>> Narrator: From theCube studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is theCube Conversation. >> Hey, welcome back, everybody. Jeff Frick here with theCube. We're still on our Palo Alto studios, we're still getting through COVID and we're still doing all of our remotes, all of our interviews via remote and I'm really excited to have a guest we had around a long time ago. I looked it up is 2016, April 2016. She's Coco Brown, the founder and CEO of the Athena Alliance. Coco, it's great to see you. >> It's great to see you as well. We actually formally started in April of 2016. >> I know, I saw, I noticed that on LinkedIn. So we were at the Girls in Tech Catalyst Conference in Phoenix, I remembers was a really cool conference, met a ton of people, a lot of them have turned out that are on your board. So yeah, and you formally on LinkedIn, it says you started in May. So that was right at the very, very beginning. >> Yeah, that's right. >> So for people that aren't familiar with the at the Athena Alliance give them the quick overview. >> Okay. Well, it's a little different that it was four years ago. So Athena first and foremost is a digital platform. So you literally log in to Athena. And we're a combination of community access to opportunity and learning. And so you can kind of envision it a little bit like a walled garden around the LinkedIn, meets Khan Academy for senior executives, meets Hollywood agency for women trying to get into the boardroom and senior level roles in the c-suite as advisors, et cetera. And then the way that we operate is you can have a self-service experience of Athena, you can have a concierge experience with Athena with real humans in the loop making key connections for you and you can add accelerators where we build brand packages and BIOS and give you executive coaching. So... >> Wow. >> Kind of a... >> You've built out your services portfolio over the last several years. But still the focus >> yes, we have. is boards, right? Still the focus is getting women on public boards, or is that no longer still the focus? >> No, that's a big piece of it for sure. I mean, one of the things that we discovered, that was the very first mission of Athena, was to bring more women into the boardroom. And as we were doing that we discovered that once you get into a senior realm of leadership in general, there's more things that you want to do than just get into the boardroom. Some of it may be wanting to be an investor or an LP in a fund or become a CEO, or certainly join outside boards but also be relevant to your own inside board. And so we started to look at Athena as a more holistic experience for senior leaders who are attempting to make sure that they are the best they can be in this very senior realm of overarching stewardship of business. >> Awesome. and have you seen, so obviously your your focus shifted 'cause you needed to add more services based on the demand from the customers. But have you seen the receptiveness to women board members change over the last four years? How have you seen kind of the marketplace change? >> Yeah, it's changed a lot, I would say. First of all I think laws like the California law and Goldman Sachs coming out saying they won't take companies public unless they have diverse board data. The statements by big entities that people are paying attention to made the boardroom dynamics a conversation around the dinner table in general. So it became more of a common conversation and common interest as opposed to just the interest of a few people who are trying to get in there. And so that's created a lot of momentum as well as sort of thoughtfulness from leaders and from employees and from larger stakeholders to say the diversity at the top business has to mimic the demographics of society as a whole. And that's become a little bit more accepted as opposed to grudgingly sort of taken in. >> Right. So one of the big problems always it's like the VC problem, right? Is the whole matchmaking problem. How do you, how do qualified people find qualified opportunities? And I wonder if you can speak a little bit as to how that process has evolved, how are you really helping because there's always people that are looking for quality candidates, and there's great quality candidates out there that just don't know where to go. How are you helping bridge kind of that kind of basic matchmaking function? >> Yeah. I mean, there's a couple of different ways to go about it. One is certainly to understand and have real connections into the parts of the leadership ecosystem that influences or makes the decision as to who sits around that table. So that would be communities of CEOs, it's communities of existing board directors, it's venture capital firms, its private equity firms, and as you get really entrenched in those organizations and those ecosystems, you become part of that ecosystem and you become what they turn to to say, "Hey, do you know somebody?" Because it still is a "who do yo know" approach at the senior most levels. So that's one way. The other mechanism is really for individuals who are looking for board seats who want to be on boards to actually be thinking about how they proactively navigate their way to the kinds of boards that they would fit to. I like in a very much to the way our children go after the schools that they might want to when it's time for university. You'll figure out who your safeties, your matches, your reaches are, and figure out how you're going to take six degrees of separation and turn them into one through connections. So those are that's another way to go about it. >> You know, it's interesting, I talked to Beth Stewart from True Star, they also help place women on boards. And one of the issues is just the turnover. And I asked that just straight up, are there formal mechanisms to make sure that people who've been doing business from way before there were things like email and the internet eventually get swapped out. And she said, that's actually a big part of the problem is there isn't really a formal way to keep things fresh and to kind of rotate the incumbents out to enable somebody who's new and maybe has a different point of view to come in. So I'm curious when someone is targeting their A-list and B-list and C-lists, how do they factor in kind of the age of the board composition of the existing board, to really look for where there's these opportunities where a spot opens up, 'cause if there's not a spot open up clearly, there's really not much opportunity there. >> Yeah, I mean, you have to look at the whole ecosystem, right? I mean, there's anything from let's say series A, venture backed private companies all the way up to the mega cap companies, right? And there's this continuum. And it's not, there's not one universal answer to what you're talking about. So for example, if you're talking about smaller private companies, you're competing against, not somebody giving up their seat, but whether or not the company feels real motivation to fill that particular independent director seat. So the biggest competition is often that that seat goes unfilled. When you're talking about public companies, the biggest competition is really the fact that as my friend Adam Epstein of the small cap Institute will tell you, that 80% of public companies are actually small cap companies. And they don't have the same kinds of pressures that large caps do to have turnover. But yeah, it takes a big piece of the challenge is really boards having the disposition collectively to see the board as a competitive advantage for the business as a very necessary and productive piece of the business and when they see that then they take more proactive measures to make sure they have a evolving and strong board that does turnover as it needs to. >> Right. So I'm curious when you're talking to the high power women, right, who are in operational roles probably most of the time, how do you help coach them, how should they be thinking, what do they have to do different when they want to kind of add board seats to their portfolio? Very different kind of a role than an operational role, very different kind of concerns and day to day tasks. So, and clearly, you've added a whole bunch of extra things to your portfolio. So how do you help people, what do you tell women who say, "Okay, I've been successful, "I'm like successful executive, "but now I want to do this other thing, "I want to take this next step in my career"? What usually the gaps and what are the things that they need to do to prepare for that? >> Well, I'm going to circle in then land a little bit. Autodesk was actually a really great partner to us back when you and I first met. They had a couple of women at the top of the organization that were part of Athena, specifically because they wanted to join boards. They are on boards now, Lisa Campbell, Amy Bunszel, Debbie Clifford. And what they told us is they were experiencing everything that we were offering in terms of developing them, helping them to position themselves, understand themselves, navigate their way, was that they simply became better leaders as a result of focusing on themselves as that next level up, irrespective of the fact that it took them two to three years to land that seat. They became stronger in their executive role in general and better able to communicate and engage with their own boards. So I think, now I'm landing, the thing that I would say about that is don't wait until you're thinking oh, I want to join a board, to do the work to get yourself into that ecosystem, into that atmosphere and into that mindset, because the sooner you do that as an executive, the better you will be in that atmosphere, the more prepared you will be. And you also have to recognize that it will take time. >> Right. And the how has COVID impacted it, I mean, on one hand, meeting somebody for coffee and having a face to face is a really important part of getting to know someone and a big part of I'm sure, what was the recruitment process, and do you know someone, yeah, let's go meet for a cup of coffee or dinner or whatever. Can't do that anymore, but we can all meet this way, we can all get on virtually and so in some ways, it's probably an enabler, which before you could grab an hour or you didn't have to fly cross-country or somebody didn't have to fly cross-country. So I'm kind of curious in this new reality, which is going to continue for some time. How has that impacted kind of people's ability to discover and get to know and build trust for these very very senior positions. >> HBR just came out with a really great article about the virtual board meeting. I don't know if you saw it but I can send you a link. I think that what I'm learning from board directors in general and leaders in general is that yes, there's things that make it difficult to engage remotely, but there's also a lot of benefit to being able to get comfortable with the virtual world. So it's certainly, particularly with COVID, with racial equity issues, with the uncertain economy, boards are having to meet more often and they're having, some are having weekly stand ups and those are facilitated by getting more and more comfortable with being virtual. And I think they're realizing that you don't have to press flesh, as they say, to actually build intimacy and real connection. And that's been a hold up, but I think as the top leadership gets to understand that and feel that for themselves, it becomes easier for them to adopt it throughout the organization that the virtual world is one we can really embrace, not just for a period of time. >> It's funny we had John Chambers on early on in this whole process, really talking about leadership and leading through transition. And he used the example, I think had been that day or maybe a couple days off from our interview where they had a board meeting, I think they were talking about some hamburger restaurant, and so they just delivered hamburgers to everybody's office and they had the board meeting. But that's really progressive for a board to actually be doing weekly stand ups. That really shows a pretty transformative way to manage the business and kind of what we think is the stodgy old traditional get together now and then, fly and then get some minutes and fly out, that's super progressive. >> Yeah. I mean, I was on three different board meetings this week with a company I'm on the board of in Minnesota. And we haven't seen each other in person in, I guess since January. (woman laughs) >> So final tips for women that want to make this this move, who, they've got some breathing space, they're not homeschooling the kids all day while they're trying to get their job done and trying to save their own business, but have some cycles and the capabilities. What do you tell them, where should they begin, how should they start thinking about, kind of taking on this additional responsibility and really professional growth in their life? >> Well, I mean, I think something very important for all of us to think about with regard to board service and in general as we get into a very senior level point in our careers at a managing and impact portfolio. People get into a senior point and they don't just want to be an executive for one company, they want to have a variety of ways that they're delivering impact, whether it's as an investor or as a board member or as other things as well as being an operator. And I think the misnomer is that people believe that you have to add them up and they, one plus one plus one equals three, and it's just not true. The truth is that when you add a board seat, when you add that other thing that you're doing it makes you better as a leader in general. Every board meeting I have with [Indistinct] gives me more than I bring back to Athena as an example. And so I think we tend to think of not being able to take on one more thing and I say that we all have a little more space than we think we have to take on the things we want to do. >> Right? That's a good message to me. It is often said if you want to get something done, give it to the busiest person in the room. It's more likely to get it done 'cause you got to be efficient and you just have that kind of get it done attitude. >> That's right. >> All right, Coco. Well, thank you for sharing your thoughts. >> Congratulations, so I guess it's your four year anniversary, five year anniversary [Indistinct] about right? >> Yes, four. >> That's terrific. And we look forward to continuing to watch the growth and hopefully checking in face to face at some point in the not too distant future. >> I would like that. >> All right. Thanks a lot Coco. >> Great talking to you. >> Already. >> She's Coco, I'm Jeff. You're watching theCube. Thanks for watching, we'll see you next time. (upbeat music)

>> Announcer: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is theCUBE conversation. >> Hi, everyone. Welcome to theCUBE Studios here in Palo Alto, California. I'm John Furrier, host of theCUBE. We're here for coverage of AWS Public Sector Summit. This is theCUBE Virtual with our quarantine crew going out and covering the latest posts of the Virtual Summit where our next guest is Matthew Cornelius, Executive Director for the Alliance for Digital Innovation. Matthew, thanks for joining me today for part of AWS virtual Public Sector Summit. >> That's great, thanks, John. Appreciate you having me. >> I know that John Wood and I have been talking about this organization and some of the ambition and the relevance of it. So I think it's a super important story. I want to get your thoughts on this in an unpack kind of the mission but for starters, tell us what is the Alliance for Digital Innovation? When were you formed? What's the mission? What do you do? >> Sure. Yeah, so ADI was formed about two years ago, to create a new advocacy group that could focus explicitly on getting cloud forward, commercial, highly innovative companies into the public sector. So the government technology space has traditionally been dominated by a lot of legacy vendors, folks that are very happy with vendor lock-in, folks that have an outdated business model that would not suffice in the commercial sector. So why does it have to be that way for government and ADI started with about eight members has since grown. We're approaching two dozen now. So we've had a lot of growth and I think a lot of the response that you've seen in the public sector, especially to the COVID crisis, and the response and relief efforts have made this organization and our mission more relevant now than ever. There's no way that you can go back to the previous way of doing business, so adopting all these commercials technologies, changing your business model, changing your operating model, and really use an emerging technology to deliver all these missions services is critical. >> You know, one of the things that I've been reporting on for many, many years is this idea of modernization. Certainly on the commercial side with cloud, it's been really important and Amazon has done extremely well, from a business standpoint. We all know that where that's going. The issue that's happening now is the modernization is kicking in. So the government has started to move down this track, we've seen the procurement start to get more modernized. Move from buying manuals to actually having the modern stuff and in comes COVID-19. You couldn't have accelerated, you couldn't have pulled the future forward fast enough to an already struggling federal government, in my opinion, and I've talked to many people in DC and the young crowd saying, "Hey, old government get modern", and then this comes. It's almost like throwing the rock on your back and you're sinking. This is a problem. What's your take on this? Because you're trying to solve a problem with modernizing, but now you got COVID-19 coming in, it compounds the complexity and the challenge. What's your chosen reaction to that? >> Yeah, so it there's a multifaceted response to this. So part of it is what I like to say is the government's done more in the past four months than it's done in the past 14 years when it comes to modernization and adopting commercial capabilities. I think with individual agencies, you've seen those those agencies, I will name a couple like the Small Business Administration, the General Services Administration, where I used to work, folks that were already heavily invested in cloud, heavily invested in modern digital tools and modern digital processes, they were able to weather this storm and to deal especially in SPS case, with a dramatic increase in their mission. I mean, running the paycheck Protection Program is something unlike an organization that size has ever seen. And from a technology standpoint, they have a lot of good stories that are worth telling and I think it's because they were so cloud forward. I think one of the other interesting points that as really come to light over the past four months is so many of the issues around modernization were cultural. Now, of course, there are some that are legal, there's acquisition, there's the way agencies are appropriated and financed and the way they can spend their money, but by and large, all of these agencies had to move to maximum telework, they had to get rid of all of these outdated on premise processes, these paper based processes that they had. And although surely there were some bumps in the road, and that was not easy, especially for these folks working around the clock to keep their agencies operational to make sure citizens are getting the services, they need, especially during this crisis, I think there's a lot of great success stories that you see there and because of this, no one even if they're allowed to go back into the office or when they're allowed to go back in the office, people are going to understand how much more productive they are, how much more technologically capable they are. And that's not just CIO officers that's people on programs in the front lines delivering services that mission response. We've really seen it powerful word over the last four months. >> You know, Matthew, I've been very vocal given that I'm kind of the old guy, get off my lawn kind of commentary. (Matthew laughs) I've seen that the waves and I remember coming in when I was in my late 20s and 30s old school enterprises, the commercial business wouldn't do business with startups, you had to be approved or you were in entrenched vendors supporting those things and then in comes the web, in comes the 90s, and then the web came there's more agile, you had startups that were more open and working with commercial vendors. It seems like we're seeing that movie play out in public sector where you have the entrenched incumbents, they got the town wired, who knows what's going on. It's been called the Beltway bandits for years and Tris and Curson and I talk about that all the time, but now the government can be agile, and startups need to be product to these new solutions, like whether it's video conferencing or virtual events, things like we do. New solutions are coming that need to come in, it's hard. Can you share how a company whether it's a startup or a new solution can come in and work with the government? Because the perception is, it's impossible. >> Yeah, and part of why ADI exist is to break that down. One to recruit more members to join us to really help drive commercial innovation in the government. And we have some very large companies like AWS and others that do an awful lot of work with the government. And we have a lot of smaller startups that are interested in dipping their toe in there. And so we try to help them demystify how it is that you go about working with the government. I think there have been again, some good success stories on this one. I think that there are lots of places like the Department of Defense, a lot of the folks in the intelligence community, some other agencies, they have authorities, they have partnership programs that make it easier for folks to adopt commercial innovation. They have unique authorities like other transaction authorities or commercial solutions offerings that really lowers the barrier for new technologies to be piloted and potentially scaled inside government. But that's not the case across lots of agencies, and that's why we advocate broadly for getting the acquisition process to move at the speed of technology. If there are good authorities that work in some agencies, let's get into everybody, let's have everybody try it because the people in the agencies, the acquisition professionals, the technical professionals, they have to be committed to working with industry, so the industry is committed to working with them. And as a former federal employee, myself, I worked at the Office of Management and Budget and the General Service Administration, I always was upset at the fact that the government is very good at speaking to industry, but not very good at working with industry and listening, and so we see a lot more of that now and I think part of that is a response to COVID, but it's also the recognition that you can't do things the way you used to do it, the traditional butts in seats contracting business model where everybody in between a federal employee and that outsourced service provider. You don't need all those people there, you can do it yourself and be just as effective and get all the real outcomes you're looking for with commercial innovation. >> It sounds like ADI your priorities is to make things go fast and be modernized. So I have to ask you, the question that's on my mind, probably on everyone's mind is, what are the key conversations or messages you provide to the agencies, heads or members of Congress to get them excited about this, to take action to support what you're doing? Because let's face it, most of these guys up on the Hill are girls now, most of them have a law backgrounds, they don't have a tech background. So that's a complaint that I've heard in the hallways in DC is, the guy making all the decisions doesn't know jack about tech. >> No, it's it's a great point. When we advocate up on the Hill there's a law that I don't think a lot of folks pay in awful lot of attention to. Everybody likes the nice new things that are coming from Capitol Hill but there's a great piece of legislation from 1994 for the Federal Acquisition Streamlining Act. We actually did some tremendous original research at ADI, about a year ago and released an interesting report that got a lot of uptick here. And most people don't even understand that the law requires you to do market research and see if there's a commercial product or service that meets your need before you go down building any sort of specific requirements or building out some sort of long procurement process. And so a lot of what we're doing is educating folks, not just on what the law says, but on why these can lead to better outcomes for agencies. I mean, I truly believe that most of the folks in government whether they're technical folks or not want to do the best thing, but if you're a company trying to do business with the government, you have to go through what is often a five or six or sometimes 10 person human supply chain. There's someone in government who wants your solution because it addresses a particular problem, and between them, and you the company, there's all sorts of additional bureaucratic overlays and folks that are not technical, that have other incentives and other priorities that don't always lead to the most optable procurement outcome. So there's an educational component, there's a cultural component. We need more champions inside government. We need not just better technology that's wanting to work with the government but we also need smarter, better people inside that understand the technology and can get to it the way they need to get to it so that they can deliver mission. >> As someone like me who's in the technology business, who loves entrepreneurship, loves business, loves the impact of technology, I'm not a public servant, and I'm not at that up to speed on all the government kind of inside baseball, so I kind of look at it a little bit differently. I've always been a big proponent of public private partnerships that's been kicked around in the past. It's kind of like digital transformation, kind of cliche, but there's been some pockets of success there, but look at the future. The role of influence and the commercial impact just China, for instance, just riffing the other day with someone around China doesn't actually go through government channels for how they deal with the United States. There's a little commercial, they have intellectual property issues going on, people saying they're stealing, they're investing in the United States. So there's a commercial influence. So as the government has to look at these commercial influences, they then have to modernize their workforce, their workloads, their applications, their workplaces. The work is not just workloads, it's workplace, workforce. So if you had your way, how would you like to see the landscape of the federal technology piece of this look like in five years? Because there's now new influence vectors coming in that are outside the channels of federal purview. >> No, it's a great question, and I appreciate you bringing up the other complexities around nation state actors in China and everything else. Obviously, supply chain security and being able to deal with legitimate security threat is critical when you're inside government. I mean, your first sort of purpose is to do no harm and to make sure that you're keeping citizen data, whether it's classified or unclassified secure. We think at ADI that there's a great balance to be heard there and part of that is if you're working with American companies, and you're adopting the best and most agile and most innovative commercial technology that America has to offer, that's going to make our industry more competitive and position it better in the commercial market and it's also going to make government agencies more effective. They're going to be able to meet their mission faster, they're going to be able to lower costs, they're going to be able to shift what are going to be tighter and tighter budgets over the next four or five or 10 years to other areas because they're not wasting so much money on these old systems and this old business processes, this old way of doing business. So you that is one of the balances that we have to take from an advocacy standpoint. We have to understand that supply chain security, cybersecurity are real issues, but security can also be an enabler to innovation and not an impediment and if a lot of the commercial capabilities that are coming out now and a lot of these companies like the ones ADI represents, want to do business with the government, and their commercial products can inherently be more secure than a lot of these old bespoke systems or old business practices. That's good for not just federal agencies, that's good for citizens and that's good for our national defense and our economy. >> You know, I look at our landscape and being an American born here, looking at other emerging countries, certainly China's one example of becoming very world digital native, even other areas where 5G and then telecom has made great internet access, you're seeing digital native countries, so as we modernize, and our lawmakers have more tech savvy and things become digital native, the commercial enabling piece is a huge thing, having that enabling technology, because it creates wealth and jobs and other things so you got three things, digital native country, enabling technologies to promote good and wealth and engine of economic value, and then societal impact. What's your take on those three kind of pillars? Because we're kind of as a country coming into this world order and look at the younger generation, they're all screaming for it, we're digital native, and all kinds of arbitrage there, fake news, misinformation, then you got enabling technology with the cloud, and then you get societal benefits, future of elections and everything else. So what's your thoughts? 'Cause it sounds like you're thinking about these things in your Digital Innovation Alliance. >> Yeah, absolutely. The one thing I will say and as someone that was a former federal employee, the one thing we need more of whether you're on the executive branch or in Congress, we need more people that like you said, are digital natives that understand technology that also want to be inside government either running programs or dealing with policy issues. We need as many good new ideas and folks with real, legitimate, necessary and current skills in there. Because if you don't understand the technology, you don't understand, like you said the societal impacts, you don't understand the business impacts of government decision making and the government can drive markets. I mean, especially in the middle of Coronavirus, we're spending trillions of dollars to keep folks afloat and we're using technology primarily as a way to make that happen. So the first thing I would say is, we need, we continue, need to continue, sorry, we need to continue to recruit and retain and train the best and the brightest to go into government service because it is a joy and a privilege to serve government and we've got to have better smarter technical people in there or we're going to keep getting these same outcomes, like you've mentioned over the past 30 plus years. >> I think we're in a JFK moment where John F. Kennedy said, "Ask not what your country can do for you, "what you can do for your country". Moment in the modern era and that was the 60s, that we saw the revolution of that happen there, we're kind of having a digital version of that now where it's an opportunity for people to get involved, younger generations and make change rather than arguing about it. So I feel fairly strongly about this so I think this is an opportunity. Your reaction to that? >> No, that's a fantastic point. I hadn't really thought about the JFK resemblance. From an industry standpoint, I think that is what is happening with these emerging technology companies and even some of the large companies. They understand that this is their way to contribute to the country whose R&D dollars and these public private partnerships helped a lot of these folks to grow and become the companies they are now. At least started them down that road. And so for us at the Alliance for Digital Innovation and the companies that are a part of us that is sort of purposeful to who we are. We do what we do and we want the government to build stronger relationships and to use this technology, because it does serve mission. I mean, we exclusively focus on the public sector. Focus of these companies and it's tremendously valuable when you see a federal agency who spent five or 10 years and hundreds of millions of dollars and still not solving a problem and then they can pick up the commercial off the shelf technology from a company that we represent, and can solve that problem for $5 million and do it in six months. I mean, that's truly rewarding and whether you're inside government or out, we should all celebrate that and we should find ways to make that the norm and not the exception. >> And take all that hate and violence and challenge it towards voting and getting involved. I'm a big proponent of that. Matthew, thank you so much for taking the time. I'll give you the last word. Take a minute to put a plug in for the Alliance for Digital Innovation. Who are the charter members, who's involved? I know John Wood from Telos is a charter member. Who's involved, how did it all start? >> Yeah. >> Give it taste of the culture and who's involved. >> Yeah, thanks, John. So, yeah, like you mentioned, we have tremendous members, AWS is obviously a great partner. We have a lot of big companies that are involved, Google Cloud, Salesforce, Palantir, Palo Alto Networks. We also have great midsize and small companies. You think of Telos, you think of SAP NS2 and Iron Net, you think of Saildrone. We've got companies that whose technology product and service offerings run the range for government needs. We all come together because we understand that the government can and should and must do better to buy and leverage commercial technology to meet mission outcomes. So that is what we focus on. And, frankly, we have seen tremendous growth since COVID started. I mean, we are 24 members now we were at 18, just four months ago, but I like to say that ADI is an organization whose mission is more important and more resonant now, not just in the technology, parts of government, but at the secretary level at the Chief Acquisition Officer level, in Congress. We are folks that are trying to paint the future, we're doing a positive vision for change for what government can and should be. And for all of those other technology companies that want to be a part of that, that understand that the government can do better, and that has ideas for making it work better and for getting commercial innovation into government faster, to solve mission outcomes and to increase that trust between citizens and government, we want you. So if folks are interested in joining you got people that are watching out there, you can go to alliance4digitalinnovation.org. We're always accepting interested applicants and we look forward to continuing this message, showing some real outcomes and helping the government for the next year, five years, 10 years, really mature and modernize faster and more effectively than it has before. >> Great mission, love what you're doing. I think the future democracy depends on these new models to be explored, candidly and out in the open, and it's a great mission, we support that. Thanks for taking the time, Matthew. Appreciate it. >> Thanks, John. Have a great Public Sector Summit. >> Okay, this is theCUBE coverage of AWS Public Sector Virtual Summit. I'm John Furrier here in theCUBE Virtual. Thanks for watching and stay tuned for more coverage. (gentle music)

>> Narrator: From downtown San Francisco it's the Cube covering RSA North America 2018. >> Hey, welcome back, everybody. Jeff Frick here with the Cube. We're at the RSA conference in downtown San Francisco, 40,000 plus professionals all about security and one of the big themes is how do we work together? How do we leverage our collective knowledge, look for patterns to help, you know, be better against the bad guys, and one of the really big forces for that is the Cyber Threat Alliance and we're really excited to have Michael Daniel, the president and CEO of Cyber Threat Alliance. Michael, great to see you. >> Thanks for having me. >> So, talk about kind of the genesis of this because it's such an important concept that, yes, we're competitors on this floor but if we work together, we can probably save ourselves a lot of work. >> Absolutely, I mean, part of the idea behind the Cyber Threat Alliance is that no matter how big you are, no matter how broad your coverage is of cyber security company, no one individual company ever sees all of the threats all of the time. >> Jeff: Right. >> And, so that, in order to better protect their customers and clients, sharing that threat intelligence at speed at scale is a very fundamental part of being a much better cyber security company. >> So, how hard of a sell was that a year ago? I think you started it a year ago, announced it, and how's the ecosystem kind of changed over the last year? >> Well, I would say that, you know, it's not like I run into anybody that says, "You know, Michael, that's a really "stupid idea, we shouldn't do that." Right, it's really finding the way for a cyber security company to fit it into their business model. >> Right. >> To be able to consume the threat intelligence at a speed that matters and really be able to bake it into their products. That's usually the hard part. Conceptually, everybody agrees that this is what we need to do. >> Right, and then, how 'about just the nitty gritty nuts and bolts of, you know, how do you share information? How is it picked up, how is it communicated? What are the protocols? I'd imagine that's not too simple. >> That's right, and one of the things that we settled on was we use the STIX format because it's an open format that everybody can translate back and forth. We had to build in a lot of business rules to actually make sure that people were playing fair. You know, for example, we actually require all of our members to share. So, you can't just join the alliance and consume information, you actually have to give in order to receive. >> Right, and you've got some really kind of high-level, lofty goals that you've built this around in terms of doing good for the greater good, kind of beyond the profitability of an individual customer transaction. I wonder if you can speak to a few of those. >> Well, sure, so the part of the idea behind the way that CTA is structured is that we're a 501 C6, so we're a non-profit, right, and the idea is that we function to help raise the level of cyber security across the digital ecosystem and actually enable our member companies to compete more effectively because they have better intelligence that their products and services are based on, but we, ourselves, are not in it to make money. >> Right, right, right, alright, Michael. Unfortunately, we're up against the time. >> Absolutely. >> So, we're going to have to leave it there, but love the work that you guys are doing and it makes so much sense for people to work together. >> Well, thank you very much, thank you for having me. >> Alright, he's Michael from Cyber Threat Alliance. I'm Jeff from the Cube. You're watching us from the RSA conference San Francisco, thanks for watchin'. (soft electronic beat)

(soft click) >> Hey, welcome back everybody Jeff Frick here with theCUBE. We're at Data Privacy Day 2018 here at downtown San Francisco, the LinkedIn headquarters, gracious enough to hose this event. Bigger than last year, last year we were here for the first time at Twitter. And really the momentum continues to grow 'cause there's some big regulations coming down the pike that are really going to be into place. And have significant financial penalties, if you don't get your act together. So, we're excited to have the new Russell Schrader, the Executive Director of the National Cyber Security Alliance Organization behind this event. Russ, great to see you. >> Thank you very much for coming today, it was a great event. >> Absolutely, so, you've been on the job, this job, you said like less than two weeks. >> It's true. >> What do you think? I mean then they throw you right into the big event. >> Well, I've known the organization, I've known the event. But the staff really has done an outstanding job. They made it so easy for me, everything that they've done has just been terrific. They lined up fantastic speakers, they picked cutting edge topics, they put together a really well paced program, and it was just a terrific day for all of us to get in, really have some good discussions. >> You're off to a great start. (chuckles) >> Thank you. (both laugh) >> So you said you're familiar with your orginazation. You know, why are you here? Why did you take advantage of this opportunity? What do you kind of see as the role of this organization? And where do you see the opportunities to really make some significant impact going forward? >> Sure, the National Cyber Security Alliance is a who's who in the organization. People who really care about cyber security. Who see it as part of their social obligation. And it was a wonderful group that I'd worked with before. When I was at Visa and I see now, coming in as Executive Director, to really take it to the next level. We really are pushing, I think, on four separate areas that I think there's a lot of opportunity for it. Doing more cooperate work. Serving more consumers, more consumer education, more consumer awareness. I think working with educating staffers on the hill and in regulatory agencies in D.C. on changes and technological changes. And the cutting edge stuff. But in also, I think working academia, sort of getting involved and getting some of the scholarly, the cutting edge, the new ideas. And just preparing for what's going to happen in the next few years. >> Right, that's interesting 'cause you guys are National Cyber Security, security is often used as a reason to have less privacy. Right? It's often the excuse that the government, big brother, would used to say, you know, "We need to know what you're up to, we've got red light cameras all over the place to make sure you're not running red lights." So, it's an interesting relationship between privacy, security, and then what we're hearing more and more, really, a better linchpin to drive all this, which is, identity. So I wonder if you can share your kind of perspective on kind of the security versus privacy. Kind of trade off and debate. Or am I completely off base and they really need to run in parallel? >> Well, they do intersect a whole lot. People have talked about them being two sides of the same coin. Another speaker today said that security is a science but privacy is an art. As part of it is, you know, security is, the keeping the data in one place, the same way in as when you put it out. Sort of an integrity piece. You know, it isn't being misused, it's not being manipulated in a way and it's just not being changed. So that's a security piece. The privacy piece is people choosing what is used with that data. You know, is it to help me with an app? Is it to give me more information? Is it to give me games to play and things like that? So and that leads into a lot of different advantages in the web and on the internet. Now, identity since you put in a trifecta of big terms. >> Everything's got to be in threes, right? >> And there's three reasons for that. I think that, you know, the identity part is part of who are you. Now on the internet you can be a lot of people, right? The old cartoon was, you know, on the internet no one knows you're a dog. Well, on the internet, you can be a dog, you can be, you know, the person who you are at school, you can be the person who you are among your friends, you can be the person who you are at work. And those different selves, those different identities, are the internet of me. And we just need to make sure that you are curating your identities and sharing the information that you feel comfortable with. And that making sure that those are reaching the right people and not the wrong people. >> Right. So, there's an interesting kind of conundrum, we cover a lot of big data shows. And, you know, and there is kind of a fiduciary moral and now legal responsibility as you're collecting this data to drive some algorithm, some application that you know what you're using it for. And it's a good use of that. And you have a implicit agreement with the people providing you the data. But one the interesting things that comes up is then there's this thing where you've got that data and there's an application down the road that was not part of the original agreement. That no one even had an idea whatever happened. How does that fit in? Because as more and more of this data's getting stored. And there's actually a lot of value that can be unlocked, applying it in different ways, different applications. But, that wasn't the explicit reason that I gave it to you. >> Right, right. And that's really tricky because people have to be really vigilant. There is that education piece. That is the personal responsible piece to do business with companies and with apps that you feel comfortable with. But, you still have to trust but verify. And you do want to look into your phone, look into your PC, look into your other device. And figure out where things have changed, where things are moving. That's one of the great things about being in the Bay area today is innovation. But innovation, you just want to make sure that you are participating in it and you're in the part of innovation that's best for you. >> Okay, so, you mentioned academe, which is great, we do a lot of stuff at Stanford, we do a lot of stuff at MIT. So, as you look at kind of the academic opportunities. Kind of, where is some of the cutting edge research? Where are some of the academe focus areas that are helping advance the science of proxy? >> Well, you named two of the most forward thinking ones right there. So, I'll add to that just because we're talking about Stanford, we have to talk about Berkeley. >> Jeff: Yes. >> Right and Berkeley does have the whole group in privacy and law. On the east coast, in addition to MIT, you see George Washington is doing some things. George Mason is doing some things. And so you want to reach out to different areas. Cornell is doing things as well. So, we want to be able to figure out, where are the best ideas coming from? There are conferences already there. And maybe we can convene some papers, convene some people. And source out and give a little bit of more push and publish to people who otherwise wouldn't be getting the kind of publicity and encourage the kind of research. In privacy and in cyber security. Because there is the business and the consumer educational component. Not just, you know, the tech component to the academic work. >> So, before I let you go, last question. Where do you see is the biggest opportunity? Where's the biggest, either gap that needs to be filled, you know, kind of positive that's filling in negative, or an untapped positive that we've just barely scraped the surface of? >> Well, I think it's all about the consumer, to a large extent, to large one. You've got to figure out, how do you make your life easier. Right? Go back to the iPad introduction, nobody knew that they needed an iPad until they realized they couldn't live without it. You look at what's happened with mobile, right? Now, the idea of having a wallet, is on your phone. So, while I'm waiting in line at the grocery store, I'm checking my messages, I'm texting back and forth. And I just point my phone and I pay. Those kinds of areas are the kind of innovations that are consumer facing, that I think are really terrific. There's a lot of business work as well being done. But you have to figure out where that's going to go and I think the consumer just has a fantastic opportunity. >> Alright, well good opportunity, look forward to catching up a year from now and seeing how much progress you make. >> I think we had such a great program this year, I can't wait til next year, thank you. >> He's Russ Schrader, he's the Executive Director. I'm Jeff Frick, you're watching theCUBE, we're at Data Privacy Day 2018 in San Francisco. Thanks for watching, we'll catch you next time. (soft electronic music)

>> From Phoenix, Arizona, theCUBE. At Catalyst Conference, here's your host Jeff Frick. (soft music) >> Hey Jeff Frick here with theCUBE. We're in Phoenix, Arizona at the Girls in Tech Catalyst Conference. About 400 people. The fourth year of the conference. Really getting together, talking about women in tech issues. Something in the water, here in Phoenix. We were here two years ago at the Grace Hopper Celebration of Women and Computing, also just down the road. So we're happy to be here and really get a feel. And bring to you some of the leaders here, that are making things happen. We're really excited by our next guest, Coco Brown, the founder and CEO of the Alena Alliance, or Athena Alliance, excuse me, welcome. >> Thank you. >> So the Athena Alliance, what's it all about? >> Well so the Athena Alliance is an organization of executive women who've achieved great success in their careers. And they have vision collectively of women operating at their highest level of impact. And within the context of a business leadership realm, that highest level really is the boardroom. And so our mission is to help women obtain board seats and be successful in the role. >> So there's a lot of conversations about board. It seems to be kind of the new hot button topic about inequality. There's certainly ton of conversations about inequality and pay highlighted recently by the women's national soccer team, which got a lot of buzz. And I think everyone knows that conversation that's been going on for a while. But the boardroom conversation is kind of new. It's kind of bubbling up. Or at least that's my sense of it, that barely have cracked the surface in terms of historical numbers in getting women representation on boards. >> Yeah. >> Why does that continue to be a problem? Is it a pipeline issue? Is it a match making issue? Is it a networking issue? Is it just, I just don't know? What is the issue? >> It's not a pipeline issue. And so what's happened in this discussion is there were some, sort of, pretty notable examples of situations where women raised their hands and said, hey where are the women on these boards. And the response was, well where are the women? Which kind of created this energy around the topic a lot more strongly more recently. Which is to say, there are a lot of qualified women out there who would be great board directors. And yet the positions of board director are gate kept by largely men. This is just the circumstance. Men are the ones who back companies. They're their VCs, they're the founders, they're the CEOs. And within their networks, they don't have a lot of women. Executive women. Likewise, executive women tend to seek each other out too. So we're not in each other's realms. So a lot of the conversation has been around raising awareness to the issue. There's been great tracking of exactly where is the issue. And how are we making progress. And then there's been a lot of great organizations that have been helping women get ready for board positions, training them. And thirdly, there's a lot of great organizations out there who are, essentially, identifying qualified women, and cataloging them, putting them in data bases and saying, hey no excuses, here they are. But the key missing element and my feeling as to why the problem continues to persist, part of it is just time. It's just going to take time. But part of it is also, really networking, what you said. It is about networking. It is that the women who want these positions and who are qualified for these positions need to know the men who are looking for board directors. And when you actually connect, make those two connections happen, you get incredible success. And we're seeing it already. >> Or as the age old advice, it's not who you know, but who knows you. >> Yes! >> It used to always be the other way around. But it's really who knows you. And we live in such a time of personal branding and external communication via LinkedIn, Twitter, blogs, medium, however you choose to externalize your professional position. And it kind of gets intermingled with your personal position. There really is not much excuse, at least, to make the attempt, to get yourself out there. >> Exactly, it's why. So there's 16 of the speakers here at this conference, are Athena Alliance women. And part of the reason we're here, we're here because this is such a noble and important and fantastic event for us to participate in. The other reason we're here is because this is apart of our way of getting known too, right. Of becoming more visible. Of making our brand, personal brand known. So this is one of those key things about who knows you that we should and need to be doing. >> So how many Athena foundation women are in executive boards now? >> So Athena Alliance is relatively new. So we're just getting started. About 50% of, 47% of the women associated with Athena Alliance are already on boards. >> That's pretty good, 47%. >> Yes, largely those are non-profit boards. >> Okay. >> They also are on a fair number of advisory boards. And they're now looking for the private boards and corporate boards and they're looking for public boards as well. >> And do you see that as kind of a logical stepping stone between an advisory board, a non-profit board, potentially a private company board, a VC company and then to a larger public entity. Is that kind of? >> Yeah I see it two ways. On the one hand, it's stepping stones and on the other, we have a variety of careers. So let's take me for example. I ran and was an owner of a privately held company. We reached about 50 million dollars in revenue before I sold my ownership, moved on. I'm qualified for a certain kind of a board. I'm qualified for a private board of a certain type of growth, sort of trajectory or stage. Others like Yvonne, who you spoke with, she's qualified for public boards of a different size. So some of it is what we're qualified for and what we can really contribute to and some of it is stepping stones. So for example, advisory boards are a great stepping stone. You get absolutely zero board credit for being on an advisory board, 'cause it doesn't have fiduciary responsibilities. >> No fiduciary responsibility. >> Right. But it's incredible network experience. It's a great way to get to know CEOs, to get to know VCs, to make yourself known as a candidate for other aspects of that company. >> Where do you see the natural networking opportunities? 'Cause clearly there's networks that exist around where you went to school. There's networks around, increasingly alumni groups, within companies, especially a big company like an Intel or an HP, where you got these huge alumni groups, 'cause they've been around for so long. Where are some of the other natural alumni groups that then cross over that are going to allow rubbing of shoulders with the old school guy board members with some of these women that are trying to break through? >> Yeah it's interesting. I think that is a really good opportunity space because I do see that mostly, the networking pods, if you will, are within school alumni groups, or corporate alumni groups, or organizations that women belong to. But that are largely then just women organizations. Or maybe some industry organizations. And industry boards are a great way to make that connection point. But I don't think that women do have opportunities of overlap with men in those organizations and those networking communities. So the way it has to happen is, I think we have to make it happen. So it's almost like, creating mixers. We need some mixers, right? Male VCs mixed with Athena Alliance women. Let's get together. We actually have an event coming up like that. Where you can have some men and women in the same room. They get to get a sense of each other. Those you do start seeing more of that going on and it's kind of essential. >> 'Cause you really need that right? I mean, they are networks. And everything going on today is all about networks, whether it's IOT or social media or whatever. It's networks and they're all naturally bound by something but how do you get that overlap from one network to the other when there's not enough overlap to really make the activity that you're seeking. Of course, there's always CUBE alumni, which is a terrific network. So we'll use that as a founding point. >> Absolutely. Well and Dan Scholnick, who is a general partner with Trinity, he's on a number of boards. He's speaking at an event for the Athena Alliance on a panel coming up. And he's got board openings in the variety of boards that he's on. Those are the kinds of connections. Make opportunities for Dan to be in the same room as a number of these great women. I think we just have to create it. >> It's interesting, interesting. 'Cause it is all about the connection, right. You got to know people and you got to put the word out. Nobody ever got a board seat sending out a resume. I don't know. How many come from executive head hunters? I never got a job from executive head hunters. It's really more about who you know. >> And executive recruiters only actually fill about one to two percent of board seats. It's only the top companies with the deepest pockets or the greatest pressure that can do that. >> Okay so what are your priorities for the next six months, nine months, what are your top things your guys are working on at the Alliance? >> So we're relatively new, so big, big priority for us is funding. We're also scaling. So scaling is one of the important things. In other words, scaling our relationships with those VCs, with CEOs, and starting to create great linkages through these networking events. >> All right, well Coco, thank you for taking a few minutes. >> Thank you. >> Absolutely and good luck with the Alliance. It sounds like you guys are on your way. We see increasingly, we did a show at SAP in conjunction with MAKERS and they got a great movie about some of the women who just broke down barriers in advertising, fashion, finance, tech, et cetera. Meg Whitman, among many women highlighted there. And it's tough to break down that door. When the first one gets through, hopefully they leave a little space for somebody else to scooch in behind them. >> Yeah, yeah. >> Absolutely. All right, Jeff Frick here with Coco Brown. We are the Girls in Tech Catalyst Conference, Phoenix, Arizona. You're watching theCUBE. See you next time. (soft music)

(electronic music) >> Hello, I'm John Furrier with SiliconANGLE News and host of theCUBE, and welcome to our news update for MWC in Barcelona, the premier event for cloud and to the telecommunication industry. News today, VMware in the news has lots of announcements, where it's expanding its line of products for communication service providers with Open RAND portfolio VMware's unveiled service management orchestration framework for simplifying and automating radio access networks and their applications. RANDs have traditionally been proprietary because of their need for low latency and speed and the Overran Alliance is championed open standard that would expand the number of players in the RAND ecosystem. According to Sanjay Oppai, senior vice president and general manager of the service provider and Edge Business Unit at VMware, VMware is the forefront of getting deployed in telcos both in the RAND as well as the core and VMware hopes they can extend their leadership from the enterprise data center and SD WAN and be the defacto standard in the RAND. VMware is also announcing a technical preview that'll allow communications service providers to run disaggregated and virtualized RAND functions directly on bare metal servers using VMware Tanzu. Project Hui is the initiative aimed at telecom providers that need flexibility in how they deploy edge devices. The VMware Telco cloud platform is also being improved to deliver carrier grade intelligent networking and lateral security features such as distributed firewall and intrusion detection and prevention, along with support for energy efficient use cases for 4G and 5G core load balancing. For enterprise customers, VMware is delivering new and enhanced remote worker device connectivity and intelligent wireless capabilities to its SD WAN and Secure Access Service Edge, or SASE Products, is also expanding its collaboration with Intel aimed at delivering new edge applications based on 5G connectivity that will support SD WAN use cases involving mobile and internet of things devices. Again, VMware spinning their portfolio in the news. Again, VMware is not stopping. Of course, theCUBE's, all the coverage of VMware Explorer will be coming up this year in 2023. Don't miss that. But at mwc, Dave Vellante and Lisa Martin, the entire Cube team are there for four days of live coverage. Of course, all the news and reporting is on SiliconANGLE.com. For all the action, go there. And of course theCUBE.net is where the broadcast is in Barcelona. This is theCUBE News. Thanks for watching.

(upbeat music) >> Welcome back, everyone, to our Cube special programming on "Securing Compute, Engineered for the Hybrid World." We got Cole Humphreys who's with HPE, global server security product manager, and Mike Ferron-Jones with Intel. He's the product manager for data security technology. Gentlemen, thank you for coming on this special presentation. >> All right, thanks for having us. >> So, securing compute, I mean, compute, everyone wants more compute. You can't have enough compute as far as we're concerned. You know, more bits are flying around the internet. Hardware's mattering more than ever. Performance markets hot right now for next-gen solutions. When you're talking about security, it's at the center of every single conversation. And Gen11 for the HPE has been big-time focus here. So let's get into the story. What's the market for Gen11, Cole, on the security piece? What's going on? How do you see this impacting the marketplace? >> Hey, you know, thanks. I think this is, again, just a moment in time where we're all working towards solving a problem that doesn't stop. You know, because we are looking at data protection. You know, in compute, you're looking out there, there's international impacts, there's federal impacts, there's state-level impacts, and even regulation to protect the data. So, you know, how do we do this stuff in an environment that keeps changing? >> And on the Intel side, you guys are a Tier 1 combination partner, Better Together. HPE has a deep bench on security, Intel, We know what your history is. You guys have a real root of trust with your code, down to the silicon level, continuing to be, and you're on the 4th Gen Xeon here. Mike, take us through the Intel's relationship with HPE. Super important. You guys have been working together for many, many years. Data security, chips, HPE, Gen11. Take us through the relationship. What's the update? >> Yeah, thanks and I mean, HPE and Intel have been partners in delivering technology and delivering security for decades. And when a customer invests in an HPE server, like at one of the new Gen11s, they're getting the benefit of the combined investment that these two great companies are putting into product security. On the Intel side, for example, we invest heavily in the way that we develop our products for security from the ground up, and also continue to support them once they're in the market. You know, launching a product isn't the end of our security investment. You know, our Intel Red Teams continue to hammer on Intel products looking for any kind of security vulnerability for a platform that's in the field. As well as we invest heavily in the external research community through our bug bounty programs to harness the entire creativity of the security community to find those vulnerabilities, because that allows us to patch them and make sure our customers are staying safe throughout that platform's deployed lifecycle. You know, in 2021, between Intel's internal red teams and our investments in external research, we found 93% of our own vulnerabilities. Only a small percentage were found by unaffiliated external entities. >> Cole, HPE has a great track record and long history serving customers around security, actually, with the solutions you guys had. With Gen11, it's more important than ever. Can you share your thoughts on the talent gap out there? People want to move faster, breaches are happening at a higher velocity. They need more protection now than ever before. Can you share your thoughts on why these breaches are happening, and what you guys are doing, and how you guys see this happening from a customer standpoint? What you guys fill in with Gen11 with solution? >> You bet, you know, because when you hear about the relentless pursuit of innovation from our partners, and we in our engineering organizations in India, and Taiwan, and the Americas all collaborating together years in advance, are about delivering solutions that help protect our customer's environments. But what you hear Mike talking about is it's also about keeping 'em safe. Because you look to the market, right? What you see in, at least from our data from 2021, we have that breaches are still happening, and lot of it has to do with the fact that there is just a lack of adequate security staff with the necessary skills to protect the customer's application and ultimately the workloads. And then that's how these breaches are happening. Because ultimately you need to see some sort of control and visibility of what's going on out there. And what we were talking about earlier is you see time. Time to seeing some incident happen, the blast radius can be tremendous in today's technical, advanced world. And so you have to identify it and then correct it quickly, and that's why this continued innovation and partnership is so important, to help work together to keep up. >> You guys have had a great track record with Intel-based platforms with HPE. Gen11's a really big part of the story. Where do you see that impacting customers? Can you explain the benefits of what's going on with Gen11? What's the key story? What's the most important thing we should be paying attention to here? >> I think there's probably three areas as we look into this generation. And again, this is a point in time, we will continue to evolve. But at this particular point it's about, you know, a fundamental approach to our security enablement, right? Partnering as a Tier 1 OEM with one of the best in the industry, right? We can deliver systems that help protect some of the most critical infrastructure on earth, right? I know of some things that are required to have a non-disclosure because it is some of the most important jobs that you would see out there. And working together with Intel to protect those specific compute workloads, that's a serious deal that protects not only state, and local, and federal interests, but, really, a global one. >> This is a really- >> And then there's another one- Oh sorry. >> No, go ahead. Finish your thought. >> And then there's another one that I would call our uncompromising focus. We work in the industry, we lead and partner with those in the, I would say, in the good side. And we want to focus on enablement through a specific capability set, let's call it our global operations, and that ability to protect our supply chain and deliver infrastructure that can be trusted and into an operating environment. You put all those together and you see very significant and meaningful solutions together. >> The operating benefits are significant. I just want to go back to something you just said before about the joint NDAs and kind of the relationship you kind of unpacked, that to me, you know, I heard you guys say from sand to server, I love that phrase, because, you know, silicone into the server. But this is a combination you guys have with HPE and Intel supply-chain security. I mean, it's not just like you're getting chips and sticking them into a machine. This is, like, there's an in-depth relationship on the supply chain that has a very intricate piece to it. Can you guys just double down on that and share that, how that works and why it's important? >> Sure, so why don't I go ahead and start on that one. So, you know, as you mentioned the, you know, the supply chain that ultimately results in an end user pulling, you know, a new Gen11 HPE server out of the box, you know, started, you know, way, way back in it. And we've been, you know, Intel, from our part are, you know, invest heavily in making sure that all of our entire supply chain to deliver all of the Intel components that are inside that HPE platform have been protected and monitored ever since, you know, their inception at one of any of our 14,000, you know, Intel vendors that we monitor as part of our supply-chain assurance program. I mean we, you know, Intel, you know, invests heavily in compliance with guidelines from places like NIST and ISO, as well as, you know, doing best practices under things like the Transported Asset Protection Alliance, TAPA. You know, we have been intensely invested in making sure that when a customer gets an Intel processor, or any other Intel silicone product, that it has not been tampered with or altered during its trip through the supply chain. HPE then is able to pick up that, those components that we deliver, and add onto that their own supply-chain assurance when it comes down to delivering, you know, the final product to the customer. >> Cole, do you want to- >> That's exactly right. Yeah, I feel like that integration point is a really good segue into why we're talking today, right? Because that then comes into a global operations network that is pulling together these servers and able to deploy 'em all over the world. And as part of the Gen11 launch, we have security services that allow 'em to be hardened from our factories to that next stage into that trusted partner ecosystem for system integration, or directly to customers, right? So that ability to have that chain of trust. And it's not only about attestation and knowing what, you know, came from whom, because, obviously, you want to trust and make sure you're get getting the parts from Intel to build your technical solutions. But it's also about some of the provisioning we're doing in our global operations where we're putting cryptographic identities and manifests of the server and its components and moving it through that supply chain. So you talked about this common challenge we have of assuring no tampering of that device through the supply chain, and that's why this partnering is so important. We deliver secure solutions, we move them, you're able to see and control that information to verify they've not been tampered with, and you move on to your next stage of this very complicated and necessary chain of trust to build, you know, what some people are calling zero-trust type ecosystems. >> Yeah, it's interesting. You know, a lot goes on under the covers. That's good though, right? You want to have greater security and platform integrity, if you can abstract the way the complexity, that's key. Now one of the things I like about this conversation is that you mentioned this idea of a hardware-root-of-trust set of technologies. Can you guys just quickly touch on that, because that's one of the major benefits we see from this combination of the partnership, is that it's not just one, each party doing something, it's the combination. But this notion of hardware-root-of-trust technologies, what is that? >> Yeah, well let me, why don't I go ahead and start on that, and then, you know, Cole can take it from there. Because we provide some of the foundational technologies that underlie a root of trust. Now the idea behind a root of trust, of course, is that you want your platform to, you know, from the moment that first electron hits it from the power supply, that it has a chain of trust that all of the software, firmware, BIOS is loading, to bring that platform up into an operational state is trusted. If you have a breach in one of those lower-level code bases, like in the BIOS or in the system firmware, that can be a huge problem. It can undermine every other software-based security protection that you may have implemented up the stack. So, you know, Intel and HPE work together to coordinate our trusted boot and root-of-trust technologies to make sure that when a customer, you know, boots that platform up, it boots up into a known good state so that it is ready for the customer's workload. So on the Intel side, we've got technologies like our trusted execution technology, or Intel Boot Guard, that then feed into the HPE iLO system to help, you know, create that chain of trust that's rooted in silicon to be able to deliver that known good state to the customer so it's ready for workloads. >> All right, Cole, I got to ask you, with Gen11 HPE platforms that has 4th Gen Intel Xeon, what are the customers really getting? >> So, you know, what a great setup. I'm smiling because it's, like, it has a good answer, because one, this, you know, to be clear, this isn't the first time we've worked on this root-of-trust problem. You know, we have a construct that we call the HPE Silicon Root of Trust. You know, there are, it's an industry standard construct, it's not a proprietary solution to HPE, but it does follow some differentiated steps that we like to say make a little difference in how it's best implemented. And where you see that is that tight, you know, Intel Trusted Execution exchange. The Intel Trusted Execution exchange is a very important step to assuring that route of trust in that HPE Silicon Root of Trust construct, right? So they're not different things, right? We just have an umbrella that we pull under our ProLiant, because there's ILO, our BIOS team, CPLDs, firmware, but I'll tell you this, Gen11, you know, while all that, keeping that moving forward would be good enough, we are not holding to that. We are moving forward. Our uncompromising focus, we want to drive more visibility into that Gen11 server, specifically into the PCIE lanes. And now you're going to be able to see, and measure, and make policies to have control and visibility of the PCI devices, like storage controllers, NICs, direct connect, NVME drives, et cetera. You know, if you follow the trends of where the industry would like to go, all the components in a server would be able to be seen and attested for full infrastructure integrity, right? So, but this is a meaningful step forward between not only the greatness we do together, but, I would say, a little uncompromising focus on this problem and doing a little bit more to make Gen11 Intel's server just a little better for the challenges of the future. >> Yeah, the Tier 1 partnership is really kind of highlighted there. Great, great point. I got to ask you, Mike, on the 4th Gen Xeon Scalable capabilities, what does it do for the customer with Gen11 now that they have these breaches? Does it eliminate stuff? What's in it for the customer? What are some of the new things coming out with the Xeon? You're at Gen4, Gen11 for HP, but you guys have new stuff. What does it do for the customer? Does it help eliminate breaches? Are there things that are inherent in the product that HP is jointly working with you on or you were contributing in to the relationship that we should know about? What's new? >> Yeah, well there's so much great new stuff in our new 4th Gen Xeon Scalable processor. This is the one that was codenamed Sapphire Rapids. I mean, you know, more cores, more performance, AI acceleration, crypto acceleration, it's all in there. But one of my favorite security features, and it is one that's called Intel Control-Flow Enforcement Technology, or Intel CET. And why I like CET is because I find the attack that it is designed to mitigate is just evil genius. This type of attack, which is called a return, a jump, or a call-oriented programming attack, is designed to not bring a whole bunch of new identifiable malware into the system, you know, which could be picked up by security software. What it is designed to do is to look for little bits of existing, little bits of existing code already on the server. So if you're running, say, a web server, it's looking for little bits of that web-server code that it can then execute in a particular order to achieve a malicious outcome, something like open a command prompt, or escalate its privileges. Now in order to get those little code bits to execute in an order, it has a control mechanism. And there are different, each of the different types of attacks uses a different control mechanism. But what CET does is it gets in there and it disrupts those control mechanisms, uses hardware to prevent those particular techniques from being able to dig in and take effect. So CET can, you know, disrupt it and make sure that software behaves safely and as the programmer intended, rather than picking off these little arbitrary bits in one of these return, or jump, or call-oriented programming attacks. Now it is a technology that is included in every single one of the new 4th Gen Xeon Scalable processors. And so it's going to be an inherent characteristic the customers can benefit from when they buy a new Gen11 HPE server. >> Cole, more goodness from Intel there impacting Gen11 on the HPE side. What's your reaction to that? >> I mean, I feel like this is exactly why you do business with the big Tier 1 partners, because you can put, you know, trust in from where it comes from, through the global operations, literally, having it hardened from the factory it's finished in, moving into your operating environment, and then now protecting against attacks in your web hosting services, right? I mean, this is great. I mean, you'll always have an attack on data, you know, as you're seeing in the data. But the more contained, the more information, and the more control and trust we can give to our customers, it's going to make their job a little easier in protecting whatever job they're trying to do. >> Yeah, and enterprise customers, as you know, they're always trying to keep up to date on the skills and battle the threats. Having that built in under the covers is a real good way to kind of help them free up their time, and also protect them is really killer. This is a big, big part of the Gen11 story here. Securing the data, securing compute, that's the topic here for this special cube conversation, engineering for a hybrid world. Cole, I'll give you the final word. What should people pay attention to, Gen11 from HPE, bottom line, what's the story? >> You know, it's, you know, it's not the first time, it's not the last time, but it's our fundamental security approach to just helping customers through their digital transformation defend in an uncompromising focus to help protect our infrastructure in these technical solutions. >> Cole Humphreys is the global server security product manager at HPE. He's got his finger on the pulse and keeping everyone secure in the platform integrity there. Mike Ferron-Jones is the Intel product manager for data security technology. Gentlemen, thank you for this great conversation, getting into the weeds a little bit with Gen11, which is great. Love the hardware route-of-trust technologies, Better Together. Congratulations on Gen11 and your 4th Gen Xeon Scalable. Thanks for coming on. >> All right, thanks, John. >> Thank you very much, guys, appreciate it. Okay, you're watching "theCube's" special presentation, "Securing Compute, Engineered for the Hybrid World." I'm John Furrier, your host. Thanks for watching. (upbeat music)

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back to Vegas. Guys. We're happy that you're here. Lisa Martin here covering with Dave Valante, Palo Alto Networks Ignite 22. We're at MGM Grand. This is our first day, Dave of two days of cube coverage. We've been having great conversations with the ecosystem with Palo Alto executives, with partners. One of the things that they have is unit 42. We're gonna be talking with them next about cyber intelligence. And the threat data that they get is >>Incredible. Yeah. They have all the data, they know what's going on, and of course things are changing. The state of play changes. Hold on a second. I got a text here. Oh, my Netflix account was frozen. Should I click on this link? Yeah. What do you think? Have you had a, it's, have you had a little bit more of that this holiday season? Yeah, definitely. >>Unbelievable, right? A lot of smishing going on. >>Yeah, they're very clever. >>Yeah, we're very pleased to welcome back one of our alumni to the queue. Wendy Whitmore is here, the SVP of Unit 42. Welcome back, Wendy. Great to have >>You. Thanks Lisa. So >>Unit 42 created back in 2014. One of the things that I saw that you said in your keynote this morning or today was everything old is still around and it's co, it's way more prolific than ever. What are some of the things that Unit 42 is seeing these days with, with respect to cyber threats as the landscape has changed so much the last two years alone? >>You know, it, it has. So it's really interesting. I've been responding to these breaches for over two decades now, and I can tell you that there are a lot of new and novel techniques. I love that you already highlighted Smishing, right? In the opening gate. Right. Because that is something that a year ago, no one knew what that word was. I mean, we, it's probably gonna be invented this year, right? But that said, so many of the tactics that we have previously seen, when it comes to just general espionage techniques, right? Data act filtration, intellectual property theft, those are going on now more than ever. And you're not hearing about them as much in the news because there are so many other things, right? We're under the landscape of a major war going on between Russia and Ukraine of ransomware attacks, you know, occurring on a weekly basis. And so we keep hearing about those, but ultimately these nations aid actors are using that top cover, if you will, as a great distraction. It's almost like a perfect storm for them to continue conducting so much cyber espionage work that like we may not be feeling that today, but years down the road, they're, the work that they're doing today is gonna have really significant impact. >>Ransomware has become a household word in the last couple of years. I think even my mom knows what it is, to some degree. Yeah. But the threat actors are far more sophisticated than they've ever written. They're very motivated. They're very well funded. I think I've read a stat recently in the last year that there's a ransomware attack once every 11 seconds. And of course we only hear about the big ones. But that is a concern that goes all the way up to the board. >>Yeah. You know, we have a stat in our ransomware threat report that talks about how often victims are posted on leak sites. And I think it's once every seven minutes at this point that a new victim is posted. Meaning a victim has had their data, a victim organization had their data stolen and posted on some leak site in the attempt to be extorted. So that has become so common. One of the shifts that we've seen this year in particular and in recent months, you know, a year ago when I was at Ignite, which was virtual, we talked about quadruple extortion, meaning four different ways that these ransomware actors would go out and try to make money from these attacks in what they're doing now is often going to just one, which is, I don't even wanna bother with encrypting your data now, because that means that in order to get paid, I probably have to decrypt it. Right? That's a lot of work. It's time consuming. It's kind of painstaking. And so what they've really looked to do now is do the extortion where they simply steal the data and then threaten to post it on these leak sites, you know, release it other parts of the web and, and go from there. And so that's really a blending of these techniques of traditional cyber espionage with intellectual property theft. Wow. >>How trustworthy are those guys in terms of, I mean, these are hackers, right? In terms of it's really the, the hacker honor system, isn't it? I mean, if you get compromised like that, you really beholden to criminals. And so, you >>Know, so that's one of the key reasons why having the threat intelligence is so important, right? Understanding which group that you're dealing with and what their likelihood of paying is, what's their modus operandi. It's become even more important now because these groups switch teams more frequently than NFL trades, you know, free agents during the regular season, right? Or players become free agents. And that's because their infrastructure. So the, you know, infrastructure, the servers, the systems that they're using to conduct these attacks from is actually largely being disrupted more from law enforcement, international intelligence agencies working together with public private partnerships. So what they're doing is saying, okay, great. All that infrastructure that I just had now is, is burned, right? It's no longer effective. So then they'll disband a team and then they'll recruit a new team and it's constant like mixing and matching in players. >>All that said, even though that's highly dynamic, one of the other areas that they pride themselves on is customer service. So, and I think it's interesting because, you know, when I said they're not wanting to like do all the decryption? Yeah. Cuz that's like painful techni technical slow work. But on the customer service side, they will create these customer service portals immediately stand one up, say, you know, hey it's, it's like an Amazon, you know, if you've ever had to return a package on Amazon for example, and you need to click through and like explain, you know, Hey, I didn't receive this package. A portal window pops up, you start talking to either a bot or a live agent on the backend. In this case they're hu what appeared to be very much humans who are explaining to you exactly what happened, what they're asking for, super pleasant, getting back within minutes of a response. And they know that in order for them to get paid, they need to have good customer service because otherwise they're not going to, you know, have a business. How, >>So what's the state of play look like from between nation states, criminals and how, how difficult or not so difficult is it for you to identify? Do you have clear signatures? My understanding in with Solar Winds it was a little harder, but maybe help us understand and help our audience understand what the state of play is right now. >>One of the interesting things that I think is occurring, and I highlighted this this morning, is this idea of convergence. And so I'll break it down for one example relates to the type of malware or tools that these attackers use. So traditionally, if we looked at a nation state actor like China or Russia, they were very, very specific and very strategic about the types of victims that they were going to go after when they had zero day. So, you know, new, new malware out there, new vulnerabilities that could be exploited only by them because the rest of the world didn't know about it. They might have one organization that they would target that at, at most, a handful and all very strategic for their objective. They wanted to keep that a secret as long as possible. Now what we're seeing actually is those same attackers going towards one, a much larger supply chain. >>So, so lorenzen is a great example of that. The Hafnia attacks towards Microsoft Exchange server last year. All great examples of that. But what they're also doing is instead of using zero days as much, or you know, because those are expensive to build, they take a lot of time, a lot of funding, a lot of patience and research. What they're doing is using commercially available tools. And so there's a tool that our team identified earlier this year called Brute Rael, C4 or BRC four for short. And that's a tool that we now know that nation state actors are using. But just two weeks ago we invested a ransomware attack where the ransomware actor was using that same piece of tooling. So to your point, yak can get difficult for defenders when you're looking through and saying, well wait, they're all using some of the same tools right now and some of the same approaches when it comes to nation states, that's great for them because they can blend into the noise and it makes it harder to identify as >>Quickly. And, and is that an example of living off the land or is that B BRC four sort of a homegrown hacker tool? Is it, is it a, is it a commercial >>Off the shelf? So it's a tool that was actually, so you can purchase it, I believe it's about 2,500 US dollars for a license. It was actually created by a former Red teamer from a couple well-known companies in the industry who then decided, well hey, I built this tool for work, I'm gonna sell this. Well great for Red teamers that are, you know, legitimately doing good work, but not great now because they're, they built a, a strong tool that has the ability to hide amongst a, a lot of protocols. It can actually hide within Slack and teams to where you can't even see the data is being exfiltrated. And so there's a lot of concern. And then now the reality that it gets into the wrong hands of nation state actors in ransomware actors, one of the really interesting things about that piece of malware is it has a setting where you can change wallpaper. And I don't know if you know offhand, you know what that means, but you know, if that comes to mind, what you would do with it. Well certainly a nation state actor is never gonna do something like that, right? But who likes to do that are ransomware actors who can go in and change the background wallpaper on a desktop that says you've been hacked by XYZ organization and let you know what's going on. So pretty interesting, obviously the developer doing some work there for different parts of the, you know, nefarious community. >>Tremendous amount of sophistication that's gone on the last couple of years alone. I was just reading that Unit 42 is now a founding member of the Cyber Threat Alliance includes now more than 35 organizations. So you guys are getting a very broad picture of today's threat landscape. How can customers actually achieve cyber resilience? Is it achievable and how do you help? >>So I, I think it is achievable. So let me kind of parse out the question, right. So the Cyber Threat Alliance, the J C D C, the Cyber Safety Review Board, which I'm a member of, right? I think one of the really cool things about Palo Alto Networks is just our partnerships. So those are just a handful. We've got partnerships with over 200 organizations. We work closely with the Ukrainian cert, for example, sharing information, incredible information about like what's going on in the war, sharing technical details. We do that with Interpol on a daily basis where, you know, we're sharing information. Just last week the Africa cyber surge operation was announced where millions of nodes were taken down that were part of these larger, you know, system of C2 channels that attackers are using to conduct exploits and attacks throughout the world. So super exciting in that regard and it's something that we're really passionate about at Palo Alto Networks in terms of resilience, a few things, you know, one is visibility, so really having a, an understanding of in a real, as much of real time as possible, right? What's happening. And then it goes into how you, how can we decrease operational impact. So that's everything from network segmentation to wanna add the terms and phrases I like to use a lot is the win is really increasing the time it takes for the attackers to get their work done and decreasing the amount of time it takes for the defenders to get their work done, right? >>Yeah. I I call it increasing the denominator, right? And the ROI equation benefit over or value, right? Equals equals or benefit equals value over cost if you can increase the cost to go go elsewhere, right? Absolutely. And that's the, that's the game. Yeah. You mentioned Ukraine before, what have we learned from Ukraine? I, I remember I was talking to Robert Gates years ago, 2016 I think, and I was asking him, yeah, but don't we have the best cyber technology? Can't we attack? He said, we got the most to lose too. Yeah. And so what have we learned from, from Ukraine? >>Well, I, I think that's part of the key point there, right? Is you know, a great offense essentially can also be for us, you know, deterrent. So in that aspect we have as an, as a company and or excuse me, as a country, as a company as well, but then as partners throughout all parts of the world have really focused on increasing the intelligence sharing and specifically, you know, I mentioned Ukrainian cert. There are so many different agencies and other sorts throughout the world that are doing everything they can to share information to help protect human life there. And so what we've really been concerned with, with is, you know, what cyber warfare elements are going to be used there, not only how does that impact Ukraine, but how does it potentially spread out to other parts of the world critical infrastructure. So you've seen that, you know, I mentioned CS rrb, but cisa, right? >>CISA has done a tremendous job of continuously getting out information and doing everything they can to make sure that we are collaborating at a commercial level. You know, we are sharing information and intelligence more than ever before. So partners like Mania and CrowdStrike, our Intel teams are working together on a daily basis to make sure that we're able to protect not only our clients, but certainly if we've got any information relevant that we can share that as well. And I think if there's any silver lining to an otherwise very awful situation, I think the fact that is has accelerated intelligence sharing is really positive. >>I was gonna ask you about this cause I think, you know, 10 or so years ago, there was a lot of talk about that, but the industry, you know, kind of kept things to themselves, you know, a a actually tried to monetize some of that private data. So that's changing is what I'm hearing from you >>More so than ever more, you know, I've, I mentioned I've been in the field for 20 years. You know, it, it's tough when you have a commercial business that relies on, you know, information to, in order to pay people's salaries, right? I think that has changed quite a lot. We see the benefit of just that continuous sharing. There are, you know, so many more walls broken down between these commercial competitors, but also the work on the public private partnership side has really increased some of those relationships. Made it easier. And you know, I have to give a whole lot of credit and mention sisa, like the fact that during log four J, like they had GitHub repositories, they were using Slack, they were using Twitter. So the government has really started pushing forward with a lot of the newer leadership that's in place to say, Hey, we're gonna use tools and technology that works to share and disseminate information as quickly as we can. Right? That's fantastic. That's helping everybody. >>We knew that every industry, no, nobody's spared of this. But did you notice in the last couple of years, any industries in particular that are more vulnerable? Like I think of healthcare with personal health information or financial services, any industries kind of jump out as being more susceptible than others? >>So I think those two are always gonna be at the forefront, right? Financial services and healthcare. But what's been really top of mind is critical infrastructure, just making sure right? That our water, our power, our fuel, so many other parts of right, the ecosystem that go into making sure that, you know, we're keeping, you know, houses heated during the winter, for example, that people have fresh water. Those are extremely critical. And so that is really a massive area of focus for the industry right now. >>Can I come back to public-private partnerships? My question is relates to regulations because the public policy tends to be behind tech, the technology industry as an understatement. So when you take something like GDPR is the obvious example, but there are many, many others, data sovereignty, you can't move the data. Are are, are, is there tension between your desire as our desire as an industry to share data and government's desire to keep data private and restrict that data sharing? How is that playing out? How do you resolve that? >>Well I think there have been great strides right in each of those areas. So in terms of regulation when it comes to breaches there, you know, has been a tendency in the past to do victim shaming, right? And for organizations to not want to come forward because they're concerned about the monetary funds, right? I think there's been tremendous acceleration. You're seeing that everywhere from the fbi, from cisa, to really working very closely with organizations to, to have a true impact. So one example would be a ransomware attack that occurred. This was for a client of ours within the United States and we had a very close relationship with the FBI at that local field office and made a phone call. This was 7:00 AM Eastern time. And this was an organization that had this breach gone public, would've made worldwide news. There would've been a very big impact because it would've taken a lot of their systems offline. >>Within the 30 minutes that local FBI office was on site said, we just saw this piece of malware last week, we have a decryptor for it from another organization who shared it with us. Here you go. And within 60 minutes, every system was back up and running. Our teams were able to respond and get that disseminated quickly. So efforts like that, I think the government has made a tremendous amount of headway into improving relationships. Is there always gonna be some tension between, you know, competing, you know, organizations? Sure. But I think that we're doing a whole lot to progress it, >>But governments will make exceptions in that case. Especially for something as critical as the example that you just gave and be able to, you know, do a reach around, if you will, on, on onerous regulations that, that ne aren't helpful in that situation, but certainly do a lot of good in terms of protecting privacy. >>Well, and I think there used to be exceptions made typically only for national security elements, right? And now you're seeing that expanding much more so, which I think is also positive. Right. >>Last question for you as we are wrapping up time here. What can organizations really do to stay ahead of the curve when it comes to, to threat actors? We've got internal external threats. What can they really do to just be ahead of that curve? Is that possible? >>Well, it is now, it's not an easy task so I'm not gonna, you know, trivialize it. But I think that one, having relationships with right organizations in advance always a good thing. That's a, everything from certainly a commercial relationships, but also your peers, right? There's all kinds of fantastic industry spec specific information sharing organizations. I think the biggest thing that impacts is having education across your executive team and testing regularly, right? Having a plan in place, testing it. And it's not just the security pieces of it, right? As security responders, we live these attacks every day, but it's making sure that your general counsel and your head of operations and your CEO knows what to do. Your board of directors, do they know what to do when they receive a phone call from Bloomberg, for example? Are they supposed supposed to answer? Do your employees know that those kind of communications in advance and training can be really critical and make or break a difference in an attack. >>That's a great point about the testing but also the communication that it really needs to be company wide. Everyone at every level needs to know how to react. Wendy, it's been so great having, >>Wait one last question. Sure. Do you have a favorite superhero growing up? >>Ooh, it's gotta be Wonder Woman. Yeah, >>Yeah, okay. Yeah, so cuz I'm always curious, there's not a lot of women in, in security in cyber. How'd you get into it? And many cyber pros like wanna save the world? >>Yeah, no, that's a great question. So I joined the Air Force, you know, I, I was a special agent doing computer crime investigations and that was a great job. And I learned about that from, we had an alumni day and all these alumni came in from the university and they were in flight suits and combat gear. And there was one woman who had long blonde flowing hair and a black suit and high heels and she was carrying a gun. What did she do? Because that's what I wanted do. >>Awesome. Love it. We >>Blonde >>Wonder Woman. >>Exactly. Wonder Woman. Wendy, it's been so great having you on the program. We, we will definitely be following unit 42 and all the great stuff that you guys are doing. Keep up the good >>Work. Thanks so much Lisa. Thank >>You. Day our pleasure. For our guest and Dave Valante, I'm Lisa Martin, live in Las Vegas at MGM Grand for Palo Alto Ignite, 22. You're watching the Cube, the leader in live enterprise and emerging tech coverage.

(upbeat music) >> Hello, welcome back to theCUBE's AWS RE:Invent 2022 Coverage. I'm John Furrier, host of theCUBE. Got a great lineup here, Itamar Ankorion SVP Technology Alliance at Qlik and Peter McDonald, vice President, cloud partnerships and business development Snowflake. We're going to talk about bringing SAP data to life, for joint Snowflake, Qlik and AWS Solution. Gentlemen, thanks for coming on theCUBE Really appreciate it. >> Thank you. >> Thank you, great meeting you John. >> Just to get started, introduce yourselves to the audience, then going to jump into what you guys are doing together, unique relationship here, really compelling solution in cloud. Big story about applications and scale this year. Let's introduce yourselves. Peter, we'll start with you. >> Great. I'm Peter MacDonald. I am vice president of Cloud Partners and business development here at Snowflake. On the Cloud Partner side, that means I manage AWS relationship along with Microsoft and Google Cloud. What we do together in terms of complimentary products, GTM, co-selling, things like that. Importantly, working with other third parties like Qlik for joint solutions. On business development, it's negotiating custom commercial partnerships, large companies like Salesforce and Dell, smaller companies at most for our venture portfolio. >> Thanks Peter and hi John. It's great to be back here. So I'm Itamar Ankorion and I'm the senior vice president responsible for technology alliances here at Qlik. With that, own strategic alliances, including our key partners in the cloud, including Snowflake and AWS. I've been in the data and analytics enterprise software market for 20 plus years, and my main focus is product management, marketing, alliances, and business development. I joined Qlik about three and a half years ago through the acquisition of Attunity, which is now the foundation for Qlik data integration. So again, we focus in my team on creating joint solution alignment with our key partners to provide more value to our customers. >> Great to have both you guys, senior executives in the industry on theCUBE here, talking about data, obviously bringing SAP data to life is the theme of this segment, but this reinvent, it's all about the data, big data end-to-end story, a lot about data being intrinsic as the CEO says on stage around in the organizations in all aspects. Take a minute to explain what you guys are doing as from a company standpoint. Snowflake and Qlik and the solutions, why here at AWS? Peter, we'll start with you at Snowflake, what you guys do as a company, your mission, your focus. >> That was great, John. Yeah, so here at Snowflake, we focus on the data platform and until recently, data platforms required expensive on-prem hardware appliances. And despite all that expense, customers had capacity constraints, inexpensive maintenance, and had limited functionality that all impeded these organizations from reaching their goals. Snowflake is a cloud native SaaS platform, and we've become so successful because we've addressed these pain points and have other new special features. For example, securely sharing data across both the organization and the value chain without copying the data, support for new data types such as JSON and structured data, and also advance in database data governance. Snowflake integrates with complimentary AWS services and other partner products. So we can enable holistic solutions that include, for example, here, both Qlik and AWS SageMaker, and comprehend and bring those to joint customers. Our customers want to convert data into insights along with advanced analytics platforms in AI. That is how they make holistic data-driven solutions that will give them competitive advantage. With Snowflake, our approach is to focus on customer solutions that leverage data from existing systems such as SAP, wherever they are in the cloud or on-premise. And to do this, we leverage partners like Qlik native US to help customers transform their businesses. We provide customers with a premier data analytics platform as a result. Itamar, why don't you talk about Qlik a little bit and then we can dive into the specific SAP solution here and some trends >> Sounds great, Peter. So Qlik provides modern data integration and analytics software used by over 38,000 customers worldwide. Our focus is to help our customers turn data into value and help them close the gap between data all the way through insight and action. We offer click data integration and click data analytics. Click data integration helps to automate the data pipelines to deliver data to where they want to use them in real-time and make the data ready for analytics and then Qlik data analytics is a robust platform for analytics and business intelligence has been a leader in the Gartner Magic Quadrant for over 11 years now in the market. And both of these come together into what we call Qlik Cloud, which is our SaaS based platform. So providing a more seamless way to consume all these services and accelerate time to value with customer solutions. In terms of partnerships, both Snowflake and AWS are very strategic to us here at Qlik, so we have very comprehensive investment to ensure strong joint value proposition to we can bring to our mutual customers, everything from aligning our roadmaps through optimizing and validating integrations, collaborating on best practices, packaging joint solutions like the one we'll talk about today. And with that investment, we are an elite level, top level partner with Snowflake. We fly that our technology is Snowflake-ready across the entire product set and we have hundreds of joint customers together and with AWS we've also partnered for a long time. We're here to reinvent. We've been here with the first reinvent since the inaugural one, so it kind of gives you an idea for how long we've been working with AWS. We provide very comprehensive integration with AWS data analytics services, and we have several competencies ranging from data analytics to migration and modernization. So that's our focus and again, we're excited about working with Snowflake and AWS to bring solutions together to market. >> Well, I'm looking forward to unpacking the solutions specifically, and congratulations on the continued success of both your companies. We've been following them obviously for a very long time and seeing the platform evolve beyond just SaaS and a lot more going on in cloud these days, kind of next generation emerging. You know, we're seeing a lot of macro trends that are going to be powering some of the things we're going to get into real quickly. But before we get into the solution, what are some of those power dynamics in the industry that you're seeing in trends specifically that are impacting your customers that are taking us down this road of getting more out of the data and specifically the SAP, but in general trends and dynamics. What are you hearing from your customers? Why do they care? Why are they going down this road? Peter, we'll start with you. >> Yeah, I'll go ahead and start. Thanks. Yeah, I'd say we continue to see customers being, being very eager to transform their businesses and they know they need to leverage technology and data to do so. They're also increasingly depending upon the cloud to bring that agility, that elasticity, new functionality necessary to react in real-time to every evolving customer needs. You look at what's happened over the last three years, and boy, the macro environment customers, it's all changing so fast. With our partnerships with AWS and Qlik, we've been able to bring to market innovative solutions like the one we're announcing today that spans all three companies. It provides a holistic solution and an integrated solution for our customer. >> Itamar let's get into it, you've been with theCUBE, you've seen the journey, you have your own journey, many, many years, you've seen the waves. What's going on now? I mean, what's the big wave? What's the dynamic powering this trend? >> Yeah, in a nutshell I'll call it, it's all about time. You know, it's time to value and it's about real-time data. I'll kind of talk about that a bit. So, I mean, you hear a lot about the data being the new oil, but it's definitely, we see more and more customers seeing data as their critical enabler for innovation and digital transformation. They look for ways to monetize data. They look as the data as the way in which they can innovate and bring different value to the customers. So we see customers want to use more data so to get more value from data. We definitely see them wanting to do it faster, right, than before. And we definitely see them looking for agility and automation as ways to accelerate time to value, and also reduce overall costs. I did mention real-time data, so we definitely see more and more customers, they want to be able to act and make decisions based on fresh data. So yesterday's data is just not good enough. >> John: Yeah. >> It's got to be down to the hour, down to the minutes and sometimes even lower than that. And then I think we're also seeing customers look to their core business systems where they have a lot of value, like the SAP, like mainframe and thinking, okay, our core data is there, how can we get more value from this data? So that's key things we see all the time with customers. >> Yeah, we did a big editorial segment this year on, we called data as code. Data as code is kind of a riff on infrastructure as code and you start to see data becoming proliferating into all aspects, fresh data. It's not just where you store it, it's how you share it, it's how you turn it into an application intrinsically involved in all aspects. This is the big theme this year and that's driving all the conversations here at RE:Invent. And I'm guaranteeing you, it's going to happen for another five and 10 years. It's not stopping. So I got to get into the solution, you guys mentioned SAP and you've announced the solution by Qlik, Snowflake and AWS for your customers using SAP. Can you share more about this solution? What's unique about it? Why is it important and why now? Peter, Itamar, we'll start with you first. >> Let me jump in, this is really, I'll jump because I'm excited. We're very excited about this solution and it's also a solution by the way and again, we've seen proven customer success with it. So to your point, it's ready to scale, it's starting, I think we're going to see a lot of companies doing this over the next few years. But before we jump to the solution, let me maybe take a few minutes just to clarify the need, why we're seeing, why we're seeing customers jump to do this. So customers that use SAP, they use it to manage the core of their business. So think order processing, management, finance, inventory, supply chain, and so much more. So if you're running SAP in your company, that data creates a great opportunity for you to drive innovation and modernization. So what we see customers want to do, they want to do more with their data and more means they want to take SAP with non-SAP data and use it together to drive new insights. They want to use real-time data to drive real-time analytics, which they couldn't do to date. They want to bring together descriptive with predictive analytics. So adding machine learning in AI to drive more value from the data. And naturally they want to do it faster. So find ways to iterate faster on their solutions, have freedom with the data and agility. And I think this is really where cloud data platforms like Snowflake and AWS, you know, bring that value to be able to drive that. Now to do that you need to unlock the SAP data, which is a lot of also where Qlik comes in because typical challenges these customers run into is the complexity, inherent in SAP data. Tens of thousands of tables, proprietary formats, complex data models, licensing restrictions, and more than, you have performance issues, they usually run into how do we handle the throughput, the volumes while maintaining lower latency and impact. Where do we find knowledge to really understand how to get all this done? So these are the things we've looked at when we came together to create a solution and make it unique. So when you think about its uniqueness, because we put together a lot, and I'll go through three, four key things that come together to make this unique. First is about data delivery. How do you have the SAP data delivery? So how do you get it from ECC, from HANA from S/4HANA, how do you deliver the data and the metadata and how that integration well into Snowflake. And what we've done is we've focused a lot on optimizing that process and the continuous ingestion, so the real-time ingestion of the data in a way that works really well with the Snowflake system, data cloud. Second thing is we looked at SAP data transformation, so once the data arrives at Snowflake, how do we turn it into being analytics ready? So that's where data transformation and data worth automation come in. And these are all elements of this solution. So creating derivative datasets, creating data marts, and all of that is done by again, creating an optimized integration that pushes down SQL based transformations, so they can be processed inside Snowflake, leveraging its powerful engine. And then the third element is bringing together data visualization analytics that can also take all the data now that in organizing inside Snowflake, bring other data in, bring machine learning from SageMaker, and then you go to create a seamless integration to bring analytic applications to life. So these are all things we put together in the solution. And maybe the last point is we actually took the next step with this and we created something we refer to as solution accelerators, which we're really, really keen about. Think about this as prepackaged templates for common business analytic needs like order to cash, finance, inventory. And we can either dig into that a little more later, but this gets the next level of value to the customers all built into this joint solution. >> Yeah, I want to get to the accelerators, but real quick, Peter, your reaction to the solution, what's unique about it? And obviously Snowflake, we've been seeing the progression data applications, more developers developing on top of Snowflake, data as code kind of implies developer ecosystem. This is kind of interesting. I mean, you got partnering with Qlik and AWS, it's kind of a developer-like thinking real solution. What's unique about this SAP solution that's, that's different than what customers can get anywhere else or not? >> Yeah, well listen, I think first of all, you have to start with the idea of the solution. This are three companies coming together to build a holistic solution that is all about, you know, creating a great opportunity to turn SAP data into value this is Itamar was talking about, that's really what we're talking about here and there's a lot of technology underneath it. I'll talk more about the Snowflake technology, what's involved here, and then cover some of the AWS pieces as well. But you know, we're focusing on getting that value out and accelerating time to value for our joint customers. As Itamar was saying, you know, there's a lot of complexity with the SAP data and a lot of value there. How can we manage that in a prepackaged way, bringing together best of breed solutions with proven capabilities and bringing this to market quickly for our joint customers. You know, Snowflake and AWS have been strong partners for a number of years now, and that's not only on how Snowflake runs on top of AWS, but also how we integrate with their complementary analytics and then all products. And so, you know, we want to be able to leverage those in addition to what Qlik is bringing in terms of the data transformations, bringing data out of SAP in the visualization as well. All very critical. And then we want to bring in the predictive analytics, AWS brings and what Sage brings. We'll talk about that a little bit later on. Some of the technologies that we're leveraging are some of our latest cutting edge technologies that really make things easier for both our partners and our customers. For example, Qlik leverages Snowflakes recently released Snowpark for Python functionality to push down those data transformations from clicking the Snowflake that Itamar's mentioning. And while we also leverage Snowpark for integrations with Amazon SageMaker, but there's a lot of great new technology that just makes this easy and compelling for customers. >> I think that's the big word, easy button here for what may look like a complex kind of integration, kind of turnkey, really, really compelling example of the modern era we're living in, as we always say in theCUBE. You mentioned accelerators, SAP accelerators. Can you give an example of how that works with the technology from the third party providers to deliver this business value Itamar, 'cause that was an interesting comment. What's the example? Give an example of this acceleration. >> Yes, certainly. I think this is something that really makes this truly, truly unique in the industry and again, a great opportunity for customers. So we kind talked earlier about there's a lot of things that need to be done with SP data to turn it to value. And these accelerator, as the name suggests, are designed to do just that, to kind of jumpstart the process and reduce the time and the risk involved in such project. So again, these are pre-packaged templates. We basically took a lot of knowledge, and a lot of configurations, best practices about to get things done and we put 'em together. So think about all the steps, it includes things like data extraction, so already knowing which tables, all the relevant tables that you need to get data from in the contexts of the solution you're looking for, say like order to cash, we'll get back to that one. How do you continuously deliver that data into Snowflake in an in efficient manner, handling things like data type mappings, metadata naming conventions and transformations. The data models you build all the way to data mart definitions and all the transformations that the data needs to go through moving through steps until it's fully analytics ready. And then on top of that, even adding a library of comprehensive analytic dashboards and integrations through machine learning and AI and put all of that in a way that's in pre-integrated and tested to work with Snowflake and AWS. So this is where again, you get this entire recipe that's ready. So take for example, I think I mentioned order to cash. So again, all these things I just talked about, I mean, for those who are not familiar, I mean order to cash is a critical business process for every organization. So especially if you're in retail, manufacturing, enterprise, it's a big... This is where, you know, starting with booking a sales order, following by fulfilling the order, billing the customer, then managing the accounts receivable when the customer actually pays, right? So this all process, you got sales order fulfillment and the billing impacts customer satisfaction, you got receivable payments, you know, the impact's working capital, cash liquidity. So again, as a result this order to cash process is a lifeblood for many businesses and it's critical to optimize and understand. So the solution accelerator we created specifically for order to cash takes care of understanding all these aspects and the data that needs to come with it. So everything we outline before to make the data available in Snowflake in a way that's really useful for downstream analytics, along with dashboards that are already common for that, for that use case. So again, this enables customers to gain real-time visibility into their sales orders, fulfillment, accounts receivable performance. That's what the Excel's are all about. And very similarly, we have another one for example, for finance analytics, right? So this will optimize financial data reporting, helps customers get insights into P&L, financial risk of stability or inventory analytics that helps with, you know, improve planning and inventory management, utilization, increased efficiencies, you know, so in supply chain. So again, these accelerators really help customers get a jumpstart and move faster with their solutions. >> Peter, this is the easy button we just talked about, getting things going, you know, get the ball rolling, get some acceleration. Big part of this are the three companies coming together doing this. >> Yeah, and to build on what Itamar just said that the SAP data obviously has tremendous value. Those sales orders, distribution data, financial data, bringing that into Snowflake makes it easily accessible, but also it enables it to be combined with other data too, is one of the things that Snowflake does so well. So you can get a full view of the end-to-end process and the business overall. You know, for example, I'll just take one, you know, one example that, that may not come to mind right away, but you know, looking at the impact of weather conditions on supply chain logistics is relevant and material and have interest to our customers. How do you bring those different data sets together in an easy way, bringing the data out of SAP, bringing maybe other data out of other systems through Qlik or through Snowflake, directly bringing data in from our data marketplace and bring that all together to make it work. You know, fundamentally organizational silos and the data fragmentation exist otherwise make it really difficult to drive modern analytics projects. And that in turn limits the value that our customers are getting from SAP data and these other data sets. We want to enable that and unleash. >> Yeah, time for value. This is great stuff. Itamar final question, you know, what are customers using this? What do you have? I'm sure you have customers examples already using the solution. Can you share kind of what these examples look like in the use cases and the value? >> Oh yeah, absolutely. Thank you. Happy to. We have customers across different, different sectors. You see manufacturing, retail, energy, oil and gas, CPG. So again, customers in those segments, typically sectors typically have SAP. So we have customers in all of them. A great example is like Siemens Energy. Siemens Energy is a global provider of gas par services. You know, over what, 28 billion, 30 billion in revenue. 90,000 employees. They operate globally in over 90 countries. So they've used SAP HANA as a core system, so it's running on premises, multiple locations around the world. And what they were looking for is a way to bring all these data together so they can innovate with it. And the thing is, Peter mentioned earlier, not just the SAP data, but also bring other data from other systems to bring it together for more value. That includes finance data, these logistics data, these customer CRM data. So they bring data from over 20 different SAP systems. Okay, with Qlik data integration, feeding that into Snowflake in under 20 minutes, 24/7, 365, you know, days a year. Okay, they get data from over 20,000 tables, you know, over million, hundreds of millions of records daily going in. So it is a great example of the type of scale, scalability, agility and speed that they can get to drive these kind of innovation. So that's a great example with Siemens. You know, another one comes to mind is a global manufacturer. Very similar scenario, but you know, they're using it for real-time executive reporting. So it's more like feasibility to the production data as well as for financial analytics. So think, think, think about everything from audit to texts to innovate financial intelligence because all the data's coming from SAP. >> It's a great time to be in the data business again. It keeps getting better and better. There's more data coming. It's not stopping, you know, it's growing so fast, it keeps coming. Every year, it's the same story, Peter. It's like, doesn't stop coming. As we wrap up here, let's just get customers some information on how to get started. I mean, obviously you're starting to see the accelerators, it's a great program there. What a great partnership between the two companies and AWS. How can customers get started to learn about the solution and take advantage of it, getting more out of their SAP data, Peter? >> Yeah, I think the first place to go to is talk to Snowflake, talk to AWS, talk to our account executives that are assigned to your account. Reach out to them and they will be able to educate you on the solution. We have packages up very nicely and can be deployed very, very quickly. >> Well gentlemen, thank you so much for coming on. Appreciate the conversation. Great overview of the partnership between, you know, Snowflake and Qlik and AWS on a joint solution. You know, getting more out of the SAP data. It's really kind of a key, key solution, bringing SAP data to life. Thanks for coming on theCUBE. Appreciate it. >> Thank you. >> Thank you John. >> Okay, this is theCUBE coverage here at RE:Invent 2022. I'm John Furrier, your host of theCUBE. Thanks for watching. (upbeat music)

(upbeat music) >> Hello, welcome back to theCUBE's AWS RE:Invent 2022 Coverage. I'm John Furrier, host of theCUBE. Got a great lineup here, Itamar Ankorion SVP Technology Alliance at Qlik and Peter McDonald, vice President, cloud partnerships and business development Snowflake. We're going to talk about bringing SAP data to life, for joint Snowflake, Qlik and AWS Solution. Gentlemen, thanks for coming on theCUBE Really appreciate it. >> Thank you. >> Thank you, great meeting you John. >> Just to get started, introduce yourselves to the audience, then going to jump into what you guys are doing together, unique relationship here, really compelling solution in cloud. Big story about applications and scale this year. Let's introduce yourselves. Peter, we'll start with you. >> Great. I'm Peter MacDonald. I am vice president of Cloud Partners and business development here at Snowflake. On the Cloud Partner side, that means I manage AWS relationship along with Microsoft and Google Cloud. What we do together in terms of complimentary products, GTM, co-selling, things like that. Importantly, working with other third parties like Qlik for joint solutions. On business development, it's negotiating custom commercial partnerships, large companies like Salesforce and Dell, smaller companies at most for our venture portfolio. >> Thanks Peter and hi John. It's great to be back here. So I'm Itamar Ankorion and I'm the senior vice president responsible for technology alliances here at Qlik. With that, own strategic alliances, including our key partners in the cloud, including Snowflake and AWS. I've been in the data and analytics enterprise software market for 20 plus years, and my main focus is product management, marketing, alliances, and business development. I joined Qlik about three and a half years ago through the acquisition of Attunity, which is now the foundation for Qlik data integration. So again, we focus in my team on creating joint solution alignment with our key partners to provide more value to our customers. >> Great to have both you guys, senior executives in the industry on theCUBE here, talking about data, obviously bringing SAP data to life is the theme of this segment, but this reinvent, it's all about the data, big data end-to-end story, a lot about data being intrinsic as the CEO says on stage around in the organizations in all aspects. Take a minute to explain what you guys are doing as from a company standpoint. Snowflake and Qlik and the solutions, why here at AWS? Peter, we'll start with you at Snowflake, what you guys do as a company, your mission, your focus. >> That was great, John. Yeah, so here at Snowflake, we focus on the data platform and until recently, data platforms required expensive on-prem hardware appliances. And despite all that expense, customers had capacity constraints, inexpensive maintenance, and had limited functionality that all impeded these organizations from reaching their goals. Snowflake is a cloud native SaaS platform, and we've become so successful because we've addressed these pain points and have other new special features. For example, securely sharing data across both the organization and the value chain without copying the data, support for new data types such as JSON and structured data, and also advance in database data governance. Snowflake integrates with complimentary AWS services and other partner products. So we can enable holistic solutions that include, for example, here, both Qlik and AWS SageMaker, and comprehend and bring those to joint customers. Our customers want to convert data into insights along with advanced analytics platforms in AI. That is how they make holistic data-driven solutions that will give them competitive advantage. With Snowflake, our approach is to focus on customer solutions that leverage data from existing systems such as SAP, wherever they are in the cloud or on-premise. And to do this, we leverage partners like Qlik native US to help customers transform their businesses. We provide customers with a premier data analytics platform as a result. Itamar, why don't you talk about Qlik a little bit and then we can dive into the specific SAP solution here and some trends >> Sounds great, Peter. So Qlik provides modern data integration and analytics software used by over 38,000 customers worldwide. Our focus is to help our customers turn data into value and help them close the gap between data all the way through insight and action. We offer click data integration and click data analytics. Click data integration helps to automate the data pipelines to deliver data to where they want to use them in real-time and make the data ready for analytics and then Qlik data analytics is a robust platform for analytics and business intelligence has been a leader in the Gartner Magic Quadrant for over 11 years now in the market. And both of these come together into what we call Qlik Cloud, which is our SaaS based platform. So providing a more seamless way to consume all these services and accelerate time to value with customer solutions. In terms of partnerships, both Snowflake and AWS are very strategic to us here at Qlik, so we have very comprehensive investment to ensure strong joint value proposition to we can bring to our mutual customers, everything from aligning our roadmaps through optimizing and validating integrations, collaborating on best practices, packaging joint solutions like the one we'll talk about today. And with that investment, we are an elite level, top level partner with Snowflake. We fly that our technology is Snowflake-ready across the entire product set and we have hundreds of joint customers together and with AWS we've also partnered for a long time. We're here to reinvent. We've been here with the first reinvent since the inaugural one, so it kind of gives you an idea for how long we've been working with AWS. We provide very comprehensive integration with AWS data analytics services, and we have several competencies ranging from data analytics to migration and modernization. So that's our focus and again, we're excited about working with Snowflake and AWS to bring solutions together to market. >> Well, I'm looking forward to unpacking the solutions specifically, and congratulations on the continued success of both your companies. We've been following them obviously for a very long time and seeing the platform evolve beyond just SaaS and a lot more going on in cloud these days, kind of next generation emerging. You know, we're seeing a lot of macro trends that are going to be powering some of the things we're going to get into real quickly. But before we get into the solution, what are some of those power dynamics in the industry that you're seeing in trends specifically that are impacting your customers that are taking us down this road of getting more out of the data and specifically the SAP, but in general trends and dynamics. What are you hearing from your customers? Why do they care? Why are they going down this road? Peter, we'll start with you. >> Yeah, I'll go ahead and start. Thanks. Yeah, I'd say we continue to see customers being, being very eager to transform their businesses and they know they need to leverage technology and data to do so. They're also increasingly depending upon the cloud to bring that agility, that elasticity, new functionality necessary to react in real-time to every evolving customer needs. You look at what's happened over the last three years, and boy, the macro environment customers, it's all changing so fast. With our partnerships with AWS and Qlik, we've been able to bring to market innovative solutions like the one we're announcing today that spans all three companies. It provides a holistic solution and an integrated solution for our customer. >> Itamar let's get into it, you've been with theCUBE, you've seen the journey, you have your own journey, many, many years, you've seen the waves. What's going on now? I mean, what's the big wave? What's the dynamic powering this trend? >> Yeah, in a nutshell I'll call it, it's all about time. You know, it's time to value and it's about real-time data. I'll kind of talk about that a bit. So, I mean, you hear a lot about the data being the new oil, but it's definitely, we see more and more customers seeing data as their critical enabler for innovation and digital transformation. They look for ways to monetize data. They look as the data as the way in which they can innovate and bring different value to the customers. So we see customers want to use more data so to get more value from data. We definitely see them wanting to do it faster, right, than before. And we definitely see them looking for agility and automation as ways to accelerate time to value, and also reduce overall costs. I did mention real-time data, so we definitely see more and more customers, they want to be able to act and make decisions based on fresh data. So yesterday's data is just not good enough. >> John: Yeah. >> It's got to be down to the hour, down to the minutes and sometimes even lower than that. And then I think we're also seeing customers look to their core business systems where they have a lot of value, like the SAP, like mainframe and thinking, okay, our core data is there, how can we get more value from this data? So that's key things we see all the time with customers. >> Yeah, we did a big editorial segment this year on, we called data as code. Data as code is kind of a riff on infrastructure as code and you start to see data becoming proliferating into all aspects, fresh data. It's not just where you store it, it's how you share it, it's how you turn it into an application intrinsically involved in all aspects. This is the big theme this year and that's driving all the conversations here at RE:Invent. And I'm guaranteeing you, it's going to happen for another five and 10 years. It's not stopping. So I got to get into the solution, you guys mentioned SAP and you've announced the solution by Qlik, Snowflake and AWS for your customers using SAP. Can you share more about this solution? What's unique about it? Why is it important and why now? Peter, Itamar, we'll start with you first. >> Let me jump in, this is really, I'll jump because I'm excited. We're very excited about this solution and it's also a solution by the way and again, we've seen proven customer success with it. So to your point, it's ready to scale, it's starting, I think we're going to see a lot of companies doing this over the next few years. But before we jump to the solution, let me maybe take a few minutes just to clarify the need, why we're seeing, why we're seeing customers jump to do this. So customers that use SAP, they use it to manage the core of their business. So think order processing, management, finance, inventory, supply chain, and so much more. So if you're running SAP in your company, that data creates a great opportunity for you to drive innovation and modernization. So what we see customers want to do, they want to do more with their data and more means they want to take SAP with non-SAP data and use it together to drive new insights. They want to use real-time data to drive real-time analytics, which they couldn't do to date. They want to bring together descriptive with predictive analytics. So adding machine learning in AI to drive more value from the data. And naturally they want to do it faster. So find ways to iterate faster on their solutions, have freedom with the data and agility. And I think this is really where cloud data platforms like Snowflake and AWS, you know, bring that value to be able to drive that. Now to do that you need to unlock the SAP data, which is a lot of also where Qlik comes in because typical challenges these customers run into is the complexity, inherent in SAP data. Tens of thousands of tables, proprietary formats, complex data models, licensing restrictions, and more than, you have performance issues, they usually run into how do we handle the throughput, the volumes while maintaining lower latency and impact. Where do we find knowledge to really understand how to get all this done? So these are the things we've looked at when we came together to create a solution and make it unique. So when you think about its uniqueness, because we put together a lot, and I'll go through three, four key things that come together to make this unique. First is about data delivery. How do you have the SAP data delivery? So how do you get it from ECC, from HANA from S/4HANA, how do you deliver the data and the metadata and how that integration well into Snowflake. And what we've done is we've focused a lot on optimizing that process and the continuous ingestion, so the real-time ingestion of the data in a way that works really well with the Snowflake system, data cloud. Second thing is we looked at SAP data transformation, so once the data arrives at Snowflake, how do we turn it into being analytics ready? So that's where data transformation and data worth automation come in. And these are all elements of this solution. So creating derivative datasets, creating data marts, and all of that is done by again, creating an optimized integration that pushes down SQL based transformations, so they can be processed inside Snowflake, leveraging its powerful engine. And then the third element is bringing together data visualization analytics that can also take all the data now that in organizing inside Snowflake, bring other data in, bring machine learning from SageMaker, and then you go to create a seamless integration to bring analytic applications to life. So these are all things we put together in the solution. And maybe the last point is we actually took the next step with this and we created something we refer to as solution accelerators, which we're really, really keen about. Think about this as prepackaged templates for common business analytic needs like order to cash, finance, inventory. And we can either dig into that a little more later, but this gets the next level of value to the customers all built into this joint solution. >> Yeah, I want to get to the accelerators, but real quick, Peter, your reaction to the solution, what's unique about it? And obviously Snowflake, we've been seeing the progression data applications, more developers developing on top of Snowflake, data as code kind of implies developer ecosystem. This is kind of interesting. I mean, you got partnering with Qlik and AWS, it's kind of a developer-like thinking real solution. What's unique about this SAP solution that's, that's different than what customers can get anywhere else or not? >> Yeah, well listen, I think first of all, you have to start with the idea of the solution. This are three companies coming together to build a holistic solution that is all about, you know, creating a great opportunity to turn SAP data into value this is Itamar was talking about, that's really what we're talking about here and there's a lot of technology underneath it. I'll talk more about the Snowflake technology, what's involved here, and then cover some of the AWS pieces as well. But you know, we're focusing on getting that value out and accelerating time to value for our joint customers. As Itamar was saying, you know, there's a lot of complexity with the SAP data and a lot of value there. How can we manage that in a prepackaged way, bringing together best of breed solutions with proven capabilities and bringing this to market quickly for our joint customers. You know, Snowflake and AWS have been strong partners for a number of years now, and that's not only on how Snowflake runs on top of AWS, but also how we integrate with their complementary analytics and then all products. And so, you know, we want to be able to leverage those in addition to what Qlik is bringing in terms of the data transformations, bringing data out of SAP in the visualization as well. All very critical. And then we want to bring in the predictive analytics, AWS brings and what Sage brings. We'll talk about that a little bit later on. Some of the technologies that we're leveraging are some of our latest cutting edge technologies that really make things easier for both our partners and our customers. For example, Qlik leverages Snowflakes recently released Snowpark for Python functionality to push down those data transformations from clicking the Snowflake that Itamar's mentioning. And while we also leverage Snowpark for integrations with Amazon SageMaker, but there's a lot of great new technology that just makes this easy and compelling for customers. >> I think that's the big word, easy button here for what may look like a complex kind of integration, kind of turnkey, really, really compelling example of the modern era we're living in, as we always say in theCUBE. You mentioned accelerators, SAP accelerators. Can you give an example of how that works with the technology from the third party providers to deliver this business value Itamar, 'cause that was an interesting comment. What's the example? Give an example of this acceleration. >> Yes, certainly. I think this is something that really makes this truly, truly unique in the industry and again, a great opportunity for customers. So we kind talked earlier about there's a lot of things that need to be done with SP data to turn it to value. And these accelerator, as the name suggests, are designed to do just that, to kind of jumpstart the process and reduce the time and the risk involved in such project. So again, these are pre-packaged templates. We basically took a lot of knowledge, and a lot of configurations, best practices about to get things done and we put 'em together. So think about all the steps, it includes things like data extraction, so already knowing which tables, all the relevant tables that you need to get data from in the contexts of the solution you're looking for, say like order to cash, we'll get back to that one. How do you continuously deliver that data into Snowflake in an in efficient manner, handling things like data type mappings, metadata naming conventions and transformations. The data models you build all the way to data mart definitions and all the transformations that the data needs to go through moving through steps until it's fully analytics ready. And then on top of that, even adding a library of comprehensive analytic dashboards and integrations through machine learning and AI and put all of that in a way that's in pre-integrated and tested to work with Snowflake and AWS. So this is where again, you get this entire recipe that's ready. So take for example, I think I mentioned order to cash. So again, all these things I just talked about, I mean, for those who are not familiar, I mean order to cash is a critical business process for every organization. So especially if you're in retail, manufacturing, enterprise, it's a big... This is where, you know, starting with booking a sales order, following by fulfilling the order, billing the customer, then managing the accounts receivable when the customer actually pays, right? So this all process, you got sales order fulfillment and the billing impacts customer satisfaction, you got receivable payments, you know, the impact's working capital, cash liquidity. So again, as a result this order to cash process is a lifeblood for many businesses and it's critical to optimize and understand. So the solution accelerator we created specifically for order to cash takes care of understanding all these aspects and the data that needs to come with it. So everything we outline before to make the data available in Snowflake in a way that's really useful for downstream analytics, along with dashboards that are already common for that, for that use case. So again, this enables customers to gain real-time visibility into their sales orders, fulfillment, accounts receivable performance. That's what the Excel's are all about. And very similarly, we have another one for example, for finance analytics, right? So this will optimize financial data reporting, helps customers get insights into P&L, financial risk of stability or inventory analytics that helps with, you know, improve planning and inventory management, utilization, increased efficiencies, you know, so in supply chain. So again, these accelerators really help customers get a jumpstart and move faster with their solutions. >> Peter, this is the easy button we just talked about, getting things going, you know, get the ball rolling, get some acceleration. Big part of this are the three companies coming together doing this. >> Yeah, and to build on what Itamar just said that the SAP data obviously has tremendous value. Those sales orders, distribution data, financial data, bringing that into Snowflake makes it easily accessible, but also it enables it to be combined with other data too, is one of the things that Snowflake does so well. So you can get a full view of the end-to-end process and the business overall. You know, for example, I'll just take one, you know, one example that, that may not come to mind right away, but you know, looking at the impact of weather conditions on supply chain logistics is relevant and material and have interest to our customers. How do you bring those different data sets together in an easy way, bringing the data out of SAP, bringing maybe other data out of other systems through Qlik or through Snowflake, directly bringing data in from our data marketplace and bring that all together to make it work. You know, fundamentally organizational silos and the data fragmentation exist otherwise make it really difficult to drive modern analytics projects. And that in turn limits the value that our customers are getting from SAP data and these other data sets. We want to enable that and unleash. >> Yeah, time for value. This is great stuff. Itamar final question, you know, what are customers using this? What do you have? I'm sure you have customers examples already using the solution. Can you share kind of what these examples look like in the use cases and the value? >> Oh yeah, absolutely. Thank you. Happy to. We have customers across different, different sectors. You see manufacturing, retail, energy, oil and gas, CPG. So again, customers in those segments, typically sectors typically have SAP. So we have customers in all of them. A great example is like Siemens Energy. Siemens Energy is a global provider of gas par services. You know, over what, 28 billion, 30 billion in revenue. 90,000 employees. They operate globally in over 90 countries. So they've used SAP HANA as a core system, so it's running on premises, multiple locations around the world. And what they were looking for is a way to bring all these data together so they can innovate with it. And the thing is, Peter mentioned earlier, not just the SAP data, but also bring other data from other systems to bring it together for more value. That includes finance data, these logistics data, these customer CRM data. So they bring data from over 20 different SAP systems. Okay, with Qlik data integration, feeding that into Snowflake in under 20 minutes, 24/7, 365, you know, days a year. Okay, they get data from over 20,000 tables, you know, over million, hundreds of millions of records daily going in. So it is a great example of the type of scale, scalability, agility and speed that they can get to drive these kind of innovation. So that's a great example with Siemens. You know, another one comes to mind is a global manufacturer. Very similar scenario, but you know, they're using it for real-time executive reporting. So it's more like feasibility to the production data as well as for financial analytics. So think, think, think about everything from audit to texts to innovate financial intelligence because all the data's coming from SAP. >> It's a great time to be in the data business again. It keeps getting better and better. There's more data coming. It's not stopping, you know, it's growing so fast, it keeps coming. Every year, it's the same story, Peter. It's like, doesn't stop coming. As we wrap up here, let's just get customers some information on how to get started. I mean, obviously you're starting to see the accelerators, it's a great program there. What a great partnership between the two companies and AWS. How can customers get started to learn about the solution and take advantage of it, getting more out of their SAP data, Peter? >> Yeah, I think the first place to go to is talk to Snowflake, talk to AWS, talk to our account executives that are assigned to your account. Reach out to them and they will be able to educate you on the solution. We have packages up very nicely and can be deployed very, very quickly. >> Well gentlemen, thank you so much for coming on. Appreciate the conversation. Great overview of the partnership between, you know, Snowflake and Qlik and AWS on a joint solution. You know, getting more out of the SAP data. It's really kind of a key, key solution, bringing SAP data to life. Thanks for coming on theCUBE. Appreciate it. >> Thank you. >> Thank you John. >> Okay, this is theCUBE coverage here at RE:Invent 2022. I'm John Furrier, your host of theCUBE. Thanks for watching. (upbeat music)

(upbeat music) >> Hello, brilliant humans and welcome back to theCUBE. We're live from Detroit, Michigan. My name is Savannah Peterson. Joined here with John Furrier, John, so exciting, day three. >> Day three, cranking along, doing great, final day of KubeCon, it wraps up. This next segment's going to be great. It's about WebAssembly, the hottest trend here, at KubeCon that nobody knows about cause they just got some funding and it's got some great traction. Multiple players in here. People are really interested in this and they're really discovering it. They're digging into it. So, we're going to hear from one of the founders of the company that's involved. So, it'll be great. >> Yeah, I think we're right at the tip of the iceberg really. We started off the show with Scott from Docker talking about this, but we have a thought leader in this space. Please welcome Matt Butcher the CEO and co-founder of Fermyon Thank you for being here. Welcome. >> Yeah, thanks so much for having me. Favorite thing to talk about is WebAssembly after that is coffee but WebAssembly first. >> Hey, it's the morning. We can talk about both those on the show. (all chuckles) >> It might get confusing, but I'm willing to try. >> If you can use coffee as a metaphor to teach everyone about WebAssembly throughout the rest of the show. >> All right. That would be awesome. >> All right I'll keep that in mind. >> So when we were talking before we got on here I thought it was really fun because I think the hype is just starting in the WebAssembly space. Very excited about it. Where do you think we're at, set the stage? >> Honestly, we were really excited to come here and see that kind of first wave of hype. We came here expecting to have to answer the question you know, what is WebAssembly and why is anybody looking at it in the cloud space, and instead people have been coming up to us and saying, you know this WebAssembly thing, we're hearing about it. What are the problems it's solving? >> Savannah: Yeah. >> We're really excited to hear about it. So, people literally have been stopping us in restaurants and walking down the street, hey, "You're at KubeCon, you're the WebAssembly people. Tell us more about what's going on." >> You're like awesome celeb. I love this. >> Yeah, and I, >> This is great >> You know the, the description I used was I expected to come here shouting into the void. Hey, you know anybody, somebody, let me tell you about WebAssembly. Instead it's been people coming to us and saying "We've heard about it. Get us excited about it," and I think that's a great place to be. >> You know, one of the things that's exciting too is that this kind of big trend with this whole extraction layer conversation, multicloud, it reminds me of the old app server days where, you know there was a separation between the back end and front end, and then we're kind of seeing that now with this WebAssembly Wasm trend where the developers just want to have the apps run everywhere and the coding to kind of fall in, take a minute to explain what this is, why it's important, why are people jazzed about there's other companies like Cosmonic is in there. There's a lot of open source movement behind it. You guys are out there, >> Savannah: Docker. >> 20 million in fresh funding. Why is this important? What is it and why is it relevant right now? Why are people talking about it? >> I mean, we can't... There is no penasia in the tech world much for the good of all of us, right? To keep us employed. But WebAssembly seems to be that technology that just sort of arose at the right time to solve a number of problems that were really feeling intractable not very long ago. You know, at the core of what is WebAssembly? Well it's a binary format, right? But there's, you know, built on the same, strain of development that Java was built on in the 90's and then the .net run time. But with a couple of little fundamental changes that are what have made it compelling today. So when we think about the cloud world, we think about, okay well security's a big deal to us. Virtual machines are a way for us to run other people's untrusted operating systems on our hardware. Containers come along, they're a... The virtual machine is really the heavyweight class. This is the big thing. The workhorse of the cloud. Then along come Containers, they're a little slimmer. They're kind of the middleweight class. They provide us this great way to sort of package up just the application, not the entire operating system just the application and the bits we care about and then be able to execute those in a trusted environment. Well you know, serverless was the buzzword a few years ago. But one thing that serverless really identified for us is that we didn't actually have the kind of cloud side architecture that was the compute layer that was going to be able to fulfill the promise of serverless. >> Yeah. >> And you know, at that time I was at Microsoft we got to see behind the curtain and see how Azure operates and see the frustration with going, okay how do we get this faster? How do we get this startup time down from seconds to hundreds of milliseconds, WebAssembly comes along and we're able to execute these things in sub one millisecond, which means there is almost no cost to starting up one of these. >> Sub one millisecond. I just want to let everyone rest on that for a second. We've talked a lot about velocity and scale on the show. I mean everyone here is trying to do things faster >> Yep >> Obviously, but that is a real linchpin that makes a very big difference when we're talking about deploying things. Yeah. >> Yeah, and I mean when you think about the ecological and the cost impact of what we're building with the cloud. When we leave a bunch of things running in idle we're consuming electricity if nothing else. The electricity bill keeps going up and we're paying for it via cloud service charges. If you can start something in sub one millisecond then there's no reason you have to leave it running when nobody's using it. >> Savannah: Doesn't need to be in the background. >> That's right. >> So the lightweight is awesome. So, this new class comes up. So, like Java was a great metaphor there. This is kind of like that for the modern era of apps. >> Yeah. >> Where is this going to apply most, do you think? Where's it going to impact most? >> Well, you know, I think there are really four big categories. I think there's the kind of thing I was just talking about I think serverless and edge computing and kind of the server class of problem space. I think IOT is going to benefit, Amazon, Disney Plus, >> Savannah: Yes, edge. >> And PBS, sorry BBC, they all use WebAssembly for the players because they need to run the same player on thousands of different devices. >> I didn't even think about that use case. What a good example. >> It's a brilliant way to apply it. IOT is a hard space period and to be able to have that kind of layer of abstraction. So, that's another good use case >> Savannah: Yeah. >> And then I think this kind of plugin model is another one. You see it was Envoy proxy using this as a way to extend the core features. And I think that one's going to be very, very promising as well. I'm forgetting one, but you know. (all chuckles) I think you end up with these kind of discreet compartments where you can easily fit WebAssembly in here and it's solving a problem that we didn't have the technology that was really adequately solving it before. >> No, I love that. One of the things I thought was interesting we were all at dinner, we were together on Tuesday. I was chatting with Paris who runs Deliveroo at Apple and I can't say I've heard this about too many tools but when we were talking about WebAssembly she said "This is good for everybody" And, it's really nice when technologies come along that will raise the water level across the board. And I love that you're leading this. Speaking of you just announced a huge series aid, 20 million dollars just a few days ago. What does that mean for you and the team? >> I mean there's a little bit of economic uncertainty and it's always nice, >> Savannah: Just a little bit. >> Little bit. >> Savannah: It's come up on the show a little bit this week >> Just smidge. and it's nice to know that we're at a critical time developing this kind of infrastructure layer developing this kind of developer experience where they can go from, you know, blinking cursor to deployed application in two minutes or less. It would be a tragedy if that got forestalled merely because you can't achieve the velocity you need to carry it out. So, what's very exciting about being able to raise around like that at this critical time is that gives us the ability to grow strategically, be able to continue releasing products, building a community around WebAssembly as a whole and of course around our products at Fermyon is a little smaller circle in the bigger circle, and that's why we are so excited about having closed around, that's the perfect one to extend a runway like that. >> Well I'm super excited by this because one I love the concept. I think it's very relevant, like how you progress heavyweight, middleweight, maybe this is lightweight class. >> I know, I'm here for the analogy. No, it's great, its great. >> Maybe it's a lightweight class. >> And we're slimming, which not many of us can say in these times so that's awesome. >> Maybe it's more like the tractor trailer, the van, now you got the sports car. >> Matt: Yeah, I can go.. >> Now you're getting Detroit on us. >> I was trying for a coffee, when I just couldn't figure it out. (all chuckles) >> So, you got 20 million. I noticed the investors amplify very good technical VC and early stage firm. >> Amazing, yeah. >> Insight, they do early stage, big early stage like this. Also they're on the board of Docker. Docker was intent to put a tool out there. There's other competition out there. Cosmonic is out there. They're funded. So you got VC funded companies like yourselves and Cosmonic and others. What's that mean? Different tool chains, is it going to create fragmentation? Is there a common mission? How do you look at the competition as you get into the market >> When you see an ecosystem form. So, here we are at KubeCon, the cloud native ecosystem at this point I like to think of them as like concentric rings. You have the kind of core and then networking and storage and you build these rings out and the farther out you get then the easier it is to begin talking about competition and differentiation. But, when you're looking at that core piece everybody's got to be in there together working on the same stuff, because we want interoperability, we want standards based solutions. We want common ways of building things. More than anything, we want the developers and operators and users who come into the ecosystem to be able to like instantly feel like, okay I don't have to learn. Like you said, you know, 50 different tools for 50 different companies. "I see how this works", and they're doing this and they're doing this. >> Are you guys all contributing into the same open source? >> Yep, yeah, so... >> All the funding happens. >> Both CNCF and the ByteCode Alliance are organizations that are really kind of pushing forward that core technology. You know, you mentioned Cosmonic, Microsoft, SOSA, Red Hat, VMware, they're all in here too. All contributing and again, with all of us knowing this is that nascent stage where we got to execute it. >> How? >> Do it together. >> How are you guys differentiating? Because you know, open source is a great thing. Rising Tide floats all boats. This is a hot area. Is there a differentiation discussion or is it more let's see how it goes, kind of thing? >> Well for us, we came into it knowing very specifically what the problem was we wanted to solve. We wanted this serverless architecture that executed in sub one millisecond to solve, to really create a new wave of microservices. >> KubeCon loves performance. They want to run their stuff on the fastest platform possible. >> Yeah, and it shouldn't be a roadblock, you know, yeah. >> And you look at someone like SingleStore who's a database company and they're in it because they want to be able to run web assemblies close to the data. Instead of doing a sequel select and pulling it way out here and munging it and then pushing it back in. They move the code in there and it's executing in there. So everybody's kind of finding a neat little niche. You know, Cosmonic has really gone more for an enterprise play where they're able to provide a lot of high level security guarantees. Whereas we've been more interested in saying, "Hey, this your first foray into WebAssembly and you're interested in serverless we'll get you going in like a couple of minutes". >> I want to ask you because we had Scott Johnston on earlier opening keynote so we kind of chatted one-on-one and I went off form cause I really wanted to talk to him because Docker is one of the most important companies since their pivot, when they did their little reset after the first Docker kind of then they sold the enterprise off to Mirantis they've been doing really, really well. What's your relationship to Docker? He was very bullish with you guys. Insights, joint investor. Is there a relationship? You guys talk, what's going on there? >> I mean, I'm going to have to admit a little bit of hero worship on my part. I think Scott is brilliant. I just do, and having come from the Kubernetes world the Fermyon team, we've always kind of kept an eye on Docker communicated with a lot of them. We've known Justin Cormack for years. Chris Cornett. (indistinct) I mean yeah, and so it has been a very natural >> Probably have been accused of every Docker Con and we've did the last three years on the virtual side with them. So, we know them really well. >> You've always got your finger on the pulse for them. >> Do you have a relationship besides a formal relationship or is it more of pass shoot score together in the industry? >> Yeah. No, I think it is kind of the multi-level one. You come in knowing people. You've worked together before and you like working with each other and then it sort of naturally extends onto saying, "Hey, what can we do together?" And also how do we start building this ecosystem around us with Docker? They've done an excellent job of articulating why WebAssembly is a complimentary technology with Containers. Which is something I believe very wholeheartedly. You need all three of the heavyweight, middleweight, lightweight. You can't do all the with just one, and to have someone like that sort of with a voice profoundly be able to express, look we're going to start integrating it to show you how it works this way and prevent this sort of like needless drama where people are going, oh Dockers dead, now everything's WebAssembly, and that's been a great.. >> This fight that's been going on. I mean, Docker, Kubernetes, WebAssembly, Containers. >> Yeah. >> We've seen on the show and we both know this hybrid is the future. We're all going to be using a variety of different tools to achieve our goals and I think that you are obviously one of them. I'm curious because just as we were going on you mentioned that you have a PhD in philosophy. (Matt chuckles) >> Matt: Yeah. >> Which is a wild card. You're actually our second PhD in philosophy working in a very technical role on the show this week, which is kind of cool. So, how does that translate into the culture at Fermyon? What's it like on the team? >> Well, you know, a philosophy degree if nothing else teaches you to think in systems and both human systems and formal systems. So that helps and when you approach the process of building a company, you need to be thinking both in terms of how are we organizing this? How are we organizing the product? How do we organize the team? We have really learned that culture is a major deal and culture philosophy, >> Savannah: Why I'm bringing it up. >> We like that, you know, we've been very forward. We have our chip values, curiosity, humility inclusivity and passion, and those are kind of the four things that we feel like that each of us every day should strive to be exhibiting these kinds of things. Curiosity, because you can't push the envelope if you don't ask the hard questions. Humility, because you know, it's easy to get cocky and talk about things as if you knew all the answers. We know we don't and that means we can learn from Docker and Microsoft >> Savannah: That's why you're curious. >> And the person who stops by the booth that we've never met before and says, "hey" and inclusivity, of course, building a community if you don't execute on that well you can't build a good community. The diversity of the community is what makes it stronger than a singular.. >> You have to come in and be cohesive with the community. >> Matt: Yeah. >> The app focus is a really, I think, relevant right now. The timing of this is right online. I think Scott had a good answer I thought on the relationship and how he sees it. I think it's going to be a nice extension to not a extension that way, but like. >> It probably will be as well. >> Almost a pun there John, almost a pun. >> There actually might be an extension, but evolution what we're going to get to which I think is going to be pure application server, like. >> Yep, yep. Like performance for new class of developer. Then now the question comes up and we've been watching developer productivity. That is a big theme and our belief is that if you take digital transformation to its conclusion IT and developers aren't a department serving the business they are the business. That means the developer workflows will have to be radically rebuilt to handle the velocity and new tech for just coding. I call it architectural list. >> I like that. I might steal that. >> It's a pun, but it's also brings up the provocative question. You shouldn't have to need an architecture to code. I mean, Java was great for that reason in many ways. So, if that happens if the developers are running the business that means more apps. The apps is the business. You got to have tool chains and productivity. You can't have fragmentation. Some people are saying WebAssembly might, fork tool chains, might challenge the developer productivity. what's your answer to that? How would you address that objection? >> I mean the threat of forking is always lurking in the corner in open source. In a way it's probably a positive threat because it keeps us honest it keeps us wanting to be inclusive again and keep people involved. Honestly though, I'm not particularly worried about it. I know that the W-3 as a standards body, of course, one of the most respected standards bodies on the planet. They do html, they do cascading style sheets. WebAssembly is in that camp and those of us in the core are really very interested in saying, you know, come on in, let's build something that's going to be where the core is solid and you know what you got and then you can go into the resurgence of the application server. I mean, I wholeheartedly agree with you on that, and we can only get there if we say, all right, here are the common paradigms that we're all going to agree to use, now let's go build stuff. >> And as we've been saying, developers are setting, I think are going to set the standards and they're going to vote with their code and their feet, if you will. >> Savannah: A hundred percent. >> They will decide if you're not aligning with what they want to do. okay. On how they want to self-serve and or work, you'll figure that out. >> Yep, yep. >> You'll get instant feedback. >> Yeah. >> Well, you know, again, I tell you a huge fan of Docker. One of the things that Docker understood at the very outset, is that they had an infrastructure tool and developers were the way to get adoption, and if you look at how fast they got adoption versus many, many other technologies that are profoundly impacted. >> Savannah: Wild. >> Yeah. >> Savannah: It's a cool story. >> It's because they got the developers to go, "This is amazing, hey infrastructure folks, here's an infrastructure tool that we like" and the infrastructure folks are used to code being tossed over the wall are going, "Are you for real?" I mean, and that was a brilliant way to do it and I think that what.. >> John: Yeah, yeah. >> We want to replay in the WebAssembly world is making it developer friendly and you know the kind of infrastructure that we can actually operate. >> Well congratulations to the entire community. We're huge fans of the concept. I kind of see where it's going with connect the dots. You guys getting a lot of buzz. I have to ask you, my final question is the hype is beyond all recognition at this point. People are super pumped and enthusiastic about it and people are looking at it maybe some challenging it, but that's all good things. How do you get to the next level where people are confident that this is actually going to go the next step? Hype to confidence. We've seen great hype. Envoy was hyped up big time before it came in, then it became great. That was one of my favorite examples. Hype is okay, but now you got to put some meat on the bone. The sizzle on the stake so to speak. So what's going to be the stake for you guys as you see this going forward? What's the need? >> Yeah, you know, I talk about our first guiding story was, you know, blinking cursor to deployed application in two minutes. That's what you need to win developers initially. So, what's the next story after that? It's got to be, Fermyon can run real world applications that solve real world problems. That's where hype often fails. If you can build something that's neat but nobody's quite sure what to do with it, to use it, maybe somebody will discover a good use. But, if you take that gambling asset, >> Savannah: It's that ending answer that makes the difference. >> Yeah, yeah. So we say, all right, what are developers trying to build with our platform and then relentlessly focus on making that easier and solving the real world problem that way. That's the crucial thing that's going to drive us out of that sort of early hype stage into a well adopted technology and I talk from Fermyon point of view but really that's for all of us in the WebAssembly. >> John: Absolutely. >> Very well stated Matt, just to wrap us up when we're interviewing you here on theCUBE next year, what do you hope to be able to say then that you can't say today? >> All this stuff about coffee we didn't cover today, but also.. (all chuckles) >> Savannah: Here for the coffee show. Only analogies, that's a great analogy. >> I want to walk here and say, you know last time we talked about being able to achieve density in servers that was, you know, 10 times Kubernetes. Next year I want to say no, we're actually thousands of times beyond Kubernetes that we're lowering people's electricity bill by making these servers more efficient and the developers love it. >> That your commitment to the environment is something I want to do an entirely different show on. We learned that 7-8% of all the world's powers actually used on data centers through the show this week which is jarring quite frankly. >> Yeah, yeah. Tragic would be a better way of saying that. >> Yeah, I'm holding back so that we don't go over time here quite frankly. But anyways, Matt Butcher thank you so much for being here with us. >> Thank you so much for having me it was pleasure.. >> You are worth the hype you are getting. I am grateful to have you as our WebAssembly thought leader. In addition to Scott today from Docker earlier in the show. John Furrier, thanks for being my co-host and thank all of you for tuning into theCUBE here, live from Detroit. I'm Savannah Peterson and we'll be back with more soon. (ambient music)

>> From theCUBE Studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR, this is Breaking Analysis with Dave Vellante. >> This past week we saw two of the Big 3 cloud providers present the latest update on their respective cloud visions, their business progress, their announcements and innovations. The content at these events had many overlapping themes, including modern cloud infrastructure at global scale, applying advanced machine intelligence, AKA AI, end-to-end data platforms, collaboration software. They talked a lot about the future of work automation. And they gave us a little taste, each company of the Metaverse Web 3.0 and much more. Despite these striking similarities, the differences between these two cloud platforms and that of AWS remains significant. With Microsoft leveraging its massive application software footprint to dominate virtually all markets and Google doing everything in its power to keep up with the frenetic pace of today's cloud innovation, which was set into motion a decade and a half ago by AWS. Hello and welcome to this week's Wikibon CUBE Insights, powered by ETR. In this Breaking Analysis, we unpack the immense amount of content presented by the CEOs of Microsoft and Google Cloud at Microsoft Ignite and Google Cloud Next. We'll also quantify with ETR survey data the relative position of these two cloud giants in four key sectors: cloud IaaS, BI analytics, data platforms and collaboration software. Now one thing was clear this past week, hybrid events are the thing. Google Cloud Next took place live over a 24-hour period in six cities around the world, with the main gathering in New York City. Microsoft Ignite, which normally is attended by 30,000 people, had a smaller event in Seattle, in person with a virtual audience around the world. AWS re:Invent, of course, is much different. Yes, there's a virtual component at re:Invent, but it's all about a big live audience gathering the week after Thanksgiving, in the first week of December in Las Vegas. Regardless, Satya Nadella keynote address was prerecorded. It was highly produced and substantive. It was visionary, energetic with a strong message that Azure was a platform to allow customers to build their digital businesses. Doing more with less, which was a key theme of his. Nadella covered a lot of ground, starting with infrastructure from the compute, highlighting a collaboration with Arm-based, Ampere processors. New block storage, 60 regions, 175,000 miles of fiber cables around the world. He presented a meaningful multi-cloud message with Azure Arc to support on-prem and edge workloads, as well as of course the public cloud. And talked about confidential computing at the infrastructure level, a theme we hear from all cloud vendors. He then went deeper into the end-to-end data platform that Microsoft is building from the core data stores to analytics, to governance and the myriad tooling Microsoft offers. AI was next with a big focus on automation, AI, training models. He showed demos of machines coding and fixing code and machines automatically creating designs for creative workers and how Power Automate, Microsoft's RPA tooling, would combine with Microsoft Syntex to understand documents and provide standard ways for organizations to communicate with those documents. There was of course a big focus on Azure as developer cloud platform with GitHub Copilot as a linchpin using AI to assist coders in low-code and no-code innovations that are coming down the pipe. And another giant theme was a workforce transformation and how Microsoft is using its heritage and collaboration and productivity software to move beyond what Nadella called productivity paranoia, i.e., are remote workers doing their jobs? In a world where collaboration is built into intelligent workflows, and he even showed a glimpse of the future with AI-powered avatars and partnerships with Meta and Cisco with Teams of all firms. And finally, security with a bevy of tools from identity, endpoint, governance, et cetera, stressing a suite of tools from a single provider, i.e., Microsoft. So a couple points here. One, Microsoft is following in the footsteps of AWS with silicon advancements and didn't really emphasize that trend much except for the Ampere announcement. But it's building out cloud infrastructure at a massive scale, there is no debate about that. Its plan on data is to try and provide a somewhat more abstracted and simplified solutions, which differs a little bit from AWS's approach of the right database tool, for example, for the right job. Microsoft's automation play appears to provide simple individual productivity tools, kind of a ground up approach and make it really easy for users to drive these bottoms up initiatives. We heard from UiPath that forward five last month, a little bit of a different approach of horizontal automation, end-to-end across platforms. So quite a different play there. Microsoft's angle on workforce transformation is visionary and will continue to solidify in our view its dominant position with Teams and Microsoft 365, and it will drive cloud infrastructure consumption by default. On security as well as a cloud player, it has to have world-class security, and Azure does. There's not a lot of debate about that, but the knock on Microsoft is Patch Tuesday becomes Hack Wednesday because Microsoft releases so many patches, it's got so much Swiss cheese in its legacy estate and patching frequently, it becomes a roadmap and a trigger for hackers. Hey, patch Tuesday, these are all the exploits that you can go after so you can act before the patches are implemented. And so it's really become a problem for users. As well Microsoft is competing with many of the best-of-breed platforms like CrowdStrike and Okta, which have market momentum and appear to be more attractive horizontal plays for customers outside of just the Microsoft cloud. But again, it's Microsoft. They make it easy and very inexpensive to adopt. Now, despite the outstanding presentation by Satya Nadella, there are a couple of statements that should raise eyebrows. Here are two of them. First, as he said, Azure is the only cloud that supports all organizations and all workloads from enterprises to startups, to highly regulated industries. I had a conversation with Sarbjeet Johal about this, to make sure I wasn't just missing something and we were both surprised, somewhat, by this claim. I mean most certainly AWS supports more certifications for example, and we would think it has a reasonable case to dispute that claim. And the other statement, Nadella made, Azure is the only cloud provider enabling highly regulated industries to bring their most sensitive applications to the cloud. Now, reasonable people can debate whether AWS is there yet, but very clearly Oracle and IBM would have something to say about that statement. Now maybe it's not just, would say, "Oh, they're not real clouds, you know, they're just going to hosting in the cloud if you will." But still, when it comes to mission-critical applications, you would think Oracle is really the the leader there. Oh, and Satya also mentioned the claim that the Edge browser, the Microsoft Edge browser, no questions asked, he said, is the best browser for business. And we could see some people having some questions about that. Like isn't Edge based on Chrome? Anyway, so we just had to question these statements and challenge Microsoft to defend them because to us it's a little bit of BS and makes one wonder what else in such as awesome keynote and it was awesome, it was hyperbole. Okay, moving on to Google Cloud Next. The keynote started with Sundar Pichai doing a virtual session, he was remote, stressing the importance of Google Cloud. He mentioned that Google Cloud from its Q2 earnings was on a $25-billion annual run rate. What he didn't mention is that it's also on a 3.6 billion annual operating loss run rate based on its first half performance. Just saying. And we'll dig into that issue a little bit more later in this episode. He also stressed that the investments that Google has made to support its core business and search, like its global network of 22 subsea cables to support things like, YouTube video, great performance obviously that we all rely on, those innovations there. Innovations in BigQuery to support its search business and its threat analysis that it's always had and its AI, it's always been an AI-first company, he's stressed, that they're all leveraged by the Google Cloud Platform, GCP. This is all true by the way. Google has absolutely awesome tech and the talk, as well as his talk, Pichai, but also Kurian's was forward thinking and laid out a vision of the future. But it didn't address in our view, and I talked to Sarbjeet Johal about this as well, today's challenges to the degree that Microsoft did and we expect AWS will at re:Invent this year, it was more out there, more forward thinking, what's possible in the future, somewhat less about today's problem, so I think it's resonates less with today's enterprise players. Thomas Kurian then took over from Sundar Pichai and did a really good job of highlighting customers, and I think he has to, right? He has to say, "Look, we are in this game. We have customers, 9 out of the top 10 media firms use Google Cloud. 8 out of the top 10 manufacturers. 9 out of the top 10 retailers. Same for telecom, same for healthcare. 8 out of the top 10 retail banks." He and Sundar specifically referenced a number of companies, customers, including Avery Dennison, Groupe Renault, H&M, John Hopkins, Prudential, Minna Bank out of Japan, ANZ bank and many, many others during the session. So you know, they had some proof points and you got to give 'em props for that. Now like Microsoft, Google talked about infrastructure, they referenced training processors and regions and compute optionality and storage and how new workloads were emerging, particularly data-driven workloads in AI that required new infrastructure. He explicitly highlighted partnerships within Nvidia and Intel. I didn't see anything on Arm, which somewhat surprised me 'cause I believe Google's working on that or at least has come following in AWS's suit if you will, but maybe that's why they're not mentioning it or maybe I got to do more research there, but let's park that for a minute. But again, as we've extensively discussed in Breaking Analysis in our view when it comes to compute, AWS via its Annapurna acquisition is well ahead of the pack in this area. Arm is making its way into the enterprise, but all three companies are heavily investing in infrastructure, which is great news for customers and the ecosystem. We'll come back to that. Data and AI go hand in hand, and there was no shortage of data talk. Google didn't mention Snowflake or Databricks specifically, but it did mention, by the way, it mentioned Mongo a couple of times, but it did mention Google's, quote, Open Data cloud. Now maybe Google has used that term before, but Snowflake has been marketing the data cloud concept for a couple of years now. So that struck as a shot across the bow to one of its partners and obviously competitor, Snowflake. At BigQuery is a main centerpiece of Google's data strategy. Kurian talked about how they can take any data from any source in any format from any cloud provider with BigQuery Omni and aggregate and understand it. And with the support of Apache Iceberg and Delta and Hudi coming in the future and its open Data Cloud Alliance, they talked a lot about that. So without specifically mentioning Snowflake or Databricks, Kurian co-opted a lot of messaging from these two players, such as life and tech. Kurian also talked about Google Workspace and how it's now at 8 million users up from 6 million just two years ago. There's a lot of discussion on developer optionality and several details on tools supported and the open mantra of Google. And finally on security, Google brought out Kevin Mandian, he's a CUBE alum, extremely impressive individual who's CEO of Mandiant, a leading security service provider and consultancy that Google recently acquired for around 5.3 billion. They talked about moving from a shared responsibility model to a shared fate model, which is again, it's kind of a shot across AWS's bow, kind of shared responsibility model. It's unclear that Google will pay the same penalty if a customer doesn't live up to its portion of the shared responsibility, but we can probably assume that the customer is still going to bear the brunt of the pain, nonetheless. Mandiant is really interesting because it's a services play and Google has stated that it is not a services company, it's going to give partners in the channel plenty of room to play. So we'll see what it does with Mandiant. But Mandiant is a very strong enterprise capability and in the single most important area security. So interesting acquisition by Google. Now as well, unlike Microsoft, Google is not competing with security leaders like Okta and CrowdStrike. Rather, it's partnering aggressively with those firms and prominently putting them forth. All right. Let's get into the ETR survey data and see how Microsoft and Google are positioned in four key markets that we've mentioned before, IaaS, BI analytics, database data platforms and collaboration software. First, let's look at the IaaS cloud. ETR is just about to release its October survey, so I cannot share the that data yet. I can only show July data, but we're going to give you some directional hints throughout this conversation. This chart shows net score or spending momentum on the vertical axis and overlap or presence in the data, i.e., how pervasive the platform is. That's on the horizontal axis. And we've inserted the Wikibon estimates of IaaS revenue for the companies, the Big 3. Actually the Big 4, we included Alibaba. So a couple of points in this somewhat busy data chart. First, Microsoft and AWS as always are dominant on both axes. The red dotted line there at 40% on the vertical axis. That represents a highly elevated spending velocity and all of the Big 3 are above the line. Now at the same time, GCP is well behind the two leaders on the horizontal axis and you can see that in the table insert as well in our revenue estimates. Now why is Azure bigger in the ETR survey when AWS is larger according to the Wikibon revenue estimates? And the answer is because Microsoft with products like 365 and Teams will often be considered by respondents in the survey as cloud by customers, so they fit into that ETR category. But in the insert data we're stripping out applications and SaaS from Microsoft and Google and we're only isolating on IaaS. The other point is when you take a look at the early October returns, you see downward pressure as signified by those dotted arrows on every name. The only exception was Dell, or Dell and IBM, which showing slightly improved momentum. So the survey data generally confirms what we know that AWS and Azure have a massive lead and strong momentum in the marketplace. But the real story is below the line. Unlike Google Cloud, which is on pace to lose well over 3 billion on an operating basis this year, AWS's operating profit is around $20 billion annually. Microsoft's Intelligent Cloud generated more than $30 billion in operating income last fiscal year. Let that sink in for a moment. Now again, that's not to say Google doesn't have traction, it does and Kurian gave some nice proof points and customer examples in his keynote presentation, but the data underscores the lead that Microsoft and AWS have on Google in cloud. And here's a breakdown of ETR's proprietary net score methodology, that vertical axis that we showed you in the previous chart. It asks customers, are you adopting the platform new? That's that lime green. Are you spending 6% or more? That's the forest green. Is you're spending flat? That's the gray. Is you're spending down 6% or worse? That's the pinkest color. Or are you replacing the platform, defecting? That's the bright red. You subtract the reds from the greens and you get a net score. Now one caveat here, which actually is really favorable from Microsoft, the Microsoft data that we're showing here is across the entire Microsoft portfolio. The other point is, this is July data, we'll have an update for you once ETR releases its October results. But we're talking about meaningful samples here, the ends. 620 for AWS over a thousand from Microsoft in more than 450 respondents in the survey for Google. So the real tell is replacements, that bright red. There is virtually no churn for AWS and Microsoft, but Google's churn is 5x, those two in the survey. Now 5% churn is not high, but you'd like to see three things for Google given it's smaller size. One is less churn, two is much, much higher adoption rates in the lime green. Three is a higher percentage of those spending more, the forest green. And four is a lower percentage of those spending less. And none of these conditions really applies here for Google. GCP is still not growing fast enough in our opinion, and doesn't have nearly the traction of the two leaders and that shows up in the survey data. All right, let's look at the next sector, BI analytics. Here we have that same XY dimension. Again, Microsoft dominating the picture. AWS very strong also in both axes. Tableau, very popular and respectable of course acquired by Salesforce on the vertical axis, still looking pretty good there. And again on the horizontal axis, big presence there for Tableau. And Google with Looker and its other platforms is also respectable, but it again, has some work to do. Now notice Streamlit, that's a recent Snowflake acquisition. It's strong in the vertical axis and because of Snowflake's go-to-market (indistinct), it's likely going to move to the right overtime. Grafana is also prominent in the Y axis, but a glimpse at the most recent survey data shows them slightly declining while Looker actually improves a bit. As does Cloudera, which we'll move up slightly. Again, Microsoft just blows you away, doesn't it? All right, now let's get into database and data platform. Same X Y dimensions, but now database and data warehouse. Snowflake as usual takes the top spot on the vertical axis and it is actually keeps moving to the right as well with again, Microsoft and AWS is dominant in the market, as is Oracle on the X axis, albeit it's got less spending velocity, but of course it's the database king. Google is well behind on the X axis but solidly above the 40% line on the vertical axis. Note that virtually all platforms will see pressure in the next survey due to the macro environment. Microsoft might even dip below the 40% line for the first time in a while. Lastly, let's look at the collaboration and productivity software market. This is such an important area for both Microsoft and Google. And just look at Microsoft with 365 and Teams up into the right. I mean just so impressive in ubiquitous. And we've highlighted Google. It's in the pack. It certainly is a nice base with 174 N, which I can tell you that N will rise in the next survey, which is an indication that more people are adopting. But given the investment and the tech behind it and all the AI and Google's resources, you'd really like to see Google in this space above the 40% line, given the importance of this market, of this collaboration area to Google's success and the degree to which they emphasize it in their pitch. And look, this brings up something that we've talked about before on Breaking Analysis. Google doesn't have a tech problem. This is a go-to-market and marketing challenge that Google faces and it's up against two go-to-market champs and Microsoft and AWS. And Google doesn't have the enterprise sales culture. It's trying, it's making progress, but it's like that racehorse that has all the potential in the world, but it's just missing some kind of key ingredient to put it over at the top. It's always coming in third, (chuckles) but we're watching and Google's obviously, making some investments as we shared with earlier. All right. Some final thoughts on what we learned this week and in this research: customers and partners should be thrilled that both Microsoft and Google along with AWS are spending so much money on innovation and building out global platforms. This is a gift to the industry and we should be thankful frankly because it's good for business, it's good for competitiveness and future innovation as a platform that can be built upon. Now we didn't talk much about multi-cloud, we haven't even mentioned supercloud, but both Microsoft and Google have a story that resonates with customers in cross cloud capabilities, unlike AWS at this time. But we never say never when it comes to AWS. They sometimes and oftentimes surprise you. One of the other things that Sarbjeet Johal and John Furrier and I have discussed is that each of the Big 3 is positioning to their respective strengths. AWS is the best IaaS. Microsoft is building out the kind of, quote, we-make-it-easy-for-you cloud, and Google is trying to be the open data cloud with its open-source chops and excellent tech. And that puts added pressure on Snowflake, doesn't it? You know, Thomas Kurian made some comments according to CRN, something to the effect that, we are the only company that can do the data cloud thing across clouds, which again, if I'm being honest is not really accurate. Now I haven't clarified these statements with Google and often things get misquoted, but there's little question that, as AWS has done in the past with Redshift, Google is taking a page out of Snowflake, Databricks as well. A big difference in the Big 3 is that AWS doesn't have this big emphasis on the up-the-stack collaboration software that both Microsoft and Google have, and that for Microsoft and Google will drive captive IaaS consumption. AWS obviously does some of that in database, a lot of that in database, but ISVs that compete with Microsoft and Google should have a greater affinity, one would think, to AWS for competitive reasons. and the same thing could be said in security, we would think because, as I mentioned before, Microsoft competes very directly with CrowdStrike and Okta and others. One of the big thing that Sarbjeet mentioned that I want to call out here, I'd love to have your opinion. AWS specifically, but also Microsoft with Azure have successfully created what Sarbjeet calls brand distance. AWS from the Amazon Retail, and even though AWS all the time talks about Amazon X and Amazon Y is in their product portfolio, but you don't really consider it part of the retail organization 'cause it's not. Azure, same thing, has created its own identity. And it seems that Google still struggles to do that. It's still very highly linked to the sort of core of Google. Now, maybe that's by design, but for enterprise customers, there's still some potential confusion with Google, what's its intentions? How long will they continue to lose money and invest? Are they going to pull the plug like they do on so many other tools? So you know, maybe some rethinking of the marketing there and the positioning. Now we didn't talk much about ecosystem, but it's vital for any cloud player, and Google again has some work to do relative to the leaders. Which brings us to supercloud. The ecosystem and end customers are now in a position this decade to digitally transform. And we're talking here about building out their own clouds, not by putting in and building data centers and installing racks of servers and storage devices, no. Rather to build value on top of the hyperscaler gift that has been presented. And that is a mega trend that we're watching closely in theCUBE community. While there's debate about the supercloud name and so forth, there little question in our minds that the next decade of cloud will not be like the last. All right, we're going to leave it there today. Many thanks to Sarbjeet Johal, and my business partner, John Furrier, for their input to today's episode. Thanks to Alex Myerson who's on production and manages the podcast and Ken Schiffman as well. Kristen Martin and Cheryl Knight helped get the word out on social media and in our newsletters. And Rob Hof is our editor in chief over at SiliconANGLE, who does some wonderful editing. And check out SiliconANGLE, a lot of coverage on Google Cloud Next and Microsoft Ignite. Remember, all these episodes are available as podcast wherever you listen. Just search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. And you can always get in touch with me via email, david.vellante@siliconangle.com or you can DM me at dvellante or comment on my LinkedIn posts. And please do check out etr.ai, the best survey data in the enterprise tech business. This is Dave Vellante for the CUBE Insights, powered by ETR. Thanks for watching and we'll see you next time on Breaking Analysis. (gentle music)

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

>>We're back with the cube at Falcon 2022, Dave ante and Dave Nicholson. We're at the aria. We do of course, a lot of events in Las Vegas. It's the, it's the place to do events. Dave, I think is my sixth or seventh time here this year. At least. I don't know. I lose track. Jeff Swain is here. He's the vice president of global programs store and tech alliances at CrowdStrike. Jeff. Good to see you again. We saw each other at reinvent in July in Boston. >>Yes. Yeah, it was great to see you again, Dave, thank >>Very much. And we talked about making this happen so thrilled to be here at, at, at CrowdStrike Falcon. We're gonna talk today about the CrowdStrike XDR Alliance partners. First of all, what's XDR >>Well, I hope you were paying attention to George's George's keynote this morning. I guess. You know, the one thing we know is that if you ask 10, five people, what XDR is you'll get 10 answers. >>I like this answer a holistic approach to endpoint security. I, that was, >>It was good. Simple. >>That was a good one at black hat. So, but tell us about the XDR Alliance partners program. Give us the update there. >>Yeah, so I mean, we spoke about it reinforced, you know, the XDR program is really predicated on having a robust ecosystem of partners to help us share that telemetry across all of the different parts of our customers' environment. So we've done a lot of work over the last few weeks and trying to bolster that environment specifically, putting a lot of focus on firewall. You'll see that Cisco and fortunate have both joined the XD XDR Alliance. So we're working on that right now. A lot of customer demand for firewall data into the telemetry set. You know, obviously it's a very rich data environment. There's a lot of logs on firewalls. And so it drives a lot of, of, of information that we can, we can leverage. So we're continuing to grow that. And what we're doing is building out different content packs that support different use cases. So firewall is one CAS B is another emails another and we're building, building out the, the partner set right across the board. So it's, it's, it's been a, a great set of >>Activity. So it's it's partners that have data. Yep. There's probably some, you know, Joe Tuchi year old boss used to say that that overlap is better than gaps. So there's sometimes there's competition, but that's from a customer standpoint, overlap is, is better than gaps. So as gonna mention Cisco forte and there are a number of others, they've got data. Yes. And they're gonna pump it into your system, our platform, and you've got the, your platform. You've got the ability to ingest. You've got the cloud native architecture, you've got the analytics and you've got the near real time analysis capability. Right, right. >>Augmented by people as well, which is a really important part of our value proposition. You know, we, it's not just relying purely on AI, but we have a human, a human aspect to it as well to make sure we're getting extremely accurate responses. And then there's the final phase is the response phase. So being able to take action on a CASB, for example, when we have a known bad actor operating in the cloud is a really important, easy action for our customer to take. That's highly valuable. You're >>Talking about your threat hunting capability, right? >>So it's threat hunting and our Intel capability as well. We use all of that information as well as the telemetry to make sure we're making good, actionable >>Decisions, Intel being machine intelligence or, or human and machine >>Human and human and machine intelligence that we have. We have a whole business that's out there gathering Intel. I believe you think to Adam Myers who runs that business. And you know, that Intel is critical to making good decisions for our customers. >>So the X and XDR is extended, correct. Extending to things like firewalls. That's pretty obvious in the security space. Are there some less obvious data sources that you look to extend to at some point? >>Yeah, I think we're gonna continually go with where the customer demand is. And firewalls is one of the first and is very significant. Other one, you'll see that we're announcing support for Microsoft 365 as well as part of this, this announcement, but then we'll still grow out into the other areas. NDR is, you know, a specific area where we've already got a number of partners in that, in that space. And, and we'll grow that as we go. I think one of the really exciting additional elements is the, the OCS F announcement that we made at at, at, at, at reinforced, which also is a shared data scheme across a number of vendors as well. So talking to Mike's point, Microsoft ST's point this morning in his keynote, it's really about the industry getting together to do better job for our customers. And XDR is the platform to do that. And crowd strikes it way of doing it is the only really true, visible way for a customer to get their hands on all that information, make the decision, see the good from the bad and take the action. So I feel like we're really well placed to help our customers in >>That space. Well, Kevin mania referenced this too today, basically saying the industry's doing a better job of collaborations. I mean, sometimes I'm skeptical because we've certainly seen people try to, you know, commercialize private information, private reports. Yeah. But, but, but you're talking about, you know, some of your quasi competitors cooperatives, you know, actually partnering with you now. So that's a, that's a good indicator. Yeah. I want to step back a little bit, talk about the macro, the big conversation on wall street. Everybody wants to talk about the macro of course, for obvious reasons, we just published our breaking analysis, talking about you guys potentially being a generational company and sort of digging into that a little bit. We've seen, you know, cyber investments hold up a little bit better, both in terms of customer spending and of course the stock market better than tech broadly. Yeah. So in that case it would, it would suggest that cyber investments are somewhat non-discretionary. So, but that is my question are cyber investments non-discretionary if, if so, how, >>You know, I think George George calls that out directly in our analyst reports as well that, you know, we believe that cyber is a non-discretionary spend, but I, I actually think it's more than that. I think in this current macro or economic environment where CIOs and CSOs are being asked to sweat their assets for significantly longer period of time, that actually creates vulnerabilities because they have older kit, that's running for a longer period that they normally, you know, round out or churn out of their environment. They're not getting the investment to replace those laptops. They're not getting the, I placement to replace those servers. We have to sweat them for a little bit longer, longer, which means they need to be on top of the security posture of those devices. So that means that we need the best possible telemetry that we can get to protect those in the best possible way. So I actually think not only is it makes it non-discretionary, it actually increases the, the business case for, for, for taking on a, a cyber project. >>And I buy that. I buy that the business case is better potentially for cyber business case. And cyber is about, about risk reduction, right? It's about, it's about reducing expected loss. I, I, I, I, but the same time CISOs don't have an open wallet. They have to compete with other P and L managers. I also think the advantage for CrowdStrike I'm, I'm getting deeper into the architecture and beginning to understand the power of a lightweight agent that can do handle. I think you're up to 22 modules now, correct? Yes. I've got questions on how you keep that lightweight, but, but nonetheless, if you can consolidate the point tools, which is, you know, one of the biggest challenges that, that SecOps teams face that strengthens the ROI as well. >>Absolutely. And if you look at what George was saying this morning in the keynote, the combination of being able to provide tools, not only to the SecOps team, but the it ops team as well, being able to give the it ops team visibility on how many assets they have. I mean, these simple, these are simple questions that we should be able to answer. But often when we ask, you know, an operations leader, can you answer it? It sometimes it's hard for them. We actually have a lot of that information. So we are able to bring that into the platform. We're able to show them, we're able to show them where the assets are, where the vulnerabilities are against those assets and help it ops do a better job as well as SecOps. So the, the strength, the case strengthens, as you said, the CSO can also be talking to the it ops budget. >>The edge is getting more real. We're certainly hearing a lot about it now we're seeing a lot more and you kind of got the, the near edge, like the home Depot and the lows, you know, stores. Yeah. Okay. That I, I can get a better handle on, okay. How do I secure that? I've got some standards, but that's the far edge. It's, it's the, the OT yes. Piece of it. That's sort of the brave new world. What are you seeing there? How do you protect those far flowing estates? >>I think this gets back to the question of what's what's new or what's coming and where do we see the, the next set of workloads that we have to tackle? You know, when we came along first instance, we were really doing a lot of the on-prem on-prem and, and, and known cloud infrastructure suites. Then we started really tackling the broader crowd market with tools and technology to give visibility and control of the overall cloud environment. OT represents that next big addressable market for us, because there are so many questions around devices where they are, how old they are, what they're running. So visibility into the OT network is extremely, extremely important. And, you know, the, the wall that has existed again between the CISO and the OT environments coming down, we're seeing that's closer, closer alignment between the security on both those worlds. So the announcement that we've made around extending our Falcon discover product, to be able to receive and understand device information from the OT network and bring it into the same console as the, the it and the OT in the same console to give one cohesive picture of, of visibility of all of our devices is a major step forward for our customers and for, for the industry as well. >>And we see that being, being able to get the visibility will then lead us to a place of being able to build our AI models, build our response frameworks. So then we can go to a full EDR and then beyond that, there's, you know, all the other things that CrowdStrike do so well, but this is the first step to really the first step on control is visibility. And >>The OT guys are engineers. So they're obviously conscious of this stuff. It's, it's more it's again, you're extending that culture, isn't >>It? Yeah, yeah, yeah. Now when you're looking at threats, great, you want to do things to protect against those threats, but how much, how much of CrowdStrike's time is spent thinking about the friction that's involved in transactions? If I wanna go to the grocery store, think of me as an end point. If I wanna go to the grocery store, if I had to drive through three DUI checkpoints or car safety inspections. Yeah. Every time I went to the grocery store, I wouldn't be happy as an end point as an end user in this whole thing. Ideally, we'd be able just to be authenticated and then not have to worry about anything moving forward. Do you see that as your role, reducing friction 1%, >>That's again, one of the core tenants of, of, of why George founded the company. I mean, he tells the story of sitting on an airplane and seeing an executive who was also on the airplane, trying to boot their machine up and try and get an email out before the plane took off and watching the scanning happen, you know, old school virus scanning happening on the laptop and, and that executive not making it because, and he is like in this day and age, how can we be holding people back with that much friction in their day to day life? So that's one of the, again, founding principles of what we do at CrowdStrike was the security itself needs to support business growth, support, user growth, and actually get out of the way of how people do things. And we've seen progression along that lines. I think the zero trust work that we're doing right now really helps with that as well. >>Our integrations into other companies that play within the zero trust space makes that frictionless experience for the user, because yeah, we, we, we want to be there. We want to know everything that's happening, but we don't wanna see where we always want control points, but that's the value of the telemetry we take. We're taking all the data so we can see everything. And then we pick what we want to review rather than having to do the, the checkpoint approach of stop here. Now, let me see your credentials. Stop here. Let me see your credentials because we have a full field of, of knowledge and information on what the device is doing and what the user is doing. We're able to then do the trust with verify style approach. >>So coming back to the, to the edge in IOT, you know, bringing that zero trust concept to the, to the edge you've got, you've got it. And OT. Okay. So that's a new constituency, but you're consolidating that view. Your job gets harder. Doesn't it? So, so, so talk about how you resolve that. Do do the, do the concepts that you apply to traditional it endpoints apply at the edge. >>So first things we have to do is gain the visibility. And, and so the way in which we're doing that is effectively drawing information out from the OT environment at, by, by having a collector that's sitting there and bringing that into our console, which then will give us the ability to run our AI models and our other, you know, indications of attack or our indicators of misconfiguration into the model. So we can see whether something's good or bad whilst we're doing that. Obviously we're also working on building specific senses that will then sit in OT devices down, you know, one layer down from rather being collected and pulled and brought into the platform, being collected at the individual sensor level when we have that completed. And that requires a whole different ecosystem for us, it means that we have to engage with organizations like Rockwell and Siemens and Schneider, because they're the people who own the equipment, right? Yeah. And we have to certify with them to make sure that when we put technology onto their equipment, we're not going to cause any kind of critical failure that, you know, that could have genuine real world physical disastrous consequences. So we have to be super careful with how we build that, which we're we're in the process of >>Doing are the IOA signatures indicator as a tax. So I don't have to throw a dollar in the jar. Are the IOA signatures substantially similar at, at the edge, or >>I think we learn as we go, you know, first we have to gain the information and understand what good and bad looks like, what the kind of behaviors are there. But what we will see is that, you know, as someone's trying to, there's an actor, you know, making an attack, you know, will be able to see how they're affecting each of those endpoints individually, whether they're trying to take some form of control, whether they're switching them on and off in the edge and the far edge, it's a little bit more binary in terms of the kind of function of the device. It is the valve open or is the valve closed? It's is the production line running or is the production not line running, not running. So we need to be able to see that it's more about protecting the outcomes there as well. But again, you know, it's about first, we have to get the information. That's what this product will help us do, get it into the platform, get our teams over the top of it, learn more about what's going on there and then be able to take action. >>But the key point is the architecture will scale. And that's where the cloud native things comes >>Into. Yeah, it'll, it'll it'll scale. But to your, to your point about the lack of investment and infrastructure means older stuff means potentially wider gaps, bigger security holes, more opportunity for the security sector. Yep. I buy that. That makes sense. I think if it's a valid argument, when you, when you, when you know, we, we loosely talk about internet of things, edge, a lot of those things on the edge, there's probably a trillion dollars worth of a hundred year old garbage, and I'm only slightly exaggerating on the trillion and the a hundred years old, a lot of those critical devices that need to be sensed that are controlling our, our, our, our electrical grid. For example, a lot of those things need to be updated. So, so as you're pushing into that frontier, are you, you know, are, are you extending out developer kits and APIs to those people as they're developing those new things? Well, because some of the old stuff will never work. >>And that's what we're we're seeing is that there is a movement within the industrial control side of things to actually start, you know, doing this. Some, some simple things like removing the air gap from certain systems because you, now we can build a system around it. That's trustable and supportable. So now we can get access there over, over and over a network over the internet to, to, to kind of control a valve set that's down a pipeline or something like that. So there is, there is, there is willingness within the ecosystem, the, the IOT provider ecosystem to give us access to some of those, those controls, which, which wasn't there, which has led to some of some of these issues. Are we gonna be able to get to all of them? No, we're gonna have to make decisions based on customer demand, based on where the big, the big rock lie. And, and so we will continue to do that based on customer feedback on again, on what we see >>And the legacy air gaps in the OT worlds were by design for security reasons, or just sort of >>Mostly because there was no way to, to do before. Right. So it was, was like black >>Connectivity is >>So, so, so it was, people felt more comfortable sending an engineer route to the field truck roll. Yeah, yeah, yeah. To do it rather than expensive, rather. And, and exactly that, again, going back to our macro economic situation, you know, it's a very expensive way of managing and maintaining your fleet if you have to send someone to it every time. So there is a lot of there's, there's a lot of customer demand for change, and we're engaging in that change. And we want, we see a huge opportunity there >>Coming back to the X XDR Alliance, cuz that's kind of where we started. Where do you wanna see that go? What's your vision for that? >>So the Alliance itself has been fundamental in terms of now where we go with the overall platform. We are always constantly looking for customer feedback on where we go next on what additional elements to add that the Alliance members have been this fantastic time and effort in terms of engaging with us so that we can build in responses to their platforms, into, you know, into, into what we do. And they're seeing the value of it. I, I feel that over the next, you know, over the next two year period, we're gonna see those, our XDR Alliance and other XDR alliances growing out to get to each other and they will they'll touch each other. We will have to do it like the OSF project at AWS. And as that occurs, we're gonna be able to focus on customer outcomes, which is, you know, again, if you listen to George, you listen to Mike protecting the customers, the mission of CrowdStrike. So I think that's core to that, to, to that story. What we will see now is it's a great vehicle for us to give a structured approach to partnership. So we'll continue to invest in that. We've, we've got, we've got a pipeline of literally hundreds of, of partners who want to join. We've just gotta do that in a way that's consumable for us and consumable for the customer. >>Jeff Swain. Thanks so much for coming back in the cube. It's great to have you. Yeah. Thanks guys. Thank you. Okay. And thank you for watching Dave Nicholson and Dave ante. We'll be back right after this short break. You're watching the cube from Falcon 22 in Las Vegas, right back.

(intro music) >> Hi everybody. Dave Vellante, back with Day Two coverage, we're live at the ARIA Hotel in Las Vegas for fal.con '22. Several thousand people here today. The keynote was, it was a little light. I think people were out late last night, but the keynote was outstanding and it's still going on. We had to break early because we have to strike early today, but we're really excited to have Stephan Goldberg here, Vice President of Technology Alliances at Claroty. And we're going to talk about an extremely important topic, which is the internet of things, the edge, we talk about it a lot. We haven't covered securing the edge here at theCUBE this week. And so Stephan really excited to have you on. >> Thank you for having me. >> You're very welcome. Tell us more about Claroty, C-L-A-R-O-T-Y, a very interesting spelling, but what's it all about? >> Claroty is cybersecurity company that specializes in cyber physical systems, also known as operational technology systems and the extended internet of things. The difference between the traditional IoT and what what everyone calls an IoT in the cyber physical system is that an IoT device has anything connected on the network that traditionally cannot carry an agent, a security camera, a card reader. A cyber physical system is a system that has influence and operates in the physical world but is controlled from the cyberspace. An example would be a controller, a turbine, a robotic arm, or an MRI machine. >> Yeah, so those are really high-end systems, run, are looked after by engineers, not necessarily consumers. So what's what's happening in that world? I mean, we've talked a lot on theCUBE about the schism between OT and IT, they haven't really talked a lot, but in the last several years, they've started to talk more. You look at the ecosystem of IoT providers. I mean, it's companies like Hitachi and PTC and Siemens. I mean, it's the different names than we're used to in IT. What are the big trends that you're seeing the macro? >> So, first of all, traditionally, most manufacturers and environments that were heavy on operations, operational technology, they had the networks air-gapped, completely separated. You had your IT network for business administration, you had the OT network to actually build stuff. Today with emerging technologies and even modern switching architecture everything is being converged. You have the same physical infrastructure in terms of networking, that carries both networks. Sometimes a human error, sometimes a business logic that needs to interconnect these networks to transmit data from the OT side of the house, to the IT side of the house, exposes the OT environment to cyber threats. >> Was that air-gap by design or was it just that there wasn't connectivity? >> It was air-gap by design, due to security and operational reasons, and also ownership in these organizations. The IT-managed space was completely separate from the OT-managed space. So whoever built a network for the controllers to build a car, for example, was an automation engineer and the vendors, that have built these networks, were automation vendors, unlike the traditional Ciscos of the world, that we're specializing in IT. Today we're seeing the IT vendors on the OT side, and the OT vendors, they're worried about the IT side. >> But I mean, tradition, I mean, engineers are control freaks. No offense, but, I'm glad they are, I'm thankful for that. So there must have been some initial reticence to them connecting up these air-gap systems. They went wanted to make sure that they were secure, that they did it right, and presumably that's where you guys come in. What are the exposures and risks of these, of this critical infrastructure that we should be aware of? >> So you're completely right. And from an operational perspective let let's call it change control is very rigorous. So they did not want to go on the internet and just, we're seeing it with adoption of cloud technologies, for example. Cloud as in industry four ago, five ago, cloud as in cyber security. We all heard Amol's keynote from this morning talking about critical infrastructures and we'll touch upon our partnership in a second, but CrowdStrike, CrowdStrike being considered and deployed within these environments is a new thing. It's a new thing because the OT operation managers and the chief information security officers, they understand that air-gap is no longer a valid strategy. From a business perspective, these networks are already connected. We're seeing the trends of cyber attacks, IT cyber attacks, like not Patreon, I'm not talking about the Stoxnet, the targeted OT. I'm talking about WannaCry, EternalBlue, IT vulnerabilities that did not target OT, but due to the outdated and the specification of OT posture on the networks, they hit healthcare, they hit OT much harder than they did IT. >> Was Log4J, did that sleep into OT, or any IT that. >> So, absolutely. >> So Log4J right, which was so pervasive, like so many of these malwares. >> All these vulnerabilities that, it's a windows vulnerability, it has nothing to do with OT. But then when you stop and you say, hold on, my human machine interface workstation, although it has some proprietary software by Rockwell or Siemens running on it, what is the underlying operating system? Oh, hold on, it's Windows. We haven't updated that for like eight years. We were focused on updating the software but not the underlying operating system. The vulnerabilities exist to a greater extent on the OT side of the house because of the same characteristic of operational technology environments. >> So the brute force air-gap approach was no longer viable because the business imperative came in and said, no, we have to connect these systems to digitally transform, or advance our business, there's opportunities to monetize, whatever it was. The business laid that out as an imperative. So now OT engineers have to rethink how they secure it. So what are the steps that they're taking and how does Claroty help? Is there a sort of a playbook, a sequential playbook? >> Absolutely, so before we discussed the maturity curve of adopting an CPS security, or OT security technology, let's touch upon the characteristic of the space and what it led vendors like Claroty to build. So you have the rigorous chain control. You have the security in mind, operations, lowered the risk state of mind. That led vendors, likes of Claroty, to build a solution. And I'm talking about seven, eight years ago, to be passive, mostly passive or passive only to inspect network and to analyze network and focus on detection rather than taking action like response or preventative maintenance. >> Um-hmm. >> It made vendors to build on-prem solutions because of the cloud-averse state of mind of this industry. And because OT is very specific, it led vendors to focus only on OT devices, overlooking what we discussed as IoT, Unfortunately, besides HMI and PLC, the controller in the plant, you also have the security camera. So when you install an OT security solution I'm talking about the traditional ones, they traditionally overlook the security camera or anything that is not considered traditional OT. These three observations, although they were necessary in the beginning, you understand the shortcomings of it today. >> Um-hmm. >> So cloud-averse led to on-prem which leads to war security. It's like comparing CrowdStrike and one of its traditional competitors in the antivirus space. What CrowdStrike innovated is the SaaS first, cloud-native solution that is continuously being updated and provide the best in cloud security, right? And that is very much like what Claroty's building. We decided to go SaaS first and cloud-native solution. >> So, because of cloud-aversion, the industry shows somewhat outdated deployment models, on-prem, which limited scale and created greater diversity, more stovepipes, all the problems that we always talk about. Okay, and so is the answer to that, just becoming more cloud, having more of an affinity to cloud? That was a starting point, right. >> This is exactly it. Air-gap is perceived as secured, but you don't get updates and you don't really know what's going on in your network. If you have a Claroty or a crosswork installer, you have much higher probability detecting fast and responding fast. If you don't have it, you are just blind. You will be bridged, that's the. >> I was going to say, plus, air-gap, it's true, but people can get through air-gaps, too. I mean, it's harder, but Stoxnet. Yeah, look at Stoxnet right, oh, it's mopping the floor, boom, or however it happened, but so yeah. >> Correct. >> So, but the point being, you know, assume that breach, even though I know CrowdStrike thinks that the unstoppable breach is a myth, but you know, you talk to people like Kevin Mandia, it's like, we assume you're going to get breached, right? Let's make that assumption. Yeah, okay, and so that means you've got to have visibility into the network. So what are those steps that you would, what's that maturity model that you referenced before? >> So on top of these underlying principles, which is cloud-native, comprehensive, not OT only, but XIoT, and then bring that the verticalization and OT specificity. On top of that, you're exactly right. There is a maturity curve. You cannot boil the ocean, deploy protections, and change the environment within one day. It starts with discovering everything that is connected to your network. Everything from the traditional workstations to the cameras, and of course ending up with the cyber physical systems on the network. That discovery cannot be only a high level profile, it needs to be in depth to the level you need to know application versions of these devices. If you cannot tell the application version you cannot correlate it to a vulnerability, right? Just knowing that's an HMI or that's a PLC by Siemens is insufficient. You need to know the app version, then you can correlate to vulnerability, then you can correlate to risk. This is the next step, risk assessment. You need to put up a score basically, on each one of these devices. A vulnerability score, risk score, in order to prioritize action. >> Um-hmm. >> These two steps are discovery and thinking about the environment. The next two steps are taking action. After we have the prioritized devices discovered on your network, our approach is that you need to ladle in and deploy protections from a preventative perspective. Claroty delivers recommended policies in the form of access control lists or rules. >> Right. >> That can leverage existing infrastructure without touching a device without patching it, just to protect it. The next step would be detection and response. Once you have these policies deployed you also can leverage them to spot policy deviations. >> And that's where CrowdStrike comes in. So talk about how you guys partner with CrowdStrike, what that integration looks like and what the differentiation is. >> So actually the integration with CrowdStrike crosses the the entire customer journey. It starts with visibility. CrowdStrike and us exchange data on the asset level. With the announcement during FalCon, with Falcon Discover for IoT, we are really, really proud working on that with CrowdStrike. Traditionally CrowdStrike discovered and provided data about the IT assets. And we did the same thing with CPS and OT. Today with Falcon Discover for IoT, and us expanding to the XIoT space, both of us look at all devices but we can discover different things. When you merge these data sets you have an unparalleled visibility into any environment, and specifically OT. The integrations continue, and maybe the second spotlight I'll put, but without diminishing the other ones, is detection and response. It's the XDR Alliance. Claroty is very proud to be one of the first partners, XDR Alliance partners, for CrowdStrike, fitting in to the XDR, to CrowdStrike's XDR, the data that is needed to mitigate and respond and get more context about breaches in these OT environments, but also take action. Also trigger action, via Claroty and leverage Claroty's network-centric capabilities to respond. >> We hear a lot. We heard a lot in today's keynote note about the data, the importance of data, of the graph database. How unique is this Stephan, in the industry, in your view? >> The uniqueness of what exactly? >> Of this joint solution, if you will, this capability. >> I told my counterparts from CrowdStrike yesterday, the go-to market ones and the product management ones. If we are successful with Falcon Discover for IoT, and that product matures, as we plan for it to mature, it will change the industry, the OT security industry, for all of us. Not only for Claroty, for all players in this space. And this is why it's so important for us to stay coordinated and support this amazing company to enter this space and provide better security to organizations that really support our lives. >> We got to leave it there, but this is such an important topic. We're seeing in the war in Ukraine, there's a cyber component in the future of war. >> Yes. >> Today. And what do they do? They go after critical infrastructure. So protecting that critical infrastructure is so important, especially for a country like the United States, which has so much critical infrastructure and a lot to lose. So Stephan, thanks so much. >> Thank you. >> For the work that you're doing. It was great to have you on theCUBE. >> Thank you. >> All right, keep it right there. Dave Vellante for theCUBE. We'll be right back from fal.con '22. We're live from the ARIA in Las Vegas. (techno music)

>>Hi, we're back. We're watching, you're watching the cube coverage of Falcon 2022 live from the aria in Las Vegas, Dave Valante with Dave Nicholson and we, yes, folks, there are females in the cyber security industry. Amanda Adams is here. So the vice president of America Alliance at CrowdStrike. Thanks for coming on. >>Thank you so much for having me. >>We it's, it's fantastic to, to actually, as I was starting to wonder, but we >>Do have females in leadership. >>Wait, I'm just kidding. There are plenty of females here, but this cybersecurity industry in general, maybe if we have time, we can talk about that, but I wanna talk about the, the Alliance program, but before I do, yeah. You know, you, you got a nice career here at CrowdStrike, right? You've kind of seen the ascendancy, the rocket ship you've been on it for five years. Yep. So what's that been like? And if you had to put on the binoculars and look five years forward, what can you tell us in that 10 year span? Oh >>My goodness. What a journey it's been over the last five, six years. I've been with CrowdStrike almost six years and really starting with our first core group of partners and building out the alliances, seen obviously the transformation with our sales organization. And as we scaled, I think of our, of our technology. We started with, I think, two products at that time, we were focused on reinventing how our customers thought about NextGen AB but also endpoint detection response. From there, the evolution is really driving towards that cloud security platform, right? How our partners fit into that. And, and how we've evolved is it's not just resell. It's not just focusing on the margin and transactions. We really have focused on building the strategic relationships with our partners, but also our customers and fitting them in that better together story with that CrowdStrike platform. It's been the biggest shift. Yeah. >>And you've got that. The platform chops for that. It's just, I think you're up to 22 modules now. So you're not a point product. You guys make that, that, that point lot now in terms of the, the partners and the ecosystem, you know, it's, it's, it's good here. I mean, it's, this it's buzzing. I've said it's like service. I've said, number of times, it's like service. Now back in 2013, I was there now. They didn't have the down market, the SMB that you have that's right. And I think you you're gonna have an order. You got 20,000 customers. That's right. I predict CrowdStrike's gonna have 200,000. I, I'm not gonna predict when I need to think about that. But, but in thinking about the, the, the co your colleagues and the partners and the skill sets that have evolved, what's critical today. And, and, and what do you see as critical in the future? >>So from a skill set standpoint, if I'm a partner and engaging with CrowdStrike and our customers, if you think about, again, evolving away from just resell, we have eight routes to market. So while that may sound complicated, the way that I like to think about it is that we truly flex to our partners, go to market their business models of what works best for their organization, but also their customers. The way that they've changed, I think from a skillset standpoint is looking beyond just the technology from a platform, building a better together story with our tech Alliance partners or store, if thinking about the XDR Alliance, which we are focusing on, there's so much great value in bringing that to our customers from a skillset standpoint, beyond those services services, we've talked about every day. I know that this is gonna be a top topic for the week yesterday through our partner summit, George, our CEO, as well as Jim Cidel, that's really the opportunity as we expand in new modules. If you think about humo or log scale identity, and then cloud our partners play a critical role when it comes into the cloud migration deployment integration services, really, we're not gonna get bigger from a services organization. And that's where we need our partners to step in. >>Yeah. And, you know, we we've talked a lot about XDR yeah. Already in day one here. Yeah. With, with the X extending into other areas. That's right. I think that services be, would become even more critical at that point, you know, as you spread out into the, really the internet of things that's right. Especially all of the old things that are out there that maybe should be on the internet, but aren't yet. Yeah. But once they are security is important. So what are you doing in that arena from a services perspective to, to bolster that capability? Is it, is it, is it internally, or is it through partners generally? >>It's definitely, I think we look to our partners to extend beyond the core of what we do. We do endpoint really well, right? Our services is one of the best in the business. When you look at instant response, our proactive services, supporting our customers. If you think to XDR of integration, building out those connect air packs with our customers, building the alliances, we really do work with our partners to drive that successful outcome with our customers. But also too, I think about it with our tech alliances of building out the integration that takes a lot of effort and work. We have a great team internally, which will help guide those services to be, to be built. Right. You have to have support when you're building the integrations, which is great, but really from like a tech Alliance and store standpoint, looking to add use cases, add value to more store apps for our customers, that's where we're headed. Right. >>What about developers? Do you see that as a component of the ecosystem in the future? Yeah, >>Without a doubt. I mean, I think that as our partner program evolves right now working with our, our developers, I mean, there's different personas that we work with with our customer standpoint, but from a partner working with them to build our new codes, the integration that's gonna be pretty important. >>So we were, we sort of tongue in cheek at the beginning of this interview yeah. With women in tech. And it's a, it's a topic that, on the cube that we've been very passionate about since day one yep. On the cube. So how'd you get in to this business? H how did your, your career progress, how did you get to where you are? >>You know, I have been incredibly fortunate to have connections, and I think it's who, you know, and your network, not necessarily what, you know, to a certain extent, you have to be smart to make it long term. Right. You have to have integrity. Do what you're saying. You're gonna do. I first started at Cisco and I had a connection of, it was actually a parent of somebody I grew up with. And they're like, you would fit in very nicely to Cisco. And I started with their channel marketing team, learned a ton about the business, how to structure, how to support. And that was the first step into technology. If you would've asked me 20 years ago, what did I wanna do? I actually wanted to be a GM of an organization. And I was coming outta I come on, which is great, which I'm, it really is right up. >>If you knew me, you're like, that actually makes a lot of sense. But coming outta college, I had an opportunity. I was interviewing with the golden state warriors in California, and I was interviewing with Cisco and that I had two ops and I was living in San Jose at the time. The golden state warriors of course paid less. It was a better opportunity in sales, but it was obviously where I wanted to go from athletics. And I grew up in athletics, playing volleyball. Cisco paid me more, and it was in San Jose. And really the, the golden state warriors seemed that I was having that conversation. They said, one year community is gonna be awful. It's awful from San Jose to Oakland, but also too, like you have more money on the table. Go take that. And so I could have very much ended up in athletics, most likely in the back office, somewhere. Like I would love that. And then from there, I went from Cisco. I actually worked for a reseller for quite some time, looking at, or selling into Manhattan when I moved from California to Manhattan, went to tenable. And that was when I shifted really into channel management. I love relationships, getting snow people, building partnerships, seeing that long term, that's really where I thrive. And then from there came to CrowdStrike, which in itself has been an incredible journey. I bet. Yeah. >>Yeah. I think there's an important thread there to pull on. And that is, we, we put a lot of emphasis on stem, which people, some sometimes translate into one thing, writing code that's right. There are, but would you agree? There are many, many, many opportunities in tech that aren't just coding. >>Absolutely. >>And I think I, as a father of three daughters, it's, it's a message that I have shared with them. Yeah. They are not interested in the coding part of things, but still, they need to know that there are so many opportunities and, and it's always, sometimes it's happenstance in terms of finding the opportunity in your case, it was, you know, cosmic connection that's right. But, but that's, you know, that's something that we can foster is that idea that it's not just about the hardcore engineering and coding aspect, it's business >>That's right. So if, if there was one thing that I can walk away from today is I say that all the time, right? If you look at CrowdStrike in our mission, we really don't have a mission statement. We stop breaches every single day. When I come to work and I support our partners, I'm not super technical. I obviously know our technology and I, I enable and train our partners, but I'm not coding. Right. And I make an impact to our business, our partners, more importantly, our customers, every single day, we have folks that you can come from a marketing operations. There is legal, there's finance. I deal with folks all across the business that aren't super technical, but are making a huge impact. And I, I don't think that we talk about the opportunities outside of engineering with the broader groups. We talk about stem a lot, but within college, and I look to see like getting those early in career folks, either through an intern program could be sales, but too, if they don't like, like sales, then they shift into marketing or operations. It's a great way to get into the industry. >>Yeah. But I still think you gotta like tech to be in the tech business. Oh, you >>Do? Yeah. You do. I'm >>Not saying it's like deep down is like, not all of us, but a lot of us are kind of just, you know, well, at least you, >>At least you can't hate it. >>Right. Okay. But so women, 50% of the population, I think the stat is 17% in the technology. Yeah. Industry, maybe it's changed a little bit, but you know, 20% or, or less, why do you think that is? >>I, you know, I always go back to within technology, people hire from their network and people that they know, and usually your network are people that are very like-minded or similar to you. I have referred females into CrowdStrike. It's a priority of mine. I also have a circle that is also men, but also too, if you look at the folks that are hired into CrowdStrike, but also other technology companies, that's the first thing that I go to also too. I think it's a little bit intimidating. Right. I have a very strong personality and I'm very direct, but also too, like I can keep up with our industry when it comes to that stereotypes essentially. And some people maybe are introverted and they're not quite sure where they fit in. Right. Whether it's marketing operations, et cetera. So they, they're not sure of the opportunities or even aware of where to get started. You know what I mean? >>Yeah. I mean, I think there is a, a, a stereotype today, but I'm not sure why it's, is it unique to the, to the technology industry? No. Is it not? Right? It happens >>Thinking, I mean, there's so many industries where healthcare, >>Maybe not so much. Right. Because you know, >>You have nurses versus doctors. I feel like that is flipped. >>Yeah. That's true. Nurses versus doctors. Right. Well, I, I know a lot of women doctors though, but >>Yeah. That's kind of flipped. It's better. >>Yeah. Says >>Flipped over. Yeah. I think it's more women in medical school now, but than than men. But, >>And, and I do think in our industry, you know, when you look at companies like IBM, HPE, Cisco, Dell, and, and, and many others. Yeah. They are making a concerted effort for on round diversity. They typically have somebody who's in charge of diversity. They report, you know, maybe not directly to the CEO, but they certainly have a seat at the table. That's right. And you know, maybe you call it, oh, it's quotas. Maybe the, the old white guys feel, you know, a little slighted, whatever. It's like, nobody's crying for us. I mean, it's not like we got screwed. >>See, I know problema we can do this in Spanish. Oh, oh, >>Oh, you're not a old white guy. Sorry. We can do >>This in Spanish if you want. >>Okay. Here we go. So, no, but, but, but I, so I do think that, that the industry in general, I talked to John Chambers about this recently and he was like, look, we gotta do way better. And I don't disagree with that. But I think that, I think the industry is doing better, but I wonder if like a rocket ship company, like CrowdStrike who has so many other things going on, you know, maybe they gotta get you a certain size. I mean, you've reached escape velocity. You're doing obviously a lot of corporate, you know, good. Yeah. You know, and, and, and, and we just had earlier on we, you know, motor motor guides was very cool. Yeah. So maybe it's a maturity thing. Maybe these larger companies with you crowd size $40 billion market cap, but maybe the, the hundred plus billion dollar market cap companies. I don't know. I don't know. You guys got a bigger market cap than Dell. So >>I, I don't think it's necessarily related to market cap. I think it's the size of the organization of how many roles are open that we currently write. So we're at just over 6,000 employees. If you look at Cisco, how many thousands of employees they have there's >>Right. Maybe a hundred thousand employees. >>That's right. There's >>More opportunities. How many, what's a headcount of crowd strike >>Just over 6,000, >>6,000. So, okay. But >>If you think about the, the areas of opportunity for advancement, and we were talking about this earlier, when you look at early and career or entry level, it's actually quite, even right across the Americas of, we do have a great female population. And then as progression happens, that's where it, it tees off from a, a female in leadership. And we're doing, we're focusing on that, right? Under JC Herrera's leadership, as well as with George. One of the things that I always think is important though, is that you're mindful as, as the female within the organization and that you're out seeking somebody, who's not only a mentor, but is a direct champion for you when you're not in the room. Right. This is true of CrowdStrike. It's true of every organization. You're not gonna be aware of the opportunities as the roles are being created. And really, as the roles are being created, they probably have somebody in mind. Right. And so if you have somebody that's in that room says, you know what, Amanda Adams would be perfect for that. Let's go talk to her about it. You have to have somebody who's your champion. Yeah. >>There there's, there's, there's a saying that 80% of the most important moments in your life happen in your absence. Yeah. And that's exactly right. You know, when they're, when someone needs to be there to champion, you, >>Did that happen for you? >>Yes. I have a very strong champion. >>So I mean, I, my observation is if, if you are a woman in tech and you're in a senior leadership position, like you are, or you're a, you're a general manager or a P and L manager or a CEO, you have to be so incredibly talented because all things being equal, maybe it's changing somewhat in some of those companies I talked about, but for the last 30 years, all takes be equal. A, a, a woman is gonna lose out to a man who is as qualified. And, and I think that's maybe slowly changing. Maybe you agree with that, maybe you don't. And maybe that's, some people think that's unfair, but you know, think about people of color. Right. They, they, they, they grew up with less op opportunities for education. And this is just the statistics that's right. Right. So should society overcompensate for that? I personally think, yes, the, the answer is just, they should, there should still be some type of meritocracy that's right. You know, but society has a responsibility to, you know, rise up all ships. >>I think there's a couple ways that you can address that through Falcon funds, scholarship programs, absolutely. Looking at supporting folks that are coming outta school, our internship program, providing those opportunities, but then just being mindful right. Of whether or not you publish the stats or not. We do have somebody who's responsible for D I, within CrowdStrike. They are looking at that and at least taking that step to understand what can we do to support the advancement across minorities. But also women is really, really important. >>Did you not have a good educational opportunity when you were growing up where you're like you had to me? Yeah, no, seriously, >>No. Seriously. I went to pretty scary schools. Right. >>Okay. So you could have gone down a really bad path. >>I, a lot of people that I grew up with went down really, really bad paths. I think the inflection point at, at least for me what the inflection point was becoming aware of this entire universe. Yeah. I was, I was headed down a path where I wasn't aware that any of this existed, when I got out of college, they were advertising in the newspaper for Cisco sales engineers, $150,000 a year. We will train. I'm a smart guy. I had no idea what that meant. Right. I could have easily gone and gotten one of those jobs. It was seven or eight years before I intersected with the tech world again. And so, you know, kind of parallel with your experience with you had someone randomly, it's like, you'd be great at Cisco. Yeah. But if, if you're not around that, and so you take people in different communities who are just, this might as well be a different planet. Yes. Yeah. The idea of eating in a restaurant where someone is serving you, food is uncomfortable, right? The idea of checking into a hotel, the idea of flying somewhere on an airplane, we talk about imposter syndrome. That's right. There are deep seated discomfort levels that people have because they just, this is completely foreign, but >>You're saying you could have foreign, you could have gone down a path where selling drugs or jacking cars was, was, was lucrative. >>I had, I had, yeah. I mean, we're getting, we're getting like deep into societal things. I was, I was very lucky. My parents were very, very young, but they're still together to this day. I had loving parents. We were very, very poor. We were surrounded by really, really, really bad stuff. So. >>Okay. So, so, okay. So this, >>I, I don't, I don't compare my situation to others. >>White woman. That's I guess this is my point. Yeah. The dynamic is different than, than a kid who grew up in the inner city. Yes. Right. And, and, and they're both important to address, but yeah. I think you gotta address them in different ways. >>Yes. But if they're, but if they're both completely ignorant of this, >>They don't know it. So it's lack of >>A, they'll never be here. >>You >>Never be here. And it's such a huge, this is such a huge difference from the rest of the world and from the rest, from the rest of our economy. >>So what would you tell a young girl? My daughters, aren't interested in tech. They want to go into fashion or healthcare, whatever Dave's daughters maybe would be a young girl, preteen, maybe teen interested in, not sure which path, why tech, what would advice would you give? >>I think just understanding what you enjoy about life, right? Like which skills are you great at? What characteristics about roles and not really focusing on a specific product. Definitely not cybersecurity versus like the broader network. I mean, literally what do you enjoy doing? And then the roles of, you know, from the skillset that's needed, whether that be marketing, and then you can start to dive into, do I wanna support marketing for a corporate environment for retail, for technology like that will come and follow your passion, which I know is so easy to say, right? But if you're passionate about certain things, I love relationships. I think that holding myself from integrity standpoint, leading with integrity, but building strong relationships on trust, that's something I take really pride in and what I get enjoyment with. It's >>Obviously your superpower. >>It, >>It is. >>But >>Then it will go back to OST too, just being authentic in the process of building those relationships, being direct to the transparency of understanding, like again, knowing what you're good at and then where you can fit into an organization, awareness of technology opportunities, I think will all lend that to. But I also wouldn't worry, like when I was 17 year old, I, I thought I would be playing volleyball in college and then going to work for a professional sports team. You know, life works out very differently. Yeah. >>Right. And then, and for those of you out there, so I love that. Thank you for that great interview. Really appreciate letting us go far field for those of you might say, well, I don't know, man. I don't know what my passion is. I'll give you a line from my daughter, Alicia, you don't learn a lot for your kids. She said, well, if you don't know what your passion is, follow your curiosity. That's great. There you go. Amanda Adams. Thanks so much. It was great to have you on. Okay. Thank you. Keep it right there. We're back with George Kurtz. We're to the short break. Dave ante, Dave Nicholson. You watching the cube from Falcon 22 in Las Vegas.