>> (upbeat music) >> Okay, we just covered some of the critical aspects from Infinidat recent announcement and the importance of cyber resilience and fast recovery. Eric Hertzog is back and joining us is Stan Wysocki, who's president of Mark III Systems. Stan, welcome to the Cube, good to see you. >> Thank you, pleasure to be here. >> Tell us about Mark III Systems. You specialize in IT infrastructure and artificial intelligence. It says in your website. I'd love to hear more about your business. >> Yeah, yeah, definitely. You know, I think we're a little bit unique in our industry, right? There've been business partners resellers around for, we've been around for 26 years. And in 26 years, we've supported some of largest enterprise customers in the Southeast, with server storage networking virtualization. We have VCP number 94, so we've been doing that from the very beginning. But about six years ago, we realized that IT was changing, that business was changing, that the demands of the customers was changing and we needed to create the full stack message and a full-stack practice. So we hired data scientists and developers in DevOps, MLOps and gave them the environments and the tools that they could use to build experience around AI, ML deep learning. So now when we engage with our customers, not only can we handle the entire enterprise stack that they have, but we can help accelerate them on their adoption of open-source technologies, cloud native development and AI and integrating that into their business processes. >> I love it. You got to keep moving. You've been around for a long time, but you're not just sitting still. I wonder if you could comment in an Eric, I want you to comment as well. From your customer's perspective Stan, what are the big trends that you see that are impacting their business and the challenges that they're facing? >> Yeah, that's great. So kind of ties into what I just said. Today we live in a data-driven society. Everything that we do is really driven by how the customer wants to engage. And that's both an internal customer and your end user customers, on how they want to engage, how they want to consume and how they want to interact with everything out there in the world, right? So the real trends is really around engaging with the customer, but that means that you need to be data-driven, you need to adopt AI platforms, you need to adopt a more holistic view of what you're doing with your customers. That drives up the importance of the data that you have in your shop, right? So then cybersecurity becomes extremely important, not just because of the technical skills of the hacker is getting better and better, but because we're becoming more reliant on the data that we have moving forward and we're proud to partner with Infinidat in leveraging InfiniGuard and Infinni safe to really protect our customer's data. >> Great. Eric, thinking about the trends and some of the issues that Stan just mentioned, when you think about the launch and the announcement that you just made, how do you see it fitting in to Stan's business? How's how it's going to help the end customers? >> Well, I think there's one key aspect. As noted in the fortune survey of CEOs in 2021. The number one concern of CEOs of the fortune 500, was cybersecurity and they saw that as biggest threat to their business. As Stan pointed out, that becomes of the importance of the digital data, that all companies generate, of all types, financial services, healthcare, government institutions, manufacturing, you name it. So one of the key things you've got to do, is make sure that your storage estate, fits into an overall cybersecurity strategy. And with InfiniGuard, or Ifini safe technologies, we can ensure that Stan's customers and customers of our other business partners all over the world, can make sure that the data is safe, protected and can help them form a malware or ransomware attack, against that valuable data set. >> Well then you know, one of you guys could come with, I mean, we talked to CSOs and they've told us that there be could in part due to the pandemic, largely actually, their whole strategy has changed. Their spending strategies changed, no longer than just sort of putting up hardware firewalls. They're shifting their focus to two different areas, obviously endpoint, you know, cloud security is a big deal, identity access management, but ransomware, is just top of mind for everybody. And as we talked about earlier, the exposure, now the weak links, whether you're working from home, or Stan you mentioned greater sophistication of hacker. So what are you hearing from customers in this regard, Stan? >> Well, you know I think you have that, right? But then you always have, we've been doing this for 26 years. I've never heard of an IT budget that that's gone up, in any year, right? So, with the sophistication of these hackers that are coming out and the different angles that they're using to get in, it is extremely important for our customers to be very efficient and choose their security strategy and products very wisely, right? I think I read an article a year or so ago that the average enterprise had like something like 27 different security products and imagine a CSO and his team, who is struggling with their budget to manage that. So for us to be able to leverage InfiniGuard and Infini safe and to be able to provide, you know the immutable snapshots. The logical air gas, the physical air backs and offense network for recovery. That's all extremely easy to manage. I mean I talked to my customers on why they have chosen Infinidat, you know through us, right? And one of the things that they always talk about is how easy and how amazing the support is. How easy it is to install, how easy it is to manage. And normally when you have a simple product, right, you think you can sell that to an unsophisticated customers. But my most technical customers really appreciate this, because of the way Infinidat manages itself and provides the tools saying, just for example, the host tools, right? It does it in the way that they do it, so they trust it, so that they can focus on the more important tasks, rather than the tier and feeding other storage environment. >> Yeah, thank you and then when you talk to CSOs, you ask them what's the number one problem, they'll tell you lack of talent and you just nailed it. You've got on average 27 different tools, new tools coming out every day, you're getting billion dollar, VC investments and more and more companies are getting into it. It just adds to that confusion. So Stan, I wonder if you could talk about, specifically InfiniGuard, how it fits into your stack like where and how you're applying it? Maybe you could talk about some specific use cases. >> Oh yeah definitely, you know we have customers in pretty much every vertical, that we're supporting their stores environments and Infinidat plays and all of those verticals with all of our customers. One in particular a healthcare account, one of our very first Infinidat customers and over the years, is become the de facto standard, stores platform that they have. And they also now have InfiniGuard as the backup target for commovault. And this is one of those examples of the very technical discerning customer, that really demands excellence, right? So they love, you know, the three controller setup versus a dual controller set up, they love the availability and the resiliency, but then when it comes to the cybersecurity, before they moved on to this platform, they did have some ransomware attacks and they did have to pay out and it was very public. And, you know, since they've gone onto this platform, they feel much more comfortable. >> Excellent. So Eric, I want to bring you in. So let's talk through some of the options that customers have. You and I were talking earlier about, you know, the local air gap, what is that? You know, the logical air gap if you will and then the physical labor, what patterns are you seeing with customers to really try to protect themselves against some of this ransomware? How are they approaching it? >> Well, first of all, obviously, we with the InfiniGuard, has a purpose built backup appliance can work with all the various backup vendors. But because backup, is one of the first things these sophisticated ransomware, or malware it entity is going to attack. right? Otherwise the CIO will just call up say, hey, do we have a good backup? Let's recover from that. So secondary storage, AK their backup estate, is exactly the first thing they're going to target. And they do it certain viciously of course. So what are the key things we do, is we allow them to take those backup datasets, commvault for example and in Stan's example, or Vain or veritas or IBM Spectrum Protector, many other packages, even directly with databases like with Oracle Armin and allow them to create a mutable snapshots. Can't delete them, can't change them, can alter them. And then we air gap them locally, from the management framework. So in an InfiniGuard, we have a technology known as our day-to-day dupe engines ODDES. Those are really the management scanner for the entire solution. So when we create an immutable snapshots, we create a logical air gap, with ODDES, cannot alter the immutability characteristics, they cannot shorten them, they can not lengthen them, in short we take that management scheme away and create this separation. But we also allow them to replicate those backup datasets to a remote InfiniGuard box. You would set up the exact same parameters, I want to make an immutable snap every day, every 12 hours, every six hours and then you've got the duplicate. Remember the average length, from breach to closure on a cyber attack is 287 days. So once the attack starts, you don't know until they ask you for the ransom, it could be going on for 50 days, a hundred days, 150 days. And it's all done, if you will on the download, hidden. So if by the way, you happen to have a data center fire, or you happen to have a tornado or an earthquake, or some other natural disaster, you still want that data replicated to a secondary site, but then you still want the capability of the cyber resilience, as Stan pointed out. So you can do that. We can create a then a isolated fence network and we can do that on one InfiniGarden. Most of our competitors require two data protection appliances and it's public it's right on their websites. So we save you on some CapEx there and then we can do this near instantaneous recovery. And that's not just of the dataset. Some of the cyber reasons, technology you'll see out there, including on primary storage, only recovers the dataset. We can recover the entire backup data set and all the surrounding environment. So to second that Vain or Veritas, IBM spectrum protect commvault, backup is available. The backup admins or the storage admins, could immediately restored, it's ready to go. And we can do that in 15 to 30 minutes. Now that is being fast to react to a problem. >> So thank you for that. So Stan, I wonder if you could talk about the best practice Eric was just sharing, the local air gap and then the secondary, is that really in the case of a disaster, or is it also to isolate the network? What are you seeing as the gold standard that customers are applying with your advice? >> Yeah, definitely the gold standard would be three sites. We do have a lot of our customers. The one healthcare customer in particular is splits it between two sides and they are actually working with us right now to architect the third site. Just for that fact, we are down in Texas, hurricanes can come in 60, 70, 80 miles on in land. And then there's, you know, hurricane Harvey, right with all the flooding and stuff like that. So they do want to set up a third side. I think that gives them the peace of mind. And you know the whole thing about it is right. You know, having an environment like this means the CSO and his team can focus on preventing attacks, while they're very confident that their infrastructure team, can handle anything that slips by them. >> Okay, great. Thank you. We're about out of time but Eric, I wonder if you could kind of bring us home, give us a summary of, how you see InfiniGuard impacting customers, you know where's that value that business case for them. I wonder if you could just tie that note for us. >> Sure. We want to make sure that we tie everything back, normally technical value, as Stan very eloquently did with several different customers, but what we can do from a business value perspective. So as an example, one of our infiniGuard customers, is a global financial services company and they were using a solution from a different purpose-built backup appliance provider. They switched to us, not only they're able to increase the number of daily backups, from 30,000 to 90,000. So they get better data protection, but on top of that, they cut 40% of their costs. So you want to make sure that while you're doing this, you're doing things like consolidation. One of our other customers, which is in EMEA, in the European area, they had 14 purpose-built backup appliances, seven in one data center and set seven and a second data center. Now they've got two, one in one data center, one of the other, they of course do the local backups right then and there. And then they replicate, from one data center to the other data center. As both data centers are both active data centers, but differ for the other data center. So from their perspective, dramatic reduction of OPEX and CapEx, 14 physical boxes down to two. And of course the associated management of both the manpower side, but why I love to call the watch slots, power and floor. All of those things that go into an OPEX budget, they were cut dramatically, 'cause there's only two systems now, to power cool, et cetera et cetera. Floor space, Rackspace from 14. So wow, did they save money. So I think, it's not only providing that data protection and cyber resilience technology, but doing it in a cost-effective way. And as Stan pointed out, in a highly automated way, that cuts back on the manpower they need to manage these systems, because they're overworked and they need to focus on as Stan pointed out, their AI infrastructure, where they're doing for AI applications, don't have time to deal with it. So the more we automate, the better it is for them and the easier it is for everyone from the end-user perspective, as well as up in through their entire IT chain of command. >> Okay, if you want more information, you can go to infinidatguard.com or it's markiisis.com and check it out, learn about their full stack solution. A little bit about AI. Gentlemen, thanks so much for the conversation today, great to have you. >> Mark and Steve: Thank you, Dave. Now in a moment, I'm going to have some closing thoughts on the market and what we heard today. Thank you for watching the cube. You're a leader in enterprise tech coverage.

(upbeat music) >> Okay, we just covered some of the critical aspects from Infinidat recent announcement and the importance of cyber resilience and fast recovery. Eric Hertzog is back and joining us is Stan Wysocki, who's president of Mark Three Systems. Stan, welcome to the Cube, good to see you. >> Thank you, pleasure to be here. >> Tell us about Mark Three Systems. You specialize in IT infrastructure and artificial intelligence. It says in your website. I'd love to hear more about your business. >> Yeah, yeah, definitely. You know, I think we're a little bit unique in our industry, right? There've been business partners resellers around for, we've been around for 26 years. And in 26 years, we've supported some of largest enterprise customers in the Southeast, with server storage networking virtualization. We have VCP number 94, so we've been doing that from the very beginning. But about six years ago, we realized that IT was changing, that business was changing, that the demands of the customers was changing and we needed to create the full stack message and a full-stack practice. So we hired data scientists and developers in DevOps, MLOps and gave them the environments and the tools that they could use to build experience around AI, ML deep learning. So now when we engage with our customers, not only can we handle the entire enterprise stack that they have, but we can help accelerate them on their adoption of open-source technologies, cloud native development and AI and integrating that into their business processes. >> I love it. You got to keep moving. You've been around for a long time, but you're not just sitting still. I wonder if you could comment in an Eric, I want you to comment as well. From your customer's perspective Stan, what are the big trends that you see that are impacting their business and the challenges that they're facing? >> Yeah, that's great. So kind of ties into what I just said. Today we live in a data-driven society. Everything that we do is really driven by how the customer wants to engage. And that's both an internal customer and your end user customers, on how they want to engage, how they want to consume and how they want to interact with everything out there in the world, right? So the real trends is really around engaging with the customer, but that means that you need to be data-driven, you need to adopt AI platforms, you need to adopt a more holistic view of what you're doing with your customers. That drives up the importance of the data that you have in your shop, right? So then cybersecurity becomes extremely important, not just because of the technical skills of the hacker is getting better and better, but because we're becoming more reliant on the data that we have moving forward and we're proud to partner with Infinidat in leveraging InfiniGuard and Infinni safe to really protect our customer's data. >> Great. Eric, thinking about the trends and some of the issues that Stan just mentioned, when you think about the launch and the announcement that you just made, how do you see it fitting in to Stan's business? How's how it's going to help the end customers? >> Well, I think there's one key aspect. As noted in the fortune survey of CEOs in 2021. The number one concern of CEOs of the fortune 500, was cybersecurity and they saw that as biggest threat to their business. As Stan pointed out, that becomes of the importance of the digital data, that all companies generate, of all types, financial services, healthcare, government institutions, manufacturing, you name it. So one of the key things you've got to do, is make sure that your storage estate, fits into an overall cybersecurity strategy. And with InfiniGuard, or Ifini safe technologies, we can ensure that Stan's customers and customers of our other business partners all over the world, can make sure that the data is safe, protected and can help them form a malware or ransomware attack, against that valuable data set. >> Well then you know, one of you guys could come with, I mean, we talked to CSOs and they've told us that there be could in part due to the pandemic, largely actually, their whole strategy has changed. Their spending strategies changed, no longer than just sort of putting up hardware firewalls. They're shifting their focus to two different areas, obviously endpoint, you know, cloud security is a big deal, identity access management, but ransomware, is just top of mind for everybody. And as we talked about earlier, the exposure, now the weak links, whether you're working from home, or Stan you mentioned greater sophistication of hacker. So what are you hearing from customers in this regard, Stan? >> Well, you know I think you have that, right? But then you always have, we've been doing this for 26 years. I've never heard of an IT budget that that's gone up, in any year, right? So, with the sophistication of these hackers that are coming out and the different angles that they're using to get in, it is extremely important for our customers to be very efficient and choose their security strategy and products very wisely, right? I think I read an article a year or so ago that the average enterprise had like something like 27 different security products and imagine a CSO and his team, who is struggling with their budget to manage that. So for us to be able to leverage InfiniGuard and Infini safe and to be able to provide, you know the immutable snapshots. The logical air gas, the physical air backs and offense network for recovery. That's all extremely easy to manage. I mean I talked to my customers on why they have chosen Infinidat, you know through us, right? And one of the things that they always talk about is how easy and how amazing the support is. How easy it is to install, how easy it is to manage. And normally when you have a simple product, right, you think you can sell that to an unsophisticated customers. But my most technical customers really appreciate this, because of the way Infinidat manages itself and provides the tools saying, just for example, the host tools, right? It does it in the way that they do it, so they trust it, so that they can focus on the more important tasks, rather than the tier and feeding other storage environment. >> Yeah, thank you and then when you talk to CSOs, you ask them what's the number one problem, they'll tell you lack of talent and you just nailed it. You've got on average 27 different tools, new tools coming out every day, you're getting billion dollar, VC investments and more and more companies are getting into it. It just adds to that confusion. So Stan, I wonder if you could talk about, specifically InfiniGuard, how it fits into your stack like where and how you're applying it? Maybe you could talk about some specific use cases. >> Oh yeah definitely, you know we have customers in pretty much every vertical, that we're supporting their stores environments and Infinidat plays and all of those verticals with all of our customers. One in particular a healthcare account, one of our very first Infinidat customers and over the years, is become the de facto standard, stores platform that they have. And they also now have InfiniGuard as the backup target for commovault. And this is one of those examples of the very technical discerning customer, that really demands excellence, right? So they love, you know, the three controller setup versus a dual controller set up, they love the availability and the resiliency, but then when it comes to the cybersecurity, before they moved on to this platform, they did have some ransomware attacks and they did have to pay out and it was very public. And, you know, since they've gone onto this platform, they feel much more comfortable. >> Excellent. So Eric, I want to bring you in. So let's talk through some of the options that customers have. You and I were talking earlier about, you know, the local air gap, what is that? You know, the logical air gap if you will and then the physical labor, what patterns are you seeing with customers to really try to protect themselves against some of this ransomware? How are they approaching it? >> Well, first of all, obviously, we with the InfiniGuard, has a purpose built backup appliance can work with all the various backup vendors. But because backup, is one of the first things these sophisticated ransomware, or malware it entity is going to attack. right? Otherwise the CIO will just call up say, hey, do we have a good backup? Let's recover from that. So secondary storage, AK their backup estate, is exactly the first thing they're going to target. And they do it certain viciously of course. So what are the key things we do, is we allow them to take those backup datasets, commvault for example and in Stan's example, or Vain or veritas or IBM Spectrum Protector, many other packages, even directly with databases like with Oracle Armin and allow them to create a mutable snapshots. Can't delete them, can't change them, can alter them. And then we air gap them locally, from the management framework. So in an InfiniGuard, we have a technology known as our day-to-day dupe engines ODDES. Those are really the management scanner for the entire solution. So when we create an immutable snapshots, we create a logical air gap, with ODDES, cannot alter the immutability characteristics, they cannot shorten them, they can not lengthen them, in short we take that management scheme away and create this separation. But we also allow them to replicate those backup datasets to a remote InfiniGuard box. You would set up the exact same parameters, I want to make an immutable snap every day, every 12 hours, every six hours and then you've got the duplicate. Remember the average length, from breach to closure on a cyber attack is 287 days. So once the attack starts, you don't know until they ask you for the ransom, it could be going on for 50 days, a hundred days, 150 days. And it's all done, if you will on the download, hidden. So if by the way, you happen to have a data center fire, or you happen to have a tornado or an earthquake, or some other natural disaster, you still want that data replicated to a secondary site, but then you still want the capability of the cyber resilience, as Stan pointed out. So you can do that. We can create a then a isolated fence network and we can do that on one InfiniGarden. Most of our competitors require two data protection appliances and it's public it's right on their websites. So we save you on some CapEx there and then we can do this near instantaneous recovery. And that's not just of the dataset. Some of the cyber reasons, technology you'll see out there, including on primary storage, only recovers the dataset. We can recover the entire backup data set and all the surrounding environment. So to second that Vain or Veritas, IBM spectrum protect commvault, backup is available. The backup admins or the storage admins, could immediately restored, it's ready to go. And we can do that in 15 to 30 minutes. Now that is being fast to react to a problem. >> So thank you for that. So Stan, I wonder if you could talk about the best practice Eric was just sharing, the local air gap and then the secondary, is that really in the case of a disaster, or is it also to isolate the network? What are you seeing as the gold standard that customers are applying with your advice? >> Yeah, definitely the gold standard would be three sites. We do have a lot of our customers. The one healthcare customer in particular is splits it between two sides and they are actually working with us right now to architect the third site. Just for that fact, we are down in Texas, hurricanes can come in 60, 70, 80 miles on in land. And then there's, you know, hurricane Harvey, right with all the flooding and stuff like that. So they do want to set up a third side. I think that gives them the peace of mind. And you know the whole thing about it is right. You know, having an environment like this means the CSO and his team can focus on preventing attacks, while they're very confident that their infrastructure team, can handle anything that slips by them. >> Okay, great. Thank you. We're about out of time but Eric, I wonder if you could kind of bring us home, give us a summary of, how you see InfiniGuard impacting customers, you know where's that value that business case for them. I wonder if you could just tie that note for us. >> Sure. We want to make sure that we tie everything back, normally technical value, as Stan very eloquently did with several different customers, but what we can do from a business value perspective. So as an example, one of our infiniGuard customers, is a global financial services company and they were using a solution from a different purpose-built backup appliance provider. They switched to us, not only they're able to increase the number of daily backups, from 30,000 to 90,000. So they get better data protection, but on top of that, they cut 40% of their costs. So you want to make sure that while you're doing this, you're doing things like consolidation. One of our other customers, which is in EMEA, in the European area, they had 14 purpose-built backup appliances, seven in one data center and set seven and a second data center. Now they've got two, one in one data center, one of the other, they of course do the local backups right then and there. And then they replicate, from one data center to the other data center. As both data centers are both active data centers, but differ for the other data center. So from their perspective, dramatic reduction of OPEX and CapEx, 14 physical boxes down to two. And of course the associated management of both the manpower side, but why I love to call the watch slots, power and floor. All of those things that go into an OPEX budget, they were cut dramatically, 'cause there's only two systems now, to power cool, et cetera et cetera. Floor space, Rackspace from 14. So wow, did they save money. So I think, it's not only providing that data protection and cyber resilience technology, but doing it in a cost-effective way. And as Stan pointed out, in a highly automated way, that cuts back on the manpower they need to manage these systems, because they're overworked and they need to focus on as Stan pointed out, their AI infrastructure, where they're doing for AI applications, don't have time to deal with it. So the more we automate, the better it is for them and the easier it is for everyone from the end-user perspective, as well as up in through their entire IT chain of command. >> Okay, if you want more information, you can go to infinidatguard.com or it's markiisis.com and check it out, learn about their full stack solution. A little bit about AI. Gentlemen, thanks so much for the conversation today, great to have you. >> Thank you, Dave. Now in a moment, I'm going to have some closing thoughts on the market and what we heard today. Thank you for watching the cube. You're a leader in enterprise tech coverage.

>>from around the globe. It's the Cube >>with digital coverage of VM World 2020 brought to you by VM Ware and its ecosystem partners. Hello and welcome back to the VM World 2020 Virtual coverage with the Cube Virtual I'm John for day. Volonte your hosts our 11th year covering VM. We'll get a great guest Greg Lavender, SBP and the CTO of VM. Where, uh, welcome to the Cube. Virtual for VM World 2020 Virtual Great. Thanks for coming on. >>Privileged to be here. Thank you. >>Um, really. You know, one of the things Dave and I were commenting with Pat on just in general start 11th year covering VM world. Uh, a little difference not face to face. But it's always been a technical conference. Always a lot of technical innovation. Project Monterey's out there. It's pretty nerdy, but it's a it's called the catnip of the future. Right? People get excited by it, right? So there's really ah lot of awareness to it because it kinda it smells like a systems overhaul. It smells like an operating system. Feels like a, you know, a lot of moving parts that are, quite frankly, what distributed computing geeks and software geeks love to hear about and to end distributed software intelligence with new kinds of hardware innovations from and video and whatnot. Where's that innovation coming from? Can you share your thoughts on this direction? >>Yeah, I think first I should say this isn't like, you know, something that just, you know, we decided to do, you know, six months ago, actually, in the office of C T 04 years ago, we actually had a project. Um, you know, future looking project to get our core hyper visor technology running on arm processors and that incubated in the office of the CTO for three years. And then last December, move the engineering team that had done that research and advanced development work in the office of the CTO over to our cloud platforms business unit, you know, and smart Knicks, you know, kind of converged with that. And so we were already, you know, well along the innovation path there, and it's really now about building the partnerships we have with smart nick vendors and driving this technology out to the benefit of our customers who don't want to leverage it. >>You get >>Greg, I want if you could clarify something for me on that. So Pat talked about Monterey, a complete re architect ing of the i o Stack. And he talked about it affecting in video. Uh, intel, melon, ox and Sandoz part of that when he talks about the Iot stack, you know, specifically what are we talking about there? >>So you know any any computing server in the data center, you know, in a cola facility or even even in the cloud, you know? Ah, large portion of the, you know CPU resource is, and even some memory resource is can get consumed by just processing. You know, the high volumes of Iot that's going out, you know, storage devices, you know, communicating between the different parts of multi tiered applications. And so there's there's a there's an overhead that that gets consumed in the course server CPU, even if its multi core multi socket. And so by offloading that a lot of that I owe work onto the arm core and taking advantage of the of the hardware offloads there in the smart Knicks, you can You can offload that processing and free up even as much as 30% of the CPU of a server, multi socket, multicourse server, and give that back to the application so that the application gets the benefit of that extra compute and memory resource is >>So what about a single sort of low cost flash tear to avoid the complexities of tearing? Is that part of the equation? >>Well, you know, you can you can, um you know, much storage now is network attached. And so you could if it's all flash storage, you know, using something like envy me fabric over over Ethernet, you can essentially build large scale storage networks more efficiently, you know more cheaply and take advantage of that offload processing, uh, to begin to reduce the Iot Leighton. See, that's required taxes. That network attached storage and not just storage. But, you know, other devices, you know, that you can use you could better network attached. So disaggregated architectures is term. >>Uh, is that a yes? Or is that a stay tuned? >>Yeah, Yeah, yeah, yeah, yes. I mean the storage. You know, more efficient use of different classes of storage and storage. Tearing is definitely a prime use case there. >>Yeah, great. Thank you. Thanks for that. John, >>How could people think about the edge now? Because one of the things that's in this end to end is the edge. Pat brought it up multi cloud and edge or two areas that are extending off cloud and hybrid. What should people think about the innovation equation around those things? Is that these offload techniques? What specifically in the systems architecture? Er, do you guys see as the key keys there? >>So so, you know, edges very diversified, heterogeneous place, Uh, in the architectures of multi cloud services. So one thing we do know is, you know, workload. I would like to say workload follows data, and a lot of the data will be analyzed, the process at the edge. So the more that you can accelerate that data processing at the edge and apply some machine learning referencing at the edge were almost certainly gonna have kubernetes everywhere, including the edge. So I think you're seeing a convergence of the hardware architectures er the kubernetes control plane and services and machine learning workloads. You know, traveling to the edge where the where the data is going to be processed and actions could be taken autonomously at the edge. So I think we're in this convergence point in the industry where all that comes together. >>How important do you >>do you see that? Okay, John, >>how important is the intelligence piece? Because again, the potatoes at the edge. How do you guys see the data architecture being built out there? >>Um, well, again, it's depending on the other. The thick edge of the thin edge. You know, you're gonna have different, different types of data, and and again, a lot of the the inference thing that could happen at the edges. Going to, I think, for mawr, you know, again to take action at the edges, opposed to calling home to a cloud, you know, to decide what to do. So, depending on, you know, the computational power and the problem with its video processing or monitoring, you know, sensors, Aaron, oil. Well, the kind of interesting that will happen at the edge will will be dependent on that data type and what kind of decisions you want to make. So I think data will be moving, you know, from the edge to the cloud for historical analytics and maybe transitional training mechanisms. But, you know, the five G is gonna play heavily into this is well right for the network connectivity. So we read This unique point is often occurs in the industry every few years of all these technology innovations converging to open up an entirely new platform in a new way of computing that happens at the edge, not just in your data center at the cloud. >>So, Greg, you did a fairly major stint at a large bank. What would something you mentioned? You know, like an oil rig. But what would something like these changes mean for a new industry like banking or financial? Uh, will it have an impact there and put on your customer hat for a minute and take us through that >>e? You know, eight machines, you know, branches, chaos. You know, there's all make banks always been a very distributed computing platform. And so, you know, people want to deliver mawr user experience, services, more video services. You know all these things at the edge to interact positively with the customer without using the people in the loop. And so the banking industry has already gone through the SD when, and I want transformation to deliver the bandwidth more capably to the edge. And I just think that they'll just now be able to deliver Mawr Edge services that happened can happen more autonomously at the edge is opposed that having the hairpin home run everything back to the data center. >>Awesome. Well, Pat talks about the modern platform, the modern companies. Greg, I wanna ask you because we're seeing with Kovar, there's to use cases, you know, the people who don't have a tailwind, Um, companies that are, you know, not doing well because there's no business that you have there modernizing their business while they have some downtime. Other ones have a tailwind. They have a modern app that that takes advantage, this covert situation. So that brings up this idea of what is a modern app look like? Because now, if you're talking about a distributed architecture, some of things you're mentioning around inference, data edge. People are starting to think about these modern naps, and they are changing the game for the business. Now you have vertical industries. You mentioned oil and gas, you got financial services. It used to be you had industry solution. It worked like that and was siloed. Now you have a little bit of a different architectures. If we believe that we're looking up, not down. Does it matter by industry? How should people think about a modern application, how they move faster? Can you share your insights into into some of this conceptual? What is a modern approach and does it doesn't matter by vertical or industry. >>Yes, I mean, certainly over the course of my career, I mean, there's there's a massive diversity of applications. And of course, you know, the explosion of mobile and edge computing is just another sort of sort of use cases that will put demands on the infrastructure in the architecture and the networking. So a modern, a modern app I mean, we historically built sort of these monolithic app. So we sort of built these sort of three tier apse with, you know, sort of the client side, the middleware side. The database back in is the system of record. I mean, this is even being more disaggregated in terms of, you know, the the consumer edges both not just web here, but mobile tear. And, you know, we'll see what emerges out of that. The one thing for sure that is that, um they're becoming less monolithic and mawr a conglomeration of sass and other services that are being brought together, whether it's from the cloud services or whether it's s, you know, SBS delivering, you know, bring your own software. Um, and they're becoming more distributed because people need operated higher degrees of scale. There's a limit to Virgil vertical scaling, so you have to go to horizontal scaling, which is what the cloud is really good at. So I think all these things were driving a whole new set of technologies like next generation AP gateways. Message Busses, service mesh. We're announcing Tanzi's service message being world. Um, you know, this is just allowing allowing that application to be disaggregated and then integrated with other APS assassin services that allow you to get faster time to market. So speed of delivery is everything. So modern C I. C d. Modern software, technology and ability to deploy and run that workload anywhere at the edge of the core in the data center in the cloud. >>So when you do in your re architecture like this, Greg, I mean you've seen over the course of history in our industry you've seen so many companies have hit a wall and in VM, whereas it's just amazing engineering culture. How are you able toe, you know, change the engine mid flight here and avoid like, serious technical debt. And I mean, it took, you know, you said started four years ago, but can you give us a peek inside? You know, that sort of transformation and how you're pulling that off? >>Well, I mean, we're providing were delivered the platform and, you know, spring Buddhas a key, you know, technology that's used widely across the industry already, which is what we've got is part of our pivotal acquisition. And so what we're just trying to do is just keep keep delivering the technology and the platform that allows people to go faster with quality security and safety and resiliency. That's what we do really well at VM ware. So I think you're seeing more people building these APS Cloud native is opposed to, you know, taking an existing legacy app In trying to re factor it, they might do what it called e think somebody's called two speed architectures. Take the user front, end the consumer front in, and put that cloud native in the cloud. But the back end system of record still runs in the private cloud in a highly resilient you know, backed up disaster recovered way. So you're having, I think, brand new cloud native APS we're seeing. And then you're seeing people very carefully because there's a cost to it of looking at How do I basically modernized the front end but maintain the reliability of the scalability of security and the reliability of that sort of system of record back in? So either way, it's it's winning for the companies because they could do faster delivery to their businesses and their clients and their partners. But you have to have the resiliency and reliability that were known for for running those mission critical workloads, >>right? So the scenario is that back end stays on premise on the last earnings call, I think, Pat said, or somebody said that, that I think I just they said on Prem or maybe the man hybrid 30 to 40% cheaper, then doing it in the cloud. I presume they were talking about those kind of back end systems that you know you don't wanna migrate. Can you add some color that again from your customer perspective That the economics? >>Yeah. You know, um, somebody asked me one time what's really a cloud. Greg and I said, automation, automation, automation you can take you can take You can take your current environments and highly automate the release. Lifecycle management develop more agile software delivery methods. And so therefore, you could you could get sort of cloud benefits, you know, from your existing applications by just highly optimizing them and, you know, on the cost of goods and services. And then again, the hybrid cloud model just gives customers more choice, which is okay. I want to reduce the number of data centers I have, but I need to maintain reliability, scalability, etcetera. Take advantage of, you know, the hybrid cloud that we offer. But you'll still run things. Cloud natives. I think you're seeing this true multi cloud technology and paradigm, you know, grow out as people have these choices. And then the question is okay. If you have those choices, how do you maintain security? How do you maintain reliability? How do you maintain up time yet be able to move quickly. And so I think there's different speeds in which those platforms will evolve. And our goal is to give you the ability to basically make those choices and and optimize for economics as well as technical. You know, capability. >>Great. I want to ask you a question with Cove it we're seeing and we've been reporting the Cube virtual evolve because we used to be it at events, but we're not there anymore. But the as everyone has realized with cove it it's exposed some projects that you might not want to double down on or highlighted some gaps in architecture. Er, I mean, certainly who would have forecast of the disruption of 100% work from home VP and provisioning to access and access management security, and it really is exposed. What kind of who's where in the journey, Right in digital transformation. So I gotta ask you, what's the most important story or thing to pay attention, Thio as the smart money and smart customers go, Hey, you know what? I'm gonna double down on that. I'm gonna kill that project or sunset. That or I'm not gonna re factor that I'm gonna contain Arise it and there's probably there's a lot of that going on. In our conversations with customers, they're like it's pretty obvious. It's critical path. It's like we stay in business. We build a modern app, but I'm doubling down. I'm transitioning. It's a whole nother ballgame. What >>is >>the most important thing that you see that people should pay attention to around maintaining an innovation and coming out on the other side? >>Yeah, well, I think I think it just generally goes to the whole thesis of software defined. I mean, you know the idea of taking an appliance physical, You know, you have to order the hardware, get it on your loading dock, install in your data center. You know, go configure it, mapping into the rest of your environment. You know, whereas or you could just spend up new, softer instances of load balancers, firewalls, etcetera. So I think you know what's What's really helped in the covert era is the maturity of software to find everything. Compute storage, networking. Lan really allowed customers and many of our customers toe, you know, rapidly make that pivot. And so you know what? It's the you know, the workspace, the remote workspace. You gotta secure it. That's a key part of it, and you've got to give it. You know, you gotta have the scalability back in your data centers or, if you don't have it, be able to run those virtual desktops you know, in the cloud. And I think so. This ability again to take your current environment and, more importantly, your operating model, which, you know the technology could be agile and fast. But if you're operating models not agile, you know you can't executed Well, One of the best comments I heard from a customer CEO was, you know, for six months we debated, you know, the virtual networking architecture and how to deploy the virtual network. And, you know, when covet hit. We made the decision that did it all in one week. So the question the CEO asked now is like Well, why do we Why do we have to operate in that six month model going forward? Let's operate in the one week model going forward. E. I think that that z yeah, that's e think that's the big That's a big inflection point is the operating model has to be agile. We got all kinds of agile technology and choices I mentioned it's like, How do you make your organization agile to take advantage of those technological offerings? That's really what I've been doing the last six months, helping our customers achieve. >>I think that's a key point worth calling out and doubling down on day because, you know, whether you talk about our q Q virtual, our operating model has changed and we're doing new things. But it's not bad. It's actually beneficial. We could talk to more people. This idea of virtual ization. I mean pun intended virtual izing workforces face to face interactions air now remote. This is a software defined operating business. This is the rial innovation. I think this is the exposure. As companies wake up and going. Why didn't we do that before? Reminds me of the old mainframe days. Days? You know, why do we have that mainframe? Because they're still clutching and grabbing onto it. They got a transition. So this is the new the new reality. >>We were joking earlier that you know it ain't broke, don't fix it. And all of a sudden Covic broke everything. And so you know, virtualization becomes a fundamental component of of of how you respond. But and I wonder if Greg you could talk about the security. Peace? How how that fits in. You know everybody you know, the bromide, of course, is security can't be a bolt on. It's gotta be designed in from the start, Pat Gelsinger said years ago in the Cube. Security is a do over. You guys have purchased many different security components you've built in. Security comes. So how should we think about? And how are you thinking about designing insecurity across that entire stack without really bolting in, You know, pieces, whether it's carbon, carbon, black or other acquisitions that you've made? >>Yeah, I mean, I think that's that's the key. Inflection point we're in is an industry. I mean, getting back to my banking experience, I was responsible for cybersecurity, engineering the platforms that we engineered and deployed across the bank globally. And the challenge, the challenge. You know, that's I had, you know, 150 plus security products, and you go to bed at night wondering what? Which one did I forget to deploy or what did I get that gap? Do you think you think you're safe by the sheer number, but when you really boil down to it is like, you know, because you have to sort of like both all this stuff together to create a secure environment, you know, on a global level. And so really, our philosophy of VM where is Okay? Well, let's kind of break that model. That's what we call it intrinsic security, which is just, you know, we have the hyper visor. If you're running, the hyper visor is running on most of the service in your data center. If we have your if you have our network virtualization, we see all the traffic going between all those hyper visors and out to the cloud as well hybrid cloud or public cloud with our NSX technology. And then, you know, then you sort of bring into that the load balancers and the software to find firewalls. And pretty soon you have realized Okay, look, we have we have most of the estate. Therefore we could see everything and bring some intelligent machine learning to that and get proactive as opposed to reactive. Because our whole model now is we. All this technology and some alert pops and we get reactive. How about proactively telling me that something nasty is going on. >>I need to ask you a >>question. May be remediated. Sorry, John. It may be remediated at some point anyway. Bring in some machine intelligence tow. So instead of like you said, getting an alert actually tells me what what happened and how it was fixed, you know? Or at least recommending what I should dio, right? >>Yeah. I mean, part of the problem in the historic architectures is it was all these little silos. You know, every business unit had its own sort of technology. And Aziz, you make things virtualized. You you sort of do the virtual networking. The virtual stories of virtual compute all the software. You know, all of a sudden you have you have a different platform, you have lots of standardization. Therefore you don't have your operating model simplifies right and amount of and then it's about just collecting all the data and then making sense of the data. So you're not overwhelming the human's capacity to respond to it. And so I think that's really the fundamental thing we're all trying to get to. But the surface area is enlarged outside the data centers we've discussed out to the edge, whatever the edges, you know, into the cloud hybrid or public. So now you've got this big surface area where you've gotta have all that telemetry and all that visibility again, Back to getting proactive. So you got to do it in Band is opposed out of band. >>Great. I want to ask you a question on cyber security. We have an event on October 4th, the virtual event that Cuba is hosting with Cal Poly around this space and cybersecurity, symposiums, intersection of space and cyber. I noticed VM Ware recently announced last month that the United States Space Force has committed to the Tan Xue platform for for Continuous Dev ops operation for agility. I interviewed Lieutenant General John Thompson, Space Force, and we talked about that. He said quote, it's hard to do break fix in space. Uh, illustrating, really? Just can't send someone to swap out something in space. Not yet, at least. So they're looking at software defined as a key operating reality. Okay, so again, talk about the edge of space Isas edges. You're gonna get it. Need to be completely mad and talk about payloads and data. This >>is kind >>of interesting data point because you have security issues because space is gonna be contested and congested as an edge device. So it's actually the government's interested in that. But fundamentally, the death hops problem that you're you guys are involved in This >>is a >>reality. It's kind of connects this reality idea of operating models based in reality have to be software. What's >>your name? Yeah. I mean, I think the term we use now is def sec ops because you can't just do Dev ops. You have to have the security component in there, So, uh, yeah, the interesting. You know, like, there's a lot of interesting things happen just in fundamental networking, right? I mean, you know, the StarLink, you know, satellites at Testa. His launched Elon musk has launched and, you know, bringing sort of, you know, higher band with laurel agency to those. Yeah, we'll call it near space the and then again, just opens up all new opportunities for what we can dio. And so, Yeah, I think that's the software that the whole the whole saw for development ecosystem again, back to this idea. I think of three things. You gotta have speed. You gotta have scale and you gotta have security. And so that's really the emerging platform, whether it's a terrestrial or in near space, Uh, that's giving us the opportunity, Thio Do new architectures create service measures of services, some terrestrial, some some you know, far remote. And as you bring these new application architectures and system platform architectures together with all the underlying hardware and networking innovations that are occurring, you mentioned flash. But even getting into pmm persistent memory, right? So this this is so much happening that is converging. What's exciting to me about being a TV? Where is the CTO and we partner with all the hardware vendors? We partner with all the system providers, like in video and others. You know, the smart nick vendors. And then we get to come up with software architectures that sort of bring that together holistically and give people a platform. We can run your workloads to get work done wherever you need to land those workloads. And that's really the excitement about >>the candy store. And yet you've got problems hard problems to work on to solve. I mean, this really brings the whole project moderate, full circle because we think about space and networks and all these things you're talking about, You need to have smart everything. I mean, isn't that software? It's a complete tie into the Monterey. >>Yeah, yeah, yeah, Exactly. You're right. It's not just it's not just connecting everything and pushing data around its than having the intelligence to do it efficiently, economically, insecurely. And that's you know. So I see that you don't want to over hype machine learning. I did not to use the term AI, but use the machine learning technologies, you know, properly trained with the proper data sets, you know, and then the proper algorithms. You know that you can then a employee, you know, at the edge small edge, thick edge, you know, in the data center at the cloud is really Then you give the visibility so that we get to that proactive world I was talking about. >>Yeah, great stuff, Greg. Great insight, great conversation. Looking forward to talking mawr Tech with you. Obviously you are in the right spot was in the center of all the action across the board final point. If you could just close it out for us. What is the most important story at VM World 2020 this year. >>Um, well, I think you know, I like to say that I have the best job. I think you know that I've had in my career. I've had some great ones is you know, we get to be disruptive innovators, and we have a culture of perpetual innovation and really being world for us, Aly employees and all the people that work together to put it together is we get to showcase. You know, some of that obviously have more up our sleeves for the future. But, you know, being world is are, you know, coming coming out out show of the latest set of innovations and technologies. So there's going to be so much I have, ah, vision and innovation. Keynote kickoff, right. Do some lightning demos. And actually, I talk about work we're doing in sustainability, and we're putting a micro grid on our campus in Palo Alto and partnership with City of Palo Alto so that when the wildfires come through or there is power outages, you know we're in oasis of power generating capacity with our solar in our batteries. And so the city of Palo Alto could take their emergency command vehicles and plug into our batteries when the power is out in Palo Alto and operate city services and city emergency services. So we're not just innovating, you know, in cortex we're innovating to become a more, you know, sustainable company and provide sustainable, you know, carbon neutral technology for our customers to adopt. And I think that's an area we wanna talk about me. We talk about it next time, but I think you know our innovations. We're gonna basically help change the world with regard to climate as well. >>Let's definitely do that. Let's follow up for another in depth conversation on the societal impact. Of course, VM Ware VM Ware's VM World's 2020 is virtual is a ton of sessions. There's a Cloud City portion. Check out the 60 solution demos. Of course, they ask the expert, Greg, you're in there with Joe Beta Raghu, all the experts, um, engage and check it out. Thank you so much for the insight here on the Cube. Virtual. Thanks for coming on. >>Appreciate the opportunity. Great conversation and good questions. >>Great stuff. Thank you very much. Innovation that vm where it's the heart of their missions always has been, but they're doing well on the business side, Dave. Okay. The cube coverage. They're not there in person. Virtual. I'm John for day. Volonte. Thanks for watching.

>> Narrator: From around the globe its the Cube, covering HPE Discover Virtual Experience brought to you by HPE. >> Hi everybody this is Dave Vellante and welcome back to the Cube's coverage of HPE's Discover 2020 the Virtual Experience the Cube. The Cube has been virtualized We like to say Am very happy to welcome in Neil McDonalds, he's the General Manager for Compute at HPE. Great to see you again Neil, wish we were face to face, but this will have to do. >> Very well, it's great to see you Dave. Next time we'll do this face to face. >> Next time we have hopefully next year. We'll see how things are going, but I hope you're safe and your family's all good and I say it's good to talk to you, you know we've talked before many times you know, it's interesting just to know the whole parlance in our industry is changing even you know Compute in your title, and no longer do we think about it as just sort of servers or a box you guys are moving to this as a service notion, really it's kind of fundamental or, poignant that we see this really entering this next decade. It's not going to be the same as last decade, is it? >> No, I think our customers are increasingly looking at delivering outcomes to their customers in their lines of business, and Compute can take many forms to do that and it's exciting to see the evolution and the technologies that we're delivering and the consumption models that our customers are increasingly taking advantage of such as GreenLake. >> Yes so Antonio obviously in his Keynote made a big deal in housing previous Keynotes about GreenLake, a lot of themes on you know, the cloud economy and as a service, I wonder if you could share with our audience, you know what are the critical aspects that we should know really around GreenLake? >> Well, GreenLake is growing tremendously for us we have around a thousand customers, delivering infrastructure through the GreenLake offerings and that's backed by 5,000 people in the company around the world who are tuning an optimizing and taking care of that infrastructure for those customers. There's billions of dollars of total contract value under GreenLake right now, and it's accelerating in the current climate because really what GreenLake is all about is flexibility. The flexibility to scale up, to scale down, the ability to pay as you use the infrastructure, which in the current environment, is incredibly helpful for conserving cash and boosting both operational flexibility with the technology, but also financial flexibility, in our customer's operations. The other big advantage of course at GreenLake is it frees up talent most companies are in the world of challenges in freeing up their talent to work on really impactful business transformation initiatives, we've seen in the last couple of quarters, an even greater acceleration of digital transformation work for example and if all of your talent is tied up in managing the existing infrastructure, then that's a drain on your ability to transform and in some industries even survive right now, so GreenLake can help with all of those elements and, with all of the pressure from COVID, it's actually becoming even more consumed, by more and more customers around the world it's- >> Yeah right I mean that definitely ties into the whole as a service conversation as well I mean to your point, you know, digital transformation you know, the last couple of years has really accelerated, but I feel yeah, I feel like in the last 90 days, it's accelerated more than it has in the last three years, because if you weren't digital, you really had no way to do business and as a service has really played into that so I wonder if you could talk about yours as a service, you know, posture and thinking. >> Well you're absolutely right Dave organizations that had not already embarked on a digital transformation, have rapidly learned in our current situation that it's not an optional activity. Those that were already on that path are having to move faster, and those that weren't are having to develop those strategies very rapidly in order to transform their business and to survive. And the really new thing about GreenLake and the other service offerings that we provide in that context is how it can accelerate the deployment. Many companies for example, have had to deal with VDI deployments in order to enable many more of their workforce to be productive when they can't be in the office or in the facility and a solution like GreenLake can really help enable very rapid deployment and build up but not just VDI many other workloads in high performance Compute or in SAP HANA for example, are all areas that we're bringing value to customers through that kind of as a service offering. Yeah, a couple of examples Nokia software is using GreenLake to accelerate their research and development as they drive the leadership and the 5G revolution, and they're doing that at a fraction of the cost of the public cloud. We've got Zanotti, which has built a private cloud for artificial intelligence and HPC is being used to develop the next generation of autonomous software for cars. And finally, we've got also Portion from Arctic who have built a fully managed hybrid cloud environment to accelerate all the application development without having to bear the traditional costs of an over-provisioned complex infrastructure. So all of our customers are relying on that because Compute and Innovation is just at the core of the digital transformations that everybody is embarked on as they modernize their businesses right now and it's exciting to be able to be part of that and to be able to do there, to help. >> So of course in the tech business innovation is the you know the main spring of growth and change, which is constant in our industry and I have a panel this week with Doctor Go talking about swarm learning in AI, and that's some organic innovation that HPE is doing, but as well, you've done some, M&A as well. Recently, you guys announced and we covered it a pretty major investment in Pensando Systems. I wonder if you could talk a little bit about what, that means to the Compute business specifically in, HPE customers generally. >> So that partnership with Pensando was really exciting, and it's great to see the momentum that its building in delivering value to our customers, at the end of the day we've been successful with Pensando in building that momentum in very highly regulated industries and the value that is really intrinsic to Pensando is the simplifying of the network architecture. Traditionally, when you would manage an enterprise network environment, you would create centralized devices for services like load balancing or firewalls and other security functionality and all the traffic in the data center would be going back and forth, tromboning across the infrastructure as you sought to secure your underlying Compute. The beauty of the Pensando technology is that we actually push that functionality all the way out to the edge at the server so whether those servers are in a data center, whether they're in a colocation facility, whether they're on the edge, we can deliver all of that security service that would traditionally be required in centralized expensive, complex, unique devices that were specific to each individual purpose, and essentially make that a software defined set of services running in each node of your infrastructure, which means that as you scale your infrastructure, you don't have a bottleneck. You're just scaling that security capability with the scaling of your computer infrastructure. It takes traffic off your core networks, which gives you some benefits there, but fundamentally it's about a much more scalable, responsive cost-efficient approach to managing the security of the traffic in your networks and securing the Compute end points within your infrastructure. And it's really exciting to see that being picked up, in financial services and healthcare, and other segments that have you know, very high standards, with respect to security and infrastructure management, which is a great complement to the technology from Pensando and the partnership that we have with Pensando and HPE. >> And it's compact too we should share with our audience it's basically a card, that you stick inside of a server correct Neil? >> That's exactly right. Pensando's PCIe card together with HPE servers, puts that security functionality in the server, exactly where your data is being processed and the power of that is several fold, it avoids the tromboning that we talked about back across the whole network every time you've got to go to a centralized security appliance, it eliminates those complex single purpose appliances from the infrastructure, and that of course means that the failure domain is much smaller cause your failure demands a single server, but it also means that as you scale your infrastructure, your security infrastructure scales with the servers. So you have a much simpler network architecture, and as I say, that's being delivered in environments with very high standards for security, which is a really a great endorsement of the Pensando technology and the partnership that HPE and Pensando will have in bringing that technology to market for our customers. >> So if I understand it correctly, the Pensando is qualified for Pro-Lite, Appollo and in Edgelines. My question is, so if I'm one of those customers today, what's in it for me? Are they sort of hopping on this for existing infrastructure, or is it part of, sort of new digital initiatives, I wonder if you could explain. >> So if you were looking to build out infrastructure for the future, then you would ask yourself, why would you continue to carry forward legacy architectures in your network with these very expensive custom appliances for each security function? Why not embrace a software defined approach that pushes that to the edge of your network whether the edge are in course or are actually out on the edge or in your data centers, you can have that security functionality embedded within your Compute infrastructure, taking advantage of Pensandos technologies. >> So obviously things have changed is specifically in the security space, people are talking about this work from home, and this remote access being a permanent or even a quasi-permanent situation. So I wonder if we could talk about the edge and specifically where Aruba fits in the edge, how Pensando compliments. What's HPE's vision with regard to how this evolves and maybe how it's been supercharged with the COVID pandemic. >> So we're very fortunate to have the Aruba intelligent edge technology in the HPE portfolio. And the power of that technology is its focus on the analysis of data and the development of solutions at the site of the data generated. Increasingly the data volumes are such that they're going to have to be dealt with at the edge and given that, you need to be building edge infrastructure that is capable enough and secure enough for that to be the case. And so we've got a great compliment between the, intelligent edge technology within the Aruba portfolio, with all of the incredible management capabilities that are in those platforms combined with technologies like Pensando and our HPE Compute platforms, bring the ability to build a very cohesive, secure, scalable infrastructure that tackles the challenges of having to do this computer at the edge, but still being able to do it in both a secure and easily managed way and that's the power of the combination of Aruba, HPE Compute and Pensando. >> Well, with the expanded threat surface with people working from home organizations are obviously very concerned about compliance, and being able to enforce consistent policies across this sort of new network, so I think what you're talking about is it's very important that you have a cohesive system from a security standpoint you're not just bolting on some solution at the tail end, your comments. >> Well security, always depends on all the links in the chain and one of the most critical links in the chain is the security of the actual Compute itself. And within the HPE compliant platforms, we've done a lot of work to build very differentiated and exclusive capability with our hardware, a Silicon Root of Trust, which is built directly into Silicon. And that enables us to ensure the integrity of the entire boot chain on the security of the platform, drones up in ways that can't be done with some of the other hardware approaches that are prevalent in the industry, and that's actually brought some benefit, in financial terms to our customers because of the certifications that are enabled in the, Cyber Catalyst designations that we've earned for the platforms. >> So we also know from listening to your announcements with Pensando just observing security in general, that this notion of micro-segmentation is very important being able to have increased granularity as opposed to kind of a blob, maybe you could explain why that's important you know, the so what behind micro-segmentation if you will. >> Well it's all about minimizing the threat perimeter on any given device and if you can minimize the vectors through which your infrastructure will interact on the network, then you can provide additional layers of security and that's the power of having your security functionality right down at the edge, because you can have a security processor sitting right in the server and providing great security of the node level you're no longer relying on the network management and getting all of that right and you also have much greater flexibility because you can easily in a software defined environment, push the policies that are relevant for the individual pieces of infrastructure in an automated policy driven way, rather than having to rely on someone in network security, getting the manual configuration of that infrastructure, correct to protect the individual notes. And if you take that kind of approach, and you embed that kind of technology in servers, which are fundamentally robust in terms of security because of the Silicon Root of Trust that we've embedded across our platform portfolio whether that's Pro-line or Synergy or BladeSystem or Edgeline, you get a tremendous combination, as a result of these technologies, and as I mentioned, the being Cyber Catalyst designation is a proof point of that. Last year there we're over 150 security products, put forward for the Sovereign Capitalist designation, and the only a handful were actually awarded I think 17, of which two were HPE Compute and Aruba. And the power of is that many organizations are not having to deal with insurance for Cybersecurity events. And the Catalyst designation can actually lead to lower premiums for the choice of the infrastructure that you've made to such as HPE Compute, has actually enabled you to have a lower cost of insuring your organization against cybersecurity issues, because infrastructure matters and the choice of infrastructure with the right innovation in it is a really critical choice for organizations moving forward in security and in so many other ways. >> Yeah, you mentioned a lot of things there software defined, that's going to enable automation and scale, you talked about the perimeter you know, the perimeter of the traditional moat around the castle that's gone the perimeter, there is no perimeter anymore, it's everywhere so that whole you know, weakest link in the chain and the chain of events. And then the other thing you talked about was the layers you know very important when you're talking to security practitioners you know, building layers in so all of this really is factoring in security in particular, is factoring into customer buying decisions. Isn't it? >> Well security is incredibly important for so many of our customers across many industries. And having the ability to meet those security needs head on is really critical. We've been very successful in leveraging these technologies for many customers in many different industries, you know, one example is we've recently won multiple deals with the Defense Intelligence Systems Agency, who you will imagine have very high standards for security, worth hundreds of millions of dollars of that infrastructure so there's a great endorsement, from the customer set who are taking advantage of these technologies and finding that they deliver great benefits for them in the operational security of their infrastructure. >> Yeah what if I could ask you a question on the edge. I mean, as somebody who is you know, with a company that is really at the heart of technology, and I'm sure you're constantly looking at new companies, M&A you know et cetera, you know inventing tech, but I want to ask you about the architectures for the edge and just in thinking about a lot of data at the edge, not all the data is going to come back to the data center or the cloud, there's going to be a lot of AI influencing going on in real time or near real time. Do you guys see different architectures emerging to support that edge? I mean from a Compute standpoint or is it going to be traditional architectures that support that. >> It's clearly an evolving architectural approach because for the longest time, infrastructure was built with some kind of hub you know, whether or not some data center or in the cloud, around all of the devices at the edge would be essentially calling home, so edge devices historically have been very focused on connectivity on acquisition of data, and then sending that data back for some kind of processing and action at some centralized location. And the reality is that given the amount of data being generated at the edge now given the capability even of the most modern networks, it's simply not possible to be moving those kinds of data volumes all the way back to some remote processing environment, and then communicating a decision for action all the way back up to the edge. First of all, the networks kind of handle the volume data's involved if every device in the world was doing that, and secondly, the latencies are too slow. They're not fast enough in order to be able to take the action needed at the edge. So that means that you have to countenance systems at the edge that are not actually storing data, that are not actually computing upon data, and in a lot of edge systems historically, they would evolve from very proprietary, very vertically integrated systems to Brax PC controller based systems with some form of IP connectivity back to, some central processing environment. And the reality is that if you build your infrastructure that way, you finish up with a very unmanageable fleet, you finish up with a very fragmented, disjointed infrastructure and our perspective is that companies that are going to be successful in the future have to think themselves as an edge to cloud approach. They have to be pursuing this in a way that views, the edge, the data center, and the cloud as part of an integrated continuum, which enables the movement of data when needed you heard about the swarm learning that you talked about with my colleague Doctor Go, where there's a balance of what is computed, where in the infrastructure, and so many other examples, but you need to be able to move Compute to where the data is, and you need to be able to do that efficiently with a unified approach to the architecture. And that's where assets like the HPE Data Fabric come into play, which enable that kind of unification across the different locations of equipment. It also means you need to think differently about the actual building blocks themselves, in a lot of edge environments, if you take a Classic 19 interact mode Compute device, that was originally designed for the data center it's simply not the right kind of infrastructure. So that's why we have offerings like the Edgeline portfolio and the HPE products there, because they're designed to operate in those environments with different environmentals than you find the data center with different interfaces to systems of action and systems of control, than you'd typically find in a data center environment yet still bringing many of the security benefits and the manageability benefits that we've talked about earlier in our conversation today Dave. So it's definitely going to be an evolving, a new architectural approach at the edge, and companies that are thoughtful about their choice of infrastructure, are going to be much more successful than those that take a more incremental approach, and we were excited to be there to help our customers on that journey. >> Yeah Neil it's a very exciting time I mean you know, much of the innovation in the last decade was found inside the data center and in your world a lot of times you know, inside the server itself but what you're describing is this, end-to-end system across the network and that systems view, and then there's going to be a ton of innovation there and we're very excited for you thanks so much for coming on the Cube it was great to see you again. >> It is great to be here and we're just excited to be here to help our customers, and giving them the best volume for the workloads whether that's taking advantage of GreenLake, taking advantage of the innovative security technologies that we've talked about, or being the edge to cloud platform as a service company that can help our customers transform in this distributed world from the edge to the data center to the cloud. Thanks for having me Dave. >> You very welcome, awesome summary and its always good to see you Neil. Thank you for watching everybody this David Vellante, for the Cube our coverage of the HPE Discover 2020 Virtual Experience, will be right back to the short break. (soft upbeat music)

>>Fly from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angle media. >>Hey, welcome back everybody. Jeff, Rick here with the cube. We're at the RSA conference in downtown San Francisco at Moscone. It's the fourth day of the show, 40,000 some odd people here. It's all about security. It's the biggest security show in the world despite the fact that there were some challenges with the coronavirus this year and you know, people were kind of wondering how that was going to shake out. There's been a lot of kind of weird stuff going on in the conference scene, but a lot of people got here, a lot of conversations around security and we're really happy to have really a seasoned vet. He's been through this cycle of security a couple of times that you said he's done four different startups. We're happy to have him as all of our Fredericks, the VP security product. That's blown. Good to see all of her. >>Thank you. Great to be here. Absolutely. So let's take a step back. You've been coming to this show for a little while. What's kind of your, your impression of the show? Well, it's really interesting this year, you know, I think it's a, I'd say the energy level is somewhat flat and I think it's a sign of our industry maturing and getting to the point where, you know, you used to see, uh, some pretty big disruption every few years when compute changes the threats or attack surface moves and the threats change with it. But things have been relatively stable. You know, the cloud is really the biggest, most recent, uh, innovation. And so there really hasn't been, I think any massive disruption in our industry for a little bit, but a lot of just continuous iteration and improvement on existing technologies. Right? There's some big ones coming down the pike though, right? >>One of the big ones that's going to have a huge impact is five G and IOT. Uh, suddenly now that you know these things, people think five GC can talk to your mom faster on the phone. That's not what it's about at all, right? It's a speed of machines and the speed in which these transactions are going to be happening. Not to mention all those connected devices, all those new attack surfaces, very, very revolutionary. And yet the theme here is the human elements. So when you think about speed of machines and, and increasing, uh, the kind of frequency of bot attacks, this and that, and yet there's still people that gotta be on the hook and responsible for this stuff. How do you think about it and has you actually use things like AI to help the people fight the machines? Yeah, I know it's a really good question. >>So typically over the years, right, attackers have targeted compute, uh, operating systems, applications, servers, and so on. But we've, we've done a really good job of starting to lock those down, finding those vulnerabilities, patching them, fixing them, you know, that's, it's not a panel, it's, it hasn't been solved, right? That's, it's an ongoing issue. But attackers have moved onto the weakest link, which is people, right? If I can convince you to send me your, you know, your bank account information or that access to your account and wire money out of your account, right? It's a lot easier than having to find a vulnerability in Microsoft windows these days, which used to be pretty easy back 20 years ago. Used to, they're there, they're by the dozens. Right. But, but now they're getting better on the fishing too. And now spear fishing. Right. I, I had a friend in commercial real estate who, who told me this email that he got like from his banker, you know, talking about a transaction with a business associate using vocabulary words that that would normally be used in their exchange to the point where he called the guy and said, did you send this to me? >>Um, so you know, the, the, the, the bad English bad grammar and, and kind of funky word selection isn't necessarily that red flag that it used to be that don't click on here and we're still getting, you know, this, this attacking is happening. So how do, how do people get more sophisticated in light of kind of these more sophisticated attacks on the people? >>Yeah, so I think there's two things. One is, you know, it hidden in there is, and that type of an attack is typically wire instructions, right? If it's, if I'm buying a house, my escrow company or title company is going to send me wire instructions to send the money for the down payment on that house for example. You know, that's, that's been a very, very common attack where, you know, title companies may not be the most sophisticated, like many of the organizations that are here today. Uh, so definitely fall victims. So that's, that's definitely a growing problem and a growing attack surface. We also see, uh, you know, the need for new technologies like natural language understanding, actually understanding the context of the data. Uh, for example, what's the intent behind it? What's the meaning? Sure, it's not going to be misspelled. But can I find other relevant factors or attributes of that email that, uh, point out at red flag or something that I need to be concerned about before I actually click on it or open it or, or act on it? >>Right. So the company that you, uh, led before spunk acquired you, Phantom, you talked a lot about they're trying to help, help to see Sox do a better job, help them kind of filter, filter what they don't need to respond to, prioritize what they need to respond to and then respond quicker when they do. That's right. A little bit more about how that works and what's kind of the impact of having that technology on the front line. >>Yeah, so five years ago, automation and security really didn't exist. Uh, we created a new category called soar security, orchestration, automation and response. And, uh, it's a technology that allows you to automate what a SOC analyst would typically do by hand. So typically, you know, if an analyst is looking at an event, uh, it would take them 10 minutes, best best-case, 11 hours, worst-case, to analyze that and do all the work that they need to do to triage it. By automating, we're able to reduce that down to a best case of one second, worst case of 10 minutes using automated playbooks. So we're able to get a, uh, a massive performance improvement by automating, by creating a playbook of those rout routine things that an analyst would do by hand. And that frees up the analyst to do more proactive, higher order activities, things that actually require the human thought versus the repetitive work which we're very happy about. >>And are most of those types of, of of uh, processes that you automated? Just check, just to get, you know, kind of checking boxes if you will, almost like a pre-flight to make sure that you kind of have the simple things covered or you know, what are some of the activities that you've been able to automate? >>Yeah, so it's interesting these, these platforms have become very flexible and multipurpose. So today we integrate with over 300 different security vendors that are on the showroom floor here today to let you automate in those products. So the typical large enterprise has maybe 60 70 security products that they're all managing from a browser tab or a different login. What soar platforms do is they tie those together and allow you to manage those products very rapidly. In the case of an event. So for example, you know, if I have a, a, a phishing email, I can take the attachment detonated in a sandbox from any of the sandbox vendors here on the showroom floor. Look it up in my reputation service like my virus total reversing labs for example, look it up on my EDR product on the endpoint to see do any of my endpoints actually have this file. And then I could take remediate, remediate of action and actually block the user, take the endpoint off the network using a Nack product that's here, uh, and so on, or block it on the firewall. So there's many different types of scenarios. >>It's that whole chain that you just described potentially would be something that you build into this playbook and have that happen automatically. Yes. Oh, that's a huge time saver. Huge time saver. So as you look forward, kind of at the power of AI, right? It's good news, bad news, right? Good news. You're going to have a lot more horsepower and computational wizardry at your fingertips. Bad news is the bad guys are also going to have a lot more computational power and wizardry at the end of their fingertips. So how do you, you know, kind of see the battle continuing to play out? Where do you really see great opportunities with, with this evolving AI to do things that you just couldn't do before? >>Yeah, look, I at attackers have been using automation and AI against us for, for many years now. So we're just starting to catch up and use it effectively to defend ourselves. Uh, you know, it'll be very interesting to see where this goes. I don't know if I can predict, but imagine machines fighting machines just like in real life and robotics and so on. In real physical kinetic warfare. Imagine the same thing happening in cyber here is entirely conceivable, but I don't think we're quite there yet. I mean, we obviously see botnets and other automated attacks that are already very rampant and then automated countermeasures that are there as well. So it'd be very interesting to even have, you know, maybe one year here we'll have uh, you know, robot Wars for cyber and have, you know, technologies battle each other to see who your >>wins. But what's crazy is as much as the bots are fighting the bots, you know, we have, uh, people in like Rachel tow back, we fed on a couple of times. She's, she does social hacking and uh, and she's basically a hundred percent, uh, successful in just calling people on the phone and giving them to provide her the details. So it still is going to keep the people in the loop. We're still going to have to, you know, make sure that they're not the weakest link. Absolutely. Yeah. All right, good. So final thoughts as you ahead into 20, 20 the year, we're going to know everything with the benefit of hindsight. Well, look, I think one thing we're seeing, there's so many vendors here, uh, things are coming together. Again, our customers are looking to consolidate, they're looking to reduce. And one thing that we're very heavily focused on at Splunk is creating a single work surface for analysts. So they don't have to deal with dozens of different consoles. Right. We're very, very focused on that. Working 70 tabs to work process is not a, not very efficient. So ideal. No. All right. All over. Well, thanks for, uh, for taking a few minutes to stop and buy and a continued success for you and Splunk. Thank you. Alrighty. He's all around. Jeff, you're watching the cube. We're an RSA 2020 and downtown San Francisco. Thanks for watching. See you next time.

>> From the SiliconANGLE Media office in Boston, Massachusetts, it's theCUBE. Now, here's your host, Dave Vellante. >> Hello, everyone, and welcome to this week's Cube Insights, powered by ETR. Today is November 8, 2019 and I'd like to address one of the most important topics in the minds of a lot of executives. I'm talking about CEOs, CIOs, Chief Information Security Officers, Boards of Directors, governments and virtually every business around the world. And that's the topic of cyber security. The state of cyber security has changed really dramatically over the last 10 years. I mean, as a cyber security observer I've always been obsessed with Stuxnet, which the broader community discovered the same year that theCUBE started in 2010. It was that milestone that opened my eyes. Think about this. It's estimated that Stuxnet cost a million dollars to create. That's it. Compare that to an F-35 fighter jet. It costs about $85-$100 million to build one. And that's on top of many billions of dollars in R&D. So Stuxnet, I mean, it hit me like a ton of bricks. That the future of war was all about cyber, not about tanks. And the barriers to entry were very, very low. Here's my point. We've gone from an era where thwarting hacktivists was our biggest cyber challenge to one where we're now fighting nation states and highly skilled organized criminals. And of course, cyber crime and monetary theft is the number one objective behind most of these security breaches that we see in the press everyday. It's estimated that by 2021 cyber crime is going to cost society $6 trillion in theft, lost productivity, recovery costs. I mean, that's just a staggeringly large number. It's even hard to fathom. Now, the other C-change is how organizations have had to respond to the bad guys. It used to be pretty simple. I got a castle and the queen is inside. We need to protect her, so what do we do? We built a mote, put it around the perimeter. Now, think of the queen as data. Well, what's happened? The queen has cloned herself a zillion times. She's left the castle. She's gone up to the sky with the clouds. She's gone to the edge of the kingdom and beyond. She's also making visits to machines and the factories and hanging out with the commoners. She's totally exposed. Listen, by 2020, there's going to be hundreds of billions of IP addresses. These are going to be endpoints and phones, TVs, cameras, tablets, automobiles, factory machines, and all these represent opportunities for the bad guys to infiltrate. This explosion of endpoints that I'm talking about is created massive exposures, and we're seeing it manifest itself in the form of phishing, malware, and of course the weaponization of social media. You know, if you think that 2016 was nuts, wait 'til you see how the 2020 presidential election plays out. And of course, there's always the threat of ransomware. It's on everybody's minds these days. So I want to try to put some of this in context and share with you some insights that we've learned from the experts on theCUBE. And then let's drill into some of the ETR data and assess the state of security, the spending patterns. We're going to try to identify some of those companies with momentum and maybe some of those that are a little bit exposed. Let me start with the macro and the challenged faced by organization and that's complexity. Here's Robert Herjavec on theCUBE. Now, you know him from the Shark Tank, but he's also a security industry executive. Herjavec told me in 2017 at the Splunk.com Conference that he thought the industry was overly complex. Let's take a look and listen. >> I think that the industry continues to be extremely complicated. There's a lot of vendors. There's a lot of products. The average Fortune 500 company has 72 security products. There's a stat that RSA this year, that there's 1500 new security start-ups every year. Every single year. How are they going to survive? And which ones do you have to buy because they're critical and provide valuable insights? And which ones are going to be around for a year or two and you're never going to hear about again? So it's a extremely challenging complex environment. >> So it's that complexity that had led people like Pat Gelsinger to say security is a do-over, and that cyber security is broken. He told me this years ago on theCUBE. And this past VM World we talked to Pat Gelsinger and remember, VMware bought Carbon Black, which is an endpoint security specialist, for $2.1 billion. And he said that he's basically creating a cloud security division to be run by Patrick Morley, who is the Carbon Black CEO. Now, many have sort of questioned and been skeptical about VMware's entrance into the space. But here's a clip that Pat Gelsinger shared with us on theCUBE this past VM World. Let's listen and we'll come back and talk about it. >> And this move in security, I am just passionate about this, and as I've said to my team, if this is the last I do in my career is I want to change security. We just not are satisfying our customers. They shouldn't put more stuff on our platforms. >> National defense issues, huge problems. >> It's just terrible. And I said, if it kills me, right, I'm going to get this done. And they says, "It might kill you, Pat." >> So this brings forth an interesting dynamic in the industry today. Specifically, Steven Smith, the CISO of AWS, at this year's Reinforce, which is their security conference, Amazon's big cloud security conference, said that this narrative that security is broken, it's just not true, he said. It's destructive and it's counterproductive. His and AWS's perspective is that the state of cloud security is actually strong. Kind of reminded me of a heavily messaged State of the Union address by the President of the United States. At the same time, in many ways, AWS is doing security over. It's coming at it from the standpoint of a clean slate called cloud and infrastructure as a surface. Here's my take. The state of security in this union is not good. Every year we spend more, we lose more, and we feel less safe. So why does AWS, the security czar, see if differently? Well, Amazon uses this notion of a shared responsibility security model. In other words, they secure the S3 buckets, maybe the EC2 infrastructure, not maybe, the EC2 infrastructure. But it's up to the customer to make sure that she is enforcing the policies and configuring systems that adhere to the EDIX of the corporation. So I think the shared security model is a bit misunderstood by a lot of people. What do I mean by that? I think sometimes people feel like well, my data's in the cloud, and AWS has better security than I do. Here I go, I'm good. Well, AWS probably does have better security than you do. Here's the problem with that. You still have all these endpoints and databases and file servers that you're managing, and that you have to make sure comply with your security policies. Even if you're all on the cloud, ultimately, you are responsible for securing your data. Let's take a listen to Katie Jenkins, the CISO of Liberty Mutual, on this topic and we'll come back. >> Yeah, so the shared responsibility model is, I think that's an important speaking point to this whole ecosystem. At the end of the day, Liberty Mutual, our duty is to protect policyholder data. It doesn't matter if it's in the cloud, if it's in our data centers, we have that duty to protect. >> It's on you. >> All right, so there you have it from a leading security practitioner. The cloud is not a silver bullet. Bad user behavior is going to trump good security every time. So unfortunately the battle goes on. And here's where it gets tricky. Security practitioners are drowning in a sea of incidents. They have to prioritize and respond to, and as you heard Robert Herjavec say, the average large company has 75 security products installed. Now, we recently talked to another CISO, Brian Lozada, and asked him what's the number one challenge for security pros. Here's what he said. >> Lack of talent. I mean, we're starving for talent. Cyber security's the only field in the world with negative unemployment. We just don't have the actual bodies to actually fill the gaps that we have. And in that lack of talent CISOs are starving. We're looking for the right things or tools to actually patch these holes and we just don't have it. Again, we have to force the industry to patch all of those resource gaps with innovation and automation. I think CISOs really need to start asking for more automation and innovation within their programs. >> So bottom line is we can't keep throwing humans at the problem. Can't keep throwing tools at the problem. Automation is the only way in which we're going to be able to keep up. All right, so let's pivot and dig in to some of the ETR data. First, I want to share with you what ETR is saying overall, what their narrative looks like around spending. So in the overall security space, it's pretty interesting what ETR says, and it dovetails into some of the macro trends that I've just shared with you. Let's talk about CIOs and CISOs. ETR is right on when they tell me that these executives no longer have a blank check to spend on security. They realize they can't keep throwing tools and people at the problem. They don't have the bodies, and as we heard from Brian Lozada. And so what you're seeing is a slowdown in the growth, somewhat of a slowdown, in security spending. It's still a priority. But there's less redundancy. In other words, less experimentation with new vendors and less running systems in parallel with legacy products. So there's a slowdown adoption of new tools and more replacement of legacy stuff is what we're seeing. As a result, ETR has identified this bifurcation between those vendors that are very well positioned and those that are losing wallet share. Let me just mention a few that have the momentum, and we're going to dig into this data in more detail. Palo Alto Networks, CrowdStrike, Okta, which does identity management, Cisco, who's coming at the problem from its networking strength. Microsoft, which recently announced Sentinel for Azure. These are the players, and some of them that are best positioned, I'll mention some others, from the standpoint spending momentum in the ETR dataset. Now, here's a few of those that are losing momentum. Checkpoint, SonicWall, ArcSight, Dell EMC, which is RSA, is kind of mixed. We'll talk about that a little bit. IBM, Symantec, even FireEye is seeing somewhat higher citations of decreased spending in the ETR surveys and dataset. So there's a little bit of a cause for concern. Now, let's remember the methodology here. Every quarter ETR asks are you green, meaning adopting this vendor as new or spending more? Are you neutral, which is gray, are you spending the same? Or are you red, meaning that you're spending less or retiring? You subtract the red from the green and you get what's called a net score. The higher the net score, the better. So here's a chart that shows a ranking of security players and their net scores. The bars show survey data from October '18, July '19, and October '19. In here, you see strength from CrowdStrike, Okta, Twistlock, which was acquired by Palo Alto Networks. You see Elastic, Microsoft, Illumio, the core, Palo Alto Classic, Splunk looking strong, Cisco, Fortinet, Zscaler is starting to show somewhat slowing net score momentum. Look at Carbon Black. Carbon Black is showing a meaningful drop in net score. So VMware has some work to do. But generally, the companies to the left are showing spending momentum in the ETR dataset. And I'll show another view on net score in a moment. But I want to show a chart here that shows replacement spending and decreased spending citations. Notice the yellow. That's the ETR October '19 survey of spending intentions. And the bigger the yellow bar, the more negative. So Sagar, the director of research at ETR, pointed this out to me, that, look at this. There are about a dozen companies where 20%, a fifth of the customer base is decreasing spend or ripping them out heading into the year end. So you can see SonicWall, CA, ArcSight, Symantec, Carbon Black, again, a big negative jump. IBM, same thing. Dell EMC, which is RSA, slight uptick. That's a bit of a concern. So you can see this bifurcation that ETR has been talking about for awhile. Now, here's a really interesting kind of net score. What I'm showing here is the ETR data sorted by net score, again, higher is better, and shared N, which is the number of shared accounts in the survey, essentially the number of mentions in that October survey with 1,336 IT buyers responded. So how many of that 1,300 identified these companies? So essentially it's a proxy for the size of the install base. So showing up on both charts is really good. So look, CrowdStrike has a 62% net score with a 133 shared account. So a fairly sizable install base and a very high net score. Okta, similar. Palo Alto Networks and Splunk, both large, continue to show strength. They got net scores of 44% and 313 shared N. Fortinet shows up in both. Proofpoint. Look at Microsoft and Cisco. With 521 and 385 respectively on the right hand side. So big install bases with very solid net scores. Now look at the flip side. Go down to the bottom right to IBM. 132 shared accounts with a 14.4% net score. That's very low. Check Point similarly. Same with Symantec. Again, bifurcation that ETR has been citing. Really stark in this chart. All right, so I want to wrap. In some respects from a practitioner perspective, the sky erectus is falling. You got increased attack surface. You've got exploding number of IP addresses. You got data distributed all over the place, tool creep. You got sloppy user behavior, overwork security op staff, and a scarcity of skills. And oh, by the way, we're all turning into a digital business, which is all about data. So it's a very, very dangerous time for companies. And it's somewhat chaotic. Now, chaos, of course, can mean cash for cyber security companies and investors. This is still a very vibrant space. So just by the way of comparison and looking at some of the ETR data, check this out. What I'm showing is companies in two sectors, security and storage, which I've said in previous episodes of breaking analysis, storage, and especially traditional storage disk arrays are on the back burner spending wise for many, many shops. This chart shows the number of companies in the ETR dataset with a net score greater than a specific target. So look, security has seven companies with a 49% net score or higher. Storage has one. Security has 18 above 39%. Storage has five. Security has 31 companies in the ETR dataset with a net score higher than 30%. Storage only has nine. And I like to think of 30% as kind of that the point at which you want to be above that 30%. So as you can see, relatively speaking, security is an extremely vibrant space. But in many ways it is broken. Pat Gelsinger called it a do-over and is affecting a strategy to fix it. Personally, I don't think one company can solve this problem. Certainly not VMware, or even AWS, or even Microsoft. It's too complicated, it's moving too fast. It's so lucrative for the bad guys with very low barriers to entry, as I mentioned, and as the saying goes, the good guys have to win every single day. The bad guys, they only have to win once. And those are just impossible odds. So in my view, Brian Lozada, the CISO that we interviewed, nailed it. The focus really has to be on automation. You know, we can't just keep using brute force and throwing tools at the problem. Machine intelligence and analytics are definitely going to be part of the answer. But the reality is AI is still really complicated too. How do you operationalize AI? Talk to companies trying to do that. It's very, very tricky. Talk about lack of skills, that's one area that is a real challenge. So I predict the more things change the more you're going to see this industry remain a game of perpetual whack a mole. There's certainly going to be continued consolidation, and unquestionably M&A is going to be robust in this space. So I would expect to see continued storage in the trade press of breaches. And you're going to hear scare tactics by the vendor community that want to take advantage of the train wrecks. Now, I wish I had better news for practitioners. But frankly, this is great news for investors if they can follow the trends and find the right opportunities. This is Dave Vellante for Cube Insights powered by ETR. Connect with me at David.Vellante@siliconangle.com, or @dvellante on Twitter, or please comment on what you're seeing in the marketplace in my LinkedIn post. Thanks for watching. Thank you for watching this breaking analysis. We'll see you next time. (energetic music)

>> Live from Boston, Massachusetts. It's theCube. Covering AWS Reinforce 2019. Brought to you by Amazon Web Services and its ecosystem partners. >> Hello everyone. Welcome back to the live Cube coverage here in Boston, Massachusetts for AWS, Amazon Web Services Reinforce with their inaugural conference around security, I'm (mumbles). We've got two great guests, from Splunk, Cube alumnis, and also, we do the Cube coverage Dot Conf., their annual conference, Haiyan Song, SVP, General Manager Security Market, Oliver Freidrichs, Vice President of Security Products, formerly with a company you sold to Splunk, doing Security Phantom, which was mentioned in the partner summit, so congratulations. Great to see you guys. >> Thank you. >> Thank you for having us. >> So you guys are a really great example of a company that's been constantly innovating, on top of AWS, as a partner, differentiating, continuing to do business, and been successful. All the talk about Amazon could compete with partners, there's always been that myth. You guys have been operating successfully, got great customers on AWS, now you have the security conference, so now it's like a whole new party for you guys. 'Cause you don't go off to reinvent anymore, certainly, the big event, what do you guys think about all this Reinforce focus? >> First of all, I'm just super impressed. The size, the scale, and the engagement from the ecosystem that they have over here, and I think, you know you mentioned we've been really partnering and being successful. I think the secret is really about, just be very customer-focused. It's about what the customer needs, it's not what does each of us need, and when we have that focus, we know how to partner, we know how to engage. One of the examples that we have here is we're partnering up as the capture the flag exercise and it's powered by Splunk, it's put up by AWS Reinforce, and we wanted to bring the best user engagement, gamification of learning to this audience. >> And there's a demand for a security conference because a new breed, a new generation of engineering and enterprises as they move to DevOps, with security, all those same principals now apply, but the stakes are higher because you got to share data, you got to get the data, it's the data-driven problem. You guys are thinking outside-- I think four years ago at Dot Conf, the cyber security focus front and center, mainstream. >> Very much so. And I think for us, security is a big part of our user conference, too. But we're getting inspirations from this event and how we can further, really implify that message for our customers. But we're just so glad we're part of this, thank you for having us. >> We're glad, big love covering you, big success story. Oliver, I want to get to you on the Phantom. Yesterday it was mentioned in a great demo of the security hub, security hub's the big news here, it's one of their major announcements, what is a security hub? >> Yeah, so security hub, and you're right it was just announced that it reached general availability, which means it's available now to the rest of the world. It's a place to centralize a lot of your security management in AWS. So when you have detections, or Amazon calls them findings, coming from other security servers so they're centralized in security hub, where you can then inspect them, take action, investigate them. And one of the reasons we're here, is we've established an integration with security hub, where you can now take a finding coming from security hub, pull it into Splunk Phantom, and run an automation playbook to be able to, at machine speed, take action on a threat. So typically, you know if you're a human, you're looking at an event, and you're deciding what do I do, well I might want to go an suspend an AMI or go and move that AMI or change the access control group to a different access control group so that AMI can only communicate with a certain protected network if it's infected. Automation lets you do that instantaneously, so if you have an attacker who unfortunately may have gained control of your AMI, this allows you to react immediately, very very quickly to take action in that environment. >> And this is where the holes are in the network, and its administrative errors and (mumbles) sittin' out there that someone just configure it, now they're like, they could be out there, no one knows. >> Exactly. >> Could be just tired, I didn't configure it properly. But you guys were in the demos, I want to get your reaction that, because I was sittin' in the room, they highlighted Phantom in the demo. >> That's right. >> And so that was super important. Talk about that integration. What's actually going on under the covers there. >> Yeah, so at a basic level, we're pulling findings through the security hub API, into the automation platform. And then at that point, a playbook kicks off. And a playbook is basically, think of it as a big if this/then that statement. You see a threat, and you go and take a number of actions. You might go and block a port, you might go an suspend that AMI, you might go and disable a user, but you basically build that logic up based on a known threat, and you decide, here's what I'm going to do when I see this threat, and I'm going to turn that into a codified playbook that you can then run very rapidly. On the back end, we've had to integrate with a dozen other APIs like EC2, S3, Guard Duty and others to be able to take action in the environment as well to remediate threats, like changing the access control list or group on a resource. So it's closing that end-to-end loop. >> Hold on, Dave , one quick question on that followup. Then the SISO came in from Capital One and was off the record with this comment, was not really a sensitive comment, but I want to highlight and your both reaction to this. He says in terms of workforce and talent, mentality, 'cause the question came up about talent and whatnot, he sees a shift from better detection to better alerts, because of some of the demos, and implying, kind of connecting the dots, that the trend is to automate the threat detections the way you guys had demoed with Phantom, and then he was tying it back to, from a resource perspective, it frees his team up to do other things. This is a real trend. You agree with that statement? >> Absolutely. >> What's your thoughts? >> Honestly, we believe that we can be automating up to 90% of the level one analysts. There's a lot of routine route work that's done today in the SOC, and it's unforgiving, nobody wants to be a Tier One analyst, they all want to get promoted or go somewhere else, because it's literally a rat race. >> It's boring and it's repetitive, you just automate it. >> Who wants to do that, so we can automate that, we can free up about 50% of the analysts' time to actually focus on proactive activities, things that actually matter, like hunting, research and other development, writing counter-measures, versus the continually keeping up and drinking from a fire hose. >> So I wonder if we could talk about how Splunk has evolved. You guys started before cloud, which came in 2006 and then really took off later, before the sort of big data craze, and you guys mopped up in big data. You never really use that term in your marketing, but you kind of became the big data leader defacto, you got an IPO with actually relatively, by today's comparisons, small raises, >> Compared to today, yeah, yeah (laughs). >> Incredibly successful story, very capital-efficient. But then the cloud comes in, you mopped up on prem, how would you describe how the cloud has changed your strategy, obviously you go out an acquire companies heavily focused on automation, but how would you describe your cloud strategy and how has that changed Splunk? >> That's a great question. I think the fact that you have so many people here, just tells you that the whole industry is going through this transformation. Not only the digital transformation, the cloud transformation. And I'm glad you mentioned our root, it's all about big data, and nowadays security, in many ways, is actually more about data than anything else. 'Cause the data represents your business, and you protect your data, how do you leverage the data, represents your security strategy. The evolution for us, when you zero that into cloud is, we have really been a very early adopter of cloud, we've been providing cloud services for our customers from the very beginning, at least six years ago when we introduced a product called Storm and we continued to evolve that as the technology evolved, we evolved that with customers. So nowadays you probably know cloud is one of our fastest-growing segments of our business. The technology team has been really innovating, really really fast. How do we take a technology that we built for on-prem, how do we rebuilt it to be cloud-native, to be elastic, to be secure in the new way of DevOps. Those are some of the super exciting things we're doing as a company, and on the security side we're also, how do we help customers secure a hybrid world? 'Cause we truly believe the world going to stay hybrid for a long long time and we have companies like AWS really sort of pioneering and focusing and doing things great for the cloud, we still have a lot of customers who need companies and technologies and solutions like what Splunk bring in to bridge the world. >> I want to get you guys' thoughts on some comments we've had with some SISOs in the past, and I really can't say the names probably, but one of them, she was very adamant around integration. And now when you're dealing with an ecosystem, integration's been a big part of the conversation, and the quote was, on integration, "have APIs and "don't have it suck." And we evaluate peoples' integration based upon the qualities of their APIs. Implying that APIs are an integration point. You guys have a lot of experience with APIs, your thoughts on this importance of integration and the roles that APIs play, because that's, again, feeds automation, again it's a key, central component of the conversations these days. Integration, your reaction to that. >> So, maybe I'll start. I'd say we would not have had the success of Phantom Cyber or the Soar market, if not for having those APIs. 'Cause automation was not a new concept. It's been tried and probably not succeeded for many times, and the reason that we've been experiencing this great adoption and success with Phantom technology is because the availability of APIs. I think the other thing I would just add, I'm sure he has lot of experience in working that, Splunk was always positioned ourself as we want to be the neutral party, to bring everything together. And nowadays we're so glad we're doin' the integration, not only on the data side, which is still important. Bring the data, bring the dark data and shining a light on top of that, but also turning that into action through this type of API integration. >> So good investment, betting on integration years ago. >> Absolutely. >> Early on. >> We also change our culture. We previously say how many apps we have in our Splunk base. Now with Oliver being part of the team, Phantom being part of the portfolio, we say how many apps and how many APIs we had to integrate. That a change of metrics. >> All right, Oliver. It's up to you now. I'm sure you know I know where you stand on this, APIs being, a renaissance of APIs going to the next level, 'cause a lot of new things goin' on with Kubernetes and other things. You've got State now, you got Stateless, which is classic rest APIs, but now you got State data that's going to play a big role. Your thoughts on that, don't make the APIs suck, and we're going to evaluate vendors based upon how good their API is. >> Yeah, I think, look it's a buying decision today. It's a procurement decision whether or not you have open APIs. I think buyers are forcing us as an industry, as vendors, to have APIs that don't suck. We're highly motivated to have APIs that work well. >> That sounds like a t-shirt ready to come out (laughs) >> That's a great idea. >> The Cube API's coming, by the way. >> What does that mean, to have APIs that don't suck? >> So the, a great definition I heard recently was, the API that you use as a vendor to interface with your product should be the same API that customers can use to interface with your product. And if all of a sudden they're different, and you're offering a lesser API to customers, that's when they start sucking. As long as you're eating your own dog food, I think that's a good definition. >> So it's not neutered, it's as robust, and as granular. >> Exactly, exactly. And I think what, 20 years ago there were no APIs in security. To do what we do today, to automate all of this security response techniques that we do today, it wasn't even possible. We had to get to a certain level of API availability to even get to this stage. And today, again, unless, if you're a black box, people aren't going to buy your product anymore. >> Yeah, so, again, go the next level is visibility's another topic. So if you open the APIs up, the data's gettin' better, so therefore you can automate the level one alert, threat detections, move people up to better alerting, better creativity, then begs the question, at what point does the visibility increase? What has to happen in the industry to have that total shared environment around data sharing, because open APIs implies sharing of data. Where visibility could be benefited greatly . >> Yeah, I think visibility is really the key. You can't measure what you can't, you can't manage what you can't measure, and you can't, you have to see everything in your environment, your assets, users, devices, and all of your data. So visibility is essential. And it comes in a number of forms. One is getting access to your policy data, your configuration data, seeing how are my things configured? What assets do I have? Where are my S3 buckets? How many AMIs do I have? Who owns them? How many accounts do I have? I think that was one of the challenges before, probably the last three to four years, before that period, enterprises were setting up a lot of these shadow cloud environments, 'cause you could buy Amazon with your credit card, essentially. So that was one of the problems that we would see in the enterprise, when a developer would go and create their own Amazon environment. So getting visibility into that is really been a big advancement in the last few years. Finding those things. >> The birth of multi-cloud. Go ahead John. >> Doesn't make it easier. >> We were talking earlier in our intro Dave and I on the keynote analysis around you can configure it, you can secure it, and then we were riffing on the DevOps movement, which essentially decimated the configuration management landscape. Which was at that time a provisioning issue around developers. They'd have to essentially stand up and manage the network, and go and make sure the ports are all there, and they got load balances are in place, and that was a developer's job. Infrastructure as code took that away. That was a major bottom, hierarchical needs, that was the lowest need. Now with security, if DevOps can take away the configuration management and infrastructure as code, it's time for security to take away a lot of the configuration or security provisioning, if you will. So the question is, what are some of those security provisioning, heavy liftings, tasks that are going to be taken away when developers don't have to worry about security? So as this continues with cloud native, it becomes security native. As a developer, and I don't want to get in and start configuring stuff. I want the security team to magically, security as code, as Dave said. Where are we on that? What's your guys' thoughts on getting to that point? Is it coming soon? Is it here now? What are some of those provisioning tasks that are going to be automated away? >> I think we made a lot of progress in that area already. The ability to simply configure your environment, that Amazon has continued to add layers of check boxes and compliance that allow you to configure the environment far more seamlessly than having to go down into the granular access control list and defining a granular access control policy on your network ports or AMIs, for example. So I think the simplification of that has improved pretty dramatically. And even some of the announcements today in terms of adding more capabilities to do that. Encryption by default. I don't have to go configure my encryption on my data at rest. It's there. And I don't even have to think about it. So if someone steals a physical hard drive, which is very difficult to begin with, out of an Amazon data center, my data's encrypted, and nobody can get access to that. I don't even have to worry about that. So that's one of the benefits that I think the cloud adds, is there's a lot of default security built in that ends up normalizing security and actually making the cloud far more secure than traditional corporate environments and data centers. >> Well I still think you have to opt in, though. Isn't that what I heard? >> Opt in, yes. I would just add to that, I think it's like a rising tides. So the cloud is making lot of the infrastructure side more secure, more native, and then that means we need to pay more attention to the upper level applications and APIs, and identities, and access controls. I think the security team continue to have lot of jobs. Even yesterday they said well, not only we need to do what we need to do to secure the AWS, we also now get involved in every decision, all the other compa-- you know, like functions are doing, taking new sort of SASS services. So I guess message is the security professional continue to have jobs, and your job going to be more and more sophisticated, but more and more relevant to the business, so that I think is the change. >> So question. Oliver, you described what a good API experience is, from a customer perspective, Haiyan, you talked about hybrid. Can you compare the on prem experience with the cloud experience for your customers and how and they coming together? >> You want me to try that first? >> Sure. >> Okay. So, I think lot of the things that people have learned to protect or defend, or do detection response in the on prem world, is still very relevant in the cloud world. It's just the cloud world, I think it's just now really transforming to become more DevOps-centric. How you should design security from the get-go, versus in the on prem world was more okay, let's try to figure out how to monitor this thing, because we didn't really give lot of thoughts to security at the very beginning. So I think that is probably the biggest sort of mentality or paradigm shift, but on the other hand, people don't go and just flip into one side versus the other, and they still need to have a way of connecting what's happening in the current world, the current business, the one that's bring home the bacon, to the new world that's going to bring home the bacon in the future. So they're both really important for them. And I think having a technology as AWS and their whole ecosystem, that all embracing that hybrid world and ecosystem plate no one sort of single vendor going to do all of them, and pick the right solutions to do what you do. So in security, I think it's, you going to continue to evolve, to become more, when the security's built in, what is the rising tide that's going to dictate the rest of the security vendors do. You cannot just think as 10 years ago, five years ago, even two years ago. >> So that bolt-on mentality in the first decade of the millennium was a boon for Splunk. It was beautiful. 'Cause we got to figure out what happened, and you provided the data to show that. How does Splunk differentiate from all the guys that are saying "oh yeah, Splunk, they're on prem, we're the cloud guys." What's your story there? >> Our story is you can't really sort of secure something if you don't have experience yourself. Splunk cloud is probably one of the top, say 10 customers of AWS. We live in the cloud, we experience the cloud, we use the word drink, you know, like eat our own dog food, we like to say we drink our own champagne, if you will, so that's really driving lot of our technology development and understanding the market and really built that into our data platform, build that into our monitoring capabilities, and build that into the new technologies. How, you know, it's all about streaming, it's not about just somebody sending you information. It's about, in a hybrid world, how do you do it in a way that you, we have a term called the distributed data fabric search, because data is never going to be in one place, or even sort of in one cloud. How do we enable that access so you can get value? From a security perspective, how do we integrate with companies and solutions that's so native into the cloud, so you have the visibility not and the Bodong, but from the very beginning. >> So you're saying that cloud is not magic for a software company, it's commitment and it's a cultural mindset. >> Absolutely. >> Guys, thanks so much for comin' on, great to see you, we'll see you at Dot Conf, the Cube will be there this year again, I think for the seventh straight year. Oliver, congratulations on your product success, and mention as part of the AWS security hub presentation. >> Thank you. >> Good stuff from Splunk. Splunk is inside the Cube, explaining, extracting the signal from the noise, from one of the market-leading companies in the data business, now cyber security, I'm with (mumbles), we'll be back with more Cube coverage after this short break. (techno music)

>> Live from San Francisco, it's theCUBE. Covering IBM Think 2019. Brought to you by IBM. >> Welcome back to theCube. Lisa Martin with Dave Vellante on our third day here at IBM Think 2019. The second kind of full day of the event. Dave, here we are with this beautiful San Francisco rain. Much needed in California >> I like being back in Moscone, its good. >> It is nice being back in Moscone. Speaking of being back, we are welcoming back to theCUBE Mary O'Brien, the general manager of IBM security. Mary, it's a pleasure to have you on the program. >> Thank you Lisa, Dave. >> Mary. >> So we were just talking before we went live, this event is massive, about 30,000 people. It was standing room only to get into Ginni Rometty's keynote yesterday. >> No you couldn't get in. >> Couldn't get in, >> They closed, they shut the doors out >> I think she said this is the closest that she'll ever be to an iPhone launch. That must be like rockstar status. Four campuses, 2,000 different sessions, there is here a Security and Resiliency campus. >> Yes there is. >> Which must be exciting for you, >> It certainly is. >> but talk to us about security is such a pervasive challenge that any organization faces. You were saying, there's nearly two million by the year 2020 nearly two million unfilled security roles. Talk to us about security at IBM and how you're using technologies, like AI, to help combat the problem, this prolific problem that cyber security is bringing. >> Okay, so I can start by saying security is everybody's problem. It's a problem faced by every business, everyday and as businesses modernize and they become more digital and move to the Cloud, there's cyber security nightmares and cyber security problems are only getting greater, okay? So, you know couple that with the fact that, as you say, by 2020, and ever body has a different variation of this statistic, but we're working on the basis that by 2020, there will be in the region of two million, unfilled, cyber security posts around the world. So at IBM Security, we're looking to understand how we can reduce the complexity, reduce the need for vast numbers of staff and augment our capabilities, all of our products and services, with artificial intelligence in order to relieve this gross skills gap. >> Well, I have to say, this is our 10th year now doing theCUBE Lisa and I was downstairs earlier and I saw, I guess I call him my friend, Pat Gelsinger, was walking into the keynote and a little high five and nine years ago I asked Pat Gelsinger on theCUBE, is security a do-over because of Cloud and he said flat out yes, it actually is. So I wonder, so much has changed in the last decade. You mentioned data, you mentioned artificial intelligence, the bad guys have gotten way more sophisticated, you have this new thing called The Edge and so I don't know if it's a do-over or evolving rapidly, but what are your thoughts on the changing nature of security? >> Well I think the security landscape is changing for sure and the attack surface is changing because you've got to remember that as all of our and more and more devices and all of our devices become smarter and become connected to the internet, we're basically just increasing the attack surface and increasing the opportunity for cyber attacks and cyber criminals to hack in and get into our networks. Okay, so you know as we move to the Cloud and we embrace an API economy, so we're using API's to access you know our applications then you know once again, we're opening up our capabilities. Open means open to us and to others and so the need to design security into everything we do and not append security as a perimeter around what we create is becoming more and more important. >> Well we can't do that just 'cause I think something also that you mentioned, sorry David, with the proliferation of devices, you know billions of devices, the perimeter is so amorphis, there's en clays on top of en clays on top of en clays >> Absolutely. >> I'm curious though, how is AI from IBM going to help companies protect themselves from their people, who might not be doing things necessarily maliciously, unintentionally, but that's one of the biggest common denominators I think in security that's the biggest, how do we protect from people? >> You nailed it. I mean I can not remember the stat, but I do know that more than 50% of breeches result from the inside and that's not necessarily people being malicious. I mean you have a combination of people who just don't adopt the best security policies, so they're not using strong passwords, they're clicking on links, they're answering phone calls, they're doing something that's a little bit sloppy or a little bit insecure and then of course you'll have the malicious insider. There aren't very many of them, but they do exist. So the way the security industry is evolving to protect ourselves against the insider is firstly to look at access to our crowned jewels and to make sure that only the people who need access to our crowned jewels and to the most important assets within our businesses have that access. Okay, firstly, now secondly, we are developing capabilities that we call user based analytics, user behavioral analytics. So we actually profile, what is the normal behavior of a user. So a user, in their job role, who works the pattern that is normal for that user. You know, what is a normal behavior for that user so that we allow the machine and the algorithms to learn that normal behavior so that when that behavior becomes different or when that user does something anomalous, that we can trigger an action, we can trigger an alert, we can do something about it. So user behavior analytics is the way we apply machine learning, artificial intelligence, to the problem to keep us safe from the insider fumbling, yes. >> Another big change and I want to make a comment, is the way in which organizations approach security at the board level. It's become a board level topic. The conversation between whether its the CSO or the CIO and the board has evolved from really one of, oh yeah, we're doing everything we possibly can to we're going to get breached, it's all about our response to that breech and here's the response mechanism and so I wonder if based on your conversations Mary, with executives, what you're seeing, what are they asking from IBM, just in terms of helping them specifically respond to the inevitable breaches? >> Okay, so there's a wide range of responses to that question. And it depends where you are on the globe, how sensitized the board is to security situations. They're all sensitized, but there are some parts of the globe where a breach of a regulation can put a board member in prison. So you know, there's a motivation to >> They're paying attention >> They're paying attention okay, but you know across the board, we're seeing that the board has evolved their attention, based on the fact that security used to be driven by compliance. It used to be driven by ticking a box to say you had a database protection in place and you had x, y, z in place. People became more sensitized to the next attack so what was the next threat, what was the next attack on their, the next piece of malware, the next piece of ransomware, but now people have really got to the point and the board have really got to the point where they really realize that this isn't about when an adversary gets into your network or gets into your enterprise or your business. They get in. It's about how you respond to it, how you find them, how you remove them, how you respond to the breach so at IBM security, we put a huge focus on training boards and their teams in how to respond to an instance because we've got to get to a point where the response is muscle memory so that everybody knows their role, they know how they behave and we're back to the people discussion again because everybody, from the person who is at your reception desk, who may be the first person to meet the media as they come in your doors after an event, to the CSO who has responsibility to the President or CEO, needs to understand their role and when they parttake or when they back away and let the experts partake during the course of an incident. >> One of the things too that's been widely known is it's taken upwards of two to 300 days before breaches are detected. How is IBM helping infuse AI into, not just the portfolio, but also the practices and behaviors to start reducing that so it doesn't take as long to identify a breach that can cost millions of dollars? >> So yes, what were doing here is we're working to reduce the complexity in peoples cyber programs. So if you consider that in many of our clients shops, we will find up to 80 different security products from 40 different vendors and that's an average that has been taken over time and we use that statistic all the time. Basically you have all of these tools and all of these products that have been bought to solve a security threat djure over several decades and they're all residing, all of these products, not talking to one another. So at IBM Security, what we're doing is we're applying technology and our capabilities to bring together the insights from all of these tools and to ensure that we can actually knit them together, correlate those insights, to give a more holistic view, a faster view, of what's relevant, what's pertinent to you in your industry, in your geo, in your business. So we look for the insights that are indicative of the most significant threat to you to help you get there, sort it, eradicate it, quarantine, or whatever you need to do to eliminate it. >> How about the skills gap? We talk about that a lot on theCUBE. There's more security professionals needed than are out there. What can you do about that? Is machine intelligence a possible answer? Helping people automate a response? What do you see? >> Absolutely So there's a number of different responses. Absolutely, infusing artificial intelligence and finding ways of reducing the amount of the amount of security data, the amount of security alerts that need to be responded to. So firstly you need to reduce the noise so that you can find the needle in the haystack and our capabilities with machine learning and artificial intelligence and the various different algorithms we build into our products help along the way there. So you have that. In addition to that, you always have a need for the people, for the experts so making sure that we infuse all of our practices, the people who are foot soldiers on the street, our consultants, our practitioners, to make sure that we hire the best, the brightest and we put them around the geo so that they are distributed and able to help our clients. And then you heard Ginni yesterday talk about various different means of accelerating our ability to bring more people into the workforce using our P-TECH initiative within IBM, so we're looking to go out to schools, where you wouldn't necessarily have a feed or kids with an opportunity, to find jobs in the cyber security space or in many professional spaces. Finding them, training them, tapping them, encouraging them and we've seen several people come through the P-TECH schools into the cyber security space and we've also embraced the return to work for people who have taken career breaks either to mind elderly relatives or to bring up kids or whatever, so we have a number of programs running in various parts of the world where we're introducing people back into the workforce and training them to become cyber experts. >> I got to ask you, as a security executive, does Quantum keep you up at night? >> Um, Quantum does not keep me up at night because IBM are the leaders in this space and as leaders in this space, we work with the researchers and developers in the IBM research labs, to ensure that our security practices are keeping in lock-step with Quantum and our algorithms are changing so that we can stay ahead of the Quantum race. >> It's in the hands of the good guys right now. >> It certainly is >> Let's keep it that way if we can. >> Last question Mary, there is, as I mentioned in the very beginning, four campuses here where the 30,000 plus attendees can learn. What are some of the things that you're excited that the attendees here, customers, perspective customers, partners, analysts, press are going to see, touch and feel from the Security and Resiliency Campus? >> At the Security and Resiliency Campus, the people here can see some of our latest innovations and capabilities and they can see our new platform. Our new security platform is called IBM Security Connect and this is you know, our capability that we just launched to actually reduce the complexity in people's cyber programs and help bring lots of these products, these siloed products and the insights from them together, to give a much sharper view of the threat to your business. So there's a very good demonstration of that. You can see a very good demonstration of the breath of our portfolio. You can talk to some of our consultants. Talk to our instant response specialists, you know, you can be scared about what's out there and see that your security is in good hands if you work with us. >> It sounds like a security candy store down there. We should go check it out. >> Yeah >> It sure is. >> Check out the flavors. >> Exactly. Thanks so much for stopping by >> Thank you. >> Sharing with us what's new >> Great to see you again Mary. >> In IBM security and also how you guys are helping to influence behavior. I think that's a really important element. We thank you and we look forward to talking to you again. >> Thank you very much. >> We want to thank you for watching theCUBE. Lisa Martin with Dave Vellante, live IBM Think 2019 on theCUBE. Stick around, we'll be right back shortly with our next guest. (tech music)

>> Announcer: Live from Washington, DC it's theCUBE. Covering .conf2017. Brought to you by Splunk. >> Welcome back here on theCUBE continuing our coverage of .conf2017 sponsored by Get Together in your nations capitol, we are live here at the Walter Washington Convention Center in Washington, DC. Along with Dave Vellante I'm John Walls Joined now by a couple CUBE alums, actually, you guys were here about a year ago. Yeah, Robert Herjavec, with the Herjavec Group of course you all know him from Shark Tank fame answer Atif Ghauri who is the VP of Customer Service Success at the Herjavec Group. I love that title, Atif we're going to get into that in just a little bit. Welcome. >> Thank you. >> Good to see you all. >> We're more like CUBE groupies We're more like CUBE groupies. >> Alums. >> Alums, okay, yeah. >> If we had a promo reel. >> Yeah, we love it here. We get free mugs with the beautiful Splunk. >> That doesn't happen all the time does it. >> Where did you get those? >> They're everywhere. >> Dave, I'll share. >> So again for folks who don't, what brings you here what, what's the focus here for the Herjavec Group in in terms of what you're seeing in the Splunk community and I assume it's very security driven. >> Yeah, well we've been part of the Splunk community for many years going on gosh, eight, nine years. We're Splunkers and we use Splunk as our core technology to provide our managed service and we manage a lot of customer environments with Splunk and we've been really forefront of Splunk as a SIM technology for a long time. >> Atif, excuse me, David, just the title, VP of Customer Service Success, what's under that umbrella? >> Yeah, it's actually pretty simple and straightforward given especially that Splunk's aligned the same way. Christmas success is King, right. If our customers aren't successful then how are we successful? So what we're trying to do there is putting the customer first and help in growing accounts and growing our services starting with our customers that we have today. >> It was actually Doug Maris, I have to give him full credit him and I were on a flight, and I said to him what's really critical to you growing revenue, efficiency, innovation and he said, number one for us is customer success. So we're very happy to steal other people's ideas if they're better. >> So security's changing so fast. You mentioned SIM, Splunk's narrative is that things are shifting from a traditional SIM world to one of an analytic driven remediation world. I wonder if you could talk about what you're seeing in the customer base, are people actually shifting their spending and how fast and where do you see it all going? >> Yeah, so the days of chasing IOC's is a dead end. Because that's just a nonstop effort. What's really happening now is technique detection. Defining, looking at how hackers are doing their trade craft and then parroting that. So Splunk has ideas and other vendors have ideas on how to go about trying to detect pattern recognition of attacker trade craft. And so what definitely was driving what's next when it comes to security automation, security detection, for our customers today. >> You know, we always tell people and it's just dead on but the challenge is people want to buy the, sexy, exciting thing and why I always try to say to customers is you're a dad and you have three kids, and you have a minivan. You don't really want to own a minivan, you want a really nice Ferrari or Corvette but at the end of the day, you have three kids and you got to get to the store. And in the security world it's a little bit like that. People talk about artificial intelligence and better threat metrics and analytics but the core, foundational basis still is logs. You have to manage your log infrastructure. And the beauty of Splunk is, it does it better than anyone and gives you an upstream in fact to be able to do the analytics and all those other things. But you still got to do the foundation. You still got to get three kids into the minivan and bring back groceries. >> So there's been a lot of focus, obviously security's become a Board level topic. You hear that all the time, you used to not hear it all the time, used to be IT problem. >> Absolutely, the only way I could get a meeting with the CEO or CIO was because I was on Shark Tank. But as a security guy, I would never meet any executives. Oh yeah I spend 80% of my time meeting with CEO, not just CIO's, but CEO's and Boards and that kind of stuff, absolutely. >> How should the CIO be communicating the Board about security, how often, what should be the narrative you know, transparency, I wonder if you could give us your thoughts. >> It's a great question. There's a new financial regulation that's coming out where CISO's and CIO's actually have to sign off on financial statements related to cyber security. And there's a clause in there that says if they knowingly are negligent, it carries criminal charges. So the regulations coming into cyber security are very similar to what we're seeing and Sarbanes Oxley like if a CEO signs an audit statement that he suspects might have some level of negligence to it I'm not talking about outright criminal fraud but just some level of negligence, it carries a criminal offense. If you look at the latest Equifax breach, a lot of the media around it was that there should be criminal charges around it. And so as soon as as you use words like criminal, compliance, audit, CEO's, executives really care. So the message from the CIO has to be we're doing everything in our power, based on industry standards, to be as secure as we can number one. And number two we have the systems in place that if we are breached, we can detect it as quickly as possible. >> So I was watching CNBC the other day and what you don't want to see as a Board member, every Board members picture from Equifax up there, with the term breach. >> Is that true? >> Yeah, yeah. >> See, but, isn't that different. Like you never, like if we think back on all the big breaches, Target and Sony they were all seminal in their own way. Target was seminal because the CEO got fired. And that was the first time it happened. I think we're going to remember Equifax, I didn't know that about the Board. >> For 50 seconds it was up there. I the sound off. >> You don't want to be a Board member. >> I mean, I hate to say it, but it's got to be great for your business, first of all it's another reason not to be a public company is one more hurdle. But if you are they need help. >> They absolutely need help. And on point I don't want to lose is that what we're seeing with CISO's, Chief Information Security Officers, Is that that role's transcending, that role is actually reporting directly to in to CEO's now. Directly into CFO's now, away from the CIO, because there's some organizational dynamics that keep the CISO from telling, what's really going on. >> Fox in henhouse. >> Exactly. >> You want to separate those roles. You're you're seeing that more often. What percent of the CISO's and CIO's are separate in your experience? >> Organizations that have a mature security program. That have evolved to where it's really a risk-based decision, and then the security function becomes more like risk management, right. Just what you they've been doing for decades. But now you have a choice security person leading that charge. >> So what we really always saying theCUBE, it's not a matter of if, it's when you're going to get infiltrated. Do you feel as though that the Boards and CIO's are transparent about that? Do Boards understand that that it's really the remediation and the response that's most important now, or there's still some education that has to go on there? >> You know, Robert speaks to Boards are the time he can comment on that, but they really want to know two things, how bad is it and how much money do you need. And those are the key questions that's driving from a Board perspective what's going to happen next. >> What's worse that Equifax got breached or that Equifax was breached for months and didn't know about it. I mean, as a Board member the latter is much worse. There's an acceptance like I have a beautiful house and I have big windows a lots of alarms and a dog, not a big dog, but still, I have a dog. >> A yipper. >> Yeah, I have a yipper. It's worse to me if somebody broke into my house, was there for a while and my wife came home at night and the person was still there. That to me is fundamentally worse than getting an alarm and saying, somebody broke the window, went in, stole a picture frame. You're going to get breached, it's how quickly you respond and what the assets are. >> And is it all shapes and sizes, too I mean, we talk about big companies here you've mentioned three but is it the mid-level guys and do smaller companies have the same concerns or same threats and risks right now? >> See these are the you heard about. What about all the breaches you don't know. >> That's the point, how big of a problem are we talking about? >> It's a wide scaling problem right and to the previous question, the value now in 2017, is what is the quality of your intelligence? Like what actions can I take, with the software that you're giving me, or with the service that you're giving me because you could detect all day but what are you going to do about it? And you're going to be held accountable for that. >> I'm watching the service now screen over here and I've seen them flash the stat 191 days to detect an infiltration. >> That sounds optimistic to me. I think most people would be happy with that if they could guarantee that. >> I would think the number's 250 to 300 so that now maybe they're claiming they can squeeze that down but, are you seeing any compression in that number? I mean it's early days I know. >> I think that the industry continues to be extremely complicated. There's a lot of vendors, there's a lot of products. The average Fortune 500 company has 72 security products. There's a stat that RSA this year that there's 1500 new security start ups every year. Every single year. How are they going to survive? And which ones do you have to buy because they're critical and provide valuable insights. And which ones are going to be around for a year or two and you're never going to hear about again. So it's a extremely challenging complex environment. >> From the bad guys are so much more sophisticated going from hacktivists to whatever State sponsored or criminal. >> That's the bottom line, I mean the bad guys are better, the bad guys are winning. The white hats fought their way out to the black hats, right. The white hats are trying, trying hard, we're trying to get organized, we're trying to win battles but the war is clearly won by the by the black hats. And that's something that as an industry we're getting better at working towards. >> Robert, as an investor what's your sentiment around valuations right now and do you feel as though. >> Not high enough. >> Oh boy. >> Managed security companies should be trading way higher value. >> Do you feel like they're somewhat insulated? >> Its a really good question, we're in that space you know we're we're about a $200 million private company. We're the largest privately held, managed security company in the world actually. And so I always think every time we're worth more I think wow, we couldn't be worth more, the market can't get bigger. Because your values always based for potential size. Nobody values you for what you're worth today. Because an investor doesn't buy history an investor doesn't buy present state, an investor buys future state. So if the valuations are increasing, it's a direct correlation because the macro factors are getting bigger. And so the answer to your question is values are going to go up because the market is just going to be fundamentally bigger. Is everybody going to survive? No, but I think you're going to see valuations continue to increase. >> Well in digital business everybody talks about digital business. We look at digital business as how well you leverage data. We think the value of data is going through the roof but I'm not sure customers understand the intrinsic value of the data or have a method to actually value their data. If they did, we feel like they would find it's way more valuable and they need to protect it better. What are you seeing in that regard with customers? >> There's an explosion of data in that with IoT, internet of things, and the amount of additional data that's come now. But, to your point, how do you sequence and label data? That's been a multi-decade old question more organizations struggle with. Many have gone to say that, it's all important so let's protect it all, right. And verses having layers of approach. So, it's a challenging problem, I don't think across all our customer base. That's something that each wrestling with to try to solve individually for their companies. >> Well, I think you also have the reality though of money. So, it's easy to say all the data is important, Structured unstructured, but you look at a lot of the software and tools that you need around this floor are sold to you on a per user or per ingestion model. So, even though all your data is critical. You can't protect all your data. It's like your house, you can't protect every single component of it, you try, and every year gets better maybe get a better alarm maybe I'll get rid the yappy dog and get a Doberman you know you're constantly upgrading. But you can't protect everything, because reality is you still live in an unstructured, unsafe world. >> So is that the complexity then, because the a simple question is why does it take so long to find out if there's something wrong with your house? >> I think it's highly complex because we're dealing with people who are manipulating what we know to their benefit in ways we've never done it. The Wannacry breach was done in a way that had not been done before. If it had done before we could have created some analytics around it, we could created some, you know, metrics around it but these are attacks that are happening in a way we've never seen before and so it's this element of risk and data and then you always have human nature. Gary Moore was that the Council this morning. The writer of Crossing the Chasm, legendary book, and he said something very interesting which was Why do people always get on a flight and say, good luck with the flight, hope you fly safe. But they don't think twice about hopping in their car and driving to the grocery store. Whereas statistically, your odds of dying in that car are fundamentally greater, and it's human nature, it's how we perceive risk. So it's the same with security and data in cyber security. >> As security experts I'm curious and we're here in DC, how much time you think about and what your thoughts might be in the geopolitical implications of security, cyber war, you know it's Stuxnet, fast forward, whatever, ten years. What are you thoughts as security practitioners in that regard? >> The longest and most heated battles in the next World War, will not be on Earth, they'll be in cyberspace. It's accepted as a given. That's the way this Country is moving. That's the way our financial systems are tied together and that's the way we're moving forward. >> It's interesting we had Robert Gates on last year and he was saying you know we have to be really careful because while we have the United States has the best security technologies, we also have the most to lose with our infrastructure and it's a whole new you know gamification or game theory balance we have to play. >> I would agree with him that we have some of the best security technology in the world but I would say that our barometer and our limiter is the freedom of our society. By nature what we love about our country and Canada is that we love freedom. And we love giving people access to information and data and free speech. By nature we have countries that may not have as good a security, but have the ability to limit access to outsiders, and I'm not saying that's good by any means but it does make security a little bit easier from that perspective. Whereas in our system, we're never going to go to that, we shouldn't go to that. So now we have to have better security just to stay even. >> To Dave's point talking about the geopolitical pressures, the regulatory environment being what it is, you know legislators, if they smell blood right, it in terms of compliance and what have you, what are you seeing in terms of that shift focus from the Hill. >> Great question. I did a speech to about two thousand CIO's, CISO's not long ago and I said, how many people in this room buy security to be more secure and how many people buy because you have to be compliant. 50/50, even the security ones admitted that how they got budget was leveraging the compliance guys. It was easier to walk into CEO's office and say look, we have to buy this to meet some kind of a political, compliance, Board issue. Than it was to say this will make us better. Better is a hard sell. So that, has to go to the head to pull the trigger to do some of that. >> You know, I think in this geopolitical environment it's look at the elections, look at all the rhetoric. It's just there is going to be more of that stuff. >> A lot's changed in crypto and its potential applications in security. More money poured into ICO's in the first half than venture backed crypto opportunities. >> There are practical applications of blockchain technology all across the board, right, but as you mentioned is fundamentally built on pathology. On core gut security work and making a community of people decide whether something's authentic or not. It's a game changer, as far what what we could do from a platform standpoint to secure our financial systems and short answer it's volatile. As you saw with the fluctuation of Bitcoin and then the currency of Bitcoin, how it's gone up and down. It's quite volatile right now because there's a lot of risk So I say what's the next Bitcoin in six months or eighteen months and what's going to happen to the old Bitcoin and then all the money that into there, where is that going to go? So that's a discuss the pivot point I think for the financial services industry and more and more their larger institutions are just trying to get involved with that whole network of blockchain. >> Crypto currencies really interesting. In some ways it's the fuel that's funding the cyber security ransomeware. I mean it's one of the easiest ways to send money and be completely anonymous. If you didn't have crypto currency, how would you pay for ransomware? You give them your checking account? You deposit into their checking account? So, I think that you're seeing a big surge of it but if you look at the history of money or even checks, checks were developed by company called Deluxe here in the United States 104 years ago. They're a customer of ours, that's why I know this, but the basis of it is that somebody, a real institution with bricks and mortar and people in suits is backing that check, or that currency. Who's backing crypto currency today? So you have, by nature, you have this element of volatility and I don't know if it's going to make it or it's not going to make it. But inevitably has to cross from a purely electronic crypto form to some element of a note or a tender that I can take from that world and get backing on it. >> That's kind of what Warren Buffet has said about it. I mean I would respond that it's the community, whatever that means, that's backing it. I mean, what backs the greenback, it's the US Government and the US military. It's an interesting. >> Right like, at the end of the day I would still rather take a US dollar than even a Canadian dollar or a UK dollar. >> Gentlemen thanks for being with us. >> Great to see you. >> Thank you for the coffee mug. >> This is incredible. >> There's actually stuff in it too so be careful. >> I drank it is that okay? >> Can I go to the hospital. >> Atif, thanks for the time and Robert good luck with that new dog. (all laughing) >> Don't tell my wife I got rid of her dog. >> In time. >> In time. All things a time, theCUBE continues live here Washington DC at .conf2017 right after this.