape and say, we want to help you get data value out of your data wherever it lives. And it's right now, we've changed to the point where we are operating on data in motion, which is with data stream processor, which is hugely beneficial. You mentioned you know, a I m l way actually do something so unique from an ML perspective because we're actually doing the ml on the live streaming so, so much more valuable than doing it in batch mode. And so the ability to create those ML models by working on live data is super powerful. >>Good announcement. So you guys had the data processor. You have the search fabric, >>data fabric search, >>real time and acceleration our themes there. I want to get your thoughts on your new pricing options. Yes. Why now? What's that mean for customers? >>So if we want to bring data to everything, we have to allow them to actually get all the data right? So we needed to give them more flexible models and more alternative models. So for some people and just motto is very comfortable. But what they want it was more flexibility. So if you look at our new traunch pricing are predictable pricing, there's a couple of things that we've done with it. Number one is from 125 gig all the way up to unlimited. We'll show your predictable pricing so you don't have to guess. Well, if I move from 20 terabytes 2 50 what's that gonna cost me? We're gonna tell you, and you're gonna know and so That's one. The second thing is you don't have to land on the exact ingest. So before, if you bought a terabyte, you got a terabyte. Right now there's a traunch from 1 to 2 terabytes. There's a trunk from 2 to 5 terabytes. And so it gives the customers flexibility so that they don't have to worry about it coming back to buy more right away. >>So that's kind of cloud by as you go variable pricing. Exactly. I want your thoughts on some of the sales motions and position and you guys have out in the field. Visa VI. The industry has seen a lot of success and say Observe ability. For instance, Southern to Rick and Kartik About this. Yes, you guys are an enterprise software cloud and on premises provider you Enterprise sales motion. >>Yes, >>there's a lot of other competition up there that sells for the SNB. They're like tools. What's the difference between an offering that might look like Splunk but may be targeting the SNB? Small means business and one that needs to be full blown enterprise. >>Yeah, so I think the first and foremost most of the offerings that we see land in S and B. They have scale issues over time, I and so what we look at it and say is and they're mostly point products, right? So you can you can clutter up your environment with a bunch of point products, doing all these different things and try and stitch them together. Or you can go with this fun clock for him. So which allows you thio perform all of the same operations, whether B I t Security or Data Analytics in general. But it really isn't. It's about having the platform. >>You guys, what reduced the steps it takes to implement our What's the value? I guess. Here's Here's the thing. What's the pitch? So I'm on Enterprise. I'm like, Okay, I kept Dad. I got a lot of potential things going on platform. I need to make my data work for me any day to be everywhere. I au g Enterprise Cloud. What's the Splunk pitch? >>So our pitches were bringing dated everything, and first and foremost it's important. Understand why? Because we believe at the heart of every problem is a data problem. And we're not just talking t and security. As you know, you saw so many examples. I think you talk to his own haven earlier this week. Right? Wildfires is a data problem New York Presbyterian is using using us for opioid crisis. Right? That's a data problem. So everything's a data problem. What you want is a platform that can operate against that data and remove the barriers between data and action. And that's really what we're focused on. >>He mentions own haven that was part of Splunk Ventures Fund. You have a social impact fund? Yes, what's the motivation line that is just for social good? Is there a business reason behind it or both? >>What's this? So we actually have to social focuses. One is long for good, and that is non profit. What we announced this, what we announced a couple weeks ago that we reiterated yesterday was the spunk, social impact funds, a splint venture social impact fund, and this is to invest in for profit companies using data for social good. And the whole reason is that we look at it and so we say we're a platform. If you're a platform, you want to build out the ecosystem, right? And so the Splunk Innovation Fund splint Ventures Innovation Fund is to invest in new technology focused on that that brings value out of data. And on the other side, it's the spunk. Social impact. Thio get data companies that are taking data and creating such a >>Splunk for good as Splunk employees or a separate nonprofit. And >>it's not a separate nonprofit entity, but it is what we what we invest in. Okay. >>Oh, investing in >>investing in non for profit. Exactly like when we talked about the Global Emancipation Network right, which uses Splunk to fight human trafficking. That's on the nonprofit side. >>So take me through. This is a really hot area we've been covering for good because all roads I want now is for bad. Mark Zuckerberg's testifying from the Congress this morning kind of weird to watch that, actually, but there's a lot of good use cases. Tech tech can be shaped for good. A lot of companies are starting and getting off the ground for good things, but they're kind of like SMB, but they want the Splunk benefit. How do they engage with spunk if I'm gonna do ah social impact thing say cube for good? I got all this Tech. How do I engage punk? I wanted, but I don't know what to do. Have access to tools? How do I buy or engage with Splunk? >>Yes, start parties. Fund managers is making sure it's not just money, right? It's money, its access to talent. It's access to our product. And it's, you know, help with actually thinking through what they're trying to achieve, so it really is the entire focus. It's not just about the tech, Thea. Other thing I would say is you saw that we put out a Splunk investigate, and you also saw us talking about spunk, business slow and mission control. Those air now all built on a native SAS platform. And so the ability for our ecosystem now to go build on a native son platform is going to be incredibly powerful. >>So you expect more accelerated opportunities that all right, what's your favorite customer success stories? I know it's hard to pick your favorites, like picking a favorite child may be filled with the categories. Most ambitious class clown class favorite me. What's the ones you would call a really strong, >>so hit on a couple of my lover Domino story and the other one that I love, that I touched on. But I want to expand on because I think it's an amazing story. Is New York Presbyterian on using the Yes See you sprung for traditional security for private patient privacy. They also use it for medical devices. But here's the thing they use it for to help the opioid crisis. And you're like, How is opioid crisis a data problem? What they do is they actually correlate all the data that so doctors are prescribing the opioids who they're prescribing them to a number of prescriptions being building their pharmacy and then the inventory of opioids. Because they actually have sensors on all the cabinets where they get the opioids, they correlate all the data, and they make sure that if they understand if opioids being stolen from the hospital, because what people don't understand is that the opioid a lot of big part of the opioid crisis starts with hospitals to say of such a big volume of opioids. And so that, to me, is just I guess I love it because it's a great customer success story. But it's also again, it's so much fun doing good problem. >>A lot of deaths. I gotta ask you around your favorite moments here dot com, and you're a lot of conversations in your customer conversations this year. Let's do a little Splunk of the Cube right now can take the patterns, all the data, your meetings. What's the top patterns that are emerging? What are some of the top conversation themes that just keep popping up with customer? Specifically, >>I think the biggest thing is that they have seen more innovation unleash this year than they have ever seen in one year from Splunk. The other thing is that we've gone far outside of our traditional spunk index right and that the portfolio has grown so much and that we're allowing them to operate and get value out of the data wherever it lives. So data in motion and then you saw in data fabric search. We'll let you query not only the Splunk indices, but also H D. F s and s three buckets and more buckets to come. So more sinks if you will. So, really, what we're trying to do is say, we're just going to be your date a platform to help you get value >>Susan, you're a great leader and slung. Congratulations on your success again. They continue to grow every year. Splunk defies the critics. Now you're a market leader. Culture is a big part of this. What is your plans this year To take it to the next level? You're president of field worldwide, field operations, global business landscape. What are some of your goals and objectives on culture >>and the culture? So thank you, Jon. First of all, for your comments and were so committed to our culture, I think you know, as you grow so quickly, it takes a real effort to stay focused on culture way, have an incredible diversity and inclusion program. Onda We do way. It's a business imperative for us. Every single leader has diversity, diversity, inclusion, focuses and targets. And so I think that's a huge part of our culture. And the reason I say that, John, I don't know if you've ever heard about a 1,000,000 data points. Did anybody ever way Always talk about, you know in different different settings will share a couple of our 1,000,000 data points. What we want to make sure is a culture is that way. >>We >>have our employees showing up with their authentic self and because you do your best work when you can show up is your authentic self. And so we have people share a handful of their 1,000,000 data points at all different times throughout the year to get to know each other as individuals, as human beings and really understand what matters to each other. And I love that 1,000,000 data points culture, and I got that. We truly live it. And again it's It's about authenticity. And so I think that's what makes us incredibly special. >>And inclusion helps that trust >>fund elaboration, yes, and also just add to that. We're very proud of the fact that we made the fortune list this year for best places to work for women. So it shows that our focus, you know, we started. We started revealing our metrics just about two years ago, and we've had significant improvement way. Believe that what you focus on what you measure is what you improve. So we started measuring and improving it, and this year we made the list for a fortune that's called walking. It is Congratulations. Thank you. We're very excited about >>awesome on global expansion. I'm assuming is on the radar. Well, >>always, especially at this point. We're ready to double down and some of the tier one mark. It's a lovely for sure >>wasn't saying. Legend. President of worldwide field operations here inside the Cube. Where day to slung dot com 10th anniversary of their customer conference Our seventh year covering Splunk Amazing Ride They continue to ride the big wave. Thats a Q bring you all the data on insights here. I'm John Ferrier. Thanks for watching.

>>From Miami beach, Florida. It's the cube covering a Cronus global cyber summit 2019. Brought to you by Acronis. >>So Ron, welcome back to the keeps coverage of kronas cyber global cyber summit 2019. I'm John furrier here in Miami beach. Our next guest is Pat Hurley, vice president, general manager of the Americas in sales and customer relationships. Get Debbie Juan. Hey, thanks for having me. Welcome to Miami beach. Lovely place to have an event. So I hear ya. You got a lot of competition going on between the U S America's in the AMIA teens and it's very competitive group. >> The European team is very confident. I think we'll show them tomorrow what we're made of. We've been recruited very hard for some players that are Latin American. I think we'll show them a finger too. You've got a big soccer story there. We do. Yeah. We've, uh, we've got a few sports partnerships that we have across the globe. Uh, some of the first partnerships we had were actually within formula one. >>And we really try to correlate the story of the importance of, uh, data protection and cyber protection in the sporting industry because a lot of people don't think about the amount of data that's actually being generated in the space. A formula one car generates between, you know, two and three terabyte through three gigabytes of data on every lap, tons of telemetry devices that are kicked, collecting information from the car, from the road service, from the, the general environment. They're taking that data and then sending it back to the headquarter, analyzing it and making very small improvements to the car to make sure that they can qualify faster, run a faster lap, make the right type of angle into a turn, uh, which can really differentiate them from being, you know, first, second, third, 10th in a qualifying session. On the soccer side. We do have some partnerships with uh, arsenal, Manchester city, inter Milan, and we just signed a partnership as well with Liverpool. >>So we are very popping in that space here in the U S we have some other sports that we're big fans of. I'm personally a big Boston red Sox fan, being a Boston native and we do have a sports partnership with the red Sox, which has been an unbelievable partnership with them. And learning more about the use cases that they solve and using our technology has been really cool. >> You know, Patty, you bring up the sports thing and we were kidding before we on camera around the trading, you know how people do sports deals and they trade, you know, merchandise for consumer benefit or customer benefits. But really what is happening is sports teams encapsulate really the digital transformation in a nutshell because most sports franchises are, have been traditionally behind. But now with the consumerization of it and digital can go back to 2007 since the mobile phone. >>Really, I mean it's iPhone. Yeah. Since that time, sports and capsulates every aspect of it, consumer business fan experience. And it really has every, every, almost every element of what we see now as a global IOT problem opportunity. So it really encapsulates the use case of an integrated and and needed solution. Oh yeah, absolutely. I mean, if you think about the amount of data that's, that's out there today and the fast way that it's growing, you know, the explosion of, uh, of data in the, in the world today, sports have different unique challenges. So obviously they have large fan bases that need to be able to access the data and understand what's going on with their favorite sports teams. Um, for us it's really, you know, these technology partnerships that we have with these guys, it runs through all these different areas of, you know, in many cases we didn't really understand that they were using it for. >>So, you know, the red Sox for example, they've got Fenway park and iconic stadium, you know, the Mecca of baseball. If you haven't been there yet, I suggest all your viewers that they go and check it out, give me a call, we'll try and get you set up there. But, um, you know, the, the, the experience that the fans have there is all around their data experienced there. Right? And it's not just baseball games. It could be hockey games that Fenway park, it could be a concert that they're having. A phone buys a lot of different events. These stadiums are open year round and the ability to move, share access, protect the data in that stadium is really important to how they're functioning as an organization. We talked to their I-Team quite regularly about how they're using our solutions. They're talking about uh, different aspects of artificial intelligence, different ways they can use our products and machine learning. >>Obviously with the new solutions that we have in the market today around cybersecurity or helping them to address other challenges that they face. Um, as an organization, these are realtime challenges in their physical locations, national security issues, terrorist attacks could happen. There are venues, there are public gathering places too. Absolutely. We announced our partnership with them back in may and I was shocked to hear them on the main stage announcing that they had this great partnership with the Kronos was talking about their unique cyber security needs. They started talking about drone technology and I'm thinking, all right, a drone flies in the stadium. Maybe at breaks and it falls on a player and we're paying $20 million for one of these pitchers to be out there on the Hill or an interest, a fan or maybe they're collecting some video data to then share it out. >>And that's red Sox IP. No, they're talking about cybersecurity threats in the sense that a drone, a remotely controlled device could come in and lightened incendiary device in the, in the stadium and that to them as a real security server. And that's frontline for the it guys. That's what keeps them up at night. Yeah. And that's really an attack take time. Oh yeah, absolutely. What are the use cases that are coming out of some of your customers, cause you guys have a unique integrated solution with a platform as an end to end component too. You have a holistic view on data, which is interesting and unique. People are kind of figuring this out, but you guys are ahead of the game. What are some of the use cases that you've seen in the field with customers that highlight the benefits of taking a holistic view of the data? >>Yeah, absolutely. So we look at it as kind of backups dead, right? We have, we've combined the old world of backup and disaster recovery with the new world of cybersecurity and we combine that to a term we're calling cyber protection because it really requires an end to end solution and a lot of different things need to be working properly to prevent these attacks from happening. Uh, you need to be very proactive in how you're going about that. We address it with what we call 'em, the Kronos cyber platform. And what this is, is a unique, multi-tiered multi-tenant offering that's designed specifically for service providers. We have just under 6,000 servers, providers actively selling our cyber protection solutions today and they use this for are for a multiple different aspects. And usually the beachhead has something like backup. Every company needs backup. It's more of a commodity type solutions, a lot of different players in the game out there, but they take it a step further, use that same backup technology to then do disaster recovery. >>They can do files, they can share, they can do monitoring. We have notary solutions based on blockchain technologies. Now, this whole suite of cybersecurity solutions, all of this is with a single pane of glass, one platform that of a service provider can go in and work with their customers and make sure that their data is protected, make sure that their physical machines are virtual machines, they're PCs, their Macs are all protected, that data's protected, it's secure, but it's also accessible, which is an important part of you can take your data wrapping a nice bow buried a hundred feet underground, but then you can't use it, right? So you want to be able to make sure that you can actually, uh, leverage the technology there. Um, we've seen explosive growth, especially in, in my market. I think the numbers are pretty crazy. It's something like 90% of the market today in the U S has served in some capacity by a service provider. >>And this could be a small to medium size business that's served by local service fire to those really big guys that are out there. Let's on with how large your target audience, you mentioned search probably multiple times when you're out selling your target persona, your target audience, and you're trying to reach into, so we touch, everybody know, you equate it to kind of what we do with the red Sox, right? You walk into that city and the 38,000 people that, well, some of those people are just, you know, regular Joe's, right? They, they go to work every day. They have a computer at home, they have a mobile device. They probably have multiple mobile devices. We protect that for them. We call them a consumer. Slash. Prosumers. We work at a lot of very large retail organizations. If you walk into some of those shops today, you'll be able to see our software on a shelf there. >>You work with one of those tech squads where they're starting to attach services to it and you get more of a complete offering there. We then scale up a little bit further to some OEM providers. You work with companies like Honeywell and Emerson that are manufacturing devices that embed our software on there. They white label it and deliver it out. These are connected devices. You think about the, you know the, the explosion of IOT devices in the market today. We're protecting that stuff as well. We work with very large enterprises, so some of the, the major players that you see in the manufacturing space are standing up standardizing on Acronis process control process automation vendors are using our Chronis and we can deliver the solution because of the way it's so flexible in a very consumable way for them. Those enterprises can actually act as a service provider for their employees so we can actually take our technology, deploy the layer in their infrastructure where they have complete control. >>They might not want to be in an Uber cloud, they might not want to work with Chrome OS data center. They want to have and hold that data. They want to make sure it's on site. We enable that type of functionality and then the fastest growing area for us is what I hit on earlier within the service provider community. We're recruiting hundreds of service providers every quarter. We've got some great partners here. Give you an example of a service provider. You mentioned the red size, I'm assuming is that a vendor that might be working within that organization, but still it sounds like that's a supplier to the red Sox. How, how broad is that definition? It gives us many points. Yeah, it's a really good point. So we work with hosting providers. Look, can be regional hosting providers to multinational hosting providers. Some of the very big names that you've, you're probably familiar with. >>We work with, uh, we work with, uh, telco providers who work with ISV providers or sorry, ISP providers, um, kind of regional telco providers that provide a myriad of different services all the way down to your kind of local mom and pop type service providers where you've got a small business, maybe they've got 30 to 50 employees, they're servicing probably 200 to 300 customers and they want to provide a very secure, safe, easy to use complete solution to their customers. Uh, those could be focused on certain verticals so they could be focused on healthcare, financial services, construction, et cetera. Um, we have some that are very niche within like dental services or chiropractice offices, small regional doctor's offices. Uh, and the, the beauty of that, and I was getting the partners earlier, is we have partnerships with companies like ConnectWise where those are tools that service providers are using on a very daily basis. >>So essentially the platform gives you that range and that's the typical typical platform. So you have that broad horizontally scalable capability and the domain expertise either be what solution from you guys or can ISV or someone within your ecosystem is that they get that. Right? Absolutely. And that's what really differentiates us is our ability to integrate into that plat, into our platform, into their platform and make those connections. So you don't need to learn 12, 14, 15 different technologies. You've got a small suite of offerings in a single pane of glass, very easy to use, very intuitive. Um, the integrations that we have with these partners like ConnectWise, like Ingram micro, really differentiate us because what they do is they provide open API capabilities. They provide software development kits where these partners can go ahead and build it the way they want to sell it. >>You know, it's interesting when the cloud came out and as on premise has changed to a much more agile dev ops kind of mindset that forced it to think like a service provider. I think like an operating system, it's an operating environment basically. So that service provides an interesting angle and I want to get your thoughts on this because I think this is where you guys have such a unique opportunity to just integrate solution because you could get into anything and you got ISV to back that up. So I guess the question I would have is for that enterprise that's out there that's looking to refactor and replatform their entire operation, or it could be a large enterprise, it has a huge IOT opportunity or challenge or a service provider is looking at having a solution. What's the pitch that you would give me if I'm the one of those customers? >>Say, Hey Pat, what's the pitch? So you need a, you need a trusted provider that's been in the business for a number of years that understands the data protection and security markets that Kronos has that brand. We've been doing this for about 16 years. We were founded in Singapore, we're headquartered out of Switzerland and we've got a lot of really smart guys in the back room. Was building good technologies that our partners were able to use. Um, we look at it a lot of different ways. I mentioned our go to market across a lot of different verticals and a lot of different um, kind of routes for those. The way we deliver our solution. It provides the flexibility for an enterprise to a classic reseller to um, you know, a VAR or a service, right? It's delivering services. It can be delivered to those guys how they want to consume it. >>So as an example, we may work with a smaller service provider that doesn't have any colo capabilities. We provide data centers so they could have a very quick turnkey solution, allows them to get up and running with their business, selling backup within minutes to their customers. We can also work with very large enterprises where we can deliver the complete platform to them and then they have complete control over it. We sprinkle in some professional services to make sure that we're giving them the support that they need and then they're running the service for themselves. What we've really seen in terms of a trend is that a lot of these VARs, we have about 4,500 of them in North America and they're starting to look at their businesses differently. Say, I gotta adapt or die here. I gotta figure out what my next business model is. >>How am I going to be the next one that's in the news flash that says, Hey, they've been acquired, or Hey Thoma Bravo made a big investment in me. Right? They need to convert to this services business or Kronos enables that transformation to happen. I mean, I can see you guys really making money for channel partners because they want solutions. They want to touch the customer, they want to maybe add something they could bring into it or have high service gross profits around services. Absolutely. So, yeah, our solution is unique in the sense that allows partners to sell multiple offerings to, you're getting an additional layer of stickiness providing multiple solutions to a customer. You're using the same technology, so your it team is very familiar with what they're using on a daily basis. Um, you're reducing the amount of churn for your customers because you're selling so much additional there that they're really stuck with you. >>That's a good thing. Uh, and beyond that, your increasing ARPU, average revenue per user is a key metric that all of our partners are looking at. And these guys are owner operators, right? They're business owners. They're looking at the bottom line. I mean, it's interesting the operating leverage around the consistent platform just lowers, it gives them software economic model. They can get more profit over time as they make that investment look at at the end of the day, channel partners care about a couple things, money, profit and customer happiness. Absolutely. And it helps to have them want to have a lot of one offs and a lot of, you know, training, you know, anything complicated, anything confusing, anything that requires a lot of resources, they're not going to like a, it's also great to have events like this where you're able to, to press the flesh with these guys and, and being face to face and understand their real world challenges that they're dealing with on a daily basis. >>How has the sport's a solution set that you've been involved in? How has that changed the culture of Acronis? Is that, has that, has that changed as, you know, sports is fun. People love sports, they have real problems. It's a really great use case as well. How's that change the culture? It's been amazing. I, so one from a branding perspective, we are a lot more recognized, right? Um, the most important thing about these partnerships for us is that they're actually using the technology. So, you know, we've got the red Sox here with us today. We've got arsenal represented, we've got Williams, we've got Roush racing, we've got a NASCAR car back here. Um, they use our technology on a daily basis and for each one of them we solve different types of use cases. Whether it's sending them large amount of video data from an essence studio over to Fenway park, or if it's a scout out in the field that needs to send information back and their laptop crashes, how do they recover? >>A lot of these different use cases, you can call them right back to a small business owner. You don't have to be a multibillion dollar sports organization with the same challenge. Well, I'm smiling because we've been called the ESPN of tech to they bring our set. We do let the game day thing. We certainly could love to come join you in all these marquee events that you have. We'd love to have it. Yeah, so if you follow us on social, we're out there and that, that's a big part of it. You mentioned one of ours looking for what our partners looking for. They want a personal relationship too. A lot of that goes away with technology nowadays and being able to really generate that type of a, of a personal relationship. These partnerships enable that to happen and they're very anything, I don't know anything about cars. >>We started partnering with formula one. All of a sudden I know everything about 41 I go to these races. I tell everybody I don't know anything about cars and I ended up being the, the subject matter export for him over over the weekend. So we'd love to have you guys join us. We'd love all of our partners. They get more engaged in the sports aspect of it because for us, it really is something that, um, again, they're using us in real life scenarios. We're not paying to put a sticker on a car that's going 300 miles. It's not traveling as a real partnership. Exactly. Pat, congratulations on your success and good luck on people owning away the numbers. Congratulations. Thank you very much. Just the cube coverage here at the Chronis global cyber summit 2019 I'm John furry. More coverage after this short break.

>> from Burlingame, California It's the Cube covering Suma logic Illuminate 2019. Brought to You by Sumer Logic. >> Hey, welcome back, everybody. Jeffrey here with the Cube worth, assume a logic illuminate 2019 of it. It's at the Hyatt Regency San Francisco airport. About 809 100 people are second year. It's a 30 year of the event, excited to be here and watch it grow. We've seen a bunch of these things grow from little to bigger over a number of years, and it's always funded kind of beer for the zenith. We're excited to do it by our next guest. She's an analyst. It's Nancy Goering, senior analyst for 4 51 research. Nancy, great to see you. >> Thank you for having me. >> Absolutely so first off, Just kind of impressions of the event here. >> Yeah, good stuff. You know, like he's definitely trying to, you know, get on top of some of the big trends. You know, The big news here was their new Cooper nineties monitoring, also obviously kind of staying on the the leading edge of the cloud. Native Technologies. >> It's it's amazing how fast it's growing, you know, doing some research for this. Then I found some of your stuff out on the Internet and just one quote. I think it's from years ago, but just for people to kind of understand the scale, I think, he said, Google was launching four billion containers a week. Twitter had 12,000. Service is uber 4000. Micro service is Yelp and Justin 25 million data points per minute. I think this is like a two or three year old presentation. I mean, the scale in which the data is moving is astronomical. >> Yeah, well, I mean, if you think of Google launching four billion containers every week, they're collecting a number of different data points about a container spinning up about the operation of that container while it's alive about the container spinning down. So it's not even just four billion pieces of data. It's, you know, multiply that by 10 20 or many more. So, yeah, So the volume of operations dated that people are faced with is just, you know, out of this world, and some of that is beginning to get abstracted away, terms of what you need to look at. So, you know, Kubernetes is an orchestration engine so that's helping move things around. You still need to collect that data to inform automation tools, right? So even if you was, even if humans aren't really looking at it, it's being used to drive automation, right? It still has to be collected, >> right, And they're still configurations and settings and and dials. And it seems like a lot of the breaches that we hear about today are people just miss configuring something on us. It's human error. And so how do we kind of square the circle? Because the date is only growing. The quantity sources, the complexity, Yeah, the lack of structure. And that's before we had a I ot And now we got edge devices and they're all reporting in from from home. Yeah, crazy problem. It's >> really, I think, driving a lot of the investments in the focus and more sophisticated analytics, right? So that's why you're hearing a lot more about machine learning. And a I in this space is because humans can't just look at that huge volume >> of data and >> figure out what it means. So the development of machine learning tools, for instance, is gonna pull out a piece of data that's important. Here is the anomaly. This is the thing you should be paying attention to. Andi, obviously getting increasingly sophisticated, right? In terms of correlating data from different parts of your infrastructure in order to yet make sense of it, >> right? And then, Oh, by the way, they're all made up of micro service is a literal interconnected in AP eyes. The third party providers. Yeah. I mean, the complexity is ridicu >> and then, you know, and I've been actually thinking and talking a lot recently about organizational issues within companies that exacerbate some of these challenges. So you mentioned Micro Service is so ah, lot of times, you know, you've got Dev ops groups and an individual Dev Ops group is responsible for a or multiple. Micro service is right. They're all running, sort of autonomous. They're doing their own thing, right? So they could move quickly. But is there anybody overseeing the application that's made up of maybe 1000 Micro Service's? And in some cases, the answer is no. And so it may look like all the Micro Service's are operating well, but the user experience actually is not good, and no one really notices until the user starts complaining. So it's like things start. You know, you have to think about organizational things. Who's responsible for that, right? You know, if you're on a Dev ops team and your job has been to support the certain service's and not the whole, like who's responsible for the whole application and that's it's a challenge, it's something. Actually, in our surveys, we're hearing from people that they're looking for people that skill set, someone who understands how to look at Micro Service's as they work together to deliver a service, right? It's it's a It's a pain point. Shouldn't >> the project the product manager for that application would hopefully have some instances abilities to kind of what they're trying to optimize for? >> In some cases, they're not technical enough, right? A product manager doesn't necessarily have the depth to know that, or they're not used to using the types of tools that the Dev Ops team or the operations team would use to track the performance of an application. So sometimes it's just a matter of having the right tooling in front of them, >> and then even the performance I was like What do you optimizing four you optimized for security up the mind thing for speed are optimizing for yeah, you can optimize for everything if you got a stack rank order at some point in time. So that would also then drive in a different prioritization or the way that you look at those doctorsservices performance. Yeah, interesting. It's another big topic that comes up often is the vision of a single pane of glass in You know, I can't help but think is in my work day. You know how often I'm tabbing between, you know, sales force and email and slack and asana and, um, a couple of browsers air open. I mean, it's it's it's bananas, you know, it's no longer just that that email is the only thing that's open on my desk all day and only imagine the Dev Ops world. No, we saw just crazy complexity around again, managing all the micro service's of the AP eyes. So what's kind of the story? What are you seeing in kind of the development of that? And there's so many vendors now, and so many service is yeah, it's not just we're just gonna put in HB open view, and that's the standard, and that's what we're all right on. >> So if you're looking at it from the lens of of monitoring or observe ability or performance. Traditionally, you had different tools that looked at, say, different layers of a service, so you had a tool that was looking at infrastructure. Was your infrastructure monitoring tool. You had an application performance monitoring tool. You might have a network performance monitoring tool. You might have point tools that are looking just at the data base layer. But as things get more complicated, Azadliq ations are getting much more complex. Looking at that data in a silo tool tends to obscure the bigger picture. You don't understand when you're looking at the's separate tools how some piece of infrastructure might be impacting the application, for instance. And so the idea is to bring all of that operations data about the performance of an application in tow. One spot where you can run again, these more sophisticated analytics so that you can understand the relationship between the different layers of the application stack also horizontally, right? So how micro service's that are dependent on each other? How one micro service might be impacting the performance of another. So that's conceptually the idea behind having a single pane of glass. Now the execution can happen in a bunch of different ways, so you can have one vendor. There are vendors that are growing horizontally, so they're collecting data across the stack. And there's other vendors that are positioning themselves as that sort of central data repositories, so they may not directly collect all of that data. But they might in just some data that another monitoring vendor has collected. So there's an end. You know, there's there's always going to be good arguments for best of breed tools, right? So, you know, in most cases, businesses are not going to settle on just one monitoring tool that does it all. But that's conceptually the reason, right, and you want to bring all of this data together. However you get it, however, it's being collected so that you can analyze it and understand that big picture performance of a complicated application, >> right? But then, even then, as you said, you don't even want, you're not really monitoring the application performance per se. You're just waiting for the you're waiting for some of those needles to fall out of the haystack because you just you just can't get that much stuff. And you know, it's where do you focus your priority? You know what's most critical? What needs attention now. And if without a machine to help kind of point you in the right direction, you're gonna have a hard time finding that needle. >> And there's a lot of different approaches that are beginning to develop. So one is this idea of SL owes or service level objectives. And so, for instance, a really common service level objective that teams are looking at is Leighton. See, So this Leighton see of the service should never drop under whatever ah 100 milliseconds. And and if it does, I want to be alerted. And also if it drops below that objective for a certain amount of time, that can actually help you as a team. Allocate, resource is so if you're not living up to that service level objective, maybe you should shift some people's time toe working on improving the application instead of developing a new feature, right? So it can really help you prioritize your time because you know what? There was a time when people in operations teams or Dev. Ops teams had a really hard time, and they still d'oh figuring out which problems are important because you've always people always have a lot of performance problems going on. So which do you focus your time on? And it's been pretty opaque. It's hard to see. Is this performance impacting the bottom line of my business? Is this impacting? You know, my customers? Are we losing business over this? Like that's That's a really common question that people I can't answer, right? So there you people are beginning to develop these approaches to try to figure out how to prioritize work on performance problems. It's >> interesting because the other one that and some of you mentioned before is kind of this post incident review instead of a post boredom. And, you know, you talked about culture and words matter, and I think that's a really interesting take because it's it's it implies we're gonna learn, and we're gonna go forward. It's dead. Um, yeah, you know, we're gonna yell at each other and someone's gonna get blamed. That's exactly it. And we're going to move on. So, you know, how is that kind of evolved in. And how does that really help organizations do a better job? >> There's, I mean, there's there's much more of a focus on setting aside time to do that kind of analysis, right? So look at how we're performing as a team. Look at how we responded to an incident so that you can find ways that you can do better next time and some of that Israel tactical right? It's tweaking alerts. Did we not get an alert? You know, did we not even know this problem was happening? So maybe you build new alerts or sport get rid of a bunch of alerts that did nothing. You know, there's there's a lot you can learn on again to To your point, I think part of the reason people have started calling in a post Incident review instead of a postmortem is because yet you don't want that to be a session where people are feeling like Blaine. You know, this is my fault. I screwed up. I spent way too long on this, so I >> had to >> set things out properly. It's it's meant to be productive. Let's find the weak points and fill them right. Fill those gaps. >> It's funny you had another. There's another thing I found where you were talking about not not necessarily the Post Borden, but you know, people, people being much more proactive, much more, you know, thoughtful as to how they are going to take care of these things. And it is really more of a social cultural change unnecessarily. The technical piece that culture pieces. So so >> it is and especially, you know, right now there's a lot of focus on on tooling and that can cause some, you know, interesting issues. So, you know, especially in an organization that has really adopted Dev ops practices like the idea of a Dev Ops team is that it's very autonomous. They do what they do, what they need to do right to move fast and to get the job done. And that often includes choosing your own tools, but that that has created a number of problems, especially in monitoring. So if you have 100 Dev ops teams and they all have chosen their own, monitoring tools like this is not efficient, so it's not. It's not a good idea because those tools aren't talking to each other, even though they're micro service's that are dependent on each other. It's inefficient. From a business perspective. You've got all these relationships with vendors, and in some cases, with a single vendor, you might have 50 instances of the same monitoring tool that you know you have 50 accounts with them, like that's just totally inefficient. And then you've got people on a Dev ops, an individual, all the all the individual Dev ops teams have a person who's supposed to be the resident expert in these tools, like maybe you should share that knowledge across. But my point is, you get into the situation where you have hundreds of monitoring tools, sometimes 40 50 monitoring tools. You realize that's a problem. How do you address that problem? Because you're gonna have to go out and tell people you can't use this tool that you love. That helps you do your job that you chose. And so again, this whole cultural question comes out like, How do you manage that transition in a way that's gonna be productive? >> Thea other one that you brought up that was interesting is where the the sport team basically tells the business team you only have X number of incidents. We're gonna give you a budget. Yeah, exceed the budget. We're not going to help you. It's a really different way to think about prioritization. I >> don't necessarily think that's a great approach, but I mean, there was somebody who did that, but I think it's kind of it's kind of >> an interesting thing. And you talked about it in that. I think it was one of your presentations or speeches where, you know, it makes you kind of rethink. You know, why do we have so many incidents? Yeah, and there shouldn't be that many incidents, and maybe some of the responsibility should be shifted to think about why in the how and is more of a systemic problem than a feature problem or a bug, right? It's a broken code. So again, I think there's so many kind of cultural opportunities to rethink this. In a world of continuous development, continuous publishing and continuous pushing out of new code. Yeah, yeah, sure. All right. Nancy will. Thanks for taking a few minutes, and it's really great to talk to you. Thanks >> for having me. >> Alright. She's Nancy. I'm Jeff. You're watching the Cube where it's Uma Logic illuminate 2019. Thanks for watching. We'll see next time

>> from our studios in the heart of Silicon Valley, Palo Alto, California. It is a cute conversation. >> Everyone. Welcome to this Special Cube conversation here at the Palo Alto Cube Studios. I'm John for a host of Cuba here. Moritz man is the head of the product management team at Open Systems A G. Great to see you again. Thanks for coming in. >> Hey, John. Thanks for having me. >> So last time we spoke, you had your event in Las Vegas. You guys are launching. You have a new headquarters here in Silicon Valley. Opened up this past spring. Congratulations. Thank you. >> Yeah, it's a great, great venue to start, and we set foot on the Silicon Valley ground. So to make our way to >> I know you've been super busy with the new building and rolling out, expanding heavily here in the Valley. But you guys were in the hottest area that we're covering Security Cloud security on premise, security. The combination of both has been the number one conversation pretty much in the cloud world right now. Honestly, besides a normal cloud, native cloud I t hybrid versus multi cloud out. See, that continues to be the discussion I think there's no more debate around multi cloud in hybrid public clouds. Great people gonna still keep their enterprises. But the security equation still is changing this new requirements. What's the latest that you guys are seeing with respect to security? >> Yeah. So, John, what we see is actually that cloud adoption had happens at different speeds. So you have usually the infrastructure of the service. Adoption would happens in a quite controlled way because there's a lift in shift. Do you have your old data center? You you take it and you transferred into azure I W S O G C P. But then there's also uncontrolled at option, which is in the SAS space. And I think this is where a lot off data risk occur, especially the wake off GDP are on where we see that this adoption happens. Maurin a sometimes control, but sometimes in a very uncontrolled way, >> explain that the uncontrolled and controlled expansion of of how security and multi cloud and cloud is going because this interesting control means this this plan's to do stuff uncontrolled means it's just by other forces explain uncontrolled versus controls >> eso controlled specifically means the IittIe team takes as a project plan and aches servers and workloads and moves them in a controlled fashion or in a dedicated project to the cloud. But what happened in the business world of business I t is actually did use those share content at any time with any device at any at any time and in all locations. So this is called the Mobile Enterprise on the Cloud First Enterprise. So it means that the classical security perimeter and the controls in that are my past, actually, by the path of least resistance or the shortest path >> available. And this is the classic case. People use Dropbox with some, you know, personal things. They're at home, they're at work, a p I based software. That's what you're getting at the >> and the issue of this is that that the data that has bean, like contained an pera meters where, you know, as it Caesar, where your data is. This has bean deployed too many edge devices, too many mobile devices, and it's get it gets shared, a nun controlled way. >> We'll get a couple talk tracks would like to drill down on that, because I think this is the trend. We're seeing a pea eye's dominant. The perimeter on the infrastructure has gone away. It's only getting bigger and larger. You got I, O. T and T Edge just and the networks are controlled and also owned by different people. So the packets of moving on it that's crazy so that that's the reality. First, talk track is the security challenge. What is the security challenge? How does a customer figure out what to do from an architectural standpoint when they're dealing with hybrid and multi cloud? So first of >> all, um, customers or BC enterprises try need to re think their infrastructure infrastructure centric view off the architecture's. So the architecture that had been built around data send us needs to become hybrid and multi cloud aware. So that means they need to define a new way off a perimeter, which is in cloud but also in the covering. Still the old, so to say, legacy hyper data center set up, which has the data still in the old data center and at the same time, they need to open up and become the cloud themselves, so to say, and but still draw a perimeter around their data and they users and not and their applications and not so much anymore around the physical infrastructure. >> So taking, changing their view of what a security product is, Is that really what you're getting at? >> Yeah, So the issues with the product point solution was that they fixed a certain part off off a tactile issue. So if you take a firewall in itself, firewall back then it was like a entry door to a big building, and you could could decide who comes out goes in. Now. If the the kind of the walls of the building are vanishing or arm or more FIC, you need to come over the more integrated concept. So having these stacked appliance and stacked security solutions trying to work together and chain them doesn't work anymore. So we think and we see that, >> Why is that? Why doesn't it work? Because in >> the end, it's it's it's hardly two to operate them. Each of those points solutions have their own end off life. They have their own life cycle. They have their own AP eyes. They have their own TCO, as all that needs to be covered. And then there's the human aspect where you have the knowledge pools around >> those technologies. So as an enterprise you have to content to continuously keep the very scar security experts to maintain content continues the depreciating assets running right, >> and they're also in it. We weren't built for tying into a holistic kind of platform. >> Yeah, What we see is that that enterprises now realize we have data centers and it's not accepted reality that you can abstracted with the cloud. So you have You don't own your own servers and buildings anymore. So you have a PAX model to subscribe to Cloud Service is and we think that this has to happen to security to so shift from cap ex to our pecs and the same way also for operational matters >> securities. The service is a crepe is a small I want to ask you on that front you mentioned mobile users. How do you secure the mobile uses when they use cloud collaboration? Because this is really what uses expect, and they want How do you secure it? >> So be secured by by actually monitoring the data where it actually gravitates, and this is usually in the cloud. So we enforce the data that is in transit through, ah, proxies and gators towards the cloud from the endpoint devices, but also then looking by AP eyes in the cloud themselves to look for threats, data leakage and also sandbox. Certain activities that happened. There >> are the next talk talk I want to get into is the expansion to hybrid and multi cloud so that you guys do from a product standpoint, solution for your customers. But in general, this is in the industry conversation as well. How how do you look at this from a software standpoint? Because, you know, we've heard Pat Gelsinger of'em were talking about somewhere to find Data Center S d n. Everything's now software based. You talk about the premiere goes away. You guys were kind of bring up a different approaches. A software perimeter? Yeah, what is the challenge for expanding to multi cloud and hybrid cloud? >> So So the challenge for enterprise and customers we talked to is that they have to run their old business. Gardner once called it by motile business, and it's still adopting not one cloud, but we see in our surveys. And this is also what market research confirms is that customers end up with 2 to 3 loud vendors. So there were will be one or two platforms that will be the primary to their major majority of applications and data gravity. But they will end up and become much more flexible with have running AWS, the old Davis Center. But it was the G, C, P and Azure, or Ali Baba glowed even side by side, right tow cover the different speeds at what their own and the price runs. And >> so I gotta ask you about Cloud Needed was one of the things that you're bringing up that just jumps in my head. And when I got to ask, because this is what I see is a potential challenge. It might be a current challenges when you have kubernetes growing such a rapid rate. You see the level of service is coming online much higher rate. So okay, people, mobile users, they're using the drop boxes, the boxes and using all these FBI service's. But that's just those wraps. As a hundreds and thousands of micro service is being stood up and Tauron down in there, you guys are taking, I think, an approach of putting a perimeter software premieres around these kinds of things, but they get turned on enough. How do you know what's clean? It's all done automatically, so this is becoming a challenge. So is this what you guys mean when you say software perimeter that you guys could just put security around things at any time? Is that explain this? >> Yeah, So? So if you talk about the service match so really mashing cloudy but native functions, I think it's still in the face where it's, I would say, chaos chaotic when you have specific projects that are being ramped up them down. So we draw a perimeter in that specific contact. So let's say you have You're ramping up a lot off cloud a function AWS. We can build a pyramid around this kind off containment and look especially for threats in the activity locks off. The different component is containers, but from from a design perspective, this needs to be, uh, we need to think off the future because if you look at Mike soft on AWS strategy, those containers will eventually move Also back to the edge. Eso were in preparing that to support those models also cover. Bring these functions closer back again to the edge on We call that not any longer the when, ej but it will become a cloud at at actually. So it's not an extension of the land that comes to the data. It's actually the data and the applications coming back to the user and much closer. >> Yeah. I mean, in that case, you could define the on premises environment has an edge, big edge, because this is all about moving, were close and data around. This is what the new normal is. Yeah, So okay, I gotta ask the next question, which is okay, If that's true, that means that kubernetes becomes a critical part of all this. And containers. How do you guys play with that at all? >> So we play with us by by actually looking at data coming from that at the moment. We're looking at this from a from a data transit perspective. We But we will further Maur integrate into their eighties AP eyes and actually become part off the C I C D. Process that building then actually big become a security function in approval and rolling out a cannery to certain service mesh. And we can say, Well, this is safe for this is unsafe This is, I think, the eventual goal to get there. But But for now, it's It's really about tracking the locks of each of those containers and actually having a parent her and segmentation around this service mash cloud. So to say, >> I think you guys got a good thing going on when you talk about this new concept that's of softer to find perimeter. You can almost map that to anything you get. Really think everything has its own little perimeter workload. Could be moving around still in these three secure. So I gotta ask on the next talk Trek is this leads into hybrid cloud. This is the hottest topic. Hybrid cloud to me is the same as multi cloud. Just kind of get together a little bit different. But hybrid cloud means you're operating both on premises and in the cloud. This is becoming a channel most si si SOS Chief admission Security officers. I don't want to fork their teams and have multiple people coding different stacks. They don't want the vendor lock in, and so you're seeing a lot of people pulling back on premises building their own stacks, deploying in the cloud and having a seamless operation. What is your definition of hybrid? Where do you see hybrid going? And how important is it? Have a hybrid strategy. >> So I think the key successfactors of a hybrid strategy is that standards standardization is a big topic. So we think that a service platform that to secure that like the SD when secure service platform rebuilt, needs to be standardized on operational level, but also from a baseline security and detection level. And this means that if you run and create your own work, those on Prem you need to have the same security and standard security and deployment standard for the clout and have the seamless security primary perimeter and level off security no matter where these these deployments are. And the second factor of this is actually how do you ensure a secure data transfer between those different workloads? And this is where S T win comes into play, which acts as a fabric together with when backbone, where we connect all those pieces together in a secure fashion >> where it's great to have you on the Q and sharing your insight on the industry. Let's get into your company. Open systems. You guys provide an integrated solution for Dev Ops and Secure Service and Security Platform. Take a minute to talk about the innovations that you guys were doing because you guys talk a lot about Casby. Talk a lot about integrated esti when but first define what Casby is for. The audience doesn't know what Casby is. C. A S B. It's kicked around all of the security conscious of your new to security. It's an acronym that you should pay attention to so defined casby and talk about your solution. >> Eso casby isn't theory. Aviation means cloud access security we broker. So it's actually becoming this centralized orchestrator that that allows and defines access based on a trust level. So saying, um, first of all, it's between networks saying I have a mobile workforce accessing SAS or I s applications. Can't be it in the middle to provide security and visibility about Where's my data moving? Where's married? Where do I have exposure off off GDP, our compliance or P C. I or he power risks And where is it exposed to, Which is a big deal on it's kind of the lowest level to start with, But then it goes further by. You can use the Casby to actually pull in data that that is about I s were close to toe identified data that's being addressed and stored. So are there any incidentally, a shared data artifacts that are actually critical to the business? And are they shared with extra resource is and then going one step further, where we then have a complete zero trust access model where we say we know exactly who can talkto which application at any time on give access to. But as everything this needs to be is in embedded in an evolution >> and the benefit ultimately goes to the SAS applications toe, have security built in. >> That's the first thing that you need to tackle. Nowadays, it's get your sass, cloud security or policy enforced on, but without disrupting service on business on to actually empower business and not to block and keep out the business >> can make us the classic application developer challenge, which is? They love to co they love the build applications, and what cloud did with Dev Ops was abstracted away the infrastructure so that they didn't have to do all this configuration. Sister. Right? APs You guys air enabling that for security? >> Exactly. Yeah. So coming back to this multi protein product cloud would, which is not keeping up anymore with the current reality and needs of a business. So we took the approach and compared death ops with a great service platform. So we have engineers building the platform. That's Integrated Security Service Platform, which promotes Esti Wen managed Detection response and Caspi Service is in one on the one platform which is tightly integrated. But in the in the customer focus that we provide them on or Pecs model, which is pretty, very predictable, very transparent in their security posture. Make that a scalable platform to operate and expand their business on. >> And that's great. Congratulations. I wanna go back for the final point here to round up the interview for the I T. Folks watching or, um, folks who have to implement multi cloud and hybrid cloud they're sitting there could be a cloud architect that could be an I T. Operations or 90 pro. They think multi cloud this in hybrid club. This is the environment. They have to get their arms around. How? What >> should they >> be thinking about? Around multi cloud and hybrid cloud. What is it, really? What's the reality now? What >> should they be considering for evaluation? What are some of the key things that that should be on their mind when they're dealing with hybrid cloud and all the opportunity around it? >> So I think they're they're like, four key pieces. Oneness. Um, they think they still have to start to think strategic. So what? It's a platform and a partner That helps them to plan ahead for the next 3 to 5 years in a way that they can really focus on what their business needs are. This is the scalability aspect. Secondly, it's a do. We have a network on security, our architecture that allows me to grow confidently and go down different venues to to actually adopt multi clouds without worrying about the security implication behind it. Too much, uh, and to implement it. And third is have this baseline and have this standardized security posture around wherever the data is moving, being at Mobil's being it SAS or being on Prem and in clouds workloads, the fourth pieces again, reading, thinking off where did you spend most of my time? Where do I create? Create value by by defining this framework so it really can create a benefit and value for the enterprise? Because if you do it not right your not right. You will have a way. You will end up with a an architecture that will break the business and not accelerated. >> Or it's made head of product that open systems here inside the Cube studios. Um, great job. Must love your job. You got the keys. A lot of pressure. Security being a product. Head of product for security companies. A lot of pressure before we wrap up. Just give a quick plug for the company. You guys hiring you have a new office space here in Redwood City. Looks beautiful. Give a quick shared play for the company. >> Yeah. So open systems the great company to work with. We're expanding in the U. S. On also, Amy, uh, with all the work force. So we're hiring. So go on our website. We have a lot off open positions, exciting challenges in a growth or into workspace. Andi. Yeah. As you said, security at the moment, it's one of the hottest areas to be in, especially with all the fundamental changes happening in the enterprise and architecture. I d landscape. So yeah, >> and clouds securing specifically. Not just in point. The normal stuff that people used to classify as hot as hot as Hades could be right now. But thanks for coming on. Strong insights. I'm jumping with Cuba here in Palo Alto with more Morris Man is the head of product management for open systems. Thanks for watching.

>> So welcome to the special. Keep conversation here in Palo Alto, California John, for a host of the Cube. We're here with two co founders. Adam Casella was the CTO and Glenn Sullivan's cofounder. Snap Route Hot Start up, guys. Welcome to this Cube conversation. Thank you. Thank you. So left on the founders in because you get the down and dirty, but you guys are launching. Interesting product is for Cloud Cloud Native Super sighting. But first, take a man to explain what is snap brought. What do you guys do? What's the main core goal of the company? >> Right? So your your audience and you familiar with white Box now working disaggregated networking, where you're buying your hardware and your software from different companies. There's a lot of different Network OS is out there, but there's nobody doing what we're doing for the now ergo es, which is a cloud native approach to that where it's a fully containerized, fully micro serviced network OS running on these white box, which is >> test your background. How did you guys start this company? Where'd you come from? What was the epiphany? Was the motivation? >> Sure. So our heritage is from operations running at some of the largest Edison is in the world. We came from Apple. Ah, and running the networks there. And the issues and problems that we saw doing that is what led us to found stabbed. >> And what are some of the things that apples you guys notice on a huge scale? Yep. I mean, Apple. You know, a huge market share most probable company. I think it's now the largest cat. Microsoft was there for a while, but and apples, the gold standard, get from privacy to scale. What were some of the things that you saw, that what was the authority? >> So, I mean, there was a couple of things going on there, one we were driving driving too, doing white box for more control. So we wanted to have a better sense of what we could do with the network operating system on those devices. And we found very quickly that the operating systems that were out there, whether they be from a traditional manufacturer Ah, we and the planes or from someone from a disaggregated marketplace were basically using the same architecture. And this was this old, monolithic single binary item that goes in the pleasant device, and you know that worked in, you know, back in the day when you know applications didn't move, they were static there, One particular location. But as we were seeing, and one things that we were really pushing on is being able to dynamically have move workloads from one location to another quickly to meet demand. The network was not able to keep up with that, and we believe that it really came down to the architecture that was there. Not being flexible enough and not allowing our control to be able to put in the principles would actually allow us to allow that that application time to service be faster. >> You know, one of these on personally fascinated, you know, seeing startups out there and living in this cloud error and watching those like Facebook and Apple, literally build the new kind of scale in real time. It's like you have, you know, changing the airplane engine out of thirty five thousand feet. As the expression goes, you have to be modern. I mean, there's money on the line that's so much scale, and when you see an inefficiency, you've got to move on it Yeah, this is like, what, you guys did it. Apple. What were some of the things that yet you observed was that the box is Was it the software? A CZ? You wanted to be more agile. What was the the problem that you saw? >> So it it's really in fragility, right? It's it's basically, this Network OS is as they were, our design in a way so that you don't touch him right. If you look at the code releases and how often they, you know, fixed security vulnerabilities or you know they have patches or even knew regular versions right there. The cycle isn't weekly. It's not daily like you see in some C I C. Environments, right? You might have a six month or a twelve month or an eighteen month cycle for doing this sort of a new release for for, you know, whatever issue new features or or fixes, right. And the problem that we would see is we would be we would be trying to test a version in the lab, right? We would be qualifying code and say there's a security vulnerability. You know, something like heart bleed, right? That comes out the guys on the server side, they push a new patch using, you know, answerable Scheffer puppet and, you know, two days later, everything's good, even two hours later in some environments. But we had to wait for the new release to come from one of the traditional vendors we had to put in our lab, and we get this sort of kitchen sink of every other fix. There'd be enhancements to be GP that we didn't ask for. There'd be enhancements to, you know, Spanish or that we didn't ask for. Even if they patched it, you'd still get this sort of all in one update. And by the time you're done qualifying, there might be another security vulnerability. So you got to start over. So you'd be in this constant cycle of months of qualified, you know, qualifying the image because you you'd be testing everything that's in the image. And not just that. The update. And that's really the key difference between what we're >> going to work involves shapes you eventually chasing your tail. Exactly. One thing comes in and opens up a lot of consequences, but that's what systems over >> all about this consequences, right? This is right systems are challenging. And what it does is it is it creates this culture and no from the network folks, right? Because the network folks are basically, like, not in my backyard. You want to add this new thing? No. Because they're judged by up time. They're judged by how long the network is up and how long the applications available. They're not judged by how quickly they can put a new feature out or how how quickly they can roll an update. Their They're literally judged in most organizations by up time. How many nines are they giving? So if I'm judged by up time and somebody wants to add something new, my first answer as a network person has anybody really is gonna be No, no, no, don't touch anything. It's it's fragile >> because they're jerks or anything. They just know the risk associate with what could come from the consequence exactly touching something. So, yes, it's hard right now to yes, Okay, so I gotta ask you guys a question. How come the networking industry hasn't solved this problem? >> Well, there's a There's a few different reasons I feel it is, and that's because we've had very tightly coupled, very tightly controlled systems that have been deployed his appliances without allowing operators to go ahead and add their innovations onto those items. So if you look at the way thie compute world is kind of moved along in the past fifteen, you know, fifty, thirty years, you mean, really a revolution started to athletics, right? From their particular perspective, you have Lennox. You can open up the system, you get people constructing open source items everyone knows just end. A story that makes the most is the most successful, monolithic, you know, piece of code base that's ever existed, right? It took fifteen years later for anyone in the network industry to even run the linens on a switch. I mean, that's that's pretty, you know, huge in my mind, right? That's that's that's called like Yeah, and so and even when they've got it on the particular switch to running older versions of Colonel, they're running different things. They don't you know, back Porter versions of code that don't work with the most modern applications that are out there, and they really have it in their tight, little walled garden that you can't adjust things with and >> that was their operational mode at the time. I mean, networks were still stable. They weren't that complicated. And hence the lag and many felt had been left >> behind. Theocracy. Inefficiencies that may have function when you have dozens of devices doesn't function when you have hundreds and thousands of devices. And so when you look at, like even from the way they they presented their operating system from a config standpoint, it is a flat config file that's loaded from filing booted. That's the same paradigm people of file for forty years. Why do we still think that hotel today compute has left that behind? They're going the programmatic AP diversions with you know whether it be you know, Cooper netease war with Doctor, where they have everything built into one ephemeral container that gets deployed. Why it hasn't been working in the same thing. And I really believe it's for that close ecosystem that hasn't allowed. People look to put their innovations onto their Yeah, it's >> almost as a demarcation point in time. You think about history and him and how we got here, where it's like, Okay, we got perimeters. We got firewalls and switches top Iraq stuff. So you got scale. It's bolted down, it's secure. And incomes Cloud comes I ot So there's almost a point, You know, it almost picked. The year was a two thousand eight doesn't through two thousand twelve. You started to see that philosophy. So the question I've asked for you is that what was the tipping point? So because, you know, the fire being lit under the butts of networking guys finally hit and someone saying, Well, they don't evolve to be like the mainframe guys. I was like, not really, because mainframes is just different from client server. Networks aren't going away there around. What's the tip was the tipping point. What made the network industry stand up? >> So yeah, what it is, is it's it's being able to buy infrastructure with a credit card, Right? Because as soon as I've got a problem as an application owner was a developer, I say, Hey, I've got this thing that I've got a release, right and I go to the network came and said, I've got this new thing and I get any sort of pushback. Now you look a cloud, right? Eight of us is our Google, like all the different options out there. Fine. I don't need these guys anymore. When the grab credit card slide it, boom. Now I can buy my infrastructure. That's that's really the shift. That's what's pushing folks away from using those kind of classic network infrastructure is because they could do something else, right? >> So cloud clearly driving it, think >> I would. I would say so. Yeah, absolutely. All >> right, So the path of solve these problems, you guys have an interesting solution. What's the path? What's the solution that you guys are bringing to market? Sure. >> So the way I had kind of view, the way the landscape is set up is really if you look at you know where this innovation has happened in the compute side in the last little bit Weatherby Cloud, whether it be, you know, some of the club native items would come out there. They've all come for the operators. I haven't been a vendor to sitting there and going to play. They've kind of mirth, morph himself into vendors. But they didn't originate as vendors, right to go and supply these systems. And so what I see from the solution to that is sort of enabling operators and people who are running networks to be ableto controller their own destiny to manage how their networks are deployed right. And this boils down from our perspective to a micro services containerized network operating system that is not be spoke, not proprietary, but is using the ecosystem has been built from this P people on the computes side specifically the cloud native universe in a cloud native world and applying those perimeters and shims onto network >> learned, learned from the cloud, Right? Like don't try to make something better. Look at the reasons why folks are going to the cloud Look at the AP structures looking. He's of launching instances. Look, att the infrastructure you build with a few clicks and say, What can I learn from that environment to Moto? Mimic that in my private environment? >> Yeah, and this is why we kinda looked at cu burnett. He's is a really big piece of our infrastructure and using the company as a p I as the main interface in tor device. So that you, Khun, you know multi different reasons, is expandable. You could do, you know, a bunch of different custom options to expand that a P i But it allows people who are either in. Deva loves to look at that and go. I understand how this works. I know how these shims function and started getting in the realization that networking is not that much different than what the computer world is. >> So you guys embraced integration, his deployment, CCD pipeline, all that good stuff. And Cooper netease even saw Apple at sea Ncf conference that they have a booth there. No one would talk, but certainly communities is getting part that cloud native. What's the important solution that you guys are building to solve to solve from the problems that you're going after with now the cloud needed because Dev ops ethos is trickling down, helping down the stack. Certainly we know what cloud is, so it's So what is specifically the problem that you solved >> So a couple things that air So obviously you have your, you know, application time of service. The faster you can double your application, the faster you can get up and running the factory. People using out it is, you know, you get more money, you save money, right? Um, you have security. No one wants to be in that that, you know, that box of having a security voluntarily happened on there, but they >> were non compliance, >> Yes, or non compliance with particular thing with a P i. P. I C P C high socks and all in all things that come along with that. And finally it's the operational efficiency of day two operations. We've gotten pretty good as industry as deploying Day one operations and walking away. We don't do anything. No, no, no. We can't change the network anymore. It's really that next day when you have to to things like apply those applications or have a new application, it gets moved. Containers are ephemeral. The average container last two to three days. Viens last twenty three days. Monolithic caps last for years. That air that are not in those things that are just compute bare metal piece. So when we start moving to a location or a journey of having a two to three day ephemeral app that can be removed or moved, replace different location. The network needs to be able to react to that, and it needs to be able to take that and ensure that that not only up time but availability is there for that, >> and it's not management tools that are going to fix it, right? This is this is sort of our core argument is that you look at all of the different solutions that have come out for the last seven, eight, nine years in the networking in the open networking space. This trying to solve this from management perspective with, you know, different esti n profiling different, different solutions for solving this management. Day two operations issues, right. And our core argument is that the management layers on top aren't what needs to change. That can change. If you adopt communities, you get that kind of along with it. But you need to change the way the network OS itself is built so that it's not so brittle so that it's not so fragile breaking into micro services, breaking the containers so that you can put it into a CCD pipeline. You try to take a monolithic network OS and put it in your C. C I. C D Pipeline. You're going to be pushing a rock up. Help. >> It's funny. We've had Scott McNealy on the Cube founder Sun Microsystems and we said, You know, he has from one time. Hey, you know what about the cloud he goes? I should I had network is the computer was his philosophies. I should should we call the cloud? So if the network is the computer kind of concept thie operating environment management's not aki sub system of the network. It's a component, but the operating system has subsystems. So I like this idea of a network, operates system talk about what you guys do with your work operating system and what is day to mean. What is actually that means >> sure. So when you take your services and you divide them up into containers and, you know, call the micro services, basically taking a single service, putting container and having a bunch of dependency that might be associate with that, what you end up doing is having your ability to, uh, you know, replace or update that particular container independently of the other components on the system. If an issue happens, or if you want to get a new feature functionally for that, the other thing you could do is you, Khun Slim, down what you're running. So you don't have to run these two hundred plus features, which is the average amount you see and just a top Iraq device. And you only use maybe ten to twenty percent of those. Why do I have all these extra features that I have to qualify that may introduce a bug into my particular environment. I want to run the very specific items that I know I need to give my application, uh, up and running and the ability to go ahead and pull in the cloud native environment and tools to do that allows you to get the efficiencies that they've learned from not only the cloud way, but also even doing some on Prem communities. You know, private cloud items to get those efficiencies on their forwarding, your network running your applications. >> It's learning from the hyper sailors to write like this. This is Well, I mean, we had this when we were running networks, right? You put every protocol on the board on a white board, and then you'd start crossing them off and you start arguing in a room full of people saying, Why do I need this feature? Why do I need this other feature and it's like you have to justify it. And we know this is happening up the road at, you know, places like Facebook because, like Google, right, we know that they're that they're saying, Hey, the fewer features I have running the simple or my environment is the easier it is to troubleshoot, the less that can go wrong and the less security vulnerabilities. I have these air all. It's all goodness to run less right. So if you give people the ability to actually do that, they have a substantially better network. Yeah, >> what's unique about what you guys doing? How would you describe the difference between what you're doing and what people mean she might be looking at? >> So if you look at what you know other folks, that you know that we're going to see that look at collaborative Riku Burnett ys everything they do is a bolt on until his old architecture that's been around for twenty five years. So it's like a marriage between these two items. It's how you go ahead and have this plug in that interacts with that. Forget all that you're going to get up in the same spot with another thing you're adding on to another thing you're adding on to another thing. Hearing onto it seized these abstraction layers on top of distraction layers were taking the approach where it is native to the non core operating system. You know, Cooper, Daddy's Docker, Micro Services and containers. They're native to the system. We're not anything on. We're not bolting anything on there. That's how it is. Architect designed to be run. >> And that's key, right? The thing that we were really walking away from from our operational experience, we know that the decisions being made at that, you know, CEO Seo level and even in the you know, director of infrastructure level are going to be We're looking to build an on Prem solution, Mr Customers saying I need it to be orchestrated by an open, nonproprietary platform that gets rid of all of the platforms that are currently out there by the traditional network. Oh, yeah, Bs right. If you start out saying my orchestration platform has to be shared from compute storage network and it has to be open and has to be not proprietary, that pretty much leaves communities is you're really only choice and combinations important. It's hugely important to us, right? We knew that when we broke everything into, you know, containerized Micro Services. You need something to orchestrate those. So what we've done is we said, Hey, we're going to use this Cuban eighties tool. We're going to embed it on the device itself, and we're going to run it natively so that it can be the control point for all the different containers that are running on the system. >> That's awesome, guys. Great Chef will go forward to chatting more final question. What words of wisdom you have for other folks out there, Because there are a lot of worlds colliding as we look at the convergence of a cloud architect, which, by the way, is not a well defined position >> where you >> have infrastructure, folks who have gone through machinations of roles. Network engineer this that the other thing programmable networks air out there. You seeing this thing really time data? I oh, ti's. Also, you're all coming together yet. So what, you gotta re evaluating? What's your advice to folks out there? Who who are either evaluating running POC is rethinking their architecture. >> So the first thing that you know I think this is pretty common from folks that to hear is that evolve, or you're not going to be relevant anymore. You need to actually embrace these other items you can't ignore. Cloud. You can't pretend like I have a network. These applications will never move because eventually they will and you're going to be out of a job. And so we need you to start looking at some of the items that are out there from the cloud native universe to couldn't see Cooper nineties universe and realizing that networking is not a special Silent is completely different from, you know, dev ops every items they need to be working together. And we need to get these two groups and to communicate to each other, to actually move the ball forward for getting applications out there faster for customers. >> Don't let the thing I would say to infrastructure, folks, especially those that are going to cloud strategy is don't let the Ivy and the Moss grow on your own prime solution yesterday. Right? Go into your multi cloud strategy with I'm gonna have some stuff in eight of us and have some stuff deserve. I'm not stuff some stuff and Google. I might have some stuff overseas because the data sovereignty. But I'm also gonna have things that are on prep. Look at your on from environment and make it better to reflect what you could do in the cloud. Because once you're developers get using the AP structures in the cloud. They're going to want something very similar on Prem. And if they don't have it than your own, Prem is going to rot. And and you're going to have some part of your business that has to be on Prem and you're going to give it a level of service that isn't as good as the cloud, and nobody wants to be in that situation. >> Glenn, Adam Thanks so much for sharing. Congratulations on the launch of Snap Out every year and thanks for coming and sharing conversation. >> Thanks. Great. >> I'm John for here in Palo Alto. The Cube Studios for Cube Conversation with Snapper Out. Launching. I'm shot for you. Thanks for watching