hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

>>Welcome back everyone to the Cube and Horizon three.ai special presentation. I'm John Furrier, host of the Cube. We with Chris Hill, Sector head for strategic accounts and federal@horizonthree.ai. Great innovative company. Chris, great to see you. Thanks for coming on the Cube. >>Yeah, like I said, you know, great to meet you John. Long time listener. First time call. So excited to be here with >>You guys. Yeah, we were talking before camera. You had Splunk back in 2013 and I think 2012 was our first splunk.com. Yep. And boy man, you know, talk about being in the right place at the right time. Now we're at another inflection point and Splunk continues to be relevant and continuing to have that data driving security and that interplay. And your ceo, former CTO of Splunk as well at Horizons Neha, who's been on before. Really innovative product you guys have, but you know, Yeah, don't wait for a brief to find out if you're locking the right data. This is the topic of this thread. Splunk is very much part of this new international expansion announcement with you guys. Tell us what are some of the challenges that you see where this is relevant for the Splunk and the Horizon AI as you guys expand Node zero out internationally? >>Yeah, well so across, so you know, my role within Splunk was working with our most strategic accounts. And so I look back to 2013 and I think about the sales process like working with, with our small customers. You know, it was, it was still very siloed back then. Like I was selling to an IT team that was either using us for IT operations. We generally would always even say, yeah, although we do security, we weren't really designed for it. We're a log management tool. And you know, we, and I'm sure you remember back then John, we were like sort of stepping into the security space and in the public sector domain that I was in, you know, security was 70% of what we did. When I look back to sort of the transformation that I was, was witnessing in that digital transformation, you know when I, you look at like 2019 to today, you look at how the IT team and the security teams are, have been forced to break down those barriers that they used to sort of be silo away, would not communicate one, you know, the security guys would be like, Oh this is my BA box it, you're not allowed in today. >>You can't get away with that. And I think that the value that we bring to, you know, and of course Splunk has been a huge leader in that space and continues to do innovation across the board. But I think what we've we're seeing in the space that I was talking with Patrick Kauflin, the SVP of security markets about this, is that, you know, what we've been able to do with Splunk is build a purpose built solution that allows Splunk to eat more data. So Splunk itself, as you well know, it's an ingest engine, right? So the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it, but without data it doesn't do anything, right? So how do you drive and how do you bring more data in? And most importantly from a customer perspective, how do you bring the right data in? >>And so if you think about what node zero and what we're doing in a Horizon three is that, sure we do pen testing, but because we're an autonomous pen testing tool, we do it continuously. So this whole thought of being like, Oh, crud like my customers, Oh yeah, we got a pen test coming up, it's gonna be six weeks. The wait. Oh yeah. You know, and everyone's gonna sit on their hands, Call me back in two months, Chris, we'll talk to you then. Right? Not, not a real efficient way to test your environment and shoot, we, we saw that with Uber this week. Right? You know, and that's a case where we could have helped. >>Well just real quick, explain the Uber thing cause it was a contractor. Just give a quick highlight of what happened so you can connect the >>Dots. Yeah, no problem. So there it was, I think it was one of those, you know, games where they would try and test an environment. And what the pen tester did was he kept on calling them MFA guys being like, I need to reset my password re to set my password. And eventually the customer service guy said, Okay, I'm resetting it. Once he had reset and bypassed the multifactor authentication, he then was able to get in and get access to the domain area that he was in or the, not the domain, but he was able to gain access to a partial part of the network. He then paralleled over to what would I assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains. And so within minutes they had access. And that's the sort of stuff that we do under, you know, a lot of these tools. >>Like not, and I'm not, you know, you think about the cacophony of tools that are out there in a CTA orchestra architecture, right? I'm gonna get like a Zscaler, I'm gonna have Okta, I'm gonna have a Splunk, I'm gonna do this sore system. I mean, I don't mean to name names, we're gonna have crowd strike or, or Sentinel one in there. It's just, it's a cacophony of things that don't work together. They weren't designed work together. And so we have seen so many times in our business through our customer support and just working with customers when we do their pen test, that there will be 5,000 servers out there. Three are misconfigured. Those three misconfigurations will create the open door. Cause remember the hacker only needs to be right once, the defender needs to be right all the time. And that's the challenge. And so that's why I'm really passionate about what we're doing here at Horizon three. I see this my digital transformation, migration and security going on, which we're at the tip of the sp, it's why I joined say Hall coming on this journey and just super excited about where the path's going and super excited about the relationship with Splunk. I get into more details on some of the specifics of that. But you know, >>I mean, well you're nailing, I mean we've been doing a lot of things around super cloud and this next gen environment, we're calling it NextGen. You're really seeing DevOps, obviously Dev SecOps has, has already won the IT role has moved to the developer shift left as an indicator of that. It's one of the many examples, higher velocity code software supply chain. You hear these things. That means that it is now in the developer hands, it is replaced by the new ops, data ops teams and security where there's a lot of horizontal thinking. To your point about access, there's no more perimeter. So >>That there is no perimeter. >>Huge. A hundred percent right, is really right on. I don't think it's one time, you know, to get in there. Once you're in, then you can hang out, move around, move laterally. Big problem. Okay, so we get that. Now, the challenges for these teams as they are transitioning organizationally, how do they figure out what to do? Okay, this is the next step. They already have Splunk, so now they're kind of in transition while protecting for a hundred percent ratio of success. So how would you look at that and describe the challenges? What do they do? What is, what are the teams facing with their data and what's next? What do they, what do they, what action do they take? >>So let's do some vernacular that folks will know. So if I think about dev sec ops, right? We both know what that means, that I'm gonna build security into the app, but no one really talks about SEC DevOps, right? How am I building security around the perimeter of what's going inside my ecosystem and what are they doing? And so if you think about what we're able to do with somebody like Splunk is we could pen test the entire environment from soup to nuts, right? So I'm gonna test the end points through to it. So I'm gonna look for misconfigurations, I'm gonna, and I'm gonna look for credential exposed credentials. You know, I'm gonna look for anything I can in the environment. Again, I'm gonna do it at at light speed. And, and what we're, what we're doing for that SEC dev space is to, you know, did you detect that we were in your environment? >>So did we alert Splunk or the SIM that there's someone in the environment laterally moving around? Did they, more importantly, did they log us into their environment? And when did they detect that log to trigger that log? Did they alert on us? And then finally, most importantly, for every CSO out there is gonna be did they stop us? And so that's how we, we, we do this in, I think you, when speaking with Stay Hall, before, you know, we've come up with this boils U Loop, but we call it fine fix verify. So what we do is we go in is we act as the attacker, right? We act in a production environment. So we're not gonna be, we're a passive attacker, but we will go in un credentialed UN agents. But we have to assume, have an assumed breach model, which means we're gonna put a Docker container in your environment and then we're going to fingerprint the environment. >>So we're gonna go out and do an asset survey. Now that's something that's not something that Splunk does super well, you know, so can Splunk see all the assets, do the same assets marry up? We're gonna log all that data and think then put load that into the Splunk sim or the smoke logging tools just to have it in enterprise, right? That's an immediate future ad that they've got. And then we've got the fix. So once we've completed our pen test, we are then gonna generate a report and we could talk about about these in a little bit later. But the reports will show an executive summary the assets that we found, which would be your asset discovery aspect of that, a fixed report. And the fixed report I think is probably the most important one. It will go down and identify what we did, how we did it, and then how to fix that. >>And then from that, the pen tester or the organization should fix those. Then they go back and run another test. And then they validate through like a change detection environment to see, hey, did those fixes taste, play take place? And you know, SNA Hall, when he was the CTO of JS o, he shared with me a number of times about, he's like, Man, there would be 15 more items on next week's punch sheet that we didn't know about. And it's, and it has to do with how we, you know, how they were prioritizing the CVEs and whatnot because they would take all CVS was critical or non-critical. And it's like we are able to create context in that environment that feeds better information into Splunk and whatnot. That >>Was a lot. That brings, that brings up the, the efficiency for Splunk specifically. The teams out there. By the way, the burnout thing is real. I mean, this whole, I just finished my list and I got 15 more or whatever the list just can, keeps, keeps growing. How did Node zero specifically help Splunk teams be more efficient? Now that's the question I want to get at, because this seems like a very scalable way for Splunk customers and teams, service teams to be more efficient. So the question is, how does Node zero help make Splunk specifically their service teams be more efficient? >>So to, so today in our early interactions with building Splunk customers, what we've seen are five things, and I'll start with sort of identifying the blind spots, right? So kind of what I just talked about with you. Did we detect, did we log, did we alert? Did they stop node zero, right? And so I would, I put that at, you know, a a a more layman's third grade term. And if I was gonna beat a fifth grader at this game would be, we can be the sparring partner for a Splunk enterprise customer, a Splunk essentials customer, someone using Splunk soar, or even just an enterprise Splunk customer that may be a small shop with three people and, and just wants to know where am I exposed. So by creating and generating these reports and then having the API that actually generates the dashboard, they can take all of these events that we've logged and log them in. >>And then where that then comes in is number two is how do we prioritize those logs, right? So how do we create visibility to logs that are, have critical impacts? And again, as I mentioned earlier, not all CVEs are high impact regard and also not all are low, right? So if you daisy chain a bunch of low CVEs together, boom, I've got a mission critical AP CVE that needs to be fixed now, such as a credential moving to an NT box that's got a text file with a bunch of passwords on it, that would be very bad. And then third would be verifying that you have all of the hosts. So one of the things that Splunk's not particularly great at, and they, they themselves, they don't do asset discovery. So do what assets do we see and what are they logging from that? And then for, from, for every event that they are able to identify the, one of the cool things that we can do is actually create this low-code, no-code environment. >>So they could let, you know, float customers can use Splunk. So to actually triage events and prioritize that events or where they're being routed within it to optimize the SOX team time to market or time to triage any given event. Obviously reducing mtr. And then finally, I think one of the neatest things that we'll be seeing us develop is our ability to build glass tables. So behind me you'll see one of our triage events and how we build a lock Lockheed Martin kill chain on that with a glass table, which is very familiar to this Splunk community. We're going to have the ability, not too distant future to allow people to search, observe on those IOCs. And if people aren't familiar with an ioc, it's an incident of compromise. So that's a vector that we want to drill into. And of course who's better at drilling in into data and Splunk. >>Yeah, this is a critical, this is awesome synergy there. I mean I can see a Splunk customer going, Man, this just gives me so much more capability. Action actionability. And also real understanding, and I think this is what I wanna dig into, if you don't mind understanding that critical impact, okay. Is kind of where I see this coming. I got the data, data ingest now data's data. But the question is what not to log, You know, where are things misconfigured? These are critical questions. So can you talk about what it means to understand critical impact? >>Yeah, so I think, you know, going back to those things that I just spoke about, a lot of those CVEs where you'll see low, low, low and then you daisy chain together and you're suddenly like, oh, this is high now. But then to your other impact of like if you're a, if you're a a Splunk customer, you know, and I had, I had several of them, I had one customer that, you know, terabytes of McAfee data being brought in and it was like, all right, there's a lot of other data that you probably also wanna bring, but they could only afford, wanted to do certain data sets because that's, and they didn't know how to prioritize or filter those data sets. And so we provide that opportunity to say, Hey, these are the critical ones to bring in. But there's also the ones that you don't necessarily need to bring in because low CVE in this case really does mean low cve. >>Like an ILO server would be one that, that's the print server where the, your admin credentials are on, on like a, a printer. And so there will be credentials on that. That's something that a hacker might go in to look at. So although the CVE on it is low, if you daisy chain was something that's able to get into that, you might say, ah, that's high. And we would then potentially rank it giving our AI logic to say that's a moderate. So put it on the scale and we prioritize though, versus a, a vulner review scanner's just gonna give you a bunch of CVEs and good luck. >>And translating that if I, if I can and tell me if I'm wrong, that kind of speaks to that whole lateral movement. That's it. Challenge, right? Print server, great example, look stupid low end, who's gonna wanna deal with the print server? Oh, but it's connected into a critical system. There's a path. Is that kind of what you're getting at? >>Yeah, I used daisy chain. I think that's from the community they came from. But it's, it's just a lateral movement. It's exactly what they're doing. And those low level, low critical lateral movements is where the hackers are getting in. Right? So that's what the beauty thing about the, the Uber example is that who would've thought, you know, I've got my multifactor authentication going in a human made a mistake. We can't, we can't not expect humans to make mistakes. Were fall, were fallible, right? Yeah. The reality is is once they were in the environment, they could have protected themselves by running enough pen tests to know that they had certain exposed credentials that would've stopped the breach. Yeah. And they did not, had not done that in their environment. And I'm not poking. Yeah, >>They put it's interesting trend though. I mean it's obvious if sometimes those low end items are also not protected well. So it's easy to get at from a hacker standpoint, but also the people in charge of them can be fished easily or spear fished because they're not paying attention. Cause they don't have to. No one ever told them, Hey, be careful of what you collect. >>Yeah. For the community that I came from, John, that's exactly how they, they would meet you at a, an international event introduce themselves as a graduate student. These are national actor states. Would you mind reviewing my thesis on such and such? And I was at Adobe at the time though I was working on this and start off, you get the pdf, they opened the PDF and whoever that customer was launches, and I don't know if you remember back in like 2002, 2008 time frame, there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it. And John, that's >>Or LinkedIn. Hey I wanna get a joke, we wanna hire you double the salary. Oh I'm gonna click on that for sure. You know? Yeah, >>Right. Exactly. Yeah. The one thing I would say to you is like when we look at like sort of, you know, cuz I think we did 10,000 pen test last year is it's probably over that now, you know, we have these sort of top 10 ways that we think then fine people coming into the environment. The funniest thing is that only one of them is a, a CVE related vulnerability. Like, you know, you guys know what they are, right? So it's it, but it's, it's like 2% of the attacks are occurring through the CVEs, but yet there's all that attention spent to that. Yeah. And very little attention spent to this pen testing side. Yeah. Which is sort of this continuous threat, you know, monitoring space and, and, and this vulnerability space where I think we play such an important role and I'm so excited to be a part of the tip of the spear on this one. >>Yeah. I'm old enough to know the movie sneakers, which I love as a, you know, watching that movie, you know, professional hackers are testing, testing, always testing the environment. I love this. I gotta ask you, as we kind of wrap up here, Chris, if you don't mind the benefits to team professional services from this alliance, big news Splunk and you guys work well together. We see that clearly. What are, what other benefits do professional services teams see from the Splunk and Horizon three AI alliance? >>So if you're a, I think for, from our, our, from both of our partners as we bring these guys together and many of them already are the same partner, right? Is that first off, the licensing model is probably one of the key areas that we really excel at. So if you're an end user, you can buy for the enterprise by the enter of IP addresses you're using. But if you're a partner working with this, there's solution ways that you can go in and we'll license as to MSPs and what that business model on our MSPs looks like. But the unique thing that we do here is this c plus license. And so the Consulting Plus license allows like a, somebody a small to midsize to some very large, you know, Fortune 100, you know, consulting firms uses by buying into a license called Consulting Plus where they can have unlimited access to as many ips as they want. >>But you can only run one test at a time. And as you can imagine when we're going and hacking passwords and checking hashes and decrypting hashes, that can take a while. So, but for the right customer, it's, it's a perfect tool. And so I I'm so excited about our ability to go to market with our partners so that we underhand to sell, understand how not to just sell too or not tell just to sell through, but we know how to sell with them as a good vendor partner. I think that that's one thing that we've done a really good job building bringing into market. >>Yeah. I think also the Splunk has had great success how they've enabled partners and professional services. Absolutely. They've, you know, the services that layer on top of Splunk are multifold tons of great benefits. So you guys vector right into that ride, that wave with >>Friction. And, and the cool thing is that in, you know, in one of our reports, which could be totally customized with someone else's logo, we're going to generate, you know, so I, I used to work at another organization, it wasn't Splunk, but we, we did, you know, pen testing as a, as a for, for customers and my pen testers would come on site, they, they do the engagement and they would leave. And then another really, someone would be, oh shoot, we got another sector that was breached and they'd call you back, you know, four weeks later. And so by August our entire pen testings teams would be sold out and it would be like, wow. And in March maybe, and they'd like, No, no, no, I gotta breach now. And, and, and then when they do go in, they go through, do the pen test and they hand over a PDF and they pat you on the back and say, there's where your problems are, you need to fix it. And the reality is, is that what we're gonna generate completely autonomously with no human interaction is we're gonna go and find all the permutations that anything we found and the fix for those permutations and then once you fixed everything, you just go back and run another pen test. Yeah. It's, you know, for what people pay for one pen test, they could have a tool that does that. Every, every pat patch on Tuesday pen test on Wednesday, you know, triage throughout the week, >>Green, yellow, red. I wanted to see colors show me green, green is good, right? Not red. >>And once CIO doesn't want, who doesn't want that dashboard, right? It's, it's, it is exactly it. And we can help bring, I think that, you know, I'm really excited about helping drive this with the Splunk team cuz they get that, they understand that it's the green, yellow, red dashboard and, and how do we help them find more green so that the other guys are >>In Yeah. And get in the data and do the right thing and be efficient with how you use the data, Know what to look at. So many things to pay attention to, you know, the combination of both and then, then go to market strategy. Real brilliant. Congratulations Chris. Thanks for coming on and sharing this news with the detail around this Splunk in action around the alliance. Thanks for sharing, >>John. My pleasure. Thanks. Look forward to seeing you soon. >>All right, great. We'll follow up and do another segment on DevOps and IT and security teams as the new new ops, but, and Super cloud, a bunch of other stuff. So thanks for coming on. And our next segment, the CEO of Verizon, three AA, will break down all the new news for us here on the cube. You're watching the cube, the leader in high tech enterprise coverage.

(upbeat music) >> Hello, and welcome to today's session at the 2021, AWS Global Public Sector Partner Awards, for the award for the best, Think Big for Small Business Partner. I'm your host Natalie Erlich, and we are now joined by our very special guest, Lisa Brunet, a managing Partner and President of the DLZP Group. Welcome to today's session. Now, I'd love to talk with you about how you got to partner with AWS. >> Sure, I think Natalie, thank you so much for your time today. So we started a journey with AWS back in 2012, we ran into an AWS rep at another conference, and he was talking about how he would love to do some innovative technology, because one of my reps were actually wearing gold glass, and he's like, I need something creative, I need something different. Because right now AWS, Amazon is just known for selling online books, while the cloud is only known for storing photos. So we spent a little bit of time working with them, and we came up with this idea of doing creating the test drive, where people could actually go and try a different product, like we actually did PeopleSoft on AWS. So we were able to prove that large ERP applications could run on the cloud. And that was actually faster and more resilient than having it on premise, and from there, it's been a whirlwind journey with AWS. >> Now terrific, well, how does TBSP open doors for companies and help them understand all of the tools available to them through AWS, as well as APN. >> With the Think Big for Small Business program, what it does, it gives us the opportunity to play with the big guys. So a lot of small businesses have the capabilities, they're very agile, and they have the connections, they have the capabilities. But because of our size, we have limitations on getting the number of certifications, getting the network competencies. So with this program, it evens the playing field for everybody. So now I'm able to like... I've been turned away projects because of my size, because they're like, well you're not certified by AWS at this level. But now I'm at the same level, as some of my some of the larger primes, and I'm able to compete with them head to head now. >> So has this kind of like democratizing effect. >> Yes, it does. >> Terrific. Well, to expand a bit more on how, the Think Big program has helped us overcome other kind of obstacles. >> For us, a big obstacle was always with the competencies and the certifications. So before, we would never eligible to get a competency, even though we were the ones that proved that PeopleSoft could run on the clouds. So we had the competency for Oracle Applications, we had the competency from Microsoft, but we could never, we're never eligible to actually get the competency because we were not advanced partner. And then also with the training, we were always being hindered, because we couldn't get all the discounts available at a certain level for the trading, so we had to pay full retail price. Now we get a discount, so I can send everybody for training to make sure that everybody is up to date on their certifications. >> And how do you assess your experience as an AWS partner? >> I love it, I love being an AWS partner, and that's I think what really makes the difference is the employees at AWS, they stand by us for everything. We know, of course we do give a lot of benefits to them, but anytime I have a need, I have everybody's number, I can reach out to anybody on their team and say, I need assistance with this, I'm looking to try to accomplish this, and they'll do anything they can to help us. >> And do you have any advice for other companies who might be interested in moving in that direction as well. >> For any small business, I think that Think Big for Small Business program is a great idea, just as long as you're willing to put the hard work in, and you can prove to AWS that you're willing to work hard, they'll reciprocate and work with you to create this great, to make you a great partner. >> And I'd love to hear more about your company, DLZP Group, tell us about your core market. >> So we actually were split between three different main markets. We try to be equal between public sector, private sector and federal. We are just starting our federal journey. We recently became AA certified, so we're looking to expand in the federal journey, but for us, we try to make sure that we are, we don't have too strong, we don't have more than like 33% of our income coming from any one sector, just because if there's a crisis like with the federal, when they shut down for six months, I don't want to have to layoff my employees, I value my employees too much have to say, I'm sorry, I have to lay you off. So we made sure we're resilient, and we're able to handle any customer at any given time. >> Well, let's talk about resilience, I mean, how do you ensure that you're resilient? Obviously, you've had some really tough time, in the last year or so with a pandemic, I mean, what's your advice for companies that are looking to become even more resilient in the years ahead? >> For us, I think a big thing is we've always worked hard to make sure that we offer a quality product for our customers. So that really helped us on the downtime's. When everybody was struggling, keep the doors open, our customers stood by us, because we've had a proven track record to make sure that we offer them the best solution, were there for them when they need us. So they came to rely on us and they would use this with during the past year during the pandemic. >> And if you could outline just in further detail your business model for our viewers. >> So we actually are 100% remote, and I have staff around the world. We purposely, strategically, like have everybody around the world, because some of our customers are global. We have to offer 24/7 support for them, especially nowadays. But another part was because of disaster recovery. I'm based in Houston, Texas. So we're known for getting hurricanes, that means sometimes I can be without power for three weeks. But I don't want that to affect my customers, I don't want them to feel that they can't come to us, but knowing that if a hurricane comes through, I might know my employees are going to be able to work. So we made sure that we have a great disaster recovery plan, we have where no matter what happens, manmade or natural disaster, we're able to support our customers, without any with any without a pause. And then we also make sure that all of our employees, they have a quality work life balance, and I think that also helps because that shows the clients, that we value our employees, and it makes them want to work with us more, because our employees are happy, they're happy to work with us, because they know that well (crackling drowns out speaker) >> And describe to us in greater detail, the core technology and its key benefits. >> Well, a lot we do is around AWS. So, when we first started with them, as I mentioned, we started with them with the test drive and ERP applications, but then we expanded our services, we started working with serverless, when we first heard about serverless, we were like this is a game changer. We can do almost anything on serverless and save so much money. So we years ago, we went and built our website, so it's 100% serverless. So it costs us a couple pennies a month to run, versus if you think about a traditional website, that's a couple hundred dollars a month to run, and then we started playing with machine learning. So we're now developing internal projects, where we're using machine learning for a number of applications, and we're going to keep expanding, where we're going to have a full suite of applications to give to our customers that will be run at 100% serverless using machine learning. >> Yeah, really terrific. What are your goals for the next year? What is your vision for 2021? >> My goal is to do a little bit more than federal, we're actually expanding to Canada as well. So we have officially launched there, we have employees in Canada that are working in different areas in different provinces and with the federal government to try to help AWS grow there. >> Terrific, and I thought it was just so fascinating, how you're mitigating disaster, and you know, really pushing your business forward, you know, thinking geographically, and that's something that we kind of had to all figured out with a pandemic. So in a way your business has been like a bit of step ahead of the others, and what other ways are you trying to kind of be a step ahead of the curve from the competition. >> So we're looking to stay ahead of the curve by making sure we have the right resources in place, so we do a lot, making sure that when we bring somebody on, we make sure that they're aware that this is a team based company, you're not going to be working individually on one project. We were very big on spec, so we're always making sure that, no matter what level you come in, even if you're just an intern here for the summer, you're running a project, you're getting that real world experience, you're going to even have times where I'm reporting to you, when you have to make sure I'm a accountable for the work. And that helps also build respect amongst the peers, because they know what it takes to run a project, and they're going to make sure that they do a good job, because nobody wants to see their peers if you fail. >> Yeah, well excellent insights, I agree with you. Lisa Brunet, a managing partner and president of the DLZP Group. That's all for this session, I'm your host Natalie Erlich, thank you so much for watching. (upbeat music)

>> From theCUBE studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR, this is Breaking Analysis with Dave Vellante. >> In our 2020 predictions post, we said that organizations would begin to operationalize their digital transformation experiments and POCs. We also said that based on spending data that cybersecurity companies like CrowdStrike and Okta were poised to rise above the rest in 2020, and we even said the S&P 500 would surpass 3,700 this year. Little did we know that we'd have a pandemic that would make these predictions a virtual lock, and, of course, COVID did blow us out of the water in some other areas, like our prediction that IT spending would increase plus 4% in 2020, when in reality, we have a dropping by 4%. We made a number of other calls that did pretty well, but I'll let you review last year's predictions at your leisure to see how we did. Hello, everyone. This is Dave Vellante and welcome to this week's Wikibon CUBE Insights powered by ETR. Erik Bradley of ETR is joining me again for this Breaking Analysis, and we're going to lay out our top picks for 2021. Erik, great to see you. Welcome back. Happy to have you on theCUBE, my friend. >> Always great to see you too, Dave. I'm excited about these picks this year. >> Well, let's get right into it. Let's bring up the first prediction here. Tech spending will rebound in 2021. We expect a 4% midpoint increase next year in spending. Erik, there are a number of factors that really support this prediction, which of course is based on ETR's most recent survey work, and we've listed a number of them here in this slide. I wonder if we can talk about that a little bit, the pace of the vaccine rollout. I've called this a forced march to COVID, but I can see people doubling down on things that are working. Productivity improvements are going to go back into the business. People are going to come back to the headquarters and that maybe is going to spur infrastructure on some pent-up demand, and work from home, we're going to talk about that. What are your thoughts on this prediction? >> Well, first of all, you weren't wrong last year. You were just, (laughs) you were just delayed. Just delayed a little bit, that's all. No, very much so. Early on, just three months ago, we were not seeing this optimism. The most recent survey, however, is capturing 4%. I truly believe that still might be a little bit mild. I think it can go even higher, and that's going to be driven by some of the things you've said about. This is a year where a lot of spending was paused on machine learning, on automation, on some of these projects that had to be stopped because of what we all went through. Right now, that is not a nice to have, it's a must have, and that spending is going quickly. There's a rapid pace on that spending, so I do think that's going to push it and, of course, security. We're going to get to this later on so I don't want to bury the lede, but with what's happening right now, every CISO I speak to is not panicked, but they are concerned and there will definitely be increased security spending that might push this 4% even higher. >> Yeah, and as we've reported as well, the survey data shows that there's less freezing of IT, there are fewer layoffs, there's more hiring, we're accelerating IT deployments, so that, I think, 34% last survey, 34% of organizations are accelerating IT deployments over the next three months, so that's great news. >> And also your point too about hiring. I was remiss in not bringing that up because we had layoffs and we had freezes on hiring. Both of that is stopping. As you know, as more head count comes in, whether that be from home or whether that be in your headquarters, both of those require support and require spending. >> All right, let's bring up the next prediction. Remote worker trends are going to become fossilized, settling in at an average of 34% by year-end 2021. Now, I love this chart, you guys. It's been amazingly consistent to me, Erik. We're showing data here from ETR's latest COVID survey. So it shows that prior to the pandemic, about 15 to 16% of employees on average worked remotely. That jumped to where we are today and well into the 70s, and we're going to stay close to that, according to the ETR data, in the first half of 2021, but by the end of the year, it's going to settle in at around 34%. Erik, that's double the pre-pandemic numbers and that's been consistent in your surveys over the past six month, and even within the sub-samples. >> Yeah, super surprised by the consistency, Dave. You're right about that. We were expecting the most recent data to kind of come down, right? We see the vaccines being rolled out. We kind of thought that that number would shift, but it hasn't, it has been dead consistent, and that's just from the data perspective. What we're hearing from the interviews and the feedback is that's not going to change, it really isn't, and there's a main reason for that. Productivity is up, and we'll talk about that in a second, but if you have productivity up and you have employees happy, they're not commuting, they're working more, they're working effectively, there is no reason to rush. And now imagine if you're a company that's trying to hire the best talent and attract the best talent but you're also the only company telling them where they have to live. I mean, good luck with that, right? So even if a few of them decide to make this permanent, that's something where you're going to really have to follow suit to attract talent. >> Yeah, so let's talk about that. Productivity leads us to our next prediction. We can bring that up. Number three is productivity increases are going to lead organizations to double down on the successes of 2020 and productivity apps are going to benefit. Now, of course, I'm always careful to cautious to interpret when you ask somebody by how much did productivity increase. It's a very hard thing to estimate depending on how you measure it. Is it revenue per employee? Is it profit? But nonetheless, the vast majority of people that we talk to are seeing productivity is going up. The productivity apps are really the winners here. Who do you see, Erik, as really benefiting from this trend? This year we saw Zoom, Teams, even Webex benefit, but how do you see this playing out in 2021? >> Well, first of all, the real beneficiaries are the companies themselves because they are getting more productivity, and our data is not only showing more productivity, but that's continuing to increase over time, so that's number one. But you're 100% right that the reason that's happening is because of the support of the applications and what would have been put in place. Now, what we do expect to see here, early on it was a rising tide lifted all boats, even Citrix got pulled up, but over time you realize Citrix is really just about legacy applications. Maybe that's not really the virtualization platform we need or maybe we just don't want to go that route at all. So the ones that we think are going to win longer term are part of this paradigm shift. The easiest one to put out as example is DocuSign. Nobody is going to travel and sit in an office to sign a paper ever again. It's not happening. I don't care if you go back to the office or you go back to headquarters. This is a paradigm shift that is not temporary. It is permanent. Another one that we're seeing is Smartsheet. Early on it started in. I was a little concerned about it 'cause it was a shadow IT type of a company where it was just spreading and spreading and spreading. It's turned out that this, the data on Smartsheet is continuing to be strong. It's an effective tool for project management when you're remotely working, so that's another one I don't see changing anytime. The other one I would call out would be Twilio. Slightly different, yes. It's more about the customer experience, but when you look at how many brick and mortar or how many in-person transactions have moved online and will stay there, companies like Twilio that support that customer experience, I'll throw out a Qualtrics out there as well, not a name we hear about a lot, but that customer experience software is a name that needs to be watched going forward. >> What do you think's going to happen to Zoom and Teams? Certainly Zoom just escalated this year, a huge ascendancy, and Teams I look at a little differently 'cause it's not just video conferencing, and both have done really, really well. How do you interpret the data that you're seeing there? >> There's no way around it, our data is decelerating quickly, really quickly. We were kind of bullish when Zoom first came out on the IPO prospects. It did very well. Obviously what happened in this remote shift turned them into an absolute overnight huge success. I don't see that continuing going forward, and there's a reason. What we're seeing and hearing from our feedback interviews is that now that people recognize this isn't temporary and they're not scrambling and they need to set up for permanency, they're going to consolidate their spend. They don't need to have Teams and Zoom. It's not necessary. They will consolidate where they can. There's always going to be the players that are going to choose Slack and Zoom 'cause they don't want to be on Microsoft architecture. That's fine, but you and I both know that the majority of large enterprises have Microsoft already. It's bundled in in pricing. I just don't see it happening. There's going to be M&A out there, which we can talk about again soon, so maybe Zoom, just like Slack, gets to a point where somebody thinks it's worthwhile, but there's a lot of other video conferencing out there. They're trying to push their telephony. They're trying to push their mobile solutions. There's a lot of companies out there doing it, so we'll see, but the current market cap does not seem to make sense in a permanent remote work situation. >> I think I'm inferring Teams is a little different because it's Microsoft. They've got this huge software estate they can leverage. They can bundle. Now, it's going to be interesting to see how and if Zoom can then expand its TAM, use its recent largesse to really enter potentially new markets. >> It will be, but listen, just the other day there was another headline that one of Zoom's executives out in China was actually blocking content as per directed by the Chinese government. Those are the kind of headlines that just really just get a little bit difficult when you're running a true enterprise size. Zoom is wonderful in the consumer space, but what I do is I research enterprise technology, and it's going to be really, really difficult to make inroads there with Microsoft. >> Yep. I agree. Okay, let's bring up number four, prediction number four. Permanent shifts in CISO strategies lead to measurable share shifts in network security. So the remote work sort of hyper-pivot, we'll call it, it's definitely exposed us. We've seen recent breaches that underscore the need for change. They've been well-publicized. We've talked a lot about identity access management, cloud security, endpoint security, and so as a result, we've seen the upstarts, and just a couple that we called, CrowdStrike, Okta, Zscaler has really benefited and we expect them to continue to show consistent growth, some well over 50% revenue growth. Erik, you really follow this space closely. You've been focused on microsegmentation and other, some of the big players. What are your thoughts here? >> Yeah, first of all, security, number one in spending overall when we started looking and asking people what their priority is going to be. That's not changing, and that was before the SolarWinds breach. I just had a great interview today with a CISO of a global hospitality enterprise to really talk about the implications of this. It is real. Him and his peers are not panicking but pretty close, is the way he put it, so there is spend happening. So first of all, to your point, continued on Okta, continued on identity access. See no reason why that changes. CrowdStrike, continue. What this is going to do is bring in some new areas, like we just mentioned, in network segmentation. Illumio is a pure play in that name that doesn't have a lot of citations, but I have watched over the last week their net spending score go from about 30 to 60%, so I am watching in real time, as this data comes in in the later part of our survey, that it's really happening Forescout is another one that's in there. We're seeing some of the zero trust names really picking up in the last week. Now, to talk about some of the more established names, yeah, Cisco plays in this space and we can talk about Cisco and what they're doing in security forever. They're really reinventing themselves and doing a great job. Palo Alto was in this space as well, but I do believe that network and microsegmentation is going to be something that's going to continue. The other one I'm going to throw out that I'm hearing a lot about lately is user behavior analytics. People need to be able to watch the trends, compare them to past trends, and catch something sooner. Varonis is a name in that space that we're seeing get a lot of adoptions right now. It's early trend, but based on our data, Varonis is a name to watch in that area as well. >> Yeah, and you mentioned Cisco transitioning, reinventing themselves toward a SaaS player. Their subscription, Cisco's security business is a real bright spot for them. Palo Alto, every time I sit in on a VENN, which is ETR's proprietary roundtable, the CISOs, they love Palo Alto. They want to work, many of them, anyway, want to work with Palo Alto. They see them as a thought leader. They seem to be getting their cloud act together. Fortinet has been doing a pretty good job there and especially for mid-market. So we're going to see this equilibrium, best of breed versus the big portfolio companies, and I think 2021 sets up as a really interesting battle for those guys with momentum and those guys with big portfolios. >> I completely agree and you nailed it again. Palo Alto has this perception that they're really thought leaders in the space and people want to work with them, but let's not rule Cisco out. They have a much, much bigger market cap. They are really good at acquisitions. In the past, they maybe didn't integrate them as well, but it seems like they're getting their act together on that. And they're pushing now what they call SecureX, which is sort of like their own full-on platform in the cloud, and they're starting to market that, I'm starting to hear more about it, and I do think Cisco is really changing people's perception of them. We shall see going forward because in the last year, you're 100% right, Palo Alto definitely got a little bit more of the sentiment, of positive sentiment. Now, let's also realize, and we'll talk about this again in a bit, there's a lot of players out there. There will probably be continued consolidation in the security space, that we'll see what happens, but it's an area where spending is increasing, there is a lot of vendors out there to play with, and I do believe we'll see consolidation in that space. >> Yes. No question. A highly fragmented business. A lack of skills is a real challenge. Automation is a big watch word and so I would expect, which brings us, Erik, to prediction number five. Can be hard to do prediction posts without talking about M&A. We see the trend toward increased tech spending driving more IPOs, SPACs and M&A. We've seen some pretty amazing liquidity events this year. Snowflake, obviously a big one. Airbnb, DoorDash, outside of our enterprise tech but still notable. Palantir, JFrog, number of others. UiPath just filed confidentially and their CEO said, "Over the next 12 to 18 months, I would think Automation Anywhere is going to follow suit at some point." Hashicorp was a company we called out in our 2020 predictions as one to watch along with Snowflake and some others, and, Erik, we've seen some real shifts in observability. The ELK Stack gaining prominence with Elastic, ChaosSearch just raised 40 million, and everybody's going after 5G. Lots of M&A opportunities. What are your thoughts? >> I think if we're going to make this a prediction show, I'm going to say that was a great year, but we're going to even have a better year next year. There is a lot of cash on the balance sheet. There are low interest rates. There is a lot of spending momentum in enterprise IT. The three of those set up for a perfect storm of more liquidity events, whether it be continued IPOs, whether it could be M&A, I do expect that to continue. You mentioned a lot of the names. I think you're 100% right. Another one I would throw out there in that observability space, is it's Grafana along with the ELK Stack is really making changes to some of the pure plays in that area. I've been pretty vocal about how I thought Splunk was having some problems. They've already made three acquisitions. They are trying really hard to get back up and keep that growth trajectory and be the great company they always have been, so I think the observability area is certainly one. We have a lot of names in that space that could be taken out. The other one that wasn't mentioned, however, that I'd like to mention is more in the CDN area. Akamai being the grandfather there, and we'll get into it a little bit too, but CloudFlare has a huge market cap, Fastly running a little bit behind that, and then there's Limelight, and there's a few startups in that space and the CDN is really changing. It's not about content delivery as much as it is about edge compute these days, and they would be a real easy takeout for one of these large market cap names that need to get into that spot. >> That's a great call. All right, let's bring up number six, and this is one that's near and dear to my heart. It's more of a longer-term prediction and that prediction is in the 2020s, 75% of large organizations are going to re-architect their big data platforms, and the premise here is we're seeing a rapid shift to cloud database and cross-cloud data sharing and automated governance. And the prediction is that because big data platforms are fundamentally flawed and are not going to be corrected by incremental improvements in data lakes and data warehouses and data hubs, we're going to see a shift toward a domain-centric ownership of the data pipeline where data teams are going to be organized around data product or data service builders and embedded into lines of business. And in this scenario, the technology details and complexity will become abstracted. You've got hyper-specialized data teams today. They serve multiple business owners. There's no domain context. Different data agendas. Those, we think, are going to be subsumed within the business lines, and in the future, the primary metric is going to shift from the cost and the quality of the big data platform outputs to the time it takes to go from idea to revenue generation, and this change is going to take four to five years to coalesce, but it's going to begin in earnest in 2021. Erik, anything you'd add to this? >> I'm going to let you kind of own that one 'cause I completely agree, and for all the listeners out there, that was Dave's original thought and I think it's fantastic and I want to get behind it. One of the things I will say to support that is big data analytics, which is what people are calling it because they got over the hype of machine learning, they're sick of vendors saying machine learning, and I'm hearing more and more people just talk about it as we need big data analytics, we need 'em at the edge, we need 'em faster, we need 'em in real time. That's happening, and what we're seeing more is this is happening with vendor-agnostic tools. This isn't just AWS-aligned. This isn't just GCP-aligned or Azure-aligned. The winners are the Snowflakes. The winners are the Databricks. The winners are the ones that are allowing this interoperability, the portability, which fully supports what you're saying. And then the only other comment I would make, which I really like about your prediction, is about the lines of business owning it 'cause I think this is even bigger. Right now, we track IT spending through the CIO, through the CTO, through IT in general. IT spending is actually becoming more diversified. IT spending is coming under the purview of marketing, it's coming under the purview of sales, so we're seeing more and more IT spending, but it's happening with the business user or the business lines and obviously data first, so I think you're 100% right. >> Yeah, and if you think about it, we've contextualized our operational systems, whether it's the CRM or the supply chain, the logistics, the business lines own their respective data. It's not true for the analytics systems, and we talked about Snowflake and Databricks. I actually see these two companies who were sort of birds of a feather in the early days together, applying Databricks machine learning on top of Snowflake, I actually see them going in diverging places. I see Databricks trying to improve on the data lake. I see Snowflake trying to reinvent the concept of data warehouse to this global mesh, and it's going to be really interesting to see how that shakes out. The data behind Snowflake, obviously very, very exciting. >> Yeah, it's just, real quickly to add on that if we have time, Dave. >> Yeah, sure. >> We all know the valuation of Snowflake, one of the most incredible IPOs I've seen in a long time. The data still supports it. It still supports that growth. Unfortunately for Databricks, their IPO has been a little bit more volatile. If you look at their stock chart every time they report, it's got a little bit of a roller coaster ride going on, and our most recent data for Databricks is actually decelerating, so again, I'm going to use the caveat that we only have about 950 survey responses in. We'll probably get that up to 1,300 or so, so it's not done yet, but right now we are putting Databricks into a category where we're seeing it decelerate a little bit, which is surprising for a company that's just right out of the gate. >> Well, it's interesting because I do see Databricks as more incremental on data lakes and I see Snowflake as more transformative, so at least from a vision standpoint, we'll see if they can execute on that. All right, number seven, let's bring up number seven. This is talking about the cloud, hybrid cloud, multi-cloud. The battle to define hybrid and multi-cloud is going to escalate in 2021. It's already started and it's going to create bifurcated CIO strategies. And, Erik, spending data clearly shows that cloud is continuing its steady margin share gains relative to on-prem, but the definitions of the cloud, they're shifting. Just a couple of years ago, AWS, they never talk about hybrid, just like they don't talk about multi-cloud today, yet AWS continues now to push into on-prem. They treat on-prem as just another node at the edge and they continue to win in the marketplace despite their slower growth rates. Still, they're so large now. 45 billion or so this year. The data is mixed. This ETR data shows that just under 50% of buyers are consolidating workloads, and then a similar, in the cloud workloads, and a similar percentage of customers are spreading evenly across clouds, so really interesting dynamic there. Erik, how do you see it shaking out? >> Yeah, the data is interesting here, and I would actually state that overall spend on the cloud is actually flat from last year, so we're not seeing a huge increase in spend, and coupled with that, we're seeing that the overall market share, which means the amount of responses within our survey, is increasing, certainly increasing. So cloud usage is increasing, but it's happening over an even spectrum. There's no clear winner of that market share increase. So they really, according to our data, the multi-cloud approach is happening and not one particular winner over another. That's just from the data perspective that various do point on AWS. Let's be honest, when they first started, they wanted all the data. They just want to take it from on-prem, put it in their data center. They wanted all of it. They never were interested in actually having interoperability. Then you look at an approach like Google. Google was always about the technology, but not necessarily about the enterprise customer. They come out with Anthos which is allowing you to have interoperability in more cloud. They're not nearly as big, but their growth rate is much higher. Law of numbers, of course. But it really is interesting to see how these cloud players are going to approach this because multi-cloud is happening whether they like it or not. >> Well, I'm glad you brought up multi-cloud in a context of what the data's showing 'cause I would agree we're, and particularly two areas that I would call out in ETR data, VMware Cloud on AWS as well as VM Cloud Foundation are showing real momentum and also OpenStack from Red Hat is showing real progress here and they're making moves. They're putting great solutions inside of AWS, doing some stuff on bare metal, and it's interesting to see. VMware, basically it's the VMware stack. They want to put that everywhere. Whereas Red Hat, similarly, but Red Hat has the developer angle. They're trying to infuse Red Hat in throughout everybody's stack, and so I think Red Hat is going to be really interesting to, especially to the extent that IBM keeps them, sort of lets them do their own thing and doesn't kind of pollute them. So, so far so good there. >> Yeah, I agree with that. I think you brought up the good point about it being developer-friendly. It's a real option as people start kicking a little bit more of new, different developer ways and containers are growing, growing more. They're not testing anymore, but they're real workloads. It is a stack that you could really use. Now, what I would say to caveat that though is I'm not seeing any net new business go to IBM Red Hat. If you were already aligned with that, then yes, you got to love these new tools they're giving you to play with, but I don't see anyone moving to them that wasn't already net new there and I would say the same thing with VMware. Listen, they have a great entrenched base. The longer they can kick that can down the road, that's fantastic, but I don't see net new customers coming onto VMware because of their alignment with AWS. >> Great, thank you for that. That's a good nuance. Number eight, cloud, containers, AI and ML and automation are going to lead 2021 spending velocity, so really is those are the kind of the big four, cloud, containers, AI, automation, And, Erik, this next one's a bit nuanced and it supports our first prediction of a rebound in tech spending next year. We're seeing cloud, containers, AI and automation, in the form of RPA especially, as the areas with the highest net scores or spending momentum, but we put an asterisk around the cloud because you can see in this inserted graphic, which again is preliminary 'cause the survey's still out in the field and it's just a little tidbit here, but cloud is not only above that 40% line of net score, but it has one of the higher sector market shares. Now, as you said, earlier you made a comment that you're not necessarily seeing the kind of growth that you saw before, but it's from a very, very large base. Virtually every sector in the ETR dataset with the exception of outsourcing and IT consulting is seeing meaningful upward spending momentum, and even those two, we're seeing some positive signs. So again, with what we talked about before, with the freezing of the IT projects starting to thaw, things are looking much, much better for 2021. >> I'd agree with that. I'm going to make two quick comments on that, one on the machine learning automation. Without a doubt, that's where we're seeing a lot of the increase right now, and I've had a multiple number of people reach out or in my interviews say to me, "This is very simple. These projects were slated to happen in 2020 and they got paused. It's as simple as that. The business needs to have more machine learning, big data analytics, and it needs to have more automation. This has just been paused and now it's coming back and it's coming back rapidly." Another comment, I'm actually going to post an article on LinkedIn as soon as we're done here. I did an interview with the lead technology director, automation director from Disney, and this guy obviously has a big budget and he was basically saying UiPath and Automation Anywhere dominate RPA, and that on top of it, the COVID crisis greatly accelerated automation, greatly accelerated it because it had to happen, we needed to find a way to get rid of these mundane tasks, we had to put them into real workloads. And another aspect you don't think about, a lot of times with automation, there's people, employees that really have friction. They don't want to adopt it. That went away. So COVID really pushed automation, so we're going to see that happening in machine learning and automation without a doubt. And now for a fun prediction real quick. You brought up the IT outsourcing and consulting. This might be a little bit more out there, the dark horse, but based on our data and what we're seeing and the COVID information about, you said about new projects being unwrapped, new hiring happening, we really do believe that this might be the bottom on IT outsourcing and consulting. >> Great, thank you for that, and then that brings us to number nine here. The automation mandate is accelerating and it will continue to accelerate in 2021. Now, you may say, "Okay, well, this is a lay-up," but not necessarily. UiPath and Automation Anywhere go public and Microsoft remains a threat. Look, UiPath, I've said UiPath and Automation Anywhere, if they were ready to go public, they probably would have already this year, so I think they're still trying to get their proverbial act together, so this is not necessarily a lay-up for them from an operational standpoint. They probably got some things to still clean up, but I think they're going to really try to go for it. If the markets stay positive and tech spending continues to go forward, I think we can see that. And I would say this, automation is going mainstream. The benefits of taking simple RPA tools to automate mundane tasks with software bots, it's both awakened organizations to the possibilities of automation, and combined with COVID, it's caused them to get serious about automation. And we think 2021, we're going to see organizations go beyond implementing point tools, they're going to use the pandemic to restructure their entire business. Erik, how do you see it, and what are the big players like Microsoft that have entered the market? What kind of impact do you see them having? >> Yeah, completely agree with you. This is a year where we go from small workloads into real deployment, and those two are the leader. In our data, UiPath by far the clear leader. We are seeing a lot of adoptions on Automation Anywhere, so they're getting some market sentiment. People are realizing, starting to actually adopt them. And by far, the number one is Microsoft Power Automate. Now, again, we have to be careful because we know Microsoft is entrenched everywhere. We know that they are good at bundling, so if I'm in charge of automation for my enterprise and I'm already a Microsoft customer, I'm going to use it. That doesn't mean it's the best tool to use for the right job. From what I've heard from people, each of these have a certain area where they are better. Some can get more in depth and do heavier lifting. Some are better at doing a lot of projects at once but not in depth, so we're going to see this play out. Right now, according to our data, UiPath is still number one, Automation Anywhere is number two, and Microsoft just by default of being entrenched in all of these enterprises has a lot of market share or mind share. >> And I also want to do a shout out to, or a call out, not really a shout out, but a call out to Pegasystems. We put them in the RPA category. They're covered in the ETR taxonomy. I don't consider them an RPA vendor. They're a business process vendor. They've been around for a long, long time. They've had a great year, done very, very well. The stock has done well. Their spending momentum, the early signs in the latest survey are just becoming, starting to moderate a little bit, but I like what they've done. They're not trying to take UiPath and Automation Anywhere head-on, and so I think there's some possibilities there. You've also got IBM who went to the market, SAP, Infor, and everybody's going to hop on the bandwagon here who's a software player. >> I completely agree, but I do think there's a very strong line in the sand between RPA and business process. I don't know if they're going to be able to make that transition. Now, business process also tends to be extremely costly. RPA came into this with trying to be, prove their ROI, trying to say, "Yeah, we're going to cost a little bit of money, but we're going to make it back." Business process has always been, at least the legacies, the ones you're mentioning, the Pega, the IBMs, really expensive. So again, I'm going to allude to that article I'm about to post. This particular person who's a lead tech automation for a very large company said, "Not only are UiPath and AA dominating RPA, but they're likely going to evolve to take over the business process space as well." So if they are proving what they can do, he's saying there's no real reason they can't turn around and take what Appian's doing, what IBM's doing and what Pega's doing. That's just one man's opinion. Our data is not actually tracking it in that space, so we can't back that, but I did think it was an interesting comment for and an interesting opportunity for UiPath and Automation Anywhere. >> Yeah, it's always great to hear directly from the mouths of the practitioners. All right, brings us to number 10 here. 5G rollouts are going to push new edge IoT workloads and necessitate new system architectures. AI and real-time inferencing, we think, require new thinking, particularly around processor and system design, and the focus is increasingly going to be on efficiency and at much, much lower costs versus what we've known for decades as general purpose workloads accommodating a lot of different use cases. You're seeing alternative processors like Nvidia, certainly the ARM acquisition. You've got companies hitting the market like Fungible with DPAs, and they're dominating these new workloads in the coming decade, we think, and they continue to demonstrate superior price performance metrics. And over the next five years they're going to find their way, we think, into mainstream enterprise workloads and put continued pressure on Intel general purpose microprocessors. Erik, look, we've seen cloud players. They're diversifying their processor suppliers. They're developing their own in-house silicon. This is a multi-year trend that's going to show meaningful progress next year, certainly if you measure it in terms of innovations, announcements and new use cases and funding and M&A activity. Your thoughts? >> Yeah, there's a lot there and I think you're right. It's a big trend that's going to have a wide implication, but right now, it's there's no doubt that the supply and demand is out of whack. You and I might be the only people around who still remember the great chip famine in 1999, but it seems to be happening again and some of that is due to just overwhelming demand, like you mentioned. Things like IoT. Things like 5G. Just the increased power of handheld devices. The remote from work home. All of this is creating a perfect storm, but it also has to do with some of the chip makers themselves kind of misfired, and you probably know the space better than me, so I'll leave you for that on that one. But I also want to talk a little bit, just another aspect of this 5G rollout, in my opinion, is we have to get closer to the edge, we have to get closer to the end consumer, and I do believe the CDN players have an area to play in this. And maybe we can leave that as there and we could do this some other time, but I do believe the CDN players are no longer about content delivery and they're really about edge compute. So as we see IoT and 5G roll out, it's going to have huge implications on the chip supply. No doubt. It's also could have really huge implications for the CDN network. >> All right, there you have it, folks. Erik, it's great working with you. It's been awesome this year. I hope we can do more in 2021. Really been a pleasure. >> Always. Have a great holiday, everybody. Stay safe. >> Yeah, you too. Okay, so look, that's our prediction for 2021 and the coming decade. Remember, all these episodes are available as podcasts. All you got to do is search Breaking Analysis podcast. You'll find it. We publish each week on wikibon.com and siliconangle.com, and you got to check out etr.plus. It's where all the survey action is. Definitely subscribe to their services if you haven't already. You can DM me @dvellante or email me at david.vellante@siliconangle.com. This is Dave Vellante for Erik Bradley for theCUBE Insights powered by ETR. Thanks for watching, everyone. Be well and we'll see you next time. (relaxing music)

>> From theCUBE studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is breaking analysis with Dave Vellante. >> Robotic process automation solutions remain one of the most attractive investments for IT buyers. This is despite our overall 2020 IT spending forecast, which remained depressed at minus four to minus 5% for the year. Relative to previous surveys, we do see some softness in traditional RPA strongholds such as large financial services and big insurance and giant public and privates. But RPA relative to other IT investments remains at the top as a sector with the highest spending momentum ahead of machine learning, ahead of AI, ahead of containers, and ahead of cloud computing. Hello, everyone, this is Dave Vellante, and welcome to this week's Wikibon Cube Insights powered by ETR. In this breaking analysis, we want to update you on the latest RPA trends and share fresh ETR data with our community. So let's get right into it with a quick summary. Now, as I said, despite our pretty tepid IT spending outlook for the entire year in 2020, demand for RPA software continues to grow at a 60 to 70% clip. Now remember, RPA mimics human computer interactions, it uses software scripts or robots that execute human tasks in a runtime assembly of discrete steps. The practice first became popular for back office functions mostly, is unattended bots. The pandemic appears to be accelerating front office adoption and this is creating a bit of a schism between front and back office. Digital transformation initiatives in many ways, they're going to create the connective tissue between front and back of the house. Now competitive dynamics are heating up. The two emergent leaders Automation Anywhere and UiPath are separating from the pack. Large incumbent software vendors like Microsoft, IBM and SAP are entering the market and positioning RPA as a feature. Meanwhile, legacy business process automation players continue to focus on taking their install bases on a broader automation journey. However, all three of these constituents are on a collision course in our view, where deeper automation objective is kind of the North Star. Now there are two material changes to our previous scenario. First, we've expanded our thinking on the RPA TAM, and we're extending this toward a broader automation agenda more consistent with buyer goals. In other words, the TAM is much larger than we initially thought, and we'll explain why. Second, we no longer see this as a winner take all or even winner take most market. In this segment, we'll look deeper into the leaders and share some new data. In particular, well, it appeared in our previous analysis that UiPath was running the table in the market, we see a much more textured, competitive dynamic setting up. And the data suggests that other players including Automation Anywhere, and even some of the larger incumbents will challenge UiPath for leadership in this space. Now, as with many developing software markets, the ultimate leader is not crystal clear at this point. Let's talk about the effects of the pandemic. A conventional wisdom really suggests and by the way, we would agree that the automation mandate has accelerated by several years due to Coronavirus. It's three points here. One is that yes, COVID has put digital transformation on the front burner of executives priority lists. Second is automation isn't trivial. So there's a real difference between wanting and achieving. And third, we believe there's another driver for the automation mandate, which will survive a vaccine or herd immunity, and that is the productivity gap. So this chart here underscores that point and was brought to our attention by a friend of ours, Dave Moschella. Specifically, we've seen a noticeable decline in productivity in the US and EU, since remember the personal productivity boom from the personal computer? The PC and the internet brought forth those trends in Moschella's premise and we agree is that in order to solve the grand challenges of the 2020s and beyond automation is going to be necessary. Think about climate change, global competitiveness, aging populations and infrastructure, massive deficits, mass immigration, sustainable food sources, healthcare. These are all going to require huge injections of automation into the system to solve problems associated with these areas. Human labor just isn't the answer. So this in part has influenced our expanded thinking on the total available market. The diagram we're showing here updates our expectations on the TAM for RPA. The first takeaway is that we're envisioning a market for business automation well beyond software bots, which are represented really in the first two layers, that back office and front office divide, if you will. And we see that coming together in the third layer, those two are really going to happen through digital transformation initiatives. But we also envision a massive market for automated decision making, and very deep business integration where systems are communicating to each other, system to system, machine to machine, and also making real time decisions on behalf of humans. Sometimes we call that systems of agency. Now, I won't go deep into this TAM, as it's a bit academic, but suffice it to say this is an enormous market comprising many layers of the tech stack and services stacks. And this represents a serious opportunities for multiple players, both vendors and buyers. Okay, let's get a little bit more tactical and look at the spending data, the latest spending data, from the ETR survey. The chart we're showing here is one of our favorites. And it compares leading RPA vendors on two dimensions. The y-axis is net score or spending momentum. It's a simple metric, that for this last survey asked buyers are you spending more or less in the second half of the year than you had originally planned. Net score is derived by subtracting the lesses from the mores, and is really shown in the upper right of this chart. You can see that in the green highlights. Note that the total N in the survey is around 1200. And you can see that the number of responses for each vendor is shown in the upper right in that gray area. We eliminated any RPA vendor that didn't get at least 25 mentions in responses in the survey. And you can see that Automation Anywhere and UiPath have essentially traded positions on the vertical axis. Indicating that Automation Anywhere customers expect greater spending momentum with the company than UiPath customers for the second half of this year, than they did in the first half. UiPath at 62% net score is still very, very high but this marks the first time since our reporting that AA, has taken the lead ahead of UiPath in net score. And the small arrow show the general direction of their respective momentum over the last couple of surveys, and I'll discuss this later on. Now on this chart, you can also see Blue Prism and Pegasystems and, while they're significantly below Automation Anywhere and UiPath, these are very respectable net scores for more mature players like these. But I don't really consider them RPA specialists, and especially Pega. I mean, they have an automation play well beyond RPA and have built really an awesome business and in many ways are benefiting from the hype being created by the newbies. I have to say I'm in awe of the business that Alan Trefler and his team have built. We're talking about a billion dollar company here. They've got a valuation, over 9 billion, the stock's near an all time high, and they never took a dime of outside capital prior to their IPO, which is just unreal. Oh, yeah, one more thing I want to call your attention to. There's Microsoft with power automate, and kind of crashing the party with a 1.0 product that is making some noise in the marketplace. Now on the y-axis, you can see UiPath has the market share lead, but I want to remind you what this is. Market shares I mentioned of pervasiveness in the data set in the survey and is, calculated by dividing the number of mentions for a vendor in a sector by the total mentions in the survey. So you can see that UiPath has the share of voice lead, but it's still under 10% of the total survey base. So lots of room for this market to grow. But I want to make an important note here because UiPath has historically been a collection of point products, whereas Automation Anywhere their go to market typically involves going to larger accounts and selling this sort of Mongo and digital transformation project to the line of business. As I said earlier, these two and other companies are on a collision course because that is the big prize. UiPath has restructured its product and pricing strategy, done some acquisitions to go after this. But it stands to reason that UiPath has a bigger presence in the ETR data set as measured by market share. So it makes sense that Automation Anywhere, their number one net score position, it makes it even more impressive. Now the other nuance is that ETR tends to be somewhat weighted to the IT side of the house. And although it most certainly picks up line of business spending, there's a bias in the data toward IT. So that means RPA is most likely even stronger in the context of spending initiatives, and it's already number one relative to other sectors. So that's pretty impressive. Now let's look at how net score has changed over time. This chart shows the change in net score or spending momentum for Automation Anywhere, UiPath, Blue Prism and Pegasystems over the last three survey periods. You see last October, this past April, the height of the lockdown in the US and the most recent July survey. And here you see that Automation Anywhere is accelerating and taking the lead over UiPath. And is the only one in the chart growing net score. Again, UiPath remains elevated despite the relative decline from previous surveys. The other two, I have to caution you again, the Pegasystems for example, and they're killing it in the market. The stock is up nearly 40% year to date, it's over 60% in the last 12 months. So because they're not so RPA only focused and they really are not an IT play per se, the survey data has to be digested in that context. But you do see them coming down from elevated levels last October. Now here's a time series view of that net score. This chart really what it does is it just extends the timeframe and shows more granularity of survey data back to January 2018. So we're talking about 11, quarterly survey data points and snapshots here. This really underscores the power of the ETR platform, because you can stretch the data over time. And you'll see Automation Anywhere overtakes UiPath for the first time since we started capturing the segment. UiPath along with the other shows a noticeable decline in net score in this survey, except for Microsoft, who's, you know, they're just showing up, as I said, they're elbowing their way into the marketplace. Now let's take that same sort of time series view but let's flip to market share. And this next chart shows that other favorite metric that we use all the time as market share or pervasiveness in the dataset, over a time series. Now remember, this is really mentions as a percent of the total. It's not an indication of spending amount, but it's a data point and we pay attention to this. And you can see how UiPath broke away from the pack. They did this back in October 2018, and that coincides with their big push on things like, events, and training, they really have done a good job of building a presence and awareness in the market. I've superimposed on the chart the upper left corner for context that shows net scores in the green and shared N in the gray. It's sorted off of that shared N. This refers to the number of mentions in the dataset for each vendor out of the 1192 total responses. So some of these have small Ns. So I'm not going to put too much emphasis on this except, that UiPath escalation is notable and hopefully I've explain that sufficiently. Okay, let's wrap. So we talked about the automation mandate, and the COVID wrecking ball effect. But it's more than that. The productivity pressures on the US and EU in particular make it exceedingly difficult to just throw labor at the world's grand problems. So this has opened up an enormous opportunity for technology companies and practitioners to drive automation. You know, we said this during the initial in the early days of the big data era. In fact, Peter Goldmacher, had this discussion with us on theCUBE really in the early part of last decade, that those companies that can implement automation at the time he was talking about big data are going to be the big big winners. So it's not just the tech players. Now of course, as we've seen, many of the big tech companies are benefiting enormously from the mega automation trend, but the broader set of industries has massive, massive upside. Now what this sets up is a multi-dimensional competitive environment. We have Automation Anywhere and UiPath battling it out to achieve escape velocity. Automation Anywhere just brought in Chris Riley to run go to market. So you know they're serious. He's a player who understands complex enterprise selling. And now you have UiPath, they're hiring engineers as fast as they can. And the other dimension is a classic battle of best of breed specialists like Automation Anywhere and UiPath, up against the bundlers, selling RPA as a feature of their services. Microsoft, IBM, SAP, etc, all see automation is a huge opportunity and everyone's going to hop on the bandwagon because this is worth hundreds of billions of dollars, at least. Okay. Thanks for watching this episode of theCUBE Insights powered by ETR. Remember all these episodes are available as podcasts wherever you listen. Check it out, we've also put up an archive of all the breaking analysis segments on wikibon.com. There's a link on the menu bar right at the top of the homepage that has all 46 episodes that we've done since inception. I write weekly on that wikibon.com platform and I also publish on siliconangle.com where you can find all the relevant news. And don't forget to check out etr.plus for all the survey data and analysis. Go there and sign up for a trial of the software. It's awesome. Okay, this is Dave Vellante, be well, and we'll see you next time. (bright music)

>> live from San Francisco, celebrating 10 years of high tech coverage. It's the Cube covering Veum World 2019. Brought to you by VM Wear and its ecosystem partners. >> Welcome back to two cubes. Live coverage in San Francisco, California for VM World 2019. I'm John Ferrier, Postal Cuba David Lattin, My Coast, Dave. 10 years covering the BM World Paul Maritz laid out the stack early on. We saw that and watch it go through Its motions now >> remain from the marketing people got a hold of >> that mainframe turned into cloud Now hybrid cloud seven years after we first started about 2012 has been great Our next guest, Paul Falsone, S V. P and general manager of the Cloud Native APS. This is a business unit within VM where that is going to the next level. This is the Act three is Jerry Chen said any of you I talked earlier for VM wears a company. I won't say moving up the staff because there is no stack. It's cloud, right? So its applications on top of operating infrastructure Dev ops going enterprise scale is about developers building APS operating them in scale. This is a big focus of what you're doing. >> It is a dead end of the day. One of my close friend of mine, who's in front of customers all the time, reminds our team constantly that our customers applications matter of the most cause. That's what they used to get in front of their customers with the Dillman teams and the tools they're building the user. Japs come second cause that's what supports the abs. And then the infrastructure comes third zone away. There is that stacks it, but never forget you were at the bottom of the pecking order, if you will, when it comes to ultimately bringing full customer value to our company, our customers, businesses. >> And it's one of the things we've been looking back at our 10 years covering VM where I think you're 13 15 of'em world is that the virtual ization of all very quickly around really optimizing server virtualization really kind of change. The game of one kind of knows that our knows the history there, but it did it without any code changes, too, APs and I think that was a very innovative thing. Now we looking containers and what Kubernetes is bringing to the table. You're starting to get some clear visibility into what's happening and what's possible. Could >> you >> share your vision on what that visibility is that you guys are eyeing for the marketplace in four of'em, where, >> sure, the APP development methodologies are changing, changing more today than they have in the last 20 years. We're seeing ah lot of new concepts and approaches that right now really only accessible to a small percentage of application developers worldwide. We want to try to bring those application development methodologies, practices tools to the mainstream so we can. We can touch the 13 or $14 million.1,000,000 enterprise developers around the world and help the CEOs in their line of business counterparts at our customers get a CZ much productivity out of their development teams as possible. At the end of the day, those APS we're gonna power the next decade of those organizations success or failures with their customers, and so that's becoming a real competitive asset. I've had a number of customer discussions here this week where the primary theme is how me help my developers move faster at enterprise scale, but in a regulated environment in an environment where compliance is is front center >> to big things going on in your world that we covered extensively, honestly, pretty impactful to the Vienna, where portfolio one as open source and hefty oh, acquisition half a billion dollars almost a year ago, about a year left in less than a year, probably was that we close in December last year. So yes, ovary. Just recently we know those guys all people. I mean, I've been covering that for a while, and then I'll see the pivotal acquisition. Just announced a drink from the fire hose. There be doing tons of press briefings, those to impact points, kind of leaving a mark. >> So we've been we've been building up to this. I joined AA Drink them were in 2012 through the Sierra acquisition, but I moved into this role about just about three years ago, and one of the things that we identified early on was, ah, close partnership with Pivotal was going to be essential inside of the Del Technologies umbrella for us to exist in thrive together. And so that's where the idea for P Cass was born. So the combination of V. M. R. R and D with pivotal RND focused on delivering our first community service to our enterprise. Customers we brought helped you in last year. Once they saw what we were doing and thought about the possibility of what would happen if we actually took some of the concepts of communities and p ks and embed them into V sphere, That was, I think, the real ah ha moment for for us and the happier team coming together in the power of what that could enable. But all along the way, we always believed that that was just covering the infrastructure side of the equation. You still needed to get through the making the APP developers productive and efficient in this new infrastructure world and so on to be able to do so on any cloud. And that's where the pivotal piece finally came together last just last month. July Pivotal put out a lot of information in the market around how they're evolving their portfolio to be very cool, bernetti centric, moving forward. And that was a big part about getting all the pieces lined up so that the M word could deliver what we announced this week. The in the town's a portfolio with the component tree for building running in managing modern applications on any club, >> we've kind of come full circle here, predates, and I Sarah, But you guys talking about the stack? Yeah. Paul Moretz. I used to have the whole stack. Ed actually applications up here with Simba. Spring sources around. Exactly. And then you had these when I used to call the misfit toys. Have you had some assets in the M. C as coming in Vienna, where Paul Maritz, Joe Tucci decided, create pivotal as the The platform developed next generation applications. Now it's all come full circle there. So my question is related to that stack and particularly the death part of that stack. This audience is not Deb's not, but increasingly, you've gotta attract that audience. So what's what's your thoughts there? And so >> I think pivotals done a very nice job over the years through the Con Foundry Foundation. The work they've done there through the spring community Spring is at this stage is is arguably the most popular modern Java development environment on the planet. So, you know, we're seeing a tremendous amount of leverage of that of that framework and so between the events of pimples is actively involved in Leeds and their ability to help customers, um teach their enterprise developers how to get the most out of this modern tool kit. We think that there is some wonderful ingredients to a recipe to really scale this thing up in a big way. We way. I also believe that Veum we're still has a lot to learn about what it means to best support enterprise developers and their organizations. And so we are quite a bit in learning mode right now. We're gonna take a lot of lessons from the pivotal team as we as we move forward towards the close and learn a lot more about the team in the culture and their customer engagements. But one of the things I think is is front and center to what pivotal has for customers today is their transformation Service's customers. You've got different groups inside a customer summer looking to build the newest applications. Some of them are just trying to get more operational efficiency out of what they have today. Some of these customers have 12,000 applications in their environments. Um, pivotal has ah set of service is that come in and they help them take their existing monolithic applications and just modernize key components of them so they can operate them more efficiently and reclaim a lot of resources to go do other things. That, I think is probably the lowest hanging fruit for enterprise organizations today. And I'm very, very excited about the service is that pimple has to make available the customers on that front. >> Assad and Jerry Chen, earlier than the other set I was mentioning earlier is a VC now, Greylock, big time to your one. We see former VM Where, uh, guy from 22,003. He also worked on cloud foundries in sight. We ask about the white spaces where starts to thrive in one of the transit is kind of pointing to was have some cummings going public. Some are being bought at sizable numbers, but we rift on. The idea of monitoring was a boring category right now. Observe ability, which is just be monitoring 2.0, you got I pose. You got acquisitions. I mean, major action happening in this observe ability space. I bring this up because that's an area you think, Oh, it's a white space Data opportunities for companies to build service is really points to this cloud. 2.0 application Renaissance And I want to get your thoughts on that environment. What needs to be in place to make that happen? Honestly, pivotals keep for you guys. I get that on Vienna. Where side, but for the ecosystem and for the marketplace, people trying to make careers and or do things What is that cloud 2.0, complexity that need to be abstracted away or >> so The Pepto team had a great Craig and Joe had this great, uh, one liner on kubernetes is all about where the people structure meets the infrastructure. When you think about that, our enterprise organizations have thousands if not tens of thousands of developers all trying to do similar. But a lot of cases different things at the same time, across lots of different cloud infrastructures. On the infrastructure team side, you've got private cloud, you've got hybrid cloud. You've got public cloud environments that you have to get your arms around, monitor, manage, secure and get visibility into. We believe that Carini sits at that perfect layer between the two domains on. This is a big part of why we developed Tom's a mission control. It's just that that perfect layer between the two domains, too, access the company's later and give you full visibility into what all of your developers were doing on every piece of your infrastructure. And we also think that's gonna be a very interesting place for third parties to plug into to gain access to all of the community's clusters that we're helping. Our customers managed across their app landscape to do very interesting things. And so we're really excited about the ecosystem that that project will open up. >> You think this opportunity to start ups in there? >> I do. I do. I think there's a ton of other I mean, think about it just really basic math. Ah, VM based application. When it gets containerized, it has just on the compute side alone. Never mind the networking in the storage site. There are 10 times as many moving parts. A typical containerized EPA's 10 times as many moving parts as avian bay Step. If you think about that applied to the networking layer, you think about that applied to the storage layer, the security layer. You've got 10 times as many points to secure. Now, how do you get your head around that level of complexity As a an operations person, you can't do it. Humans can't do it anywhere. You can't write down your actions. Control this on a pad of paper and know what's what's accessing what anymore, >> Dave. One more question, if I may, on the on the VM container thing, there's a debate or are architectural kind of conversation, and customers are having around when to do containers in three days on bare metal or with V EMS. How do you guys talk to that house? The >> steam going because that was my question. So there was a snarky tweets yesterday. I want to get your reaction to it. And the tweet was during yesterday's keynote. I thought we we launched pivotal so that we didn't have to run containers on V EMS. Now the reality to your point is that people are running containers on bare metal. They're running him on vehement the EMS. I don't have any data, but I wonder if you could comment on that >> so way Probably have a couple of snarky comments of our own on this three share one of the things that put up on stage. Yes, I'll start at the kind of a little little. And I worked my way up at the base layer. The testing we're doing with Project Pacific, which is something we announced this week, which is effectively bringing kubernetes into the heart of the sphere. We're actually using combinations to make the sphere better. We're also going to expose communities to our customers through V sphere, just like we exposed the EMS today. This is a pretty exciting project for the for the company in our early testing of this project, based on the advanced scheduling capabilities of the SX hyper visor take advantage of modern hardware. We're seeing an 8% better performance in a certain test sweet versus what you'd see on bare metal so are ready at the early stages. We're seeing some benefits now take that a step further. The big public college for writers out there if you look at service is like G K on Google. If you look at a ks, uh, recast on Amazon, a cast on his door, every single one of their community service is is run against a virtualized environment, not on a bare metal environment. Why is that? Well, because their customers are using containers in VM, side by side, the flexibility you get out of that virtualization layer. Whether you're a big public cloud provider or your ah smaller enterprise shop running your own data centers, the benefits are proportionate, rather equal on dso >> the narratives off a little bit. What you're saying. What I hear you saying is people use virtualization for a lot of efficiency and scale reasons that's independent of what happens with bearnaise decisions. So if you decide you want to run Cubans on bare metal, go >> to go to town. We think >> if you want to do that, >> you want to do that. But we don't. We actually see a lot of customers who have started down that path. When they go to get to that operational stage, they're realizing they're now dealing with firm where again, they're dealing with Nick drivers again. They're dealing with stuff, and they can easily take that and turn it over to their ops team that's already managing a huge virtualized state and operated with the same tool. >> That's a really a layer thing around round scale. You do the virtual ization for Ryan reasons, and then cos sits on top of it for a whole another reason. >> And the I'd say its operations scale these operations teams need to, you know, just look at the number of announcements we made this week. For an ops team to get their head around all of these new technologies simultaneously is impossible to bring them in one new capability of time into the thing that they're already operating for. That organization is very >> positive. If I understood yesterday, you're claiming better before 8% better performance relative to bare metal. I know that's apples to apples. Or what kind of juicing you're doing on the benchmark >> sex schedule that it chooses it right there. >> I want to ask you about integration and look at it as a quasi. His story of the the industry. You go back to see A with all the acquisitions, right? Historical force it with fusion. Different layer of the stack. I know. Certainly Del did a lot of acquisitions. Some of them work. Some of them didn t m c. Same thing pretty successful. Actually. VM were great engineering. Um, very strong. Go to market on really good acquisitions. My question is on integration with the nice Sarah background, I wonder. I mean, nice. Sarah seems to be very well integrated into the VM. Where platform How is integration The state of integration today within V. M. Where is it a lot easier today because we're living in this AP I economy. What about VM? Wears sort of integration ethos. One of the challenges. I wonder if you could comment and that long. So >> I've been through, uh, to significant integrations of'em where the 1st 1 was with this nice era on. I was on the I was on the incoming side, not the receiving side. The next was with hep Theo. I was on the receiving side, not the incoming side. And so, as coming into this year, back in 2012 Pat was extremely supportive and asked his entire team to be very supportive of getting us integrated quickly and productive. A CZ fastest possible. We were on campus on the via more campus from the next era office within days of the deal closing. That's how efficient Veum work. That's like that's the mindset hammerhead coming into. We were in a building. We were co located with the other networking engineers and product managers. Within the first week on, we were off to the races. That was about 100 20 person company. Hep Ko is about 100% company, Um, about the same efficiency we were consolidating. Offices were bringing them over again, mostly distributed team, but they had a center of gravity. In Seattle. We had a center of gravity in Bellevue. We brought the team's over within within a couple of months in about three months. In three and 1/2 months in, we had the team fully integrated. The organizational design done all the tools in a greater we're all in the same systems. So what happens very quickly now, an organization that's much bigger like like pivotal 3000 employees. Public company takes a little bit longer to get from Deal announced the deal close because it's too public entities. It'll take a little bit longer to do all the integration, but we're already thinking thinking about we know them so well and they know us so well. We already know where the potential landmines are, where the potential rough spots are. Pat prides himself and, uh, this pushes down into the rest of them were on well, welcoming new team members in new groups into the company. And so we try to do that really were very culturally sensitive way optimized for the right tool kit s O that we take, we take some learning like cloud health. When they came in, they had a lot of expertise around. SAS drooling and support of customers were adopting all of that, right. Were jettisoned some of our older tools in favor of some of the things that >> we're gonna win the modernization. So I want to get your thoughts on the last question for the second congratulations, your your your area. We love what you're doing. We think it's super important. Would be covering it like a blanket this year and going forward. But Pakistan came on was wrapped. Talking about 10 years and doing the riffing on the Cube are 10 years covering it. We have some 10 years forward, which waves to be on. They highlighted on the past 10 years in this ear acquisition as a critical moment to bring VM. We're into the S T D C kind of concept started networking up, so we know the history they're sti n and then going forward, he says. If you're not a networking and security in the next wave and Kubernetes is Number one, you're really gonna be missing out. So we highlighted networking, security and kubernetes. But networking. It's nice here on both sides of that 10 year spectrum. You're part of that. >> Why is that? Why is that wise >> watching people know that networking is the most important piece of the wave here? What's the relevance of what he's saying? Share their thoughts on >> Think about the increasing complexity of what at modernization drives into the infrastructure. You're getting smaller and smaller moving parts that that need to operate together at scale in a comprehensive, logical way. But at any point in time, if you're if you're an enterprise organization, if you've got if you've got compliance requirements, audit ability, requirements. If you want to protect, you hear about the number of of small towns that get blackmailed on a daily basis because someone's secured an encrypted There, there, there count taxpayer data and they're there, their victims. All right, this is this >> is some say, cyber warfare. >> It is something. So if you think about in orderto help, our customers get the most out of their developers, these tools that open up I think the potential of a lot more avenues of attack get a lot more complex. And so we think that these two have to progress hand in hand. One. We do want to help developers go as fast as possible. We won't help enterprises get the most out of those developers. That's a big part of why we brought them were into into the damn warfare. We're bringing a pivotal into the VM. We're family, but at the same time, we recognize that the infrastructure has to progress. Every bit is fast, and the network is the thing that ties all these parts together. Whether it's a layer three year layer for networking today or level layer several networking layer seven AP I based networking in the future >> all. I mean, I'm not gonna bring up I ot or industrial i ot to takeovers of physical devices, whether it's a self driving bus off a cliff or taking over towns and cities warfare, I mean the service areas of enormous networks, Internet connectivity applications over the cloud native. Anyway, we know that, right? So a lot to talk about. Thanks for coming on. The Cube Sharing your insight. Senior Vice President, General manager, The Cloud Native APS Group. This is really the key instrument with envy em where to take kubernetes and the advancement of cloud to 0.0 to the next level. I'm John for a day. Volante, be back after this short break.

>> Hello, everyone. This is a special presentation of the Cube. We're here in London at eight of us, one of eight of US locations in London. My name is Dave Volante and the Q We go, we'd like to go out to the events. We extract a signal from the noise and we've been following the ascendancy of a ws public sector from its early days. If you go back to two thousand thirteen, there was a significant moment in the history of eight of us where it won CIA contract a very large contract. CIA. It was contested by idea. My bm was used to kind of the what sometimes called the old guard the legacy companies used to selling into the government big, big contracts. And here comes this start up essentially eight of us taking away government business with CIA no less huge, huge contract. Well, IBM contested it. Judge Wheeler ruled against IBM for eight of us. And when reading that ruling, it was clear that the eight of US platform was superior to the IBM platform. He laid out the essentially the components of the R F P and the line by line and showed that a ws was the winner and virtually all of the line items. I think there was parody and won the reason why that was so important. It was that there were several factors there. One, It was a major milestone event. No, only Frito. Eight of us. But for cloud in general, if you think about security Ah, CIA, obviously very security conscious. It was the recognition that cloud actually could be more secure than on premises infrastructure. So the government was actually one of the first to kind of realise that and lean into that as a side effect, IBM had to go out and spend two billion dollars on soft layer toe actually compete in the cloud market Plys. So you had all these ripple effects Fast forward today to two thousand nineteen. You have the jet icon to contract a joint enterprise defense initiative. It's a ten billion dollar contract. A ws is in the lead for that contract. Oracle again another old Guard company has contested. And when you look through when when a company contests these bids, a whole lot of public information comes out. What? What the information suggested was that a single cloud the D o d determine that a single cloud was more secure, less complex and more cost effective. And so Oracle contested the the likelihood of an award to a single company because government contracts usually are awarded to multiple vendors. But in this case, because it's so critical tohave the data in one place so that they can serve the field better and responded the field better, the D o. D decided to use a single cloud. So oracles, you know, throwing off all rights of muck into the ring. Ah, basically asking the General Accountability Office to look at it. They did, Ggo said. If we're going to go with the D. O. D s decision, the D. O. D itself did an internal investigation. Now it's narrowed down to two vendors eight of us and Microsoft, and we believe that eight of us is the leading contender. Why is that? It's because eight of us says the most services. It's the most advanced, the highest levels of security and certifications within the government that are necessary to win these types of contracts. Why don't I spend so much time on these things? There's a two milestone events, the CIA contract in two thousand thirteen and what will soon to be the Jet I contract in two thousand nineteen. And what we're seeing is Amazon Web services, a thirty billion dollars run rate company growing at forty plus percent per annum. It's just a massive flywheel effect that we always talk about on the Cube. So we're here in London because we wanted to see how the public sector activities of Amazon are translating into the European markets. So we're here at a special public sector mini summit, if you will. There's a healthcare predate going on. This is ahead of the eight of US London summit, and we're siphoning off a number of the practitioners in and and startups software companies. Eight of US partners in the health care industry, as well as a WS executives particularly focused on the public sector today. So we're doing this sort of. We followed the career of Teresa Carlson for a number of years, seen the ascendancy of a ws public sector. We've covered ah, public sector summit in D. C. We flew to Bahrain last year. John Fairy of my business partner did the Bahrain summit. Bahrain was the first country in the Middle East to declare cloud first. So ah, critical location in the Middle East and you're seeing it now. Europe across a number of industries, obviously n hs than Ethan's. National Health Service is a very prominent in in the UK in a in a big consumer of services all kinds of startups and other software companies trying to sell and helped transform The N H s N hs has ah put forth a half a billion dollars nearly a half a billion dollar pound initiative on modernization. Ah, lot of that modernization is evolving the cloud. So the cube is here. We're trying to peel back the onion, understand what's going on here. Who were the winners? Who was going to get affected? Practitioners of startups, CEOs, nonprofit organizations, NGOs, executives from a ws and across the industry. So we'LL be here. We have three events this week in Ah in London here today at eight of US headquarters in London. Ah, tonight we have an impact investor event and then tomorrow we're at the eight of us Summit in AA in London at the XL Center. So keep it right here. Watch this channel. Check out silicon angle dot com For all the news, check out the cube dot net, which is where we host all these videos. And of course, we could bond downward for all the research. So thank you for watching and keep it right there. And you're watching the Cube this day, Volante.