(upbeat music) >> Hey everyone, welcome to theCUBE's special program series Women of the Cloud, brought to you by AWS. I'm your host, Lisa Martin. Very pleased to welcome Angie Perez Thomas the area sales leader from AWS as my next guest. Angie, welcome to theCUBE. It's great to have you here. >> I'm super excited. Thank you so much, Lisa. >> Of course. Talk to me a little bit about you a little bit about your role in sales at AWS. >> Yeah, absolutely. So I'm a tenure Amazonian so I've been with AWS for about 10 years here. And as you mentioned, I'm the area sales leader and so my team supports new enterprise customers and executives who are just starting their journey into the cloud. >> Talk a little bit about some of your career paths. Did you have a linear path? You said tenure Amazonian, linear path maybe more Zig-zaggy. I'd love to get some of your recommendations for those who may be early in their tech careers looking to grow their careers. What are some of the experiences that you've had that you think are have shaped your career? >> Yeah, absolutely. So, you know, mine have, I've gone back and forth through different roles, both in leadership and as an IC and I'd probably say I've got three recommendations for those looking to grow their career in technology. So the first one is prioritize your time to actually think about what career experiences you want in in your fullness of your career. And so this actually may look like sitting down reserving time to actually deep think about what are those experiences you're looking to gain but also doing research on other careers of those who may inspire you and kind of collecting those ideas. My second recommendation is around documenting, writing down those career aspirations and actually putting it within and memorializing it within a document. So I've applied Amazon's working backwards methodology myself and applied that on my career and writing my own career press release. And so it's dated in 2029. It's got a headline and you know, it's a physical document of my own career aspirations. And third, I recommend sharing this documentation with others. You know, I really enjoy receiving and reading what others are wanting to do with their career aspirations and helping provide feedback and guidance. And so what we find is people genuinely want to help others. >> I agree. I love your recommendations for really being mindful, being thoughtful about what it is that you want to do doing that research, and then actually documenting it. I think it's so wonderful that you're taking Amazon's working backward approach from the press release going this is where I want to be in five years or in 10 years. And then putting that on paper. I still connect a lot with things like you that you put down on paper that you want to accomplish or something about writing it down that actually helps to you bring it to fruition. And then to your point is great about sharing it with others that can be mentors, that can be sponsors. I'm sure you've had some great mentors and sponsors along your career path that have probably helped you pretty successful. >> Yeah, absolutely. It's been really an effective tool for communicating with those who have helped me navigate as well. >> Talk a little bit about some of the successes now we'll switch gears but we'll continue on the success train. Some of the successes that you've had helping organizations really navigate, migrate to the cloud and and become successful businesses as a result. >> Yeah, no, absolutely. So across my tenure at AWS, you know I've truly enjoyed working with our customer executives and helping them deliver on their business outcomes. And so just recently I met with the COO of a real estate firm here in the Pacific Northwest and the COO has an initiative to identify and modify home titles and deeds with decades old discriminatory language and restrictions. So, although not invisible, due to the Fair Housing Act of 1968, racial covenants they're still present in millions of home titles across the United States today. And so partnering with AWS and using our cloud technology, you know, our teams together were able to build an application that was able to where homeowners are able to look up their titles you know, analyze it for discriminatory language and be able to submit it for modification. And so this, you know, today it can be done manually, but partnering with AWS, our teams were able to address modifying titles and deeds at scale. And so it's truly incredible what cloud computing has enabled just all of us to accomplish together. And so I kind of think of it like this our a catalyst for change is our customers and AWS and our partners is the how to accelerate that change. So it's really this partnership >> I love that accelerating change is so important across so many aspects of life, but the example that you gave is so, it's such an interesting use case. I wouldn't think that there is discriminatory language in deeds for houses, but the fact that it's probably a pervasive problem globally and the ability to help organizations to be able to change that for the better with cloud, with automation at scale is huge. I can imagine that's a use case that can be replicated surely across the states and more. >> Yeah, it's definitely gained interest across with different real estate forms across the United States. So we're really excited to be partnering and having impact on this change. >> And it's also an example of tech for good. I mean, we talk about that all the time but the fact that there's discriminatory language and housing deeds is still kind of blows my mind. But and we've seen so much in tech in terms of diversity and equity and inclusion but from a diversity perspective there's still a lot more to do. I'd love to get your opinion on what you think some of the the present day challenges are with respect to diversity in tech and maybe some of the things you think can be changed to for the better. >> Yeah, so you know, there's been a huge focus on, you know hiring for diverse talent in the tech industry for a number of years. And where I think we as an industry have an opportunity is to improve in investing and developing in this diverse talent and try to really think about how are we building up the skillsets to build today's and tomorrow's leaders. And so when I think about this it requires senior leaders to be really intentional about building a diverse ecosystem of talent and investing in this diverse talent. And let me clarify a little bit when I talk about investing in diverse talent, you know, this expands outside of just mentoring. This includes sponsoring, coaching, really providing opportunities where this talent has the ability to have a seat at the table. Getting into the room where it all happens. And so by doing so we're helping this talent build their skillsets to learn what questions are being asked within, the room? How are others communicating with each other? So that they can build the skillset so not only have a seat at the table but can be really leading with that seat at the table. And I would say last, we as companies we tend to or you know, we in the industry, we tend to just focus on developing those within our companies. And where I see a need is to really challenge the industry to reach outside of our own companies in diverse talent. And so developing just that ecosystem because not just thinking about the roles that are open today but really building the skillsets for the roles and and senior level positions that are going to be open tomorrow and making sure we're developing this talent to raise their hand and be the leading candidate for those opportunities. >> I love how you said kind of really a couple things that you know, with all the women in this program that I've spoken to is a common theme in terms of diversity and it's really about senior leaders making investments. And another thing that you said that's spot on is doing it with intention. There's so much to be gained by having an intention with diversity, thought diversity. To your point, going outside, it sounds to me like kind of let's go outside of our comfort zones to bring in different thoughts, different perspectives be able to grow them in their career because of course technologies and products and solutions can only get better the more diversity of thought we have. >> Yeah, no, absolutely. It's really being intentional. We as senior leaders, we have a law on our plate. And so yes this is an additional thing to be thinking about but it really has impact and change in driving the right things both for our customers and for the industry as well. And so it's an investment that's worth making. >> And speaking of that investment worth making I liked how you said, let's have some forethought about what are some of the roles that are going to be there in the future. How are some of the roles today going to be evolving? How do you see your role evolving in the next few years? How do you see cloud evolving and what excites you about that? >> Yeah, well, cloud has really been helping our customers move faster and adapt to just the ever changing landscape. I mean it's over the last couple years it's been very real for all of us to see. And so my role has moved from just being an advisor to a CIO to actually being an advisor to both the CEO and board of directors and when they come speak to us, cost or cloud is not just about cost savings, it truly is about helping a CEO deliver on their business outcomes. So I'll give an example. We're working with a growing community bank and their executive team has embarked on a transformation to becoming a digital first bank. And so when we think about the economic factors that they're working with them to come to mind. The first, their move towards online banking has it's accelerated with the pandemic really creating that customer experience of which when you think about local banks, you think about community where everybody knows your name over in the brick and mortar down the road. Well they have to bridge that community and trust into the digital world. And second, they needed to improve on operational efficiencies. And so they have to strategically think about what investments they're going to make to balance inflation while driving growth. And so where I've been finding both myself and my teams is having a seat at the table with these executives, helping them make these strategic business decisions. And we know we're successful when our customers are able to deliver on those business outcomes. They meet those objectives, they exceed those objectives. And then we know we've just exceeded customer expectation when our partnership actually shows up in their next earnings call. You know, it's really special. >> Oh, I bet it is. I mean, being able to be that influential in terms of an organization's success I love how you talked about kind of a career evolution that your career has evolved from now you're really with the board of directors having a seat at the table there. My last question for you is kind of on that front Angie is what are some of the changes in in the tech workforce that you've seen the last few years and what are some of the things that you're excited about that are down the road? >> Yeah, so a couple things where I've really seen change and evolution has been in the leadership level. We are needing to lead with empathy and really think about inclusion as a cornerstone skillset. So for our customers, our partners, our employees we've really moved into this hybrid environment. We're both leaders and team norms. We're challenged to change. We have to adapt. And so really having inclusion as that foundational skillset is a requirement for both today and tomorrow's leaders. What I'm really excited about is on the innovation front. Anyone can innovate now, you don't need to be a part of the R&D division of a company. We're seeing that cloud is providing tools all the way down to the elementary student level. So when you think about that, just think the imagination of our youth, brought to life with cloud technology. I mean, the future really is bright. >> It is. That horizon is endless. And I'm going to take some of your advice, Angie I loved that you talked about from your own perspective and your recommendations for the audience. Write that down, write your own press release in terms of what you want to see down the road. I'm going to take your advice, I'm going to do that. I thank you so much for joining me on the program. You've been so inspiring. Your career path has been impressive. What you're seeing in terms of innovation and cloud coming next is incredibly exciting. Thank you so much for your time, Angie. >> Thank you Lisa. >> For Angie Perez Thomas. I'm Lisa Martin. You're watching theCUBE's special program series Women of the Cloud, brought to you by AWS. We'll see you soon. (upbeat music)

>> Narrator: From theCUBE Studios in Palo Alto and Boston bringing you data-driven insights from theCUBE and ETR. This is breaking analysis with Dave Vellante >> Enterprise tech practitioners, like most of us they want to make their lives easier so they can focus on delivering more value to their businesses. And to do so, they want to tap best of breed services in the public cloud, but at the same time connect their on-prem intellectual property to emerging applications which drive top line revenue and bottom line profits. But creating a consistent experience across clouds and on-prem estates has been an elusive capability for most organizations, forcing trade-offs and injecting friction into the system. The need to create seamless experiences is clear and the technology industry is starting to respond with platforms, architectures, and visions of what we've called the Supercloud. Hello and welcome to this week's Wikibon Cube Insights powered by ETR. In this breaking analysis we give you a preview of Supercloud 2, the second event of its kind that we've had on the topic. Yes, folks that's right Supercloud 2 is here. As of this recording, it's just about four days away 33 guests, 21 sessions, combining live discussions and fireside chats from theCUBE's Palo Alto Studio with prerecorded conversations on the future of cloud and data. You can register for free at supercloud.world. And we are super excited about the Supercloud 2 lineup of guests whereas Supercloud 22 in August, was all about refining the definition of Supercloud testing its technical feasibility and understanding various deployment models. Supercloud 2 features practitioners, technologists and analysts discussing what customers need with real-world examples of Supercloud and will expose thinking around a new breed of cross-cloud apps, data apps, if you will that change the way machines and humans interact with each other. Now the example we'd use if you think about applications today, say a CRM system, sales reps, what are they doing? They're entering data into opportunities they're choosing products they're importing contacts, et cetera. And sure the machine can then take all that data and spit out a forecast by rep, by region, by product, et cetera. But today's applications are largely about filling in forms and or codifying processes. In the future, the Supercloud community sees a new breed of applications emerging where data resides on different clouds, in different data storages, databases, Lakehouse, et cetera. And the machine uses AI to inspect the e-commerce system the inventory data, supply chain information and other systems, and puts together a plan without any human intervention whatsoever. Think about a system that orchestrates people, places and things like an Uber for business. So at Supercloud 2, you'll hear about this vision along with some of today's challenges facing practitioners. Zhamak Dehghani, the founder of Data Mesh is a headliner. Kit Colbert also is headlining. He laid out at the first Supercloud an initial architecture for what that's going to look like. That was last August. And he's going to present his most current thinking on the topic. Veronika Durgin of Sachs will be featured and talk about data sharing across clouds and you know what she needs in the future. One of the main highlights of Supercloud 2 is a dive into Walmart's Supercloud. Other featured practitioners include Western Union Ionis Pharmaceuticals, Warner Media. We've got deep, deep technology dives with folks like Bob Muglia, David Flynn Tristan Handy of DBT Labs, Nir Zuk, the founder of Palo Alto Networks focused on security. Thomas Hazel, who's going to talk about a new type of database for Supercloud. It's several analysts including Keith Townsend Maribel Lopez, George Gilbert, Sanjeev Mohan and so many more guests, we don't have time to list them all. They're all up on supercloud.world with a full agenda, so you can check that out. Now let's take a look at some of the things that we're exploring in more detail starting with the Walmart Cloud native platform, they call it WCNP. We definitely see this as a Supercloud and we dig into it with Jack Greenfield. He's the head of architecture at Walmart. Here's a quote from Jack. "WCNP is an implementation of Kubernetes for the Walmart ecosystem. We've taken Kubernetes off the shelf as open source." By the way, they do the same thing with OpenStack. "And we have integrated it with a number of foundational services that provide other aspects of our computational environment. Kubernetes off the shelf doesn't do everything." And so what Walmart chose to do, they took a do-it-yourself approach to build a Supercloud for a variety of reasons that Jack will explain, along with Walmart's so-called triplet architecture connecting on-prem, Azure and GCP. No surprise, there's no Amazon at Walmart for obvious reasons. And what they do is they create a common experience for devs across clouds. Jack is going to talk about how Walmart is evolving its Supercloud in the future. You don't want to miss that. Now, next, let's take a look at how Veronica Durgin of SAKS thinks about data sharing across clouds. Data sharing we think is a potential killer use case for Supercloud. In fact, let's hear it in Veronica's own words. Please play the clip. >> How do we talk to each other? And more importantly, how do we data share? You know, I work with data, you know this is what I do. So if you know I want to get data from a company that's using, say Google, how do we share it in a smooth way where it doesn't have to be this crazy I don't know, SFTP file moving? So that's where I think Supercloud comes to me in my mind, is like practical applications. How do we create that mesh, that network that we can easily share data with each other? >> Now data mesh is a possible architectural approach that will enable more facile data sharing and the monetization of data products. You'll hear Zhamak Dehghani live in studio talking about what standards are missing to make this vision a reality across the Supercloud. Now one of the other things that we're really excited about is digging deeper into the right approach for Supercloud adoption. And we're going to share a preview of a debate that's going on right now in the community. Bob Muglia, former CEO of Snowflake and Microsoft Exec was kind enough to spend some time looking at the community's supercloud definition and he felt that it needed to be simplified. So in near real time he came up with the following definition that we're showing here. I'll read it. "A Supercloud is a platform that provides programmatically consistent services hosted on heterogeneous cloud providers." So not only did Bob simplify the initial definition he's stressed that the Supercloud is a platform versus an architecture implying that the platform provider eg Snowflake, VMware, Databricks, Cohesity, et cetera is responsible for determining the architecture. Now interestingly in the shared Google doc that the working group uses to collaborate on the supercloud de definition, Dr. Nelu Mihai who is actually building a Supercloud responded as follows to Bob's assertion "We need to avoid creating many Supercloud platforms with their own architectures. If we do that, then we create other proprietary clouds on top of existing ones. We need to define an architecture of how Supercloud interfaces with all other clouds. What is the information model? What is the execution model and how users will interact with Supercloud?" What does this seemingly nuanced point tell us and why does it matter? Well, history suggests that de facto standards will emerge more quickly to resolve real world practitioner problems and catch on more quickly than consensus-based architectures and standards-based architectures. But in the long run, the ladder may serve customers better. So we'll be exploring this topic in more detail in Supercloud 2, and of course we'd love to hear what you think platform, architecture, both? Now one of the real technical gurus that we'll have in studio at Supercloud two is David Flynn. He's one of the people behind the the movement that enabled enterprise flash adoption, that craze. And he did that with Fusion IO and he is now working on a system to enable read write data access to any user in any application in any data center or on any cloud anywhere. So think of this company as a Supercloud enabler. Allow me to share an excerpt from a conversation David Flore and I had with David Flynn last year. He as well gave a lot of thought to the Supercloud definition and was really helpful with an opinionated point of view. He said something to us that was, we thought relevant. "What is the operating system for a decentralized cloud? The main two functions of an operating system or an operating environment are one the process scheduler and two, the file system. The strongest argument for supercloud is made when you go down to the platform layer and talk about it as an operating environment on which you can run all forms of applications." So a couple of implications here that will be exploring with David Flynn in studio. First we're inferring from his comment that he's in the platform camp where the platform owner is responsible for the architecture and there are obviously trade-offs there and benefits but we'll have to clarify that with him. And second, he's basically saying, you kill the concept the further you move up the stack. So the weak, the further you move the stack the weaker the supercloud argument becomes because it's just becoming SaaS. Now this is something we're going to explore to better understand is thinking on this, but also whether the existing notion of SaaS is changing and whether or not a new breed of Supercloud apps will emerge. Which brings us to this really interesting fellow that George Gilbert and I RIFed with ahead of Supercloud two. Tristan Handy, he's the founder and CEO of DBT Labs and he has a highly opinionated and technical mind. Here's what he said, "One of the things that we still don't know how to API-ify is concepts that live inside of your data warehouse inside of your data lake. These are core concepts that the business should be able to create applications around very easily. In fact, that's not the case because it involves a lot of data engineering pipeline and other work to make these available. So if you really want to make it easy to create these data experiences for users you need to have an ability to describe these metrics and then to turn them into APIs to make them accessible to application developers who have literally no idea how they're calculated behind the scenes and they don't need to." A lot of implications to this statement that will explore at Supercloud two versus Jamma Dani's data mesh comes into play here with her critique of hyper specialized data pipeline experts with little or no domain knowledge. Also the need for simplified self-service infrastructure which Kit Colbert is likely going to touch upon. Veronica Durgin of SAKS and her ideal state for data shearing along with Harveer Singh of Western Union. They got to deal with 200 locations around the world in data privacy issues, data sovereignty how do you share data safely? Same with Nick Taylor of Ionis Pharmaceutical. And not to blow your mind but Thomas Hazel and Bob Muglia deposit that to make data apps a reality across the Supercloud you have to rethink everything. You can't just let in memory databases and caching architectures take care of everything in a brute force manner. Rather you have to get down to really detailed levels even things like how data is laid out on disk, ie flash and think about rewriting applications for the Supercloud and the MLAI era. All of this and more at Supercloud two which wouldn't be complete without some data. So we pinged our friends from ETR Eric Bradley and Darren Bramberm to see if they had any data on Supercloud that we could tap. And so we're going to be analyzing a number of the players as well at Supercloud two. Now, many of you are familiar with this graphic here we show some of the players involved in delivering or enabling Supercloud-like capabilities. On the Y axis is spending momentum and on the horizontal accesses market presence or pervasiveness in the data. So netscore versus what they call overlap or end in the data. And the table insert shows how the dots are plotted now not to steal ETR's thunder but the first point is you really can't have supercloud without the hyperscale cloud platforms which is shown on this graphic. But the exciting aspect of Supercloud is the opportunity to build value on top of that hyperscale infrastructure. Snowflake here continues to show strong spending velocity as those Databricks, Hashi, Rubrik. VMware Tanzu, which we all put under the magnifying glass after the Broadcom announcements, is also showing momentum. Unfortunately due to a scheduling conflict we weren't able to get Red Hat on the program but they're clearly a player here. And we've put Cohesity and Veeam on the chart as well because backup is a likely use case across clouds and on-premises. And now one other call out that we drill down on at Supercloud two is CloudFlare, which actually uses the term supercloud maybe in a different way. They look at Supercloud really as you know, serverless on steroids. And so the data brains at ETR will have more to say on this topic at Supercloud two along with many others. Okay, so why should you attend Supercloud two? What's in it for me kind of thing? So first of all, if you're a practitioner and you want to understand what the possibilities are for doing cross-cloud services for monetizing data how your peers are doing data sharing, how some of your peers are actually building out a Supercloud you're going to get real world input from practitioners. If you're a technologist, you're trying to figure out various ways to solve problems around data, data sharing, cross-cloud service deployment there's going to be a number of deep technology experts that are going to share how they're doing it. We're also going to drill down with Walmart into a practical example of Supercloud with some other examples of how practitioners are dealing with cross-cloud complexity. Some of them, by the way, are kind of thrown up their hands and saying, Hey, we're going mono cloud. And we'll talk about the potential implications and dangers and risks of doing that. And also some of the benefits. You know, there's a question, right? Is Supercloud the same wine new bottle or is it truly something different that can drive substantive business value? So look, go to Supercloud.world it's January 17th at 9:00 AM Pacific. You can register for free and participate directly in the program. Okay, that's a wrap. I want to give a shout out to the Supercloud supporters. VMware has been a great partner as our anchor sponsor Chaos Search Proximo, and Alura as well. For contributing to the effort I want to thank Alex Myerson who's on production and manages the podcast. Ken Schiffman is his supporting cast as well. Kristen Martin and Cheryl Knight to help get the word out on social media and at our newsletters. And Rob Ho is our editor-in-chief over at Silicon Angle. Thank you all. Remember, these episodes are all available as podcast. Wherever you listen we really appreciate the support that you've given. We just saw some stats from from Buzz Sprout, we hit the top 25% we're almost at 400,000 downloads last year. So really appreciate your participation. All you got to do is search Breaking Analysis podcast and you'll find those I publish each week on wikibon.com and siliconangle.com. Or if you want to get ahold of me you can email me directly at David.Vellante@siliconangle.com or dm me DVellante or comment on our LinkedIn post. I want you to check out etr.ai. They've got the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights, powered by ETR. Thanks for watching. We'll see you next week at Supercloud two or next time on breaking analysis. (light music)

(upbeat music) >> Welcome back to Supercloud two where we're gathering a number of industry luminaries to discuss the future of cloud services. And we'll be focusing on various real world practitioners today, their challenges, their opportunities with an emphasis on data, self-service infrastructure and how organizations are evolving their data and cloud strategies to prepare for that next era of digital innovation. And we really believe that support for multiple cloud estates is a first step of any Supercloud. And in that regard Oracle surprise some folks with its Azure collaboration the Oracle database and exit database services. And to discuss the challenges of developing a mission critical Supercloud we welcome Juan Loaiza, who's the executive vice president of Mission Critical Database Technologies at Oracle. Juan, you're many time CUBE alums so welcome back to the show. Great to see you. >> Great to see you, and happy to be here with you. >> Yeah, thank you. So a lot of people felt that Oracle was resistant to multicloud strategies and preferred to really have everything run just on the Oracle cloud infrastructure, OCI and maybe that was a misperception maybe you guys were misunderstood or maybe you had to change your heart. Take us through the decision to support multiple cloud platforms >> Now we've supported multiple cloud platforms for many years, so I think that was probably a misperception. Oracle database, we partnered up with Amazon very early on in their cloud when they had kind of the the first cloud out there. And we had Oracle database running on their cloud. We have backup, we have a lot of stuff running. So, yeah, part of the philosophy of Oracle has always been we partner with every platform. We're very open we started with SQL and APIs. As we develop new technologies we push them into the SQL standard. So that's always been part of the ecosystem at Oracle. That's how we think we get an advantage by being more open. I think if we try to create this isolated little world it actually hurts us and hurts customers. So for us it's a win-win to be open across the clouds. >> So Supercloud is this concept that we put forth to describe a platform or some people think it's an architecture if you have an opinion, and I'd love to hear it but it provides a programmatically consistent set of services that hosted on heterogeneous cloud providers. And so we look at the Oracle database service for Azure as fitting within this definition. In your view, is this accurate? >> Yeah, I would broaden it. I'd see a little bit more than that. We just think that services should be available from everywhere, right? So, I mean, it's a little bit like if you go back to the pre-internet world, there was things like AOL and CompuServe and those were kind of islands. And if you were on AOL, you really didn't have access to anything on CompuServe and vice versa. And the cloud world has evolved a little bit like that. And we just think that's the wrong model. They shouldn't these clouds are part of the world and they need to be interconnected like all the rest of the world. It's been a long time with telephones internet, everything, everything's interconnected. Everything should work seamlessly together. So that's how we believe if you're running in one cloud and you're running let's say an application, one cloud you want to use a service from another cloud should be completely simple to do that. It shouldn't be, I can only use what's in AOL or CompuServe or whatever else. It should not be isolated. >> Well, we got a long way to go before that Nirvana exists but one example is the Oracle database service with Azure. So what exactly does that service provide? I'm interested in how consistent the service experience is across clouds. Did you create a purpose-built PaaS layer to achieve this common experience? Or is it off the shelf Terraform? Is there unique value in the PaaS layer? Let's dig into some of those questions. I know I just threw six at you. >> Yeah, I mean, so what this is, is what we're trying to do is very simple. Which is, for example, starting with the Oracle database we want to make that seamless to use from anywhere you're running. Whether it's on-prem, on some other cloud, anywhere else you should be able to seamlessly use the Oracle database and it should look like the internet. There's no friction. There's not a lot of hoops you got to jump just because you're trying to use a database that isn't local to you. So it's pretty straightforward. And in terms of things like Azure, it's not easy to do because all these clouds have a lot of kind of very unique technologies. So what we've done is at Oracle is we've said, "Okay we're going to make Oracle database look exactly like if it was running on Azure." That means we'll use the Azure security systems, the identity management systems, the networking, there's things like monitoring and management. So we'll push all these technologies. For example, when we have monitoring event or we have alerts we'll push those into the Azure console. So as a user, it looks to you exactly as if that Oracle database was running inside Azure. Also, the networking is a big challenge across these clouds. So we've basically made that whole thing seamless. So we create the super high bandwidth network between Azure and Oracle. We make sure that's extremely low latency, under two milliseconds round trip. It's all within the local metro region. So it's very fast, very high bandwidth, very low latency. And we take care establishing the links and making sure that it's secure and all that kind of stuff. So at a high level, it looks to you like the database is--even the look and feel of the screens. It's the Azure colors, it's the Azure buttons it's the Azure layout of the screens so it looks like you're running there and we take care of all the technical details underlying that which there's a lot which has taken a lot of work to make it work seamlessly. >> In the magic of that abstraction. Juan, does it happen at the PaaS layer? Could you take us inside that a little bit? Is there intelligence in there that helps you deal with latency or are there any kind of purpose-built functions for this service? >> You could think of it as... I mean it happens at a lot of different layers. It happens at the identity management layer, it happens at the networking layer, it happens at the database layer, it happens at the monitoring layer, at the management layer. So all those things have been integrated. So it's not one thing that you just go and do. You have to integrate all these different services together. You can access files in Azure from the Oracle database. Again, that's completely seamless. You, it's just like if it was local to our cloud you get your Azure files in your kind of S3 equivalent. So yeah, the, it's not one thing. There's a whole lot of pieces to the ecosystem. And what we've done is we've worked on each piece separately to make sure that it's completely seamless and transparent so you don't have to think about it, it just works. >> So you kind of answered my next question which is one of the technical hurdles. It sounds like the technical hurdles are that integration across the entire stack. That's the sort of architecture that you've built. What was the catalyst for this service? >> Yeah, the catalyst is just fulfilling our vision of an open cloud world. It's really like I said, Oracle, from the very beginning has been believed in open standards. Customers should be able to have choice customers should be able to use whatever they want from wherever they want. And we saw that, you know in the new world of cloud that had broken down everybody had their own authentication system management system, monitoring system networking system, configuration system. And it became very difficult. There was a lot of friction to using services across cloud. So we said, "Well, okay we can fix that." It's work, it's significant amount of work but we know how to do it and let's just go do it and make it easy for customers. >> So given Oracle is really your main focus is on mission critical workloads. You talked about this low latency network, I mean but you still have physical distances, so how are you managing that latency? What's the experience been for customers across Azure and OCI? >> Yeah, so it, it's a good point. I mean, latency can be an issue. So the good thing about clouds is we have a lot of cloud data centers. We have dozens and dozens of cloud data centers around the world. And Azure has dozens and dozens of cloud data centers. And in most cases, they're in the same metro region because there's kind of natural metro regions within each country that you want to put your cloud data centers in. So most of our data centers are actually very close to the Azure data centers. There's the kind of northern Virginia, there's London, there's Tokyo I mean, there's natural places where everybody puts their data centers Seoul et cetera. And so that's the real key. So that allows us to put a very high bandwidth and low latency network. The real problems with latency come when you're trying to go along physical distance. If you're trying to connect, you know across the Pacific or you know across the country or something like that, then you can get in trouble with latency within the same metro region. It's extremely fast. It tends to be around one, you know the highest two millisecond that's roundtrip through all the routers and connections and gateways and everything else. With everything taken into consideration, what we guarantee is it's always less than two millisecond which is a very low latency time. So that tends to not be a problem because it's extremely low latency. >> I was going to ask you less than two milliseconds. So, earlier in the program we had Jack Greenfield who runs architecture for Walmart, and he was explaining what we call their Supercloud, and it's runs across Azure, GCP, and they're on-prem. They have this thing called the triplet model. So my question to you is, are you in situations where you guaranteeing that less than two milliseconds do you have situations where you're bringing, you know Exadata Cloud, a customer on-prem to achieve that? Or is this just across clouds? >> Yeah, in this case, we're talking public cloud data center to public cloud data center. >> Oh okay. >> So add your public cloud data center to Oracle Public Cloud data center. They're in the same metro region. We set up the connections, we do all the technology to make it seamless. And from a customer point of view they don't really see the network. Also, remember that SQL is actually designed to have very low bandwidth and latency requirements. So it is a language. So you don't go to the database and say do this one little thing for me. You send it a SQL statement that can actually access lots of data while in the database. So the real latency requirement of a SQL database is within the database. So I need to access all that data fast. So I need very fast access to storage very fast access across node. That's what exit data gives you. But you send one request and that request can do a huge amount of work and then return one answer. And that's kind of the design point of SQL. So SQL is inherently low bandwidth requirements, it was used back in the eighties when we used to have 10 megabit networks and the the biggest companies in the world ran back then. So right now we're talking over hundred hundreds of gigabits. So it's really not much of a challenge. When you're designed to run on 10 megabit to say, okay I'm going to give you 10,000 times what you were designed for it's really, it's a pretty low hurdle jump. >> What about the deployment models? How do you handle this? Is it a single global instance across clouds or do you sort of instantiate in each you got exudate in Azure and exudates in OCI? What's the deployment model look like? >> It's pretty straightforward. So customer decides where they want to run their application and database. So there's natural places where people go. If you're in Tokyo, you're going to choose the local Tokyo data centers for both, you know Microsoft and Oracle. If you're in London, you're going to do that. If you're in California you're going to choose maybe San Jose, something like that. So a customer just chooses. We both have data centers in that metro region. So they create their service on Azure and then they go to our console which looks just like an Azure console and say all right create me a database. And then we choose the closest Oracle data center which is generally a few miles away, and then it it all gets created. So from a customer point of view, it's very straightforward. >> I'm always in awe about how simple you make things sound. All right what about security? You talked a little bit before about identity access how you sort of abstracting the Azure capabilities away so that you've simplified it for your customers but are there any other specific security things that you need to do? How much did you have to abstract the underlying primitives of Azure or OCI to present that common experience to customers? >> Yeah, so there's really two big things. One is the identity management. Like my name is X on Azure and I have this set of privileges. Oracle has its own identity management system, right? So what we didn't want is that you have to kind of like bridge these things yourself. It's a giant pain to do that. So we actually what we call federate across these identity managements. So you put your credentials into Azure and then they automatically get to use the exact same credentials and identity in the Oracle cloud. So again, you don't have to think about it, it just works. And then the second part is that the whole bridging the network. So within a cloud you generally have virtual network that's private to your company. And so at Oracle, we bridge the private network that you created in, for example, Azure to the private network that we create for you in Oracle. So it is still a private network without you having to do a whole bunch of work. So it's just like if you were in your own data center other people can't get into your network. So it's secured at the network level, it's secured at the identity management, and encryption level. And again we did a lot of work to make that seamless for customers and they don't have to worry about it because we did the work. That's really as simple as it gets. >> That's what's Supercloud's supposed to be all about. Alright, we were talking earlier about sort of the misperception around multicloud, your view of Open I think, which is you run the Oracle database, wherever the customer wants to run it. So you got this database service across OCI and Azure customers today, they run Oracle database in AWS. You got heat wave, MySQL, heat wave that you announced on AWS, Google touts a bare metal offering where you can run Oracle on GCP. Do you see a day when you extend an OCI Azure like situation across multiple clouds? Would that bring benefits to customers or will the world of database generally remain largely fenced with maybe a few exceptions like what you're doing with OCI and Azure? I'm particularly interested in your thoughts on egress fees as maybe one of the reasons that there is a barrier to this happening and why maybe these stove pipes, exist today and in the future. What are your thoughts on that? >> Yeah, we're very open to working with everyone else out there. Like I said, we've always been, big believers in customers should have choice and you should be able to run wherever you want. So that's been kind of a founding principle of Oracle. We have the Azure, we did a partnership with them, we're open to doing other partnerships and you're going to see other things coming down the pipe on the topic of egress. Yeah, the large egress fees, it's pretty obvious what goes on with that. Various vendors like to have large egress fees because they want to keep things kind of locked into their cloud. So it's not a very customer friendly thing to do. And I think everybody recognizes that it's really trying to kind of course or put a lot of friction on moving data out of a particular cloud. And that's not what we do. We have very, very low egress fees. So we don't really do that and we don't think anybody else should do that. But I think customers at the end of the day, will win that battle. They're going to have to go back to their vendor and say, well I have choice in clouds and if you're going to impose these limits on me, maybe I'll make a different choice. So that's ultimately how these things get resolved. >> So do you think other cloud providers are going to take a page out of what you're doing with Azure and provide similar solutions? >> Yeah, well I think customers want, I mean, I've talked to a lot of customers, this is what they want, right? I mean, there's really no doubt no customer wants to be locked into a single ecosystem. There's nobody out there that wants that. And as the competition, when they start seeing an open ecosystem evolving they're going to be like, okay, I'd rather go there than the closed ecosystem, and that's going to put pressure on the closed ecosystems. So that's the nature of competition. That's what ultimately will tip the balance on these things. >> So Juan, even though you have this capability of distributing a workload across multiple clouds as in our Supercloud premise it's still something that's relatively new. It's a big decision that maybe many people might consider somewhat of a risk. So I'm curious who's driving the decisions for your initial customers? What do they want to get out of it? What's the decision point there? >> Yeah, I mean, this is generally driven by customers that want a specific technology in a cloud. I think the risk, I haven't seen a lot of people worry too much about the risk. Everybody involved in this is a very well known, very reputable firm. I mean, Oracle's been around for 40 years. We run most of the world's largest companies. I think customers understand we're not going to build a solution that's going to put their technology and their business at risk. And the same thing with Azure and others. So I don't see customers too worried about this is a risky move because it's really not. And you know, everybody understands networking at the end the day networking works. I mean, how does the internet work? It's a known quantity. It's not like it's some brand new invention. What we're really doing is breaking down the barriers to interconnecting things. Automating 'em, making 'em easy. So there's not a whole lot of risk here for customers. And like I said, every single customer in the world loves an open ecosystem. It's just not a question. If you go to a customer would you rather put your technology or your business to run on a closed ecosystem or an open system? It's kind of not even worth asking a question. It's a no-brainer. >> All right, so we got to go. My last question. What do you think of the term "Supercloud"? You think it'll stick? >> We'll see. There's a lot of terms out there and it's always fun to see which terms stick. It's a cool term. I like it, but the decision makers are actually the public, what sticks and what doesn't. It's very hard to predict. >> Yeah well, it's been a lot of fun having you on, Juan. Really appreciate your time and always good to see you. >> All right, Dave, thanks a lot. It's always fun to talk to you. >> You bet. All right, keep it right there. More Supercloud two content from theCUBE Community Dave Vellante for John Furrier. We'll be right back. (upbeat music)

(upbeat music) >> Welcome back to Supercloud 2, which is an open industry collaboration between technologists, consultants, analysts, and of course, practitioners, to help shape the future of cloud. And at this event, one of the key areas we're exploring is the intersection of cloud and data, and how building value on top of hyperscale clouds and across clouds is evolving, a concept we call supercloud. And we're pleased to welcome Harvir Singh, who's the chief data architect and global head of data at Western Union. Harvir, it's good to see you again. Thanks for coming on the program. >> Thanks, David, it's always a pleasure to talk to you. >> So many things stand out from when we first met, and one of the most gripping for me was when you said to me, "When data moves, money moves." And that's the world we live in today, and really have for a long time. Money has moved as bits, and when it has to move, we want it to move quickly, securely, and in a governed manner. And the pressure to do so is only growing. So tell us how that trend is evolved over the past decade in the context of your industry generally, and Western Union, specifically. Look, I always say to people that we are probably the first ones to introduce digital currency around the world because, hey, somebody around the world needs money, we move data to make that happen. That trend has actually accelerated quite a bit. If you look at the last 10 years, and you look at all these payment companies, digital companies, credit card companies that have evolved, majority of them are working on the same principle. When data moves, money moves. When data is stale, the money goes away, right? I think that trend is continuing, and it's not just the trend is in this space, it's also continuing in other spaces, specifically around, you know, acquisition of customers, communication with customers. It's all becoming digital, and it's, at the end of the day, it's all data being moved from one place or another. At the end of the day, you're not seeing the customer, but you're looking at, you know, the data that he's consuming, and you're making actionable items on it, and be able to respond to what they need. So I think 10 years, it's really, really evolved. >> Hmm, you operate, Western Union operates in more than 200 countries, and you you have what I would call a pseudo federated organization. You're trying to standardize wherever possible on the infrastructure, and you're curating the tooling and doing the heavy lifting in the data stack, which of course lessens the burden on the developers and the line of business consumers, so my question is, in operating in 200 countries, how do you deal with all the diversity of laws and regulations across those regions? I know you're heavily involved in AWS, but AWS isn't everywhere, you still have some on-prem infrastructure. Can you paint a picture of, you know, what that looks like? >> Yeah, a few years ago , we were primarily mostly on-prem, and one of the biggest pain points has been managing that infrastructure around the world in those countries. Yes, we operate in 200 countries, but we don't have infrastructure in 200 countries, but we do have agent locations in 200 countries. United Nations says we only have like 183 are countries, but there are countries which, you know, declare themselves countries, and we are there as well because somebody wants to send money there, right? Somebody has an agent location down there as well. So that infrastructure is obviously very hard to manage and maintain. We have to comply by numerous laws, you know. And the last few years, specifically with GDPR, CCPA, data localization laws in different countries, it's been a challenge, right? And one of the things that we did a few years ago, we decided that we want to be in the business of helping our customers move money faster, security, and with complete trust in us. We don't want to be able to, we don't want to be in the business of managing infrastructure. And that's one of the reasons we started to, you know, migrate and move our journey to the cloud. AWS, obviously chosen first because of its, you know, first in the game, has more locations, and more data centers around the world where we operate. But we still have, you know, existing infrastructure, which is in some countries, which is still localized because AWS hasn't reached there, or we don't have a comparable provider there. We still manage those. And we have to comply by those laws. Our data privacy and our data localization tech stack is pretty good, I would say. We manage our data very well, we manage our customer data very well, but it comes with a lot of complexity. You know, we get a lot of requests from European Union, we get a lot of requests from Asia Pacific every pretty much on a weekly basis to explain, you know, how we are taking controls and putting measures in place to make sure that the data is secured and is in the right place. So it's a complex environment. We do have exposure to other clouds as well, like Google and Azure. And as much as we would love to be completely, you know, very, very hybrid kind of an organization, it's still at a stage where we are still very heavily focused on AWS yet, but at some point, you know, we would love to see a world which is not reliant on a single provider, but it's more a little bit more democratized, you know, as and when what I want to use, I should be able to use, and pay-per-use. And the concept started like that, but it's obviously it's now, again, there are like three big players in the market, and, you know, they're doing their own thing. Would love to see them come collaborate at some point. >> Yeah, wouldn't we all. I want to double-click on the whole multi-cloud strategy, but if I understand it correctly, and in a perfect world, everything on-premises would be in the cloud is, first of all, is that a correct statement? Is that nirvana for you or not necessarily? >> I would say it is nirvana for us, but I would also put a caveat, is it's very tricky because from a regulatory perspective, we are a regulated entity in many countries. The regulators would want to see some control if something happens with a relationship with AWS in one country, or with Google in another country, and it keeps happening, right? For example, Russia was a good example where we had to switch things off. We should be able to do that. But if let's say somewhere in Asia, this country decides that they don't want to partner with AWS, and majority of our stuff is on AWS, where do I go from there? So we have to have some level of confidence in our own infrastructure, so we do maintain some to be able to fail back into and move things it needs to be. So it's a tricky question. Yes, it's nirvana state that I don't have to manage infrastructure, but I think it's far less practical than it said. We will still own something that we call it our own where we have complete control, being a financial entity. >> And so do you try to, I'm sure you do, standardize between all the different on-premise, and in this case, the AWS cloud or maybe even other clouds. How do you do that? Do you work with, you know, different vendors at the various places of the stack to try to do that? Some of the vendors, you know, like a Snowflake is only in the cloud. You know, others, you know, whether it's whatever, analytics, or storage, or database, might be hybrid. What's your strategy with regard to creating as common an experience as possible between your on-prem and your clouds? >> You asked a question which I asked when I joined as well, right? Which question, this is one of the most important questions is how soon when I fail back, if I need to fail back? And how quickly can I, because not everything that is sitting on the cloud is comparable to on-prem or is backward compatible. And the reason I say backward compatible is, you know, there are, our on-prem cloud is obviously behind. We haven't taken enough time to kind of put it to a state where, because we started to migrate and now we have access to infrastructure on the cloud, most of the new things are being built there. But for critical application, I would say we have chronology that could be used to move back if need to be. So, you know, technologies like Couchbase, technologies like PostgreSQL, technologies like Db2, et cetera. We still have and maintain a fairly large portion of it on-prem where critical applications could potentially be serviced. We'll give you one example. We use Neo4j very heavily for our AML use cases. And that's an important one because if Neo4j on the cloud goes down, and it's happened in the past, again, even with three clusters, having all three clusters going down with a DR, we still need some accessibility of that because that's one of the biggest, you know, fraud and risk application it supports. So we do still maintain some comparable technology. Snowflake is an odd one. It's obviously there is none on-prem. But then, you know, Snowflake, I also feel it's more analytical based technology, not a transactional-based technology, at least in our ecosystem. So for me to replicate that, yes, it'll probably take time, but I can live with that. But my business will not stop because our transactional applications can potentially move over if need to. >> Yeah, and of course, you know, all these big market cap companies, so the Snowflake or Databricks, which is not public yet, but they've got big aspirations. And so, you know, we've seen things like Snowflake do a deal with Dell for on-prem object store. I think they do the same thing with Pure. And so over time, you see, Mongo, you know, extending its estate. And so over time all these things are coming together. I want to step out of this conversation for a second. I just ask you, given the current macroeconomic climate, what are the priorities? You know, obviously, people are, CIOs are tapping the breaks on spending, we've reported on that, but what is it? Is it security? Is it analytics? Is it modernization of the on-prem stack, which you were saying a little bit behind. Where are the priorities today given the economic headwinds? >> So the most important priority right now is growing the business, I would say. It's a different, I know this is more, this is not a very techy or a tech answer that, you know, you would expect, but it's growing the business. We want to acquire more customers and be able to service them as best needed. So the majority of our investment is going in the space where tech can support that initiative. During our earnings call, we released the new pillars of our organization where we will focus on, you know, omnichannel digital experience, and then one experience for customer, whether it's retail, whether it's digital. We want to open up our own experience stores, et cetera. So we are investing in technology where it's going to support those pillars. But the spend is in a way that we are obviously taking away from the things that do not support those. So it's, I would say it's flat for us. We are not like in heavily investing or aggressively increasing our tech budget, but it's more like, hey, switch this off because it doesn't make us money, but now switch this on because this is going to support what we can do with money, right? So that's kind of where we are heading towards. So it's not not driven by technology, but it's driven by business and how it supports our customers and our ability to compete in the market. >> You know, I think Harvir, that's consistent with what we heard in some other work that we've done, our ETR partner who does these types of surveys. We're hearing the same thing, is that, you know, we might not be spending on modernizing our on-prem stack. Yeah, we want to get to the cloud at some point and modernize that. But if it supports revenue, you know, we'll invest in that, and get the, you know, instant ROI. I want to ask you about, you know, this concept of supercloud, this abstracted layer of value on top of hyperscale infrastructure, and maybe on-prem. But we were talking about the integration, for instance, between Snowflake and Salesforce, where you got different data sources and you were explaining that you had great interest in being able to, you know, have a kind of, I'll say seamless, sorry, I know it's an overused word, but integration between the data sources and those two different platforms. Can you explain that and why that's attractive to you? >> Yeah, I'm a big supporter of action where the data is, right? Because the minute you start to move, things are already lost in translation. The time is lost, you can't get to it fast enough. So if, for example, for us, Snowflake, Salesforce, is our actionable platform where we action, we send marketing campaigns, we send customer communication via SMS, in app, as well as via email. Now, we would like to be able to interact with our customers pretty much on a, I would say near real time, but the concept of real time doesn't work well with me because I always feel that if you're observing something, it's not real time, it's already happened. But how soon can I react? That's the question. And given that I have to move that data all the way from our, let's say, engagement platforms like Adobe, and particles of the world into Snowflake first, and then do my modeling in some way, and be able to then put it back into Salesforce, it takes time. Yes, you know, I can do it in a few hours, but that few hours makes a lot of difference. Somebody sitting on my website, you know, couldn't find something, walked away, how soon do you think he will lose interest? Three hours, four hours, he'll probably gone, he will never come back. I think if I can react to that as fast as possible without too much data movement, I think that's a lot of good benefit that this kind of integration will bring. Yes, I can potentially take data directly into Salesforce, but I then now have two copies of data, which is, again, something that I'm not a big (indistinct) of. Let's keep the source of the data simple, clean, and a single source. I think this kind of integration will help a lot if the actions can be brought very close to where the data resides. >> Thank you for that. And so, you know, it's funny, we sometimes try to define real time as before you lose the customer, so that's kind of real time. But I want to come back to this idea of governed data sharing. You mentioned some other clouds, a little bit of Azure, a little bit of Google. In a world where, let's say you go more aggressively, and we know that for instance, if you want to use Google's AI tools, you got to use BigQuery. You know, today, anyway, they're not sort of so friendly with Snowflake, maybe different for the AWS, maybe Microsoft's going to be different as well. But in an ideal world, what I'm hearing is you want to keep the data in place. You don't want to move the data. Moving data is expensive, making copies is badness. It's expensive, and it's also, you know, changes the state, right? So you got governance issues. So this idea of supercloud is that you can leave the data in place and actually have a common experience across clouds. Let's just say, let's assume for a minute Google kind of wakes up, my words, not yours, and says, "Hey, maybe, you know what, partnering with a Snowflake or a Databricks is better for our business. It's better for the customers," how would that affect your business and the value that you can bring to your customers? >> Again, I would say that would be the nirvana state that, you know, we want to get to. Because I would say not everyone's perfect. They have great engineers and great products that they're developing, but that's where they compete as well, right? I would like to use the best of breed as much as possible. And I've been a person who has done this in the past as well. I've used, you know, tools to integrate. And the reason why this integration has worked is primarily because sometimes you do pick the best thing for that job. And Google's AI products are definitely doing really well, but, you know, that accessibility, if it's a problem, then I really can't depend on them, right? I would love to move some of that down there, but they have to make it possible for us. Azure is doing really, really good at investing, so I think they're a little bit more and more closer to getting to that state, and I know seeking our attention than Google at this point of time. But I think there will be a revelation moment because more and more people that I talk to like myself, they're also talking about the same thing. I'd like to be able to use Google's AdSense, I would like to be able to use Google's advertising platform, but you know what? I already have all this data, why do I need to move it? Can't they just go and access it? That question will keep haunting them (indistinct). >> You know, I think, obviously, Microsoft has always known, you know, understood ecosystems. I mean, AWS is nailing it, when you go to re:Invent, it's all about the ecosystem. And they think they realized they can make a lot more money, you know, together, than trying to have, and Google's got to figure that out. I think Google thinks, "All right, hey, we got to have the best tech." And that tech, they do have the great tech, and that's our competitive advantage. They got to wake up to the ecosystem and what's happening in the field and the go-to-market. I want to ask you about how you see data and cloud evolving in the future. You mentioned that things that are driving revenue are the priorities, and maybe you're already doing this today, but my question is, do you see a day when companies like yours are increasingly offering data and software services? You've been around for a long time as a company, you've got, you know, first party data, you've got proprietary knowledge, and maybe tooling that you've developed, and you're becoming more, you're already a technology company. Do you see someday pointing that at customers, or again, maybe you're doing it already, or is that not practical in your view? >> So data monetization has always been on the charts. The reason why it hasn't seen the light is regulatory pressure at this point of time. We are partnering up with certain agencies, again, you know, some pilots are happening to see the value of that and be able to offer that. But I think, you know, eventually, we'll get to a state where our, because we are trying to build accessible financial services, we will be in a state that we will be offering those to partners, which could then extended to their customers as well. So we are definitely exploring that. We are definitely exploring how to enrich our data with other data, and be able to complete a super set of data that can be used. Because frankly speaking, the data that we have is very interesting. We have trends of people migrating, we have trends of people migrating within the US, right? So if a new, let's say there's a new, like, I'll give you an example. Let's say New York City, I can tell you, at any given point of time, with my data, what is, you know, a dominant population in that area from migrant perspective. And if I see a change in that data, I can tell you where that is moving towards. I think it's going to be very interesting. We're a little bit, obviously, sometimes, you know, you're scared of sharing too much detail because there's too much data. So, but at the end of the day, I think at some point, we'll get to a state where we are confident that the data can be used for good. One simple example is, you know, pharmacies. They would love to get, you know, we've been talking to CVS and we are talking to Walgreens, and trying to figure out, if they would get access to this kind of data demographic information, what could they do be better? Because, you know, from a gene pool perspective, there are diseases and stuff that are very prevalent in one community versus the other. We could probably equip them with this information to be able to better, you know, let's say, staff their pharmacies or keep better inventory of products that could be used for the population in that area. Similarly, the likes of Walmarts and Krogers, they would like to have more, let's say, ethnic products in their aisles, right? How do you enable that? That data is primarily, I think we are the biggest source of that data. So we do take pride in it, but you know, with caution, we are obviously exploring that as well. >> My last question for you, Harvir, is I'm going to ask you to do a thought exercise. So in that vein, that whole monetization piece, imagine that now, Harvir, you are running a P&L that is going to monetize that data. And my question to you is a there's a business vector and a technology vector. So from a business standpoint, the more distribution channels you have, the better. So running on AWS cloud, partnering with Microsoft, partnering with Google, going to market with them, going to give you more revenue. Okay, so there's a motivation for multi-cloud or supercloud. That's indisputable. But from a technical standpoint, is there an advantage to running on multiple clouds or is that a disadvantage for you? >> It's, I would say it's a disadvantage because if my data is distributed, I have to combine it at some place. So the very first step that we had taken was obviously we brought in Snowflake. The reason, we wanted our analytical data and we want our historical data in the same place. So we are already there and ready to share. And we are actually participating in the data share, but in a private setting at the moment. So we are technically enabled to share, unless there is a significant, I would say, upside to moving that data to another cloud. I don't see any reason because I can enable anyone to come and get it from Snowflake. It's already enabled for us. >> Yeah, or if somehow, magically, several years down the road, some standard developed so you don't have to move the data. Maybe there's a new, Mogli is talking about a new data architecture, and, you know, that's probably years away, but, Harvir, you're an awesome guest. I love having you on, and really appreciate you participating in the program. >> I appreciate it. Thank you, and good luck (indistinct) >> Ah, thank you very much. This is Dave Vellante for John Furrier and the entire Cube community. Keep it right there for more great coverage from Supercloud 2. (uplifting music)

>> Announcer: TheCUBE presents Ignite22, brought to you by Palo Alto Networks. >> Hey, welcome back to Vegas. Great to have you. We're pleased that you're watching theCUBE. Lisa Martin and Dave Vellante. Day two of theCUBE's coverage of Palo Alto Ignite22 from the MGM Grand. Dave, we're going to be talking about data. >> You know I love data. >> I do know you love data. >> Survey data- >> There is a great new survey that Palo Alto Networks just published yesterday, "What's next in cyber?" We're going to be digging through it with their CMO. Who better to talk about data with than a CMO that has a PhD in machine learning? We're very pleased to welcome to the program, Zeynep Ozdemir, CMO of Palo Alto Networks. Great to have you. Thank you for joining us. >> It's a pleasure to be here. >> First, I got to ask you about your PhD. Your background as a CMO is so interesting and unique. Give me a little bit of a history on that. >> Oh, absolutely, yes. Yes, I admit that I'm a little bit of an untraditional marketing leader. I spent probably the first half of my career as a software engineer and a research scientist in the area of machine learning and speech signal processing, which is very uncommon, I admit that. Honestly, it has actually helped me immensely in my current role. I mean, you know, you've spoken to Lee Klarich, I think a little while ago. We have a very tight and close partnership with product and engineering teams at Palo Alto Networks. And, you know, cybersecurity is a very complex topic. And we're at a critical juncture right now where all of these new technologies, AI, machine learning, cloud computing, are going to really transform the industry. And I think that I'm very lucky, as somebody who's very technically competent in all of those areas, to partner with the best people and the leading company right now. So, I'm very happy that my technical background is actually helping in this journey. >> Dave: Oh, wait, aren't you like a molecular biologist, or something? >> A reformed molecular...yes. >> Yes. >> Okay. Whoa, okay. (group laughs) >> But >> Math guy over here. >> Yeah. You guys just, the story that I tease is... the amount of data in there is unbelievable. This has just started in August, so a few months ago. >> Zeynep: Yeah. >> Fresh data. You surveyed 1300 CXOs globally. >> Zeynep: That's right. >> Across industries and organizations are saying, you know, hybrid work and remote work became status quo like that. >> Yes. >> Couple years ago everyone shifted to multicloud and of course the cyber criminals are sophisticated, and they're motivated, and they're well funded. >> Zeynep: That's right. >> What are some of the things that you think that the survey really demonstrated that validate the direction that Palo Alto Networks is going in? >> That's right. That's right. So we do these surveys because first and foremost, we have to make sure we're aligned with our customers in terms of our product strategy and the direction. And we have to confirm and validate our very strong opinions about the future of the cybersecurity industry. So, but this time when we did this survey, we just saw some great insights, and we decided we want to share it with the broader industry because we obviously want to drive thought leadership and make sure everybody is in the same level field. Some interesting and significant results with this one. So, as you said, this was 1300 C level cybersecurity decision makers and executives across the world. So we had participants from Europe, from Japan, from Asia Pacific, Latin America, in addition to North America. So one of the most significant stats or data points that we've seen was the fact that out of everybody interviewed, 96% of participants had experienced one or more cybersecurity breaches in the past 12 months. That was more than what we expected, to be honest with you. And then 57% of them actually experienced three or more. So those stats are really worth sharing in terms of where the state of cybersecurity is. What also was personally interesting to me was 33% of them actually experienced an operational disruption as a result of a breach, which is a big number. It's one third of participants. So all of these were very interesting. We asked them more detailed questions around you know, how many...like obviously all of them are trying to respond to this situation. They're trying different technologies, different tools and it seems like they're in a point where they're almost have too many tools and technologies because, you know, when you have too many tools and technologies, there's the operational overhead of integrating them. It creates blind spots between them because those tools aren't really communicating with each other. So what we heard from the responders was that on average they were on like 32 tools, 22% was on 50 or more tools, which is crazy. But what the question we asked them was, you know, are you, are you looking to consolidate? Are you looking to go more tools or less tools? Like what are your thoughts on that? And a significant majority of them, like about 77% said they are actively trying to reduce the number of technologies that they're trying to use because they want to actually achieve better security outcomes. >> I wonder if you could comment on this. So early on in the pandemic, we have a partner, survey partner ETR, Enterprise Technology Research. And we saw a real shift of course, 'cause of hybrid work toward endpoint security, cloud security, they were rearchitecting their networks, a new focus on, you know, different thinking about network security and identity. >> Yeah. >> You play in all of those in partner for identity. >> Zeynep: Yeah. >> I almost, my question is, is was there kind of a knee jerk reaction to get point tools to plug some of those holes? >> Zeynep: Yes. >> And now they're...'cause we said at the time, this is a permanent shift in thinking. What we didn't think through it's coming to focus here at this conference is, okay, we did that, but now we created another problem. >> Zeynep: Yeah. Yeah. >> Now we're- >> Yes, yes. You're very right. I think, and it's very natural to do this, right? >> Sure. >> Every time a problem pops up, you want to fix it as quickly as possible. And you look... you survey who can help you with that. And then you kind of get going because cybersecurity is one of those areas where you can't really wait and do, you know, take time to fix those problems. So that happened a lot and it is happening. But what happened as a result of that. For example, I'll give you a data point from the actual survey that answers this very question. When we asked these executives what keeps them like up at night, like what's their biggest concern? A significant majority of them said, oh we're having difficulty with data management. And what that means is that all these tools that they've deployed, they're generating a lot of insights and data, but they're disconnected, right? So there is no one place where you can say, look at it holistically and come to conclusions very fast about how threat actors are moving in an organization. So that's a direct result of this proliferation of tools, if you will. And you're right. And it will...it's a natural thing to deploy products very quickly. But then you have to take a step back and say, how do I make this more effective? How do I bring things together, bring all my data together to be able to get to threats detect threats much faster? >> An unintended consequence of that quick fix. >> And become cyber resilient. We've been hearing a lot about cyber resiliency. >> Yes, yes. >> Recently and something that I was noting in the survey is only 25% of execs said, yeah, our cyber resilience and readiness is high. And you found that there was a lack of alignment between the boards and the executive levels. And we actually spoke with I think BJ yesterday on how are you guys and even some of your partners >> Yeah. >> How are you helping facilitate that alignment? We know security's always a board level- >> Zeynep: Yes. >> Conversation, but the lack of alignment was kind of surprising to me. >> Yeah. Well I think the good news is that I think we... cybersecurity is taking its place in board discussions more and more. Whether there's alignment or not, at least it's a topic, right? >> Yeah. That was also out of the survey that we saw. I think yes, we have a lot of, a big role to play in helping security executives communicate better with boards and c-level executives in their organizations. Because as we said, it's a very complex topic, and it has to be taken from two angles. When there's...it's a board level discussion. One, how are you reducing risk and making sure that you're resilient. Two, how do you think about return on investment and you know, what's the right level of investment and is that investment going to get us the return that we need? >> What do you think of this? So there's another interesting stat here. What keeps executives up at night? >> Mmhm. >> You mentioned difficulty of data management. Normally, the CISO response to what's your number one problem is lack of talent. >> Zeynep: Number three there, yes. Yeah. >> And it is maybe somewhat related to difficulty of data management, but maybe people have realized, you know what? I'm never going to solve this problem by throwing bodies at it. >> Yeah. >> I got to think of a better way to consolidate my data. Maybe partner with a company that can help me do that. And then the second one was scared of being left behind changes in the tech stack. So we're moving so fast to digitize. >> Zeynep: Yes. >> And security's still an afterthought. And so it's almost as though they're kind of rethinking the problems 'cause they know that they can't just solve the issue by throwing, you know, more hires at it 'cause they can't find the people. >> That is...you're absolutely spot on. The thing about cybersecurity skills gap, it's a reality. It's very real. It's a hard place to be. It's hard to ramp up sometimes. Also, there's a lot of turnover. But you're right in the sense that a lot of the manual work that is needed for cybersecurity, it's actually more sort of much easier to tackle with machines- >> Yeah. >> Than humans. It's a funny double click on the stat you just gave. In North America, the responders when we asked them like how they're coping with the skills shortage, they said we're automating more. So we're using more AI, we're using more process automation to make sure we do the heavy lifting with machines and then only present to the people what they're very good at, is making judgements, right? Very sort of like last minute judgment calls. In the other parts of the world, the top answer to that question is how you're tackling cybersecurity skill shortage was, we're actually trying to provide higher wages and better benefits to the existing p... so there's a little bit of a gap between the two. But I think, I think the world is moving towards the former, which is let's do as much as we can with AI and machines and automation in general and then let's make sure we're more in an automation assisted world versus a human first world. >> We also saw on the survey that ransomware was, you know, the big concern in the United States. Not as much, not that it's not a concern >> Lisa: Yeah. >> In other parts of the world. >> Zeynep: Yeah. >> But it wasn't number one. Why do you think that is? Is it 'cause maybe the US has more to lose? Is it, you know, more high profile or- >> Yeah. Look, I mean, yes you're right? So most responders said number one is ransomware. That's my biggest concern going into 2023. And it was for JAPAC and I think EMEA, Europe, it was supply chain attacks. >> Dave: Right. >> So I think US has been hit hard by ransomware in the past year. I think it's like fresh memory and that's why it rose to the top in various verticals. So I'm not surprised with that outcome. I think supply chain is more of a... we've, you know, we've been hit hard globally by that, and it's very new. >> Lisa: Yeah. >> So I think a lot of the European and JAPAC responders are responding to it from a perspective of, this is a problem I still don't know how to solve. You know, like, and it's like I need the right infrastructure to...and I need the right visibility into my software supply chain. It's very top of mind. So those were some of the differences, but you're right. That was a very interesting regional distinction as well. >> How do you take this data and then bring it back to your customers to kind of close the loop? Do you do that? Do you say, okay, hey, we're going to share this data with you, get realtime feedback- >> Zeynep: Yes. >> Dave: We often like to do that with data- >> Zeynep: Absolutely. >> Say okay...'cause you know, when you do a survey like this, you're like, oh, I wish we asked A, B and C. But it gives you, informs you as to where to double click. Is there a system to do that? Or process to do that? >> Yes. Our hope and goal is to do this every year and see how things are changing and then do some historical analysis as to how things are changing as well. But as I said in the very beginning, I think we take this and we say, okay, there's a lot of alignment in these areas, especially for us for our products to see if where our products are deployed to see if some of those numbers vary, you know, per product. Because we address as a company, we address a lot of these concerns. So then it's very encouraging to say, okay, with certain customers, we're going to go, we're going to have develop certain metrics and we're going to measure how much of a difference we're making with these stats. >> Well, I mean, if you can show that you're consolidating- >> Yeah. >> You know, the number of tools and show the business impact- >> Right. >> Exactly. >> Home run. >> Exactly. Yes- >> Speaking of business outcomes, you know, we have so many conversations around everything needs to be outcome-based. Can security become an enabler of business outcomes for organizations? >> Absolutely. Security has to be an enabler. So it's, you know, back to the security lagging behind the evolution of the digital transformation, I don't think it's possible to move fast without having security move fast with digital transformation. I don't think anybody would raise their hands and say, I'm just going to have the most creative, most interesting digital transformation journey. But, you know, security is say, so I think we're past that point where I think generally people do agree that security has to run as fast as digital transformation and really enable those business outcomes that everybody's proud of. So Yes. Yes it is. >> So...sorry. So chicken and egg, digital transformation, cyber transformation. >> Zeynep: Yes. >> Lisa: How are they related? Is one digital leading? >> They are two halves of the perfect solution. They have to coexist because otherwise if you're taking a lot of risk with your digital transformation, is it really worth going through a digital transformation? >> Yeah. >> Yeah. >> So there's a board over here. I'm looking at it and it started out blank. >> Yes. >> And it's what's next in cyber and basically- >> That's this. Yes. >> People can come through and they can write down, and there's some great stuff in there: 5G, cloud native, some technical stuff, automated meantime to repair or to remediation. >> Yeah. >> Somebody wrote AWS. The AWS guys left their mark, which is kind of cool. >> Zeynep: That's great. >> And so I'm wondering, so we always talk about... we just talked about earlier that cyber is a board...has become a board level you know, issue. I think even go back mid last decade, it was really starting to gain strength. What I'm looking for, and I dunno if there's anything in here that suggests this is going beyond the board. So it becomes this top down thing, not just the the SOC, not just the, you know, IT, not just the board. Now it's top down maybe it's bottom up, middle out. The awareness across the organization. >> Zeynep: Absolutely. >> And that's something that I think is that is a next big thing in cyber. I believe it's coming. >> Cybersecurity awareness is a topic. And you know, there are companies who do that, who actually educate just all of us who work for corporations on the best way to tackle, especially when the human is the source and the reason knowingly or unknowing, mostly unknowingly of cyber attacks. Their education and awareness is critical in preventing a lot of this...before our, you know tools even get in. So I agree with you that there is a cybersecurity awareness as a topic is going to be very, very popular in the future. >> Lena Smart is the CISO of MongoDB does... I forget what she calls it, but she basically takes the top security people in the company like the super geeks and puts 'em with those that know nothing about security, and they start having conversations. >> Zeynep: Yeah. >> And then so they can sort of be empathic to each other's point of view. >> Zeynep: Absolutely. >> And that's how she gets the organization to become cyber aware. >> Yes. >> It's brilliant. >> It is. >> So simple. >> Exactly. Well that's the beauty in it is the simplicity. >> Yeah. And there are programs just to put a plug. There are programs where you can simulate, for example, phishing attacks with your, you know employee base and your workforce. And then teach them at that moment when they fall for it, you know, what they should have done. >> I think I can make a family game night. >> Yeah. Yeah. (group laughs) >> I'm serious. That's a good little exercise For everybody. >> Yes. Yeah, exactly. >> It really is. Especially as the sophistication and smishing gets more and more common these days. Where can folks go to get their hands on this juicy survey that we just unpacked? >> We have it online, so if you go to the Palo Alto Networks website, there's a big link to the survey from there. So for sure there's a summary version that you can come in and you can have access to all the stats. >> Excellent. Zeynep, it's been such a pleasure having you on the program dissecting what's keeping CXOs up at night, what Palo Alto Networks is doing to really help organizations digitally transform cyber transformation and achieve that nirvana of cyber resilience. We appreciate so much your insights. >> Thanks very much. It's been the pleasure. >> Dave: Good to have you. >> Thank you >> Zeynep Ozdemir and Dave Vellante. I'm Lisa Martin. You're watching theCUBE, the leader in live and emerging tech coverage. (upbeat music)

>>Okay, we're back. I'm Dave Valante with The Cube and you're watching Evolving Influx DB into the smart data platform made possible by influx data. Anna East Otis Georgio is here. She's a developer advocate for influx data and we're gonna dig into the rationale and value contribution behind several open source technologies that Influx DB is leveraging to increase the granularity of time series analysis analysis and bring the world of data into realtime analytics. Anna is welcome to the program. Thanks for coming on. >>Hi, thank you so much. It's a pleasure to be here. >>Oh, you're very welcome. Okay, so IO X is being touted as this next gen open source core for Influx db. And my understanding is that it leverages in memory, of course for speed. It's a kilo store, so it gives you compression efficiency, it's gonna give you faster query speeds, it gonna use store files and object storages. So you got very cost effective approach. Are these the salient points on the platform? I know there are probably dozens of other features, but what are the high level value points that people should understand? >>Sure, that's a great question. So some of the main requirements that IOCs is trying to achieve and some of the most impressive ones to me, the first one is that it aims to have no limits on cardinality and also allow you to write any kind of event data that you want, whether that's lift tag or a field. It also wants to deliver the best in class performance on analytics queries. In addition to our already well served metrics queries, we also wanna have operator control over memory usage. So you should be able to define how much memory is used for buffering caching and query processing. Some other really important parts is the ability to have bulk data export and import, super useful. Also, broader ecosystem compatibility where possible we aim to use and embrace emerging standards in the data analytics ecosystem and have compatibility with things like sql, Python, and maybe even pandas in the future. >>Okay, so a lot there. Now we talked to Brian about how you're using Rust and and which is not a new programming language and of course we had some drama around Russ during the pandemic with the Mozilla layoffs, but the formation of the Russ Foundation really addressed any of those concerns. You got big guns like Amazon and Google and Microsoft throwing their collective weights behind it. It's really, adoption is really starting to get steep on the S-curve. So lots of platforms, lots of adoption with rust, but why rust as an alternative to say c plus plus for example? >>Sure, that's a great question. So Rust was chosen because of his exceptional performance and rebi reliability. So while rust is synt tactically similar to c c plus plus and it has similar performance, it also compiles to a native code like c plus plus. But unlike c plus plus, it also has much better memory safety. So memory safety is protection against bugs or security vulnerabilities that lead to excessive memory usage or memory leaks. And rust achieves this memory safety due to its like innovative type system. Additionally, it doesn't allow for dangling pointers and dangling pointers are the main classes of errors that lead to exploitable security vulnerabilities in languages like c plus plus. So Russ like helps meet that requirement of having no limits on card for example, because it's, we're also using the Russ implementation of Apache Arrow and this control over memory and also Russ, Russ Russ's packaging system called crates IO offers everything that you need out of the box to have features like AY and a weight to fixed race conditions to protect against buffering overflows and to ensure thread safe ay caching structures as well. So essentially it's just like has all the control, all the fine grain control, you need to take advantage of memory and all your resources as well as possible so that you can handle those really, really high ity use cases. >>Yeah, and the more I learned about the the new engine and the, and the platform IOCs et cetera, you know, you, you see things like, you know, the old days not even to even today you do a lot of garbage collection in these, in these systems and there's an inverse, you know, impact relative to performance. So it looks like you're really, you know, the community is modernizing the platform, but I wanna talk about Apache Arrow for a moment. It's designed to address the constraints that are associated with analyzing large data sets. We, we know that, but please explain why, what, what is Arrow and and what does it bring to Influx db? >>Sure, yeah. So Arrow is a, a framework for defining in memory calmer data and so much of the efficiency and performance of IOCs comes from taking advantage of calmer data structures. And I will, if you don't mind, take a moment to kind of illustrate why calmer data structures are so valuable. Let's pretend that we are gathering field data about the temperature in our room and also maybe the temperature of our stove. And in our table we have those two temperature values as well as maybe a measurement value, timestamp value, maybe some other tag values that describe what room and what house, et cetera we're getting this data from. And so you can picture this table where we have like two rows with the two temperature values for both our room and the stove. Well usually our room temperature is regulated so those values don't change very often. >>So when you have calm oriented st calm oriented storage, essentially you take each row, each column and group it together. And so if that's the case and you're just taking temperature values from the room and a lot of those temperature values are the same, then you'll, you might be able to imagine how equal values will then neighbor each other and when they neighbor each other in the storage format. This provides a really perfect opportunity for cheap compression. And then this cheap compression enables high cardinality use cases. It also enables for faster scan rates. So if you wanna define like the min and max value of the temperature in the room across a thousand different points, you only have to get those a thousand different points in order to answer that question and you have those immediately available to you. But let's contrast this with a row oriented storage solution instead so that we can understand better the benefits of calmer oriented storage. >>So if you had a row oriented storage, you'd first have to look at every field like the temperature in, in the room and the temperature of the stove. You'd have to go across every tag value that maybe describes where the room is located or what model the stove is. And every timestamp you'd then have to pluck out that one temperature value that you want at that one times stamp and do that for every single row. So you're scanning across a ton more data and that's why row oriented doesn't provide the same efficiency as calmer and Apache Arrow is in memory calmer data, calmer data fit framework. So that's where a lot of the advantages come >>From. Okay. So you've basically described like a traditional database, a row approach, but I've seen like a lot of traditional databases say, okay, now we've got, we can handle colo format versus what you're talking about is really, you know, kind of native it, is it not as effective as the, is the form not as effective because it's largely a, a bolt on? Can you, can you like elucidate on that front? >>Yeah, it's, it's not as effective because you have more expensive compression and because you can't scan across the values as quickly. And so those are, that's pretty much the main reasons why, why RO row oriented storage isn't as efficient as calm, calmer oriented storage. >>Yeah. Got it. So let's talk about Arrow data fusion. What is data fusion? I know it's written in rust, but what does it bring to to the table here? >>Sure. So it's an extensible query execution framework and it uses Arrow as its in memory format. So the way that it helps influx DB IOx is that okay, it's great if you can write unlimited amount of cardinality into influx cbis, but if you don't have a query engine that can successfully query that data, then I don't know how much value it is for you. So data fusion helps enable the, the query process and transformation of that data. It also has a PANDAS API so that you could take advantage of PDA's data frames as well and all of the machine learning tools associated with pandas. >>Okay. You're also leveraging par K in the platform course. We heard a lot about Par K in the middle of the last decade cuz as a storage format to improve on Hadoop column stores. What are you doing with Par K and why is it important? >>Sure. So Par K is the calm oriented durable file format. So it's important because it'll enable bulk import and bulk export. It has compatibility with Python and pandas so it supports a broader ecosystem. Parque files also take very little disc disc space and they're faster to scan because again they're column oriented in particular, I think PAR K files are like 16 times cheaper than CSV files, just as kind of a point of reference. And so that's essentially a lot of the, the benefits of par k. >>Got it. Very popular. So and these, what exactly is influx data focusing on as a committer to these projects? What is your focus? What's the value that you're bringing to the community? >>Sure. So Influx DB first has contributed a lot of different, different things to the Apache ecosystem. For example, they contribute an implementation of Apache Arrow and go and that will support clearing with flux. Also, there has been a quite a few contributions to data fusion for things like memory optimization and supportive additional SQL features like support for timestamp, arithmetic and support for exist clauses and support for memory control. So yeah, Influx has contributed a a lot to the Apache ecosystem and continues to do so. And I think kind of the idea here is that if you can improve these upstream projects and then the long term strategy here is that the more you contribute and build those up, then the more you will perpetuate that cycle of improvement and the more we will invest in our own project as well. So it's just that kind of symbiotic relationship and appreciation of the open source community. >>Yeah. Got it. You got that virtuous cycle going, the people call it the flywheel. Give us your last thoughts and kind of summarize, you know, where what, what the big takeaways are from your perspective. >>So I think the big takeaway is that influx data is doing a lot of really exciting things with Influx DB IOCs and I really encourage if you are interested in learning more about the technologies that Influx is leveraging to produce IOCs, the challenges associated with it and all of the hard work questions and I just wanna learn more, then I would encourage you to go to the monthly tech talks and community office hours and they are on every second Wednesday of the month at 8:30 AM Pacific time. There's also a community forums and a community Slack channel. Look for the influx D DB underscore IAC channel specifically to learn more about how to join those office hours and those monthly tech tech talks as well as ask any questions they have about IOCs, what to expect and what you'd like to learn more about. I as a developer advocate, I wanna answer your questions. So if there's a particular technology or stack that you wanna dive deeper into and want more explanation about how influx TB leverages it to build IOCs, I will be really excited to produce content on that topic for you. >>Yeah, that's awesome. You guys have a really rich community, collaborate with your peers, solve problems, and you guys super responsive, so really appreciate that. All right, thank you so much and East for explaining all this open source stuff to the audience and why it's important to the future of data. >>Thank you. I really appreciate it. >>All right, you're very welcome. Okay, stay right there and in a moment I'll be back with Tim Yokum. He's the director of engineering for Influx Data and we're gonna talk about how you update a SaaS engine while the plane is flying at 30,000 feet. You don't wanna miss this.

>>This past May, The Cube in collaboration with Influx data shared with you the latest innovations in Time series databases. We talked at length about why a purpose built time series database for many use cases, was a superior alternative to general purpose databases trying to do the same thing. Now, you may, you may remember the time series data is any data that's stamped in time, and if it's stamped, it can be analyzed historically. And when we introduced the concept to the community, we talked about how in theory, those time slices could be taken, you know, every hour, every minute, every second, you know, down to the millisecond and how the world was moving toward realtime or near realtime data analysis to support physical infrastructure like sensors and other devices and IOT equipment. A time series databases have had to evolve to efficiently support realtime data in emerging use cases in iot T and other use cases. >>And to do that, new architectural innovations have to be brought to bear. As is often the case, open source software is the linchpin to those innovations. Hello and welcome to Evolving Influx DB into the smart Data platform, made possible by influx data and produced by the Cube. My name is Dave Valante and I'll be your host today. Now in this program we're going to dig pretty deep into what's happening with Time series data generally, and specifically how Influx DB is evolving to support new workloads and demands and data, and specifically around data analytics use cases in real time. Now, first we're gonna hear from Brian Gilmore, who is the director of IOT and emerging technologies at Influx Data. And we're gonna talk about the continued evolution of Influx DB and the new capabilities enabled by open source generally and specific tools. And in this program you're gonna hear a lot about things like Rust, implementation of Apache Arrow, the use of par k and tooling such as data fusion, which powering a new engine for Influx db. >>Now, these innovations, they evolve the idea of time series analysis by dramatically increasing the granularity of time series data by compressing the historical time slices, if you will, from, for example, minutes down to milliseconds. And at the same time, enabling real time analytics with an architecture that can process data much faster and much more efficiently. Now, after Brian, we're gonna hear from Anna East Dos Georgio, who is a developer advocate at In Flux Data. And we're gonna get into the why of these open source capabilities and how they contribute to the evolution of the Influx DB platform. And then we're gonna close the program with Tim Yokum, he's the director of engineering at Influx Data, and he's gonna explain how the Influx DB community actually evolved the data engine in mid-flight and which decisions went into the innovations that are coming to the market. Thank you for being here. We hope you enjoy the program. Let's get started. Okay, we're kicking things off with Brian Gilmore. He's the director of i t and emerging Technology at Influx State of Bryan. Welcome to the program. Thanks for coming on. >>Thanks Dave. Great to be here. I appreciate the time. >>Hey, explain why Influx db, you know, needs a new engine. Was there something wrong with the current engine? What's going on there? >>No, no, not at all. I mean, I think it's, for us, it's been about staying ahead of the market. I think, you know, if we think about what our customers are coming to us sort of with now, you know, related to requests like sql, you know, query support, things like that, we have to figure out a way to, to execute those for them in a way that will scale long term. And then we also, we wanna make sure we're innovating, we're sort of staying ahead of the market as well and sort of anticipating those future needs. So, you know, this is really a, a transparent change for our customers. I mean, I think we'll be adding new capabilities over time that sort of leverage this new engine, but you know, initially the customers who are using us are gonna see just great improvements in performance, you know, especially those that are working at the top end of the, of the workload scale, you know, the massive data volumes and things like that. >>Yeah, and we're gonna get into that today and the architecture and the like, but what was the catalyst for the enhancements? I mean, when and how did this all come about? >>Well, I mean, like three years ago we were primarily on premises, right? I mean, I think we had our open source, we had an enterprise product, you know, and, and sort of shifting that technology, especially the open source code base to a service basis where we were hosting it through, you know, multiple cloud providers. That was, that was, that was a long journey I guess, you know, phase one was, you know, we wanted to host enterprise for our customers, so we sort of created a service that we just managed and ran our enterprise product for them. You know, phase two of this cloud effort was to, to optimize for like multi-tenant, multi-cloud, be able to, to host it in a truly like sass manner where we could use, you know, some type of customer activity or consumption as the, the pricing vector, you know, And, and that was sort of the birth of the, of the real first influx DB cloud, you know, which has been really successful. >>We've seen, I think like 60,000 people sign up and we've got tons and tons of, of both enterprises as well as like new companies, developers, and of course a lot of home hobbyists and enthusiasts who are using out on a, on a daily basis, you know, and having that sort of big pool of, of very diverse and very customers to chat with as they're using the product, as they're giving us feedback, et cetera, has has, you know, pointed us in a really good direction in terms of making sure we're continuously improving that and then also making these big leaps as we're doing with this, with this new engine. >>Right. So you've called it a transparent change for customers, so I'm presuming it's non-disruptive, but I really wanna understand how much of a pivot this is and what, what does it take to make that shift from, you know, time series, you know, specialist to real time analytics and being able to support both? >>Yeah, I mean, it's much more of an evolution, I think, than like a shift or a pivot. You know, time series data is always gonna be fundamental and sort of the basis of the solutions that we offer our customers, and then also the ones that they're building on the sort of raw APIs of our platform themselves. You know, the time series market is one that we've worked diligently to lead. I mean, I think when it comes to like metrics, especially like sensor data and app and infrastructure metrics, if we're being honest though, I think our, our user base is well aware that the way we were architected was much more towards those sort of like backwards looking historical type analytics, which are key for troubleshooting and making sure you don't, you know, run into the same problem twice. But, you know, we had to ask ourselves like, what can we do to like better handle those queries from a performance and a, and a, you know, a time to response on the queries, and can we get that to the point where the results sets are coming back so quickly from the time of query that we can like limit that window down to minutes and then seconds. >>And now with this new engine, we're really starting to talk about a query window that could be like returning results in, in, you know, milliseconds of time since it hit the, the, the ingest queue. And that's, that's really getting to the point where as your data is available, you can use it and you can query it, you can visualize it, and you can do all those sort of magical things with it, you know? And I think getting all of that to a place where we're saying like, yes to the customer on, you know, all of the, the real time queries, the, the multiple language query support, but, you know, it was hard, but we're now at a spot where we can start introducing that to, you know, a a limited number of customers, strategic customers and strategic availability zones to start. But you know, everybody over time. >>So you're basically going from what happened to in, you can still do that obviously, but to what's happening now in the moment? >>Yeah, yeah. I mean if you think about time, it's always sort of past, right? I mean, like in the moment right now, whether you're talking about like a millisecond ago or a minute ago, you know, that's, that's pretty much right now, I think for most people, especially in these use cases where you have other sort of components of latency induced by the, by the underlying data collection, the architecture, the infrastructure, the, you know, the, the devices and you know, the sort of highly distributed nature of all of this. So yeah, I mean, getting, getting a customer or a user to be able to use the data as soon as it is available is what we're after here. >>I always thought, you know, real, I always thought of real time as before you lose the customer, but now in this context, maybe it's before the machine blows up. >>Yeah, it's, it's, I mean it is operationally or operational real time is different, you know, and that's one of the things that really triggered us to know that we were, we were heading in the right direction, is just how many sort of operational customers we have. You know, everything from like aerospace and defense. We've got companies monitoring satellites, we've got tons of industrial users, users using us as a processes storing on the plant floor, you know, and, and if we can satisfy their sort of demands for like real time historical perspective, that's awesome. I think what we're gonna do here is we're gonna start to like edge into the real time that they're used to in terms of, you know, the millisecond response times that they expect of their control systems, certainly not their, their historians and databases. >>I, is this available, these innovations to influx DB cloud customers only who can access this capability? >>Yeah. I mean commercially and today, yes. You know, I think we want to emphasize that's a, for now our goal is to get our latest and greatest and our best to everybody over time. Of course. You know, one of the things we had to do here was like we double down on sort of our, our commitment to open source and availability. So like anybody today can take a look at the, the libraries in on our GitHub and, you know, can ex inspect it and even can try to, you know, implement or execute some of it themselves in their own infrastructure. You know, we are, we're committed to bringing our sort of latest and greatest to our cloud customers first for a couple of reasons. Number one, you know, there are big workloads and they have high expectations of us. I think number two, it also gives us the opportunity to monitor a little bit more closely how it's working, how they're using it, like how the system itself is performing. >>And so just, you know, being careful, maybe a little cautious in terms of, of, of how big we go with this right away, just sort of both limits, you know, the risk of, of, you know, any issues that can come with new software rollouts. We haven't seen anything so far, but also it does give us the opportunity to have like meaningful conversations with a small group of users who are using the products, but once we get through that and they give us two thumbs up on it, it'll be like, open the gates and let everybody in. It's gonna be exciting time for the whole ecosystem. >>Yeah, that makes a lot of sense. And you can do some experimentation and, you know, using the cloud resources. Let's dig into some of the architectural and technical innovations that are gonna help deliver on this vision. What, what should we know there? >>Well, I mean, I think foundationally we built the, the new core on Rust. You know, this is a new very sort of popular systems language, you know, it's extremely efficient, but it's also built for speed and memory safety, which goes back to that us being able to like deliver it in a way that is, you know, something we can inspect very closely, but then also rely on the fact that it's going to behave well. And if it does find error conditions, I mean we, we've loved working with Go and, you know, a lot of our libraries will continue to, to be sort of implemented in Go, but you know, when it came to this particular new engine, you know, that power performance and stability rust was critical. On top of that, like, we've also integrated Apache Arrow and Apache Parque for persistence. I think for anybody who's really familiar with the nuts and bolts of our backend and our TSI and our, our time series merged Trees, this is a big break from that, you know, arrow on the sort of in MI side and then Par K in the on disk side. >>It, it allows us to, to present, you know, a unified set of APIs for those really fast real time inquiries that we talked about, as well as for very large, you know, historical sort of bulk data archives in that PARQUE format, which is also cool because there's an entire ecosystem sort of popping up around Parque in terms of the machine learning community, you know, and getting that all to work, we had to glue it together with aero flight. That's sort of what we're using as our, our RPC component. You know, it handles the orchestration and the, the transportation of the Coer data. Now we're moving to like a true Coer database model for this, this version of the engine, you know, and it removes a lot of overhead for us in terms of having to manage all that serialization, the deserialization, and, you know, to that again, like blurring that line between real time and historical data. It's, you know, it's, it's highly optimized for both streaming micro batch and then batches, but true streaming as well. >>Yeah. Again, I mean, it's funny you mentioned Rust. It is, it's been around for a long time, but it's popularity is, is you know, really starting to hit that steep part of the S-curve. And, and we're gonna dig into to more of that, but give us any, is there anything else that we should know about Bryan? Give us the last word? >>Well, I mean, I think first I'd like everybody sort of watching just to like take a look at what we're offering in terms of early access in beta programs. I mean, if, if, if you wanna participate or if you wanna work sort of in terms of early access with the, with the new engine, please reach out to the team. I'm sure you know, there's a lot of communications going out and you know, it'll be highly featured on our, our website, you know, but reach out to the team, believe it or not, like we have a lot more going on than just the new engine. And so there are also other programs, things we're, we're offering to customers in terms of the user interface, data collection and things like that. And, you know, if you're a customer of ours and you have a sales team, a commercial team that you work with, you can reach out to them and see what you can get access to because we can flip a lot of stuff on, especially in cloud through feature flags. >>But if there's something new that you wanna try out, we'd just love to hear from you. And then, you know, our goal would be that as we give you access to all of these new cool features that, you know, you would give us continuous feedback on these products and services, not only like what you need today, but then what you'll need tomorrow to, to sort of build the next versions of your business. Because you know, the whole database, the ecosystem as it expands out into to, you know, this vertically oriented stack of cloud services and enterprise databases and edge databases, you know, it's gonna be what we all make it together, not just, you know, those of us who were employed by Influx db. And then finally I would just say please, like watch in ICE in Tim's sessions, like these are two of our best and brightest, They're totally brilliant, completely pragmatic, and they are most of all customer obsessed, which is amazing. And there's no better takes, like honestly on the, the sort of technical details of this, then there's, especially when it comes to like the value that these investments will, will bring to our customers and our communities. So encourage you to, to, you know, pay more attention to them than you did to me, for sure. >>Brian Gilmore, great stuff. Really appreciate your time. Thank you. >>Yeah, thanks Dave. It was awesome. Look forward to it. >>Yeah, me too. Looking forward to see how the, the community actually applies these new innovations and goes, goes beyond just the historical into the real time really hot area. As Brian said in a moment, I'll be right back with Anna East dos Georgio to dig into the critical aspects of key open source components of the Influx DB engine, including Rust, Arrow, Parque, data fusion. Keep it right there. You don't wanna miss this >>Time series Data is everywhere. The number of sensors, systems and applications generating time series data increases every day. All these data sources producing so much data can cause analysis paralysis. Influx DB is an entire platform designed with everything you need to quickly build applications that generate value from time series data influx. DB Cloud is a serverless solution, which means you don't need to buy or manage your own servers. There's no need to worry about provisioning because you only pay for what you use. Influx DB Cloud is fully managed so you get the newest features and enhancements as they're added to the platform's code base. It also means you can spend time building solutions and delivering value to your users instead of wasting time and effort managing something else. Influx TVB Cloud offers a range of security features to protect your data, multiple layers of redundancy ensure you don't lose any data access controls ensure that only the people who should see your data can see it. >>And encryption protects your data at rest and in transit between any of our regions or cloud providers. InfluxDB uses a single API across the entire platform suite so you can build on open source, deploy to the cloud and then then easily query data in the cloud at the edge or on prem using the same scripts. And InfluxDB is schemaless automatically adjusting to changes in the shape of your data without requiring changes in your application. Logic. InfluxDB Cloud is production ready from day one. All it needs is your data and your imagination. Get started today@influxdata.com slash cloud. >>Okay, we're back. I'm Dave Valante with a Cube and you're watching evolving Influx DB into the smart data platform made possible by influx data. Anna ETOs Georgio is here, she's a developer advocate for influx data and we're gonna dig into the rationale and value contribution behind several open source technologies that Influx DB is leveraging to increase the granularity of time series analysis analysis and bring the world of data into real-time analytics and is welcome to the program. Thanks for coming on. >>Hi, thank you so much. It's a pleasure to be here. >>Oh, you're very welcome. Okay, so IX is being touted as this next gen open source core for Influx db. And my understanding is that it leverages in memory of course for speed. It's a kilo store, so it gives you a compression efficiency, it's gonna give you faster query speeds, you store files and object storage, so you got very cost effective approach. Are these the salient points on the platform? I know there are probably dozens of other features, but what are the high level value points that people should understand? >>Sure, that's a great question. So some of the main requirements that IOx is trying to achieve and some of the most impressive ones to me, the first one is that it aims to have no limits on cardinality and also allow you to write any kind of event data that you want, whether that's live tag or a field. It also wants to deliver the best in class performance on analytics queries. In addition to our already well served metrics queries, we also wanna have operator control over memory usage. So you should be able to define how much memory is used for buffering caching and query processing. Some other really important parts is the ability to have bulk data export and import super useful. Also broader ecosystem compatibility where possible we aim to use and embrace emerging standards in the data analytics ecosystem and have compatibility with things like sql, Python, and maybe even pandas in the future. >>Okay, so lot there. Now we talked to Brian about how you're using Rust and which is not a new programming language and of course we had some drama around Rust during the pandemic with the Mozilla layoffs, but the formation of the Rust Foundation really addressed any of those concerns. You got big guns like Amazon and Google and Microsoft throwing their collective weights behind it. It's really, the adoption is really starting to get steep on the S-curve. So lots of platforms, lots of adoption with rust, but why rust as an alternative to say c plus plus for example? >>Sure, that's a great question. So Russ was chosen because of his exceptional performance and reliability. So while Russ is synt tactically similar to c plus plus and it has similar performance, it also compiles to a native code like c plus plus. But unlike c plus plus, it also has much better memory safety. So memory safety is protection against bugs or security vulnerabilities that lead to excessive memory usage or memory leaks. And rust achieves this memory safety due to its like innovative type system. Additionally, it doesn't allow for dangling pointers. And dangling pointers are the main classes of errors that lead to exploitable security vulnerabilities in languages like c plus plus. So Russ like helps meet that requirement of having no limits on ality, for example, because it's, we're also using the Russ implementation of Apache Arrow and this control over memory and also Russ Russ's packaging system called crates IO offers everything that you need out of the box to have features like AY and a weight to fix race conditions, to protection against buffering overflows and to ensure thread safe async cashing structures as well. So essentially it's just like has all the control, all the fine grain control, you need to take advantage of memory and all your resources as well as possible so that you can handle those really, really high ity use cases. >>Yeah, and the more I learn about the, the new engine and, and the platform IOCs et cetera, you know, you, you see things like, you know, the old days not even to even today you do a lot of garbage collection in these, in these systems and there's an inverse, you know, impact relative to performance. So it looks like you really, you know, the community is modernizing the platform, but I wanna talk about Apache Arrow for a moment. It it's designed to address the constraints that are associated with analyzing large data sets. We, we know that, but please explain why, what, what is Arrow and and what does it bring to Influx db? >>Sure, yeah. So Arrow is a, a framework for defining in memory calmer data. And so much of the efficiency and performance of IOx comes from taking advantage of calmer data structures. And I will, if you don't mind, take a moment to kind of of illustrate why column or data structures are so valuable. Let's pretend that we are gathering field data about the temperature in our room and also maybe the temperature of our stove. And in our table we have those two temperature values as well as maybe a measurement value, timestamp value, maybe some other tag values that describe what room and what house, et cetera we're getting this data from. And so you can picture this table where we have like two rows with the two temperature values for both our room and the stove. Well usually our room temperature is regulated so those values don't change very often. >>So when you have calm oriented st calm oriented storage, essentially you take each row, each column and group it together. And so if that's the case and you're just taking temperature values from the room and a lot of those temperature values are the same, then you'll, you might be able to imagine how equal values will then enable each other and when they neighbor each other in the storage format, this provides a really perfect opportunity for cheap compression. And then this cheap compression enables high cardinality use cases. It also enables for faster scan rates. So if you wanna define like the men and max value of the temperature in the room across a thousand different points, you only have to get those a thousand different points in order to answer that question and you have those immediately available to you. But let's contrast this with a row oriented storage solution instead so that we can understand better the benefits of calmer oriented storage. >>So if you had a row oriented storage, you'd first have to look at every field like the temperature in, in the room and the temperature of the stove. You'd have to go across every tag value that maybe describes where the room is located or what model the stove is. And every timestamp you'd then have to pluck out that one temperature value that you want at that one time stamp and do that for every single row. So you're scanning across a ton more data and that's why Rowe Oriented doesn't provide the same efficiency as calmer and Apache Arrow is in memory calmer data, commoner data fit framework. So that's where a lot of the advantages come >>From. Okay. So you basically described like a traditional database, a row approach, but I've seen like a lot of traditional database say, okay, now we've got, we can handle colo format versus what you're talking about is really, you know, kind of native i, is it not as effective? Is the, is the foreman not as effective because it's largely a, a bolt on? Can you, can you like elucidate on that front? >>Yeah, it's, it's not as effective because you have more expensive compression and because you can't scan across the values as quickly. And so those are, that's pretty much the main reasons why, why RO row oriented storage isn't as efficient as calm, calmer oriented storage. Yeah. >>Got it. So let's talk about Arrow Data Fusion. What is data fusion? I know it's written in Rust, but what does it bring to the table here? >>Sure. So it's an extensible query execution framework and it uses Arrow as it's in memory format. So the way that it helps in influx DB IOCs is that okay, it's great if you can write unlimited amount of cardinality into influx Cbis, but if you don't have a query engine that can successfully query that data, then I don't know how much value it is for you. So Data fusion helps enable the, the query process and transformation of that data. It also has a PANDAS API so that you could take advantage of PANDAS data frames as well and all of the machine learning tools associated with Pandas. >>Okay. You're also leveraging Par K in the platform cause we heard a lot about Par K in the middle of the last decade cuz as a storage format to improve on Hadoop column stores. What are you doing with Parque and why is it important? >>Sure. So parque is the column oriented durable file format. So it's important because it'll enable bulk import, bulk export, it has compatibility with Python and Pandas, so it supports a broader ecosystem. Par K files also take very little disc disc space and they're faster to scan because again, they're column oriented in particular, I think PAR K files are like 16 times cheaper than CSV files, just as kind of a point of reference. And so that's essentially a lot of the, the benefits of par k. >>Got it. Very popular. So and he's, what exactly is influx data focusing on as a committer to these projects? What is your focus? What's the value that you're bringing to the community? >>Sure. So Influx DB first has contributed a lot of different, different things to the Apache ecosystem. For example, they contribute an implementation of Apache Arrow and go and that will support clearing with flux. Also, there has been a quite a few contributions to data fusion for things like memory optimization and supportive additional SQL features like support for timestamp, arithmetic and support for exist clauses and support for memory control. So yeah, Influx has contributed a a lot to the Apache ecosystem and continues to do so. And I think kind of the idea here is that if you can improve these upstream projects and then the long term strategy here is that the more you contribute and build those up, then the more you will perpetuate that cycle of improvement and the more we will invest in our own project as well. So it's just that kind of symbiotic relationship and appreciation of the open source community. >>Yeah. Got it. You got that virtuous cycle going, the people call the flywheel. Give us your last thoughts and kind of summarize, you know, where what, what the big takeaways are from your perspective. >>So I think the big takeaway is that influx data is doing a lot of really exciting things with Influx DB IOx and I really encourage, if you are interested in learning more about the technologies that Influx is leveraging to produce IOCs, the challenges associated with it and all of the hard work questions and you just wanna learn more, then I would encourage you to go to the monthly Tech talks and community office hours and they are on every second Wednesday of the month at 8:30 AM Pacific time. There's also a community forums and a community Slack channel look for the influx DDB unders IAC channel specifically to learn more about how to join those office hours and those monthly tech tech talks as well as ask any questions they have about iacs, what to expect and what you'd like to learn more about. I as a developer advocate, I wanna answer your questions. So if there's a particular technology or stack that you wanna dive deeper into and want more explanation about how INFLUX DB leverages it to build IOCs, I will be really excited to produce content on that topic for you. >>Yeah, that's awesome. You guys have a really rich community, collaborate with your peers, solve problems, and, and you guys super responsive, so really appreciate that. All right, thank you so much Anise for explaining all this open source stuff to the audience and why it's important to the future of data. >>Thank you. I really appreciate it. >>All right, you're very welcome. Okay, stay right there and in a moment I'll be back with Tim Yoakum, he's the director of engineering for Influx Data and we're gonna talk about how you update a SAS engine while the plane is flying at 30,000 feet. You don't wanna miss this. >>I'm really glad that we went with InfluxDB Cloud for our hosting because it has saved us a ton of time. It's helped us move faster, it's saved us money. And also InfluxDB has good support. My name's Alex Nada. I am CTO at Noble nine. Noble Nine is a platform to measure and manage service level objectives, which is a great way of measuring the reliability of your systems. You can essentially think of an slo, the product we're providing to our customers as a bunch of time series. So we need a way to store that data and the corresponding time series that are related to those. The main reason that we settled on InfluxDB as we were shopping around is that InfluxDB has a very flexible query language and as a general purpose time series database, it basically had the set of features we were looking for. >>As our platform has grown, we found InfluxDB Cloud to be a really scalable solution. We can quickly iterate on new features and functionality because Influx Cloud is entirely managed, it probably saved us at least a full additional person on our team. We also have the option of running InfluxDB Enterprise, which gives us the ability to even host off the cloud or in a private cloud if that's preferred by a customer. Influx data has been really flexible in adapting to the hosting requirements that we have. They listened to the challenges we were facing and they helped us solve it. As we've continued to grow, I'm really happy we have influx data by our side. >>Okay, we're back with Tim Yokum, who is the director of engineering at Influx Data. Tim, welcome. Good to see you. >>Good to see you. Thanks for having me. >>You're really welcome. Listen, we've been covering open source software in the cube for more than a decade, and we've kind of watched the innovation from the big data ecosystem. The cloud has been being built out on open source, mobile, social platforms, key databases, and of course influx DB and influx data has been a big consumer and contributor of open source software. So my question to you is, where have you seen the biggest bang for the buck from open source software? >>So yeah, you know, influx really, we thrive at the intersection of commercial services and open, so open source software. So OSS keeps us on the cutting edge. We benefit from OSS in delivering our own service from our core storage engine technologies to web services temping engines. Our, our team stays lean and focused because we build on proven tools. We really build on the shoulders of giants and like you've mentioned, even better, we contribute a lot back to the projects that we use as well as our own product influx db. >>You know, but I gotta ask you, Tim, because one of the challenge that that we've seen in particular, you saw this in the heyday of Hadoop, the, the innovations come so fast and furious and as a software company you gotta place bets, you gotta, you know, commit people and sometimes those bets can be risky and not pay off well, how have you managed this challenge? >>Oh, it moves fast. Yeah, that, that's a benefit though because it, the community moves so quickly that today's hot technology can be tomorrow's dinosaur. And what we, what we tend to do is, is we fail fast and fail often. We try a lot of things. You know, you look at Kubernetes for example, that ecosystem is driven by thousands of intelligent developers, engineers, builders, they're adding value every day. So we have to really keep up with that. And as the stack changes, we, we try different technologies, we try different methods, and at the end of the day, we come up with a better platform as a result of just the constant change in the environment. It is a challenge for us, but it's, it's something that we just do every day. >>So we have a survey partner down in New York City called Enterprise Technology Research etr, and they do these quarterly surveys of about 1500 CIOs, IT practitioners, and they really have a good pulse on what's happening with spending. And the data shows that containers generally, but specifically Kubernetes is one of the areas that has kind of, it's been off the charts and seen the most significant adoption and velocity particularly, you know, along with cloud. But, but really Kubernetes is just, you know, still up until the right consistently even with, you know, the macro headwinds and all, all of the stuff that we're sick of talking about. But, so what are you doing with Kubernetes in the platform? >>Yeah, it, it's really central to our ability to run the product. When we first started out, we were just on AWS and, and the way we were running was, was a little bit like containers junior. Now we're running Kubernetes everywhere at aws, Azure, Google Cloud. It allows us to have a consistent experience across three different cloud providers and we can manage that in code so our developers can focus on delivering services, not trying to learn the intricacies of Amazon, Azure, and Google and figure out how to deliver services on those three clouds with all of their differences. >>Just to follow up on that, is it, no. So I presume it's sounds like there's a PAs layer there to allow you guys to have a consistent experience across clouds and out to the edge, you know, wherever is that, is that correct? >>Yeah, so we've basically built more or less platform engineering, This is the new hot phrase, you know, it, it's, Kubernetes has made a lot of things easy for us because we've built a platform that our developers can lean on and they only have to learn one way of deploying their application, managing their application. And so that, that just gets all of the underlying infrastructure out of the way and, and lets them focus on delivering influx cloud. >>Yeah, and I know I'm taking a little bit of a tangent, but is that, that, I'll call it a PAs layer if I can use that term. Is that, are there specific attributes to Influx db or is it kind of just generally off the shelf paths? You know, are there, is, is there any purpose built capability there that, that is, is value add or is it pretty much generic? >>So we really build, we, we look at things through, with a build versus buy through a, a build versus by lens. Some things we want to leverage cloud provider services, for instance, Postgres databases for metadata, perhaps we'll get that off of our plate, let someone else run that. We're going to deploy a platform that our engineers can, can deliver on that has consistency that is, is all generated from code that we can as a, as an SRE group, as an ops team, that we can manage with very few people really, and we can stamp out clusters across multiple regions and in no time. >>So how, so sometimes you build, sometimes you buy it. How do you make those decisions and and what does that mean for the, for the platform and for customers? >>Yeah, so what we're doing is, it's like everybody else will do, we're we're looking for trade offs that make sense. You know, we really want to protect our customers data. So we look for services that support our own software with the most uptime, reliability, and durability we can get. Some things are just going to be easier to have a cloud provider take care of on our behalf. We make that transparent for our own team. And of course for customers you don't even see that, but we don't want to try to reinvent the wheel, like I had mentioned with SQL data stores for metadata, perhaps let's build on top of what of these three large cloud providers have already perfected. And we can then focus on our platform engineering and we can have our developers then focus on the influx data, software, influx, cloud software. >>So take it to the customer level, what does it mean for them? What's the value that they're gonna get out of all these innovations that we've been been talking about today and what can they expect in the future? >>So first of all, people who use the OSS product are really gonna be at home on our cloud platform. You can run it on your desktop machine, on a single server, what have you, but then you want to scale up. We have some 270 terabytes of data across, over 4 billion series keys that people have stored. So there's a proven ability to scale now in terms of the open source, open source software and how we've developed the platform. You're getting highly available high cardinality time series platform. We manage it and, and really as, as I mentioned earlier, we can keep up with the state of the art. We keep reinventing, we keep deploying things in real time. We deploy to our platform every day repeatedly all the time. And it's that continuous deployment that allows us to continue testing things in flight, rolling things out that change new features, better ways of doing deployments, safer ways of doing deployments. >>All of that happens behind the scenes. And like we had mentioned earlier, Kubernetes, I mean that, that allows us to get that done. We couldn't do it without having that platform as a, as a base layer for us to then put our software on. So we, we iterate quickly. When you're on the, the Influx cloud platform, you really are able to, to take advantage of new features immediately. We roll things out every day and as those things go into production, you have, you have the ability to, to use them. And so in the end we want you to focus on getting actual insights from your data instead of running infrastructure, you know, let, let us do that for you. So, >>And that makes sense, but so is the, is the, are the innovations that we're talking about in the evolution of Influx db, do, do you see that as sort of a natural evolution for existing customers? I, is it, I'm sure the answer is both, but is it opening up new territory for customers? Can you add some color to that? >>Yeah, it really is it, it's a little bit of both. Any engineer will say, well, it depends. So cloud native technologies are, are really the hot thing. Iot, industrial iot especially, people want to just shove tons of data out there and be able to do queries immediately and they don't wanna manage infrastructure. What we've started to see are people that use the cloud service as their, their data store backbone and then they use edge computing with R OSS product to ingest data from say, multiple production lines and downsample that data, send the rest of that data off influx cloud where the heavy processing takes place. So really us being in all the different clouds and iterating on that and being in all sorts of different regions allows for people to really get out of the, the business of man trying to manage that big data, have us take care of that. And of course as we change the platform end users benefit from that immediately. And, >>And so obviously taking away a lot of the heavy lifting for the infrastructure, would you say the same thing about security, especially as you go out to IOT and the Edge? How should we be thinking about the value that you bring from a security perspective? >>Yeah, we take, we take security super seriously. It, it's built into our dna. We do a lot of work to ensure that our platform is secure, that the data we store is, is kept private. It's of course always a concern. You see in the news all the time, companies being compromised, you know, that's something that you can have an entire team working on, which we do to make sure that the data that you have, whether it's in transit, whether it's at rest, is always kept secure, is only viewable by you. You know, you look at things like software, bill of materials, if you're running this yourself, you have to go vet all sorts of different pieces of software. And we do that, you know, as we use new tools. That's something that, that's just part of our jobs to make sure that the platform that we're running it has, has fully vetted software and, and with open source especially, that's a lot of work. And so it's, it's definitely new territory. Supply chain attacks are, are definitely happening at a higher clip than they used to, but that is, that is really just part of a day in the, the life for folks like us that are, are building platforms. >>Yeah, and that's key. I mean especially when you start getting into the, the, you know, we talk about IOT and the operations technologies, the engineers running the, that infrastructure, you know, historically, as you know, Tim, they, they would air gap everything. That's how they kept it safe. But that's not feasible anymore. Everything's >>That >>Connected now, right? And so you've gotta have a partner that is again, take away that heavy lifting to r and d so you can focus on some of the other activities. Right. Give us the, the last word and the, the key takeaways from your perspective. >>Well, you know, from my perspective I see it as, as a a two lane approach with, with influx, with Anytime series data, you know, you've got a lot of stuff that you're gonna run on-prem, what you had mentioned, air gaping. Sure there's plenty of need for that, but at the end of the day, people that don't want to run big data centers, people that want torus their data to, to a company that's, that's got a full platform set up for them that they can build on, send that data over to the cloud, the cloud is not going away. I think more hybrid approach is, is where the future lives and that's what we're prepared for. >>Tim, really appreciate you coming to the program. Great stuff. Good to see you. >>Thanks very much. Appreciate it. >>Okay, in a moment I'll be back to wrap up. Today's session, you're watching The Cube. >>Are you looking for some help getting started with InfluxDB Telegraph or Flux Check >>Out Influx DB University >>Where you can find our entire catalog of free training that will help you make the most of your time series data >>Get >>Started for free@influxdbu.com. >>We'll see you in class. >>Okay, so we heard today from three experts on time series and data, how the Influx DB platform is evolving to support new ways of analyzing large data sets very efficiently and effectively in real time. And we learned that key open source components like Apache Arrow and the Rust Programming environment Data fusion par K are being leveraged to support realtime data analytics at scale. We also learned about the contributions in importance of open source software and how the Influx DB community is evolving the platform with minimal disruption to support new workloads, new use cases, and the future of realtime data analytics. Now remember these sessions, they're all available on demand. You can go to the cube.net to find those. Don't forget to check out silicon angle.com for all the news related to things enterprise and emerging tech. And you should also check out influx data.com. There you can learn about the company's products. You'll find developer resources like free courses. You could join the developer community and work with your peers to learn and solve problems. And there are plenty of other resources around use cases and customer stories on the website. This is Dave Valante. Thank you for watching Evolving Influx DB into the smart data platform, made possible by influx data and brought to you by the Cube, your leader in enterprise and emerging tech coverage.

(upbeat electronic music) >> As we've previously reported on theCUBE, Alation was an early pioneer in the data, data governance, and data management space, which is now rapidly evolving with the help of AI and machine learning, and to what's often referred to as data intelligence. Many companies, you know, they didn't make it through the last era of data. They failed to find the right product market fit or scale beyond their close circle of friends, or some ran out of money or got acquired. Alation is a company who did make it through, and has continued to attract investor support, even in a difficult market where tech IPOs have virtually dried up. Back with me on theCUBE is Satyen Sangani, who's the CEO and co-founder of Alation. Satyen, good to see you again. Thanks for coming on. >> Great to see you, Dave. It's always nice to be on theCUBE. >> Hey, so remind our audience why you started Alation 10 years ago, you and your co-founders, and what you're all about today. >> Alation's vision is to empower a curious and rational world, which sounds like a really, I think, presumptuous thing to say. But I think it's something that we really need, right? If you think about how people make decisions, often it's still with bias or ideology, and we think a lot of that happens because people are intimidated by data, or often don't know how to use it, or don't know how to think scientifically. And we, at the core, started Alation because we wanted to demystify data for people. We wanted to help people find the data they needed and allow them to use it and to understand it better. And all of those core consumption values around information were what led us to start the company, because we felt like the world of data could be a little easier to use and manage. >> Your founding premise was correct. I mean, just getting the technology to work was so hard, and as you well know, it takes seven to 10 years to actually start a company and get traction, let alone hit escape velocity. So as I said in the open, you continue to attract new investors. What's the funding news? Please share with us. >> So we're announcing that we raised 123 million from a cohort of investors led by Thoma Bravo, Sanabil Investments, and Costanoa. Databricks Ventures is a participant in that round, along with many of our other existing investors, which would also include Salesforce amongst others. And so, super excited to get the round done in this interesting market. We were able to do that because of the business performance, and it was an up round, and all of that's great and gives our employees and our customers the fuel they need to get the product that they want. >> So why the E Round? Explain that. >> So, we've been accelerating growth over the last five quarters since our Series D. We've basically increased our growth rate to almost double since the time we raised our last round. And from our perspective, the data intelligence market, which is the market that we think we have the opportunity to continue to be the leading platform in, is growing super fast. And when faced with the decision of decelerating growth in the face of what might be, what could be a challenging macroeconomic environment, and accelerating when we're seeing customers increase the size of their commitments, more new customers sign on than ever, our growth rates increasing. We and the board basically chose to take the latter approach and we sort of said, "Look, this is amazing time in this category. This is an amazing time in this company. It's time to invest and it's time to be aggressive when a lot of other folks are fearful, and a lot of other folks aren't seeing the traction that we're seeing in our business. >> Why do you think you're seeing that traction? I mean, we always talk about digital transformation, which was a buzzword before the pandemic, but now it's become a mandate. Is that why? Is it just more data related? Explain that if you could. >> I think there's this potentially, you know, somewhat confusing thing about data. There's a, maybe it's a dirty secret of data, which is there's the sense that if you have a lot of data, and you're using data really well, and you're producing a ton of data, that you might be good at managing it. And the reality of it is that as you have more people using data and as you produce more data, it just becomes more and more confusing because more and more people are trying to access the same information to answer different questions, and more workloads are produced, and more applications are produced. And so the idea of getting more data actually means that it's really hard to manage and it becomes harder to manage at scale. And so, what we're seeing is that with the advent of platforms like AWS, like Snowflake, like Databricks, and certainly with all of the different on-premise applications that are getting born every single day, we're just seeing that data is becoming really much more confusing, but being able to navigate it is so much more important because it's the lifeblood for any business to build differentiation and satisfy their customers. >> Yeah, so last time we talked, we talked about the volume and velocity bromide from the last decade, but we talked about value and how hard it is to get value. So that's really the issue is the need and desire for more organizations to get more value out of that data is actually a stronger tailwind than the headwinds that you're seeing in the macroeconomic environment. >> Right. Because I think in good times you need data in order to be able to capitalize off all the opportunities that you've got, but in bad times you've got to make hard choices. And when you need to make hard choices, how do you do that? Well, you've got to figure out what the right decisions are, and the best way to do that is to have a lot of data and a lot of people who understand that data to be able to capitalize on it and make better insights and better decisions. And so, you don't see that just, by the way, theoretically. In the last quarter, we've seen three companies that have had cost reductions and force reductions where they are increasing at the same time their investment with Alation. And it's because they need the insight in order to be able to navigate these challenging times. >> Well, congratulations on the up round. That's awesome. I got to ask you, what was it like doing a raise in this environment? I mean, sellers are in control in the public markets. Late stage SaaS companies, that had to be challenging. How did you go about this? What were the investor conversations like? >> It certainly was a challenging fundraise. And I would say even though our business is doing way better and we were able to attract evaluation that would put us in the top quartile of public companies were we trading as a public company, which we aspire to do at some point, it was challenging because there was a whole slew of investors who were basically sitting on their hands. I had one investor conversation where an investor said to me, "Look, we think you're a great business, but we have companies that are able to give us 2.5 liquidation preference, and that gives us 70%, 75% of our return day one. So we're just going to go do those companies that may have been previously overvalued, but are willing to give us these terms because they want to keep their face valuation." Other investors said, "Look, we'd really rather that you ran a lower growth plan but with a potentially lower burn plan. But we think the upside is really something that you can capitalize on." From our perspective, we were pretty clear about the plan that we wanted to run and didn't want to necessarily totally accommodate to the fashion of the current market. We've always run a historically efficient business. The company has not burned as much as many of the data peers that we've seen to grow to get to our scale, but our general view was, look, we've got a really clear plan. The board, and the company, and the management team know exactly what we'd like to do. We've got customers that know exactly what they want from us, so we really just have to go execute. And the luck is that we found investors who were willing to do that. Many investors, and we picked one in Thoma Bravo that we felt could be the best partner for the coming phase of the company. >> So I love that because you see the opportunity, you've had a very efficient business. You're punching above your weight in terms of your use of capital. So you don't want to veer off. You know your business better than anybody. You don't want to veer off that plan. The board's very supportive. I could see you, you hear it all the time, we're going to dial down the growth, dial up the EBIT, and that's what markets want today. So congratulations on sticking to your beliefs and your vision. How do you plan to use the funds? >> We are planning to invest in sales and marketing globally. So we've expanded in Asia-Pacific over the most recent year, and also in (indistinct) and we plan to continue to do that. We're going to continue to expand in public sector with fed. And so, you would see us basically just increase our presence globally in all of the markets that you might expect. In particular, you're going to see us lean in heavily to many of the partners Databricks invested alongside this particular round. But you would have seen previously that Snowflake was a fabulous, and has been a fabulous partner of ours, and we are going to continue to invest alongside these leading data platforms. What you would also expect to see from us, though, is a lot of investment in R&D. This is a really nascent category. It's a really, really hard space. People would call it a crowded market because there are a lot of players. I think from our perspective, our aspirations to be the leading data intelligence platform, platform being a really key word there because it's not like we can do it all ourselves. We have a lot of different use cases in data intelligence, things like data quality and data observability, things like data privacy and data access control. And we have some really great partners that we walk alongside in order to make the end customer successful. I think a lot of folks in this market think, "Oh, we can just be master of all. Sort of jack of all trades, master of none." That is not our strategy. Our strategy is to really focus on getting all our customers super successful, really focused on engagement and adoption, because the really hard thing with these platforms is to get people to use them, and that is not a problem Alation has had historically. >> You know, it's really interesting, Satyen, you talk about, I mean, Thoma Bravo, obviously, very savvy investors, deep pockets, they've been making some moves. Certainly we've seen that in cyber security and data. So you got some quasi patient capital there. But the interesting thing to me is that the previous Snowflake investment last year and now Databricks, a lot of people think of them as sort of battling it out, but my view is it's not a zero sum game, meaning, yes, there's overlap, but they're filling a lot of gaps in the marketplace, and I think there's room, there's so much opportunity, and there's such a large tam, that partnering with both is a really, really smart idea. I'll give you the last word. Going forward, what can we expect from Elation? >> Well, I think that's absolutely true, and I think that the biggest boogeyman with all of this is that people don't use data. And so, our ability to partner together is really just a function of making customers successful and continuing to do that. And if we can do that, all companies will grow. We ended up ultimately partnering with Databricks and deepening our partnership, really, 'cause we had one already, primarily because of the fact that we have over a hundred customers that are jointly using the products today. And so, it certainly made sense for us to continue to make that experience better 'cause customers are demanding it. From my perspective, we just have this massive opportunity. We have the ability and the insight to run a really efficient, very, very high growth business at scale. And we have this tremendous ability to get so many more companies and people to use data much more efficiently and much better. Which broadly is, I think, a way in which we can impact the world in a really positive way. And so that's a once in a lifetime opportunity for me and for the team. And we're just going to get after it. >> Well, it's been fun watching Alation over the years. I remember mid last decade talking about this thing called data lakes and how they became data swamps, and you were helping clean that up. And now, the next 10 years, and data's not going to be like the last, you know, simplifying things and and really democratizing data is the big theme. Satyen, thanks for making time to come back on theCUBE, and congratulations on the raise. >> Thank you, Dave. It's always great to see you. >> And thank you for watching this conversation with the CEO in theCUBE, your leader in enterprise and emerging tech coverage. (gentle electronic music)

>>This past May, The Cube in collaboration with Influx data shared with you the latest innovations in Time series databases. We talked at length about why a purpose built time series database for many use cases, was a superior alternative to general purpose databases trying to do the same thing. Now, you may, you may remember the time series data is any data that's stamped in time, and if it's stamped, it can be analyzed historically. And when we introduced the concept to the community, we talked about how in theory, those time slices could be taken, you know, every hour, every minute, every second, you know, down to the millisecond and how the world was moving toward realtime or near realtime data analysis to support physical infrastructure like sensors and other devices and IOT equipment. A time series databases have had to evolve to efficiently support realtime data in emerging use cases in iot T and other use cases. >>And to do that, new architectural innovations have to be brought to bear. As is often the case, open source software is the linchpin to those innovations. Hello and welcome to Evolving Influx DB into the smart Data platform, made possible by influx data and produced by the Cube. My name is Dave Valante and I'll be your host today. Now in this program we're going to dig pretty deep into what's happening with Time series data generally, and specifically how Influx DB is evolving to support new workloads and demands and data, and specifically around data analytics use cases in real time. Now, first we're gonna hear from Brian Gilmore, who is the director of IOT and emerging technologies at Influx Data. And we're gonna talk about the continued evolution of Influx DB and the new capabilities enabled by open source generally and specific tools. And in this program you're gonna hear a lot about things like Rust, implementation of Apache Arrow, the use of par k and tooling such as data fusion, which powering a new engine for Influx db. >>Now, these innovations, they evolve the idea of time series analysis by dramatically increasing the granularity of time series data by compressing the historical time slices, if you will, from, for example, minutes down to milliseconds. And at the same time, enabling real time analytics with an architecture that can process data much faster and much more efficiently. Now, after Brian, we're gonna hear from Anna East Dos Georgio, who is a developer advocate at In Flux Data. And we're gonna get into the why of these open source capabilities and how they contribute to the evolution of the Influx DB platform. And then we're gonna close the program with Tim Yokum, he's the director of engineering at Influx Data, and he's gonna explain how the Influx DB community actually evolved the data engine in mid-flight and which decisions went into the innovations that are coming to the market. Thank you for being here. We hope you enjoy the program. Let's get started. Okay, we're kicking things off with Brian Gilmore. He's the director of i t and emerging Technology at Influx State of Bryan. Welcome to the program. Thanks for coming on. >>Thanks Dave. Great to be here. I appreciate the time. >>Hey, explain why Influx db, you know, needs a new engine. Was there something wrong with the current engine? What's going on there? >>No, no, not at all. I mean, I think it's, for us, it's been about staying ahead of the market. I think, you know, if we think about what our customers are coming to us sort of with now, you know, related to requests like sql, you know, query support, things like that, we have to figure out a way to, to execute those for them in a way that will scale long term. And then we also, we wanna make sure we're innovating, we're sort of staying ahead of the market as well and sort of anticipating those future needs. So, you know, this is really a, a transparent change for our customers. I mean, I think we'll be adding new capabilities over time that sort of leverage this new engine, but you know, initially the customers who are using us are gonna see just great improvements in performance, you know, especially those that are working at the top end of the, of the workload scale, you know, the massive data volumes and things like that. >>Yeah, and we're gonna get into that today and the architecture and the like, but what was the catalyst for the enhancements? I mean, when and how did this all come about? >>Well, I mean, like three years ago we were primarily on premises, right? I mean, I think we had our open source, we had an enterprise product, you know, and, and sort of shifting that technology, especially the open source code base to a service basis where we were hosting it through, you know, multiple cloud providers. That was, that was, that was a long journey I guess, you know, phase one was, you know, we wanted to host enterprise for our customers, so we sort of created a service that we just managed and ran our enterprise product for them. You know, phase two of this cloud effort was to, to optimize for like multi-tenant, multi-cloud, be able to, to host it in a truly like sass manner where we could use, you know, some type of customer activity or consumption as the, the pricing vector, you know, And, and that was sort of the birth of the, of the real first influx DB cloud, you know, which has been really successful. >>We've seen, I think like 60,000 people sign up and we've got tons and tons of, of both enterprises as well as like new companies, developers, and of course a lot of home hobbyists and enthusiasts who are using out on a, on a daily basis, you know, and having that sort of big pool of, of very diverse and very customers to chat with as they're using the product, as they're giving us feedback, et cetera, has has, you know, pointed us in a really good direction in terms of making sure we're continuously improving that and then also making these big leaps as we're doing with this, with this new engine. >>Right. So you've called it a transparent change for customers, so I'm presuming it's non-disruptive, but I really wanna understand how much of a pivot this is and what, what does it take to make that shift from, you know, time series, you know, specialist to real time analytics and being able to support both? >>Yeah, I mean, it's much more of an evolution, I think, than like a shift or a pivot. You know, time series data is always gonna be fundamental and sort of the basis of the solutions that we offer our customers, and then also the ones that they're building on the sort of raw APIs of our platform themselves. You know, the time series market is one that we've worked diligently to lead. I mean, I think when it comes to like metrics, especially like sensor data and app and infrastructure metrics, if we're being honest though, I think our, our user base is well aware that the way we were architected was much more towards those sort of like backwards looking historical type analytics, which are key for troubleshooting and making sure you don't, you know, run into the same problem twice. But, you know, we had to ask ourselves like, what can we do to like better handle those queries from a performance and a, and a, you know, a time to response on the queries, and can we get that to the point where the results sets are coming back so quickly from the time of query that we can like limit that window down to minutes and then seconds. >>And now with this new engine, we're really starting to talk about a query window that could be like returning results in, in, you know, milliseconds of time since it hit the, the, the ingest queue. And that's, that's really getting to the point where as your data is available, you can use it and you can query it, you can visualize it, and you can do all those sort of magical things with it, you know? And I think getting all of that to a place where we're saying like, yes to the customer on, you know, all of the, the real time queries, the, the multiple language query support, but, you know, it was hard, but we're now at a spot where we can start introducing that to, you know, a a limited number of customers, strategic customers and strategic availability zones to start. But you know, everybody over time. >>So you're basically going from what happened to in, you can still do that obviously, but to what's happening now in the moment? >>Yeah, yeah. I mean if you think about time, it's always sort of past, right? I mean, like in the moment right now, whether you're talking about like a millisecond ago or a minute ago, you know, that's, that's pretty much right now, I think for most people, especially in these use cases where you have other sort of components of latency induced by the, by the underlying data collection, the architecture, the infrastructure, the, you know, the, the devices and you know, the sort of highly distributed nature of all of this. So yeah, I mean, getting, getting a customer or a user to be able to use the data as soon as it is available is what we're after here. >>I always thought, you know, real, I always thought of real time as before you lose the customer, but now in this context, maybe it's before the machine blows up. >>Yeah, it's, it's, I mean it is operationally or operational real time is different, you know, and that's one of the things that really triggered us to know that we were, we were heading in the right direction, is just how many sort of operational customers we have. You know, everything from like aerospace and defense. We've got companies monitoring satellites, we've got tons of industrial users, users using us as a processes storing on the plant floor, you know, and, and if we can satisfy their sort of demands for like real time historical perspective, that's awesome. I think what we're gonna do here is we're gonna start to like edge into the real time that they're used to in terms of, you know, the millisecond response times that they expect of their control systems, certainly not their, their historians and databases. >>I, is this available, these innovations to influx DB cloud customers only who can access this capability? >>Yeah. I mean commercially and today, yes. You know, I think we want to emphasize that's a, for now our goal is to get our latest and greatest and our best to everybody over time. Of course. You know, one of the things we had to do here was like we double down on sort of our, our commitment to open source and availability. So like anybody today can take a look at the, the libraries in on our GitHub and, you know, can ex inspect it and even can try to, you know, implement or execute some of it themselves in their own infrastructure. You know, we are, we're committed to bringing our sort of latest and greatest to our cloud customers first for a couple of reasons. Number one, you know, there are big workloads and they have high expectations of us. I think number two, it also gives us the opportunity to monitor a little bit more closely how it's working, how they're using it, like how the system itself is performing. >>And so just, you know, being careful, maybe a little cautious in terms of, of, of how big we go with this right away, just sort of both limits, you know, the risk of, of, you know, any issues that can come with new software rollouts. We haven't seen anything so far, but also it does give us the opportunity to have like meaningful conversations with a small group of users who are using the products, but once we get through that and they give us two thumbs up on it, it'll be like, open the gates and let everybody in. It's gonna be exciting time for the whole ecosystem. >>Yeah, that makes a lot of sense. And you can do some experimentation and, you know, using the cloud resources. Let's dig into some of the architectural and technical innovations that are gonna help deliver on this vision. What, what should we know there? >>Well, I mean, I think foundationally we built the, the new core on Rust. You know, this is a new very sort of popular systems language, you know, it's extremely efficient, but it's also built for speed and memory safety, which goes back to that us being able to like deliver it in a way that is, you know, something we can inspect very closely, but then also rely on the fact that it's going to behave well. And if it does find error conditions, I mean we, we've loved working with Go and, you know, a lot of our libraries will continue to, to be sort of implemented in Go, but you know, when it came to this particular new engine, you know, that power performance and stability rust was critical. On top of that, like, we've also integrated Apache Arrow and Apache Parque for persistence. I think for anybody who's really familiar with the nuts and bolts of our backend and our TSI and our, our time series merged Trees, this is a big break from that, you know, arrow on the sort of in MI side and then Par K in the on disk side. >>It, it allows us to, to present, you know, a unified set of APIs for those really fast real time inquiries that we talked about, as well as for very large, you know, historical sort of bulk data archives in that PARQUE format, which is also cool because there's an entire ecosystem sort of popping up around Parque in terms of the machine learning community, you know, and getting that all to work, we had to glue it together with aero flight. That's sort of what we're using as our, our RPC component. You know, it handles the orchestration and the, the transportation of the Coer data. Now we're moving to like a true Coer database model for this, this version of the engine, you know, and it removes a lot of overhead for us in terms of having to manage all that serialization, the deserialization, and, you know, to that again, like blurring that line between real time and historical data. It's, you know, it's, it's highly optimized for both streaming micro batch and then batches, but true streaming as well. >>Yeah. Again, I mean, it's funny you mentioned Rust. It is, it's been around for a long time, but it's popularity is, is you know, really starting to hit that steep part of the S-curve. And, and we're gonna dig into to more of that, but give us any, is there anything else that we should know about Bryan? Give us the last word? >>Well, I mean, I think first I'd like everybody sort of watching just to like take a look at what we're offering in terms of early access in beta programs. I mean, if, if, if you wanna participate or if you wanna work sort of in terms of early access with the, with the new engine, please reach out to the team. I'm sure you know, there's a lot of communications going out and you know, it'll be highly featured on our, our website, you know, but reach out to the team, believe it or not, like we have a lot more going on than just the new engine. And so there are also other programs, things we're, we're offering to customers in terms of the user interface, data collection and things like that. And, you know, if you're a customer of ours and you have a sales team, a commercial team that you work with, you can reach out to them and see what you can get access to because we can flip a lot of stuff on, especially in cloud through feature flags. >>But if there's something new that you wanna try out, we'd just love to hear from you. And then, you know, our goal would be that as we give you access to all of these new cool features that, you know, you would give us continuous feedback on these products and services, not only like what you need today, but then what you'll need tomorrow to, to sort of build the next versions of your business. Because you know, the whole database, the ecosystem as it expands out into to, you know, this vertically oriented stack of cloud services and enterprise databases and edge databases, you know, it's gonna be what we all make it together, not just, you know, those of us who were employed by Influx db. And then finally I would just say please, like watch in ICE in Tim's sessions, like these are two of our best and brightest, They're totally brilliant, completely pragmatic, and they are most of all customer obsessed, which is amazing. And there's no better takes, like honestly on the, the sort of technical details of this, then there's, especially when it comes to like the value that these investments will, will bring to our customers and our communities. So encourage you to, to, you know, pay more attention to them than you did to me, for sure. >>Brian Gilmore, great stuff. Really appreciate your time. Thank you. >>Yeah, thanks Dave. It was awesome. Look forward to it. >>Yeah, me too. Looking forward to see how the, the community actually applies these new innovations and goes, goes beyond just the historical into the real time really hot area. As Brian said in a moment, I'll be right back with Anna East dos Georgio to dig into the critical aspects of key open source components of the Influx DB engine, including Rust, Arrow, Parque, data fusion. Keep it right there. You don't wanna miss this >>Time series Data is everywhere. The number of sensors, systems and applications generating time series data increases every day. All these data sources producing so much data can cause analysis paralysis. Influx DB is an entire platform designed with everything you need to quickly build applications that generate value from time series data influx. DB Cloud is a serverless solution, which means you don't need to buy or manage your own servers. There's no need to worry about provisioning because you only pay for what you use. Influx DB Cloud is fully managed so you get the newest features and enhancements as they're added to the platform's code base. It also means you can spend time building solutions and delivering value to your users instead of wasting time and effort managing something else. Influx TVB Cloud offers a range of security features to protect your data, multiple layers of redundancy ensure you don't lose any data access controls ensure that only the people who should see your data can see it. >>And encryption protects your data at rest and in transit between any of our regions or cloud providers. InfluxDB uses a single API across the entire platform suite so you can build on open source, deploy to the cloud and then then easily query data in the cloud at the edge or on prem using the same scripts. And InfluxDB is schemaless automatically adjusting to changes in the shape of your data without requiring changes in your application. Logic. InfluxDB Cloud is production ready from day one. All it needs is your data and your imagination. Get started today@influxdata.com slash cloud. >>Okay, we're back. I'm Dave Valante with a Cube and you're watching evolving Influx DB into the smart data platform made possible by influx data. Anna ETOs Georgio is here, she's a developer advocate for influx data and we're gonna dig into the rationale and value contribution behind several open source technologies that Influx DB is leveraging to increase the granularity of time series analysis analysis and bring the world of data into real-time analytics and is welcome to the program. Thanks for coming on. >>Hi, thank you so much. It's a pleasure to be here. >>Oh, you're very welcome. Okay, so IX is being touted as this next gen open source core for Influx db. And my understanding is that it leverages in memory of course for speed. It's a kilo store, so it gives you a compression efficiency, it's gonna give you faster query speeds, you store files and object storage, so you got very cost effective approach. Are these the salient points on the platform? I know there are probably dozens of other features, but what are the high level value points that people should understand? >>Sure, that's a great question. So some of the main requirements that IOx is trying to achieve and some of the most impressive ones to me, the first one is that it aims to have no limits on cardinality and also allow you to write any kind of event data that you want, whether that's live tag or a field. It also wants to deliver the best in class performance on analytics queries. In addition to our already well served metrics queries, we also wanna have operator control over memory usage. So you should be able to define how much memory is used for buffering caching and query processing. Some other really important parts is the ability to have bulk data export and import super useful. Also broader ecosystem compatibility where possible we aim to use and embrace emerging standards in the data analytics ecosystem and have compatibility with things like sql, Python, and maybe even pandas in the future. >>Okay, so lot there. Now we talked to Brian about how you're using Rust and which is not a new programming language and of course we had some drama around Rust during the pandemic with the Mozilla layoffs, but the formation of the Rust Foundation really addressed any of those concerns. You got big guns like Amazon and Google and Microsoft throwing their collective weights behind it. It's really, the adoption is really starting to get steep on the S-curve. So lots of platforms, lots of adoption with rust, but why rust as an alternative to say c plus plus for example? >>Sure, that's a great question. So Russ was chosen because of his exceptional performance and reliability. So while Russ is synt tactically similar to c plus plus and it has similar performance, it also compiles to a native code like c plus plus. But unlike c plus plus, it also has much better memory safety. So memory safety is protection against bugs or security vulnerabilities that lead to excessive memory usage or memory leaks. And rust achieves this memory safety due to its like innovative type system. Additionally, it doesn't allow for dangling pointers. And dangling pointers are the main classes of errors that lead to exploitable security vulnerabilities in languages like c plus plus. So Russ like helps meet that requirement of having no limits on ality, for example, because it's, we're also using the Russ implementation of Apache Arrow and this control over memory and also Russ Russ's packaging system called crates IO offers everything that you need out of the box to have features like AY and a weight to fix race conditions, to protection against buffering overflows and to ensure thread safe async cashing structures as well. So essentially it's just like has all the control, all the fine grain control, you need to take advantage of memory and all your resources as well as possible so that you can handle those really, really high ity use cases. >>Yeah, and the more I learn about the, the new engine and, and the platform IOCs et cetera, you know, you, you see things like, you know, the old days not even to even today you do a lot of garbage collection in these, in these systems and there's an inverse, you know, impact relative to performance. So it looks like you really, you know, the community is modernizing the platform, but I wanna talk about Apache Arrow for a moment. It it's designed to address the constraints that are associated with analyzing large data sets. We, we know that, but please explain why, what, what is Arrow and and what does it bring to Influx db? >>Sure, yeah. So Arrow is a, a framework for defining in memory calmer data. And so much of the efficiency and performance of IOx comes from taking advantage of calmer data structures. And I will, if you don't mind, take a moment to kind of of illustrate why column or data structures are so valuable. Let's pretend that we are gathering field data about the temperature in our room and also maybe the temperature of our stove. And in our table we have those two temperature values as well as maybe a measurement value, timestamp value, maybe some other tag values that describe what room and what house, et cetera we're getting this data from. And so you can picture this table where we have like two rows with the two temperature values for both our room and the stove. Well usually our room temperature is regulated so those values don't change very often. >>So when you have calm oriented st calm oriented storage, essentially you take each row, each column and group it together. And so if that's the case and you're just taking temperature values from the room and a lot of those temperature values are the same, then you'll, you might be able to imagine how equal values will then enable each other and when they neighbor each other in the storage format, this provides a really perfect opportunity for cheap compression. And then this cheap compression enables high cardinality use cases. It also enables for faster scan rates. So if you wanna define like the men and max value of the temperature in the room across a thousand different points, you only have to get those a thousand different points in order to answer that question and you have those immediately available to you. But let's contrast this with a row oriented storage solution instead so that we can understand better the benefits of calmer oriented storage. >>So if you had a row oriented storage, you'd first have to look at every field like the temperature in, in the room and the temperature of the stove. You'd have to go across every tag value that maybe describes where the room is located or what model the stove is. And every timestamp you'd then have to pluck out that one temperature value that you want at that one time stamp and do that for every single row. So you're scanning across a ton more data and that's why Rowe Oriented doesn't provide the same efficiency as calmer and Apache Arrow is in memory calmer data, commoner data fit framework. So that's where a lot of the advantages come >>From. Okay. So you basically described like a traditional database, a row approach, but I've seen like a lot of traditional database say, okay, now we've got, we can handle colo format versus what you're talking about is really, you know, kind of native i, is it not as effective? Is the, is the foreman not as effective because it's largely a, a bolt on? Can you, can you like elucidate on that front? >>Yeah, it's, it's not as effective because you have more expensive compression and because you can't scan across the values as quickly. And so those are, that's pretty much the main reasons why, why RO row oriented storage isn't as efficient as calm, calmer oriented storage. Yeah. >>Got it. So let's talk about Arrow Data Fusion. What is data fusion? I know it's written in Rust, but what does it bring to the table here? >>Sure. So it's an extensible query execution framework and it uses Arrow as it's in memory format. So the way that it helps in influx DB IOCs is that okay, it's great if you can write unlimited amount of cardinality into influx Cbis, but if you don't have a query engine that can successfully query that data, then I don't know how much value it is for you. So Data fusion helps enable the, the query process and transformation of that data. It also has a PANDAS API so that you could take advantage of PANDAS data frames as well and all of the machine learning tools associated with Pandas. >>Okay. You're also leveraging Par K in the platform cause we heard a lot about Par K in the middle of the last decade cuz as a storage format to improve on Hadoop column stores. What are you doing with Parque and why is it important? >>Sure. So parque is the column oriented durable file format. So it's important because it'll enable bulk import, bulk export, it has compatibility with Python and Pandas, so it supports a broader ecosystem. Par K files also take very little disc disc space and they're faster to scan because again, they're column oriented in particular, I think PAR K files are like 16 times cheaper than CSV files, just as kind of a point of reference. And so that's essentially a lot of the, the benefits of par k. >>Got it. Very popular. So and he's, what exactly is influx data focusing on as a committer to these projects? What is your focus? What's the value that you're bringing to the community? >>Sure. So Influx DB first has contributed a lot of different, different things to the Apache ecosystem. For example, they contribute an implementation of Apache Arrow and go and that will support clearing with flux. Also, there has been a quite a few contributions to data fusion for things like memory optimization and supportive additional SQL features like support for timestamp, arithmetic and support for exist clauses and support for memory control. So yeah, Influx has contributed a a lot to the Apache ecosystem and continues to do so. And I think kind of the idea here is that if you can improve these upstream projects and then the long term strategy here is that the more you contribute and build those up, then the more you will perpetuate that cycle of improvement and the more we will invest in our own project as well. So it's just that kind of symbiotic relationship and appreciation of the open source community. >>Yeah. Got it. You got that virtuous cycle going, the people call the flywheel. Give us your last thoughts and kind of summarize, you know, where what, what the big takeaways are from your perspective. >>So I think the big takeaway is that influx data is doing a lot of really exciting things with Influx DB IOx and I really encourage, if you are interested in learning more about the technologies that Influx is leveraging to produce IOCs, the challenges associated with it and all of the hard work questions and you just wanna learn more, then I would encourage you to go to the monthly Tech talks and community office hours and they are on every second Wednesday of the month at 8:30 AM Pacific time. There's also a community forums and a community Slack channel look for the influx DDB unders IAC channel specifically to learn more about how to join those office hours and those monthly tech tech talks as well as ask any questions they have about iacs, what to expect and what you'd like to learn more about. I as a developer advocate, I wanna answer your questions. So if there's a particular technology or stack that you wanna dive deeper into and want more explanation about how INFLUX DB leverages it to build IOCs, I will be really excited to produce content on that topic for you. >>Yeah, that's awesome. You guys have a really rich community, collaborate with your peers, solve problems, and, and you guys super responsive, so really appreciate that. All right, thank you so much Anise for explaining all this open source stuff to the audience and why it's important to the future of data. >>Thank you. I really appreciate it. >>All right, you're very welcome. Okay, stay right there and in a moment I'll be back with Tim Yoakum, he's the director of engineering for Influx Data and we're gonna talk about how you update a SAS engine while the plane is flying at 30,000 feet. You don't wanna miss this. >>I'm really glad that we went with InfluxDB Cloud for our hosting because it has saved us a ton of time. It's helped us move faster, it's saved us money. And also InfluxDB has good support. My name's Alex Nada. I am CTO at Noble nine. Noble Nine is a platform to measure and manage service level objectives, which is a great way of measuring the reliability of your systems. You can essentially think of an slo, the product we're providing to our customers as a bunch of time series. So we need a way to store that data and the corresponding time series that are related to those. The main reason that we settled on InfluxDB as we were shopping around is that InfluxDB has a very flexible query language and as a general purpose time series database, it basically had the set of features we were looking for. >>As our platform has grown, we found InfluxDB Cloud to be a really scalable solution. We can quickly iterate on new features and functionality because Influx Cloud is entirely managed, it probably saved us at least a full additional person on our team. We also have the option of running InfluxDB Enterprise, which gives us the ability to even host off the cloud or in a private cloud if that's preferred by a customer. Influx data has been really flexible in adapting to the hosting requirements that we have. They listened to the challenges we were facing and they helped us solve it. As we've continued to grow, I'm really happy we have influx data by our side. >>Okay, we're back with Tim Yokum, who is the director of engineering at Influx Data. Tim, welcome. Good to see you. >>Good to see you. Thanks for having me. >>You're really welcome. Listen, we've been covering open source software in the cube for more than a decade, and we've kind of watched the innovation from the big data ecosystem. The cloud has been being built out on open source, mobile, social platforms, key databases, and of course influx DB and influx data has been a big consumer and contributor of open source software. So my question to you is, where have you seen the biggest bang for the buck from open source software? >>So yeah, you know, influx really, we thrive at the intersection of commercial services and open, so open source software. So OSS keeps us on the cutting edge. We benefit from OSS in delivering our own service from our core storage engine technologies to web services temping engines. Our, our team stays lean and focused because we build on proven tools. We really build on the shoulders of giants and like you've mentioned, even better, we contribute a lot back to the projects that we use as well as our own product influx db. >>You know, but I gotta ask you, Tim, because one of the challenge that that we've seen in particular, you saw this in the heyday of Hadoop, the, the innovations come so fast and furious and as a software company you gotta place bets, you gotta, you know, commit people and sometimes those bets can be risky and not pay off well, how have you managed this challenge? >>Oh, it moves fast. Yeah, that, that's a benefit though because it, the community moves so quickly that today's hot technology can be tomorrow's dinosaur. And what we, what we tend to do is, is we fail fast and fail often. We try a lot of things. You know, you look at Kubernetes for example, that ecosystem is driven by thousands of intelligent developers, engineers, builders, they're adding value every day. So we have to really keep up with that. And as the stack changes, we, we try different technologies, we try different methods, and at the end of the day, we come up with a better platform as a result of just the constant change in the environment. It is a challenge for us, but it's, it's something that we just do every day. >>So we have a survey partner down in New York City called Enterprise Technology Research etr, and they do these quarterly surveys of about 1500 CIOs, IT practitioners, and they really have a good pulse on what's happening with spending. And the data shows that containers generally, but specifically Kubernetes is one of the areas that has kind of, it's been off the charts and seen the most significant adoption and velocity particularly, you know, along with cloud. But, but really Kubernetes is just, you know, still up until the right consistently even with, you know, the macro headwinds and all, all of the stuff that we're sick of talking about. But, so what are you doing with Kubernetes in the platform? >>Yeah, it, it's really central to our ability to run the product. When we first started out, we were just on AWS and, and the way we were running was, was a little bit like containers junior. Now we're running Kubernetes everywhere at aws, Azure, Google Cloud. It allows us to have a consistent experience across three different cloud providers and we can manage that in code so our developers can focus on delivering services, not trying to learn the intricacies of Amazon, Azure, and Google and figure out how to deliver services on those three clouds with all of their differences. >>Just to follow up on that, is it, no. So I presume it's sounds like there's a PAs layer there to allow you guys to have a consistent experience across clouds and out to the edge, you know, wherever is that, is that correct? >>Yeah, so we've basically built more or less platform engineering, This is the new hot phrase, you know, it, it's, Kubernetes has made a lot of things easy for us because we've built a platform that our developers can lean on and they only have to learn one way of deploying their application, managing their application. And so that, that just gets all of the underlying infrastructure out of the way and, and lets them focus on delivering influx cloud. >>Yeah, and I know I'm taking a little bit of a tangent, but is that, that, I'll call it a PAs layer if I can use that term. Is that, are there specific attributes to Influx db or is it kind of just generally off the shelf paths? You know, are there, is, is there any purpose built capability there that, that is, is value add or is it pretty much generic? >>So we really build, we, we look at things through, with a build versus buy through a, a build versus by lens. Some things we want to leverage cloud provider services, for instance, Postgres databases for metadata, perhaps we'll get that off of our plate, let someone else run that. We're going to deploy a platform that our engineers can, can deliver on that has consistency that is, is all generated from code that we can as a, as an SRE group, as an ops team, that we can manage with very few people really, and we can stamp out clusters across multiple regions and in no time. >>So how, so sometimes you build, sometimes you buy it. How do you make those decisions and and what does that mean for the, for the platform and for customers? >>Yeah, so what we're doing is, it's like everybody else will do, we're we're looking for trade offs that make sense. You know, we really want to protect our customers data. So we look for services that support our own software with the most uptime, reliability, and durability we can get. Some things are just going to be easier to have a cloud provider take care of on our behalf. We make that transparent for our own team. And of course for customers you don't even see that, but we don't want to try to reinvent the wheel, like I had mentioned with SQL data stores for metadata, perhaps let's build on top of what of these three large cloud providers have already perfected. And we can then focus on our platform engineering and we can have our developers then focus on the influx data, software, influx, cloud software. >>So take it to the customer level, what does it mean for them? What's the value that they're gonna get out of all these innovations that we've been been talking about today and what can they expect in the future? >>So first of all, people who use the OSS product are really gonna be at home on our cloud platform. You can run it on your desktop machine, on a single server, what have you, but then you want to scale up. We have some 270 terabytes of data across, over 4 billion series keys that people have stored. So there's a proven ability to scale now in terms of the open source, open source software and how we've developed the platform. You're getting highly available high cardinality time series platform. We manage it and, and really as, as I mentioned earlier, we can keep up with the state of the art. We keep reinventing, we keep deploying things in real time. We deploy to our platform every day repeatedly all the time. And it's that continuous deployment that allows us to continue testing things in flight, rolling things out that change new features, better ways of doing deployments, safer ways of doing deployments. >>All of that happens behind the scenes. And like we had mentioned earlier, Kubernetes, I mean that, that allows us to get that done. We couldn't do it without having that platform as a, as a base layer for us to then put our software on. So we, we iterate quickly. When you're on the, the Influx cloud platform, you really are able to, to take advantage of new features immediately. We roll things out every day and as those things go into production, you have, you have the ability to, to use them. And so in the end we want you to focus on getting actual insights from your data instead of running infrastructure, you know, let, let us do that for you. So, >>And that makes sense, but so is the, is the, are the innovations that we're talking about in the evolution of Influx db, do, do you see that as sort of a natural evolution for existing customers? I, is it, I'm sure the answer is both, but is it opening up new territory for customers? Can you add some color to that? >>Yeah, it really is it, it's a little bit of both. Any engineer will say, well, it depends. So cloud native technologies are, are really the hot thing. Iot, industrial iot especially, people want to just shove tons of data out there and be able to do queries immediately and they don't wanna manage infrastructure. What we've started to see are people that use the cloud service as their, their data store backbone and then they use edge computing with R OSS product to ingest data from say, multiple production lines and downsample that data, send the rest of that data off influx cloud where the heavy processing takes place. So really us being in all the different clouds and iterating on that and being in all sorts of different regions allows for people to really get out of the, the business of man trying to manage that big data, have us take care of that. And of course as we change the platform end users benefit from that immediately. And, >>And so obviously taking away a lot of the heavy lifting for the infrastructure, would you say the same thing about security, especially as you go out to IOT and the Edge? How should we be thinking about the value that you bring from a security perspective? >>Yeah, we take, we take security super seriously. It, it's built into our dna. We do a lot of work to ensure that our platform is secure, that the data we store is, is kept private. It's of course always a concern. You see in the news all the time, companies being compromised, you know, that's something that you can have an entire team working on, which we do to make sure that the data that you have, whether it's in transit, whether it's at rest, is always kept secure, is only viewable by you. You know, you look at things like software, bill of materials, if you're running this yourself, you have to go vet all sorts of different pieces of software. And we do that, you know, as we use new tools. That's something that, that's just part of our jobs to make sure that the platform that we're running it has, has fully vetted software and, and with open source especially, that's a lot of work. And so it's, it's definitely new territory. Supply chain attacks are, are definitely happening at a higher clip than they used to, but that is, that is really just part of a day in the, the life for folks like us that are, are building platforms. >>Yeah, and that's key. I mean especially when you start getting into the, the, you know, we talk about IOT and the operations technologies, the engineers running the, that infrastructure, you know, historically, as you know, Tim, they, they would air gap everything. That's how they kept it safe. But that's not feasible anymore. Everything's >>That >>Connected now, right? And so you've gotta have a partner that is again, take away that heavy lifting to r and d so you can focus on some of the other activities. Right. Give us the, the last word and the, the key takeaways from your perspective. >>Well, you know, from my perspective I see it as, as a a two lane approach with, with influx, with Anytime series data, you know, you've got a lot of stuff that you're gonna run on-prem, what you had mentioned, air gaping. Sure there's plenty of need for that, but at the end of the day, people that don't want to run big data centers, people that want torus their data to, to a company that's, that's got a full platform set up for them that they can build on, send that data over to the cloud, the cloud is not going away. I think more hybrid approach is, is where the future lives and that's what we're prepared for. >>Tim, really appreciate you coming to the program. Great stuff. Good to see you. >>Thanks very much. Appreciate it. >>Okay, in a moment I'll be back to wrap up. Today's session, you're watching The Cube. >>Are you looking for some help getting started with InfluxDB Telegraph or Flux Check >>Out Influx DB University >>Where you can find our entire catalog of free training that will help you make the most of your time series data >>Get >>Started for free@influxdbu.com. >>We'll see you in class. >>Okay, so we heard today from three experts on time series and data, how the Influx DB platform is evolving to support new ways of analyzing large data sets very efficiently and effectively in real time. And we learned that key open source components like Apache Arrow and the Rust Programming environment Data fusion par K are being leveraged to support realtime data analytics at scale. We also learned about the contributions in importance of open source software and how the Influx DB community is evolving the platform with minimal disruption to support new workloads, new use cases, and the future of realtime data analytics. Now remember these sessions, they're all available on demand. You can go to the cube.net to find those. Don't forget to check out silicon angle.com for all the news related to things enterprise and emerging tech. And you should also check out influx data.com. There you can learn about the company's products. You'll find developer resources like free courses. You could join the developer community and work with your peers to learn and solve problems. And there are plenty of other resources around use cases and customer stories on the website. This is Dave Valante. Thank you for watching Evolving Influx DB into the smart data platform, made possible by influx data and brought to you by the Cube, your leader in enterprise and emerging tech coverage.

(soft upbeat music) >> The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know. This had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized. Protection, as a result, moved away from things like perimeter-based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerged as a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cyber security strategies. And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR-focused, that their DR approach was not cost efficient and needed to be modernized, and that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello and welcome to Why Ransomware isn't your Only Problem, a service of theCUBE made possible by Druva, and in collaboration with IDC. I'm your host, Dave Vellante, and today we're presenting a three-part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face in today's new world. IDC Research Vice President, Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. After that, we're going to hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at Druva, Stephen Manley and Anjan Srinivas. Stephen is a 10-time (indistinct) and chief technology officer at Druva. And Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how Druva is closing the gaps presented in the IDC survey through their product innovation. Right now I'm going to toss it to Lisa Martin, another one of the hosts, for today's program. Lisa, over to you. (soft upbeat music) >> Phil Goodwin joins me next, the VP of research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >> You really hit the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that ransomware that has everybody's attention. And it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also was accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022. But within IDC we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be have the scale up or scale down on demand nature of cloud. So those are in a nutshell kind of the three things that people are looking at. >> You mentioned ransomware. It's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >> Well, what some of the research that we did is we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company these days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably or is data resilience defined as something a little bit different? >> Well, sometimes yeah, that we do get caught using them when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself in the context of of IT computing. So it really is a subset of that. But it is foundational to IT resilience. You can't have it resilience without data resilience. So that's where we're coming from on it >> Inextricably linked. And it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience, for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. It's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to defend against these ransomwares. The other thing about it is, it's really a lot like Whack-A-Mole. They attack us in one area, and we defend against it, so they attack us in another area, and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "You know, one of these days we're going to get pretty well defended against ransomware and it's going to go away." And I responded, "I don't think so, because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable the bad guys aren't going to just fade into the night without giving it a lot of fight." So I really think that ransomware is one of those things that is here for the long term, and something that we have to address and have to get proactive about. >> You mentioned some stats there, and recently IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concerning ransomware. >> Yeah, this was in a worldwide study, it was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, is a little over 500 different individuals across the globe, in North America, select countries in Western Europe as well as several in Asia-Pacific. And we did it across industries where 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of infrastructure, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe, or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high or very high degree of confidence in their recovery tools and are fully automated. And yet when you look at the actual results, I told you a moment ago, 46% have been attack successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. The bad guys aren't necessarily to be trusted. And so the software that they provide sometimes is fully recovered, sometimes it's not. So you look at that and you go, "Wow." On the one hand, people think they're really prepared, and on the other hand, the results are absolutely horrible. Two thirds of people having to pay the ransom. So you start to ask yourself, "Well, what's going on there?" And I believe that a lot of it comes down to... kind of reminds me of the old quote from Mike Tyson. "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing, you think you're ready, based on the information you have, and these people are smart people and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason a lot of these have been successful. So that was kind of the key finding to me in kind of the "aha" moment, really, in this whole thing, Lisa. >> That's a massive disconnect, with the vast majority saying, "We have a cyber recovery playbook," yet, nearly half being the victims of ransomware in the last three years, and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience, as we said, this is a matter of this is going to happen, just a matter of when and how often? >> It is a matter, yeah, as you said, it's not if when or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud-based services. Finding professionals who know what they're doing, who have that breadth of experience, and who have seen the kinds of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more in order to get that breadth of experience and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud where data resilience is concerned? >> Well, the first and foremost is the economics of it. You can have on-demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you had double the infrastructure if your financial services, it might even be triple the infrastructure. It was very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on-demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that organizations think they're ready, but then all of a sudden they get hit, and all of a sudden they have to engage with outside consultants, or they have to bring in other experts. And that extends the time to recover that they have, and it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >> So what do you think the big issue here is? Is it that these IT practitioners, over 500 that you surveyed across 20 industries, this a global survey, do they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. It's you don't know what you don't know and until you get into a specific attack... there are so many different ways that organizations can be attacked. And in fact, from this research that we found, is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and taking their chances. So best practice things like encryption, immutability, things like that that organizations can put into place. Certainly air gaps, having a solid backup foundation to where data is, you have a high probability of recovery, things like that, those are the kinds of things that organizations have to put into place, really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think, "We are prepared, we've got a playbook," yet so many are are being attacked, the vulnerabilities as the landscape, threat landscape, just gets more and more amorphous, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, "Hey guys, across every industry we are vulnerable, this is going to happen, we've got to make sure that we are truly resilient and proactive"? >> Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the the consequences of ransomware it's not just the ransom, it's the lost productivity, it's the loss of revenue, it's the loss of customer faith and goodwill. And organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CISO, whoever it is, they're extremely concerned about this. And I can tell you they are fully engaged in addressing these issues within their organization. >> So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business, it's very profitable, but what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status-based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is workloads on premises aren't going away, so that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources, like immutable storage, being able to move data from region to region inexpensively and easily, and to be able to take that cloud-centric perspective and apply it on premises as well as in the cloud and at the edge, is really where we believe that organizations are shifting their focus. >> Got it. We're just cracking the surface here, Phil. I wish we had more time. But I had a chance to read the Druva-sponsored IDC white paper. Fascinating finds. I encourage all of you to download that. Take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. (gentle music)

>> The past 2 1/2 years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This we know. This had several ripple effects on CSO and CIO strategies that were highly visible at the Board of Directors' level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized. Protection, as a result, moved away from things like perimeter-based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerged as a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies, and more specifically, CIOs quickly realized that their business resilience strategies were too narrowly DR-focused, that their DR approach was not cost efficient and needed to be modernized, and that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello, and welcome to "Why Ransomware isn't Your Only Problem," a service of theCUBE made possible by Druva, and in collaboration with IDC. I'm your host, Dave Vellante, and today, we're presenting a three-part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face in today's new world. IDC Research Vice President Phil Goodwin is here to share the highlights of the study and to summarize the findings from a recent research report on the topic. After that, we're going to hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically, and data protection, generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at Druva, Stephen Manley and Anjan Srinivas. Stephen is a 10-time CUBE alum and Chief Technology Officer at Druva, and Anjan is Vice President and General Manager of Product Management at the company. And these individuals will specifically address how Druva is closing the gaps presented in the IDC survey through their product innovation. But right now I'm going to toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. (upbeat music) >> Bill Goodwin joins me next, the VP of Research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape as we see cyberattacks massively increasing, the threat landscape changing so much. What is IDC seeing? >> You know, you really hit the top topic that we find from IT organizations as well as business organizations. And really, it's that digital resilience, that ransomware that has everybody's attention, and it has the attention, not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also has accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty, and this is relatively new for 2022, but within IDC we've been doing a lot of research around what are those impacts going to be? And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to have the scale up or scale down on demand nature of cloud. So those are, in a nutshell, kind of the three things that people are looking at. >> You mentioned ransomware. It's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite, and what are they trying to do to become resilient against it? >> Well, what some of the research that we did is we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company these days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably or is data resilience defined as something a little bit different? >> Well, sometimes yeah, we do get caught using them when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself in the context of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You can't have IT resilience without data resilience. So that's where we're coming from on it. >> Inextricably linked, and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to defend against these ransomers. The other thing about it is it's really a lot like Whac-A-Mole, you know. They attack us in one area and we defend against it so they attack us in another area, and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "You know, one of these days we're going to get pretty well defended against ransomware and it's going to go away." And I responded I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't going to just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that is here for the long term and something that we have to address and have to get proactive about. >> You mentioned some stats there, and recently IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concerning ransomware? >> Yeah, this was a worldwide study. It was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, it was a little over 500 different individuals across the globe in North America, select countries in Western Europe, as well as several in Asia Pacific. And we did it across industries there were 20 different industries represented, they're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of infrastructure, you know, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe, or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high or very high degree of confidence in their recovery tools and are fully automated. And yet, when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than 1/3 of organizations were able to fully recover their data without paying the ransom, and some 2/3 actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't necessarily to be trusted, and so the software that they provide sometimes is fully recovered, sometimes it's not. So you look at that and you go, wow. On the one hand, people think they're really, really prepared, and on the other hand, the results are absolutely horrible. You know, 2/3 of people having to pay the ransom. So you start to ask yourself, well, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing. You think you're ready, based on the information you have. And these people are smart people, and they're professionals, but oftentimes, you don't know what you don't know. And like I said, the bad guys are always dreaming up new ways to attack us. And so, I think, for that reason, a lot of these have been successful. So that was kind of the key finding to me and kind of the aha moment really in this whole thing, Lisa. >> That's a massive disconnect with the vast majority saying, "We have a cyber recovery playbook," yet nearly 1/2 being the victims of ransomware in the last three years, and then 1/2 of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience? As we said, this is a matter of this is going to happen, just a matter of when and how often. >> It is a matter, yeah, as you said, it's not if, when, or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud-based services, you know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more, in order to get that breadth of experience, and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud where data resilience is concerned? >> Well, the first and foremost is the economics of it. You know, you can have on-demand resources. In the old days, when we had disaster recoveries where we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If you're financial services, it might even be triple the infrastructure. It was very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources, to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that organizations think they're ready, but then all of a sudden they get hit, and all of a sudden they have to engage with outside consultants, or they have to bring in other experts, and that extends the time to recover that they have and it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recovery going as quickly as possible. >> So what do you think the big issue here is? Is it that these IPT practitioners, over 500 that you surveyed across 20 industries, this a global survey, do they they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. You don't know what you don't know, and until you get into a specific attack, you know, there are so many different ways that organizations can be attacked. And, in fact, from this research that we found is that, in many cases, data exfiltration exceeds data corruption by about 50%. But when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web, or whatever, or simply saying no, and taking their chances. So best practice things like encryption, immutability, things like that that organizations can put into place. Certainly air gaps, having a solid backup foundation to where data is, you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place, really as a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think we are prepared, we've got a playbook, yet so many are being attacked, the vulnerabilities as the landscape, threat landscape, just gets more and more amorphous. What do you recommend organizations do? You talked to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry, we are vulnerable, this is going to happen. We've got to make sure that we are truly resilient and proactive? >> Yes, and in fact, what we found from this research is in more than 1/2 of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the consequences of ransomware, it's not just the ransom, it's the lost productivity, it's the loss of revenue. It's the loss of customer faith and goodwill, and organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CSO, you know, whoever it is, they're extremely concerned about these. And I can tell you, they are fully engaged in addressing those issues within their organization. >> So all the way at the top, and critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education. We've just seen a big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business, it's very profitable. But what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and SaaS-based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily, and to be able to take that cloud-centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >> Got it, we're just cracking the surface here, Phil. I wish we had more time, but I had a chance to read the Druva-sponsored IDC white paper. Fascinating finds. I encourage all of you to download that, take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. >> In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin, and you are watching theCUBE, the leader in live tech coverage. >> We live in a world of infinite data. Sprawling, dispersed, valuable, but also vulnerable. So how do organizations achieve data resiliency when faced with ever expanding workloads, increasing security threats, and intensified regulations? Unfortunately, the answer often boils down to what flavor of complexity do you like best? The common patchwork approaches are expensive, convoluted, and difficult to manage. There's multiple software and hardware vendors to worry about, different deployments for workloads running on-premises or in the cloud. And an inconsistent security framework resulting in enterprises maintaining four to five copies of the same data, increasing costs and risk, building to an incoherent mess of complications. Now, imagine a world free from these complexities. Welcome to the the Druva Data Resiliency Cloud, where full data protection and beautiful simplicity converge. No hardware, no upgrades, no management, just total data resilience. With just a few clicks, you can get started integrating all of your data resiliency workflows in minutes. Through a true cloud experience built on Amazon Web Services, the Druva platform automates and manages critical daily tasks, giving you time to focus on your business. In other words, get simplicity, scalability, and security instantly. With the Druva Data Resiliency Cloud, your data isn't just backed up, it's ready to be used 24/7 to meet compliance needs and to extract critical insights. You can archive data for long-term retention, be protected against device failure and natural disasters, and recover from ransomware lightning fast. Druva is trusted with billions of backups annually by thousands of enterprises, including more than 60 of the Fortune 500, costing up to 50% less than the convoluted hardware, software, and appliance solutions. As data grows and becomes more critical to your business advantage, a data resiliency plan is vital, but it shouldn't be complicated. Druva makes it simple. (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE and the Druva special presentation of "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. We're here with W Curtis Preston, Curtis Preston, as he's known in the industry, Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at "Why Ransomware isn't Your Only Problem." Great to see you, thanks for coming on. >> Happy to be here. >> So we always see each other at events now events are back. So it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I'd like to get your thoughts, and I'd like you to reflect on the analysis that we've been covering here in this survey data, how it lines up with the real world that you're seeing out there. >> Yeah, I think it's, the survey results really, I'd like to say, I'd like to say that they surprised me, but unfortunately, they didn't. The data protection world has been this way for a while where there's this difference in belief, or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit, successfully hit by ransomware, paid the ransom and/or lost data, and yet the same people that were surveyed, they had high degrees of confidence in their backup system. And, you know, I could probably go on for an hour as to the various reasons why that would be the case, but I think that this long running problem that as long as I've been associated with backups, which, you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And people often just, they don't want to have anything to do with the backup system, and so it sort of exists in this vacuum. And so then management is like, "Oh, the backup system's great," because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >> It's funny, you know. "We're good, boss, we got this covered." >> Yeah, it's all good, it's all good. >> And the fingers crossed, right? So again, this is the reality, and as it becomes backup and recovery, which we've talked about many times on theCUBE, certainly we have with you before, but now with ransomware, also, the other thing is people get ransomware hit multiple times. So it's not only like they get hit once, so, you know, this is a constant chasing the tail on some ends, but there are some tools out there, You guys have a solution, and so let's get into that. You know, you have had hands-on backup experience. What are the points that surprise you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >> Well, I would say that the one part in the survey that surprised me the most was people that had a huge, you know, there was a huge percentage of people that said that they had, you know, a ransomware response, you know, and readiness program. And you look at that, and how could you be, you know, that high a percentage of people be comfortable with their ransomware readiness program, which includes a number of things, right? There's the cyberattack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so you believe that your company was ready for that, and then you go, and I think it was 67% of the people in the survey paid the ransom, which as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number, I think, just hurt me the most is that because, you talked about re-infections. The surest way to guarantee that you get re-attacked and reinfected is to pay the ransom. This goes back all the way to ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail. >> You're in business, you're a good customer >> Yeah, yeah, exactly. >> for ransomware. >> Yeah, so the fact that, you know, 60, what, 2/3 of the people that were attacked by ransomware paid the ransom. That one statistic just hurt my heart. >> Yeah, and I think this is the reality. I mean, we go back, and even the psychology of the practitioners was, you know, it's super important to get backup and recovery, and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said, I'm joking, but there's recurring revenue for the bad guys if they know you're paying up and if you're stupid enough not to change your tooling. So again, it works both ways. So I got to ask you, why do you think so many owners are unable to successfully respond after an attack? Is it because, they know it's coming, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding successfully to this? >> I think it's a litany of things, starting with that aspect that I mentioned before, that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if you're the one that raises their hand, "You know, that's a good idea, Curtis, why don't you look into that?" Nobody wants to be- >> Where's that guy now? He doesn't work here anymore. Yeah, I hear where you coming from. >> Exactly. >> It's psychology (indistinct) >> Yeah, so there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of Active Directory and, you know, and things like Okta, so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if that production environment is compromised, now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then if the production system is compromised, then the backup system is compromised. So you've got to segregate all of that. And I just don't think that people are thinking about that. You know, and they're using the same backup techniques that they've used for many, many years. >> So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, "Hey, we'll just take out the backup first so they can't backup. So we got the ransomware." It makes sense. >> Yeah, exactly. The largest ransomware group out there, the Conti ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored, and they are exfiltrating the backups first, and then deleting them, and then letting you know you have ransom. >> Okay, so you guys have a lot of customers. They all kind of have the same problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >> Well, again, you've got to fully segregate that data, and everything about how that data is stored and everything about how that data's created and accessed, there are ways to do that with other, you know, with other commercial products. You can take a standard product and put a number of layers of defense on top of it, or you can switch to the way Druva does things, which is a SaaS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. It's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically, what you get by default with the way Druva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work. With us, you just log in and you get all of that. >> I guess, how do you break the laws of physics? I guess that's the question here. >> Well, because that's the other thing is that by storing the data in the cloud, and I've said this a few times, you get to break the laws of physics, and the only way to do that is time travel. (both laughing) So yes, so Druva has time travel. And this is a Curtisism, by the way, I don't think this is our official position, but the idea is that the only way to restore data as fast as possible is to restore it before you actually need it, and that's kind of what I mean by time travel, in that you, basically, you configure your DR, your disaster recovery environment in Druva one time, and then we are pre-restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the current environment as quickly as we can so that in a disaster recovery scenario, which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go. The data should already be restored. And that's the way that you break the laws of physics is you break the laws of time. >> (laughs) Well, all right, everyone wants to know the next question, and this is a real big question is, are you from the future? >> (laughs) Yeah. Very much the future. >> What's it like in the future, backup, recovery? How does it restore? Is it air gapping everything? >> Yeah, well, it's a world where people don't have to worry about their backups. I like to use the phrase get out of the backup business, just get into the restore business. You know, I'm a grandfather now, and I love having a granddaughter, and I often make the joke that if I'd have known how great grandkids were, I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SaaS data protection system and data resiliency system, you can just do recoveries and not have to worry about backups. >> Yeah, and what's great about your background is you've got a lot of historical perspective. You've seen that, the waves of innovation. Now it really is about the recovery and real time. So a lot of good stuff going on. And got to think automated, things got to be rocking and rolling. >> Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then, we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not, that our customers don't have to do all of those things that all of our competitors have to do to, you know, to break, to try to break the laws of physics, I've been fighting the laws of physics my entire career, to get the backup done in the first place, then to secure all the data, and to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I wish everybody had that ability. >> Yeah, I mean, security's a big part of it. Data's in the middle of it all. This is now mainstream, front lines, great stuff. Curtis, great to have you on, bring that perspective, and thanks for the insight. Really appreciate it. >> Always happy to talk about my favorite subject. >> All right, we'll be back in a moment. We'll have Stephen Manley, the CTO, and Anjan Srinivas, the GM and VP of Product Management will join me. You're watching theCUBE, the leader in high tech enterprise coverage. >> Ransomware is top of mind for everyone. Attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data, and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability scans, patches, and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released. After an attack, recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the Druva Data Resiliency Cloud on your side. The Druva platform functions completely in the cloud with no hardware, software, operating system, or complex configurations, which means there are none of the weaknesses that ransomware commonly uses to attack backups. Our software as a service model delivers 24/7/365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches, and upgrades for you. Druva also makes zero trust security easy with built-in multifactor authentication, single sign-on, and role-based access controls. In the event of an attack, Druva helps you stop the spread of ransomware and quickly understand what went wrong with built-in access insights and anomaly detection. Then you can use industry first tools and services to automate the recovery of clean, unencrypted data from the entire timeframe of the attack. Cyberattacks are a major threat, but you can make protection and recovery easy with Druva. (electronic music) (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE's special presentation with Druva on "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. Our next guests are Stephen Manley, Chief Technology Officer of Druva, and Anjan Srinivas, who is the General Manager and Vice President of Product Management at Druva. Gentlemen, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic. The IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >> Great to be here, John. >> So what's your thoughts on the survey's conclusion? Obviously, the resilience is huge. Ransomware continues to thunder away at businesses and causes a lot of problems, disruption. I mean, it's endless ransomware problems. What's your thoughts on the conclusion? >> So I'll say the thing that pops out to me is, on the one hand, everybody who sees the survey and reads it is going to say, "Well, that's obvious." Of course, ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But I think when you dig deeper and there's a lot of subtleties to look into, but one of the things that I hear on a daily basis from the customers is, it's because the problem keeps evolving. It's not as if the threat was a static thing to just be solved and you're done. Because the threat keeps evolving, it remains top of mind for everybody because it's so hard to keep up with what's happening in terms of the attacks. >> And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping IT away from all the tooling that they needed to do. A lot of people are even still wondering, when that happens next time, what do I even do? So clearly not very surprising. Clearly, I think it's here to stay, and I think as long as people don't retool for a modern era of data management, this is going to to stay this way. >> Yeah, I hear this all the time in our CUBE conversations with practitioners. It's kind of like the security pro, give me more tools, I'll buy anything that comes in the market, I'm desperate. There's definitely attention, but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side? Because, you know, people claim that they have tools at crime points of recovery opportunities, but they can't get there. So it seems to be that there's a confidence problem here in the market. How do you guys see that? 'cause I think this is where the rubber meets the road with ransomware 'cause it is a moving train, it's always changing, but it doesn't seem there's confidence. Can you guys talk about that? What's your reaction? >> Yeah, let me jump in first, and Stephen can add to it. What happens is, I think this is a panic buying and they have accumulated this tooling now just because somebody said they could solve your problem, but they haven't had a chance to take a real look from a ground up perspective to see where are the bottlenecks? Where are the vulnerabilities? And which tooling set needs to lie where? Where does the logic need to reside? And what, in Druva, we are watching people do and people do it successfully, is that as they have adopted Druva technology, which is ground up built for the cloud, and really built in a way which is, you know, driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware, and then there's a whole plethora of ecosystem players that kind of combine to really finish the story, so to say, right? So I think this has been a panic buying situation. This is like, "Get me any help you can give me." And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva, and try to identify the right set of ecosystem to really bring together to solve it meaningfully. >> Yes, Stephen? >> I was going to say, I mean, one of the the really interesting things in the survey for me, and for a moment, a little more than a moment, it made me think was that the large number of respondents who said, "I've got a really efficient, well-run back environment," who, then, on basically the next question said, "And I have no confidence that I can recover from a ransomware attack." And you scratch your head and you think, "Well, if your backup environment is so good, why do you have such low confidence?" And I think that's the moment when we dug deeper and we realized, if you've got a traditional architecture, and let's face it, the disk-based architecture's been around for almost two decades now, in terms of disk-based backup, you can have that tuned to the hilt. That can be running as efficiently as you want it, but it was built before the ransomware attacks, before all these cyber issues, you know, really start hitting companies. And so I have this really well-run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying, "I'm doing the best I can," but as Anjan pointed out, the architecture, the tooling isn't there to support what problems I need to solve today. >> Yeah, great point. >> And so, yeah. >> Well, that's a great point. Before we get into the customer side I want to get to in second, you know, I interviewed Jaspreet, the founder and CEO many years ago, even before the pandemic, and you mentioned modern. You guys have always had the cloud with Druva. This is huge. Now that you're past the pandemic, what is that modern cloud edge that you guys have? 'Cause that's a great point. A lot of stuff was built kind of backup and recovery bolted on, not really kind of designed into the current state of the infrastructure and the cloud native application modern environment we're seeing right now. It's a huge issue. >> I think, to me there's three things that come up over and over and over again as we talk to people in terms of, you know, being built in cloud, being cloud native, why is it an advantage? The first one is security and ransomware. And we can go deeper, but the most obvious one that always comes up is every single backup you do with Druva is air gapped, offsite, managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. The second advantage is the scalability. And you know, this certainly plays into account as your business grows, or, in some cases, as you shrink or repurpose workloads, you're only paying for what you use. But it also plays a big role, again, when you start thinking of ransomware recoveries because we can scale your recovery in cloud, on premises as much or as little as you want. And then I think the third one is we're seeing, basically, things evolving, new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SaaS service in the cloud is we're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting. The customer doesn't have to say, "Wow, I needed six months in the lab before I upgrade it and it's an 18-month, 24-month cycle before the functionality releases. You're getting it every two weeks, and it's backed by Druva to make sure it works. >> Anjan, you know, you got the product side, you know, it's a challenging job 'cause you have so many customers asking for things, probably on the roadmap, you probably can go an hour for that one, but I want to get your thoughts on what you're hearing and seeing from customers. We just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated, probably on the feature requests, but also structurally as ransomware continues to evolve. What are you hearing? What's the key customer need? How are you guys responding? >> Yeah, actually, I have two things that I hear very clearly when I talk to customers. One, I think, after listening to their security problems and their vulnerability challenges, because we see customers and help customers who are getting challenged by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in, as Druva, is that we are providing them the cloud operating model and a data protection operating model, combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate, because this is not just about a piece of technology. On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on, but innovating faster with less. And that has been this age old problem, do more with less. But in this whole, they're like trying to innovate in the middle of the war, so to say. The war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming, not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at 100 miles per hour, while they're just trying to live one day at a time. And unless they really develop this overall security operating model, helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with. Now Druva is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC2 offering to protect EC2 virtual machines back in AWS, and we are going to be continuing to evolve that to further the many services that public cloud software 'cause our customers are really kind of consuming them at breakneck speed. >> So new workloads, new security capabilities. Love that. Good call out there. Stephen, there's still the issue of the disruption side of it. You guys have a guarantee. There's a cost of ownership as you get more tools. Can you talk about that angle of it? You got new workloads, you got the new security needs, what's the disruption impact? 'Cause you want to avoid that. How much is it going to cost you? And you guys have this guarantee, can you explain that? >> Yeah, absolutely. So Druva launched our $10 million data resiliency guarantee. And for us, there were really two key parts to this. The first obviously is $10 million means that, you know, again, we're willing to put our money where our mouth is, and that's a big deal, right? That we're willing to back this with the guarantee. But then the second part, and this is the part that I think reflects that sort of model that Anjan was talking about. We sort of look at this and we say the goal of Druva is to do the job of protecting and securing your data for you so that you, as a customer, don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks, all with SLAs. So everything from your data's going to be recoverable in the case of a ransomware attack. Okay, that's good. Of course, for it to be recoverable, we're also guaranteeing your backup success rate. We're also guaranteeing the availability of the service. We're guaranteeing that the data that we're storing for you can't be compromised or leaked externally, and we're guaranteeing the long-term durability of the data so that if you backup with us today and you need to recover 30 years from now, that data's going to be recovered. So we wanted to really attack the end-to-end risks that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there, and the only way for this to work is to have a service that can provide you SLAs across all of the risks, because that means, as a SaaS vendor, we're doing the job for you so you're buying results as opposed to technology. >> That's great. Great point. Ransomware isn't the only problem. That's the title of this presentation, but it's a big one. (laughs) People are concerned about it, so great stuff. In the last five minutes, guys, if you don't mind, I'd love to have you share what's on the horizon for Druva? You mentioned the new workloads, Anjan. You mentioned this new security. You're going to shift left. DevOps is now the developer model. They're running IT. Get data and security teams now stepping in and trying to be as high velocity as possible for the developers and enterprises. What's on the horizon for Druva? What trends is the company watching, and how are you guys putting that together to stay ahead in the marketplace and the competition? >> Yeah, I think, listening to our customers, what we realize is they need help with the public cloud, number one. I think that's a big wave of consumption. People are consolidating their data centers, moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first, from Druva, before they can start to get into much more advanced level of insights and analytics around that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which, I think, is very unique to Druva because only we can look at multiple tenants, multiple customers because we are a SaaS vendor, and look at insights and give them best practices and guidances and analytics that nobody else can give. There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are going to build, all the way from a feature level where we have things like (audio distorts) that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights, and security, and that's where my focus is, to go and get those features delivered, and Stephen can add a few more things around services that Stephen is looking to build and launch. >> Sure, so, yeah, so John, I think one of the other areas that we see just an enormous groundswell of interest. So public cloud is important, but there are more and more organizations that are running hundreds, if not thousands of SaaS applications, and a lot of those SaaS applications have data. So there's the obvious things, like Microsoft 365, Google Workspace, but we're also seeing a lot of interest in protecting Salesforce because, if you think about it, if someone you know deletes some really important records in Salesforce, that's actually kind of the record of your business. And so, we're looking at more and more SaaS application protection, and really getting deep in that application awareness. It's not just about backup and recovery when you look at something like a Salesforce, or something like Microsoft 365. You do want to look into sandboxing, you want to look into long-term archival, because this is the new record of the business. What used to be in your on-premises databases, that all lives in cloud and SaaS applications now. So that's a really big area of investment for us. The second one, just to echo what Anjan said is, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them. We'll do all the tuning, we'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks, because we're seeing across the globe. And then, of course, being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because, let's face it, if you can set your data up more cleanly, you're going to be a lot less worried and a lot less exposed when that attack happens. So we want to be able to, again, cover those SaaS applications in addition to the public cloud, and then we want to be able to use our metadata and use our analytics and use this massive pipeline we've got to deliver value to our customers. Not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >> That's great stuff. >> And remember, John, I think all this while keeping things really easy to consume, consumer grade UI, APIs, and then really the power of SaaS as a service, simplicity to kind of continue on, amongst kind of keeping these complex technologies together. >> Anjan, that's a great callout. I was going to mention ease of use and self-service. Big part of the developer and IT experience. Expected. It's the table stakes. Love the analytic angle, I think that brings the scale to the table, and faster time to value to get to learn best practices. But at the end of the day, automation, cross-cloud protection and security to protect and recover. This is huge, and this is a big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of the product. Thanks for coming on, appreciate it. >> Thank you very much. >> Okay, there it is. You have the experts talk about under the hood, the product, the value, the future of what's going on with Druva, and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Vellante will give you some closing thoughts on the subject here. You're watching theCUBE, the leader in high tech enterprise coverage. >> As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl, and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth, infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The Druva Data Resiliency Cloud is the only 100% SaaS data resiliency platform that provides centralized, secure, air gapped, and immutable backup and recovery. With Druva, your data is safe with multiple layers of protection and is ready for fast recovery from cyberattacks, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds, and your business critical SaaS applications. Druva is the only 100% SaaS vendor that can manage, govern, and protect data across multiple clouds and business critical SaaS applications. It supports not just backup and recovery, but also data resiliency across high value use cases, such as e-discovery, sensitive data governance, ransomware, and security. No other vendor can match Druva for customer experience, infinite scale, storage optimization, data immutability, and ransomware protection. The Druva Data Resiliency Cloud, your data, always safe, always ready. Visit druva.com today to schedule a free demo. (upbeat music) >> One of the big takeaways from today's program is that in the scramble to keep business flowing over the past 2+ years, a lot of good technology practices have been put into place, but there's much more work to be done, specifically, because the frequency of attacks is on the rise and the severity of lost, stolen, or inaccessible data is so much higher today, business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a system's view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed slash accuracy of recovery. Here we hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you got to do is go to thecube.net, and you'll see all the content, or you can go to druva.com. There are tons of resources available, including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching "Why Ransomware isn't Your Only Problem," made possible by Druva, in collaboration with IDC and presented by theCUBE, your leader in enterprise and emerging tech coverage. (upbeat music)

>>The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know this had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized protection. As a result moved away from things like perimeter based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerges a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies. >>And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR focused that their DR approach was not cost efficient and needed to be modernized. And that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello, and welcome to Why Ransomware isn't your Only Problem, a service of the Cube made possible by dva. And in collaboration with idc. I'm your host, Dave Ante, and today we're present a three part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face. In today's new world, IDC Research Vice President Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. >>After that, we're gonna hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection. Generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at dva, Steven Manly and Anja Serenas. Steven is a 10 time cubo and Chief technology officer at dva. And Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how DVA is closing the gaps presented in the IDC survey through their product innovation. Or right now I'm gonna toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. >>Bill Goodwin joins me next, the VP of research at idc. We're gonna be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on the cube. >>Hey, Lisa, it's great to be here with you. >>So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >>You know, you, you really hit the, the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that that ransomware that has everybody's attention, and it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022, but within idc we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be, have the scale, upper scale, down on demand nature of cloud. So those are in a nutshell, kind of the three things that people are looking at. >>You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now Phil, no longer if we're gonna get attacked. It's when it's how often it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >>Well, what, what some of the research that we did is we found that about 77% of organizations have digital resilience as a, as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more, more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping keeping them awake at night. Quite honestly, if you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a, a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data >>And digital resilience, data resilience as every company these days has to be a data company to be competitive, digital resilience, data resilience. Are you using those terms interchangeably or data resilience to find as something a little bit different? >>Well, sometimes yeah, that we do get caught using them when, when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself and the context of of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You, you really, you can't have it resilience about data resilience. So that, that's where we're coming from on it >>Inextricably linked and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >>Well, one of the biggest is what, what you mentioned at the, at the top of the segment. And, and that is the, the area of ransomware, the research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to, to defend against these ransoms. The other thing about it is it's really a lot like whackamole. You know, they attack us in one area and and, and we defend against it. They, so they attack us in another area and we defend against it. >>And in fact, I had a, an individual come up to me at a show not long ago and said, You know, one of these days we're gonna get pretty well defended against ransomware and it's gonna go away. And I responded, I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't gonna just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that here is here for the long term and something that we, we have to address and have to get proactive about. >>You mentioned some stats there and, and recently IDC and DVA did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let, let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concern concerning ransomware. >>Yeah, this, this was a worldwide study. It was sponsored by DVA and conducted by IDC as an independent study. And what we did, we surveyed 500 is a little over 500 different individuals across the globe in North America select countries in in western Europe, as well as several in, in Asia Pacific. And we did it across industries with our 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of of infrastructure, you know, managers of data centers, things like that. And the, and the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they, when they get attacked. Some of the, some of the statistics that we learned from this, Lisa, include 83% of organizations believe or tell, told us that they have a, a playbook that, that they have for ransomware. >>I think 93% said that they have a high degree or a high or very high degree of confidence in their recovery tools and, and are fully automated. And yet when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't, aren't necessarily to be trusted. And, and so the software that they provide sometimes is, is fully recovered. Sometimes it's not. So you look at that and you go, Wow. On, on the one hand, people think they're really, really prepared, and on the other hand, the results are, are absolutely horrible. >>You know, two thirds of people having, having to pay their ransom. So you start to ask yourself, well, well, what is, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. Everybody has a plan until they get punched in the mouth. And I think that's kind of what happens with ransomware. You, you think you know what you're, you're doing, you think you're ready based on the information you have. And these people are smart people and, and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me in kind of the aha moment really in this whole thing. Lisa, >>That's a massive disconnect with the vast majority saying we have a cyber recovery playbook, yet nearly half being the victims of ransomware in the last three years, and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience data resilience as it's, as we said, this is a matter of this is gonna happen just a matter of when and how often >>It it is a matter, Yeah, as you said, it's not if when or, or how often. It's really how badly. So I think what organizations are really do doing now is starting to turn more to cloud-based services. You know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of, of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to, to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of, of scanning, in terms of analysis and so forth. So they're, they're turning to professionals in the cloud much more in order to get that breadth of experience and, and to take advantage of cloud based services that are out there. >>Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why are is IDC seeing this big shift to cloud where, where data resilience is concerned? >>Well, the first and foremost is the economics of it. You know, you can, you can have on demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If your financial services, it might even be triple, the infrastructure is very complicated, very difficult by going to the cloud. Organizations can subscribe to disaster recovery as a service. It increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit and all of a sudden they have to engage with outside consultants or they have to bring in other experts and that, and that extends the time to recover that they have and it also complicates it. >>So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >>So what do you think the big issue here is, is it that these, these I p T practitioners over 500 that you surveyed across 20 industries is a global survey? Do they not know what they don't know? What's the the overlying issue here? >>Yeah, I think that's right. It's, you don't know what you don't know and until you get into a specific attack, you know, there, there are so many different ways that, that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the, the issue is, once I have your data, what are you gonna do? I mean, there's no amount of recovery that is gonna help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and, and taking their chances. So best practice things like encryption, immutability, you know, things like that that organizations can put into place. Certainly air gaps. Having a, a solid backup foundation to, to where data is you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >>Given some of the, the, the disconnect that you articulated, the, the stats that show so many think we are prepared, we've got a playbook, yet so many are being, are being attacked. The vulnerabilities and the, and the, as the, the landscape threat landscape just gets more and more amorphous. Why, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry, we are vulnerable, this is gonna happen, we've gotta make sure that we are truly resilient and proactive? >>Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the, the, the consequences of ransom where it's not just the ransom, it's the loss productivity, it's, it's the loss of, of revenue. It's, it's the loss of, of customer faith and, and, and goodwill and organizations that have been attacked have, have suffered those consequences. And, and many of them are permanent. So people at the board level where it's, whether it's the ceo, the cfo, the cio, the c cso, you know, whoever it is, they're extremely concerned about these. And I can tell you they are fully engaged in addressing these issues within their organization. >>So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, It's a big business business, it's very profitable. But what is IDCs prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they're, they really actually have i i functioning playbook? >>I i, I don't know if we'll ever get to the point where the CCC C suite is not involved. It's probably very important to have that, that level of executive sponsorship. But, but what we are seeing is, in fact, we predicted by 20 25, 50 5% of organizations we'll have shifted to a cloud centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and, and at the edge, and that's really where the growth is. So being able to take that cloud centric model and take advantage of, of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily and, and to be able to take that cloud centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >>Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Juba sponsored IDC White paper. Fascinating finds. I encourage all of you to download that, Take a read, you're gonna learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining >>Me. No problem. Thank you, Lisa. >>In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin and you are watching the Cube, the leader in live tech coverage. >>We live in a world of infinite data, sprawling, dispersed valuable, but also vulnerable. So how do organizations achieve data resiliency when faced with ever expanding workloads, increasing security threats and intensified regulations? Unfortunately, the answer often boils down to what flavor of complexity do you like best? The common patchwork approaches are expensive, convoluted, and difficult to manage. There's multiple software and hardware vendors to worry about different deployments for workloads running on premises or in the cloud. And an inconsistent security framework resulting in enterprises maintaining four of five copies of the same data, increasing costs and risk building to an incoherent mess of complications. Now imagine a world free from these complexities. Welcome to the dr. A data resiliency cloud where full data protection and beautiful simplicity converge. No hardware, no upgrades, no management, just total data resili. With just a few clicks, you can get started integrating all of your data resiliency workflows in minutes. >>Through a true cloud experience built on Amazon web services, the DR A platform automates and manages critical daily tasks giving you time to focus on your business. In other words, get simplicity, scalability, and security instantly with the dr A data resiliency cloud, your data isn't just backed up, it's ready to be used 24 7 to meet compliance needs and to extract critical insights. You can archive data for long term retention, be protected against device failure and natural disasters, and recover from ransomware lightning fast. DVA is trusted with billions of backups annually by thousands of enterprises, including more than 60 of the Fortune 500 costing up to 50% less in the convoluted hardware, software, and appliance solutions. As data grows and becomes more critical to your business advantage, a data resiliency plan is vital, but it shouldn't be complicated. Dr. A makes it simple. >>Welcome back everyone to the cube and the drew of a special presentation of why ransomware isn't your only problem. I'm John Furrier, host of the Cube. We're here with w Curtis Preston. Curtis Preston, he known in the industry Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at why ransomware isn't your only problem. Great to see you. Thanks for coming on. >>Happy to be here. >>So we always see each other events now events are back. So it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I to get your thoughts and I'd like you to reflect on the analysis that we've been covering here and the survey data, how it lines up with the real world that you're seeing out there. >>Yeah, I think it's the, the survey results really, I'd like to say, I'd like to say that they surprised me, but unfortunately they didn't. The, the, the, the data protection world has been this way for a while where there's this, this difference in belief or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit successfully, hit by ransomware, paid the ransom and, and, and or lost data. And yet the same people that were surveyed, they had to high degrees of confidence in their backup system. And I, you know, I, I could, I could probably go on for an hour as to the various reasons why that would be the case, but I, I think that this long running problem that as long as I've been associated with backups, which you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And, and people often just, they, they, they don't wanna have anything to do with the backup system. And so it sort of exists in this vacuum. And so then management is like, oh, the backup system's great, because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >>It's funny, you know, we're good boss, we got this covered. Good, >>It's all good, it's all good, >>You know, and the fingers crossed, right? So again, this is the reality and, and, and as it becomes backup and recovery, which we've talked about many times on the cube, certainly we have with you before, but now with ransomware also, the other thing is people get ransomware hit multiple times. So it's not, not only like they get hit once, so, you know, this is a constant chasing the tail on some ends, but there are some tools out there, You guys have a solution. And so let's get into that. You know, you have had hands on backup experience. What are the points that surprised you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >>Well, I would say that the, the, the one part in the survey that surprised me the most was people that had a huge, you know, that there, there was a huge percentage of people that said that they had a, a, a, you know, a a a ransomware response, you know, in readiness program. And you look at that and you, how could you be, you know, that high percentage of people be comfortable with their ransomware readiness program and a, you know, which includes a number of things, right? There's the cyber attack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so your, you believe that your company was ready for that, and then you go, and I, I think it was 67% of the people in the survey paid the ransom, which as, as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number I think just hurt me the most is that because you, you talked about re infections, the surest way to guarantee that you get rein attacked and reinfected is to pay the ransom. This goes back all the way ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail and >>You're in business, you're a good customer arr for ransomware. >>Yeah. So the, the fact that, you know, 60 what two thirds of the people that were attacked by ransomware paid the ransom. That one statistic just, just hurt my heart. >>Yeah. And I think this is the reality. I mean, we go back and even the psychology of the practitioners was, you know, it's super important to get back in recovery and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said, the arr joking, but there's recurring revenue for the, for the bad guys if they know you're paying up and if you're stupid enough not to change, you're tooling, right? So, so again, it works both ways. So I gotta ask you, why do you think so many are unable to successfully respond after an attack? Is it because they know it's coming? I mean, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding and successfully to this? >>I I think it's a, it's a litany of thing starting with the, that aspect that I mentioned before, that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if, if you're the one that raises their hand, you know what, that's a good idea, Curtis, why don't you look into that? Right. Nobody, nobody wants to be, Where's >>That guy now? He doesn't work here anymore. Yeah, but I I I hear where you come from exactly. Psychology. >>Yeah. So there, there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They, they, they become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of active directory and, you know, and things like Okta, so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate for from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if you, if that production environment is compromised now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then you've, if, if the production system is compromised, then the backup system is compromised. So you've got to segregate all of that. And I, and I just don't think that people are thinking about that. Yeah. You know, and they're using the same backup techniques that they've used for many, many years. >>So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, Hey, we'll just take out the backup first so they can backup. So we got the ransomware it >>Makes Yeah, exactly. The the largest ransomware group out there, the KTI ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored, and they are exfiltrating the backups first and then deleting them and then letting you know you have ransom. >>Okay, so you guys have a lot of customers, they all kind of have the same this problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >>Well, again, you, you've got to fully segregate that data. There are, and, and everything about how that data is stored and everything about how that data's created and accessed. There are ways to do that with other, you know, with other commercial products, you can take a, a, a standard product and put a number of layers of defense on top of it, or you can switch to the, the way Druva does things, which is a SAS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. And the, the, it's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically what you get by default with the, the way juva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work with us. You just log in and you get all of that. >>I guess how do, how do you break the laws of physics? I guess that's the question here. >>Well, when, because that's the other thing is that by storing the data in the cloud, we, we do, and I've said this a few times, that you get to break the laws of physics and the, the only way to do that is to, is time travel and what, that's what it, so yeah, so Druva has time travel. What, and this is a criticism by the way. I don't think this is our official position, but Yeah. But the, the idea is that the only way to restore data as fast as possible is to restore it before you actually need it. And that's what kind of what I mean by time travel in that you basically, you configure your dr your disaster recovery environment in, in DVA one time. And then we are pre restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the, the current environment as quickly as we can so that in a disaster recovery scenario, which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go the, the data should already be restored. And that's the, i that's the way that you break the laws of physics is you break the laws of time. >>Well, I, everyone wants to know the next question, and this is the real big question, is, are you from the future? >>Yeah. Very much the future. >>What's it like in the future? Backup recovery as a restore, Is it air gaping? Everything? >>Yeah. It, it, it, Well it's a world where people don't have to worry about their backups. I I like to use the phrase, get outta the backup business. Just get into the ReSTOR business. I I, you know, I'm, I'm a grandfather now and I, and I love having a granddaughter and I often make the joke that if I don't, if I'd have known how great grandkids were, I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SAS data protection system and data resiliency system, you can just do recoveries and not have to worry about >>Backups. Yeah. And what's great about your background is you've got a lot of historical perspective. You've seen that been in the ways of innovation now it's really is about the recovery and real time. So a lot of good stuff going on. And God think automated thingss gotta be rocking and rolling. >>Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then, we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not that our customers don't have to do all of those things that all of our competitors have to do to, you know, to, to break, to try to break the laws of physics. I've been fighting the laws of physics my entire career to get the backup done in the first place. Then to secure all the data, right to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I, I wish that, I wish everybody had that ability. >>Yeah, I mean, security's a big part of it. Data's in the middle of it all. This is now mainstream front lines. Great stuff Chris, great to have you on, bring that perspective and thanks for the insight. Really >>Appreciate it. Always happy to talk about my favorite subject. >>All right, we'll be back in a moment. We'll have Steven Manley, the cto and on John Shva, the GM and VP of Product Manage will join me. You're watching the cube, the leader in high tech enterprise coverage. >>Ransomware is top of mind for everyone. Attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability, scans, patches and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released after an attack. Recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the DR A data resiliency cloud on your side. The DR A platform functions completely in the cloud with no hardware, software, operating system, or complex configurations, which means there are none of the weaknesses that ransomware commonly uses to attack backups. >>Our software as a service model delivers 24 7 365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches and upgrades for you. DVA also makes zero trust security easy with builtin multifactor authentication, single sign-on and role-based access controls in the event of an attack. Druva helps you stop the spread of ransomware and quickly understand what went wrong. With builtin access insights and anomaly detection, then you can use industry first tools and services to automate the recovery of clean unencrypted data from the entire timeframe of the attack. Cyber attacks are a major threat, but you can make protection and recovery easy with dva. >>Welcome back everyone to the Cubes special presentation with DVA on why ransomware isn't your only problem. I'm John er, host of the Cube. Our next guest are Steven Manley, Chief Technology Officer of dva and I, John Trini VAs, who is the general manager and vice president of product management and Druva. Gentleman, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic, the IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >>Great to be here John. >>So what's your thoughts on the survey's conclusion? I've obviously the resilience is huge. Ransomware is continues to thunder away at businesses and causes a lot of problems. Disruption, I mean just it's endless ransomware problems. What's your thoughts on the con conclusion? >>So I'll say the, the thing that pops out to me is, is on the one hand, everybody who sees the survey, who reads, it's gonna say, well that's obvious. Of course ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But, but I think when you dig deeper and there and there's a lot of subtleties to look into, but, but one of the things that, that I hear on a daily basis from the customers is it's because the problem keeps evolving. It, it's not as if the threat was a static thing to just be solved and you're done because the threat keeps evolving. It remains top of mind for everybody because it's so hard to keep up with with what's happening in terms of the attacks. >>And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping it away from all the tooling that needed to do. A lot of people are even still wondering when that happens next time, what do I even do? So clearly not very surprising. Clearly I think it's here to stay and I think as long as people don't retool for a modern era of data management, this is going to stay this >>Way. Yeah, I mean I hear this whole time and our cube conversations with practitioners, you know there, it's kind of like the security pro give me more tools, I'll buy anything that comes in the market. I'm desperate. There's definitely attention but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side? Because you know, people claim that they have tools at fine points of, of recovery opportunities but they can't get there. So it seems to be that there's a confidence problem here in the market. What, how do you guys see that? Cuz I think this is where the rubber meets the road with ransomware cuz it's, it is a moving train, it's always changing but it doesn't seem as confidence. Can you guys talk about that? What's your reaction? >>Yeah, let me jump in first and Steven can add to it. What happens is I think this is a panic buying and they have accumulated this tooling now just because somebody said could solve your problem, but they haven't had a chance to take a re-look from a ground up perspective to see where are the bottlenecks, where are the vulnerabilities and which tooling set needs to lie? Where, where does the logic need to recite and what in Drew we are watching people do and people do it successfully, is that as they have adopted through our technology, which is ground up built for the cloud and really built in a way which is, you know, driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware. >>And then there's a whole plethora of ecosystem players that kind of combine to really really finish the story so to say, right? So I think this has been a panic buying situation. This is like, get me any help you can give me. And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva and tried to identify the right set of ecosystem to really bring together to solve it meaningfully. >>Steven, >>I was gonna say, I mean one, one of the, one of the really interesting things in the survey for me and, and, and for a moment, little more than a moment, it made me think was that the large number of respondents who said I've got a really efficient well run backup environment, who then on basically the next question said, and I have no confidence that I can recover from a ransomware attack. And you scratch your head and you think, well if your backup environment is so good, why do you have such low confidence? And, and, and I think that's the moment when we, we dug deeper and we realized, you know, if you've got a traditional architecture and let's face the dis base architecture's been around for almost two decades now in terms of dis based backup, you can have that tune to the help that can be running as efficiently, efficiently as you want it, but it was built before the ransomware attacks before, before all these cyber issues, you know, really start hitting companies. And so I have this really well run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying I'm doing the best I can, but as Angen pointed out, the architecture, the tooling isn't there to support what, what problems I need to solve today. Yeah, >>Great point. And so yeah, well that's a great point. Before we get into the customer side, I wanna get to in second, you know, I interviewed Jare, the the founder CEO many years ago, even before the pandemic. You mentioned modern, you guys have always had the cloud, which r this is huge. Now that you're past the pandemic, what is that modern cloud edge you guys have? Cuz that's a great point. A lot of stuff was built kind of Beckham recovery bolted on, not really kind of designed into the, the current state of the infrastructure and the cloud native application modern environment we're seeing. Right? Now's a huge issue >>I think. I think it's, it's to me there's, there's three things that come up over and over and over again as, as we talk to people in terms of, you know, being built in cloud, being cloud native, why is an advantage? The first one is, is security and ransomware. And, and, and we can go deeper, but the most obvious one that always comes up is every single backup you do with DVA is air gap offsite managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. I think the second advantage is the scalability. And you know this, this certainly plays into account as your, your business grows or in some cases as you shrink or repurpose workloads, you're only paying for what you use. >>But it also plays a a big role again when you start thinking of ransomware recoveries because we can scale your recovery in cloud on premises as much or as little as you want. And then I think the third one is we're seeing a basically things evolving new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SA service in the cloud is you're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting, you know, the customer doesn't have to say, Wow, I need it six months in the lab before I upgrade it and it's an 18 month, 24 month cycle before the functionality releases. You're getting it every two weeks and it's backed by Druva to make sure it works. >>That says on John, you know, you got the, the product side, you know, it's challenging job cuz you have so many customers asking for things probably on the roadmap you probably go hour for that one. But I wanna get your thoughts on what you're hearing and seeing from customers. You know, we just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated on the, probably on the feature request, but also structurally as as ransomware continues to evolve. What are you hearing, what's the key customer need? How are you guys responding? >>Yeah, actually I have two things that I hear very clearly when I talk to customers. One, I think after listening to their security problems and their vulnerability challenges because we see customers and help customers who are getting challenge by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in as rua is that we are providing them the cloud operating model and a data protection operating model combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate because this is just not about a piece of technology. >>On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on but innovating faster with faster, with less. And that has been this age old problem, do more with less. But in this, in this whole, they're like trying to innovate in the middle of the war so to say, right, the war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at a hundred miles per hour while they're just, you know, trying to live one day at a time. >>And unless they really develop this overall security operating model helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this kind of this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with now. Drew is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC two offering to protect EC two virtual machines back in aws and we are gonna be continuing to evolve that to further many services that public cloud software cuz our customers are really kind of consuming them at breakneck speed. >>So the new workloads, the new security capabilities. Love that. Good, good call out there. Steven, this still the issue of the disruption side of it, you guys have a guarantee there's a cost of ownership as you get more tools. Can you talk about that angle of it? Because this is, you got new workloads, you got the new security needs, what's the disruption impact? Cause you know, you won't avoid that. How much is it gonna cost you? And you guys have this guarantee, can you explain that? >>Yeah, absolutely. So, so Dr launched our 10 million data resiliency guarantee. And, and for us, you know, there were, there were really two key parts to this. The first obviously is 10 million means that, you know, again we're, we're we're willing to put our money where our mouth is and, and that's a big deal, right? That that, that we're willing to back this with the guarantee. But then the second part, and, and, and this is the part that I think reflects that, that sort of model that Angen was talking about, we, we sort of look at this and we say the goal of DVA is to do the job of protecting and securing your data for you so that you as a customer don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks all with SLAs. So everything from, you know, your data's gonna be recoverable in the case of a ransomware attack. >>Okay, that's good. Of course for it to be recoverable, we're also guaranteeing, you know, your backup, your backup success rate. We're also guaranteeing the availability of the service. You know, we're, we're guaranteeing that the data that we're storing for you can't be compromised or leaked externally and you know, we're guaranteeing the long term durability of the data so that if you back up with us today and you need to recover 30 years from now, that data's gonna be recovered. So we wanted to really attack the end to end, you know, risks that, that, that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there and the only way for this to work is to have a service that can provide you SLAs across all of the risks because that means, again, as a SAS vendor, we're doing the job for you so you're buying results as opposed to technology. >>That's great. Great point. Ransomware isn't the only problem that's the title of this presentation, but is a big one. People concerned about it. So great stuff. In the last five minutes guys, if you don't mind, I'd love to have you share what's on the horizon for dva. You mentioned the new workloads on John, you mentioned this new security hearing shift left DevOps is now the developer model, they're running it get data and security teams now stepping in and trying to be as vo high velocity as possible for the developers and enterprises. What's on the horizon, Ava? What trends is the company watching and how are you guys putting that together to stay ahead in the marketplace and the competition? >>Yeah, I think listening to our customers, what we realize is they need help with the public cloud. Number one. I think that's a big wave of consumption. People are consolidating their data centers, moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first from before they can start to get into much more advanced level of insights and analytics on that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which I think is very unique to thwa because only we can look at multiple tenants, multiple customers because we are a SAS vendor and look at insights and give them best practices and guidances and analytics that nobody else can give. >>There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need, what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are gonna build all the way from a feature level where we have things like recycle bin that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights and security and that's where my focus is to go and get those features delivered and Steven can add a few more things around services that Steven is looking to build in launch. >>Sure. So, so yeah, so, so John, I think one of the other areas that we see just an enormous groundswell of interest. So, so public cloud is important, but there are more and more organizations that are running hundreds if not thousands of SaaS applications and a lot of those SaaS applications have data. So there's the obvious things like Microsoft 365 Google workspace, but we're also seeing a lot of interest in protecting Salesforce because if you think about it, you know, if you, if if someone you know deletes some really important records in Salesforce, that's, that's actually actually kind of the record of your business. And so, you know, we're looking at more and more SaaS application protection and, and really getting deep in that application awareness. It's not just about backup and recovery. When you look at something like, like a sales force or something like Microsoft 365, you do wanna look into sandboxing, you wanna, you wanna look into long term archival because again, this is the new record of the business, what used to be in your on premises databases that all lives in cloud and SaaS applications now. >>So that's a really big area of investment for us. The second one, just to echo what, what engine said is, you know, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. And I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them, will do all the tuning, we'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks because we're seeing across the globe. And then of course being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because let's face it, if you can set your, your data up more cleanly, you're gonna be a lot less worried and a lot less exposed from that attack happens. So we want to be able to again, cover those SaaS applications in addition to the public cloud. And then we want to be able to use our metadata and use our analytics and use this massive pipeline. We've got to deliver value to our customers, not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >>That's great stuff. Run John. >>And remember John, I think all this while keeping things really easy to consume consumer grade UI APIs and the, the really, the power of SaaS as a service simplicity to kind of continue on amongst kind of keeping these complex technologies together. >>Aj, that's a great call out. I was gonna mention ease of use is and self-service, big part of the developer and IT experience expected, it's the table stakes, love the analytic angle. I think that brings the scale to the table and faster time to value to get to learn best practices. But the end of the day automation, cross cloud protection and security to protect and recover. This is huge and this is big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of of the product. Thanks for coming on. Appreciate it. >>Thank you very much. >>Okay, there it is. You got the experts talking about under the hood, the product, the value, the future of what's going on with Druva and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Ante will give you some closing thoughts on the subject here you're watching the cube, the leader in high tech enterprise coverage. >>As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl, and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The dr. A Data Resiliency Cloud is the only 100% SAS data resiliency platform that provides centralized, secure air gapped and immutable backup and recovery. With dva, your data is safe with multiple layers of protection and is ready for fast recovery from cyber attack, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds and your business critical SaaS applications. Druva is the only 100% SAS fender that can manage, govern, and protect data across multiple clouds and business critical SAS applications. It supports not just backup and recovery, but also data resiliency across high value use cases such as e-discovery, sensitive data governance, ransomware, and security. No other vendor can match Druva for customer experience, infinite scale storage optimization, data immutability and ransomware protection. The DVA data resiliency cloud your data always safe, always ready. Visit druva.com today to schedule a free demo. >>One of the big takeaways from today's program is that in the scramble to keep business flowing over the past two plus years, a lot of good technology practices have been put into place, but there's much more work to be done specifically because the frequency of attacks is on the rise and the severity of lost, stolen, or inaccessible data is so much higher. Today, business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a systems' view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed slash accuracy of recovery. You know, we hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you gotta do is go to the cube.net and you'll see all the content, or you can go to druva.com. There are tons of resources available, including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching why Ransomware isn't your only problem Made possible by dva, a collaboration with IDC and presented by the Cube, your leader in enterprise and emerging tech coverage.

>>The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know this had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized protection. As a result moved away from things like perimeter based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerges a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies. >>And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR focused that their DR approach was not cost efficient and needed to be modernized. And that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello and welcome to Why Ransomware isn't your Only Problem, a service of the Cube made possible by dva. And in collaboration with idc. I'm your host, Dave Ante, and today we're present a three part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face. In today's new world, IDC Research Vice President Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. >>After that, we're gonna hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection. Generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at dva, Steven Manly and Anja Serenas. Steven is a 10 time cubo and Chief technology officer at dva, and Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how DVA is closing the gaps presented in the IDC survey through their product innovation. Or right now I'm gonna toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. >>Bill Goodwin joins me next, the VP of research at idc. We're gonna be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on the cube. >>Hey, Lisa, it's great to be here with you. >>So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >>You know, you, you really hit the, the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that that ransomware that has everybody's attention and it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022, but within idc we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be, have the scale, upper scale, down on demand nature of cloud. So those are in a nutshell, kind of the three things that people are looking at. >>You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now Phil, no longer if we're gonna get attacked. It's when it's how often it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >>Well, what, what some of the research that we did is we found that about 77% of organizations have digital resilience as a, as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more, more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping keeping them awake at night. Quite honestly, if you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a, a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data >>And digital resilience, data resilience as every company these days has to be a data company to be competitive, digital resilience, data resilience. Are you using those terms interchangeably or data resilience to find as something a little bit different? >>Well, sometimes yeah, that we do get caught using them when, when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself and the context of of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You, you really, you can't have it resilience about data resilience. So that, that's where we're coming from on it >>Inextricably linked and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >>Well, one of the biggest is what, what you mentioned at the, at the top of the segment and, and that is the, the area of ransomware, the research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to, to defend against these ransoms. The other thing about it is it's really a lot like whackamole. You know, they attack us in one area and and, and we defend against it. They, so they attack us in another area and we defend against it. >>And in fact, I had a, an individual come up to me at a show not long ago and said, You know, one of these days we're gonna get pretty well defended against ransomware and it's gonna go away. And I responded, I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't gonna just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that here is here for the long term and something that we, we have to address and have to get proactive about. >>You mentioned some stats there and, and recently IDC and DVA did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let, let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concern concerning ransomware. >>Yeah, this, this was a worldwide study. It was sponsored by DVA and conducted by IDC as an independent study. And what we did, we surveyed 500 is a little over 500 different individuals across the globe in North America select countries in in western Europe, as well as several in, in Asia Pacific. And we did it across industries with our 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of of infrastructure, you know, managers of data centers, things like that. And the, and the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they, when they get attacked. Some of the, some of the statistics that we learned from this, Lisa, include 83% of organizations believe or tell, told us that they have a, a playbook that, that they have for ransomware. >>I think 93% said that they have a high degree or a high or very high degree of confidence in their recovery tools and, and are fully automated. And yet when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't, aren't necessarily to be trusted. And, and so the software that they provide sometimes is, is fully recovered, sometimes it's not. So you look at that and you go, Wow. On, on the one hand people think they're really, really prepared and on the other hand the results are, are absolutely horrible. >>You know, two thirds of people having, having to pay their ransom. So you start to ask yourself, well, well, what is, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. Everybody has a plan until they get punched in the mouth. And I think that's kind of what happens with ransomware. You, you think you know what you're, you're doing, you think you're ready based on the information you have. And these people are smart people and, and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me in kind of the aha moment really in this whole thing. Lisa, >>That's a massive disconnect with the vast majority saying we have a cyber recovery playbook, yet nearly half being the victims of ransomware in the last three years and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience data resilience as it's, as we said, this is a matter of this is gonna happen just a matter of when and how often >>It it is a matter, Yeah, as you said, it's not if when or, or how often. It's really how badly. So I think what organizations are really do doing now is starting to turn more to cloud-based services. You know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of, of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to, to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of, of scanning, in terms of analysis and so forth. So they're, they're turning to professionals in the cloud much more in order to get that breadth of experience and, and to take advantage of cloud based services that are out there. >>Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why are is IDC seeing this big shift to cloud where, where data resilience is concerned? >>Well, the first and foremost is the economics of it. You know, you can, you can have on demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If your financial services, it might even be triple, the infrastructure is very complicated, very difficult by going to the cloud. Organizations can subscribe to disaster recovery as a service. It increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit and all of a sudden they have to engage with outside consultants or they have to bring in other experts and that, and that extends the time to recover that they have and it also complicates it. >>So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >>So what do you think the big issue here is, is it that these, these I p T practitioners over 500 that you surveyed across 20 industries is a global survey? Do they not know what they don't know? What's the the overlying issue here? >>Yeah, I think that's right. It's, you don't know what you don't know and until you get into a specific attack, you know, there, there are so many different ways that, that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the, the issue is, once I have your data, what are you gonna do? I mean, there's no amount of recovery that is gonna help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and, and taking their chances. So best practice things like encryption, immutability, you know, things like that that organizations can put into place. Certainly air gaps. Having a, a solid backup foundation to, to where data is you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >>Given some of the, the, the disconnect that you articulated, the, the stats that show so many think we are prepared, we've got a playbook, yet so many are being, are being attacked. The vulnerabilities and the, and the, as the, the landscape threat landscape just gets more and more amorphous. Why, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry we are vulnerable, this is gonna happen, we've gotta make sure that we are truly resilient and proactive? >>Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the, the, the consequences of ransom where it's not just the ransom, it's the loss productivity, it's, it's the loss of, of revenue, it's, it's the loss of, of customer faith and, and, and goodwill and organizations that have been attacked have, have suffered those consequences. And, and many of them are permanent. So people at the board level where it's, whether it's the ceo, the cfo, the cio, the c cso, you know, whoever it is, they're extremely concerned about these. And I can tell you they are fully engaged in addressing these issues within their organization. >>So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business business, it's very profitable. But what is IDCs prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they're, they really actually have i i functioning playbook? >>I i, I don't know if we'll ever get to the point where the CCC C suite is not involved. It's probably very important to have that, that level of executive sponsorship. But, but what we are seeing is, in fact we predicted by 20 25, 50 5% of organizations we'll have shifted to a cloud centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and, and at the edge, and that's really where the growth is. So being able to take that cloud centric model and take advantage of, of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily and, and to be able to take that cloud centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >>Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Juba sponsored IDC White paper. Fascinating finds. I encourage all of you to download that. Take a read, you're gonna learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining >>Me. No problem. Thank you, Lisa. >>In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin and you are watching The Cube, the leader in live tech coverage.

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

(light music) >> Hello, and welcome to theCUBE's special presentation with Horizon3.ai with Rainer Richter, Vice President of EMEA, Europe, Middle East and Africa, and Asia Pacific, APAC Horizon3.ai. Welcome to this special CUBE presentation. Thanks for joining us. >> Thank you for the invitation. >> So Horizon3.ai, driving global expansion, big international news with a partner-first approach. You guys are expanding internationally. Let's get into it. You guys are driving this new expanse partner program to new heights. Tell us about it. What are you seeing in the momentum? Why the expansion? What's all the news about? >> Well, I would say in international, we have, I would say a similar situation like in the US. There is a global shortage of well-educated penetration testers on the one hand side. On the other side, we have a raising demand of network and infrastructure security. And with our approach of an autonomous penetration testing, I believe we are totally on top of the game, especially as we have also now starting with an international instance. That means for example, if a customer in Europe is using our service, NodeZero, he will be connected to a NodeZero instance, which is located inside the European Union. And therefore, he doesn't have to worry about the conflict between the European GDPR regulations versus the US CLOUD Act. And I would say there, we have a total good package for our partners that they can provide differentiators to their customers. >> You know, we've had great conversations here on theCUBE with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company. And obviously, I can just connect the dots here, but I'd like you to weigh in more on how that translates into the go-to-market here because you got great cloud scale with the security product you guys are having success with. Great leverage there, I'm seeing a lot of success there. What's the momentum on the channel partner program internationally? Why is it so important to you? Is it just the regional segmentation? Is it the economics? Why the momentum? >> Well, there are multiple issues. First of all, there is a raising demand in penetration testing. And don't forget that in international, we have a much higher level number or percentage in SMB and mid-market customers. So these customers, typically, most of them even didn't have a pen test done once a year. So for them, pen testing was just too expensive. Now with our offering together with our partners, we can provide different ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with a traditional manual pen test, and that is because we have our Consulting PLUS package, which is for typically pen testers. They can go out and can do a much faster, much quicker pen test at many customers after each other. So they can do more pen test on a lower, more attractive price. On the other side, there are others or even the same one who are providing NodeZero as an MSSP service. So they can go after SMP customers saying, "Okay, you only have a couple of hundred IP addresses. No worries, we have the perfect package for you." And then you have, let's say the mid-market. Let's say the thousand and more employees, then they might even have an annual subscription. Very traditional, but for all of them, it's all the same. The customer or the service provider doesn't need a piece of hardware. They only need to install a small piece of a Docker container and that's it. And that makes it so smooth to go in and say, "Okay, Mr. Customer, we just put in this virtual attacker into your network, and that's it and all the rest is done." And within three clicks, they can act like a pen tester with 20 years of experience. >> And that's going to be very channel-friendly and partner-friendly, I can almost imagine. So I have to ask you, and thank you for calling out that breakdown and segmentation. That was good, that was very helpful for me to understand, but I want to follow up, if you don't mind. What type of partners are you seeing the most traction with and why? >> Well, I would say at the beginning, typically, you have the innovators, the early adapters, typically boutique-size of partners. They start because they are always looking for innovation. Those are the ones, they start in the beginning. So we have a wide range of partners having mostly even managed by the owner of the company. So they immediately understand, okay, there is the value, and they can change their offering. They're changing their offering in terms of penetration testing because they can do more pen tests and they can then add others ones. Or we have those ones who offered pen test services, but they did not have their own pen testers. So they had to go out on the open market and source pen testing experts to get the pen test at a particular customer done. And now with NodeZero, they're totally independent. They can go out and say, "Okay, Mr. Customer, here's the service. That's it, we turn it on. And within an hour, you are up and running totally." >> Yeah, and those pen tests are usually expensive and hard to do. Now it's right in line with the sales delivery. Pretty interesting for a partner. >> Absolutely, but on the other hand side, we are not killing the pen tester's business. We are providing with NodeZero, I would call something like the foundational work. The foundational work of having an ongoing penetration testing of the infrastructure, the operating system. And the pen testers by themselves, they can concentrate in the future on things like application pen testing, for example. So those services, which we are not touching. So we are not killing the pen tester market. We are just taking away the ongoing, let's say foundation work, call it that way. >> Yeah, yeah. That was one of my questions. I was going to ask is there's a lot of interest in this autonomous pen testing. One because it's expensive to do because those skills are required are in need and they're expensive. (chuckles) So you kind of cover the entry-level and the blockers that are in there. I've seen people say to me, "This pen test becomes a blocker for getting things done." So there's been a lot of interest in the autonomous pen testing and for organizations to have that posture. And it's an overseas issue too because now you have that ongoing thing. So can you explain that particular benefit for an organization to have that continuously verifying an organization's posture? >> Certainly. So I would say typically, you have to do your patches. You have to bring in new versions of operating systems, of different services, of operating systems of some components, and they are always bringing new vulnerabilities. The difference here is that with NodeZero, we are telling the customer or the partner the package. We're telling them which are the executable vulnerabilities because previously, they might have had a vulnerability scanner. So this vulnerability scanner brought up hundreds or even thousands of CVEs, but didn't say anything about which of them are vulnerable, really executable. And then you need an expert digging in one CVE after the other, finding out is it really executable, yes or no? And that is where you need highly-paid experts, which where we have a shortage. So with NodeZero now, we can say, "Okay, we tell you exactly which ones are the ones you should work on because those are the ones which are executable. We rank them accordingly to risk level, how easily they can be used." And then the good thing is converted or in difference to the traditional penetration test, they don't have to wait for a year for the next pen test to find out if the fixing was effective. They run just the next scan and say, "Yes, closed. Vulnerability is gone." >> The time is really valuable. And if you're doing any DevOps, cloud-native, you're always pushing new things. So pen test, ongoing pen testing is actually a benefit just in general as a kind of hygiene. So really, really interesting solution. Really bringing that global scale is going to be a new coverage area for us, for sure. I have to ask you, if you don't mind answering, what particular region are you focused on or plan to target for this next phase of growth? >> Well, at this moment, we are concentrating on the countries inside the European Union plus United Kingdom. And of course, logically, I'm based in the Frankfurt area. That means we cover more or less the countries just around. So it's like the so-called DACH region, Germany, Switzerland, Austria, plus the Netherlands. But we also already have partners in the Nordic, like in Finland and Sweden. So we have partners already in the UK and it's rapidly growing. So for example, we are now starting with some activities in Singapore and also in the Middle East area. Very important, depending on let's say, the way how to do business. Currently, we try to concentrate on those countries where we can have, let's say at least English as an accepted business language. >> Great, is there any particular region you're having the most success with right now? Sounds like European Union's kind of first wave. What's the most- >> Yes, that's the first. Definitely, that's the first wave. And now with also getting the European INSTANCE up and running, it's clearly our commitment also to the market saying, "Okay, we know there are certain dedicated requirements and we take care of this." And we are just launching, we are building up this one, the instance in the AWS service center here in Frankfurt. Also, with some dedicated hardware, internet, and a data center in Frankfurt, where we have with the DE-CIX, by the way, the highest internet interconnection bandwidth on the planet. So we have very short latency to wherever you are on the globe. >> That's a great call out benefit too. I was going to ask that. What are some of the benefits your partners are seeing in EMEA and Asia Pacific? >> Well, I would say, the benefits for them, it's clearly they can talk with customers and can offer customers penetration testing, which they before even didn't think about because penetration testing in a traditional way was simply too expensive for them, too complex, the preparation time was too long, they didn't have even have the capacity to support an external pen tester. Now with this service, you can go in and even say, "Mr. Customer, we can do a test with you in a couple of minutes. We have installed a Docker container. Within 10 minutes, we have the pen test started. That's it and then we just wait." And I would say we are seeing so many aha moments then. On the partner side, when they see NodeZero the first time working, it's like they say, "Wow, that is great." And then they walk out to customers and show it to their typically at the beginning, mostly the friendly customers like, "Wow, that's great, I need that." And I would say the feedback from the partners is that is a service where I do not have to evangelize the customer. Everybody understands penetration testing, I don't have to describe what it is. The customer understanding immediately, "Yes. Penetration testing, heard about that. I know I should do it, but too complex, too expensive." Now for example, as an MSSP service provided from one of our partners, it's getting easy. >> Yeah, and it's great benefit there. I mean, I got to say I'm a huge fan of what you guys are doing. I like this continuous automation. That's a major benefit to anyone doing DevOps or any kind of modern application development. This is just a godsend for them, this is really good. And like you said, the pen testers that are doing it, they were kind of coming down from their expertise to kind of do things that should have been automated. They get to focus on the bigger ticket items. That's a really big point. >> Exactly. So we free them, we free the pen testers for the higher level elements of the penetration testing segment, and that is typically the application testing, which is currently far away from being automated. >> Yeah, and that's where the most critical workloads are, and I think this is the nice balance. Congratulations on the international expansion of the program, and thanks for coming on this special presentation. I really appreciate it. Thank you very much. >> You're welcome. >> Okay, this is theCUBE special presentation, you know, checking on pen test automation, international expansion, Horizon3.ai. A really innovative solution. In our next segment, Chris Hill, Sector Head for Strategic Accounts, will discuss the power of Horizon3.ai and Splunk in action. You're watching theCUBE, the leader in high tech enterprise coverage. (steady music)