>> Live from Las Vegas, it's theCUBE. Covering Adobe Summit 2019. Brought to you by Adobe. >> Hello everyone, welcome back to theCUBE's live coverage, here in Las Vegas for Adobe Summit 2019. I'm John Furrier, Jeff Frick my co-host this week. Michael Yung is the CIO of Asia Miles. Welcome to theCUBE, thanks for joining us. >> Great to be here. >> So take a minute before we get into the conversation about machine learning, and all the cool tech. What does Asia Miles do, what's your role there, and stuff they do? >> Asia Miles is the loyalty reward program of the Hong Kong, Cathay Pacific Airways. So, typical airline, but we have the reward program to support our members of Cathay pacific airways. We have over, about 11 million members, and over 700 partners around the world. >> How many members? >> 11 million. >> 11 million? >> Wow. >> That seems like a lot to me. (laughs) >> We are the leading loyalty program in the region, in Asia. In fact we started the program about 20 years ago, so in 1999, so this is our 20th anniversary. >> Wow, congratulations. >> So, similar to any Loyalty program, our members can earn miles by flying, traveling, dining, shopping. Even have your mortgage with our banking partners. At the same time, using the miles, you can redeem rewards. Hotel stays, flight tickets, and even for tablet computers or mobile phones. So you can do all of this. >> So, you did the web 1.0, web 2.0, web 3.0. (laughs) You've lived the journey. >> Paper 1.0. >> So my job is actually leading the digital part of the team. As you know, like loyalty program, you don't have protection lines, you don't have branches, everything is digital. So our web, our mobiles, our engines to support the earnings, and engines to support the reductions are all digital. So basically, we are more like a digital marketing company, we links the partners, their products, their offers, to our members. >> So, important is obviously the data, it's super important. And having connections points, APIs, open systems. Is it open APIs? >> Yes, all of these are technologies in our stack. So, basically our membership profiles are databases. And then with APIs we can do all sorts of modeling, or calculation, or segmentation. And then we push through our marketing offers, or campaigns, to our targeted members. >> That sounds like good architecture. Now what, specifically of Adobe product stack, are you using, for Adobe? >> We used almost the whole suite of Adobe products. We started our baby step about three years ago with Adobe Experience Manager. Basically our contact management systems are website or mobile. And then we extended to campaign to automate our marketing campaigns. And then later on audience manager, target and analytics. So it has evolved. So basically a full stack. >> So you're a big customer of all the products. So one of the big things they're talking about is the data, role of data, and machine learning's coming up a lot. How are you applying machine learning, with all those millions of members, and all the different diverse contact you have, and the different connection points to partners. You have to, kind of have this free flowing operating environment, platform yourself. So how are you using machine learning to either automate away things that you're doing manually, or creating new innovation insights. >> As I mentioned, we have to match the offers from our 700 partners to 11 million members, right. And therefore we build certain technologies, like propensity modeling, that we can tell, say from you miles balance, your life stages, your persona, and your lifetime varial, and then we do, what we call the partner recommendation engine. So the recommendation engine will push certain offers to John, or to Jeff already, based on all your profiles. And that requires some machine learning and modeling as well, from our data scientists. >> I'm curious how the expectation has changed over time in terms of, kind of what your members expect to get out of the application. Because I assume they want more, and more, and more, what was special today is common tomorrow. And how you've been able to continue to adapt and change what you often experience. >> Right, great question. First of all, our members really like to go mobile, so our offers have to be location based. So with your mobile apps, then you can see, okay what are the popular restaurants around me, that I can earn miles easily. Or, if it's a Monday, then you can earn, say double miles if you buy something with retails partners as well. So all this, the partners, and the members expect more. And, secondly, members are smart enough to tell that, oh, your offers is generated by a machine. It's not personalized enough. For example, if I just fly to San Francisco last week, why'd you promote San Francisco flight ticket to me? Or hotel again? >> Right. >> I'm not going to San Francisco again. >> The re-targeting thing is brutal. >> Brutal, yeah. So you have to really base it on the transaction history, and the other features or signals, and then define the next offer. And this is really important. >> And do you help the customers figure, because you just said if you eat out on a Monday, maybe you get double miles because the restaurants are slow. Is that something that you guys have discovered in your analytics, that you're helping your partners to get more pull on their offers, or is that being driven from them? Because you have a lot, you've got a lot more data than an individual restaurant, or some of your other partners. >> But I mean, even in Hong Kong, Monday's a slow day for business. >> Right, right, right, right. >> So it's good to help out the partners a bit, you earn double miles. Or on certain important days, or holidays, you get triple miles by buying something. So it's natural for our partner's, and our member's expectations. >> You have an economy. (laughs) It's like, you've got to have a fiscal policy. >> Well let me tell you all loyalty programs pretty run like this. >> It's really highly data driven, you have reputation, you have influence. >> Exactly. >> It's very important, I'd almost imagine, contextual understanding about what's happening, and having the right data. You mentioned that re-target thing, about San Francisco. I see this all the time on re-target, they don't have the context. I mean that really makes for a really poor personalized experience. Talk about context, having data in context to something. How hard is that? >> Well it's really from data, turned into information, and then actionable insight, it's really hard. So, even we have so many team members doing all this modeling, there are times that we need powerful tools to do proper segmentation and targeting. And that tool's got to be really flexible, and fast responsive to certain context. And with that Adobe products help us a lot. >> What's the biggest to do for you, going next step as you continue to grow. You're digital, all digital. You have Adobe Suite, cloud computing scale, a lot of data context, a lot of usable data. What's next for your business, what's next for you. >> Well, last year we started to test the water to try out blockchain technology. So we have the marketing campaign rules, and packed that in a blockchain smart contract. And this is one of the things that we invested a lot of time and resources into it. We believe in the future marketing campaign has got to be more real time, and you can earn your bonus miles straight away, instead of waiting two, three months until the end of the campaign. So hopefully with the marketing platform, and also newer technology, and better data, we can do better campaigns. >> In terms of skills to deal with the kind of things that you're doing, with future proofing your business with blockchain, love that. Smart contracts going on, peer to peer, immutable, love that value proposition. You get reputation, move that over into currency. >> One of the options. >> Asia coin. (laughs) >> Optimize is one of the options. >> What else is on your mind? KPIs, how do you look at data sets, how do you guys view? >> Measure success. >> How do you measure success? >> Well, I would say first of all, all the stakeholders have got to be happy with the program. I mean, the stakeholders include our members, partners, our shareholders, and our employees. They're important to make sure that the program is successful. And also including the engagement ratio, and our package ratio, where there are a lot of members that usually don't have chances to redeem things, and then they let the miles expire, for example. So helping them maintain a healthy package ratio is also a KPI that we measure carefully. And then, other than that I think all our employees or staff, they let you know, or they need to understand how technology and business mix together. If you're good in business, but not knowing marketing technology, for example. Or if you only understand technology but not the business, for example, it's just not good enough for the future. So the skillset why you have to understand both. >> How are you using technology, especially Adobe, how is Adobe helping you, and then what other things you might be doing, to help internal processes get better? Because one of the things I'm seeing here at this show is, with the platform, as you start to thread the data together and let the data, kind of naturally flow, with machine learning and the different data points, you can start to get some visibility to insights that might not be there. So that's going to cause some internal disruption. People might lose there job, or new jobs emerge, there's always conflict when you're progressing. How do you use technology, and this technology, to keep getting higher functionality, better economics, what's the internal struggles, and gains look like? >> Well, for example, before the days of marketing platform, or Adobe days, you may need to take weeks to prepare a campaign, if not months. Because you need to prepare all the contents, all the lead assignments, and then you push out through all the different channels. But now you can be always on campaign, different dates. And, for the blockchain example, we can actually eliminate the reconciliation and settlement effort. So the back office operation team, they can move along to do something else. To do more campaigns, or to talk to the partners more, to understand their needs. Instead of just number crunching, we do reconciliation. So I think, it's not about with less resources, but with the same resources, how to do more things. >> Right. >> And it's almost continuous improvement on the campaign. >> Yes, continuous, all the time. >> Versus just, you know, let's plan a campaign, run a campaign, measure the campaign. It's just constantly going. >> Prepare, run it, and then measure. Just never ending. >> As an Adobe customer do you like the direction that they're going? >> Yes, yes. All exciting products are in the road map. And we are ready to explore more in the future. >> Michael, thank you for coming on and visiting us. >> Okay, my pleasure. >> We appreciate it. Here inside theCUBE we're taking all the action, here at Adobe summit. Getting the data, sharing it with you out in the open internet. Thanks for watching, I'm John, with Jeff Frick. Stay with us for more coverage from day one after this short break. (upbeat music)

>> Hello everyone. Welcome to theCUBE's coverage of International Women's Day. I'm John Furrier, host of theCUBE been profiling the leaders in the technology world, women in technology from developers to the boardroom, everything in between. We have two great guests promoting in from Malaysia. Nancy Wang is the general manager, also CUBE alumni from AWS Data Protection, and founder and board chair of Advancing Women in Tech, awit.org. And of course Kate Watts who's the executive director of Advancing Women in Tech.org. So it's awit.org. Nancy, Kate, thanks for coming all the way across remotely from Malaysia. >> Of course, we're coming to you as fast as our internet bandwidth will allow us. And you know, I'm just thrilled today that you get to see a whole nother aspect of my life, right? Because typically we talk about AWS, and here we're talking about a topic near and dear to my heart. >> Well, Nancy, I love the fact that you're spending a lot of time taking the empowerment to go out and help the industries and helping with the advancement of women in tech. Kate, the executive director it's a 501C3, it's nonprofit, dedicating to accelerating the careers of women in groups in tech. Can you talk about the organization? >> Yes, I can. So Advancing Women in Tech was founded in 2017 in order to fix some of the pathway problems that we're seeing on the rise to leadership in the industry. And so we specifically focus on supporting mid-level women in technical roles, get into higher positions. We do that in a few different ways through mentorship programs through building technical skills and by connecting people to a supportive community. So you have your peer network and then a vertical sort of relationships to help you navigate the next steps in your career. So to date we've served about 40,000 individuals globally and we're just looking to expand our reach and impact and be able to better support women in the industry. >> Nancy, talk about the creation, the origination story. How'd this all come together? Obviously the momentum, everyone in the industry's been focused on this for a long time. Where did AWIT come from? Advancing Women in Technology, that's the acronym. Advancing Women in Technology.org, where'd it come from? What's the origination story? >> Yeah, so AWIT really originated from this desire that I had, to Kate's point around, well if you look around right and you know, don't take my word for it, right? Look at stats, look at news reports, or just frankly go on your LinkedIn and see how many women in underrepresented groups are in senior technical leadership roles right out in the companies whose names we all know. And so that was my case back in 2016. And so when I first got the idea and back then I was actually at Google, just another large tech company in the valley, right? It was about how do we get more role models, how we get more, for example, women into leadership roles so they can bring up the next generation, right? And so this is actually part of a longer speech that I'm about to give on Wednesday and part of the US State Department speaker program. In fact, that's why Kate and I are here in Malaysia right now is working with over 200 women entrepreneurs from all over in Southeast Asia, including Malaysia Philippines, Vietnam, Borneo, you know, so many countries where having more women entrepreneurs can help raise the GDP right, and that fits within our overall mission of getting more women into top leadership roles in tech. >> You know, I was talking about Teresa Carlson she came on the program as well for this year this next season we're going to do. And she mentioned the decision between the US progress and international. And she's saying as much as it's still bad numbers, it's worse than outside the United States and needs to get better. Can you comment on the global aspect? You brought that up. I think it's super important to highlight that it's just not one area, it's a global evolution. >> Absolutely, so let me start, and I'd love to actually have Kate talk about our current programs and all of the international groups that we're working with. So as Teresa aptly mentioned there is so much work to be done not just outside the US and North Americas where typically tech nonprofits will focus, but rather if you think about the one to end model, right? For example when I was doing the product market fit workshop for the US State Department I had women dialing in from rice fields, right? So let me just pause there for a moment. They were holding their cell phones up near towers near trees just so that they can get a few minutes of time with me to do a workshop and how to accelerate their business. So if you don't call that the desire to propel oneself or accelerate oneself, not sure what is, right. And so it's really that passion that drove me to spend the next week and a half here working with local entrepreneurs working with policy makers so we can take advantage and really leverage that passion that people have, right? To accelerate more business globally. And so that's why, you know Kate will be leading our contingent with the United Nations Women Group, right? That is focused on women's economic empowerment because that's super important, right? One aspect can be sure, getting more directors, you know vice presidents into companies like Google and Amazon. But another is also how do you encourage more women around the world to start businesses, right? To reach economic and freedom independence, right? To overcome some of the maybe social barriers to becoming a leader in their own country. >> Yes, and if I think about our own programs and our model of being very intentional about supporting the learning development and skills of women and members of underrepresented groups we focused very much on providing global access to a number of our programs. For instance, our product management certification on Coursera or engineering management our upcoming women founders accelerator. We provide both access that you can get from anywhere. And then also very intentional programming that connects people into the networks to be able to further their networks and what they've learned through the skills online, so. >> Yeah, and something Kate just told me recently is these courses that Kate's mentioning, right? She was instrumental in working with the American Council on Education and so that our learners can actually get up to six college credits for taking these courses on product management engineering management, on cloud product management. And most recently we had our first organic one of our very first organic testimonials was from a woman's tech bootcamp in Nigeria, right? So if you think about the worldwide impact of these upskilling courses where frankly in the US we might take for granted right around the world as I mentioned, there are women dialing in from rice patties from other, you know, for example, outside the, you know corporate buildings in order to access this content. >> Can you think about the idea of, oh sorry, go ahead. >> Go ahead, no, go ahead Kate. >> I was going to say, if you can't see it, you can't become it. And so we are very intentional about ensuring that we have we're spotlighting the expertise of women and we are broadcasting that everywhere so that anybody coming up can gain the skills and the networks to be able to succeed in this industry. >> We'll make sure we get those links so we can promote them. Obviously we feel the same way getting the word out. I think a couple things I'd like to ask you guys cause I think you hit a great point. One is the economic advantage the numbers prove that diverse teams perform better number one, that's clear. So good point there. But I want to get your thoughts on the entrepreneurial equation. You mentioned founders and startups and there's also different makeups in different countries. It's not like the big corporations sometimes it's smaller business in certain areas the different cultures have different business sizes and business types. How do you guys see that factoring in outside the United States, say the big tech companies? Okay, yeah. The easy lower the access to get in education than stay with them, in other countries is it the same or is it more diverse in terms of business? >> So what really actually got us started with the US State Department was around our work with women founders. And I love for Kate to actually share her experience working with AWS startups in that capacity. But frankly, you know, we looked at the content and the mentor programs that were providing women who wanted to be executives, you know, quickly realize a lot of those same skills such as finding customers, right? Scaling your product and building channels can also apply to women founders, not just executives. And so early supporters of our efforts from firms such as Moderna up in Seattle, Emergence Ventures, Decibel Ventures in, you know, the Bay Area and a few others that we're working with right now. Right, they believed in the mission and really helped us scale out what is now our existing platform and offerings for women founders. >> Those are great firms by the way. And they also are very founder friendly and also understand the global workforce. I mean, that's a whole nother dimension. Okay, what's your reaction to all that? >> Yes, we have been very intentional about taking the product expertise and the learnings of women and in our network, we first worked with AWS startups to support the development of the curriculum for the recent accelerator for women founders that was held last spring. And so we're able to support 25 founders and also brought in the expertise of about 20 or 30 women from Advancing Women in Tech to be able to be the lead instructors and mentors for that. And so we have really realized that with this network and this individual sort of focus on product expertise building strong teams, we can take that information and bring it to folks everywhere. And so there is very much the intentionality of allowing founders allowing individuals to take the lessons and bring it to their individual circumstances and the cultures in which they are operating. But the product sense is a skill that we can support the development of and we're proud to do so. >> That's awesome. Nancy, I want to ask you some never really talk about data storage and AWS cloud greatness and goodness, here's different and you also work full-time at AWS and you're the founder or the chairman of this great organization. How do you balance both and do you get, they're getting behind you on this, Amazon is getting behind you on this. >> Well, as I say it's always easier to negotiate on the way in. But jokes aside, I have to say the leadership has been tremendously supportive. If you think about, for example, my leaders Wayne Duso who's also been on the show multiple times, Bill Vaas who's also been on the show multiple times, you know they're both founders and also operators entrepreneurs at heart. So they understand that it is important, right? For all of us, it's really incumbent on all of us who are in positions to do so, to create a pathway for more people to be in leadership roles for more people to be successful entrepreneurs. So, no, I mean if you just looked at LinkedIn they're always uploading my vote so they reach to more audiences. And frankly they're rooting for us back home in the US while we're in Malaysia this week. >> That's awesome. And I think that's a good culture to have that empowerment and I think that's very healthy. What's next for you guys? What's on the agenda? Take us through the activities. I know that you got a ton of things happening. You got your event out there, which is why you're out there. There's a bunch of other activities. I think you guys call it the Advancing Women in Tech week. >> Yes, this week we are having a week of programming that you can check out at Advancing Women in Tech.org. That is spotlighting the expertise of a number of women in our space. So it is three days of programming Tuesday, Wednesday and Thursday if you are in the US so the seventh through the ninth, but available globally. We are also going to be in New York next week for the event at the UN and are looking to continue to support our mentorship programs and also our work supporting women founders throughout the year. >> All right. I have to ask you guys if you don't mind get a little market data so you can share with us here at theCUBE. What are you hearing this year that's different in the conversation space around the topics, the interests? Obviously I've seen massive amounts of global acceleration around conversations, more video, things like this more stories are scaling, a lot more LinkedIn activity. It just seems like it's a lot different this year. Can you guys share any kind of current trends you're seeing relative to the conversations and topics being discussed across the the community? >> Well, I think from a needle moving perspective, right? I think due to the efforts of wonderful organizations including the Q for spotlighting all of these awesome women, right? Trailblazing women and the nonprofits the government entities that we work with there's definitely more emphasis on creating access and creating pathways. So that's probably one thing that you're seeing is more women, more investors posting about their activities. Number two, from a global trend perspective, right? The rise of women in security. I noticed that on your agenda today, you had Lena Smart who's a good friend of mine chief information security officer at MongoDB, right? She and I are actually quite involved in helping founders especially early stage founders in the security space. And so globally from a pure technical perspective, right? There's right more increasing regulations around data privacy, data sovereignty, right? For example, India's in a few weeks about to get their first data protection regulation there locally. So all of that is giving rise to yet another wave of opportunity and we want women founders uniquely positioned to take advantage of that opportunity. >> I love it. Kate, reaction to that? I mean founders, more pathways it sounds like a neural network, it sounds like AI enabled. >> Yes, and speaking of AI, with the rise of that we are also hearing from many community members the importance of continuing to build their skills upskill learn to be able to keep up with the latest trends. There's a lot of people wondering what does this mean for my own career? And so they're turning to organizations like Advancing Women in Tech to find communities to both learn the latest information, but also build their networks so that they are able to move forward regardless of what the industry does. >> I love the work you guys are doing. It's so impressive. I think the economic angle is new it's more amplified this year. It's always kind of been there and continues to be. What do you guys hope for by next year this time what do you hope to see different from a needle moving perspective, to use your word Nancy, for next year? What's the visual output in your mind? >> I want to see real effort made towards 50-50 representation in all tech leadership roles. And I'd like to see that happen by 2050. >> Kate, anything on your end? >> I love that. I'm going to go a little bit more touchy-feely. I want everybody in our space to understand that the skills that they build and that the networks they have carry with them regardless of wherever they go. And so to be able to really lean in and learn and continue to develop the career that you want to have. So whether that be at a large organization or within your own business, that you've got the potential to move forward on that within you. >> Nancy, Kate, thank you so much for your contribution. I'll give you the final word. Put a plug in for the organization. What are you guys looking for? Any kind of PSA you want to share with the folks watching? >> Absolutely, so if you're in a position to be a mentor, join as a mentor, right? Help elevate and accelerate the next generation of women leaders. If you're an investor help us invest in more women started companies, right? Women founded startups and lastly, if you are women looking to accelerate your career, come join our community. We have resources, we have mentors and who we have investors who are willing to come in on the ground floor and help you accelerate your business. >> Great work. Thank you so much for participating in our International Women's Day 23 program and we'd look to keep this going quarterly. We'll see you next year, next time. Thanks for coming on. Appreciate it. >> Thanks so much John. >> Thank you. >> Okay, women leaders here. >> Nancy: Thanks for having us >> All over the world, coming together for a great celebration but really highlighting the accomplishments, the pathways the investment, the mentoring, everything in between. It's theCUBE. Bring as much as we can. I'm John Furrier, your host. Thanks for watching.

(upbeat music) >> Welcome back to Supercloud 2, which is an open industry collaboration between technologists, consultants, analysts, and of course, practitioners, to help shape the future of cloud. And at this event, one of the key areas we're exploring is the intersection of cloud and data, and how building value on top of hyperscale clouds and across clouds is evolving, a concept we call supercloud. And we're pleased to welcome Harvir Singh, who's the chief data architect and global head of data at Western Union. Harvir, it's good to see you again. Thanks for coming on the program. >> Thanks, David, it's always a pleasure to talk to you. >> So many things stand out from when we first met, and one of the most gripping for me was when you said to me, "When data moves, money moves." And that's the world we live in today, and really have for a long time. Money has moved as bits, and when it has to move, we want it to move quickly, securely, and in a governed manner. And the pressure to do so is only growing. So tell us how that trend is evolved over the past decade in the context of your industry generally, and Western Union, specifically. Look, I always say to people that we are probably the first ones to introduce digital currency around the world because, hey, somebody around the world needs money, we move data to make that happen. That trend has actually accelerated quite a bit. If you look at the last 10 years, and you look at all these payment companies, digital companies, credit card companies that have evolved, majority of them are working on the same principle. When data moves, money moves. When data is stale, the money goes away, right? I think that trend is continuing, and it's not just the trend is in this space, it's also continuing in other spaces, specifically around, you know, acquisition of customers, communication with customers. It's all becoming digital, and it's, at the end of the day, it's all data being moved from one place or another. At the end of the day, you're not seeing the customer, but you're looking at, you know, the data that he's consuming, and you're making actionable items on it, and be able to respond to what they need. So I think 10 years, it's really, really evolved. >> Hmm, you operate, Western Union operates in more than 200 countries, and you you have what I would call a pseudo federated organization. You're trying to standardize wherever possible on the infrastructure, and you're curating the tooling and doing the heavy lifting in the data stack, which of course lessens the burden on the developers and the line of business consumers, so my question is, in operating in 200 countries, how do you deal with all the diversity of laws and regulations across those regions? I know you're heavily involved in AWS, but AWS isn't everywhere, you still have some on-prem infrastructure. Can you paint a picture of, you know, what that looks like? >> Yeah, a few years ago , we were primarily mostly on-prem, and one of the biggest pain points has been managing that infrastructure around the world in those countries. Yes, we operate in 200 countries, but we don't have infrastructure in 200 countries, but we do have agent locations in 200 countries. United Nations says we only have like 183 are countries, but there are countries which, you know, declare themselves countries, and we are there as well because somebody wants to send money there, right? Somebody has an agent location down there as well. So that infrastructure is obviously very hard to manage and maintain. We have to comply by numerous laws, you know. And the last few years, specifically with GDPR, CCPA, data localization laws in different countries, it's been a challenge, right? And one of the things that we did a few years ago, we decided that we want to be in the business of helping our customers move money faster, security, and with complete trust in us. We don't want to be able to, we don't want to be in the business of managing infrastructure. And that's one of the reasons we started to, you know, migrate and move our journey to the cloud. AWS, obviously chosen first because of its, you know, first in the game, has more locations, and more data centers around the world where we operate. But we still have, you know, existing infrastructure, which is in some countries, which is still localized because AWS hasn't reached there, or we don't have a comparable provider there. We still manage those. And we have to comply by those laws. Our data privacy and our data localization tech stack is pretty good, I would say. We manage our data very well, we manage our customer data very well, but it comes with a lot of complexity. You know, we get a lot of requests from European Union, we get a lot of requests from Asia Pacific every pretty much on a weekly basis to explain, you know, how we are taking controls and putting measures in place to make sure that the data is secured and is in the right place. So it's a complex environment. We do have exposure to other clouds as well, like Google and Azure. And as much as we would love to be completely, you know, very, very hybrid kind of an organization, it's still at a stage where we are still very heavily focused on AWS yet, but at some point, you know, we would love to see a world which is not reliant on a single provider, but it's more a little bit more democratized, you know, as and when what I want to use, I should be able to use, and pay-per-use. And the concept started like that, but it's obviously it's now, again, there are like three big players in the market, and, you know, they're doing their own thing. Would love to see them come collaborate at some point. >> Yeah, wouldn't we all. I want to double-click on the whole multi-cloud strategy, but if I understand it correctly, and in a perfect world, everything on-premises would be in the cloud is, first of all, is that a correct statement? Is that nirvana for you or not necessarily? >> I would say it is nirvana for us, but I would also put a caveat, is it's very tricky because from a regulatory perspective, we are a regulated entity in many countries. The regulators would want to see some control if something happens with a relationship with AWS in one country, or with Google in another country, and it keeps happening, right? For example, Russia was a good example where we had to switch things off. We should be able to do that. But if let's say somewhere in Asia, this country decides that they don't want to partner with AWS, and majority of our stuff is on AWS, where do I go from there? So we have to have some level of confidence in our own infrastructure, so we do maintain some to be able to fail back into and move things it needs to be. So it's a tricky question. Yes, it's nirvana state that I don't have to manage infrastructure, but I think it's far less practical than it said. We will still own something that we call it our own where we have complete control, being a financial entity. >> And so do you try to, I'm sure you do, standardize between all the different on-premise, and in this case, the AWS cloud or maybe even other clouds. How do you do that? Do you work with, you know, different vendors at the various places of the stack to try to do that? Some of the vendors, you know, like a Snowflake is only in the cloud. You know, others, you know, whether it's whatever, analytics, or storage, or database, might be hybrid. What's your strategy with regard to creating as common an experience as possible between your on-prem and your clouds? >> You asked a question which I asked when I joined as well, right? Which question, this is one of the most important questions is how soon when I fail back, if I need to fail back? And how quickly can I, because not everything that is sitting on the cloud is comparable to on-prem or is backward compatible. And the reason I say backward compatible is, you know, there are, our on-prem cloud is obviously behind. We haven't taken enough time to kind of put it to a state where, because we started to migrate and now we have access to infrastructure on the cloud, most of the new things are being built there. But for critical application, I would say we have chronology that could be used to move back if need to be. So, you know, technologies like Couchbase, technologies like PostgreSQL, technologies like Db2, et cetera. We still have and maintain a fairly large portion of it on-prem where critical applications could potentially be serviced. We'll give you one example. We use Neo4j very heavily for our AML use cases. And that's an important one because if Neo4j on the cloud goes down, and it's happened in the past, again, even with three clusters, having all three clusters going down with a DR, we still need some accessibility of that because that's one of the biggest, you know, fraud and risk application it supports. So we do still maintain some comparable technology. Snowflake is an odd one. It's obviously there is none on-prem. But then, you know, Snowflake, I also feel it's more analytical based technology, not a transactional-based technology, at least in our ecosystem. So for me to replicate that, yes, it'll probably take time, but I can live with that. But my business will not stop because our transactional applications can potentially move over if need to. >> Yeah, and of course, you know, all these big market cap companies, so the Snowflake or Databricks, which is not public yet, but they've got big aspirations. And so, you know, we've seen things like Snowflake do a deal with Dell for on-prem object store. I think they do the same thing with Pure. And so over time, you see, Mongo, you know, extending its estate. And so over time all these things are coming together. I want to step out of this conversation for a second. I just ask you, given the current macroeconomic climate, what are the priorities? You know, obviously, people are, CIOs are tapping the breaks on spending, we've reported on that, but what is it? Is it security? Is it analytics? Is it modernization of the on-prem stack, which you were saying a little bit behind. Where are the priorities today given the economic headwinds? >> So the most important priority right now is growing the business, I would say. It's a different, I know this is more, this is not a very techy or a tech answer that, you know, you would expect, but it's growing the business. We want to acquire more customers and be able to service them as best needed. So the majority of our investment is going in the space where tech can support that initiative. During our earnings call, we released the new pillars of our organization where we will focus on, you know, omnichannel digital experience, and then one experience for customer, whether it's retail, whether it's digital. We want to open up our own experience stores, et cetera. So we are investing in technology where it's going to support those pillars. But the spend is in a way that we are obviously taking away from the things that do not support those. So it's, I would say it's flat for us. We are not like in heavily investing or aggressively increasing our tech budget, but it's more like, hey, switch this off because it doesn't make us money, but now switch this on because this is going to support what we can do with money, right? So that's kind of where we are heading towards. So it's not not driven by technology, but it's driven by business and how it supports our customers and our ability to compete in the market. >> You know, I think Harvir, that's consistent with what we heard in some other work that we've done, our ETR partner who does these types of surveys. We're hearing the same thing, is that, you know, we might not be spending on modernizing our on-prem stack. Yeah, we want to get to the cloud at some point and modernize that. But if it supports revenue, you know, we'll invest in that, and get the, you know, instant ROI. I want to ask you about, you know, this concept of supercloud, this abstracted layer of value on top of hyperscale infrastructure, and maybe on-prem. But we were talking about the integration, for instance, between Snowflake and Salesforce, where you got different data sources and you were explaining that you had great interest in being able to, you know, have a kind of, I'll say seamless, sorry, I know it's an overused word, but integration between the data sources and those two different platforms. Can you explain that and why that's attractive to you? >> Yeah, I'm a big supporter of action where the data is, right? Because the minute you start to move, things are already lost in translation. The time is lost, you can't get to it fast enough. So if, for example, for us, Snowflake, Salesforce, is our actionable platform where we action, we send marketing campaigns, we send customer communication via SMS, in app, as well as via email. Now, we would like to be able to interact with our customers pretty much on a, I would say near real time, but the concept of real time doesn't work well with me because I always feel that if you're observing something, it's not real time, it's already happened. But how soon can I react? That's the question. And given that I have to move that data all the way from our, let's say, engagement platforms like Adobe, and particles of the world into Snowflake first, and then do my modeling in some way, and be able to then put it back into Salesforce, it takes time. Yes, you know, I can do it in a few hours, but that few hours makes a lot of difference. Somebody sitting on my website, you know, couldn't find something, walked away, how soon do you think he will lose interest? Three hours, four hours, he'll probably gone, he will never come back. I think if I can react to that as fast as possible without too much data movement, I think that's a lot of good benefit that this kind of integration will bring. Yes, I can potentially take data directly into Salesforce, but I then now have two copies of data, which is, again, something that I'm not a big (indistinct) of. Let's keep the source of the data simple, clean, and a single source. I think this kind of integration will help a lot if the actions can be brought very close to where the data resides. >> Thank you for that. And so, you know, it's funny, we sometimes try to define real time as before you lose the customer, so that's kind of real time. But I want to come back to this idea of governed data sharing. You mentioned some other clouds, a little bit of Azure, a little bit of Google. In a world where, let's say you go more aggressively, and we know that for instance, if you want to use Google's AI tools, you got to use BigQuery. You know, today, anyway, they're not sort of so friendly with Snowflake, maybe different for the AWS, maybe Microsoft's going to be different as well. But in an ideal world, what I'm hearing is you want to keep the data in place. You don't want to move the data. Moving data is expensive, making copies is badness. It's expensive, and it's also, you know, changes the state, right? So you got governance issues. So this idea of supercloud is that you can leave the data in place and actually have a common experience across clouds. Let's just say, let's assume for a minute Google kind of wakes up, my words, not yours, and says, "Hey, maybe, you know what, partnering with a Snowflake or a Databricks is better for our business. It's better for the customers," how would that affect your business and the value that you can bring to your customers? >> Again, I would say that would be the nirvana state that, you know, we want to get to. Because I would say not everyone's perfect. They have great engineers and great products that they're developing, but that's where they compete as well, right? I would like to use the best of breed as much as possible. And I've been a person who has done this in the past as well. I've used, you know, tools to integrate. And the reason why this integration has worked is primarily because sometimes you do pick the best thing for that job. And Google's AI products are definitely doing really well, but, you know, that accessibility, if it's a problem, then I really can't depend on them, right? I would love to move some of that down there, but they have to make it possible for us. Azure is doing really, really good at investing, so I think they're a little bit more and more closer to getting to that state, and I know seeking our attention than Google at this point of time. But I think there will be a revelation moment because more and more people that I talk to like myself, they're also talking about the same thing. I'd like to be able to use Google's AdSense, I would like to be able to use Google's advertising platform, but you know what? I already have all this data, why do I need to move it? Can't they just go and access it? That question will keep haunting them (indistinct). >> You know, I think, obviously, Microsoft has always known, you know, understood ecosystems. I mean, AWS is nailing it, when you go to re:Invent, it's all about the ecosystem. And they think they realized they can make a lot more money, you know, together, than trying to have, and Google's got to figure that out. I think Google thinks, "All right, hey, we got to have the best tech." And that tech, they do have the great tech, and that's our competitive advantage. They got to wake up to the ecosystem and what's happening in the field and the go-to-market. I want to ask you about how you see data and cloud evolving in the future. You mentioned that things that are driving revenue are the priorities, and maybe you're already doing this today, but my question is, do you see a day when companies like yours are increasingly offering data and software services? You've been around for a long time as a company, you've got, you know, first party data, you've got proprietary knowledge, and maybe tooling that you've developed, and you're becoming more, you're already a technology company. Do you see someday pointing that at customers, or again, maybe you're doing it already, or is that not practical in your view? >> So data monetization has always been on the charts. The reason why it hasn't seen the light is regulatory pressure at this point of time. We are partnering up with certain agencies, again, you know, some pilots are happening to see the value of that and be able to offer that. But I think, you know, eventually, we'll get to a state where our, because we are trying to build accessible financial services, we will be in a state that we will be offering those to partners, which could then extended to their customers as well. So we are definitely exploring that. We are definitely exploring how to enrich our data with other data, and be able to complete a super set of data that can be used. Because frankly speaking, the data that we have is very interesting. We have trends of people migrating, we have trends of people migrating within the US, right? So if a new, let's say there's a new, like, I'll give you an example. Let's say New York City, I can tell you, at any given point of time, with my data, what is, you know, a dominant population in that area from migrant perspective. And if I see a change in that data, I can tell you where that is moving towards. I think it's going to be very interesting. We're a little bit, obviously, sometimes, you know, you're scared of sharing too much detail because there's too much data. So, but at the end of the day, I think at some point, we'll get to a state where we are confident that the data can be used for good. One simple example is, you know, pharmacies. They would love to get, you know, we've been talking to CVS and we are talking to Walgreens, and trying to figure out, if they would get access to this kind of data demographic information, what could they do be better? Because, you know, from a gene pool perspective, there are diseases and stuff that are very prevalent in one community versus the other. We could probably equip them with this information to be able to better, you know, let's say, staff their pharmacies or keep better inventory of products that could be used for the population in that area. Similarly, the likes of Walmarts and Krogers, they would like to have more, let's say, ethnic products in their aisles, right? How do you enable that? That data is primarily, I think we are the biggest source of that data. So we do take pride in it, but you know, with caution, we are obviously exploring that as well. >> My last question for you, Harvir, is I'm going to ask you to do a thought exercise. So in that vein, that whole monetization piece, imagine that now, Harvir, you are running a P&L that is going to monetize that data. And my question to you is a there's a business vector and a technology vector. So from a business standpoint, the more distribution channels you have, the better. So running on AWS cloud, partnering with Microsoft, partnering with Google, going to market with them, going to give you more revenue. Okay, so there's a motivation for multi-cloud or supercloud. That's indisputable. But from a technical standpoint, is there an advantage to running on multiple clouds or is that a disadvantage for you? >> It's, I would say it's a disadvantage because if my data is distributed, I have to combine it at some place. So the very first step that we had taken was obviously we brought in Snowflake. The reason, we wanted our analytical data and we want our historical data in the same place. So we are already there and ready to share. And we are actually participating in the data share, but in a private setting at the moment. So we are technically enabled to share, unless there is a significant, I would say, upside to moving that data to another cloud. I don't see any reason because I can enable anyone to come and get it from Snowflake. It's already enabled for us. >> Yeah, or if somehow, magically, several years down the road, some standard developed so you don't have to move the data. Maybe there's a new, Mogli is talking about a new data architecture, and, you know, that's probably years away, but, Harvir, you're an awesome guest. I love having you on, and really appreciate you participating in the program. >> I appreciate it. Thank you, and good luck (indistinct) >> Ah, thank you very much. This is Dave Vellante for John Furrier and the entire Cube community. Keep it right there for more great coverage from Supercloud 2. (uplifting music)

>> Announcer: TheCUBE presents Ignite22, brought to you by Palo Alto Networks. >> Hey, welcome back to Vegas. Great to have you. We're pleased that you're watching theCUBE. Lisa Martin and Dave Vellante. Day two of theCUBE's coverage of Palo Alto Ignite22 from the MGM Grand. Dave, we're going to be talking about data. >> You know I love data. >> I do know you love data. >> Survey data- >> There is a great new survey that Palo Alto Networks just published yesterday, "What's next in cyber?" We're going to be digging through it with their CMO. Who better to talk about data with than a CMO that has a PhD in machine learning? We're very pleased to welcome to the program, Zeynep Ozdemir, CMO of Palo Alto Networks. Great to have you. Thank you for joining us. >> It's a pleasure to be here. >> First, I got to ask you about your PhD. Your background as a CMO is so interesting and unique. Give me a little bit of a history on that. >> Oh, absolutely, yes. Yes, I admit that I'm a little bit of an untraditional marketing leader. I spent probably the first half of my career as a software engineer and a research scientist in the area of machine learning and speech signal processing, which is very uncommon, I admit that. Honestly, it has actually helped me immensely in my current role. I mean, you know, you've spoken to Lee Klarich, I think a little while ago. We have a very tight and close partnership with product and engineering teams at Palo Alto Networks. And, you know, cybersecurity is a very complex topic. And we're at a critical juncture right now where all of these new technologies, AI, machine learning, cloud computing, are going to really transform the industry. And I think that I'm very lucky, as somebody who's very technically competent in all of those areas, to partner with the best people and the leading company right now. So, I'm very happy that my technical background is actually helping in this journey. >> Dave: Oh, wait, aren't you like a molecular biologist, or something? >> A reformed molecular...yes. >> Yes. >> Okay. Whoa, okay. (group laughs) >> But >> Math guy over here. >> Yeah. You guys just, the story that I tease is... the amount of data in there is unbelievable. This has just started in August, so a few months ago. >> Zeynep: Yeah. >> Fresh data. You surveyed 1300 CXOs globally. >> Zeynep: That's right. >> Across industries and organizations are saying, you know, hybrid work and remote work became status quo like that. >> Yes. >> Couple years ago everyone shifted to multicloud and of course the cyber criminals are sophisticated, and they're motivated, and they're well funded. >> Zeynep: That's right. >> What are some of the things that you think that the survey really demonstrated that validate the direction that Palo Alto Networks is going in? >> That's right. That's right. So we do these surveys because first and foremost, we have to make sure we're aligned with our customers in terms of our product strategy and the direction. And we have to confirm and validate our very strong opinions about the future of the cybersecurity industry. So, but this time when we did this survey, we just saw some great insights, and we decided we want to share it with the broader industry because we obviously want to drive thought leadership and make sure everybody is in the same level field. Some interesting and significant results with this one. So, as you said, this was 1300 C level cybersecurity decision makers and executives across the world. So we had participants from Europe, from Japan, from Asia Pacific, Latin America, in addition to North America. So one of the most significant stats or data points that we've seen was the fact that out of everybody interviewed, 96% of participants had experienced one or more cybersecurity breaches in the past 12 months. That was more than what we expected, to be honest with you. And then 57% of them actually experienced three or more. So those stats are really worth sharing in terms of where the state of cybersecurity is. What also was personally interesting to me was 33% of them actually experienced an operational disruption as a result of a breach, which is a big number. It's one third of participants. So all of these were very interesting. We asked them more detailed questions around you know, how many...like obviously all of them are trying to respond to this situation. They're trying different technologies, different tools and it seems like they're in a point where they're almost have too many tools and technologies because, you know, when you have too many tools and technologies, there's the operational overhead of integrating them. It creates blind spots between them because those tools aren't really communicating with each other. So what we heard from the responders was that on average they were on like 32 tools, 22% was on 50 or more tools, which is crazy. But what the question we asked them was, you know, are you, are you looking to consolidate? Are you looking to go more tools or less tools? Like what are your thoughts on that? And a significant majority of them, like about 77% said they are actively trying to reduce the number of technologies that they're trying to use because they want to actually achieve better security outcomes. >> I wonder if you could comment on this. So early on in the pandemic, we have a partner, survey partner ETR, Enterprise Technology Research. And we saw a real shift of course, 'cause of hybrid work toward endpoint security, cloud security, they were rearchitecting their networks, a new focus on, you know, different thinking about network security and identity. >> Yeah. >> You play in all of those in partner for identity. >> Zeynep: Yeah. >> I almost, my question is, is was there kind of a knee jerk reaction to get point tools to plug some of those holes? >> Zeynep: Yes. >> And now they're...'cause we said at the time, this is a permanent shift in thinking. What we didn't think through it's coming to focus here at this conference is, okay, we did that, but now we created another problem. >> Zeynep: Yeah. Yeah. >> Now we're- >> Yes, yes. You're very right. I think, and it's very natural to do this, right? >> Sure. >> Every time a problem pops up, you want to fix it as quickly as possible. And you look... you survey who can help you with that. And then you kind of get going because cybersecurity is one of those areas where you can't really wait and do, you know, take time to fix those problems. So that happened a lot and it is happening. But what happened as a result of that. For example, I'll give you a data point from the actual survey that answers this very question. When we asked these executives what keeps them like up at night, like what's their biggest concern? A significant majority of them said, oh we're having difficulty with data management. And what that means is that all these tools that they've deployed, they're generating a lot of insights and data, but they're disconnected, right? So there is no one place where you can say, look at it holistically and come to conclusions very fast about how threat actors are moving in an organization. So that's a direct result of this proliferation of tools, if you will. And you're right. And it will...it's a natural thing to deploy products very quickly. But then you have to take a step back and say, how do I make this more effective? How do I bring things together, bring all my data together to be able to get to threats detect threats much faster? >> An unintended consequence of that quick fix. >> And become cyber resilient. We've been hearing a lot about cyber resiliency. >> Yes, yes. >> Recently and something that I was noting in the survey is only 25% of execs said, yeah, our cyber resilience and readiness is high. And you found that there was a lack of alignment between the boards and the executive levels. And we actually spoke with I think BJ yesterday on how are you guys and even some of your partners >> Yeah. >> How are you helping facilitate that alignment? We know security's always a board level- >> Zeynep: Yes. >> Conversation, but the lack of alignment was kind of surprising to me. >> Yeah. Well I think the good news is that I think we... cybersecurity is taking its place in board discussions more and more. Whether there's alignment or not, at least it's a topic, right? >> Yeah. That was also out of the survey that we saw. I think yes, we have a lot of, a big role to play in helping security executives communicate better with boards and c-level executives in their organizations. Because as we said, it's a very complex topic, and it has to be taken from two angles. When there's...it's a board level discussion. One, how are you reducing risk and making sure that you're resilient. Two, how do you think about return on investment and you know, what's the right level of investment and is that investment going to get us the return that we need? >> What do you think of this? So there's another interesting stat here. What keeps executives up at night? >> Mmhm. >> You mentioned difficulty of data management. Normally, the CISO response to what's your number one problem is lack of talent. >> Zeynep: Number three there, yes. Yeah. >> And it is maybe somewhat related to difficulty of data management, but maybe people have realized, you know what? I'm never going to solve this problem by throwing bodies at it. >> Yeah. >> I got to think of a better way to consolidate my data. Maybe partner with a company that can help me do that. And then the second one was scared of being left behind changes in the tech stack. So we're moving so fast to digitize. >> Zeynep: Yes. >> And security's still an afterthought. And so it's almost as though they're kind of rethinking the problems 'cause they know that they can't just solve the issue by throwing, you know, more hires at it 'cause they can't find the people. >> That is...you're absolutely spot on. The thing about cybersecurity skills gap, it's a reality. It's very real. It's a hard place to be. It's hard to ramp up sometimes. Also, there's a lot of turnover. But you're right in the sense that a lot of the manual work that is needed for cybersecurity, it's actually more sort of much easier to tackle with machines- >> Yeah. >> Than humans. It's a funny double click on the stat you just gave. In North America, the responders when we asked them like how they're coping with the skills shortage, they said we're automating more. So we're using more AI, we're using more process automation to make sure we do the heavy lifting with machines and then only present to the people what they're very good at, is making judgements, right? Very sort of like last minute judgment calls. In the other parts of the world, the top answer to that question is how you're tackling cybersecurity skill shortage was, we're actually trying to provide higher wages and better benefits to the existing p... so there's a little bit of a gap between the two. But I think, I think the world is moving towards the former, which is let's do as much as we can with AI and machines and automation in general and then let's make sure we're more in an automation assisted world versus a human first world. >> We also saw on the survey that ransomware was, you know, the big concern in the United States. Not as much, not that it's not a concern >> Lisa: Yeah. >> In other parts of the world. >> Zeynep: Yeah. >> But it wasn't number one. Why do you think that is? Is it 'cause maybe the US has more to lose? Is it, you know, more high profile or- >> Yeah. Look, I mean, yes you're right? So most responders said number one is ransomware. That's my biggest concern going into 2023. And it was for JAPAC and I think EMEA, Europe, it was supply chain attacks. >> Dave: Right. >> So I think US has been hit hard by ransomware in the past year. I think it's like fresh memory and that's why it rose to the top in various verticals. So I'm not surprised with that outcome. I think supply chain is more of a... we've, you know, we've been hit hard globally by that, and it's very new. >> Lisa: Yeah. >> So I think a lot of the European and JAPAC responders are responding to it from a perspective of, this is a problem I still don't know how to solve. You know, like, and it's like I need the right infrastructure to...and I need the right visibility into my software supply chain. It's very top of mind. So those were some of the differences, but you're right. That was a very interesting regional distinction as well. >> How do you take this data and then bring it back to your customers to kind of close the loop? Do you do that? Do you say, okay, hey, we're going to share this data with you, get realtime feedback- >> Zeynep: Yes. >> Dave: We often like to do that with data- >> Zeynep: Absolutely. >> Say okay...'cause you know, when you do a survey like this, you're like, oh, I wish we asked A, B and C. But it gives you, informs you as to where to double click. Is there a system to do that? Or process to do that? >> Yes. Our hope and goal is to do this every year and see how things are changing and then do some historical analysis as to how things are changing as well. But as I said in the very beginning, I think we take this and we say, okay, there's a lot of alignment in these areas, especially for us for our products to see if where our products are deployed to see if some of those numbers vary, you know, per product. Because we address as a company, we address a lot of these concerns. So then it's very encouraging to say, okay, with certain customers, we're going to go, we're going to have develop certain metrics and we're going to measure how much of a difference we're making with these stats. >> Well, I mean, if you can show that you're consolidating- >> Yeah. >> You know, the number of tools and show the business impact- >> Right. >> Exactly. >> Home run. >> Exactly. Yes- >> Speaking of business outcomes, you know, we have so many conversations around everything needs to be outcome-based. Can security become an enabler of business outcomes for organizations? >> Absolutely. Security has to be an enabler. So it's, you know, back to the security lagging behind the evolution of the digital transformation, I don't think it's possible to move fast without having security move fast with digital transformation. I don't think anybody would raise their hands and say, I'm just going to have the most creative, most interesting digital transformation journey. But, you know, security is say, so I think we're past that point where I think generally people do agree that security has to run as fast as digital transformation and really enable those business outcomes that everybody's proud of. So Yes. Yes it is. >> So...sorry. So chicken and egg, digital transformation, cyber transformation. >> Zeynep: Yes. >> Lisa: How are they related? Is one digital leading? >> They are two halves of the perfect solution. They have to coexist because otherwise if you're taking a lot of risk with your digital transformation, is it really worth going through a digital transformation? >> Yeah. >> Yeah. >> So there's a board over here. I'm looking at it and it started out blank. >> Yes. >> And it's what's next in cyber and basically- >> That's this. Yes. >> People can come through and they can write down, and there's some great stuff in there: 5G, cloud native, some technical stuff, automated meantime to repair or to remediation. >> Yeah. >> Somebody wrote AWS. The AWS guys left their mark, which is kind of cool. >> Zeynep: That's great. >> And so I'm wondering, so we always talk about... we just talked about earlier that cyber is a board...has become a board level you know, issue. I think even go back mid last decade, it was really starting to gain strength. What I'm looking for, and I dunno if there's anything in here that suggests this is going beyond the board. So it becomes this top down thing, not just the the SOC, not just the, you know, IT, not just the board. Now it's top down maybe it's bottom up, middle out. The awareness across the organization. >> Zeynep: Absolutely. >> And that's something that I think is that is a next big thing in cyber. I believe it's coming. >> Cybersecurity awareness is a topic. And you know, there are companies who do that, who actually educate just all of us who work for corporations on the best way to tackle, especially when the human is the source and the reason knowingly or unknowing, mostly unknowingly of cyber attacks. Their education and awareness is critical in preventing a lot of this...before our, you know tools even get in. So I agree with you that there is a cybersecurity awareness as a topic is going to be very, very popular in the future. >> Lena Smart is the CISO of MongoDB does... I forget what she calls it, but she basically takes the top security people in the company like the super geeks and puts 'em with those that know nothing about security, and they start having conversations. >> Zeynep: Yeah. >> And then so they can sort of be empathic to each other's point of view. >> Zeynep: Absolutely. >> And that's how she gets the organization to become cyber aware. >> Yes. >> It's brilliant. >> It is. >> So simple. >> Exactly. Well that's the beauty in it is the simplicity. >> Yeah. And there are programs just to put a plug. There are programs where you can simulate, for example, phishing attacks with your, you know employee base and your workforce. And then teach them at that moment when they fall for it, you know, what they should have done. >> I think I can make a family game night. >> Yeah. Yeah. (group laughs) >> I'm serious. That's a good little exercise For everybody. >> Yes. Yeah, exactly. >> It really is. Especially as the sophistication and smishing gets more and more common these days. Where can folks go to get their hands on this juicy survey that we just unpacked? >> We have it online, so if you go to the Palo Alto Networks website, there's a big link to the survey from there. So for sure there's a summary version that you can come in and you can have access to all the stats. >> Excellent. Zeynep, it's been such a pleasure having you on the program dissecting what's keeping CXOs up at night, what Palo Alto Networks is doing to really help organizations digitally transform cyber transformation and achieve that nirvana of cyber resilience. We appreciate so much your insights. >> Thanks very much. It's been the pleasure. >> Dave: Good to have you. >> Thank you >> Zeynep Ozdemir and Dave Vellante. I'm Lisa Martin. You're watching theCUBE, the leader in live and emerging tech coverage. (upbeat music)

>>Hello friends and welcome back to Fabulous Las Vegas, Nevada, where we are live from the show floor at AWS Reinvent. My name is Savannah Peterson, joined by my fabulous co-host John Furrier. John, how was your lunch? >>My lunch was great. Wasn't very complex like it is today, so it was very easy, >>Appropriate for the conversation we're about >>To have. Great, great guests coming up Cube alumni and great question around complexity and how is wellbeing teams be good? >>Yes. And, and and on that note, let's welcome John from DeWit as well as Danny from Inox. I swear I'll be able to say that right by the end of this. Thank you guys so much for being here. How's the show going for you? >>Excellent so far. It's been a great, a great event. You know, back back to pre Covid days, >>You're still smiling day three. That's an awesome sign. John, what about you? >>Fantastic. It's, it's been busier than ever >>That that's exciting. I, I think we certainly feel that way here on the cube. We're doing dozens of videos, it's absolutely awesome. Just in case. So we can dig in a little deeper throughout the rest of the segment just in case the audience isn't familiar, let's get them acquainted with your companies. Let's start with do it John. >>Yeah, thanks Savannah. So do it as a global technology company and we're partnering with deleted cloud providers around the world and digital native companies to provide value and solve complexity. John, to your, to your introductory point with all of the complexities associated with operating in the cloud, scaling a business in the cloud, a lot of companies are just looking to sort of have somebody else take care of that problem for them or have somebody they can call when they run into, you know, into problems scaling. And so with a combination of tech, advanced technology, some of the best cloud experts in the world and unlimited tech support or we're offloading a lot of those problems for our customers and we're doing that on a global basis. So it's, it's an exciting time. >>I can imagine pretty much everyone here on the show floor is dealing with that challenge of complexity. So a couple customers for you in the house. What about you Danny? >>I, I come from a company which operates in a financial industry market. So we essentially a global broker, financial trading broker. Which what this means for those people who don't really understand, essentially we allow clients to be able to trade digitally and speculate with different pricing, pricing tools online. We offer a different products for different type of clients. We have institutional clients, we've got our affiliates, partners programs and we've got a retail clients and this is where AWS and Doit comes handy allows us to offer our products digitally across the globe. And one of the key values for us here is that we can actually offer a product in regions where other people don't. So for example, we don't compete in North America, we don't compete in EME in Europe, but we just do it in AWS to solve our complex challenges in regions that naturally by, depending on where they base, they have like issues and that's how we deliver our product. >>And which regions, Latin >>America, Latin, the entire Africa, subcontinent, middle East, southeast Asia, the culture is just demographic is different. And what you used to have here is not exactly what you have over there. And obviously that brings a lot of challenges with onboarding and clients, deposit, trading activities, CDN latency, all of >>That stuff. It's interesting how each region's different in their, their posture with the cloud. Someone roll their own, someone outta the box. So again, this brings up this theme this year guys, which is about end to end seeing purpose built like specialty solutions. A lot of solutions going end to end with data makes kind of makes it more complicated. So again, we got more complexity coming, but the greatest the cloud is, you can abstract that away. So we are seeing this is a big opportunity for partners to innovate. You're seeing a lot of joint engineering, a lot more complexities coming still, but still end to end is the end game so to speak. >>A absolutely John, I mean one, one of the sort of ways we describe what we try to do for our customers like Equinox is to be your co-pilot in the cloud, which essentially means, you know, >>What an apt analogy. >>I think so, yeah, >>Well, well >>Done there. I think it works. Yvanna. Yeah, so, so as I mentioned, these are the majority or almost all of our customers are pretty sophisticated tech savvy companies. So they don't, you know, they know for most, for the most part what they're trying to achieve. They're approaching scale, they're at scale or they're, or they're through that scale point and they, they just wanna have somebody they can call, right? They need technology to help abstract away the complex problem. So they're not doing so much manual cloud operational work or sometimes they just need help picking the next tech right to solve the end to end use case that that they're, that they're dealing with >>In business. And Danny, you're rolling out solutions so you're on, you're on the front lines, you gotta make it easier. You didn't want to get in the weeds on something that should be taken care of. >>Correct. I mean one of the reasons we go do it is you need to, in order to involve do it, you need to know your problems, understand your challenges, also like a self review only. And you have to be one way halfway through the cloud journey. You need to know your problems, what you want to achieve, where you want to end up a roadmap for the next five years, what you want to achieve. Are we fixing or developing a building? And then involve those guys to come and help you because they cannot just come with magic one and fix all your problems. You need to do that yourself. It's not like starting the journey by yourself. >>Yeah. One thing that's not played up in this event, I will say they may, I don't, they missed, maybe Verner will hit it tomorrow, but I think they kind of missed it a little bit. But the developer productivity's been a big issue. We've seen that this year. One of the big themes on the cube is developer productivity, more velocity on the development side to keep pace with what's on, what solutions are rolling out the customers. And the other one is skills gap. So, and people like, and people have old skills, like we see VMware being bought by Broadcom for instance, got a lot of IT operators at VMware, they gotta go cloud somewhere. So you got new talent, existing talent, skill gaps, people are comfortable, yet the new stuff's there, developers gotta be more productive. How do you guys see that? Cuz that's gonna be how that plays now, it's gonna impact the channel, the partnership relationship, your ability to deliver. >>What's your reaction to that first? Well I think we obviously have a tech savvy team. We've got developers, we've got dev, we've got infrastructure guys, but we only got so much resource that we can afford. And essentially by evolving due it, I've doubled our staff. So we got a tech savvy senior solution architects which comes to do the sexy stuff, actually develop and design a new better offering, better product that makes us competitive. And this is where we involved, essentially we use the due IT staff as an staff employees that our demand is richly army of qualified people. We can actually cherry pick who we want for the call to do X, Y, and Z. And they're there to, to support you. We just have to ask for help. And this is how we fill our gap from technical skills or budget constrained within, you know, within recruitment. >>And I think, I think what, what Danny is touching on, John, what you mentioned is, is really the, the sort of the core family principle of the company, right? It's hard enough for companies like Equinox to hire staff that can help them build their business and deliver the value proposition that they're, that they see, right? And so our reason for existence is to sort of take care of the rest, right? We can help, you know, operate your cloud, show you the most effective way to do that. Whether they're finops problems, whether they're DevOps problems, whether dev SEC ops problems, all of these sort of classic operational problems that get 'em the way of the core business mission. You're not in the business of running the cloud, you're in the business of delivering customer value. We can help you, you know, manage your cloud >>And it's your job to do it. >>It is to do it >>Can, couldn't raise this upon there. How long have y'all been working together? >>I would say 15 months. We took, we took a bit of a conservative approach. We hope for the baseball, prepare for the worst. So I didn't trust do it. I give them one account, start with DEF U A C because you cannot, you just have to learn the journey yourself. So I think I would, my advice for clients is give it the six months. Once you establish a relationship, build a relationship, give them one by one start slowly. You actually understand by yourself the skills, the capacity that they have. And also the, for me consultants is really important And after that just opens up and we are now involving them. We've got new project, we've got problem statement. The first thing we do, we don't Google it, we just say do it. Log a ticket, we got the team. You're >>A verb. >>Yeah. So >>In this case we have >>The puns are on list here on the Cuban general. But with something like that, it's great. >>I gotta ask you a question cuz this is interesting John. You know, we talked last year on the cube and, and again this is an example of how innovations playing out. If you look at the announcements, Adam Celski did and then sw, he had 13 or so announcements. I won't say it's getting boring, but when you hear boring, boring is good. When you start getting into these, these gaps in the platforms as it grows. I won't say they was boring cause that really wasn't boring. I like the data >>Itself. It's all fascinating, John, >>But it, but it's a lot of gap filling, you know, 50 connectors you got, you know, yeah. All glue layers being built in AI's critical. The match cloud is there. What's the innovation? You got a lot of gaps being filled, boring is good. Like Kubernetes, we say there boring means, it's being invisible. That means it's going away. What's the exciting things from your perspective in cloud here? >>Well, I think, I mean, boring is an interesting word to use cuz a company with the heritage of AWS is constantly evolving. I mean, at the core of that company's culture is innovation, technology, development and innovation. And they're building for builders as, as you know, just as well as I do. Yeah. And so, but what we find across our customer base is that companies that are scaling or at scale are using maybe a smaller set of those services, but they're really leveraging them in interesting ways. And there is a very long tail of deeper, more sophisticated fit for purpose, more specific services. And Adam announced, you know, who knows him another 20 or 30 services and it's happening year after year after year. And I think one of the things that, that Danny might attest to is, I, I spoke about the reason we exist and the reason we form the company is we hold it very, a very critical part of our mission is to stay abreast of all of those developments as they emerge so that Danny and and his crew don't have to, right? And so when they have a, a, a question about SageMaker or they have a question about sort of the new big data service that Adam has announced, we take it very seriously. Our job is to be able to answer that question quickly and >>Accurately. And I notice your shirt, if you could just give a little shirt there, ops, cloud ops, DevOps do it. The intersection of the finance, the tuning is now we're hearing a lot of price performance, cost recovery, not cost recovery, but cost management. Yeah. Optimizing. So we're seeing building scale, but now, now tuning almost a craft, the craft of the cloud is here. What's your reaction to that? It, >>It absolutely is. And this is a story as old as the cloud, honestly. And companies, you know, they'll, they'll, companies tend to follow the same sort of maturity journey when they first start, whether they're migrating to the cloud or they were born in the cloud as most of our customers are. There's a, there's a, there's an, there's an access to visibility and understanding and optimization to tuning a craft to use your term. And, and cost management truly is a 10 year old problem that is as prevalent and relevant today as it was, you know, 10 years ago. And there's a lot of talk about the economics associated with the cloud and it's not, certainly not always cheaper to run. In fact, it rarely is cheaper to run your business from any of the public cloud providers. The key is to do it and right size it and make sure it's operating in accordance and alignment with your business, right? It's okay for cloud process to go up so long as your top line is also >>Selling your proportion. You spend more cloud to save cloud. That's it's >>Penny wise, pound full. It's always a little bit, always a little bit of a, of a >>Dilemma on, on the cost saving. We didn't want to just save money. If you want to save money, just shut down your services, right? So it's about making money. So this is where do it comes, like we actually start making, okay, we spend a bit more now, but in about six months time I will be making more money. And we've just did that. We roll out the new application for all the new product offering host to AWS fully with the guys support, a lot of long, boring, boring, boring calls, but they're productive because we actually now have a better product, competitive, it's tailored for our clients, it's cost effective. And we are actually making money >>When something's invisible. It's working, you know, talking about it means it's, it's, it's operational. >>It's exactly, it's, >>Well to that point, John, one of the things we're most proud of in, you know, know this year was, was the launch of our product we called Flex Save, which essentially does exactly what you've described. It's, it's looking for automation and, and, and, and automatic ways of, yes. Saving money, but offering the opportunities to, to to improve the economics associated with your cloud infrastructure. >>Yeah. And improving the efficiency across the board. A hundred percent. It, it's, oh, it's awesome. Let's, and, and it's, it's my understanding there's some reporting and insights that you're able to then translate through from do it to your CTO and across the company. Denny, what's that like? What do you get to see working >>With them? Well, the problem is, like the CTO asked me to do all of that. It is funny he thinks that he's doing it, but essentially they have a excellent portal that basically looks up all of our instances on the one place. You got like good analytics on your cost, cost, anomalies, budget, costal location. But I didn't want to do that either. So what I have done is taken the next step. I actually sold this to the, to my company completely. So my finance teams goes there, they do it themselves, they log in, check, check, all the billing, the costal location. I actually has zero iteration with them if I don't hear anything from them, which is one of the benefits. But also there is lot of other products like the Flexe is virtually like you just click a finger and you start saving money just like that. Easy >>Is that easy button we've been talking about on >>The show? Yeah, exactly, exactly how it is. But there is obviously outside of the cost management, you actually can look at what is the resource you using do actually need it, how often you use it, think about the long term goal, what you're trying to achieve, and use the analytics to, and actually I have to say the analytics much better than AWS in, in, in, in cmp. It's, it's just more user friendly, more interactive as opposed to, you know, building the one in aws. >>It's good business model. Make things easy for your customers. Easy, simple >>To use. >>It's gotta be nice to hear John. >>Well, so first of all, thank you daddy. >>We, we work, but in all seriousness, you know, we, we work, Danny mentioned the trust word earlier. This is at the core of if we don't, if we're not able to build trust with our clients, our business is dead. It, it just doesn't exist. It can't scale. In fact, it'll go the opposite direction. And so we're, we work very, very hard to earn that trust and we're willing to start small to Danny's example, start small and grow. And that's why we're very, one of the things we're most proud of is, is how few customers tend to leave us year over year. We have customers that have been with us for 10 years. >>You know, Andy, Jesse always has, I just saw an interview, he was on the New York Times event in New York today as a CEO of Amazon. But he's always said in these build out phases, you gotta work backwards from the customer and innovate on behalf of the customer. Cause that's the answer that will always be a good answer for the outcome versus optimizing for just profit, you know what I'm saying? Or other things. So we're still in build out mode, >>You know, as a, as a, as a core fundamental sort of product concept. If you're not solving important problems for our customer, what are you, why, why are you investing? It just >>Doesn't make it. This is the beauty we do it. We actually, they wait for you to come to do the next step. They don't sell me anything. They don't bug me with emails. They're ready. When you're ready to make that journey, you just log a ticket and then come and help you. And this is the beauty. You just, it's just not your, your journey. >>I love it. That's a, that's a beautiful note to lead us to our new tradition on the cube. We have a little bit of a challenge for the both of you. We're looking for your 32nd Instagram real thought leadership sizzle anecdote. Either one of you wanna go first. John looks a little nauseous. Danny, you wanna give it a go? >>Well, we've got a few expressions, but we don't Google it. We just do it. And the key take, that's what we do now at, at, and also what we do is actually using their stuff as an influence employees richly. Like that's what we do. >>Well done, well done. Didn't even need the 30 seconds. Fantastic work, Danny. I love that. All right, John, now you do have to go. Okay, >>I'll goodness. You know, I'll, I'll, I'll, I'll I'll go back to what I mentioned earlier, if that's okay. I think we, you know, we exist as a company to sort of help our customers get back to focusing on why they started the business in the first place, which is innovating and delivering value to customers. And we'll help you take care of the rest. It's as simple as that. Awesome. >>Well done. You absolutely nailed it. I wanna just acknowledge your fan club over there watching. Hello everyone from the doit team. Good job team. I love, it's very cute when guests show up with an entourage to the cube. We like to see it. You obviously deserve the entourage. You're, you're both wonderful. Thanks again for being here on the show with Oh yeah, go ahead >>John. Well, I would just like to thank Danny for, for agreeing to >>Discern, thankfully >>Great to spend time with you. Absolutely. Let's do it. >>Thank you. Yeah, >>Yeah. Fantastic gentlemen. Well thank you all for tuning into this wonderful start to the afternoon here from AWS Reinvent. We are in Las Vegas, Nevada with John Furier. My name's Savannah Peterson, you're watching The Cube, the leader in high tech coverage.

(upbeat music) >> Hello, beautiful humans and welcome back to Supercomputing. We're here in Dallas, Texas giving you live coverage with theCUBE. I'm joined by David Nicholson. Thank you for being my left arm today. >> Thank you Savannah. >> It's a nice little moral. Very excited about this segment. We've talked a lot about how the fusion between academia and the private sector is a big theme at this show. You can see multiple universities all over the show floor as well as many of the biggest companies on earth. We were very curious to learn a little bit more about this from people actually in the trenches. And we are lucky to be joined today by two Purdue students. We have Lucas and Karl. Thank you both so much for being here. >> One Purdue, one IU, I think. >> Savannah: Oh. >> Yeah, yeah, yeah. >> I'm sorry. Well then wait, let's give Indiana University their fair do. That's where Lucas is. And Karl is at Purdue. Sorry folks. I apparently need to go back to school to learn how to read. (chuckles) In the meantime, I know you're in the middle of a competition. Thank you so much for taking the time out. Karl, why don't you tell us what's going on? What is this competition? What brought you all here? And then let's dive into some deeper stuff. >> Yeah, this competition. So we're a joint team between Purdue and IU. We've overcome our rivalries, age old rivalries to computer at the competition. It's a multi-part competition where we're going head to head against other teams from all across the world, benchmarking our super computing cluster that we designed. >> Was there a moment of rift at all when you came together? Or was everyone peaceful? >> We came together actually pretty nicely. Our two advisors they were very encouraging and so we overcame that, no hostility basically. >> I love that. So what are you working on and how long have you guys been collaborating on it? You can go ahead and start Lucas. >> So we've been prepping for this since the summer and some of us even before that. >> Savannah: Wow. >> And so currently we're working on the application phase of the competition. So everybody has different specialties and basically the competition gives you a set of rules and you have to accomplish what they tell you to do in the allotted timeframe and run things very quickly. >> And so we saw, when we came and first met you, we saw that there are lights and sirens and a monitor looking at the power consumption involved. So part of this is how much power is being consumed. >> Karl: That's right. >> Explain exactly what are the what are the rules that you have to live within? >> So, yeah, so the main constraint is the time as we mentioned and the power consumption. So for the benchmarking phase, which was one, two days ago there was a hard camp of 3000 watts to be consumed. You can't go over that otherwise you would be penalized for that. You have to rerun, start from scratch basically. Now there's a dynamic one for the application section where it's it modulates at random times. So we don't know when it's going to go down when it's going to go back up. So we have to adapt to that in real time. >> David: Oh, interesting. >> Dealing with a little bit of real world complexity I guess probably is simulation is here. I think that's pretty fascinating. I want to know, because I am going to just confess when I was your age last week, I did not understand the power of supercomputing and high performance computing. Lucas, let's start with you. How did you know this was the path you wanted to go down in your academic career? >> David: Yeah, what's your background? >> Yeah, give us some. >> So my background is intelligence systems engineering which is kind of a fusion. It's between, I'm doing bioengineering and then also more classical computer engineering. So my background is biology actually. But I decided to go down this path kind of on a whim. My professor suggested it and I've kind of fallen in love with it. I did my summer internship doing HPC and I haven't looked back. >> When did you think you wanted to go into this field? I mean, in high school, did you have a special teacher that sparked it? What was it? >> Lucas: That's funny that you say that. >> What was in your background? >> Yes, I mean, in high school towards the end I just knew that, I saw this program at IU and it's pretty new and I just thought this would be a great opportunity for me and I'm loving it so far. >> Do you have family in tech or is this a different path for you? >> Yeah, this is a different path for me, but my family is so encouraging and they're very happy for me. They text me all the time. So I couldn't be happier. >> Savannah: Just felt that in my heart. >> I know. I was going to say for the parents out there get the tissue out. >> Yeah, yeah, yeah. (chuckles) >> These guys they don't understand. But, so Karl, what's your story? What's your background? >> My background, I'm a major in unmanned Aerial systems. So this is a drones commercial applications not immediately connected as you might imagine although there's actually more overlap than one might think. So a lot of unmanned systems today a lot of it's remote sensing, which means that there's a lot of image processing that takes place. Mapping of a field, what have you, or some sort of object, like a silo. So a lot of it actually leverages high performance computing in order to map, to visualize much replacing, either manual mapping that used to be done by humans in the field or helicopters. So a lot of cost reduction there and efficiency increases. >> And when did you get this spark that said I want to go to Purdue? You mentioned off camera that you're from Belgium. >> Karl: That's right. >> Did you, did you come from Belgium to Purdue or you were already in the States? >> No, so I have family that lives in the States but I grew up in Belgium. >> David: Okay. >> I knew I wanted to study in the States. >> But at what age did you think that science and technology was something you'd be interested in? >> Well, I've always loved computers from a young age. I've been breaking computers since before I can remember. (chuckles) Much to my parents dismay. But yeah, so I've always had a knack for technology and that's sort of has always been a hobby of mine. >> And then I want to ask you this question and then Lucas and then Savannah will get some time. >> Savannah: It cool, will just sit here and look pretty. >> Dream job. >> Karl: Dream job. >> Okay. So your undergrad both you. >> Savannah: Offering one of my questions. Kind of, It's adjacent though. >> Okay. You're undergrad now? Is there grad school in your future do you feel that's necessary? Is that something you want to pursue? >> I think so. Entrepreneurship is something that's been in the back of my head for a while as well. So may be or something. >> So when I say dream job, understand could be for yourself. >> Savannah: So just piggyback. >> Dream thing after academia or stay in academia. What's do you think at this point? >> That's a tough question. You're asking. >> You'll be able to review this video in 10 years. >> Oh boy. >> This is give us your five year plan and then we'll have you back on theCUBE and see 2027. >> What's the dream? There's people out here watching this. I'm like, go, hey, interesting. >> So as I mentioned entrepreneurship I'm thinking I'll start a company at some point. >> David: Okay. >> Yeah. In what? I don't know yet. We'll see. >> David: Lucas, any thoughts? >> So after graduation, I am planning to go to grad school. IU has a great accelerated master's degree program so I'll stay an extra year and get my master's. Dream job is, boy, that's impossible to answer but I remember telling my dad earlier this year that I was so interested in what NASA was doing. They're sending a probe to one of the moons of Jupiter. >> That's awesome. From a parent's perspective the dream often is let's get the kids off the payroll. So I'm sure that your families are happy to hear that you have. >> I think these two will be right in that department. >> I think they're going to be okay. >> Yeah, I love that. I was curious, I want to piggyback on that because I think when NASA's doing amazing we have them on the show. Who doesn't love space. >> Yeah. >> I'm also an entrepreneur though so I very much empathize with that. I was going to ask to your dream job, but also what companies here do you find the most impressive? I'll rephrase. Because I was going to say, who would you want to work with? >> David: Anything you think is interesting? >> But yeah. Have you even had a chance to walk the floor? I know you've been busy competing >> Karl: Very little. >> Yeah, I was going to say very little. Unfortunately I haven't been able to roam around very much. But I look around and I see names that I'm like I can't even, it's crazy to see them. Like, these are people who are so impressive in the space. These are people who are extremely smart. I'm surrounded by geniuses everywhere I look, I feel like, so. >> Savannah: That that includes us. >> Yeah. >> He wasn't talking about us. Yeah. (laughs) >> I mean it's hard to say any of these companies I would feel very very lucky to be a part of, I think. >> Well there's a reason why both of you were invited to the party, so keep that in mind. Yeah. But so not a lot of time because of. >> Yeah. Tomorrow's our day. >> Here to get work. >> Oh yes. Tomorrow gets play and go talk to everybody. >> Yes. >> And let them recruit you because I'm sure that's what a lot of these companies are going to be doing. >> Yeah. Hopefully it's plan. >> Have you had a second at all to look around Karl. >> A Little bit more I've been going to the bathroom once in a while. (laughs) >> That's allowed I mean, I can imagine that's a vital part of the journey. >> I've ruin my gaze a little bit to what's around all kinds of stuff. Higher education seems to be very important in terms of their presence here. I find that very, very impressive. Purdue has a big stand IU as well, but also others all from Europe as well and Asia. I think higher education has a lot of potential in this field. >> David: Absolutely. >> And it really is that union between academia and the private sector. We've seen a lot of it. But also one of the things that's cool about HPC is it's really not ageist. It hasn't been around for that long. So, I mean, well, at this scale it's obviously this show's been going on since 1988 before you guys were even probably a thought. But I think it's interesting. It's so fun to get to meet you both. Thank you for sharing about what you're doing and what your dreams are. Lucas and Karl. >> David: Thanks for taking the time. >> I hope you win and we're going to get you off the show here as quickly as possible so you can get back to your teams and back to competing. David, great questions as always, thanks for being here. And thank you all for tuning in to theCUBE Live from Dallas, Texas, where we are at Supercomputing. My name's Savannah Peterson and I hope you're having a beautiful day. (gentle upbeat music)

(upbeat electronic music) >> As we've previously reported on theCUBE, Alation was an early pioneer in the data, data governance, and data management space, which is now rapidly evolving with the help of AI and machine learning, and to what's often referred to as data intelligence. Many companies, you know, they didn't make it through the last era of data. They failed to find the right product market fit or scale beyond their close circle of friends, or some ran out of money or got acquired. Alation is a company who did make it through, and has continued to attract investor support, even in a difficult market where tech IPOs have virtually dried up. Back with me on theCUBE is Satyen Sangani, who's the CEO and co-founder of Alation. Satyen, good to see you again. Thanks for coming on. >> Great to see you, Dave. It's always nice to be on theCUBE. >> Hey, so remind our audience why you started Alation 10 years ago, you and your co-founders, and what you're all about today. >> Alation's vision is to empower a curious and rational world, which sounds like a really, I think, presumptuous thing to say. But I think it's something that we really need, right? If you think about how people make decisions, often it's still with bias or ideology, and we think a lot of that happens because people are intimidated by data, or often don't know how to use it, or don't know how to think scientifically. And we, at the core, started Alation because we wanted to demystify data for people. We wanted to help people find the data they needed and allow them to use it and to understand it better. And all of those core consumption values around information were what led us to start the company, because we felt like the world of data could be a little easier to use and manage. >> Your founding premise was correct. I mean, just getting the technology to work was so hard, and as you well know, it takes seven to 10 years to actually start a company and get traction, let alone hit escape velocity. So as I said in the open, you continue to attract new investors. What's the funding news? Please share with us. >> So we're announcing that we raised 123 million from a cohort of investors led by Thoma Bravo, Sanabil Investments, and Costanoa. Databricks Ventures is a participant in that round, along with many of our other existing investors, which would also include Salesforce amongst others. And so, super excited to get the round done in this interesting market. We were able to do that because of the business performance, and it was an up round, and all of that's great and gives our employees and our customers the fuel they need to get the product that they want. >> So why the E Round? Explain that. >> So, we've been accelerating growth over the last five quarters since our Series D. We've basically increased our growth rate to almost double since the time we raised our last round. And from our perspective, the data intelligence market, which is the market that we think we have the opportunity to continue to be the leading platform in, is growing super fast. And when faced with the decision of decelerating growth in the face of what might be, what could be a challenging macroeconomic environment, and accelerating when we're seeing customers increase the size of their commitments, more new customers sign on than ever, our growth rates increasing. We and the board basically chose to take the latter approach and we sort of said, "Look, this is amazing time in this category. This is an amazing time in this company. It's time to invest and it's time to be aggressive when a lot of other folks are fearful, and a lot of other folks aren't seeing the traction that we're seeing in our business. >> Why do you think you're seeing that traction? I mean, we always talk about digital transformation, which was a buzzword before the pandemic, but now it's become a mandate. Is that why? Is it just more data related? Explain that if you could. >> I think there's this potentially, you know, somewhat confusing thing about data. There's a, maybe it's a dirty secret of data, which is there's the sense that if you have a lot of data, and you're using data really well, and you're producing a ton of data, that you might be good at managing it. And the reality of it is that as you have more people using data and as you produce more data, it just becomes more and more confusing because more and more people are trying to access the same information to answer different questions, and more workloads are produced, and more applications are produced. And so the idea of getting more data actually means that it's really hard to manage and it becomes harder to manage at scale. And so, what we're seeing is that with the advent of platforms like AWS, like Snowflake, like Databricks, and certainly with all of the different on-premise applications that are getting born every single day, we're just seeing that data is becoming really much more confusing, but being able to navigate it is so much more important because it's the lifeblood for any business to build differentiation and satisfy their customers. >> Yeah, so last time we talked, we talked about the volume and velocity bromide from the last decade, but we talked about value and how hard it is to get value. So that's really the issue is the need and desire for more organizations to get more value out of that data is actually a stronger tailwind than the headwinds that you're seeing in the macroeconomic environment. >> Right. Because I think in good times you need data in order to be able to capitalize off all the opportunities that you've got, but in bad times you've got to make hard choices. And when you need to make hard choices, how do you do that? Well, you've got to figure out what the right decisions are, and the best way to do that is to have a lot of data and a lot of people who understand that data to be able to capitalize on it and make better insights and better decisions. And so, you don't see that just, by the way, theoretically. In the last quarter, we've seen three companies that have had cost reductions and force reductions where they are increasing at the same time their investment with Alation. And it's because they need the insight in order to be able to navigate these challenging times. >> Well, congratulations on the up round. That's awesome. I got to ask you, what was it like doing a raise in this environment? I mean, sellers are in control in the public markets. Late stage SaaS companies, that had to be challenging. How did you go about this? What were the investor conversations like? >> It certainly was a challenging fundraise. And I would say even though our business is doing way better and we were able to attract evaluation that would put us in the top quartile of public companies were we trading as a public company, which we aspire to do at some point, it was challenging because there was a whole slew of investors who were basically sitting on their hands. I had one investor conversation where an investor said to me, "Look, we think you're a great business, but we have companies that are able to give us 2.5 liquidation preference, and that gives us 70%, 75% of our return day one. So we're just going to go do those companies that may have been previously overvalued, but are willing to give us these terms because they want to keep their face valuation." Other investors said, "Look, we'd really rather that you ran a lower growth plan but with a potentially lower burn plan. But we think the upside is really something that you can capitalize on." From our perspective, we were pretty clear about the plan that we wanted to run and didn't want to necessarily totally accommodate to the fashion of the current market. We've always run a historically efficient business. The company has not burned as much as many of the data peers that we've seen to grow to get to our scale, but our general view was, look, we've got a really clear plan. The board, and the company, and the management team know exactly what we'd like to do. We've got customers that know exactly what they want from us, so we really just have to go execute. And the luck is that we found investors who were willing to do that. Many investors, and we picked one in Thoma Bravo that we felt could be the best partner for the coming phase of the company. >> So I love that because you see the opportunity, you've had a very efficient business. You're punching above your weight in terms of your use of capital. So you don't want to veer off. You know your business better than anybody. You don't want to veer off that plan. The board's very supportive. I could see you, you hear it all the time, we're going to dial down the growth, dial up the EBIT, and that's what markets want today. So congratulations on sticking to your beliefs and your vision. How do you plan to use the funds? >> We are planning to invest in sales and marketing globally. So we've expanded in Asia-Pacific over the most recent year, and also in (indistinct) and we plan to continue to do that. We're going to continue to expand in public sector with fed. And so, you would see us basically just increase our presence globally in all of the markets that you might expect. In particular, you're going to see us lean in heavily to many of the partners Databricks invested alongside this particular round. But you would have seen previously that Snowflake was a fabulous, and has been a fabulous partner of ours, and we are going to continue to invest alongside these leading data platforms. What you would also expect to see from us, though, is a lot of investment in R&D. This is a really nascent category. It's a really, really hard space. People would call it a crowded market because there are a lot of players. I think from our perspective, our aspirations to be the leading data intelligence platform, platform being a really key word there because it's not like we can do it all ourselves. We have a lot of different use cases in data intelligence, things like data quality and data observability, things like data privacy and data access control. And we have some really great partners that we walk alongside in order to make the end customer successful. I think a lot of folks in this market think, "Oh, we can just be master of all. Sort of jack of all trades, master of none." That is not our strategy. Our strategy is to really focus on getting all our customers super successful, really focused on engagement and adoption, because the really hard thing with these platforms is to get people to use them, and that is not a problem Alation has had historically. >> You know, it's really interesting, Satyen, you talk about, I mean, Thoma Bravo, obviously, very savvy investors, deep pockets, they've been making some moves. Certainly we've seen that in cyber security and data. So you got some quasi patient capital there. But the interesting thing to me is that the previous Snowflake investment last year and now Databricks, a lot of people think of them as sort of battling it out, but my view is it's not a zero sum game, meaning, yes, there's overlap, but they're filling a lot of gaps in the marketplace, and I think there's room, there's so much opportunity, and there's such a large tam, that partnering with both is a really, really smart idea. I'll give you the last word. Going forward, what can we expect from Elation? >> Well, I think that's absolutely true, and I think that the biggest boogeyman with all of this is that people don't use data. And so, our ability to partner together is really just a function of making customers successful and continuing to do that. And if we can do that, all companies will grow. We ended up ultimately partnering with Databricks and deepening our partnership, really, 'cause we had one already, primarily because of the fact that we have over a hundred customers that are jointly using the products today. And so, it certainly made sense for us to continue to make that experience better 'cause customers are demanding it. From my perspective, we just have this massive opportunity. We have the ability and the insight to run a really efficient, very, very high growth business at scale. And we have this tremendous ability to get so many more companies and people to use data much more efficiently and much better. Which broadly is, I think, a way in which we can impact the world in a really positive way. And so that's a once in a lifetime opportunity for me and for the team. And we're just going to get after it. >> Well, it's been fun watching Alation over the years. I remember mid last decade talking about this thing called data lakes and how they became data swamps, and you were helping clean that up. And now, the next 10 years, and data's not going to be like the last, you know, simplifying things and and really democratizing data is the big theme. Satyen, thanks for making time to come back on theCUBE, and congratulations on the raise. >> Thank you, Dave. It's always great to see you. >> And thank you for watching this conversation with the CEO in theCUBE, your leader in enterprise and emerging tech coverage. (gentle electronic music)

(soft upbeat music) >> The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know. This had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized. Protection, as a result, moved away from things like perimeter-based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerged as a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cyber security strategies. And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR-focused, that their DR approach was not cost efficient and needed to be modernized, and that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello and welcome to Why Ransomware isn't your Only Problem, a service of theCUBE made possible by Druva, and in collaboration with IDC. I'm your host, Dave Vellante, and today we're presenting a three-part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face in today's new world. IDC Research Vice President, Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. After that, we're going to hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at Druva, Stephen Manley and Anjan Srinivas. Stephen is a 10-time (indistinct) and chief technology officer at Druva. And Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how Druva is closing the gaps presented in the IDC survey through their product innovation. Right now I'm going to toss it to Lisa Martin, another one of the hosts, for today's program. Lisa, over to you. (soft upbeat music) >> Phil Goodwin joins me next, the VP of research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >> You really hit the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that ransomware that has everybody's attention. And it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also was accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022. But within IDC we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be have the scale up or scale down on demand nature of cloud. So those are in a nutshell kind of the three things that people are looking at. >> You mentioned ransomware. It's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >> Well, what some of the research that we did is we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company these days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably or is data resilience defined as something a little bit different? >> Well, sometimes yeah, that we do get caught using them when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself in the context of of IT computing. So it really is a subset of that. But it is foundational to IT resilience. You can't have it resilience without data resilience. So that's where we're coming from on it >> Inextricably linked. And it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience, for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. It's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to defend against these ransomwares. The other thing about it is, it's really a lot like Whack-A-Mole. They attack us in one area, and we defend against it, so they attack us in another area, and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "You know, one of these days we're going to get pretty well defended against ransomware and it's going to go away." And I responded, "I don't think so, because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable the bad guys aren't going to just fade into the night without giving it a lot of fight." So I really think that ransomware is one of those things that is here for the long term, and something that we have to address and have to get proactive about. >> You mentioned some stats there, and recently IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concerning ransomware. >> Yeah, this was in a worldwide study, it was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, is a little over 500 different individuals across the globe, in North America, select countries in Western Europe as well as several in Asia-Pacific. And we did it across industries where 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of infrastructure, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe, or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high or very high degree of confidence in their recovery tools and are fully automated. And yet when you look at the actual results, I told you a moment ago, 46% have been attack successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. The bad guys aren't necessarily to be trusted. And so the software that they provide sometimes is fully recovered, sometimes it's not. So you look at that and you go, "Wow." On the one hand, people think they're really prepared, and on the other hand, the results are absolutely horrible. Two thirds of people having to pay the ransom. So you start to ask yourself, "Well, what's going on there?" And I believe that a lot of it comes down to... kind of reminds me of the old quote from Mike Tyson. "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing, you think you're ready, based on the information you have, and these people are smart people and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason a lot of these have been successful. So that was kind of the key finding to me in kind of the "aha" moment, really, in this whole thing, Lisa. >> That's a massive disconnect, with the vast majority saying, "We have a cyber recovery playbook," yet, nearly half being the victims of ransomware in the last three years, and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience, as we said, this is a matter of this is going to happen, just a matter of when and how often? >> It is a matter, yeah, as you said, it's not if when or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud-based services. Finding professionals who know what they're doing, who have that breadth of experience, and who have seen the kinds of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more in order to get that breadth of experience and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud where data resilience is concerned? >> Well, the first and foremost is the economics of it. You can have on-demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you had double the infrastructure if your financial services, it might even be triple the infrastructure. It was very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on-demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that organizations think they're ready, but then all of a sudden they get hit, and all of a sudden they have to engage with outside consultants, or they have to bring in other experts. And that extends the time to recover that they have, and it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >> So what do you think the big issue here is? Is it that these IT practitioners, over 500 that you surveyed across 20 industries, this a global survey, do they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. It's you don't know what you don't know and until you get into a specific attack... there are so many different ways that organizations can be attacked. And in fact, from this research that we found, is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and taking their chances. So best practice things like encryption, immutability, things like that that organizations can put into place. Certainly air gaps, having a solid backup foundation to where data is, you have a high probability of recovery, things like that, those are the kinds of things that organizations have to put into place, really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think, "We are prepared, we've got a playbook," yet so many are are being attacked, the vulnerabilities as the landscape, threat landscape, just gets more and more amorphous, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, "Hey guys, across every industry we are vulnerable, this is going to happen, we've got to make sure that we are truly resilient and proactive"? >> Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the the consequences of ransomware it's not just the ransom, it's the lost productivity, it's the loss of revenue, it's the loss of customer faith and goodwill. And organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CISO, whoever it is, they're extremely concerned about this. And I can tell you they are fully engaged in addressing these issues within their organization. >> So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business, it's very profitable, but what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status-based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is workloads on premises aren't going away, so that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources, like immutable storage, being able to move data from region to region inexpensively and easily, and to be able to take that cloud-centric perspective and apply it on premises as well as in the cloud and at the edge, is really where we believe that organizations are shifting their focus. >> Got it. We're just cracking the surface here, Phil. I wish we had more time. But I had a chance to read the Druva-sponsored IDC white paper. Fascinating finds. I encourage all of you to download that. Take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. (gentle music)

>> The past 2 1/2 years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This we know. This had several ripple effects on CSO and CIO strategies that were highly visible at the Board of Directors' level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized. Protection, as a result, moved away from things like perimeter-based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerged as a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies, and more specifically, CIOs quickly realized that their business resilience strategies were too narrowly DR-focused, that their DR approach was not cost efficient and needed to be modernized, and that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello, and welcome to "Why Ransomware isn't Your Only Problem," a service of theCUBE made possible by Druva, and in collaboration with IDC. I'm your host, Dave Vellante, and today, we're presenting a three-part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face in today's new world. IDC Research Vice President Phil Goodwin is here to share the highlights of the study and to summarize the findings from a recent research report on the topic. After that, we're going to hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically, and data protection, generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at Druva, Stephen Manley and Anjan Srinivas. Stephen is a 10-time CUBE alum and Chief Technology Officer at Druva, and Anjan is Vice President and General Manager of Product Management at the company. And these individuals will specifically address how Druva is closing the gaps presented in the IDC survey through their product innovation. But right now I'm going to toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. (upbeat music) >> Bill Goodwin joins me next, the VP of Research at IDC. We're going to be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on theCUBE. >> Hey, Lisa, it's great to be here with you. >> So talk to me about the state of the global IT landscape as we see cyberattacks massively increasing, the threat landscape changing so much. What is IDC seeing? >> You know, you really hit the top topic that we find from IT organizations as well as business organizations. And really, it's that digital resilience, that ransomware that has everybody's attention, and it has the attention, not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also has accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty, and this is relatively new for 2022, but within IDC we've been doing a lot of research around what are those impacts going to be? And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to have the scale up or scale down on demand nature of cloud. So those are, in a nutshell, kind of the three things that people are looking at. >> You mentioned ransomware. It's a topic we've been talking about a lot. It's a household word these days. It's now, Phil, no longer if we're going to get attacked, it's when, it's how often, it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite, and what are they trying to do to become resilient against it? >> Well, what some of the research that we did is we found that about 77% of organizations have digital resilience as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping them awake at night, quite honestly. If you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data. >> And digital resilience, data resilience, as every company these days has to be a data company to be competitive. Digital resilience, data resilience, are you using those terms interchangeably or is data resilience defined as something a little bit different? >> Well, sometimes yeah, we do get caught using them when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself in the context of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You can't have IT resilience without data resilience. So that's where we're coming from on it. >> Inextricably linked, and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >> Well, one of the biggest is what you mentioned at the top of the segment, and that is the area of ransomware. The research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally, being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to defend against these ransomers. The other thing about it is it's really a lot like Whac-A-Mole, you know. They attack us in one area and we defend against it so they attack us in another area, and we defend against it. And in fact, I had an individual come up to me at a show not long ago and said, "You know, one of these days we're going to get pretty well defended against ransomware and it's going to go away." And I responded I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't going to just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that is here for the long term and something that we have to address and have to get proactive about. >> You mentioned some stats there, and recently IDC and Druva did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concerning ransomware? >> Yeah, this was a worldwide study. It was sponsored by Druva and conducted by IDC as an independent study. And what we did, we surveyed 500, it was a little over 500 different individuals across the globe in North America, select countries in Western Europe, as well as several in Asia Pacific. And we did it across industries there were 20 different industries represented, they're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of infrastructure, you know, managers of data centers, things like that. And the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they get attacked. Some of the statistics that we learned from this, Lisa, include 83% of organizations believe, or told us that they have a playbook that they have for ransomware. I think 93% said that they have a high degree, or a high or very high degree of confidence in their recovery tools and are fully automated. And yet, when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than 1/3 of organizations were able to fully recover their data without paying the ransom, and some 2/3 actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't necessarily to be trusted, and so the software that they provide sometimes is fully recovered, sometimes it's not. So you look at that and you go, wow. On the one hand, people think they're really, really prepared, and on the other hand, the results are absolutely horrible. You know, 2/3 of people having to pay the ransom. So you start to ask yourself, well, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. "Everybody has a plan until they get punched in the mouth." And I think that's kind of what happens with ransomware. You think you know what you're doing. You think you're ready, based on the information you have. And these people are smart people, and they're professionals, but oftentimes, you don't know what you don't know. And like I said, the bad guys are always dreaming up new ways to attack us. And so, I think, for that reason, a lot of these have been successful. So that was kind of the key finding to me and kind of the aha moment really in this whole thing, Lisa. >> That's a massive disconnect with the vast majority saying, "We have a cyber recovery playbook," yet nearly 1/2 being the victims of ransomware in the last three years, and then 1/2 of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience, data resilience? As we said, this is a matter of this is going to happen, just a matter of when and how often. >> It is a matter, yeah, as you said, it's not if, when, or how often, it's really how badly. So I think what organizations are really doing now is starting to turn more to cloud-based services, you know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of scanning, in terms of analysis, and so forth. So they're turning to professionals in the cloud much more, in order to get that breadth of experience, and to take advantage of cloud-based services that are out there. >> Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why is IDC seeing this big shift to cloud where data resilience is concerned? >> Well, the first and foremost is the economics of it. You know, you can have on-demand resources. In the old days, when we had disaster recoveries where we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If you're financial services, it might even be triple the infrastructure. It was very complicated, very difficult. By going to the cloud, organizations can subscribe to disaster recovery as a service. And increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources, to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that organizations think they're ready, but then all of a sudden they get hit, and all of a sudden they have to engage with outside consultants, or they have to bring in other experts, and that extends the time to recover that they have and it also complicates it. So if they have those resources in place, then they can simply turn them on, engage them, and get that recovery going as quickly as possible. >> So what do you think the big issue here is? Is it that these IPT practitioners, over 500 that you surveyed across 20 industries, this a global survey, do they they not know what they don't know? What's the overlying issue here? >> Yeah, I think that's right. You don't know what you don't know, and until you get into a specific attack, you know, there are so many different ways that organizations can be attacked. And, in fact, from this research that we found is that, in many cases, data exfiltration exceeds data corruption by about 50%. But when you think about that, the issue is, once I have your data, what are you going to do? I mean, there's no amount of recovery that is going to help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web, or whatever, or simply saying no, and taking their chances. So best practice things like encryption, immutability, things like that that organizations can put into place. Certainly air gaps, having a solid backup foundation to where data is, you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place, really as a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >> Given some of the disconnect that you articulated, the stats that show so many think we are prepared, we've got a playbook, yet so many are being attacked, the vulnerabilities as the landscape, threat landscape, just gets more and more amorphous. What do you recommend organizations do? You talked to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry, we are vulnerable, this is going to happen. We've got to make sure that we are truly resilient and proactive? >> Yes, and in fact, what we found from this research is in more than 1/2 of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the consequences of ransomware, it's not just the ransom, it's the lost productivity, it's the loss of revenue. It's the loss of customer faith and goodwill, and organizations that have been attacked have suffered those consequences, and many of them are permanent. So people at the board level, whether it's the CEO, the CFO, the CIO, the CSO, you know, whoever it is, they're extremely concerned about these. And I can tell you, they are fully engaged in addressing those issues within their organization. >> So all the way at the top, and critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education. We've just seen a big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business, it's very profitable. But what is IDC's prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and SaaS-based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they really actually have a functioning playbook? >> I don't know if we'll ever get to the point where the C-suite is not involved. It's probably very important to have that level of executive sponsorship. But what we are seeing is, in fact, we predict that by 2025, 55% of organizations will have shifted to a cloud-centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and at the edge, and that's really where the growth is. So being able to take that cloud-centric model and take advantage of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily, and to be able to take that cloud-centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >> Got it, we're just cracking the surface here, Phil. I wish we had more time, but I had a chance to read the Druva-sponsored IDC white paper. Fascinating finds. I encourage all of you to download that, take a read. You're going to learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining me. >> No problem. Thank you, Lisa. >> In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin, and you are watching theCUBE, the leader in live tech coverage. >> We live in a world of infinite data. Sprawling, dispersed, valuable, but also vulnerable. So how do organizations achieve data resiliency when faced with ever expanding workloads, increasing security threats, and intensified regulations? Unfortunately, the answer often boils down to what flavor of complexity do you like best? The common patchwork approaches are expensive, convoluted, and difficult to manage. There's multiple software and hardware vendors to worry about, different deployments for workloads running on-premises or in the cloud. And an inconsistent security framework resulting in enterprises maintaining four to five copies of the same data, increasing costs and risk, building to an incoherent mess of complications. Now, imagine a world free from these complexities. Welcome to the the Druva Data Resiliency Cloud, where full data protection and beautiful simplicity converge. No hardware, no upgrades, no management, just total data resilience. With just a few clicks, you can get started integrating all of your data resiliency workflows in minutes. Through a true cloud experience built on Amazon Web Services, the Druva platform automates and manages critical daily tasks, giving you time to focus on your business. In other words, get simplicity, scalability, and security instantly. With the Druva Data Resiliency Cloud, your data isn't just backed up, it's ready to be used 24/7 to meet compliance needs and to extract critical insights. You can archive data for long-term retention, be protected against device failure and natural disasters, and recover from ransomware lightning fast. Druva is trusted with billions of backups annually by thousands of enterprises, including more than 60 of the Fortune 500, costing up to 50% less than the convoluted hardware, software, and appliance solutions. As data grows and becomes more critical to your business advantage, a data resiliency plan is vital, but it shouldn't be complicated. Druva makes it simple. (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE and the Druva special presentation of "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. We're here with W Curtis Preston, Curtis Preston, as he's known in the industry, Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at "Why Ransomware isn't Your Only Problem." Great to see you, thanks for coming on. >> Happy to be here. >> So we always see each other at events now events are back. So it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I'd like to get your thoughts, and I'd like you to reflect on the analysis that we've been covering here in this survey data, how it lines up with the real world that you're seeing out there. >> Yeah, I think it's, the survey results really, I'd like to say, I'd like to say that they surprised me, but unfortunately, they didn't. The data protection world has been this way for a while where there's this difference in belief, or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit, successfully hit by ransomware, paid the ransom and/or lost data, and yet the same people that were surveyed, they had high degrees of confidence in their backup system. And, you know, I could probably go on for an hour as to the various reasons why that would be the case, but I think that this long running problem that as long as I've been associated with backups, which, you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And people often just, they don't want to have anything to do with the backup system, and so it sort of exists in this vacuum. And so then management is like, "Oh, the backup system's great," because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >> It's funny, you know. "We're good, boss, we got this covered." >> Yeah, it's all good, it's all good. >> And the fingers crossed, right? So again, this is the reality, and as it becomes backup and recovery, which we've talked about many times on theCUBE, certainly we have with you before, but now with ransomware, also, the other thing is people get ransomware hit multiple times. So it's not only like they get hit once, so, you know, this is a constant chasing the tail on some ends, but there are some tools out there, You guys have a solution, and so let's get into that. You know, you have had hands-on backup experience. What are the points that surprise you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >> Well, I would say that the one part in the survey that surprised me the most was people that had a huge, you know, there was a huge percentage of people that said that they had, you know, a ransomware response, you know, and readiness program. And you look at that, and how could you be, you know, that high a percentage of people be comfortable with their ransomware readiness program, which includes a number of things, right? There's the cyberattack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so you believe that your company was ready for that, and then you go, and I think it was 67% of the people in the survey paid the ransom, which as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number, I think, just hurt me the most is that because, you talked about re-infections. The surest way to guarantee that you get re-attacked and reinfected is to pay the ransom. This goes back all the way to ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail. >> You're in business, you're a good customer >> Yeah, yeah, exactly. >> for ransomware. >> Yeah, so the fact that, you know, 60, what, 2/3 of the people that were attacked by ransomware paid the ransom. That one statistic just hurt my heart. >> Yeah, and I think this is the reality. I mean, we go back, and even the psychology of the practitioners was, you know, it's super important to get backup and recovery, and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said, I'm joking, but there's recurring revenue for the bad guys if they know you're paying up and if you're stupid enough not to change your tooling. So again, it works both ways. So I got to ask you, why do you think so many owners are unable to successfully respond after an attack? Is it because, they know it's coming, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding successfully to this? >> I think it's a litany of things, starting with that aspect that I mentioned before, that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if you're the one that raises their hand, "You know, that's a good idea, Curtis, why don't you look into that?" Nobody wants to be- >> Where's that guy now? He doesn't work here anymore. Yeah, I hear where you coming from. >> Exactly. >> It's psychology (indistinct) >> Yeah, so there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of Active Directory and, you know, and things like Okta, so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if that production environment is compromised, now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then if the production system is compromised, then the backup system is compromised. So you've got to segregate all of that. And I just don't think that people are thinking about that. You know, and they're using the same backup techniques that they've used for many, many years. >> So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, "Hey, we'll just take out the backup first so they can't backup. So we got the ransomware." It makes sense. >> Yeah, exactly. The largest ransomware group out there, the Conti ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored, and they are exfiltrating the backups first, and then deleting them, and then letting you know you have ransom. >> Okay, so you guys have a lot of customers. They all kind of have the same problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >> Well, again, you've got to fully segregate that data, and everything about how that data is stored and everything about how that data's created and accessed, there are ways to do that with other, you know, with other commercial products. You can take a standard product and put a number of layers of defense on top of it, or you can switch to the way Druva does things, which is a SaaS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. It's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically, what you get by default with the way Druva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work. With us, you just log in and you get all of that. >> I guess, how do you break the laws of physics? I guess that's the question here. >> Well, because that's the other thing is that by storing the data in the cloud, and I've said this a few times, you get to break the laws of physics, and the only way to do that is time travel. (both laughing) So yes, so Druva has time travel. And this is a Curtisism, by the way, I don't think this is our official position, but the idea is that the only way to restore data as fast as possible is to restore it before you actually need it, and that's kind of what I mean by time travel, in that you, basically, you configure your DR, your disaster recovery environment in Druva one time, and then we are pre-restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the current environment as quickly as we can so that in a disaster recovery scenario, which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go. The data should already be restored. And that's the way that you break the laws of physics is you break the laws of time. >> (laughs) Well, all right, everyone wants to know the next question, and this is a real big question is, are you from the future? >> (laughs) Yeah. Very much the future. >> What's it like in the future, backup, recovery? How does it restore? Is it air gapping everything? >> Yeah, well, it's a world where people don't have to worry about their backups. I like to use the phrase get out of the backup business, just get into the restore business. You know, I'm a grandfather now, and I love having a granddaughter, and I often make the joke that if I'd have known how great grandkids were, I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SaaS data protection system and data resiliency system, you can just do recoveries and not have to worry about backups. >> Yeah, and what's great about your background is you've got a lot of historical perspective. You've seen that, the waves of innovation. Now it really is about the recovery and real time. So a lot of good stuff going on. And got to think automated, things got to be rocking and rolling. >> Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then, we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not, that our customers don't have to do all of those things that all of our competitors have to do to, you know, to break, to try to break the laws of physics, I've been fighting the laws of physics my entire career, to get the backup done in the first place, then to secure all the data, and to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I wish everybody had that ability. >> Yeah, I mean, security's a big part of it. Data's in the middle of it all. This is now mainstream, front lines, great stuff. Curtis, great to have you on, bring that perspective, and thanks for the insight. Really appreciate it. >> Always happy to talk about my favorite subject. >> All right, we'll be back in a moment. We'll have Stephen Manley, the CTO, and Anjan Srinivas, the GM and VP of Product Management will join me. You're watching theCUBE, the leader in high tech enterprise coverage. >> Ransomware is top of mind for everyone. Attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data, and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability scans, patches, and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released. After an attack, recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the Druva Data Resiliency Cloud on your side. The Druva platform functions completely in the cloud with no hardware, software, operating system, or complex configurations, which means there are none of the weaknesses that ransomware commonly uses to attack backups. Our software as a service model delivers 24/7/365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches, and upgrades for you. Druva also makes zero trust security easy with built-in multifactor authentication, single sign-on, and role-based access controls. In the event of an attack, Druva helps you stop the spread of ransomware and quickly understand what went wrong with built-in access insights and anomaly detection. Then you can use industry first tools and services to automate the recovery of clean, unencrypted data from the entire timeframe of the attack. Cyberattacks are a major threat, but you can make protection and recovery easy with Druva. (electronic music) (upbeat music) (mouse clicks) >> Welcome back, everyone, to theCUBE's special presentation with Druva on "Why Ransomware isn't Your Only Problem." I'm John Furrier, host of theCUBE. Our next guests are Stephen Manley, Chief Technology Officer of Druva, and Anjan Srinivas, who is the General Manager and Vice President of Product Management at Druva. Gentlemen, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic. The IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >> Great to be here, John. >> So what's your thoughts on the survey's conclusion? Obviously, the resilience is huge. Ransomware continues to thunder away at businesses and causes a lot of problems, disruption. I mean, it's endless ransomware problems. What's your thoughts on the conclusion? >> So I'll say the thing that pops out to me is, on the one hand, everybody who sees the survey and reads it is going to say, "Well, that's obvious." Of course, ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But I think when you dig deeper and there's a lot of subtleties to look into, but one of the things that I hear on a daily basis from the customers is, it's because the problem keeps evolving. It's not as if the threat was a static thing to just be solved and you're done. Because the threat keeps evolving, it remains top of mind for everybody because it's so hard to keep up with what's happening in terms of the attacks. >> And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping IT away from all the tooling that they needed to do. A lot of people are even still wondering, when that happens next time, what do I even do? So clearly not very surprising. Clearly, I think it's here to stay, and I think as long as people don't retool for a modern era of data management, this is going to to stay this way. >> Yeah, I hear this all the time in our CUBE conversations with practitioners. It's kind of like the security pro, give me more tools, I'll buy anything that comes in the market, I'm desperate. There's definitely attention, but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side? Because, you know, people claim that they have tools at crime points of recovery opportunities, but they can't get there. So it seems to be that there's a confidence problem here in the market. How do you guys see that? 'cause I think this is where the rubber meets the road with ransomware 'cause it is a moving train, it's always changing, but it doesn't seem there's confidence. Can you guys talk about that? What's your reaction? >> Yeah, let me jump in first, and Stephen can add to it. What happens is, I think this is a panic buying and they have accumulated this tooling now just because somebody said they could solve your problem, but they haven't had a chance to take a real look from a ground up perspective to see where are the bottlenecks? Where are the vulnerabilities? And which tooling set needs to lie where? Where does the logic need to reside? And what, in Druva, we are watching people do and people do it successfully, is that as they have adopted Druva technology, which is ground up built for the cloud, and really built in a way which is, you know, driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware, and then there's a whole plethora of ecosystem players that kind of combine to really finish the story, so to say, right? So I think this has been a panic buying situation. This is like, "Get me any help you can give me." And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva, and try to identify the right set of ecosystem to really bring together to solve it meaningfully. >> Yes, Stephen? >> I was going to say, I mean, one of the the really interesting things in the survey for me, and for a moment, a little more than a moment, it made me think was that the large number of respondents who said, "I've got a really efficient, well-run back environment," who, then, on basically the next question said, "And I have no confidence that I can recover from a ransomware attack." And you scratch your head and you think, "Well, if your backup environment is so good, why do you have such low confidence?" And I think that's the moment when we dug deeper and we realized, if you've got a traditional architecture, and let's face it, the disk-based architecture's been around for almost two decades now, in terms of disk-based backup, you can have that tuned to the hilt. That can be running as efficiently as you want it, but it was built before the ransomware attacks, before all these cyber issues, you know, really start hitting companies. And so I have this really well-run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying, "I'm doing the best I can," but as Anjan pointed out, the architecture, the tooling isn't there to support what problems I need to solve today. >> Yeah, great point. >> And so, yeah. >> Well, that's a great point. Before we get into the customer side I want to get to in second, you know, I interviewed Jaspreet, the founder and CEO many years ago, even before the pandemic, and you mentioned modern. You guys have always had the cloud with Druva. This is huge. Now that you're past the pandemic, what is that modern cloud edge that you guys have? 'Cause that's a great point. A lot of stuff was built kind of backup and recovery bolted on, not really kind of designed into the current state of the infrastructure and the cloud native application modern environment we're seeing right now. It's a huge issue. >> I think, to me there's three things that come up over and over and over again as we talk to people in terms of, you know, being built in cloud, being cloud native, why is it an advantage? The first one is security and ransomware. And we can go deeper, but the most obvious one that always comes up is every single backup you do with Druva is air gapped, offsite, managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. The second advantage is the scalability. And you know, this certainly plays into account as your business grows, or, in some cases, as you shrink or repurpose workloads, you're only paying for what you use. But it also plays a big role, again, when you start thinking of ransomware recoveries because we can scale your recovery in cloud, on premises as much or as little as you want. And then I think the third one is we're seeing, basically, things evolving, new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SaaS service in the cloud is we're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting. The customer doesn't have to say, "Wow, I needed six months in the lab before I upgrade it and it's an 18-month, 24-month cycle before the functionality releases. You're getting it every two weeks, and it's backed by Druva to make sure it works. >> Anjan, you know, you got the product side, you know, it's a challenging job 'cause you have so many customers asking for things, probably on the roadmap, you probably can go an hour for that one, but I want to get your thoughts on what you're hearing and seeing from customers. We just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated, probably on the feature requests, but also structurally as ransomware continues to evolve. What are you hearing? What's the key customer need? How are you guys responding? >> Yeah, actually, I have two things that I hear very clearly when I talk to customers. One, I think, after listening to their security problems and their vulnerability challenges, because we see customers and help customers who are getting challenged by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in, as Druva, is that we are providing them the cloud operating model and a data protection operating model, combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate, because this is not just about a piece of technology. On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on, but innovating faster with less. And that has been this age old problem, do more with less. But in this whole, they're like trying to innovate in the middle of the war, so to say. The war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming, not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at 100 miles per hour, while they're just trying to live one day at a time. And unless they really develop this overall security operating model, helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with. Now Druva is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC2 offering to protect EC2 virtual machines back in AWS, and we are going to be continuing to evolve that to further the many services that public cloud software 'cause our customers are really kind of consuming them at breakneck speed. >> So new workloads, new security capabilities. Love that. Good call out there. Stephen, there's still the issue of the disruption side of it. You guys have a guarantee. There's a cost of ownership as you get more tools. Can you talk about that angle of it? You got new workloads, you got the new security needs, what's the disruption impact? 'Cause you want to avoid that. How much is it going to cost you? And you guys have this guarantee, can you explain that? >> Yeah, absolutely. So Druva launched our $10 million data resiliency guarantee. And for us, there were really two key parts to this. The first obviously is $10 million means that, you know, again, we're willing to put our money where our mouth is, and that's a big deal, right? That we're willing to back this with the guarantee. But then the second part, and this is the part that I think reflects that sort of model that Anjan was talking about. We sort of look at this and we say the goal of Druva is to do the job of protecting and securing your data for you so that you, as a customer, don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks, all with SLAs. So everything from your data's going to be recoverable in the case of a ransomware attack. Okay, that's good. Of course, for it to be recoverable, we're also guaranteeing your backup success rate. We're also guaranteeing the availability of the service. We're guaranteeing that the data that we're storing for you can't be compromised or leaked externally, and we're guaranteeing the long-term durability of the data so that if you backup with us today and you need to recover 30 years from now, that data's going to be recovered. So we wanted to really attack the end-to-end risks that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there, and the only way for this to work is to have a service that can provide you SLAs across all of the risks, because that means, as a SaaS vendor, we're doing the job for you so you're buying results as opposed to technology. >> That's great. Great point. Ransomware isn't the only problem. That's the title of this presentation, but it's a big one. (laughs) People are concerned about it, so great stuff. In the last five minutes, guys, if you don't mind, I'd love to have you share what's on the horizon for Druva? You mentioned the new workloads, Anjan. You mentioned this new security. You're going to shift left. DevOps is now the developer model. They're running IT. Get data and security teams now stepping in and trying to be as high velocity as possible for the developers and enterprises. What's on the horizon for Druva? What trends is the company watching, and how are you guys putting that together to stay ahead in the marketplace and the competition? >> Yeah, I think, listening to our customers, what we realize is they need help with the public cloud, number one. I think that's a big wave of consumption. People are consolidating their data centers, moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first, from Druva, before they can start to get into much more advanced level of insights and analytics around that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which, I think, is very unique to Druva because only we can look at multiple tenants, multiple customers because we are a SaaS vendor, and look at insights and give them best practices and guidances and analytics that nobody else can give. There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are going to build, all the way from a feature level where we have things like (audio distorts) that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights, and security, and that's where my focus is, to go and get those features delivered, and Stephen can add a few more things around services that Stephen is looking to build and launch. >> Sure, so, yeah, so John, I think one of the other areas that we see just an enormous groundswell of interest. So public cloud is important, but there are more and more organizations that are running hundreds, if not thousands of SaaS applications, and a lot of those SaaS applications have data. So there's the obvious things, like Microsoft 365, Google Workspace, but we're also seeing a lot of interest in protecting Salesforce because, if you think about it, if someone you know deletes some really important records in Salesforce, that's actually kind of the record of your business. And so, we're looking at more and more SaaS application protection, and really getting deep in that application awareness. It's not just about backup and recovery when you look at something like a Salesforce, or something like Microsoft 365. You do want to look into sandboxing, you want to look into long-term archival, because this is the new record of the business. What used to be in your on-premises databases, that all lives in cloud and SaaS applications now. So that's a really big area of investment for us. The second one, just to echo what Anjan said is, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them. We'll do all the tuning, we'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks, because we're seeing across the globe. And then, of course, being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because, let's face it, if you can set your data up more cleanly, you're going to be a lot less worried and a lot less exposed when that attack happens. So we want to be able to, again, cover those SaaS applications in addition to the public cloud, and then we want to be able to use our metadata and use our analytics and use this massive pipeline we've got to deliver value to our customers. Not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >> That's great stuff. >> And remember, John, I think all this while keeping things really easy to consume, consumer grade UI, APIs, and then really the power of SaaS as a service, simplicity to kind of continue on, amongst kind of keeping these complex technologies together. >> Anjan, that's a great callout. I was going to mention ease of use and self-service. Big part of the developer and IT experience. Expected. It's the table stakes. Love the analytic angle, I think that brings the scale to the table, and faster time to value to get to learn best practices. But at the end of the day, automation, cross-cloud protection and security to protect and recover. This is huge, and this is a big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of the product. Thanks for coming on, appreciate it. >> Thank you very much. >> Okay, there it is. You have the experts talk about under the hood, the product, the value, the future of what's going on with Druva, and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Vellante will give you some closing thoughts on the subject here. You're watching theCUBE, the leader in high tech enterprise coverage. >> As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl, and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth, infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The Druva Data Resiliency Cloud is the only 100% SaaS data resiliency platform that provides centralized, secure, air gapped, and immutable backup and recovery. With Druva, your data is safe with multiple layers of protection and is ready for fast recovery from cyberattacks, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds, and your business critical SaaS applications. Druva is the only 100% SaaS vendor that can manage, govern, and protect data across multiple clouds and business critical SaaS applications. It supports not just backup and recovery, but also data resiliency across high value use cases, such as e-discovery, sensitive data governance, ransomware, and security. No other vendor can match Druva for customer experience, infinite scale, storage optimization, data immutability, and ransomware protection. The Druva Data Resiliency Cloud, your data, always safe, always ready. Visit druva.com today to schedule a free demo. (upbeat music) >> One of the big takeaways from today's program is that in the scramble to keep business flowing over the past 2+ years, a lot of good technology practices have been put into place, but there's much more work to be done, specifically, because the frequency of attacks is on the rise and the severity of lost, stolen, or inaccessible data is so much higher today, business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a system's view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed slash accuracy of recovery. Here we hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you got to do is go to thecube.net, and you'll see all the content, or you can go to druva.com. There are tons of resources available, including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching "Why Ransomware isn't Your Only Problem," made possible by Druva, in collaboration with IDC and presented by theCUBE, your leader in enterprise and emerging tech coverage. (upbeat music)

foreign welcome back everyone to our special presentation here at thecube with Horizon 3.a I'm John Furrier host thecube here in Palo Alto back it's niho and Tony CEO and co-founder of horizon 3 for deep dive on going under the hood around the big news and also the platform autonomous pen testing changing the game and security great to see you welcome back thank you John I love what you guys have been doing with the cube huge fan been here a bunch of times and yeah looking forward to the conversation let's get into it all right so what what's the market look like and how do you see it evolving we're in a down Market relative to startups some say our data we're reporting on siliconangle in the cube that yeah there might be a bit of downturn in the economy with inflation but the tech Market is booming because the hyperscalers are still pumping out massive scale and still innovating so so you know for the first time in history this is a recession or downturn where there's now Cloud scale players that are an economic engine what's your view on this where's the market heading relative to the downturn and how are you guys navigating that so um I think about it one the there's a lot of belief out there that we're going to hit a downturn and we started to see that we started to see deals get longer and longer to close back in May across the board in the industry we continue to see deals get at least backloaded in the quarter as people understand their procurement how much money they really have to spend what their earnings are going to be so we're seeing this across the board one is quarters becoming lumpier for tech companies and we think that that's going to become kind of the norm over the next over the next year but what's interesting in our space of security testing is a very basic supply and demand problem the demand for security testing has skyrocketed when I was a CIO eight years ago I only had to worry about my on-prem attack surface my perimeter and Insider threat those are my primary threat vectors now if I was a CIO I have to include multiple clouds all of the data in my SAS offerings my Salesforce account and so on as well as work from home threat vectors and other pieces and I've got Regulatory Compliance in Europe in Asia in in the U.S tons of demand for testing and there's just not enough Supply there's only 5 000 certified pen testers in the United States so I think for starters you have a fundamental supply and demand problem that plays to our strength because we're able to bring a tremendous amount of pen testing supply to the table but now let's flip to if you are the CEO of a large security company or whether it's a Consulting shop or so on you've got a whole bunch of deferred revenue in your business model around security testing services and what we've done in our past in previous companies I worked at is if we didn't think we were going to make the money the quarter with product Revenue we would start to unlock some of that deferred Services Revenue to make the number to hit what we expected Wall Street to hit what Wall Street expected of us in testing that's not possible because there's not enough Supply except us so if I'm the CEO of an mssp or a large security company and I need I see a huge backlog of security testing revenue on the table the easy button to convert that to recognized revenue is Horizon 3. and when I think about the next six months and the amount of Revenue misses we're going to see in security shops especially those that can't fulfill their orders I think there's a ripe opportunity for us to win yeah one of the few opportunities where on any Market you win because the forces will drive your flywheel that's exactly right very basic supply and demand forces that are only increasing with pressure and there's no way it takes 10 years just to build a master hacker just it's a very hard complex space we become the easy button to address that supply problem yeah and this and the autonomous aspect makes appsec reviews as new things get pushed with Cloud native developers they're shifting left but still the security policies need to stay Pace as these new vectors threat vectors appear yeah I mean because that's what's happening a new new thing makes a vector possible that's exactly right I think there's two aspects one is the as you in increase change in your environment you need to increase testing they are absolutely correlated the second thing though is you know for 20 years we focused on remote code execution or rces as an industry what was the latest rce that gave an attacker access to my environment but if you look over the past few years that entire mindset has shifted credentials are the new code execution what I mean by that is if I have a large organization with a hundred a thousand ten thousand employees all it takes is one of them to have a password I can crack in credential spray and gain access to as an attacker and once I've gained access to a single user I'm going to systematically snowball that into something of consequence and so I think that the attackers have shifted away from looking for code execution and looked more towards harvesting credentials and cascading credentials from a regular domain user into an admin this brings up the conversation I would like to do it more Deep dive now shift into more of like the real kind of landscape of the market and your positioning and value proposition in that and that is managed services are becoming really popular as we move into this next next wave of super cloud and multi-cloud and hybrid Cloud because I mean multi-cloud and hybrid hybrid than multi-cloud sounds good on paper but the security Ops become big and one of the things we're reporting with here on the cube and siliconangle the past six months is devops has made the developer the IT team because they've essentially run it now in CI CD pipeline as they say that means it's replaced by data Ops or AI Ops or security Ops and data and security kind of go hand in hand so I can see that playing out do you believe that to be true that that's kind of the new operational kind of beach head that's critical and if so secure if data is part of security that makes security the new it yeah I I think that if you think about organizations hell even for Horizon 3 right now I don't need to hire a CIO I'll have a CSO and that CSO will own it and governance risk and compliance and security operations because at the end of the day the most pressing question for me to answer as a CEO is my security posture IIT is a supporting function of that security posture and we see that at say or a growth stage company like Horizon 3 but when I thought about my time at GE Capital we really shifted to this mindset of security by Design architecture as code and it was very much security driven conversation and I think that is the norm going forward and how do you view the idea that you have to enable a managed service provider with security also managing comp and which then manages the company to enable them to have agile security um security is code because what you're getting at is this autonomous layer that's going to be automated away to make the next talented layer whether it's coder or architect scale so the question is what is abstracted away at at automation seems to be the conversation that's coming out of this big cloud native or super cloud next wave of cloud scale I think there's uh there's two Dimensions to that and honestly I think the more interesting Dimension is not the technical side of it but rather think of the Equifax hack a bunch of years ago had Equifax used a managed security services provider would the CEO have been fired after the breach and the answer is probably not I think the CEO would have transferred enough reputational risk in operational risk to the third party mssp to save his job from being you know from him being fired you can look at that across the board I think that if if I were a CIO again I would be hard-pressed to build my own internal security function because I'm accepting that risk as an executive and we saw what just happened at Uber there's a ton of risk coming with that with the with accepting that as a security person so I think in the future the role of the mssp becomes more significant as a mechanism for transferring enough reputational and operational and legal risk to a third party so that you as the Core Company are able to protect yourself and your people now then what you think is a super cloud printables and Concepts being applied at mssp scale and I think that becomes really interesting talk about the talent opportunity because I think the managed service providers point to markets that are growing and changing also having managed service means that the customers can't always hire Talent hence they go to a Channel or a partner this seems to be a key part of the growth in your area talk about the talent aspect of it yeah um think back to what we saw in Cloud so as as Cloud picked up we saw IBM HP other Hardware companies sell more servers but to fewer customers Amazon Google and others right and so I think something similar is going to happen in the security space where I think you're going to see security tools providers selling more volume but to fewer customers that are just really big mssps so that is the the path forward and I think that the underlying Talent issue gives us economies at scale and that's what we saw this with Cloud we're going to see the same thing in the mssp space I've got a density of Talent Plus a density of automation plus a density of of relationships and ecosystem that give mssps a huge economies of scale advantage over everybody else I mean I want to get into the mssp business sounds like I make a lot of money yeah definitely it's profitable no doubt about it like that I got to ask more on the more of the burden side of it because if you're a partner I don't need another training class I don't need another tool I don't need someone saying this is the highest margin product I need to actually downsize my tools so right now there's hundreds of tools that mssps have all the time dealing with and does the customer so tools platforms we've kind of teased this out in previous conversations together but more more relevant to the mssp is what they do to the customers so talk about this uh burden of tools and the socks out there in the in in the landscape how do you how do you view that and what's the conversation like on average an organization has 130 different cyber security tools installed none of those tools were designed to work together none of those tools are from the same vendor and in fact oftentimes they're from vendors that have competing products and so what we don't have and they're still getting breached in the industry we don't have a tools problem we have an Effectiveness problem we have to reduce the number of tools we have get more out of out of the the effectiveness out of the existing infrastructure build muscle memory you know how to detect and respond to a breach and continuously verify that posture I think that's what the the most successful security organizations have mastered the fundamentals and they mastered that by making sure they were effective in detection and response not mastering it by buying the next shiny AI tool on the defensive side okay so you mentioned supply and demand early since you're brought up economics we'll get into the economic equations here when you have great profits that's going to attract more entrance into the marketplace so as more mssps enter the market you're going to start to see a little bit of competition maybe some fud maybe some price competitive price penetration all kinds of different Tactics get out go on there um how does that impact you because now does that impact your price or are you now part of them just competing on their own value what's that mean for the channel as more entrants come in hey you know I can compete against that other one does that create conflict is that an opportunity does are you neutral on that what's the position it's a great question actually I think the way it plays out is one we are neutral two the mssp has to stand on their own with their own unique value proposition otherwise they're going to become commoditized we saw this in the early cloud provider days the cloud providers that were just basically wrapping existing Hardware with with a race to the bottom pricing model didn't survive those that use the the cloud infrastructure as a starting point to build higher value capabilities they're the ones that have succeeded to this day the same Mo I think will occur in mssps which is there's a base level of capability that they've got to be able to deliver and it is the burden of the mssp to innovate effectively to elevate their value problem it's interesting Dynamic and I brought it up mainly because if you believe that this is going to be a growing New Market price erosion is more in mature markets so it's interesting to see that Dynamic come up and we'll see how that handles on the on the economics and just the macro side of it getting more into kind of like the next gen autonomous pen testing is a leading indicator that a new kind of security assessment is here um if I said that to you how do you respond to that what is this new security assessment mean what does that mean for the customer and to the partner and that that relationship down that whole chain yeah um back to I'm wearing a CIO hat right now don't tell me we're secure in PowerPoint show me we're secure Today Show me where we're secure tomorrow and then show me we're secure again next week because that's what matters to me if you can show me we're secure I can understand the risk I'm accepting and articulate it up to my board to my Regulators up until now we've had a PowerPoint tell me where secure culture and security and I just don't think that's going to last all that much longer so I think the future of security testing and assessment is this shift from a PowerPoint report to truly showing me that my I'm secure enough you guys auto-generate those statements now you mentioned that earlier that's exactly right because the other part is you know the classic way to do security reports was garbage in garbage out you had a human kind of theoretically fill out a spreadsheet that magically came up with the risk score or security posture that doesn't work that's a check the box mentality what you want to have is an accurate High Fidelity understanding of your blind spots your threat vectors what data is at risk what credentials are at risk you want to look at those results over time how quickly did I find problems how quickly did I fix them how often did they reoccur and that is how you get to a show me where secure culture whether I'm a company or I'm a channel partner working with Horizon 3.ai I have to put my name on the line and say Here's a service level agreement I'm going to stand behind there's levels of compliance you mentioned that earlier how do you guys help that area because that becomes I call the you know below the line I got to do it anyway usually it's you know they grind out the work but it has to be fundamental because if the threats vectors are increasing and you're handling it like you say you are the way it is real time today tomorrow the next day you got to have that other stuff flow into it can you describe how that works under the hood yeah there's there's two parts to it the first part is that attackers don't have to hack in with zero days they log in with credentials that they found but often what attackers are doing is chaining together different types of problems so if you have 10 different tactics you can chain those together a number of different ways it's not just 10 to the 10th it's it's actually because you don't you don't have to use all the tactics at once this is a very large number of combinations that an attacker can apply upon you is what it comes down to and so at the base level what you want to have is what are the the primary tactics that are being used and those tactics are always being added to and evolving what are the primary outcomes that an attacker is trying to achieve steal your data disrupt your systems become a domain admin and borrow and now what you have is it actually looks more like a chess game algorithm than it does any sort of hard-coded automation or anything else which is based on the pieces on the board the the it infrastructure I've discovered what is the next best action to become a domain admin or steal your data and that's the underlying innovation in IP we've created which is next best action Knowledge Graph analytics and adaptiveness to figure out how to combine different problems together to achieve an objective that an attacker cares about so the 3D chess players out there I'd say that's more like 3D chess are the practitioners implementing it but when I think about compliance managers I don't see 3D chess players I see back office accountants in my mind like okay are they actually even understand what comes out of that so how do you handle the compliance side do you guys just check the boxes there is it not part of it is it yeah I I know I don't Envision the compliance guys on the front lines identifying vectors do you know what it doesn't even know what it means yeah it's a great question when you think about uh the market segmentation I think there are we've seen are three basic types of users you've got the the really mature high frequency security testing purple team type folks and for them we are the the force multiplier for them to secure the environment you then have the middle group where the IT person and the security person are the same individual they are barely Treading Water they don't know what their attack surface is and they don't know what to focus on we end up that's actually where we started with the barely Treading Water Persona and that's why we had a product that helped those Network Engineers become superheroes the third segment are those that view security and compliance as synonymous and they don't really care about continuous they care about running and checking the box for PCI and forever else and those customers while they use us they are better served by our partner ecosystem and that's really so the the first two categories tend to use us directly self-service pen tests as often as they want that compliance-minded folks end up going through our partners because they're better served there steel great to have you on thanks for this deep dive on um under the hood section of the interview appreciate it and I think autonomous is is an indicator Beyond pen testing pen testing has become like okay penetration security but this is not going away where do you see this evolving what's next what's next for Horizon take a minute to give a plug for what's going on with copy how do you see it I know you got good margins you're raising Capital always raising money you're not yet public um looking good right now as they say yeah yeah well I think the first thing is our company strategy is in three chapters chapter one is become the best security testing platform in the industry period that's it and be very good at helping you find and fix your security blind spots that's chapter one we've been crushing it there with great customer attraction great partner traction chapter two which we've started to enter is look at our results over time to help that that GRC officer or auditor accurately assess the security posture of an organization and we're going to enter that chapter about this time next year longer term though the big Vision I have is how do I use offense to inform defense so for me chapter three is how do I get away from just security testing towards autonomous security overall where you can use our security testing platform to identify ways to attack that informs defensive tools exactly where to focus how to adjust and so on and now you've got offset and integrated learning Loop between attack and defense that's the future never been done before Master the art of attack to become a better Defender is the bigger vision of the company love the new paradigm security congratulations been following you guys we will continue to follow you thanks for coming on the Special Report congratulations on the new Market expansion International going indirect that a big way congratulations thank you John appreciate it okay this is a special presentation with the cube and Horizon 3.ai I'm John Furrier your host thanks for watching thank you

>>The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know this had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized protection. As a result moved away from things like perimeter based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerges a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies. >>And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR focused that their DR approach was not cost efficient and needed to be modernized. And that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello, and welcome to Why Ransomware isn't your Only Problem, a service of the Cube made possible by dva. And in collaboration with idc. I'm your host, Dave Ante, and today we're present a three part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face. In today's new world, IDC Research Vice President Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. >>After that, we're gonna hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection. Generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at dva, Steven Manly and Anja Serenas. Steven is a 10 time cubo and Chief technology officer at dva. And Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how DVA is closing the gaps presented in the IDC survey through their product innovation. Or right now I'm gonna toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. >>Bill Goodwin joins me next, the VP of research at idc. We're gonna be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on the cube. >>Hey, Lisa, it's great to be here with you. >>So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >>You know, you, you really hit the, the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that that ransomware that has everybody's attention, and it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022, but within idc we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be, have the scale, upper scale, down on demand nature of cloud. So those are in a nutshell, kind of the three things that people are looking at. >>You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now Phil, no longer if we're gonna get attacked. It's when it's how often it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >>Well, what, what some of the research that we did is we found that about 77% of organizations have digital resilience as a, as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more, more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping keeping them awake at night. Quite honestly, if you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a, a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data >>And digital resilience, data resilience as every company these days has to be a data company to be competitive, digital resilience, data resilience. Are you using those terms interchangeably or data resilience to find as something a little bit different? >>Well, sometimes yeah, that we do get caught using them when, when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself and the context of of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You, you really, you can't have it resilience about data resilience. So that, that's where we're coming from on it >>Inextricably linked and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >>Well, one of the biggest is what, what you mentioned at the, at the top of the segment. And, and that is the, the area of ransomware, the research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to, to defend against these ransoms. The other thing about it is it's really a lot like whackamole. You know, they attack us in one area and and, and we defend against it. They, so they attack us in another area and we defend against it. >>And in fact, I had a, an individual come up to me at a show not long ago and said, You know, one of these days we're gonna get pretty well defended against ransomware and it's gonna go away. And I responded, I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't gonna just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that here is here for the long term and something that we, we have to address and have to get proactive about. >>You mentioned some stats there and, and recently IDC and DVA did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let, let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concern concerning ransomware. >>Yeah, this, this was a worldwide study. It was sponsored by DVA and conducted by IDC as an independent study. And what we did, we surveyed 500 is a little over 500 different individuals across the globe in North America select countries in in western Europe, as well as several in, in Asia Pacific. And we did it across industries with our 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of of infrastructure, you know, managers of data centers, things like that. And the, and the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they, when they get attacked. Some of the, some of the statistics that we learned from this, Lisa, include 83% of organizations believe or tell, told us that they have a, a playbook that, that they have for ransomware. >>I think 93% said that they have a high degree or a high or very high degree of confidence in their recovery tools and, and are fully automated. And yet when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't, aren't necessarily to be trusted. And, and so the software that they provide sometimes is, is fully recovered. Sometimes it's not. So you look at that and you go, Wow. On, on the one hand, people think they're really, really prepared, and on the other hand, the results are, are absolutely horrible. >>You know, two thirds of people having, having to pay their ransom. So you start to ask yourself, well, well, what is, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. Everybody has a plan until they get punched in the mouth. And I think that's kind of what happens with ransomware. You, you think you know what you're, you're doing, you think you're ready based on the information you have. And these people are smart people and, and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me in kind of the aha moment really in this whole thing. Lisa, >>That's a massive disconnect with the vast majority saying we have a cyber recovery playbook, yet nearly half being the victims of ransomware in the last three years, and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience data resilience as it's, as we said, this is a matter of this is gonna happen just a matter of when and how often >>It it is a matter, Yeah, as you said, it's not if when or, or how often. It's really how badly. So I think what organizations are really do doing now is starting to turn more to cloud-based services. You know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of, of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to, to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of, of scanning, in terms of analysis and so forth. So they're, they're turning to professionals in the cloud much more in order to get that breadth of experience and, and to take advantage of cloud based services that are out there. >>Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why are is IDC seeing this big shift to cloud where, where data resilience is concerned? >>Well, the first and foremost is the economics of it. You know, you can, you can have on demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If your financial services, it might even be triple, the infrastructure is very complicated, very difficult by going to the cloud. Organizations can subscribe to disaster recovery as a service. It increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit and all of a sudden they have to engage with outside consultants or they have to bring in other experts and that, and that extends the time to recover that they have and it also complicates it. >>So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >>So what do you think the big issue here is, is it that these, these I p T practitioners over 500 that you surveyed across 20 industries is a global survey? Do they not know what they don't know? What's the the overlying issue here? >>Yeah, I think that's right. It's, you don't know what you don't know and until you get into a specific attack, you know, there, there are so many different ways that, that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the, the issue is, once I have your data, what are you gonna do? I mean, there's no amount of recovery that is gonna help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and, and taking their chances. So best practice things like encryption, immutability, you know, things like that that organizations can put into place. Certainly air gaps. Having a, a solid backup foundation to, to where data is you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >>Given some of the, the, the disconnect that you articulated, the, the stats that show so many think we are prepared, we've got a playbook, yet so many are being, are being attacked. The vulnerabilities and the, and the, as the, the landscape threat landscape just gets more and more amorphous. Why, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry, we are vulnerable, this is gonna happen, we've gotta make sure that we are truly resilient and proactive? >>Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the, the, the consequences of ransom where it's not just the ransom, it's the loss productivity, it's, it's the loss of, of revenue. It's, it's the loss of, of customer faith and, and, and goodwill and organizations that have been attacked have, have suffered those consequences. And, and many of them are permanent. So people at the board level where it's, whether it's the ceo, the cfo, the cio, the c cso, you know, whoever it is, they're extremely concerned about these. And I can tell you they are fully engaged in addressing these issues within their organization. >>So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, It's a big business business, it's very profitable. But what is IDCs prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they're, they really actually have i i functioning playbook? >>I i, I don't know if we'll ever get to the point where the CCC C suite is not involved. It's probably very important to have that, that level of executive sponsorship. But, but what we are seeing is, in fact, we predicted by 20 25, 50 5% of organizations we'll have shifted to a cloud centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and, and at the edge, and that's really where the growth is. So being able to take that cloud centric model and take advantage of, of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily and, and to be able to take that cloud centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >>Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Juba sponsored IDC White paper. Fascinating finds. I encourage all of you to download that, Take a read, you're gonna learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining >>Me. No problem. Thank you, Lisa. >>In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin and you are watching the Cube, the leader in live tech coverage. >>We live in a world of infinite data, sprawling, dispersed valuable, but also vulnerable. So how do organizations achieve data resiliency when faced with ever expanding workloads, increasing security threats and intensified regulations? Unfortunately, the answer often boils down to what flavor of complexity do you like best? The common patchwork approaches are expensive, convoluted, and difficult to manage. There's multiple software and hardware vendors to worry about different deployments for workloads running on premises or in the cloud. And an inconsistent security framework resulting in enterprises maintaining four of five copies of the same data, increasing costs and risk building to an incoherent mess of complications. Now imagine a world free from these complexities. Welcome to the dr. A data resiliency cloud where full data protection and beautiful simplicity converge. No hardware, no upgrades, no management, just total data resili. With just a few clicks, you can get started integrating all of your data resiliency workflows in minutes. >>Through a true cloud experience built on Amazon web services, the DR A platform automates and manages critical daily tasks giving you time to focus on your business. In other words, get simplicity, scalability, and security instantly with the dr A data resiliency cloud, your data isn't just backed up, it's ready to be used 24 7 to meet compliance needs and to extract critical insights. You can archive data for long term retention, be protected against device failure and natural disasters, and recover from ransomware lightning fast. DVA is trusted with billions of backups annually by thousands of enterprises, including more than 60 of the Fortune 500 costing up to 50% less in the convoluted hardware, software, and appliance solutions. As data grows and becomes more critical to your business advantage, a data resiliency plan is vital, but it shouldn't be complicated. Dr. A makes it simple. >>Welcome back everyone to the cube and the drew of a special presentation of why ransomware isn't your only problem. I'm John Furrier, host of the Cube. We're here with w Curtis Preston. Curtis Preston, he known in the industry Chief Technical Evangelist at Druva. Curtis, great to see you. We're here at why ransomware isn't your only problem. Great to see you. Thanks for coming on. >>Happy to be here. >>So we always see each other events now events are back. So it's great to have you here for this special presentation. The white paper from IDC really talks about this in detail. I to get your thoughts and I'd like you to reflect on the analysis that we've been covering here and the survey data, how it lines up with the real world that you're seeing out there. >>Yeah, I think it's the, the survey results really, I'd like to say, I'd like to say that they surprised me, but unfortunately they didn't. The, the, the, the data protection world has been this way for a while where there's this, this difference in belief or difference between the belief and the reality. And what we see is that there are a number of organizations that have been hit successfully, hit by ransomware, paid the ransom and, and, and or lost data. And yet the same people that were surveyed, they had to high degrees of confidence in their backup system. And I, you know, I, I could, I could probably go on for an hour as to the various reasons why that would be the case, but I, I think that this long running problem that as long as I've been associated with backups, which you know, has been a while, it's that problem of, you know, nobody wants to be the backup person. And, and people often just, they, they, they don't wanna have anything to do with the backup system. And so it sort of exists in this vacuum. And so then management is like, oh, the backup system's great, because the backup person often, you know, might say that it's great because maybe it's their job to say so. But the reality has always been very, very different. >>It's funny, you know, we're good boss, we got this covered. Good, >>It's all good, it's all good, >>You know, and the fingers crossed, right? So again, this is the reality and, and, and as it becomes backup and recovery, which we've talked about many times on the cube, certainly we have with you before, but now with ransomware also, the other thing is people get ransomware hit multiple times. So it's not, not only like they get hit once, so, you know, this is a constant chasing the tail on some ends, but there are some tools out there, You guys have a solution. And so let's get into that. You know, you have had hands on backup experience. What are the points that surprised you the most about what's going on in this world and the realities of how people should be going forward? What's your take? >>Well, I would say that the, the, the one part in the survey that surprised me the most was people that had a huge, you know, that there, there was a huge percentage of people that said that they had a, a, a, you know, a a a ransomware response, you know, in readiness program. And you look at that and you, how could you be, you know, that high percentage of people be comfortable with their ransomware readiness program and a, you know, which includes a number of things, right? There's the cyber attack aspect of responding to a ransomware attack, and then there's the recovery aspect. And so your, you believe that your company was ready for that, and then you go, and I, I think it was 67% of the people in the survey paid the ransom, which as, as a person who, you know, has spent my entire career trying to help people successfully recover their data, that number I think just hurt me the most is that because you, you talked about re infections, the surest way to guarantee that you get rein attacked and reinfected is to pay the ransom. This goes back all the way ransom since the beginning of time, right? Everyone knows if you pay the blackmail, all you're telling people is that you pay blackmail and >>You're in business, you're a good customer arr for ransomware. >>Yeah. So the, the fact that, you know, 60 what two thirds of the people that were attacked by ransomware paid the ransom. That one statistic just, just hurt my heart. >>Yeah. And I think this is the reality. I mean, we go back and even the psychology of the practitioners was, you know, it's super important to get back in recovery and that's been around for a long time, but now that's an attack vector, okay? And there's dollars involved, like I said, the arr joking, but there's recurring revenue for the, for the bad guys if they know you're paying up and if you're stupid enough not to change, you're tooling, right? So, so again, it works both ways. So I gotta ask you, why do you think so many are unable to successfully respond after an attack? Is it because they know it's coming? I mean, I mean, they're not that dumb. I mean, they have to know it's coming. Why aren't they responding and successfully to this? >>I I think it's a, it's a litany of thing starting with the, that aspect that I mentioned before, that nobody wants to have anything to do with the backup system, right? So nobody wants to be the one to raise their hand because if, if you're the one that raises their hand, you know what, that's a good idea, Curtis, why don't you look into that? Right. Nobody, nobody wants to be, Where's >>That guy now? He doesn't work here anymore. Yeah, but I I I hear where you come from exactly. Psychology. >>Yeah. So there, there's that. But then the second is that because of that, no one's looking at the fact that backups are the attack vector. They, they, they become the attack vector. And so because they're the attack vector, they have to be protected as much, if not more than the rest of the environment. The rest of the environment can live off of active directory and, you know, and things like Okta, so that you can have SSO and things like that. The backup environment has to be segregated in a very special way. Backups have to be stored completely separate for from your environment. The login and authentication and authorization system needs to be completely separate from your typical environment. Why? Because if you, if that production environment is compromised now knowing that the attacks or that the backup systems are a significant portion of the attack vector, then you've, if, if the production system is compromised, then the backup system is compromised. So you've got to segregate all of that. And I, and I just don't think that people are thinking about that. Yeah. You know, and they're using the same backup techniques that they've used for many, many years. >>So what you're saying is that the attack vectors and the attackers are getting smarter. They're saying, Hey, we'll just take out the backup first so they can backup. So we got the ransomware it >>Makes Yeah, exactly. The the largest ransomware group out there, the KTI ransomware group, they are specifically targeting specific backup vendors. They know how to recognize the backup servers. They know how to recognize where the backups are stored, and they are exfiltrating the backups first and then deleting them and then letting you know you have ransom. >>Okay, so you guys have a lot of customers, they all kind of have the same this problem. What's the patterns that you're seeing? How are they evolving? What are some of the things that they're implementing? What is the best practice? >>Well, again, you, you've got to fully segregate that data. There are, and, and everything about how that data is stored and everything about how that data's created and accessed. There are ways to do that with other, you know, with other commercial products, you can take a, a, a standard product and put a number of layers of defense on top of it, or you can switch to the, the way Druva does things, which is a SAS offering that stores your data completely in the cloud in our account, right? So your account could be completely compromised. That has nothing to do with our account. And the, the, it's a completely different authentication and authorization system. You've got multiple layers of defense between your computing environment and where we store your backups. So basically what you get by default with the, the way juva stores your backups is the best you can get after doing many, many layers of defense on the other side and having to do all that work with us. You just log in and you get all of that. >>I guess how do, how do you break the laws of physics? I guess that's the question here. >>Well, when, because that's the other thing is that by storing the data in the cloud, we, we do, and I've said this a few times, that you get to break the laws of physics and the, the only way to do that is to, is time travel and what, that's what it, so yeah, so Druva has time travel. What, and this is a criticism by the way. I don't think this is our official position, but Yeah. But the, the idea is that the only way to restore data as fast as possible is to restore it before you actually need it. And that's what kind of what I mean by time travel in that you basically, you configure your dr your disaster recovery environment in, in DVA one time. And then we are pre restoring your data as often as you tell us to do, to bring your DR environment up to the, you know, the, the current environment as quickly as we can so that in a disaster recovery scenario, which is part of your ransomware response, right? Again, there are many different parts, but when you get to actually restoring the data, you should be able to just push a button and go the, the data should already be restored. And that's the, i that's the way that you break the laws of physics is you break the laws of time. >>Well, I, everyone wants to know the next question, and this is the real big question, is, are you from the future? >>Yeah. Very much the future. >>What's it like in the future? Backup recovery as a restore, Is it air gaping? Everything? >>Yeah. It, it, it, Well it's a world where people don't have to worry about their backups. I I like to use the phrase, get outta the backup business. Just get into the ReSTOR business. I I, you know, I'm, I'm a grandfather now and I, and I love having a granddaughter and I often make the joke that if I don't, if I'd have known how great grandkids were, I would've skipped straight to them, right? Not possible. Just like this. Recoveries are great. Backups are really hard. So in the future, if you use a SAS data protection system and data resiliency system, you can just do recoveries and not have to worry about >>Backups. Yeah. And what's great about your background is you've got a lot of historical perspective. You've seen that been in the ways of innovation now it's really is about the recovery and real time. So a lot of good stuff going on. And God think automated thingss gotta be rocking and rolling. >>Absolutely. Yeah. I do remember, again, having worked so hard with many clients over the years, back then, we worked so hard just to get the backup done. There was very little time to work on the recovery. And I really, I kid you not that our customers don't have to do all of those things that all of our competitors have to do to, you know, to, to break, to try to break the laws of physics. I've been fighting the laws of physics my entire career to get the backup done in the first place. Then to secure all the data, right to air gap it and make sure that a ransomware attack isn't going to attack it. Our customers get to get straight to a fully automated disaster recovery environment that they get to test as often as possible and they get to do a full test by simply pressing a single button. And you know, I, I wish that, I wish everybody had that ability. >>Yeah, I mean, security's a big part of it. Data's in the middle of it all. This is now mainstream front lines. Great stuff Chris, great to have you on, bring that perspective and thanks for the insight. Really >>Appreciate it. Always happy to talk about my favorite subject. >>All right, we'll be back in a moment. We'll have Steven Manley, the cto and on John Shva, the GM and VP of Product Manage will join me. You're watching the cube, the leader in high tech enterprise coverage. >>Ransomware is top of mind for everyone. Attacks are becoming more frequent and more sophisticated. It's a problem you can't solve alone anymore. Ransomware is built to exploit weaknesses in your backup solution, destroying data and your last line of defense. With many vendors, it can take a lot of effort and configuration to ensure your backup environment is secure. Criminals also know that it's easy to fall behind on best practices like vulnerability, scans, patches and updates. In fact, 42% of vulnerabilities are exploited after a patch has been released after an attack. Recovery can be a long and manual process that still may not restore clean or complete data. The good news is that you can keep your data safe and recover faster with the DR A data resiliency cloud on your side. The DR A platform functions completely in the cloud with no hardware, software, operating system, or complex configurations, which means there are none of the weaknesses that ransomware commonly uses to attack backups. >>Our software as a service model delivers 24 7 365 fully managed security operations for your backup environment. We handle all the vulnerability scans, patches and upgrades for you. DVA also makes zero trust security easy with builtin multifactor authentication, single sign-on and role-based access controls in the event of an attack. Druva helps you stop the spread of ransomware and quickly understand what went wrong. With builtin access insights and anomaly detection, then you can use industry first tools and services to automate the recovery of clean unencrypted data from the entire timeframe of the attack. Cyber attacks are a major threat, but you can make protection and recovery easy with dva. >>Welcome back everyone to the Cubes special presentation with DVA on why ransomware isn't your only problem. I'm John er, host of the Cube. Our next guest are Steven Manley, Chief Technology Officer of dva and I, John Trini VAs, who is the general manager and vice president of product management and Druva. Gentleman, you got the keys to the kingdom, the technology, ransomware, data resilience. This is the topic, the IDC white paper that you guys put together with IDC really kind of nails it out. I want to get into it right away. Welcome to this segment. I really appreciate it. Thanks for coming on. >>Great to be here John. >>So what's your thoughts on the survey's conclusion? I've obviously the resilience is huge. Ransomware is continues to thunder away at businesses and causes a lot of problems. Disruption, I mean just it's endless ransomware problems. What's your thoughts on the con conclusion? >>So I'll say the, the thing that pops out to me is, is on the one hand, everybody who sees the survey, who reads, it's gonna say, well that's obvious. Of course ransomware continues to be a problem. Cyber resilience is an issue that's plaguing everybody. But, but I think when you dig deeper and there and there's a lot of subtleties to look into, but, but one of the things that, that I hear on a daily basis from the customers is it's because the problem keeps evolving. It, it's not as if the threat was a static thing to just be solved and you're done because the threat keeps evolving. It remains top of mind for everybody because it's so hard to keep up with with what's happening in terms of the attacks. >>And I think the other important thing to note, John, is that people are grappling with this ransomware attack all of a sudden where they were still grappling with a lot of legacy in their own environment. So they were not prepared for the advanced techniques that these ransomware attackers were bringing to market. It's almost like these ransomware attackers had a huge leg up in terms of technology that they had in their favor while keeping the lights on was keeping it away from all the tooling that needed to do. A lot of people are even still wondering when that happens next time, what do I even do? So clearly not very surprising. Clearly I think it's here to stay and I think as long as people don't retool for a modern era of data management, this is going to stay this >>Way. Yeah, I mean I hear this whole time and our cube conversations with practitioners, you know there, it's kind of like the security pro give me more tools, I'll buy anything that comes in the market. I'm desperate. There's definitely attention but it doesn't seem like people are satisfied with the tooling that they have. Can you guys share kind of your insights into what's going on in the product side? Because you know, people claim that they have tools at fine points of, of recovery opportunities but they can't get there. So it seems to be that there's a confidence problem here in the market. What, how do you guys see that? Cuz I think this is where the rubber meets the road with ransomware cuz it's, it is a moving train, it's always changing but it doesn't seem as confidence. Can you guys talk about that? What's your reaction? >>Yeah, let me jump in first and Steven can add to it. What happens is I think this is a panic buying and they have accumulated this tooling now just because somebody said could solve your problem, but they haven't had a chance to take a re-look from a ground up perspective to see where are the bottlenecks, where are the vulnerabilities and which tooling set needs to lie? Where, where does the logic need to recite and what in Drew we are watching people do and people do it successfully, is that as they have adopted through our technology, which is ground up built for the cloud and really built in a way which is, you know, driven at a data insight level where we have people even monitoring our service for anomalies and activities that are suspicious. We know where we need to play a role in really kind of mitigating this ransomware. >>And then there's a whole plethora of ecosystem players that kind of combine to really really finish the story so to say, right? So I think this has been a panic buying situation. This is like, get me any help you can give me. And I think as this settles down and people really understand that longer term as they really build out a true defense mechanism, they need to think really ground up. They will start to really see the value of technologies like Druva and tried to identify the right set of ecosystem to really bring together to solve it meaningfully. >>Steven, >>I was gonna say, I mean one, one of the, one of the really interesting things in the survey for me and, and, and for a moment, little more than a moment, it made me think was that the large number of respondents who said I've got a really efficient well run backup environment, who then on basically the next question said, and I have no confidence that I can recover from a ransomware attack. And you scratch your head and you think, well if your backup environment is so good, why do you have such low confidence? And, and, and I think that's the moment when we, we dug deeper and we realized, you know, if you've got a traditional architecture and let's face the dis base architecture's been around for almost two decades now in terms of dis based backup, you can have that tune to the help that can be running as efficiently, efficiently as you want it, but it was built before the ransomware attacks before, before all these cyber issues, you know, really start hitting companies. And so I have this really well run traditional backup environment that is not at all built for these modern threat vectors. And so that's really why customers are saying I'm doing the best I can, but as Angen pointed out, the architecture, the tooling isn't there to support what, what problems I need to solve today. Yeah, >>Great point. And so yeah, well that's a great point. Before we get into the customer side, I wanna get to in second, you know, I interviewed Jare, the the founder CEO many years ago, even before the pandemic. You mentioned modern, you guys have always had the cloud, which r this is huge. Now that you're past the pandemic, what is that modern cloud edge you guys have? Cuz that's a great point. A lot of stuff was built kind of Beckham recovery bolted on, not really kind of designed into the, the current state of the infrastructure and the cloud native application modern environment we're seeing. Right? Now's a huge issue >>I think. I think it's, it's to me there's, there's three things that come up over and over and over again as, as we talk to people in terms of, you know, being built in cloud, being cloud native, why is an advantage? The first one is, is security and ransomware. And, and, and we can go deeper, but the most obvious one that always comes up is every single backup you do with DVA is air gap offsite managed under a separate administrative domain so that you're not retrofitting any sort of air gap network and buying another appliance or setting up your own cloud environment to manage this. Every backup is ransomware protected, guaranteed. I think the second advantage is the scalability. And you know this, this certainly plays into account as your, your business grows or in some cases as you shrink or repurpose workloads, you're only paying for what you use. >>But it also plays a a big role again when you start thinking of ransomware recoveries because we can scale your recovery in cloud on premises as much or as little as you want. And then I think the third one is we're seeing a basically things evolving new workloads, data sprawl, new threat vectors. And one of the nice parts of being a SA service in the cloud is you're able to roll out new functionality every two weeks and there's no upgrade cycle, there's no waiting, you know, the customer doesn't have to say, Wow, I need it six months in the lab before I upgrade it and it's an 18 month, 24 month cycle before the functionality releases. You're getting it every two weeks and it's backed by Druva to make sure it works. >>That says on John, you know, you got the, the product side, you know, it's challenging job cuz you have so many customers asking for things probably on the roadmap you probably go hour for that one. But I wanna get your thoughts on what you're hearing and seeing from customers. You know, we just reviewed the IDC with Phil. How are you guys responding to your customer's needs? Because it seems that it's highly accelerated on the, probably on the feature request, but also structurally as as ransomware continues to evolve. What are you hearing, what's the key customer need? How are you guys responding? >>Yeah, actually I have two things that I hear very clearly when I talk to customers. One, I think after listening to their security problems and their vulnerability challenges because we see customers and help customers who are getting challenge by ransomware on a weekly basis. And what I find that this problem is not just a technology problem, it's an operating model problem. So in order to really secure themselves, they need a security operating model and a lot of them haven't figured out that security operating model in totality. Now where we come in as rua is that we are providing them the cloud operating model and a data protection operating model combined with a data insights operating model which all fit into their overall security operating model that they are really owning and they need to manage and operate because this is just not about a piece of technology. >>On top of that, I think our customers are getting challenged by all the same challenges of not just spending time on keeping the lights on but innovating faster with faster, with less. And that has been this age old problem, do more with less. But in this, in this whole, they're like trying to innovate in the middle of the war so to say, right, the war is happening, they're getting attacked, but there's also net new shadow IT challenges that's forcing them to make sure that they can manage all the new applications that are getting developed in the cloud. There is thousands of SaaS applications that they're consuming not knowing which data is critical to their success and which ones to protect and govern and secure. So all of these things are coming at them at a hundred miles per hour while they're just, you know, trying to live one day at a time. >>And unless they really develop this overall security operating model helped by cloud native technologies like Druva that really providing them a true cloud native model of really giving like a touchless and an invisible protection infrastructure. Not just beyond backups, beyond just the data protection that we all know of into this kind of this mindset of kind of being able to look at where each of those functionalities need to lie. That's where I think they're grappling with now. Drew is clearly helping them with keep up to pace with the public cloud innovations that they need to do and how to protect data. We just launched our EC two offering to protect EC two virtual machines back in aws and we are gonna be continuing to evolve that to further many services that public cloud software cuz our customers are really kind of consuming them at breakneck speed. >>So the new workloads, the new security capabilities. Love that. Good, good call out there. Steven, this still the issue of the disruption side of it, you guys have a guarantee there's a cost of ownership as you get more tools. Can you talk about that angle of it? Because this is, you got new workloads, you got the new security needs, what's the disruption impact? Cause you know, you won't avoid that. How much is it gonna cost you? And you guys have this guarantee, can you explain that? >>Yeah, absolutely. So, so Dr launched our 10 million data resiliency guarantee. And, and for us, you know, there were, there were really two key parts to this. The first obviously is 10 million means that, you know, again we're, we're we're willing to put our money where our mouth is and, and that's a big deal, right? That that, that we're willing to back this with the guarantee. But then the second part, and, and, and this is the part that I think reflects that, that sort of model that Angen was talking about, we, we sort of look at this and we say the goal of DVA is to do the job of protecting and securing your data for you so that you as a customer don't have to do it anymore. And so the guarantee actually protects you against multiple types of risks all with SLAs. So everything from, you know, your data's gonna be recoverable in the case of a ransomware attack. >>Okay, that's good. Of course for it to be recoverable, we're also guaranteeing, you know, your backup, your backup success rate. We're also guaranteeing the availability of the service. You know, we're, we're guaranteeing that the data that we're storing for you can't be compromised or leaked externally and you know, we're guaranteeing the long term durability of the data so that if you back up with us today and you need to recover 30 years from now, that data's gonna be recovered. So we wanted to really attack the end to end, you know, risks that, that, that affect our customers. Cybersecurity is a big deal, but it is not the only problem out there and the only way for this to work is to have a service that can provide you SLAs across all of the risks because that means, again, as a SAS vendor, we're doing the job for you so you're buying results as opposed to technology. >>That's great. Great point. Ransomware isn't the only problem that's the title of this presentation, but is a big one. People concerned about it. So great stuff. In the last five minutes guys, if you don't mind, I'd love to have you share what's on the horizon for dva. You mentioned the new workloads on John, you mentioned this new security hearing shift left DevOps is now the developer model, they're running it get data and security teams now stepping in and trying to be as vo high velocity as possible for the developers and enterprises. What's on the horizon, Ava? What trends is the company watching and how are you guys putting that together to stay ahead in the marketplace and the competition? >>Yeah, I think listening to our customers, what we realize is they need help with the public cloud. Number one. I think that's a big wave of consumption. People are consolidating their data centers, moving to the public cloud. They need help in expanding data protection, which becomes the basis of a lot of the security operating model that I talked about. They need that first from before they can start to get into much more advanced level of insights and analytics on that data to protect themselves and secure themselves and do interesting things with that data. So we are expanding our coverage on multiple fronts there. The second key thing is to really bring together a very insightful presentation layer, which I think is very unique to thwa because only we can look at multiple tenants, multiple customers because we are a SAS vendor and look at insights and give them best practices and guidances and analytics that nobody else can give. >>There's no silo anymore because we are able to take a good big vision view and now help our customers with insights that otherwise that information map is completely missing. So we are able to guide them down a path where they can optimize which workloads need, what kind of protection, and then how to secure them. So that is the second level of insights and analytics that we are building. And there's a whole plethora of security offerings that we are gonna build all the way from a feature level where we have things like recycle bin that's already available to our customers today to prevent any anomalous behavior and attacks that would delete their backups and then they still have a way to recover from it, but also things to curate and get back to that point in time where it is safe to recover and help them with a sandbox which they can recover confidently knowing it's not going to jeopardize them again and reinfect the whole environment again. So there's a whole bunch of things coming, but the key themes are public cloud, data insights and security and that's where my focus is to go and get those features delivered and Steven can add a few more things around services that Steven is looking to build in launch. >>Sure. So, so yeah, so, so John, I think one of the other areas that we see just an enormous groundswell of interest. So, so public cloud is important, but there are more and more organizations that are running hundreds if not thousands of SaaS applications and a lot of those SaaS applications have data. So there's the obvious things like Microsoft 365 Google workspace, but we're also seeing a lot of interest in protecting Salesforce because if you think about it, you know, if you, if if someone you know deletes some really important records in Salesforce, that's, that's actually actually kind of the record of your business. And so, you know, we're looking at more and more SaaS application protection and, and really getting deep in that application awareness. It's not just about backup and recovery. When you look at something like, like a sales force or something like Microsoft 365, you do wanna look into sandboxing, you wanna, you wanna look into long term archival because again, this is the new record of the business, what used to be in your on premises databases that all lives in cloud and SaaS applications now. >>So that's a really big area of investment for us. The second one, just to echo what, what engine said is, you know, one of the great things of being a SaaS provider is I have metadata that spans across thousands of customers and tens of billions of backups a year. And I'm tracking all sorts of interesting information that is going to enable us to do things like make backups more autonomous so that customers, again, I want to do the job for them, will do all the tuning, we'll do all the management for them to be able to better detect ransomware attacks, better respond to ransomware attacks because we're seeing across the globe. And then of course being able to give them more insight into what's happening in their data environment so they can get a better security posture before any attack happens. Because let's face it, if you can set your, your data up more cleanly, you're gonna be a lot less worried and a lot less exposed from that attack happens. So we want to be able to again, cover those SaaS applications in addition to the public cloud. And then we want to be able to use our metadata and use our analytics and use this massive pipeline. We've got to deliver value to our customers, not just charts and graphs, but actual services that enable them to focus their attention on other parts of the business. >>That's great stuff. Run John. >>And remember John, I think all this while keeping things really easy to consume consumer grade UI APIs and the, the really, the power of SaaS as a service simplicity to kind of continue on amongst kind of keeping these complex technologies together. >>Aj, that's a great call out. I was gonna mention ease of use is and self-service, big part of the developer and IT experience expected, it's the table stakes, love the analytic angle. I think that brings the scale to the table and faster time to value to get to learn best practices. But the end of the day automation, cross cloud protection and security to protect and recover. This is huge and this is big part of not only just protecting against ransomware and other things, but really being fast and being agile. So really appreciate the insights. Thanks for sharing on this segment, really under the hood and really kind of the value of of the product. Thanks for coming on. Appreciate it. >>Thank you very much. >>Okay, there it is. You got the experts talking about under the hood, the product, the value, the future of what's going on with Druva and the future of cloud native protecting and recovering. This is what it's all about. It's not just ransomware they have to worry about. In a moment, Dave Ante will give you some closing thoughts on the subject here you're watching the cube, the leader in high tech enterprise coverage. >>As organizations migrate their business processes to multi-cloud environments, they still face numerous threats and risks of data loss. With a growing number of cloud platforms and fragmented applications, it leads to an increase in data silos, sprawl, and management complexity. As workloads become more diverse, it's challenging to effectively manage data growth infrastructure, and resource costs across multiple cloud deployments. Using numerous backup vendor solutions for multiple cloud platforms can lead to management complexity. More importantly, the lack of centralized visibility and control can leave you exposed to security vulnerabilities, including ransomware that can cripple your business. The dr. A Data Resiliency Cloud is the only 100% SAS data resiliency platform that provides centralized, secure air gapped and immutable backup and recovery. With dva, your data is safe with multiple layers of protection and is ready for fast recovery from cyber attack, data corruption, or accidental data loss. Through a simple, easy to manage platform, you can seamlessly protect fragmented, diverse data at scale, across public clouds and your business critical SaaS applications. Druva is the only 100% SAS fender that can manage, govern, and protect data across multiple clouds and business critical SAS applications. It supports not just backup and recovery, but also data resiliency across high value use cases such as e-discovery, sensitive data governance, ransomware, and security. No other vendor can match Druva for customer experience, infinite scale storage optimization, data immutability and ransomware protection. The DVA data resiliency cloud your data always safe, always ready. Visit druva.com today to schedule a free demo. >>One of the big takeaways from today's program is that in the scramble to keep business flowing over the past two plus years, a lot of good technology practices have been put into place, but there's much more work to be done specifically because the frequency of attacks is on the rise and the severity of lost, stolen, or inaccessible data is so much higher. Today, business resilience must be designed into architectures and solutions from the start. It cannot be an afterthought. Well, actually it can be, but you won't be happy with the results. Now, part of the answer is finding the right partners, of course, but it also means taking a systems' view of your business, understanding the vulnerabilities and deploying solutions that can balance cost efficiency with appropriately high levels of protection, flexibility, and speed slash accuracy of recovery. You know, we hope you found today's program useful and informative. Remember, this session is available on demand in both its full format and the individual guest segments. All you gotta do is go to the cube.net and you'll see all the content, or you can go to druva.com. There are tons of resources available, including analyst reports, customer stories. There's this cool TCO calculator. You can find out what pricing looks like and lots more. Thanks for watching why Ransomware isn't your only problem Made possible by dva, a collaboration with IDC and presented by the Cube, your leader in enterprise and emerging tech coverage.

>>The past two and a half years have seen a dramatic change in the security posture of virtually all organizations. By accelerating the digital business mandate, the isolation economy catalyzed a move toward cloud computing to support remote workers. This, we know this had several ripple effects on CISO and CIO strategies that were highly visible at the board of directors level. Now, the first major change was to recognize that the perimeter had suddenly been vaporized protection. As a result moved away from things like perimeter based firewalls toward more distributed endpoints, cloud security, and modern identity management. The second major change was a heightened awareness of the realities of ransomware. Ransomware as a service, for example, emerges a major threat where virtually anyone with access to critical data and criminal intentions could monetize corporate security exposures. The third major change was a much more acute understanding of how data protection needed to become a fundamental component of cybersecurity strategies. >>And more specifically, CIOs quickly realized that their business resilient strategies were too narrowly DR focused that their DR approach was not cost efficient and needed to be modernized. And that new approaches to operational resilience were needed to reflect the architectural and business realities of this new environment. Hello and welcome to Why Ransomware isn't your Only Problem, a service of the Cube made possible by dva. And in collaboration with idc. I'm your host, Dave Ante, and today we're present a three part program. We'll start with the data. IDC recently conducted a global survey of 500 business technology practitioners across 20 industries to understand the degree to which organizations are aware of and prepared for the threats they face. In today's new world, IDC Research Vice President Phil Goodwin is here to share the highlights of the study and summarize the findings from a recent research report on the topic. >>After that, we're gonna hear from Curtis Preston, who's the Chief Technical Evangelist at Druva. I've known Curtis for decades. He's one of the world's foremost experts on backup and recovery, specifically in data protection. Generally. Curtis will help us understand how the survey data presented by IDC aligns with the real world findings from the field, from his point of view. And he'll discuss why so many organizations have failed to successfully recover from an attack without major pains and big costs, and how to avoid such operational disruptions and disasters. And then finally, we'll hear from the technical experts at dva, Steven Manly and Anja Serenas. Steven is a 10 time cubo and Chief technology officer at dva, and Anjan is vice president and general manager of product management at the company. And these individuals will specifically address how DVA is closing the gaps presented in the IDC survey through their product innovation. Or right now I'm gonna toss it to Lisa Martin, another one of the hosts for today's program. Lisa, over to you. >>Bill Goodwin joins me next, the VP of research at idc. We're gonna be breaking down what's going on in the threat landscape. Phil, welcome to the program. It's great to have you back on the cube. >>Hey, Lisa, it's great to be here with you. >>So talk to me about the state of the global IT landscape as we see cyber attacks massively increasing, the threat landscape changing so much, what is IDC seeing? >>You know, you, you really hit the, the top topic that we find from IT organizations as well as business organizations. And really it's that digital resilience that that ransomware that has everybody's attention and it has the attention not just of the IT people, but of the business people alike, because it really does have profound effects across the organization. The other thing that we're seeing, Lisa, is really a move towards cloud. And I think part of that is driven by the economics of cloud, which fundamentally changed the way that we can approach disaster recovery, but also is accelerated during the pandemic for all the reasons that people have talked about in terms of work from home and so on. And then really the third thing is the economic uncertainty. And this is relatively new for 2022, but within idc we've been doing a lot of research around what are those impacts going to be. And what we find people doing is they want greater flexibility, they want more cost certainty, and they really want to be able to leverage those cloud economics to be, have the scale, upper scale, down on demand nature of cloud. So those are in a nutshell, kind of the three things that people are looking at. >>You mentioned ransomware, it's a topic we've been talking about a lot. It's a household word these days. It's now Phil, no longer if we're gonna get attacked. It's when it's how often it's the severity. Talk about ransomware as a priority all the way up the stack to the C-suite. And what are they trying to do to become resilient against it? >>Well, what, what some of the research that we did is we found that about 77% of organizations have digital resilience as a, as a top priority within their organization. And so what you're seeing is organizations trying to leverage things to become more, more resilient, more digitally resilient, and to be able to really hone in on those kinds of issues that are keeping keeping them awake at night. Quite honestly, if you think about digital resilience, it really is foundational to the organization, whether it's through digital transformation or whether it's simply data availability, whatever it might happen to be. Digital resilience is really a, a large umbrella term that we use to describe that function that is aimed at avoiding data loss, assuring data availability, and helping the organization to extract value from their data >>And digital resilience, data resilience as every company these days has to be a data company to be competitive, digital resilience, data resilience. Are you using those terms interchangeably or data resilience to find as something a little bit different? >>Well, sometimes yeah, that we do get caught using them when, when one is the other. But data resilience is really a part of digital resilience, if you think about the data itself and the context of of IT computing. So it really is a subset of that, but it is foundational to IT resilience. You, you really, you can't have it resilience about data resilience. So that, that's where we're coming from on it >>Inextricably linked and it's becoming a corporate initiative, but there's some factors that can complicate digital resilience, data resilience for organizations. What are some of those complications that organizations need to be aware of? >>Well, one of the biggest is what, what you mentioned at the, at the top of the segment and, and that is the, the area of ransomware, the research that we found is about 46% of organizations have been hit within the last three years. You know, it's kind of interesting how it's changed over the years. Originally being hit by ransomware had a real stigma attached to it. Organizations didn't want to admit it, and they really avoided confronting that. Nowadays, so many people have been hit by it, that that stigma has gone. And so really it is becoming more of a community kind of effort as people try to, to defend against these ransoms. The other thing about it is it's really a lot like whackamole. You know, they attack us in one area and and, and we defend against it. They, so they attack us in another area and we defend against it. >>And in fact, I had a, an individual come up to me at a show not long ago and said, You know, one of these days we're gonna get pretty well defended against ransomware and it's gonna go away. And I responded, I don't think so because we're constantly introducing new systems, new software, and introducing new vulnerabilities. And the fact is ransomware is so profitable, the bad guys aren't gonna just fade into the night without giving it a a lot of fight. So I really think that ransomware is one of those things that here is here for the long term and something that we, we have to address and have to get proactive about. >>You mentioned some stats there and, and recently IDC and DVA did a white paper together that really revealed some quite shocking results. Talk to me about some of the things. Let, let's talk a little bit about the demographics of the survey and then talk about what was the biggest finding there, especially where it's concern concerning ransomware. >>Yeah, this, this was a worldwide study. It was sponsored by DVA and conducted by IDC as an independent study. And what we did, we surveyed 500 is a little over 500 different individuals across the globe in North America select countries in in western Europe, as well as several in, in Asia Pacific. And we did it across industries with our 20 different industries represented. They're all evenly represented. We had surveys that included IT practitioners, primarily CIOs, CTOs, VP of of infrastructure, you know, managers of data centers, things like that. And the, and the biggest finding that we had in this, Lisa, was really finding that there is a huge disconnect, I believe, between how people think they are ready and what the actual results are when they, when they get attacked. Some of the, some of the statistics that we learned from this, Lisa, include 83% of organizations believe or tell, told us that they have a, a playbook that, that they have for ransomware. >>I think 93% said that they have a high degree or a high or very high degree of confidence in their recovery tools and, and are fully automated. And yet when you look at the actual results, you know, I told you a moment ago, 46% have been attacked successfully. I can also tell you that in separate research, fewer than a third of organizations were able to fully recover their data without paying the ransom. And some two thirds actually had to pay the ransom. And even when they did, they didn't necessarily achieve their full recovery. You know, the bad guys aren't, aren't necessarily to be trusted. And, and so the software that they provide sometimes is, is fully recovered, sometimes it's not. So you look at that and you go, Wow. On, on the one hand people think they're really, really prepared and on the other hand the results are, are absolutely horrible. >>You know, two thirds of people having, having to pay their ransom. So you start to ask yourself, well, well, what is, what's going on there? And I believe that a lot of it comes down to, kind of reminds me of the old quote from Mike Tyson. Everybody has a plan until they get punched in the mouth. And I think that's kind of what happens with ransomware. You, you think you know what you're, you're doing, you think you're ready based on the information you have. And these people are smart people and, and they're professionals, but oftentimes you don't know what you don't know. And like I say, the bad guys are always dreaming up new ways to attack us. And so I think for that reason, a lot of these have been successful. So that was kind of the key finding to me in kind of the aha moment really in this whole thing. Lisa, >>That's a massive disconnect with the vast majority saying we have a cyber recovery playbook, yet nearly half being the victims of ransomware in the last three years and then half of them experiencing data loss. What is it then that organizations in this situation across any industry can do to truly enable cyber resilience data resilience as it's, as we said, this is a matter of this is gonna happen just a matter of when and how often >>It it is a matter, Yeah, as you said, it's not if when or, or how often. It's really how badly. So I think what organizations are really do doing now is starting to turn more to cloud-based services. You know, finding professionals who know what they're doing, who have that breadth of experience and who have seen the kinds of, of necessary steps that it takes to do a recovery. And the fact of the matter is a disaster recovery and a cyber recovery are really not the same thing. And so organizations need to be able to, to plan the kinds of recovery associated with cyber recovery in terms of forensics, in terms of, of scanning, in terms of analysis and so forth. So they're, they're turning to professionals in the cloud much more in order to get that breadth of experience and, and to take advantage of cloud based services that are out there. >>Talk to me about some of the key advantages of cloud-based services for data resilience versus traditional legacy on-prem equipment. What are some of the advantages? Why are is IDC seeing this big shift to cloud where, where data resilience is concerned? >>Well, the first and foremost is the economics of it. You know, you can, you can have on demand resources. And in the old days when we had disaster recoveries where there we had two different data centers and a failover and so forth, you know, you had double the infrastructure. If your financial services, it might even be triple, the infrastructure is very complicated, very difficult by going to the cloud. Organizations can subscribe to disaster recovery as a service. It increasingly what we see is a new market of cyber recovery as a service. So being able to leverage those resources to be able to have the forensic analysis available to them, to be able to have the other resources available that are on demand, and to have that plan in place to have those resources in place. I think what happens in a number of situations, Lisa, is that that organizations think they're ready, but then all of a sudden they get hit and all of a sudden they have to engage with outside consultants or they have to bring in other experts and that, and that extends the time to recover that they have and it also complicates it. >>So if they have those resources in place, then they can simply turn them on, engage them, and get that recover going as quickly as possible. >>So what do you think the big issue here is, is it that these, these I p T practitioners over 500 that you surveyed across 20 industries is a global survey? Do they not know what they don't know? What's the the overlying issue here? >>Yeah, I think that's right. It's, you don't know what you don't know and until you get into a specific attack, you know, there, there are so many different ways that, that organizations can be attacked. And in fact, from this research that we found is that in many cases, data exfiltration exceeds data corruption by about 50%. And when you think about that, the, the issue is, once I have your data, what are you gonna do? I mean, there's no amount of recovery that is gonna help. So organizations are either faced with paying the ransom to keep the data from perhaps being used on the dark web or whatever, or simply saying no and, and taking their chances. So best practice things like encryption, immutability, you know, things like that that organizations can put into place. Certainly air gaps. Having a, a solid backup foundation to, to where data is you have a high recovery, high probability of recovery, things like that. Those are the kinds of things that organizations have to put into place really is a baseline to assure that they can recover as fast as possible and not lose data in the event of a ransomware attack. >>Given some of the, the, the disconnect that you articulated, the, the stats that show so many think we are prepared, we've got a playbook, yet so many are being, are being attacked. The vulnerabilities and the, and the, as the, the landscape threat landscape just gets more and more amorphous. Why, what do you recommend organizations? Do you talk to the IT practitioners, but does this go all the way up to the board level in terms of, hey guys, across every industry we are vulnerable, this is gonna happen, we've gotta make sure that we are truly resilient and proactive? >>Yes, and in fact, what we found from this research is in more than half of cases, the CEO is directly involved in the recovery. So this is very much a C-suite issue. And if you look at the, the, the consequences of ransom where it's not just the ransom, it's the loss productivity, it's, it's the loss of, of revenue, it's, it's the loss of, of customer faith and, and, and goodwill and organizations that have been attacked have, have suffered those consequences. And, and many of them are permanent. So people at the board level where it's, whether it's the ceo, the cfo, the cio, the c cso, you know, whoever it is, they're extremely concerned about these. And I can tell you they are fully engaged in addressing these issues within their organization. >>So all the way at the top critically important, business critical for any industry. I imagine some industries may be a little bit more vulnerable than others, financial services, healthcare, education, we've just seen big attack in Los Angeles County. But in terms of establishing data resilience, you mentioned ransomware isn't going anywhere, it's a big business business, it's very profitable. But what is IDCs prediction where ransomware is concerned? Do you think that organizations, if they truly adopt cloud and status based technologies, can they get to a place where the C-suite doesn't have to be involved to the point where they're, they really actually have i i functioning playbook? >>I i, I don't know if we'll ever get to the point where the CCC C suite is not involved. It's probably very important to have that, that level of executive sponsorship. But, but what we are seeing is, in fact we predicted by 20 25, 50 5% of organizations we'll have shifted to a cloud centric strategy for their data resilience. And the reason we say that is, you know, workloads on premises aren't going away. So that's the core. We have an increasing number of workloads in the cloud and, and at the edge, and that's really where the growth is. So being able to take that cloud centric model and take advantage of, of cloud resources like immutable storage, being able to move data from region to region inexpensively and easily and, and to be able to take that cloud centric perspective and apply it on premises as well as in the cloud and at the edge is really where we believe that organizations are shifting their focus. >>Got it. We're just cracking the surface here. Phil, I wish we had more time, but I had a chance to read the Juba sponsored IDC White paper. Fascinating finds. I encourage all of you to download that. Take a read, you're gonna learn some very interesting statistics and recommendations for how you can really truly deploy data resilience in your organization. Phil, it's been a pleasure to have you on the program. Thank you for joining >>Me. No problem. Thank you, Lisa. >>In a moment, John Furrier will be here with his next guest. For right now, I'm Lisa Martin and you are watching The Cube, the leader in live tech coverage.

>> Male: TheCUBE presents, UIPATH, Forward 5 brought to you by, UIPATH. >> Okay the party has started here at forward 5 UIPATH big customer event if you're watching the cube. We're wrapping up day one with the co-CE0 segment. Daniel Dines is here. He's the founder and Co-CEO of UIPATH and Rob Enslin, is co-CEO. Gents, great to see you. Thanks for spending some time with us. I know you're super busy. >> Thanks Dave. >> So I've been looking forward to this. Daniel you know I've followed the company for a long time. The really interesting path you took, to get to where you are today. How did you guys meet? And why did you decide to hire Rob? >> Male: (laughs) >> Rob: Well let me start. I uh, I was looking for a partner. Actually, in our work to your stand here, we are talking about how, how you feel in this job. You feel so alone. Because you are the center of all pressure points. And having a partner, having someone that has your back, it's kind of awesome. So I was looking for a partner. And our current friend, Carl Escenbach, he introduced us to each other, and we instantly clicked. And this is the type of job where it's uh either work well or it doesn't. It cannot be anything in the middle. >> Right, okay with Carl, we know Carl well. Awesome operator. Knows the business super well. So Rob, what attracted you to UIPATH? You had a great situation at google. You guys were growing like crazy. Why did you decide to come here? What did you see that attracted you? >> Yeah you know when I, when I went to google, I went to google because I really believed that data and AI was necessary for companies. And business is to be competitive in the future. And we did some great stuff at google cloud in the 3 years. But I knew UIPATH from a couple of years ago when they were mainly a RPA space. And I just felt that there was a place in time when automation was going expand. And as I sat down with Carl a couple of times, spoke to carl. And then I sat down with Daniel, I knew that there was something special with UIPATH, that could be a generational opportunity. Not any for myself but for the company in the future. And then I, you know I got to know Daniel. And at this stage of my career I was like, I'm pretty fussy about what I want to do and what I want and where I want to go. First of all, I want to go to a company that had great product, had a great culture, and I wanted to work with somebody that we could shake the future together and you know, Daniel and I just hit it off from the very first time we met. He got to meet my family, my dogs and we did the whole, we did the whole courting thing before we actually decided this was going to be a good thing for both of us. >> Dave: That's good. >> Rob: Yeah. >> Dave: You got to meet the family. That's very good. >> We just had, John Furrier and I just had, Mohit Aron and Sanjay Poonen into out studio. Cause Mohit, you know, formal google. Long time. And they decided to kind of split duties. Mohit's going into product, he didn't keep his CEO title. He walked. How are you guys splitting you time? What are each of you going to, responsible for? >> Daniel: Well its, its kind of similar. On a day by day operation I, I rely heavily on Rob. We do it together. Strategic decisions about the company's destiny. I'm doing mostly the product these days. Which is a big relief for me. And I think we also split a bit of customers visit. Which is great. I still enjoy meeting customers. I need, customers are food for my cause. >> Dave: (laughs) yeah and your awesome product visionary. You've been there since day one. Now Rob, you said in the key note today that you've seen around about a hundred customers. You've transverse the world. What did you learn from them that informed you? That gave you confidence that the the move to the internet platform, even though you had already started that. >> Male: Yeah. >> But you're really doubling down on that >> Rob: You know when I... >> from a stand point. >> Rob: You know Dave, when you think about it, like I was, I was so impressed that Daniel had the vision to create a platform 3 years ago. >> Dave: Yeah. >> All right. And as we went around the world. As I went around the world, and it was one of the very first things I've seen. I've got to understand how customers see UIPATH, from their advantage point. What are they looking for from us? Why is this company, why doe customers like this company so much? And as I went around the world. I went to Asia a couple, I went to Asia, Australia, Singapore, Japan. I was in Europe twice. We did the trip together. We went to visit customers. And it was very much the same thing. Helps us expand automation faster. And we are so surprise, at the break of your platform. We never knew that. And so it kind of just had, for me, it was conviction. It's like, this walls is the right decision you've made. There's so much opportunity there. And that's, you know that's kind of what I've learned through the last four five months. >> Dave: Now as you know Daniel, I've written a lot about your company. One of the things I've said is that, that start ups, if I can call you that back pre-IPO, typically don't have as much international exposure as UIPATH had. I mean you sort of, you sort of started as an international company and became more US centric. You said, in the, in the key note today, you're talking to Ray Wong about people may don't understand that challenges of FX. Point being, when you convert international dollars into US dollars there are less of them cause the dollars stronger. But still, I've always felt like that international footprint is an advantage. Rob you came from SAP, you know, again European based company. I don't, (stutters), do you regret that? Now? I mean I know it's technical, I'm sure you don't, but talk about that sort of international exposure? Why that's a long term benefit. >> Well, you, first of all, you expand faster. I think we expanded faster than our competition because our global footprint was larger. And we had the courage. Go in Japan, for instance. Everybody told me, it's impossible to make for such a small starter. It's impossible to make a business in Japan. But we didn't believe it. We're just crazy and we went there, and be built a very sizable business in Japan. Fifty-five percent of our revenue, even today, it's outside U.S. Now of course that has a down side. When uh, When the local currencies, you know, are losing the value compared to the dollars, we're impacted. As we go to... to investors, until now, so we are seeing like a (indistinct) in terms of ARI. It's huge. Only because (indistinct) and losing the business in Russia. But it still, it's the strength of our company. Things will come back. And then, you know, the growth engine will re-accelerate again. >> Dave: Yeah but when the dollars weakens that'll be in your favor. Rob I want to pick up on something you said today in your keynote. You went back and started, you know the cycles of ERP and you know, internet, et cetera. I kind of have a love hate with ERP. I have to be honest. >> Male: (laughing) >> But it, but but (chuckles) but if I go back to that. Late eighties nineties, you wouldn't have be able to pick SAP as the winner. And then SAP emerged. You know, very clearly. But the more interesting thing, is that the customers who are implementing ERP well. The practitioners did better than their peers, and dominated their industries. And their stocks went up. Their evaluations went up. Different worlds obviously but, do you see the same thing happening with RPA and automation? What gives you confidence that that's the case? >> I absolutely do see the same thing happening with automation and RPA being a part of, in being a part of that. The reason, the reason I believe that is speed is so critical. (stutters) And if you think about how hard it is for a CIO or a c level executive to consume the technology coming at them, plus all the changes in the world being thrown at them. It's compiling and compiling and compiling. We have an incredible solution, that can help companies. And there comes certain times, the love outcomes to the business. Like no one else gets. And when I see that, I view that as just like the beginning of what's going to happen in the future so, in many ways, and I've said this to many of my friends, it feels like 1992, 1993 to me. And it's interesting because no one really understood then why SAP would be great in 1992 and 93. And they got a couple of things right. They got the eco system right. Their new partners were important. And the knew they needed to drive business outcome for companies, in which they did. And so I feel like we are in a very similar place. Very different technology obviously. And the speed of change now is so dramatic, compared to what it was. And there's very few technology that can provide that level of speed and accomodation to their customers. >> All right, let's talk about priorities. You guys got a lot of work to do and you've, you've laid it out to the financial community. You've got to have profitable growth, because of FX, it part, you've lowered your forecast. But I think there's some conservative in their as well. Um, but you got to do that balance. You've given some guidance on gross margins. Cloud maybe brings that down a little bit. RnD I saw wide range. Thirteen to seventeen percent. I hope you keep spending on RnD. Big fan of that. You know stock buybacks and, RnD if in your position are going to be better. And the product priorities, continue to build that out. But question, let's start with the product. So you've got an on-prem stack and you've got a cloud stack that's emerging, how do you balance those out? How do you do the integration? You've done a great job with the integration. Does it, are you concerned about your ability to continue to work at that speed with two code bases? I wonder if you could address that? >> Daniel: We've become a cloud first company. We deliver all of our products first in the cloud. We've deliver on the two week (indistinct) in the cloud. So that helps us integrate quite fast. I think we made a very good business decision to build our cloud team in Seattle. In Bellevue to be specific. And we have access to great talent that knows how to build serious cloud service. Which is hard to find dollar. And uh, so, and also we, we have, we benef- one of our only benefits was, we have the really good architecture. We have an architecture that work easily on-prem and on the cloud. And even today, our work flow foundation, our local designers, were easy to modernize. So right now we are launching studio weapon. But behind the scene, it's the same workflow engine. Our customers don't have to rewrite anything. It just works. And it does the same to take our own brand product and brand it in the multicloud. So, it's, there is no friction at all. Actually cloud is just helping us accelerate. But we benefit then again of a really solid architectural foundation. >> Daniel: Architecture matters. We've seen that in this industry. We got the B52s rocking out in the background, I love it, but I've got so many questions for you guys. I want to talk about the go to market. Because Rob, it's obviously a strength of yours. You've come in. You've communicated to the street, that you're reshaping the sales floors. Are they lowering the ratios of sales? People, the customers at the high end, mid range as well, using digital. I mean the numbers are one to ten now. At the top. One to maybe fifty at the mid range. Where are you in terms of that journey? You've got to find people, you got to train them, how do you get the productivity out of those guys? Take us through your thinking there? >> Rob: Yeah firstly, I think we have enough resources. Having resources is not an issue. Um, we have an incredible vehicle to acquire customers inside the company. Our digital sales motion, it's probably the best I've seen. And so we have the ability to acquire customers really fast. And we get the first workload in really fast. The challenge is we need to, we need to be able to drive a (indistinct) model and we graduate customs when we acquire them into the direct sales floors. And then direct sales floors, we're not going to go one to thirty, we're talking one to ten for the direct sales floor. And even the high up in the pyramid, we want to have an even denser model than that. And the whole purpose is to drive the time to consumption much quicker, much faster. So we know exactly if we acquire a customer, will they spend? Do they have a (indistinct) spend? On what level do they have a (indistinct) spend? And therefore when we capture them, we can immediately surround them, and put the right resources so we can grow faster. We think this will have a significant impact on the organization. We'll start to implement certain pieces in the next quarter. Um, things like packaging solutions. Putting them in, enabling the sales organization. And buy the beginning of next year, we'll be ready to actually go full board, globally. We already put some pieces in place when I joined. Chris Weber, my chief business officer, did a great job doing some of those pieces. So we're on the journey already. >> Dave: Yeah and even before you guys were public and you weren't publishing your NRR numbers. Our ETR survey partner, we, we always thought you had very low churn. And I think you broke out just yesterday. The, the NRR for overseas vs U.S, U.S I think was 140 plus percent. >> Male: Yeah >> Very very strong. A little, a little less overseas but the churn is still very low. >> Male: Yep. >> Okay so that's super positive. Customer affinity, I was wanted to code these events. I listen to the key notes very carefully, and then interview customers on the cube, and I try to identify, is there alignment there? And I see very strong alignment, I have to say, and strong customer affinity. So that's in your favor. I have, Daniel, I got another question for you on product. What is Symantec automation? What the heck is that? Can you explain that? I don't understand >> Dave, have you seen the demo in my (indistinct)? >> Dave: You know, I had to leave and do interviews, so I, uh, I missed it. >> I think, I think that demo answer complete your question. So in the s-, you know there saying that great, you can not distinguish great technology by magic. I think technology should be simple. And we, we show today, one of the simplest demo that you can imagine. But it's so, such a complex technology behind the scene, that you also can not imagine. So what was demo? We show how one business user, without any technical skills, can build any type of document. Can be a passport, can be an invoice, can be a legal (indistinct), and just go, "I want to copy data from here, and I want to paste data there". Can be a spreadsheet, can be another obligation, and like a human user, without understanding, without having prior knowledge about data, document layout, about screens, screens layouts, nothing, we analyze real time. Document. We discover, we discover the meaning of the information. We analyze the screen. We understand the screen but we understand the meaning of the screen. And we understand how the information in one side relate to the other side. And we just connects the dots and we copy the information and we paste it. A job that you'll do as a human user, maybe three minutes, is done in ten seconds. This is powerful. >> Yeah that is powerful. Thank you for that. I mean, and you take the date, whether it's transaction data or unstructured data and and and bring meaning out of it. That's powerful. Last question and I'll let you guys go. Rob, you got traders, and you've got long term investors. All right traders going to be defensive, today. I get that. Make the case for UIPATH, for long term investors. >> Rob: I think we're going to be a multi-gern- multi-billion company and we're going to be a generational company of our time. And we will define enterprise automation. And it's going to be a long term game and we feel like really strong that we'll be the lead in that game. >> Dave: Guys, thanks so much for coming to the cube. Great show. Always fun at UiPath Forward. Really appreciate your time. Thank you. >> Thanks dave. >> Appreciate it as well. >> Okay wrap it up, day one, we're here tomorrow, first thing, Dave Vellante and Dave Nicholson. Thanks for watching, forward 5, Uipath big customer event, we'll see you tomorrow. (music)

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

(light music) >> Hello, and welcome to theCUBE's special presentation with Horizon3.ai with Rainer Richter, Vice President of EMEA, Europe, Middle East and Africa, and Asia Pacific, APAC Horizon3.ai. Welcome to this special CUBE presentation. Thanks for joining us. >> Thank you for the invitation. >> So Horizon3.ai, driving global expansion, big international news with a partner-first approach. You guys are expanding internationally. Let's get into it. You guys are driving this new expanse partner program to new heights. Tell us about it. What are you seeing in the momentum? Why the expansion? What's all the news about? >> Well, I would say in international, we have, I would say a similar situation like in the US. There is a global shortage of well-educated penetration testers on the one hand side. On the other side, we have a raising demand of network and infrastructure security. And with our approach of an autonomous penetration testing, I believe we are totally on top of the game, especially as we have also now starting with an international instance. That means for example, if a customer in Europe is using our service, NodeZero, he will be connected to a NodeZero instance, which is located inside the European Union. And therefore, he doesn't have to worry about the conflict between the European GDPR regulations versus the US CLOUD Act. And I would say there, we have a total good package for our partners that they can provide differentiators to their customers. >> You know, we've had great conversations here on theCUBE with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company. And obviously, I can just connect the dots here, but I'd like you to weigh in more on how that translates into the go-to-market here because you got great cloud scale with the security product you guys are having success with. Great leverage there, I'm seeing a lot of success there. What's the momentum on the channel partner program internationally? Why is it so important to you? Is it just the regional segmentation? Is it the economics? Why the momentum? >> Well, there are multiple issues. First of all, there is a raising demand in penetration testing. And don't forget that in international, we have a much higher level number or percentage in SMB and mid-market customers. So these customers, typically, most of them even didn't have a pen test done once a year. So for them, pen testing was just too expensive. Now with our offering together with our partners, we can provide different ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with a traditional manual pen test, and that is because we have our Consulting PLUS package, which is for typically pen testers. They can go out and can do a much faster, much quicker pen test at many customers after each other. So they can do more pen test on a lower, more attractive price. On the other side, there are others or even the same one who are providing NodeZero as an MSSP service. So they can go after SMP customers saying, "Okay, you only have a couple of hundred IP addresses. No worries, we have the perfect package for you." And then you have, let's say the mid-market. Let's say the thousand and more employees, then they might even have an annual subscription. Very traditional, but for all of them, it's all the same. The customer or the service provider doesn't need a piece of hardware. They only need to install a small piece of a Docker container and that's it. And that makes it so smooth to go in and say, "Okay, Mr. Customer, we just put in this virtual attacker into your network, and that's it and all the rest is done." And within three clicks, they can act like a pen tester with 20 years of experience. >> And that's going to be very channel-friendly and partner-friendly, I can almost imagine. So I have to ask you, and thank you for calling out that breakdown and segmentation. That was good, that was very helpful for me to understand, but I want to follow up, if you don't mind. What type of partners are you seeing the most traction with and why? >> Well, I would say at the beginning, typically, you have the innovators, the early adapters, typically boutique-size of partners. They start because they are always looking for innovation. Those are the ones, they start in the beginning. So we have a wide range of partners having mostly even managed by the owner of the company. So they immediately understand, okay, there is the value, and they can change their offering. They're changing their offering in terms of penetration testing because they can do more pen tests and they can then add others ones. Or we have those ones who offered pen test services, but they did not have their own pen testers. So they had to go out on the open market and source pen testing experts to get the pen test at a particular customer done. And now with NodeZero, they're totally independent. They can go out and say, "Okay, Mr. Customer, here's the service. That's it, we turn it on. And within an hour, you are up and running totally." >> Yeah, and those pen tests are usually expensive and hard to do. Now it's right in line with the sales delivery. Pretty interesting for a partner. >> Absolutely, but on the other hand side, we are not killing the pen tester's business. We are providing with NodeZero, I would call something like the foundational work. The foundational work of having an ongoing penetration testing of the infrastructure, the operating system. And the pen testers by themselves, they can concentrate in the future on things like application pen testing, for example. So those services, which we are not touching. So we are not killing the pen tester market. We are just taking away the ongoing, let's say foundation work, call it that way. >> Yeah, yeah. That was one of my questions. I was going to ask is there's a lot of interest in this autonomous pen testing. One because it's expensive to do because those skills are required are in need and they're expensive. (chuckles) So you kind of cover the entry-level and the blockers that are in there. I've seen people say to me, "This pen test becomes a blocker for getting things done." So there's been a lot of interest in the autonomous pen testing and for organizations to have that posture. And it's an overseas issue too because now you have that ongoing thing. So can you explain that particular benefit for an organization to have that continuously verifying an organization's posture? >> Certainly. So I would say typically, you have to do your patches. You have to bring in new versions of operating systems, of different services, of operating systems of some components, and they are always bringing new vulnerabilities. The difference here is that with NodeZero, we are telling the customer or the partner the package. We're telling them which are the executable vulnerabilities because previously, they might have had a vulnerability scanner. So this vulnerability scanner brought up hundreds or even thousands of CVEs, but didn't say anything about which of them are vulnerable, really executable. And then you need an expert digging in one CVE after the other, finding out is it really executable, yes or no? And that is where you need highly-paid experts, which where we have a shortage. So with NodeZero now, we can say, "Okay, we tell you exactly which ones are the ones you should work on because those are the ones which are executable. We rank them accordingly to risk level, how easily they can be used." And then the good thing is converted or in difference to the traditional penetration test, they don't have to wait for a year for the next pen test to find out if the fixing was effective. They run just the next scan and say, "Yes, closed. Vulnerability is gone." >> The time is really valuable. And if you're doing any DevOps, cloud-native, you're always pushing new things. So pen test, ongoing pen testing is actually a benefit just in general as a kind of hygiene. So really, really interesting solution. Really bringing that global scale is going to be a new coverage area for us, for sure. I have to ask you, if you don't mind answering, what particular region are you focused on or plan to target for this next phase of growth? >> Well, at this moment, we are concentrating on the countries inside the European Union plus United Kingdom. And of course, logically, I'm based in the Frankfurt area. That means we cover more or less the countries just around. So it's like the so-called DACH region, Germany, Switzerland, Austria, plus the Netherlands. But we also already have partners in the Nordic, like in Finland and Sweden. So we have partners already in the UK and it's rapidly growing. So for example, we are now starting with some activities in Singapore and also in the Middle East area. Very important, depending on let's say, the way how to do business. Currently, we try to concentrate on those countries where we can have, let's say at least English as an accepted business language. >> Great, is there any particular region you're having the most success with right now? Sounds like European Union's kind of first wave. What's the most- >> Yes, that's the first. Definitely, that's the first wave. And now with also getting the European INSTANCE up and running, it's clearly our commitment also to the market saying, "Okay, we know there are certain dedicated requirements and we take care of this." And we are just launching, we are building up this one, the instance in the AWS service center here in Frankfurt. Also, with some dedicated hardware, internet, and a data center in Frankfurt, where we have with the DE-CIX, by the way, the highest internet interconnection bandwidth on the planet. So we have very short latency to wherever you are on the globe. >> That's a great call out benefit too. I was going to ask that. What are some of the benefits your partners are seeing in EMEA and Asia Pacific? >> Well, I would say, the benefits for them, it's clearly they can talk with customers and can offer customers penetration testing, which they before even didn't think about because penetration testing in a traditional way was simply too expensive for them, too complex, the preparation time was too long, they didn't have even have the capacity to support an external pen tester. Now with this service, you can go in and even say, "Mr. Customer, we can do a test with you in a couple of minutes. We have installed a Docker container. Within 10 minutes, we have the pen test started. That's it and then we just wait." And I would say we are seeing so many aha moments then. On the partner side, when they see NodeZero the first time working, it's like they say, "Wow, that is great." And then they walk out to customers and show it to their typically at the beginning, mostly the friendly customers like, "Wow, that's great, I need that." And I would say the feedback from the partners is that is a service where I do not have to evangelize the customer. Everybody understands penetration testing, I don't have to describe what it is. The customer understanding immediately, "Yes. Penetration testing, heard about that. I know I should do it, but too complex, too expensive." Now for example, as an MSSP service provided from one of our partners, it's getting easy. >> Yeah, and it's great benefit there. I mean, I got to say I'm a huge fan of what you guys are doing. I like this continuous automation. That's a major benefit to anyone doing DevOps or any kind of modern application development. This is just a godsend for them, this is really good. And like you said, the pen testers that are doing it, they were kind of coming down from their expertise to kind of do things that should have been automated. They get to focus on the bigger ticket items. That's a really big point. >> Exactly. So we free them, we free the pen testers for the higher level elements of the penetration testing segment, and that is typically the application testing, which is currently far away from being automated. >> Yeah, and that's where the most critical workloads are, and I think this is the nice balance. Congratulations on the international expansion of the program, and thanks for coming on this special presentation. I really appreciate it. Thank you very much. >> You're welcome. >> Okay, this is theCUBE special presentation, you know, checking on pen test automation, international expansion, Horizon3.ai. A really innovative solution. In our next segment, Chris Hill, Sector Head for Strategic Accounts, will discuss the power of Horizon3.ai and Splunk in action. You're watching theCUBE, the leader in high tech enterprise coverage. (steady music)