>> TheCUBE presents Ignite 22 brought to you by Palo Alto Networks. >> Welcome back to Las Vegas, everyone. We're glad you're with us. This is theCUBE live at Palo Alto Ignite 22 at the MGM Grant in Las Vegas. Lisa Martin here with Dave Vellante, day one of our coverage. We've had great conversations. The cybersecurity landscape is so interesting Dave, it's such a challenging problem to solve but it's so diverse and dynamic at the same time. >> You know, Lisa theCUBE started in May of 2010 in Boston. We called it the chowder event, chowder and Lobster. It was a EMC world, 2010. BJ Jenkins, who's here, of course, was a longtime friend of theCUBE and made the, made the transition into from, well, it's still data, data to, to cyber. So >> True. And BJ is back with us. BJ Jenkins, president Palo Alto Networks great to have you back on theCUBE. >> It is great to be here in person on theCube >> Isn't it great? >> In Vegas. It's awesome. >> And we can tell by your voice will be, will be gentle. You, you've been in Vegas typical Vegas occupational hazard of losing the voice. >> Yeah. It was one of the benefits of Covid. I didn't lose my voice at home sitting talking to a TV. You lose it when you come to Vegas. >> Exactly. >> But it's a small price to pay. >> So things kick off yesterday with the partner summit. You had a keynote then, you had a customer, a CISO on stage. You had a keynote today, which we didn't get to see. But talk to us a little bit about the lay of the land. What are you hearing from CISOs, from CIOs as we know security is a board level conversation. >> Yeah, I, you know it's been an interesting three or four months here. Let me start with that. I think, cybersecurity in general is still front and center on CIOs and CISO's minds. It has to be, if you saw Wendy's presentation today and the threats out there companies have to have it front and center. I do think it's been interesting though with the macro uncertainty. We've taken to calling this year the revenge of the CFO and you know these deals in cybersecurity are still a top priority but they're getting finance and procurements, scrutiny which I think in this environment is a necessity but it's still a, you know, number one number two imperative no matter who you talked to, in my mind >> It was interesting what Nikesh was saying in the last conference call that, hey we just have to get more approvals. We know this. We're, we're bringing more go-to-market people on board. We, we have, we're filling the pipeline 'cause we know they're going to split up deals big deals go into smaller chunks. So the question I have for you is is how are you able to successfully integrate those people so that you can get ahead of that sort of macro transition? >> Yeah I, you know, I think there's two things I'd say about uncertain macro situations and Dave, you know how old I am. I'm pretty old. I've been through a lot of cycles. And in those cycles I've always found stronger companies with stronger value proposition separate themselves actually in uncertain, economic times. And so I think there's actually an opportunity here. The message tilts a little bit though where it's been about innovation and new threat vectors to one of you have 20, 30, 40 vendors you can consolidate become more effective in your security posture and save money on your TCOs. So one of the things as we bring people on board it's training them on that business value proposition. How do you take a customer who's got 20 or 30 tools take 'em down to 5 or 10 where Palo is more central and strategic and be able to demonstrate that value. So we do that through, we're making a huge investment in our people but macroeconomic times also puts some stronger people back on the market and we're able to incorporate them into the business. >> What are the conditions that are necessary for that consolidation? Like I would imagine if you're, if you're a big customer of a big, you know, competitor of yours that that migration is going to be harder than if you're dealing with lots of little point tools. Do those, do those point tools, are they sort of is it the end of the subscription? Is it just stuff that's off the books now? What's, the condition that is ripe for that kind of consolidation? >> Look, I think the challenge coming into this year was skills. And so customers had all of these point products. It required a lot more human intervention as Nikesh was talking about to integrate them or make them work. And as all of us know finding people with cybersecurity skills over the last 12 months has been incredibly hard. That drove, if you know, if you think about that a CIO and a CISO sitting there going, I have all all this investment in tools. I don't have the people to operate 'em. What do I need to do? What we tried to do is elevate that conversation because in a customer, everybody who's bought one of those, they they bought it to solve a problem. And there's people with affinity for that tool. They're not just going to say I want to get consolidated and give up my tool. They're going to wrap their arms around it. And so what we needed to do and this changed our ecosystem strategy too how we leverage partners. We needed to get into the CIO and CISO and say look at this chaos you have here and the challenges around people that it's, it's presenting you. We can help solve that by, by standardizing, consolidating taking that integration away from you as Nikesh talked about, and making it easier for your your high skill people to work on high skill, you know high challenges in there. >> Let chaos reign, and then reign in the chaos. >> Yes. >> Andy Grove. >> I was looking at some stats that there's 26 million developers but less than 3 million cybersecurity professionals. >> Talked about that skills gap and what CISOs and CIOs are facing is do you consider from a value prop perspective Palo Alto Networks to be a, a facilitator of helping organizations deal with that skills gap? >> I think there's a short term and a long term. I think Nikesh today talked about the long term that we'll never win this battle with human beings. We're going to have to win it with automation. That, that's the long term the short term right here and now is that people need people with cybersecurity skills. Now what we're trying to do, you know, is multifaceted. We work with universities to standardize programs to develop skills that people can come into the marketplace with. We run our own programs inside the company. We have a cloud academy program now where we take people high aptitude for sales and technical aptitude and we will put them through a six month boot camp on cloud and they'll come out of that ready to really work with the leading experts in cloud security. The third angle is partners, right, there are partners in the marketplace who want to drive their business into high services areas. They have people, they know how to train. We give them, we partner with them to give them training. Hopefully that helps solve some of the short-term gaps that are out there today. >> So you made the jump from data storage to security and >> Yeah. >> You know, network security, all kinds of security. What was that like? What you must have learned a lot in the last better part of a decade? >> Yeah. >> Take us through that. >> You know, so the first jump was from EMC. I was 15 years there to be CEO of Barracuda. And you know, it was interesting because EMC was, you know large enterprise for the most part. At Barracuda we had, you know 250,000 small and mid-size enterprises. And it was, it's interesting to get into security in small and mid-size businesses because, you know Wendy today was talking about nation states. For small and mid-size business, it's common thievery right? It's ransomware, it's, and, those customers don't have, you know, the human and financial resources to keep up with the threat factor. So, you know, Nikesh talked about how it's taken 'em four and a half years to get into cybersecurity. I remember my first week at Barracuda, I was talking with a customer who had, you know, breached data shut down. There wasn't much bitcoin back then so it was just a pure ransom. And I'm like, wow, this is, you know, incredible industry. So it's been a good, you know, transition for me. I still think data is at the heart of all of this. Right? And I have always believed there's a strong connection between the things I learned growing up at EMC and what I put into practice today at Palo Alto Networks. >> And how about a culture because I, you know I know have observed the EMC culture >> Yeah. >> And you were there in really the heyday. >> Yeah. >> Right? Which was an awesome place. And it seems like Palo Alto obviously, different times but you know, similar like laser focus on solving problems, you know, obviously great, you know value sellers, you know, you guys aren't the commodity >> Yeah. For Product. But there seemed to be some similarities from afar. I don't know Palo Alto as well as I know EMC. >> I think there's a lot. When I joined EMC, it was about, it was 2 billion in in revenue and I think when I left it was over 20, 20, 21. And, you know, we're at, you know hopefully 5, 5 5 in revenue. I feel like it's this very similar, there's a sense of urgency, there's an incredible focus on the customer. you know, Near and Moche are definitely different individuals but the both same kind of disruptive, Israeli force out there driving the business. There are a lot of similarities. I, you know, the passion, I feel privileged as a, you know go to market person that I have this incredible portfolio to go, you know, work with customers on. It's a lucky position to be in, but very I feel like it is a movie I've seen before. >> Yeah. And but, and the course, the challenges from the, the target that you're disrupting is different. It was, you know, EMC had a lot of big, you know IBM obviously was, you know, bigger target whereas you got thousands of, you know, smaller companies. >> Yes. >> And, and so that's a different dynamic but that's why the consolidation play is so important. >> Look at, that's why I joined Palo Alto Networks when I was at Barracuda for nine years. It just fascinated me, that there was 3000 plus players in security and why didn't security evolve like the storage market did or the server market or network where working >> Yeah, right. >> You know, two or three big gorillas came to, to dominate those markets. And it's, I think it's what Nikesh talked about today. There was a new problem in best of breed. It was always best of breed. You can never in security go in and, you know, say, Hey it's good I saved us some money but I got the third best product in the marketplace. And there was that kind of gap between products. I, believe in why I joined here I think this is my last gig is we have a chance to change that. And this is the first company as I look from the outside in that had best of breed as, you know Nikesh said 13 categories. >> Yeah. >> And you know, we're in the leaders quadrant and it's a conversation I have with customers. You don't have to sacrifice best of breed but get the benefits of a platform. And I, think that resonates today. I think we have a chance to change the industry from that viewpoint. >> Give us a little view of the voice of the customer. You had, was it Sabre? >> Yeah. >> That was on >> Scott Moser, The CISO from Sabre. >> Give us a view, what are you hearing from the voice of the customer? Obviously they're quite a successful customer but challenges, concerns, the partnership. >> Yeah. Look, I think security is similar to industries where we come up with magic marketing phrases and, you know, things to you know, make you want to procure our solutions. You know, zero trust is one. And you know, you'll talk to customers and they're like, okay, yes. And you know, the government, right? Joe, Joe Biden's putting out zero trust executive orders. And the, the problem is if you talk to customers, it's a journey. They have legacy infrastructure they have business drivers that you know they just don't deal with us. They've got to deal with the business side who's trying to make the money that keeps the, the company going. it's really helped them draw a map from where they're at today to zero trust or to a better security architecture. Or, you know, they're moving their apps into the cloud. How am I going to migrate? Right? Again, that discussion three years ago was around lift and shift, right? Today it's about, well, no I need cloud native developed apps to service the business the way I want to, I want to service it. How do I, so I, I think there's this element of a trusted partner and relationship. And again, I think this is why you can't have 40 or 50 of those. You got to start narrowing it down if you want to be able to meet and beat the threats that are out there for you. So I, you know, the customers, I see a lot of 'em. It's, here's where I'm at help me get here to a better position. And they know it's, you know Scott said in our keynote today, you don't just, you know have layer three firewall policies and decide, okay tomorrow I'm going to go to layer seven. That, that's not how it works. Right? There's, and, and by the way these things are a mission critical type areas. So there's got to be a game plan that you help customers go through to get there. >> Definitely. Last question, my last question for you is, is security being a board level conversation I was reading some stats from a survey I think it was the what's new in Cypress survey that that Palo Alto released today that showed that while significant numbers of organizations think they've got a cyber resiliency playbook, there's a lot of disconnect or lack of alignment at the boardroom. Are you in those conversations? How can you help facilitate that alignment between the executive team and the board when it comes to security being so foundational to any business? >> Yeah, it's, I've been on three, four public company boards. I'm on, I'm on two today. I would say four years ago, this was a almost a taboo topic. It was a, put your head in the sand and pray to God nothing happened. And you know, the world has changed significantly. And because of the number of breaches the impact it's had on brand, boards have to think about this in duty of care and their fiduciary duty. Okay. So then you start with a board that may not have the technical skills. The first problem the security industry had is how do I explain your risk profile in a way you can understand it. I'm, I'm on the board of Generac that makes home generators. It's a manufacturing, you know, company but they put Wifi modules in their boxes so that the dealers could help do the maintenance on 'em. And all of a sudden these things were getting attacked. Right? And they're being used for bot attacks. >> Yeah. >> Everybody on their board had a manufacturing background. >> Ah. >> So how do you help that board understand the risk they have that's what's changed over the last four years. It's a constant discussion. It's one I have with CISOs where they're like help us put it in layman's terms so they understand they know what we're doing and they feel confident but at the same time understand the marketplace better. And that's a journey for us. >> That Generac example is a great one because, you know, think about IOT Technologies. They've historically been air gaped >> Yes. >> By design. And all of a sudden the business comes in and says, "Hey we can put wifi in there", you know >> Connect it to a home Wifi system that >> Make our lives so much easier. Next thing you know, it's being used to attack. >> Yeah. >> So that's why, as you go around the world are you discerning, I know you were just in Japan are you discerning significant differences in sort of attitudes toward, towards cyber? Whether it's public policy, you know things like regulation where you, they don't want you sharing data, but as as a cyber company, you want to share that data with you know, public and private? >> Look it, I, I think around the world we see incredible government activity first of all. And I think given the position we're in we get to have some unique conversations there. I would say worldwide security is an imperative. I, no matter where I go, you know it's in front of everybody's mind. The, on the, the governance side, it's really what do we need to adapt to make sure we meet local regulations. And I, and I would just tell you Dave there's ways when you do that, and we talk with governments that because of how they want to do it reduce our ability to give them full insight into all the threats and how we can help them. And I do think over time governments understand that we can anonymize the data. There's, but that, that's a work in process. Definitely there is a balance. We need to have privacy, we need to have, you know personal security for people. But there's ways to collect that data in an anonymous way and give better security insight back into the architectures that are out there. >> All right. A little shift the gears here. A little sports question. We've had some great Boston's sports guests on theCUBE right? I mean, Randy Seidel, we were talking about him. Peter McKay, Snyk, I guess he's a competitor now but you know, there's no question got >> He got a little funding today. I saw that. >> Down round. But they still got a lot of money. Not of a down round, but they were, but yeah, but actually, you know, he was on several years ago and it was around the time they were talking about trading Brady. He said Never trade Brady. And he got that right. We, I think we can agree Brady's the goat. >> Yes. >> The big question I have for you is, Belichick. Do you ever question Has your belief in him as the greatest coach of all time wavered, you know, now that- No. Okay. >> Never. >> Weigh in on that. >> Never, he says >> Still the Goat. >> I'll give you my best. You know, never In Bill we trust. >> Okay. Still. >> All right >> I, you know, the NFL is a unique property that's designed for parody and is designed, I mean actively designed to not let Mr. Craft and Bill Belichick do what they do every year. I feel privileged as a Boston sports fan that in our worst years we're in the seventh playoff spot. And I have a lot of family in Chicago who would kill for that position, by the way. And you know, they're in perpetual rebuilding. And so look, and I think he, you know the way he's been able to manage the cap and the skill levels, I think we have a top five defense. There's different ways to win titles. And if I, you know, remember in Brady's last title with Boston, the defense won us that Super Bowl. >> Well thanks for weighing in on that because there's a lot of crazy talk going on. Like, 'Hey, if he doesn't beat Arizona, he's got to go.' I'm like, what? So, okay, I'm sometimes it takes a good good loyal fan who's maybe, you know, has >> The good news in Boston is we're emotional fans too so I understand you got to keep the long term long term in mind. And we're, we're in a privileged position in Boston. We've got Celtics, we've got Bruins we've got the Patriots right on the edge of the playoffs and we need the Red Sox to get to work. >> Yeah, no, you know they were last, last year so maybe they're going to win it all like they usually do. So >> Fingers crossed. >> Crazy worst to first. >> Exactly. Well you said, in Bill we trust it sounds like from our conversation in BJ we trust from the customers, the partners. >> I hope so. >> Thank you so much BJ, for coming back on theCUBE giving us the lay of the land, what's new, the voice of the customer and how Palo Alto was really differentiated in the market. We always appreciate your, coming on the show you >> Honor and privilege seeing you here. Thanks. >> You may be thinking that you were watching ESPN just now but you know, we call ourselves the ESPN at Tech News. This is Lisa Martin for Dave Vellante and our guest. You're watching theCUBE, the Leader and live emerging in enterprise tech coverage. (upbeat music)

>>All we're back. We're wrapping up day two at Falcon 22 from the area in Las Vegas, CrowdStrike CrowdStrike. The action is crazy. Second day, a keynotes. Sean Henry is back. He's the chief security officer at CrowdStrike. He did a keynote today. Sean. Good to see you. Thanks for coming >>Back. Good. See you, Dave. Thanks for having me. >>So, unfortunately, I wasn't able to see your keynote cuz I had to come do cube interviews. You interviewed Kimbo Walden from, from, you know, white house, right? >>National cyber security >>Director. We're gonna talk about that. We're gonna talk about Overwatch, your threat hunting report. I want to share the results with our audience, but start with your, well actually start with the event. We're now in day two, you've had a good chance to talk to customers and partners. What are, what are your observations? Yeah, >>It's first of all, it's been an amazing event over 2200 attendees here. It's really taking top three floors at the area hotel and we've got partners and customers, employees, and to see the excitement and the level of collaboration here is absolutely phenomenal. All these different organizations that are each have a piece of cyber security to see them coming together, all in support of how do you stop breaches? How do you work together to do it? It's really been absolutely phenomenal. You're >>Gonna love the collaboration. We kind of talked about this on our earlier segment is the industry has to do a better job and has been doing a better job. You know, I think you and Kevin laid that out pretty well. So tell me about the interview with the fireside chat with Kimba. What was that like? What topics came up? >>Yeah. Kimba is the principal, deputy national cyber security advisor. She's been there for just four months. She spent over 10 years at DHS, but she most recently came from the private sector in cybersecurity. So she's got that the experience as a private sector expert, as well as a public sector expert and to see her come together in that position. It was great. We talked a lot about some of the strategies the white house is looking to put forth in their new cybersecurity strategy. There was recently an executive order, right? That the, the president put forth that talks about a lot of the things that we're doing here. So for example, the executive order talks about a lot of the legacy type of capabilities being put to pasture and about the government embracing cloud, embracing threat, hunting, embracing EDR, embracing zero trust and identity protection. Those are all the things that the private sector has been moving towards over the last year or two. That's what this is all about here. But to see the white house put that out, that all government agencies will now be embracing that I think it puts them on a much shorter footing and it allows the government to be able to identify vulnerabilities before they get exploited. It allows them to much more quickly identify, have visibility and respond to, to threats. So the government in infrastructure will be safer. And it was really nice to hear her talk about that and about how the private sector can work with the government. >>So you know how this works, you know, having been in the bureau. But so it's the, these executive orders. A lot of times people think, oh, it's just symbolic. And there are a couple of aspects of it. One is president Biden really impressed upon the private sector to, you know, amp it up to, to really focus and do a better job. But also as you pointed out that executive order can adjudicate what government agencies must do must prioritize. So it's more than symbolic. It's actually taking action. Isn't >>It? Yeah. I, I, I think it, I think it's both. I think it's important for the government to lead in this area because while a, a large portion of infrastructure, major companies, they understand this, there is still a whole section of private sector organizations that don't understand this and to see the white house, roll it out. I think that's good leadership and that is symbolic. But then to your second point to mandate that government agencies do this, it really pushes those. That might be a bit reluctant. It pushes them forward. And I think this is the, the, the type of action that as it starts to roll out and people become more comfortable and they start to see the successes. They understand that they're becoming safer, that they're reducing risk. It really is kind of a self-fulfilling prophecy and we see things become much safer. Did, >>Did you guys talk about Ukraine? Was that, was that off limits or did that come up at all? >>It wasn't, it wasn't off limits, but we didn't talk about it because there are so many other things we were discussing. We were talking about this, the cyber security workforce, for example, and the huge gap in the number of people who have the expertise, the capability and the, and the opportunities to them to come into cyber security technology broadly, but then cyber security as a sub sub component of that. And some of the programs, they just had a big cyber workforce strategy. They invited a lot of people from the private sector to have this conversation about how do you focus on stem? How do you get younger people? How do you get women involved? So getting maybe perhaps to the untapped individuals that would step forward and be an important stop gap and an important component to this dearth of talent and it's absolutely needed. So that was, was one thing. There were a number of other things. Yeah. >>So I mean, pre pandemic, I thought the number was 350,000 open cybersecurity jobs. I heard a number yesterday just in the us. And you might have even told me this 7, 7 50. So it's doubled in just free to post isolation economy. I don't know what the stats are, but too big. Well, as a, as a CSO, how much can automation do to, to close that gap? You know, we were talking earlier on the cube about, you gotta keep the humans in the loop, you, you, the, the, the, the Nirvana of the machines will just take care of everything is just probably not gonna happen anytime in the near term, even midterm or long term, but, but, but how can automation play and help close that gap? So >>The, the automation piece is, is what allows this to scale. You know, if we had one company with a hundred endpoints and we had a couple of folks there, you could do it with humans. A lot of it when you're talking about hundreds of millions of endpoints spread around the globe, you're talking about literally trillions of events every week that are being identified, evaluated and determined whether they're malicious or not. You have to have automation and to have using the cloud, using AI, using machine learning, to sort through, and really look for the malicious needle in a stack of needle. So you've gotta get that fidelity, that fine tune review. And you can only do that with automation. What you gotta remember, Dave, is that there's a human being at the end of every one of these attacks. So we've got the bad guys, have humans there, they're using the technology to scale. We're using the technology to scale to detect them. But then when you get down to the really malicious activity, having human beings involved is gonna take it to another level and allow you to eradicate the adversaries from the environment. >>Okay. So they'll use machines to knock on the door when that door gets opened and they're in, and they're saying, okay, where do we go from here? And they're directing strategy. Absolutely. I, I spent, I think gave me a sta I, I wonder if I wrote it down correctly, 2 trillion events per day. Yeah. That you guys see is that I write that down. Right? >>You did. It changes just like the number of jobs. It changes when I started talking about this just a, a year and a half ago, it was a billion a day. And when you look at how it's multiplied exponentially, and that will continue because of the number of applications, because of the number of devices as that gets bigger, the number of events gets bigger. And that's one of the problems that we have here is the spread of the network. The vulnerability, the environment is getting bigger and bigger and bigger as it gets bigger, more opportunities for bad guys to exploit vulnerabilities. >>Yeah. And we, we were talking earlier about IOT and extending, you know, that, that threats surface as well, talk about the Overwatch threat hunting report. What is that? How, how often have you run it? And I'd love to get into some of the results. Yeah. >>So Overwatch is a service that we offer where we have 24 by seven threat hunters that are operating in our customer environments. They're hunting, looking for, looking for malicious activity, malicious behavior. And to the point you just made earlier, where we use automation to sort out and filter what is clearly bad. When an adversary does get what we call fingers on the keyboard. So they're in the box and now a human being, they get a hit on their automated attack. They get a hit that, Hey, we're in, it's kind of the equivalent of looking at the Bober while you're fishing. Yeah. When you see the barber move, then the fisherman jumps up from his nap and starts to reel it in similar. They jump on the keyboard fingers on the keyboard. Our Overwatch team is detecting them very, very quickly. So we found 77,000 potential intrusions this past year in 2021, up to the end of June one, one every seven minutes from those detections. >>When we saw these detections, we were able to identify unusual adversary behavior that we'd not necessar necessarily seen before we call it indicators of attack. What does that mean? It means we're seeing an adversary, taking a new action, using a new tactic. Our Overwatch team can take that from watching it to human beings. They take it, they give it to our, our engineering team and they can write detections, which now become automated, right? So you have, you have all the automation that filters out all the bad stuff. One gets through a bad guy, jumps up, he's on the keyboard. And now he's starting to execute commands on the system. Our team sees that pulls those commands out. They're unusual. We've not seen 'em before we give it to our engineering team. They write detections that now all become automated. So because of that, we stopped over with the 77,000 attacks that we identified. We stopped over a million new attacks that would've come in and exploited a network. So it really is kind of a big circle where you've got human beings and intelligence and technology, all working together to make the system smarter, to make the people smarter and make the customers safer. And you're >>Seeing new IAS pop up all the time, and you're able to identify those and, and codify 'em. Now you've announced at reinforced, I, I, in July in Boston, you announced the threat hunting service, which is also, I think, part of your you're the president as well of that services division, right? So how's that going? What >>What's happening there? What we announced. So we've the Overwatch team has been involved working in customer environments and working on the back end in our cloud for many years. What we've announced is this cloud hunting, where, because of the adoption of the cloud and the movement to the cloud of so many organizations, they're pushing data to the cloud, but we're seeing adversaries really ramp up their attacks against the cloud. So we're hunting in Google cloud in Microsoft Azure cloud in AWS, looking for anomalous behavior, very similar to what we do in customer environments, looking for anomalous behavior, looking for credential exploitation, looking for lateral movement. And we are having a great success there because as that target space increases, there's a much greater need for customers to ensure that it's protected. So >>The cloud obviously is very secure. You got some of the best experts in the planet inside of hyperscale companies. So, and whether it's physical security or logical security, they're obviously, you know, doing a good job is the weakness, the seams between where the cloud provider leaves off and the customer has to take over that shared responsibility model, you know, misconfiguring and S3 bucket is the, you know, the common one, but I'm so there like a zillion others, where's that weakness. Yeah. >>That, that's exactly right. We see, we see oftentimes the it piece enabling the cloud piece and there's a connectivity there, and there is a seam there. Sometimes we also see misconfiguration, and these are some of the things that our, our cloud hunters will find. They'll identify again, the equivalent of, of walking down the hallway and seeing a door that's unlocked, making sure it's locked before it gets exploited. So they may see active exploitation, which they're negating, but they also are able to help identify vulnerabilities prior to them getting exploited. And, you know, the ability for organizations to successfully manage their infrastructure is a really critical part of this. It's not always malicious actors. It's identifying where the infrastructure can be shored up, make it more resilient so that you can prevent some of these attacks from happening. I >>Heard, heard this week earlier, something I hadn't heard before, but it makes a lot of sense, you know, patch Tuesday means hack Wednesday. And, and so I, I presume that the, the companies releasing patches is like a signal to the bad guys that Hey, you know, free for all go because people aren't necessarily gonna patch. And then the solar winds customers are now circumspect about patches. The very patches that are supposed to protect us with the solar winds hack were the cause of the malware getting in and, you know, reforming, et cetera. So that's a complicated equation. Yeah. >>It, it certainly is a couple, couple parts there to unwind. First, when you, you think about patch Tuesday, there are adversaries often, not always that are already exploiting some of those vulnerabilities in the wild. So it's a zero day. It's not yet been patched in some cases hasn't yet been identified. So you've got people who are actively exploiting. It we've found zero days in the course of our threat hunting. We report them in a, in a, in a responsible way. We've gone to Microsoft. We've told them a couple times in the last few months that we found a zero day and give them an opportunity to patch that before anybody goes public with it, because absolutely right when it does go public, those that didn't know about it before recognize that there will be millions of devices depending on the, the vulnerability that are out there and exploitable. And they will absolutely, it will tell everybody that you can now go to this particular place. And there's an opportunity to gain access, to exploit privileges, depending on the criticality of the patch. >>I, I don't, I, I don't, I'm sorry to generalize, but I wanna ask you about the hacker mindset. Let's say that what you just described a narrow set of hackers knows that there's an unpatched, you know, vulnerability, and they're making money off of that. Will they keep that to themselves? Will they share that with other folks in the net? Will they sell that information? Or is it, is it one of those? It depends. It, >>I was just gonna say, it depends you, you beat me to it. It absolutely depends. All of, all of the above would be the answer. We certainly see organ now a nation state for example, would absolutely keep that to themselves. Yeah. Right. Their goal is very different from an organized crime group, which might sell access. And we see them all the time in the underground selling access. That's how they make money nation states. They want to keep a zero day to themselves. It's something they're able to exploit in some cases for months or years, that that, that vulnerability goes undetected. But a nation state is aware of it and exploiting it. It's a, it's a dangerous game. And it just, I think, exemplifies the importance of ensuring that you're doing everything you can to patch in a timely matter. Well, >>Sean, we appreciate the work that you've done in your previous role and continuing to advance education, knowledge and protection in our industry. Thank you for coming on >>You. Thank you for having me. This is a fantastic event. Really appreciate you being here and helping to educate folks. Yeah. >>You guys do do a great job. Awesome. Set that you built and look forward to future events with you guys. My >>Friends. Thanks so much, Dave. Yeah. Thank >>You. Bye now. All right. Appreciate it. All right, keep it right there. We're gonna wrap up in a moment. Live from Falcon 22. You're watching the cube.

>> We're back at the ARIA Las Vegas. We're covering CrowdStrike's Fal.Con 22. First one since 2019. Dave Vellante and Dave Nicholson on theCUBE. Adam Meyers is here, he is the Senior Vice President of Intelligence at CrowdStrike. Adam, thanks for coming to theCUBE. >> Thanks for having me. >> Interesting times, isn't it? You're very welcome. Senior Vice President of Intelligence, tell us what your role is. >> So I run all of our intelligence offerings. All of our analysts, we have a couple hundred analysts that work at CrowdStrike tracking threat actors. There's 185 threat actors that we track today. We're constantly adding more of them and it requires us to really have that visibility and understand how they operate so that we can inform our other products: our XDR, our Cloud Workload Protections and really integrate all of this around the threat actor. >> So it's that threat hunting capability that CrowdStrike has. That's what you're sort of... >> Well, so think of it this way. When we launched the company 11 years ago yesterday, what we wanted to do was to tell customers, to tell people that, well, you don't have a malware problem, you have an adversary problem. There are humans that are out there conducting these attacks, and if you know who they are what they're up to, how they operate then you're better positioned to defend against them. And so that's really at the core, what CrowdStrike started with and all of our products are powered by intelligence. All of our services are our OverWatch and our Falcon complete, all powered by intelligence because we want to know who the threat actors are and what they're doing so we can stop them. >> So for instance like you can stop known malware. A lot of companies can stop known malware, but you also can stop unknown malware. And I infer that the intelligence is part of that equation, is that right? >> Absolutely. That that's the outcome. That's the output of the intelligence but I could also tell you who these threat actors are, where they're operating out of, show you pictures of some of them, that's the threat intel. We are tracking down to the individual persona in many cases, these various threats whether they be Chinese nation state, Russian threat actors, Iran, North Korea, we track as I said, quite a few of these threats. And over time, we develop a really robust deep knowledge about who they are and how they operate. >> Okay. And we're going to get into some of that, the big four and cyber. But before we do, I want to ask you about the eCrime index stats, the ECX you guys call it a little side joke for all your nerds out there. Maybe you could explain that Adam >> Assembly humor. >> Yeah right, right. So, but, what is that index? You guys, how often do you publish it? What are you learning from that? >> Yeah, so it was modeled off of the Dow Jones industrial average. So if you look at the Dow Jones it's a composite index that was started in the late 1800s. And they took a couple of different companies that were the industrial component of the economy back then, right. Textiles and railroads and coal and steel and things like that. And they use that to approximate the overall health of the economy. So if you take these different stocks together, swizzle 'em together, and figure out some sort of number you could say, look, it's up. The economy's doing good. It's down, not doing so good. So after World War II, everybody was exuberant and positive about the end of the war. The DGI goes up, the oil crisis in the seventies goes down, COVID hits goes up, sorry, goes down. And then everybody realizes that they can use Amazon still and they can still get the things they need goes back up with the eCrime index. We took that approach to say what is the health of the underground economy? When you read about any of these ransomware attacks or data extortion attacks there are criminal groups that are working together in order to get things spammed out or to buy credentials and things like that. And so what the eCrime index does is it takes 24 different observables, right? The price of a ransom, the number of ransom attacks, the fluctuation in cryptocurrency, how much stolen material is being sold for on the underground. And we're constantly computing this number to understand is the eCrime ecosystem healthy? Is it thriving or is it under pressure? And that lets us understand what's going on in the world and kind of contextualize it. Give an example, Microsoft on patch Tuesday releases 56 vulnerabilities. 11 of them are critical. Well guess what? After hack Tuesday. So after patch Tuesday is hack Wednesday. And so all of those 11 vulnerabilities are exploitable. And now you have threat actors that have a whole new array of weapons that they can deploy and bring to bear against their victims after that patch Tuesday. So that's hack Wednesday. Conversely we'll get something like the colonial pipeline. Colonial pipeline attack May of 21, I think it was, comes out and all of the various underground forums where these ransomware operators are doing their business. They freak out because they don't want law enforcement. President Biden is talking about them and he's putting pressure on them. They don't want this ransomware component of what they're doing to bring law enforcement, bring heat on them. So they deplatform them. They kick 'em off. And when they do that, the ransomware stops being as much of a factor at that point in time. And the eCrime index goes down. So we can look at holidays, and right around Thanksgiving, which is coming up pretty soon, it's going to go up because there's so much online commerce with cyber Monday and such, right? You're going to see this increase in online activity; eCrime actors want to take advantage of that. When Christmas comes, they take vacation too; they're going to spend time with their families, so it goes back down and it stays down till around the end of the Russian Orthodox Christmas, which you can probably extrapolate why that is. And then it goes back up. So as it's fluctuating, it gives us the ability to really just start tracking what that economy looks like. >> Realtime indicator of that crypto. >> I mean, you talked about, talked about hack Wednesday, and before that you mentioned, you know, the big four, and I think you said 185 threat actors that you're tracking, is 180, is number 185 on that list? Somebody living in their basement in their mom's basement or are the resources necessary to get on that list? Such that it's like, no, no, no, no. this is very, very organized, large groups of people. Hollywood would have you believe that it's guy with a laptop, hack Wednesday, (Dave Nicholson mimics keyboard clacking noises) and everything done. >> Right. >> Are there individuals who are doing things like that or are these typically very well organized? >> That's a great question. And I think it's an important one to ask and it's both it tends to be more, the bigger groups. There are some one-off ones where it's one or two people. Sometimes they get big. Sometimes they get small. One of the big challenges. Have you heard of ransomware as a service? >> Of course. Oh my God. Any knucklehead can be a ransomwarist. >> Exactly. So we don't track those knuckleheads as much unless they get onto our radar somehow, they're conducting a lot of operations against our customers or something like that. But what we do track is that ransomware as a service platform because the affiliates, the people that are using it they come, they go and, you know, it could be they're only there for a period of time. Sometimes they move between different ransomware services, right? They'll use the one that's most useful for them that that week or that month, they're getting the best rate because it's rev sharing. They get a percentage that platform gets percentage of the ransom. So, you know, they negotiate a better deal. They might move to a different ransomware platform. So that's really hard to track. And it's also, you know, I think more important for us to understand the platform and the technology that is being used than the individual that's doing it. >> Yeah. Makes sense. Alright, let's talk about the big four. China, Iran, North Korea, and Russia. Tell us about, you know, how you monitor these folks. Are there different signatures for each? Can you actually tell, you know based on the hack who's behind it? >> So yeah, it starts off, you know motivation is a huge factor. China conducts espionage, they do it for diplomatic purposes. They do it for military and political purposes. And they do it for economic espionage. All of these things map to known policies that they put out, the Five Year Plan, the Made in China 2025, the Belt and Road Initiative, it's all part of their efforts to become a regional and ultimately a global hegemon. >> They're not stealing nickels and dimes. >> No they're stealing intellectual property. They're stealing trade secrets. They're stealing negotiation points. When there's, you know a high speed rail or something like that. And they use a set of tools and they have a set of behaviors and they have a set of infrastructure and a set of targets that as we look at all of these things together we can derive who they are by motivation and the longer we observe them, the more data we get, the more we can get that attribution. I could tell you that there's X number of Chinese threat groups that we track under Panda, right? And they're associated with the Ministry of State Security. There's a whole other set. That's too associated with the People's Liberation Army Strategic Support Force. So, I mean, these are big operations. They're intelligence agencies that are operating out of China. Iran has a different set of targets. They have a different set of motives. They go after North American and Israeli businesses right now that's kind of their main operation. And they're doing something called hack and lock and leak. With a lock and leak, what they're doing is they're deploying ransomware. They don't care about getting a ransom payment. They're just doing it to disrupt the target. And then they're leaking information that they steal during that operation that brings embarrassment. It brings compliance, regulatory, legal impact for that particular entity. So it's disruptive >> The chaos creators that's.. >> Well, you know I think they're trying to create a they're trying to really impact the legitimacy of some of these targets and the trust that their customers and their partners and people have in them. And that is psychological warfare in a certain way. And it, you know is really part of their broader initiative. Look at some of the other things that they've done they've hacked into like the missile defense system in Israel, and they've turned on the sirens, right? Those are all things that they're doing for a specific purpose, and that's not China, right? Like as you start to look at this stuff, you can start to really understand what they're up to. Russia very much been busy targeting NATO and NATO countries and Ukraine. Obviously the conflict that started in February has been a huge focus for these threat actors. And then as we look at North Korea, totally different. They're doing, there was a major crypto attack today. They're going after these crypto platforms, they're going after DeFi platforms. They're going after all of this stuff that most people don't even understand and they're stealing the crypto currency and they're using it for revenue generation. These nuclear weapons don't pay for themselves, their research and development don't pay for themselves. And so they're using that cyber operation to either steal money or steal intelligence. >> They need the cash. Yeah. >> Yeah. And they also do economic targeting because Kim Jong Un had said back in 2016 that they need to improve the lives of North Koreans. They have this national economic development strategy. And that means that they need, you know, I think only 30% of North Korea has access to reliable power. So having access to clean energy sources and renewable energy sources, that's important to keep the people happy and stop them from rising up against the regime. So that's the type of economic espionage that they're conducting. >> Well, those are the big four. If there were big five or six, I would presume US and some Western European countries would be on there. Do you track, I mean, where United States obviously has you know, people that are capable of this we're out doing our thing, and- >> So I think- >> That defense or offense, where do we sit in this matrix? >> Well, I think the big five would probably include eCrime. We also track India, Pakistan. We track actors out of Columbia, out of Turkey, out of Syria. So there's a whole, you know this problem is getting worse over time. It's proliferating. And I think COVID was also, you know a driver there because so many of these countries couldn't move human assets around because everything was getting locked down. As machine learning and artificial intelligence and all of this makes its way into the cameras at border and transfer points, it's hard to get a human asset through there. And so cyber is a very attractive, cheap and deniable form of espionage and gives them operational capabilities, not, you know and to your question about US and other kind of five I friendly type countries we have not seen them targeting our customers. So we focus on the threats that target our customers. >> Right. >> And so, you know, if we were to find them at a customer environment sure. But you know, when you look at some of the public reporting that's out there, the malware that's associated with them is focused on, you know, real bad people, and it's, it's physically like crypted to their hard drive. So unless you have sensor on, you know, an Iranian or some other laptop that might be target or something like that. >> Well, like Stuxnet did. >> Yeah. >> Right so. >> You won't see it. Right. See, so yeah. >> Well Symantec saw it but way back when right? Back in the day. >> Well, I mean, if you want to go down that route I think it actually came from a company in the region that was doing the IR and they were working with Symantec. >> Oh, okay. So, okay. So it was a local >> Yeah. I think Crisis, I think was the company that first identified it. And then they worked with Symantec. >> It Was, they found it, I guess, a logic controller. I forget what it was. >> It was a long time ago, so I might not have that completely right. >> But it was a seminal moment in the industry. >> Oh. And it was a seminal moment for Iran because you know, that I think caused them to get into cyber operations. Right. When they realized that something like that could happen that bolstered, you know there was a lot of underground hacking forums in Iran. And, you know, after Stuxnet, we started seeing that those hackers were dropping their hacker names and they were starting businesses. They were starting to try to go after government contracts. And they were starting to build training offensive programs, things like that because, you know they realized that this is an opportunity there. >> Yeah. We were talking earlier about this with Shawn and, you know, in the nuclear war, you know the Cold War days, you had the mutually assured destruction. It's not as black and white in the cyber world. Right. Cause as, as Robert Gates told me, you know a few years ago, we have a lot more to lose. So we have to be somewhat, as the United States, careful as to how much of an offensive posture we take. >> Well here's a secret. So I have a background on political science. So mutually assured destruction, I think is a deterrent strategy where you have two kind of two, two entities that like they will destroy each other if they so they're disinclined to go down that route. >> Right. >> With cyber I really don't like that mutually assured destruction >> That doesn't fit right. >> I think it's deterrents by denial. Right? So raising the cost, if they were to conduct a cyber operation, raising that cost that they don't want to do it, they don't want to incur the impact of that. Right. And think about this in terms of a lot of people are asking about would China invade Taiwan. And so as you look at the cost that that would have on the Chinese military, the POA, the POA Navy et cetera, you know, that's that deterrents by denial, trying to, trying to make the costs so high that they don't want to do it. And I think that's a better fit for cyber to try to figure out how can we raise the cost to the adversary if they operate against our customers against our enterprises and that they'll go someplace else and do something else. >> Well, that's a retaliatory strike, isn't it? I mean, is that what you're saying? >> No, definitely not. >> It's more of reducing their return on investment essentially. >> Yeah. >> And incenting them- disincening them to do X and sending them off somewhere else. >> Right. And threat actors, whether they be criminals or nation states, you know, Bruce Lee had this great quote that was "be like water", right? Like take the path of least resistance, like water will. Threat actors do that too. So, I mean, unless you're super high value target that they absolutely have to get into by any means necessary, then if you become too hard of a target, they're going to move on to somebody that's a little easier. >> Makes sense. Awesome. Really appreciate your, I could, we'd love to have you back. >> Anytime. >> Go deeper. Adam Myers. We're here at Fal.Con 22, Dave Vellante, Dave Nicholson. We'll be right back right after this short break. (bouncy music plays)

(upbeat music) >> We're back in Boston, theCUBE's coverage of Re:Inforce 2022. My name is Dave Vellante. Dave Hatfield is here. He's the co-CEO of Lacework. Dave, great to see again. Hat. >> Thanks Dave. >> Do you still go by Hat? >> Hat is good for me. (Dave V laughing) >> All right cool. >> When you call me David, I'm in trouble for something. (Dave V Laughing) So just call me Hat for now. >> Yeah, like my mom, David Paul. >> Exactly. >> All right. So give us the update. I mean, you guys have been on a tear. Obviously the Techlash, >> Yep. >> I mean, a company like yours, that has raised so much money. You got to be careful. But still, I'm sure you're not taking the foot off the gas. What's the update? >> Yeah no. We were super focused on our mission. We want to de deliver a cloud security for everybody. Make it easier for developers and builders, to do their thing. And we're fortunate to be in a situation, where people are in the early innings of moving into the cloud, you know. So our customers, largely digital natives. And now increasingly cloud migrants, are recognizing that in order to build fast, you know, in the cloud, they need to have a different approach to security. And, you know, it used to be that you're either going be really secure or really fast. And we wanted to create a platform that allowed you to have both. >> Yeah. So when you first came to theCUBE, you described it. We are the first company. And at the time, I think you were the only company, thinking about security as a data problem. >> Yeah. >> Explain what that means. >> Well, when you move to the cloud, you know, there's literally a quintillion data sets, that are out there. And it's doubling every several days or whatever. And so it creates a massive problem, in that the attack surface grows. And different than when you're securing a data center or device, where you have a very fixed asset, and you kind of put things around it and you kind of know how to do it. When you move to the shared ephemeral massive scale environment, you can't write rules, and do security the way you used to do it, for a data centers and devices. And so the insight for us was, the risk was the data, the upside was the data, you know? And so if you can harness all of this data, ingest it, process it, contextualize it, in the context of creating a baseline of what normal is for a company. And then monitor it constantly in real time. Figure out, you know, identify abnormal activity. You can deliver a security posture for a company, unlike anything else before. Because it used to be, you'd write a rule. You have a known adversary or a bad guy that's out there, and you constantly try and keep up with them for a very specific attack service. But when you move to the cloud, the attack service is too broad. And so, the risk of the massive amount of data, is also the solution. Which is how do you harness it and use it with machine learning and AI, to solve these problems. >> So I feel like for CISOs, the cloud is now becoming the first line of defense. >> Yep. The CISOs is now the second line. Maybe the auditing is the third line. I don't know. >> Yeah. >> But, so how do you work with AWS? You mentioned, you know, quadrillion. We heard, I think it was Steven Schmidt, who talked about in his keynote. A quadrillion, you know, data points of a month or whatever it was. That's 15 zeros. Mind boggling. >> Yeah. >> How do you interact with AWS? You know, where's your data come from? Are you able to inspect that AWS data? Is it all your own kind of first party data? How does that all work? >> Yeah, so we love AWS. I mean we ultimately, we started out our company building our own service, you know, on AWS. We're the first cloud native built on the cloud, for the cloud, leveraging data and harnessing it. So AWS enabled us to do that. And partners like Snowflake and others, allowed us to do that. But we are a multi-cloud solution too. So we allow builders and customers, to be able to have choice. But we'd go deep with AWS and say, the shared responsibility model they came up with. With partners and themselves to say, all right, who ultimately owns security? Like where is the responsibility? And AWS does a great job on database storage, compute networking. The customer is responsible for the OS, the platform, the workloads, the applications, et cetera, and the data. And that's really where we come in. And kind of help customers secure their posture, across all of their cloud environments. And so we take a cloud trail data. We look at all of the network data. We look at configuration data. We look at rules based data and policies, that customers might have. Anything we can get our hands on, to be able to ingest into our machine learning models. And everybody knows, the more data you put into a machine learning model, the finer grain it's going to be. The more insightful and the more impactful it's going to be. So the really hard computer science problem that we set out to go do seven years ago, when we founded the company, was figure out a way to ingest, process, and contextualize mass amounts of data, from multiple streams. And the make sense out of it. And in the traditional way of protecting customers' environments, you know, you write a rule, and you have this linear sort of connection to alerts. And so you know, if you really want to tighten it down and be really secure, you have thousands of alerts per day. If you want to move really fast and create more risk and exposure, turn the dial the other way. And you know, we wanted to say, let's turn it all the way over, but maintain the amount of alerts, that really are only the ones that they need to go focus on. And so by using machine learning and artificial intelligence, and pulling all these different disparate data systems into making sense of them, we can take, you know, your alert volume from thousands per day, to one or two high fidelity critical alerts per day. And because we know the trail, because we're mapping it through our data graph, our polygraph data platform, the time to remediate a problem. So figure out the needle in the haystack. And the time to remediate is 90, 95% faster, than what you have to do on your own. So we want to work with AWS, and make it really easy for builders to use AWS services, and accelerate their consumption of them. So we were one of the first to really embrace Fargate and Graviton. We're embedded in Security Hub. We're, you know, embedded in all of the core platforms. We focus on competencies, you know. So, you know, we got container competency. We've got security and compliance competencies. And we really just want to continue to jointly invest with AWS. To deliver a great customer outcome and a really integrated seamless solution. >> I got a lot to unpack there. >> Okay. >> My first question is, what you just described, that needle in the haystack. You're essentially doing that in near real time? >> Yep. >> Or real time even, with using AI inferencing. >> Yeah. >> Describe it a little better. >> You're processing all of this data, you know, how do you do so efficiently? You know. And so we're the fastest. We do it in near real time for everything. And you know, compared to our competitors, that are doing, you know, some lightweight side scanning technology, and maybe they'll do a check or a scan once a day or twice a day. Well, the adversaries aren't sleeping, you know, over the other period of time. So you want to make it as near real time as you can. For certain applications, you know, you get it down into minutes. And ideally over time, you want to get it to actual real time. And so there's a number of different technologies that we're deploying, and that we're putting patents around. To be able to do as much data as you possibly can, as fast as you possibly can. But it varies on the application of the workload. >> And double click in the technology. >> Yeah. >> Like tell me more about it. What is it? Is it a purpose-built data store? >> Yeah. Is it a special engine? >> Yeah. There's two primary elements to it. The first part is the polygraph data platform. And this is this ingestion engine, the processing engine, you know, correlation engine. That has two way APIs, integrates into your workflows, ingests as much data as we possibly can, et cetera. And unifies all the data feeds that you've got. So you can actually correlate and provide context. And security now in the cloud, and certainly in the future, the real value is being able to create context and correlate data across the board. And when you're out buying a bunch of different companies, that have different architectures, that are all rules based engines, and trying to stitch them together, they don't talk to each other. And so the hard part first, that we wanted to go do, was build a cloud native platform, that was going to allow us to build applications, that set on top of it. And that, you know, handled a number of different security requirements. You know, behavior based threat detection, obviously is one of the first services that we offered, because we're correlating all this data, and we're creating a baseline, and we're figuring out what normal is. Okay, well, if your normal behavior is this. What's abnormal? So you can catch not only a known bad threat, you know, with rules, et cetera, that are embedded into our engines, but zero day threats and unknown unknowns. Which are the really scary stuff, when you're in the cloud. So, you know, we've got, you know, application, you know, for behavioral threat detection. You have vulnerability management, you know. Where you're just constantly figuring out, what vulnerabilities do I have across my development cycle and my run time cycle, that I need to be able to keep up on, and sort of patch and remediate, et cetera. And then compliance. And as you're pulling all these data points in, you want to be able to deliver compliance reports really efficiently. And the Biden Administration, you know, is issuing, you know, all of these, you know, new edicts for regulations. >> Sure. Obviously countries in, you know, in Europe. They have been way ahead of the US, in some of these regulations. And so they all point to a need for continuous monitoring of your cloud environment, to ensure that you're, you know, in real time, or near real time complying with the environments. And so being able to hit a button based on all of this data and, you know, deliver a compliance report for X regulation or Y regulation, saves a lot of time. But also ensures customers are secure. >> And you mentioned your multi-cloud, so you started on AWS. >> Yeah. >> My observation is that AWS isn't out trying to directly, I mean, they do some monetization of their security, >> Yep. >> But it's more like security here it is, you know. Use it. >> Yeah. >> It comes with the package. Whereas for instance, take Microsoft for example, I mean, they have a big security business. I mean, they show up in the spending surveys. >> Yeah. >> Like wow, off the charts. So sort of different philosophies there. But when you say you're Multicloud, you're saying, okay, you run on AWS. Obviously you run on Azure. You run on GCP as well. >> Yeah. Yep. >> We coin this term, Supercloud, Dave. It's it's like Multicloud 2.0. The idea is it's a layer above the clouds, that hides the underlying complexity. >> Yep. >> You mentioned Graviton. >> Yep. >> You worry about Graviton. Your customer don't, necessarily. >> We should be able to extract that. >> Right. But that's going to be different than what goes on Microsoft. With Microsoft primitives or Google primitives. Are you essentially building a Supercloud, that adds value. A layer, >> Yeah. >> on top of those Hyperscalers. >> Yeah. >> Or is it more, we're just going to run within each of those individual environments. >> Yeah. No we definitely want to build the Security OS, you know, that sort of goes across the Supercloud, as you talk about. >> Yeah. >> I would go back on one thing that you said, you know, if you listen to Andy or Adam now, talk about AWS services, and all the future growth that they have. I mean, security is job one. >> Yeah. Right, so AWS takes security incredibly seriously. They need to. You know, they want to be able to provide confidence to their customers, that they're going to be able to migrate over safely. So I think they do care deeply it. >> Oh, big time. >> And are delivering a number of services, to be able to do it for their customers,. Which is great. We want to enhance that, and provide Multicloud flexibility, deeper dives on Kubernetes and containers, and just want to stay ahead, and provide an option for companies. You know, when you're operating in AWS, to have better or deeper, more valuable, more impactful services to go layer on top. >> I see. >> And then provide the flexibility, like you said, of, hey look, I want to have a consistent security posture across all of my clouds. If I choose to use other clouds. And you don't, the schema are different on all three. You know, all of the protocols are different, et cetera. And so removing all of that complexity. I was just talking with the CISO at our event last night, we had like 300 people at this kind of cocktail event. Boston's pretty cool in the summertime. >> Yeah. Boston in July is great. >> It's pretty great. They're like going, look, we don't want to hire a Azure specialist, and a AWS specialist, and you know, a GCP specialist. We don't want to have somebody that is deep on just doing container security, or Kubernetes security. Like we want you to abstract all of that. Make sense of it. Stay above it. Continue to innovate. So we can actually do what we want to do. Which is, we want to build. We want to build fast. Like the whole point here, is to enable developers to do their job without restriction. And they intuitively want to have, and build secure applications. And, you know, because they recognize the importance of it. But if it slows them down. They're not going to do it. >> Right. >> And so we want to make that as seamless as possible, on top of AWS. So their developers feel confident. They can move more and more applications over. >> So to your point about AWS, I totally agree. I mean, security's job one. I guess the way I would say it is, from a monetization standpoint. >> Yeah. >> My sense is AWS, right now anyway, is saying we want the ecosystem, >> Yeah. >> to be able to monetize. >> Yeah. >> We're going to leave that meat on the bone for those guys. Whereas Microsoft is, they sometimes, they're certainly competitive with the ecosystem, sometimes. End point. >> Yeah. >> They compete with CrowdStrike. There's no question about it. >> Yeah. >> Are they competitive with you in some cases? Or they're not there yet. Are you different. >> Go talk to George, about what he thinks about CrowdStrike and I, versus Microsoft. (Dave V laughing) >> Well, yeah. (Dave H laughing) A good point in terms of the depth of capability. >> Yeah. >> But there's definitely opportunities for the ecosystem there as well. >> Yeah. But I think on certain parts of that, there are more, there's higher competitiveness, than less. I think in the cloud, you know, having flexibility and being open, is kind of core to the cloud's premise. And I think all three of the Hyperscalers, want to provide a choice for customers. >> Sure. >> And they want to provide flexibility. They obviously, want to monetize as much as they possibly can too. And I think they have varying strategies of those. And I do think AWS is the most open. And they're also the biggest. And I think that bodes well for what the marketplace really wants. You know, if you are a customer, and you want to go all in for everything, with one cloud. All right, well then maybe you use their security stack exclusively. But that's not the trend on where we're going. And we're talking about a $154 billion market, growing at, you know, 15% for you. It's a $360 billion market. And one of the most fragmented in tech. Customers do want to consolidate on platforms. >> Absolutely. >> If they can consolidate on CSPs, or they consolidate on the Supercloud, I'm going to steal that from you, with the super cloud. You know, to be able to, you know, have a consistent clarity posture, for all of your workloads, containers, Kubernetes, applications, across multiple clouds. That's what we think customers want. That's what we think customers need. There's opportunity for us to build a really big, iconic security business as well. >> I'm going to make you laugh. Because, so AWS doesn't like the term Supercloud. And the reason is, because it implies that they're the infrastructure, kind of commodity layer. And my response is, you'll appreciate this, is Pure Storage has 70% gross margin. >> Yeah. Yep. >> Right. Look at Intel. You've got Graviton. You control, you can have Intel, like gross margin. So maybe, your infrastructure. But it's not necessarily commodity, >> Yeah. >> But it leaves, to me, it leaves the ecosystem value. Companies like Lacework. >> Amazon offers 220 something services, for customers to make their lives easier. There's all kinds of ways, where they're actually focusing on delivering value, to their customers that, you know, is far from commodity and always will be. >> Right. >> I think when it comes to security, you're going to have, you're going to need security in your database. Your storage. Your network compute. They do all of that, you know, monetize all of that. But customers also want to, you know, be able to have a consistent security posture, across the Supercloud. You know, I mean, they don't have time. I think security practitioners, and security hiring in general, hasn't had unemployment for like seven or 10 years. It's the hardest place to find quality people. >> Right. >> And so our goal, is if we can up level and enable security practitioners, and DevSecOps teams, to be able to do their job more efficiently, it's a good thing for them. It's a win for them. And not having to be experts, on all of these different environments, that they're operating in. I think is really important. >> Here's the other thing about Supercloud. And I think you'll appreciate this. You know, Andreesen says, all companies are software companies. Well, all companies are becoming SAS and Cloud companies. >> Yeah. >> So you look at Capital One. What they're doing with on Snowflake. You know, Goldman what they're doing with AWS. Oracle by Cerner, you know that. So industries, incumbents, are building their own Superclouds. They don't want to deal with all this crap. >> Yeah. >> They want to add their own value. Their own tools. Their own software. And their own data. >> Yeah. >> And actually serve their specific vertical markets. >> Yeah. A hundred percent. And they also don't want tools, you know. >> Right. >> I think when you're in the security business. It's so fragmented, because you had to write a rule for everything, and they were super nuanced. When you move to a data driven approach, and you actually have a platform, that removes the need to actually have very nuanced, specific expertise across all these different. Because you're combining it into your baseline and understanding it. And so, customers want to move from, you know, one of the biggest banks in North America, has 550 different point solutions for security. Thousands of employees to go manage all of this. They would love to be able to consolidate around a few platforms, that integrate the data flows, so they can correlate value across it. And this platform piece is really what differentiates our approach. Is that we already have that built. And everybody else is sort of working backwards from Legacy approaches, or from a acquired companies. We built it natively from the ground up. Which we believe gives us an advantage for our customers. An advantage of time to market speed, efficacy, and a much lower cost. Because you can get rid of a bunch of point solutions in the process. >> You mentioned Devs. Did you, you know, that continuous experience across clouds. >> Yep. >> Do you have like the equivalent of a Super PAs layer, that is specific to your use case? Or are you kind of using, I mean, I know you use off the shelf tooling, >> Yep. >> you allow your developers to do so, but is, is the developer experience consistent across the clouds? That's really what I'm asking? >> Well, I think it is. I mean, I was talking to another CEO of a company, you know, on the floor here, and it's focusing on the build side. You know we focus on both the build and the run time. >> Right. >> And we were talking about, you know, how many different applications, or how fragmented the developer experience is, with all the different tools that they have. And it's phenomenal. I mean, like this, either through acquisition or by business unit. And developers, like to have choice. Like they don't like to be told what to do or be standardized, you know, by anybody. Especially some compliance organization or security organization. And so, it's hard for them to have a consistent experience, that they're using a bunch of different tools. And so, yeah. We want to be able to integrate into whatever workload, a workflow a customer uses, in their Dev cycle, and then provide consistent security on top of it. I mean, for our own company, you know, we got about a thousand people. And a lot of them are developers. We want to make it as consistent as we possibly can, so they can build code, to deliver security efficacy, and new applications and new tools for us. So I think where you can standardize and leverage a platform approach, it's always going to be better. But the reality is, especially in large existing companies. You know, they've got lots of different tools. And so you need to be able to set above it. Integrate with it and make it consistent. And security is one of those areas, where having a consistent view, a consistent posture, a consistent read, that you can report to the board, and know that your efficacy is there. Whatever environment you're in. Whatever cloud you're on. Is super, super critical. >> And in your swim lane, you're providing that consistency, >> Yep. >> for Devs. But you're right. You've got to worry about containers. You got to worry about the run time. You got to worry about the platform. The DevSecOps team is, you know, becoming the new line of defense, right? I mean, security experts. >> Absolutely. Well, we have one customer, that we just have been working with for four years ago. And it's, you know, a Fortune, a Global 2000 company. Bunch of different industries grew through acquisition, et cetera. And four years ago, their CTO said, we're moving to the cloud. Because we want to drive efficiency and agility, and better service offerings across the board. And so he has engineering. So he has Dev, you know. He has operations. And he has security teams. And so organizationally, I think that'll be the model, as companies do follow entries in to sort of, you know, quote. Become software companies and move on their digital journeys. Integrating the functions of DevSecOps organizationally, and then providing a platform, and enabling platform, that makes their jobs easier for each of those personas. >> Right. >> Is what we do. You want to enable companies to shift left. And if you can solve the problems in the code, on the front end, you know, before it gets out on the run time. You're going to solve, you know, a lot of issues that exist. Correlating the data, between what's happening in your runtime, and what's happening in your build time, and being able to fix it in near realtime. And integrate with those joint workflows. We think is the right answer. >> Yeah. >> Over the long haul. So it's a pretty exciting time. >> Yeah. Shift left, ops team shield right. Hat, great to see you again. >> Good to see you, Dave. >> Thanks so much for coming on theCUBE. >> Thanks a lot. >> All Right. Keep it right there. We'll be back. Re:Inforce 2022. You're watching theCUBE from Boston. (calming music)

(electronic music) >> Hello everybody, welcome back to Boston. This is Dave Vellante and you're watching theCUBE's continuous coverage of AWS re:Inforce 2022. We're here at the convention center in Boston where theCUBE got started in May of 2010. I'm really excited. Lena Smart is here, she's the chief information security officer at MongoDB rocket ship company We covered MongoDB World earlier this year, June, down in New York. Lena, thanks for coming to theCUBE. >> Thank you for having me. >> You're very welcome, I enjoyed your keynote yesterday. You had a big audience, I mean, this is a big deal. >> Yeah. >> This is the cloud security conference, AWS, putting its mark in the sand back in 2019. Of course, a couple of years of virtual, now back in Boston. You talked in your keynote about security, how it used to be an afterthought, used to be the responsibility of a small group of people. >> Yeah. >> You know, it used to be a bolt on. >> Yep. >> That's changed dramatically and that change has really accelerated through the pandemic. >> Yep. >> Just describe that change from your perspective. >> So when I started at MongoDB about three and a half years ago, we had a very strong security program, but it wasn't under one person. So I was their first CISO that they employed. And I brought together people who were already doing security and we employed people from outside the company as well. The person that I employed as my deputy is actually a third time returnee, I guess? So he's worked for, MongoDB be twice before, his name is Chris Sandalo, and having someone of that stature in the company is really helpful to build the security culture that I wanted. That's why I really wanted Chris to come back. He's technically brilliant, but he also knew all the people who'd been there for a while and having that person as a trusted second in command really, really helped me grow the team very quickly. I've already got a reputation as a strong female leader. He had a reputation as a strong technical leader. So us combined is like indestructible, we we're a great team. >> Is your scope of responsibility, obviously you're protecting Mongo, >> Yeah. >> How much of your role extends into the product? >> So we have a product security team that report into Sahir Azam, our chief product officer. I think you even spoke to him. >> Yeah, he's amazing. >> He's awesome, isn't he? He's just fabulous. And so his team, they've got security experts on our product side who are really kind of the customer facing. I'm also to a certain extent customer facing, but the product folks are the absolute experts. They will listen to what our customers need, what they want, and together we can then work out and translate that. I'm also responsible for governance risk and compliance. So there's a large portion of our customers that give us input via that program too. So there's a lot of avenues to allow us to facilitate change in the security field. And I think that's really important. We have to listen to what our customers want, but also internally. You know, what our internal groups need as well to help them grow. >> I remember last year, Re:invent 2021, I was watching a talk on security. It was the, I forget his name, but it was the individual who responsible for data center security. And one of the things he said was, you know, look it's not at the end of the day, the technology's important but it's not the technology. It's how you apply the tools and the practices and the culture- >> Right. That you build in the organization that will ultimately determine how successful you are at decreasing the ROI for the bad guys. >> Yes. >> Let's put it that way. So talk about the challenges of building that culture, how you go about that, and how you sustain that cultural aspect. >> So, I think having the security champion program, so that's just, it's like one of my babies, that and helping underrepresented groups in MongoDB kind of get on in the tech world are both really important to me. And so the security champion program is purely voluntary. We have over a hundred members. And these are people, there's no bar to join. You don't have to be technical. If you're an executive assistant who wants to learn more about security, like my assistant does, you're more than welcome. Up to, we actually people grade themselves, when they join us, we give them a little tick box. Like five is, I walk in security water. One is, I can spell security but I'd like to learn more. Mixing those groups together has been game changing for us. We now have over a hundred people who volunteer their time, with their supervisors permission, they help us with their phishing campaigns, testing AWS tool sets, testing things like queryable encryption. I mean, we have people who have such an in-depth knowledge in other areas of the business that I could never learn, no matter how much time I had. And so to have them- And we have people from product as security champions as well, and security, and legal, and HR, and every department is recognized. And I think almost every geographical location is also recognized. So just to have that scope and depth of people with long tenure in the company, technically brilliant, really want to understand how they can apply the cultural values that we live with each day to make our security program stronger. As I say, that's been a game changer for us. We use it as a feeder program. So we've had five people transfer from other departments into the security and GRC teams through this Champions program. >> Makes a lot of sense. You take somebody who walks on water in security, mix them with somebody who really doesn't know a lot about it but wants to learn and then can ask really basic questions, and then the experts can actually understand better how to communicate. >> Absolutely. >> To that you know that 101 level. >> It's absolutely true. Like my mom lives in her iPad. She worships her iPad. Unfortunately she thinks everything on it is true. And so for me to try and dumb it down, and she's not a dumb person, but for me to try and dumb down the message of most of it's rubbish, mom, Facebook is made up. It's just people telling stories. For me to try and get that over to- So she's a one, and I might be a five, that's hard. That's really hard. And so that's what we're doing in the office as well. It's like, if you can explain to my mother how not everything on the internet is true, we're golden. >> My mom, rest her soul, when she first got a- we got her a Macintosh, this was years and years and years ago, and we were trying to train her over the phone, and said, mom, just grab the mouse. And she's like, I don't like mice. (Lena laughs) There you go. I know, I know, Lena, what that's like. Years ago, it was early last decade, we started to think about, wow, security really has to become a board level item. >> Yeah. >> And it really wasn't- 2010, you know, for certain companies. But really, and so I had the pleasure of interviewing Dr. Robert Gates, who was the defense secretary. >> Yes. >> We had this conversation, and he sits on a number, or sat on a number of boards, probably still does, but he was adamant. Oh, absolutely. Here's how you know, here. This is the criticality. Now it's totally changed. >> Right. >> I mean, it's now a board level item. But how do you communicate to the C-Suite, the board? How often do you do that? What do you recommend is the right regime? And I know there's not any perfect- there's got to be situational, but how do you approach it? >> So I am extremely lucky. We have a very technical board. Our chairman of the board is Tom Killalea. You know, Amazon alum, I mean, just genius. And he, and the rest of the board, it's not like a normal board. Like I actually have the meeting on this coming Monday. So this weekend will be me reading as much stuff as I possibly can, trying to work out what questions they're going to ask me. And it's never a gotcha kind of thing. I've been at board meetings before where you almost feel personally attacked and that's not a good thing. Where, at MongoDB, you can see they genuinely want us to grow and mature. And so I actually meet with our board four times a year, just for security. So we set up our own security meeting just with board members who are specifically interested in security, which is all of them. And so this is actually off cadence. So I actually get their attention for at least an hour once a quarter, which is almost unheard of. And we actually use the AWS memo format. People have a chance to comment and read prior to the meeting. So they know what we're going to talk about and we know what their concerns are. And so you're not going in like, oh my gosh, what what's going to happen for this hour? We come prepared. We have statistics. We can show them where we're growing. We can show them where we need more growth and maturity. And I think having that level of just development of programs, but also the ear of the board has has helped me mature my role 10 times. And then also we have the chance to ask them, well what are your other CISOs doing? You know, they're members of other boards. So I can say to Dave, for example, you know, what's so-and-so doing at Datadog? Or Tom Killelea, what's the CISO of Capital One doing? And they help me make a lot of those connections as well. I mean, the CISO world is small and me being a female in the world with a Scottish accent, I'm probably more memorable than most. So it's like, oh yeah, that's the Irish girl. Yeah. She's Scottish, thank you. But they remember me and I can use that. And so just having all those mentors from the board level down, and obviously Dev is a huge, huge fan of security and GRC. It's no longer that box ticking exercise that I used to feel security was, you know, if you heated your SOC2 type two in FinTech, oh, you were good to go. You know, if you did a HERC set for the power industry. All right, right. You know, we can move on now. It's not that anymore. >> Right. It's every single day. >> Yeah. Of course. Dev is Dev at the Chario. Dev spelled D E V. I spell Dave differently. My Dave. But, Lena, it sounds like you present a combination of metrics, so, the board, you feel like that's appropriate to dig into the metrics. But also I'm presuming you're talking strategy, potentially, you know, gaps- >> Road roadmaps, the whole nine yards. Yep. >> What's the, you know, I look at the budget scenario. At the macro level, CIOs have told us, they came into the year saying, hey we're going to grow spending at the macro, around eight percent, eight and a half percent. That's dialed down a little bit post Ukraine and the whole recession and Fed tightening. So now they're down maybe around six percent. So not dramatically lower, but still. And they tell us security is still the number one priority. >> Yes. >> That's been the case for many, many quarters, and actually years, but you don't have an unlimited budget. >> Sure >> Right. It's not like, oh, here is an open checkbook. >> Right. >> Lena, so, how does Mongo balance that with the other priorities in the organization, obviously, you know, you got to spend money on product, you got to spend money and go to market. What's the climate like now, is it, you know continuing on in 2022 despite some of the macro concerns? Is it maybe tapping the brakes? What's the general sentiment? >> We would never tap the breaks. I mean, this is something that's- So my other half works in the finance industry still. So we have, you know, interesting discussions when it comes to geopolitics and financial politics and you know, Dev, the chairman of the board, all very technical people, get that security is going to be taken advantage of if we're seeing to be tapping the brakes. So it does kind of worry me when I hear other people are saying, oh, we're, you know, we're cutting back our budget. We are not. That being said, you also have to be fiscally responsible. I'm Scottish, we're cheap, really frugal with money. And so I always tell my team: treat this money as if it's your own. As if it's my money. And so when we're buying tool sets, I want to make sure that I'm talking to the CISO, or the CISO of the company that's supplying it, and saying are you giving me the really the best value? You know, how can we maybe even partner with you as a database platform? How could we partner with you, X company, to, you know, maybe we'll give you credits on our platform. If you look to moving to us and then we could have a partnership, and I mean, that's how some of this stuff builds, and so I've been pretty good at doing that. I enjoy doing that. But then also just in terms of being fiscally responsible, yeah, I get it. There's CISOs who have every tool that's out there because it's shiny and it's new and they know the board is never going to say no, but at some point, people will get wise to that and be like, I think we need a new CISO. So it's not like we're going to stop spending it. So we're going to get someone who actually knows how to budget and get us what the best value for money. And so that's always been my view is we're always going to be financed. We're always going to be financed well. But I need to keep showing that value for money. And we do that every board meeting, every Monday when I meet with my boss. I mean, I report to the CFO but I've got a dotted line to the CTO. So I'm, you know, I'm one of the few people at this level that's got my feet in both camps. You know budgets are talked at Dev's level. So, you know, it's really important that we get the spend right. >> And that value is essentially, as I was kind of alluding to before, it's decreasing the value equation for the hackers, for the adversary. >> Hopefully, yes. >> Right? Who's the- of course they're increasingly sophisticated. I want to ask you about your relationship with AWS in this context. It feels like, when I look around here, I think back to 2019, there was a lot of talk about the shared responsibility model. >> Yes. >> You know, AWS likes to educate people and back then it was like, okay, hey, by the way, you know you got to, you know, configure the S3 bucket properly. And then, oh, by the way, there's more than just, it's not just binary. >> Right, right. >> There's other factors involved. The application access and identity and things like that, et cetera, et cetera. So that was all kind of cool. But I feel like the cloud is becoming the first line of defense for the CISO but because of the shared responsibility model, CISO is now the second line of defense >> Yes. Does that change your role? Does it make it less complicated in a way? Maybe, you know, more complicated because you now got to get your DevSecOps team? The developers are now much more involved in security? How is that shifting, specifically in the context of your relationship with AWS? >> It's honestly not been that much of a shift. I mean, these guys are very proactive when it comes to where we are from the security standpoint. They listen to their customers as much as we do. So when we sit down with them, when I meet with Steve Schmidt or CJ or you know, our account manager, its not a conversation that's a surprise to me when I tell them this is what we need. They're like, yep, we're on that already. And so I think that relationship has been very proactive rather than reactive. And then in terms of MongoDB, as a tech company, security is always at the forefront. So it's not been a huge lift for me. It's really just been my time that I've taken to understand where DevSecOps is coming from. And you know, how far are we shifting left? Are we actually shifting right now? It's like, you know, get the balance, right? You can't be too much to one side. But I think in terms of where we're teaching the developers, you know, we are a company by developers for developers. So, we get it, we understand where they're coming from, and we try and be as proactive as AWS is. >> When you obviously the SolarWinds hack was a a major mile- I think in security, there's always something in the headlines- >> Yes. But when you think of things like, you know, Stuxnet, you know, Log4J, obviously Solarwinds and the whole supply chain infiltration and the bill of materials. As I said before, the adversary is extremely capable and sophisticated and you know, much more automated. It's always been automated attacks, but you know island hopping and infiltrating and self-forming malware and really sophisticated techniques. >> Yep. >> How are you thinking about that supply chain, bill of materials from inside Mongo and ultimately externally to your customers? >> So you've picked on my third favorite topic to talk about. So I came from the power industry before, so I've got a lot of experience with critical infrastructure. And that was really, I think, where a lot of the supply chain management rules and regulations came from. If you're building a turbine and the steel's coming from China, we would send people to China to make sure that the steel we were buying was the steel we were using. And so that became the H bomb. The hardware bill of materials, bad name. But, you know, we remember what it stood for. And then fast forward: President Biden's executive order. SBOs front and center, cloud first front and center. It's like, this is perfect. And so I was actually- I actually moderated a panel earlier this year at Homeland Security Week in DC, where we had a sneak CISA, So Dr. Allen Friedman from CISA, and also Patrick Weir from OWASP for the framework, CISA for the framework as well, and just the general guidance, and Snake for the front end. That was where my head was going. And MongoDB is the back-end database. And what we've done is we've taken our work with Snake and we now have a proof of concept for SBOs. And so I'm now trying to kind of package that, if you like, as a program and get the word out that SBOs shouldn't be something to be afraid of. If you want to do business with the government you're going to have to create one. We are offering a secure repository to store that data, the government could have access to that repository and see that data. So there's one source of truth. And so I think SBOs is going to be really interesting. I know that, you know, some of my peers are like, oh, it's just another box to tick. And I think it's more than that. I definitely- I've just, there's something percolating in the back of my mind that this is going to be big and we're going to be able to use it to hopefully not stop things like another Log4j, there's always going to be another Log4j, we know that. we don't know everything, the unknown unknown, but at least if we're prepared to go find stuff quicker than we were then before Log4j, I think having SBOs on hand, having that one source of truth, that one repository, I think is going to make it so much easier to find those things. >> Last question, what's the CISO's number one challenge? Either yours or the CISO, generally. >> Keeping up with the fire hose that is security. Like, what do you pick tomorrow? And if you pick the wrong thing, what's the impact? So that's why I'm always networking and talking to my peers. And, you know, we're sometimes like meerkats, you know. there's meerkats, you see like this, it's like, what do we talk about? But there's always something to talk about. And you just have to learn and keep learning. >> Last question, part B. As a hot technology company, that's, you know, rising star, you know not withstanding the tech lash and the stock market- >> Yeah. >> But Mongo's growing, you know, wonderfully. Do you find it easier to attract talent? Like many CISOs will say, you know, lack of talent is my biggest, biggest challenge. Do you find that that's not the challenge for you? >> Not at all. I think on two fronts, one, we have the champions program. So we've got a whole internal ecosystem who love working there. So the minute one of my jobs goes on the board, they get first dibs at it. So they'd already phoning their friends. So we've got, you know, there's ripple effects out from over a hundred people internally. You know, I think just having that, that's been a game changer. >> I was so looking forward to interviewing you, Lena, thanks so much for coming. >> Thank you, this was a pleasure. >> It was really great to have you. >> Thank you so much. Thank you. >> You're really welcome. All right, keep it right there. This is Dave Villante for theCUBE. We'll be right back at AWS Re:inforce22 right after this short break.

>>EDR NDR, what are the differences, which one's better? Are they better together? Today's security stack contains a lot of different tools and types of data and fortunate, as you know, this creates data silos, which leads to vis visibility gaps. EDR is endpoint detection and response. It's designed to monitor and mitigate endpoint attacks, which are typically focused on computers and servers, NDR network detection, and response. On the other hand, monitors network traffic to gain visibility into potential or active cyber threats, delivering real time visibility across the broader network. One of the biggest advantages that NDR has over EDR is that bad actors can hide or manipulate endpoint data, pretty easily network data. On the other hand, much harder to manipulate because attackers and malware can avoid detection at the endpoint. NDR, as you're gonna hear is the only real source for reliable, accurate, and comprehensive data. >>All endpoints use the network to communicate, which makes your network data, the ultimate source of truth. My name is Lisa Martin, and today on the special cube presentation, Tom Binkowski senior director of product marketing at net scout, and I are gonna explore the trends and the vital reasons why relying upon EDR is not quite enough. We're also gonna share with you the growing importance of advanced NDR. Welcome to the series, the growing importance of advanced NDR in the first segment, Tom's gonna talk with me about the trends that are driving enterprise security teams to implement multiple cyber security solutions that enable greater visibility, greater protection. We're also gonna explore Gartner's concept of the security operations center, SOC visibility triad, and the three main data sources for visibility, SIM EDR and NDR in segment two, Tom. And I will talk about the role of NDR and how it overcomes the challenges of EDR as Tom's gonna discuss, as you'll hear EDR is absolutely needed, but as he will explain it, can't be solely relied upon for comprehensive cybersecurity. And then finally, we'll come back for a third and final segment to discuss why not all NDR is created equal. Tom's gonna unpack the features and the capabilities that are most important when choosing an NDR solution. Let's do this. Here comes our first segment. >>Hey, everyone kicking things off. This is segment one. I'm Lisa Martin with Tom Binowski, senior director of product marketing at nets scout. Welcome to the growing importance of advanced NDR. Tom, great to have you on the program, >>Glad to be here. >>So we're gonna be talking about the trends that are driving enterprise security teams to implement multiple cyber security solutions that really enable greater visibility and protection. And there are a number of factors that continue to expand the ECAC service for enterprise networks. I always like to think of them as kind of the spreading amorphously you shared had shared some stats with me previously, Tom, some cloud adoption stats for 2022 94% of all enterprises today use a cloud service and more than 60% of all corporate data is store in the cloud. So, Tom, what are some of the key trends that nets scout is seeing in the market with respect to this? >>Yeah, so just to continue that, you know, those stats that, that migration of workloads to the cloud is a major trend that we're seeing in that was exasperated by the pandemic, right along with working from home. Those two things are probably the most dramatic changes that we we see out there today. But along with that is also this growing sophistication of the network, you know, today, you know, your network environment, isn't a simple hub and spoke or something like that. It is a very sophisticated combination of, you know, high speed backbones, potentially up to a hundred gigabits combination with partner networks. You have, like we said, workloads up in, in private clouds, pub public clouds. So you have this hybrid cloud environment. So, and then you have applications that are multi-tiered, there are pieces and parts. And in all of that, some on your premise, some up in a private cloud, some on a public cloud, some actually pulling data off when you a customer network or potentially even a, a partner network. So really, really sophisticated environment today. And that's requiring this need for very comprehensive network visibility, not only for, for cybersecurity purposes, but also just to make sure that those applications and networks are performing as you have designed them. >>So when it comes to gaining visibility into cyber threats, I, you talked about the, the sophistication and it sounds like even the complexity of these networks, Gartner introduced the concept of the security operations, visibility triad, or the SOC visibility triad break that down for us. It consists of three main data sources, but to break those three main data sources down for us. >>Sure. So Gartner came out a few years ago where they were trying to, you know, summarize where do security operations team get visibility into threats and they put together a triad and the three sides of the trier consists of one, the SIM security information event manager, two, the endpoint or, or data that you get from EDR systems, endpoint detection, response systems. And the third side is the network or the data you get from network detection, response systems. And, you know, they didn't necessarily say one is better than the other. They're basically said that you need all three in order to have comprehensive visibility for cybersecurity purposes. >>So talk, so all, all three perspectives are needed. Talk about what each provides, what are the different perspectives on threat detection and remediation? >>Yeah. So let's start with the SIM, you know, that is a device that is gathering alerts or logs from all kinds of different devices all over your network. Be it routers servers, you know, firewalls IDs, or even from endpoint detection and network detection devices too. So it is, it is the aggregator or consumer of all those alerts. The SIM is trying to correlate those alerts across all those different data sources and, and trying to the best it can to bubble up potentially the highest priority alerts or drawing correlations and, and, and, and giving you some guidance on, Hey, here's something that we think is, is really of importance or high priority. Here's some information that we have across these disparate data sources. Now go investigate the disadvantage of the SIM is that's all it gives you is just these logs or, or, or information. It doesn't give you any further context. >>Like what happened, what is really happening at the end point? Can I get visibility into the, into the files that were potentially manipulated or the, the registry setting or what, what happened on the network? And I get visibility into the packet date or things like that. It that's, so that's where it ends. And, and that's where the, so there other two sides of the equation come in, the endpoint will give you that deeper visibility, endpoint detection response. It will look for known and or unknown threats, you know, at that endpoint, it'll give you all kinds of additional information that is occurring in endpoint, whether it be a registry setting in memory on the file, et cetera. But you know, one of, some of its disadvantages, it's really difficult because really difficult to deploy pervasive because it requires an agent and, you know, not all devices can accept an agent, but what it miss, what is lacking is the context on the network. >>So if I was an analyst and I started pursuing from my SIM, I went down to the end point and, and said, I wanna investigate this further. And I hit a, I hit a dead end from some sort, or I realize that the device that's potentially I should be alerted to, or should be concerned about is an IOT device that doesn't even have an agent on it. My next source of visibility is on the network and that's where NDR comes in. It, it sees what's traversing. The entire network provides you visibility into that from both a metadata and even a ultimately a packer perspective. And maybe, you know, could be deployed a little bit more strategically, but you know, it doesn't have the perspective of the endpoint. So you can see how each of these sort of compliments each other. And that's why, you know, Gartner said that, that you need 'em all, then they all play a role. They all have their pros and cons or advantage and disadvantages, but, you know, bringing them and using 'em together is, is the key. >>I wanna kinda dig into some of the, the EDR gaps and challenges, as you talked about as, as the things evolve and change the network, environment's becoming far more sophisticated and as well as threat actors are, and malware is. So can you crack that open more on some of the challenges that EDR is presenting? What are some of those gaps and how can organizations use other, other, other data sources to solve them? >>Yeah, sure. So, you know, again, just be clear that EDR is absolutely required, right? We, we need that, but as sort of these network environments get more complex, are you getting all kinds of new devices being put on the network that devices being brought into the network that may be, you didn't know of B Y O D devices you have, I T devices, you know, popping up potentially by the thousands in, in, in some cases when new applications or world that maybe can't accept an and endpoint detection or an EDR agent, you may have environments like ICS and skate environments that just, you can't put an endpoint agent there. However, those devices can be compromised, right? You have different environments up in the cloud or SaaS environments again, where you may not be able to deploy an endpoint agent and all that together leaves visibility gaps or gaps in, in, in the security operation triad. Right. And that is basically open door for exploitation >>Open door. Go ahead. Sorry. >>Yeah. And then, then you just have the malware and the, and the attackers getting more sophisticated. They, they have malware that can detect an EDR agent running or some anti malware agent running on device. And they'll simply avoid that and move on to the next one, or they know how to hide their tracks, you know, whether it be deleting files, registry, settings, things like that. You know, so it's, that's another challenge that, that, that just an agent faces. Another one is there are certain applications like my SQL that are, you know, have ministry administrative rights into certain parts of the windows operate system that EDR doesn't have visibility into another area that maybe EDR may not have visibility is, is, is in, you know, malware that tries to compromise, you know, hardware, especially like bios or something like that. So there's a number of challenges as sort of the whole network environment and sophistication of bad actors and malware increases. >>Ultimately, I think one of the things that, that we've learned, and, and we've heard from you in this segment, is that doing business in, in today's digital economy, demands, agility, table stakes, right? Absolutely essential corporate digital infrastructures have changed a lot in response to the dynamic environment, but its businesses are racing to the clouds. Dave Alane likes to call it the forced March to the cloud, expanding activities across this globally distributed digital ecosystem. They also sounds like need to reinvent cybersecurity to defend this continuously expanding threat surface. And for that comprehensive network, visibility is, as I think you were saying is really, really fundamental and more advanced network detection is, and responses required. Is that right? >>That's correct. You know, you know, we, we at ESCO, this is, this is where we come from. Our perspective is the network. It has been over for over 30 years. And, and we, as well as others believe that that network visibility, comprehensive network visibility is fundamental for cyber security as well as network performance and application analysis. So it, it, it's sort of a core competency or need for, for modern businesses today. >>Excellent. And hold that thought, Tom, cause in a moment, you and I are gonna be back to talk about the role of NDR and how it overcomes the challenges of EDR. You're watching the cube, the leader in enterprise tech coverage. Hey everyone, welcome back. This is segment two kicking things off I'm Lisa Martin with Tom Binkowski, senior director of product marketing at nets scout, Tom, great to have you back on the program. >>Good to be here. >>We're gonna be talking about the growing importance of advanced NDR in this series. In this segment specifically, Tom's gonna be talking about the role of NDR and how it overcomes the challenges of EDR. So Tom, one of the things that we talked about previously is one of the biggest advantages that NDR has over EDR is that bad actors can hide or manipulate endpoint data pretty easily, whereas network data, much harder to manipulate. So my question, Tom, for you is, is NDR the only real source for reliable, accurate, comprehensive data. >>I'm sure that's arguable, right? Depending on who you are as a vendor, but you know, it's, it's our, our answer is yes, NDR solutions also bring an analyst down to the packet level. And there's a saying, you know, the, the packet is the ultimate source or source of truth. A bad actor cannot manipulate a packet. Once it's on the wire, they could certainly manipulate it from their end point and then blast it out. But once it hits the wire, that's it they've lost control of it. And once it's captured by a network detection or, or network monitoring device, they can't manipulate it. They can't go into that packet store and, and manipulate those packets. So the ultimate source of truth is, is lies within that packet somewhere. >>Got you. Okay. So as you said in segment one EDR absolutely necessary, right. But you did point out it can't organizations can't solely rely on it for comprehensive cybersecurity. So Tom, talk about the benefits of, of this complimenting, this combination of EDR and NDR and, and how can that deliver more comprehensive cybersecurity for organizations? >>Yeah, so, so one of the things we talked about in the prior segment was where EDR, maybe can't be deployed and it's either on different types of devices like IOT devices, or even different environments. They have a tough time maybe in some of these public cloud environments, but that's where NDR can, can step in, especially in these public cloud environments. So I think there's a misconception out there that's difficult to get packet level or network visibility and public clouds like AWS or Azure or Google and so on. And that's absolutely not true. They have all kinds of virtual tapping capabilities that an NDR solution or network based monitoring solution could take advantage of. And one of the things that we know we spoke about before some of that growing trends of migrating workloads to the cloud, that's, what's driving that those virtual networks or virtual taps is providing visibility into the performance and security of those workloads. >>As they're migrated to public clouds, NDR can also be deployed more strategically, you know, prior segment talking about how the, in order to gain pervasive visibility with EDR, you have to deploy an agent everywhere agents can't be deployed everywhere. So what you can do with NDR is there's a lot fewer places in a network where you can strategically deploy a network based monitoring device to give you visibility into not only that north south traffic. So what's coming in and out of your network, but also the, the, the, the east west traffic too west traversing, you know, within your network environment between different points of your op your, your multi-tiered application, things like that. So that's where, you know, NDR has a, a, a little bit more advantage. So fewer points of points in the network, if you will, than everywhere on every single endpoint. And then, you know, NDR is out there continuously gathering network data. It's both either before, during, and even after a threat or an attack is, is detected. And it provides you with this network context of, of, you know, what's happening on the wire. And it does that through providing you access to, you know, layer two through layer seven metadata, or even ultimately packets, you know, the bottom line is simply that, you know, NDR is providing, as we said before, that that network context that is potentially missing or is missing in EDR. >>Can you talk a little bit about XDR that kind of sounds like a superhero name to me, but this is extended detection and response, and this is an evolution of EDR talk to us about XDR and maybe EDR NDR XDR is really delivering that comprehensive cybersecurity strategy for organizations. >>Yeah. So, you know, it's, it's interesting. I think there's a lot of confusion out there in the industry. What is, what is XDR, what is XDR versus an advanced SIM, et cetera. So in some cases, there are some folks that don't think it's just an evolution of EDR. You know, to me, XDR is taking, look at these, all these disparate data sources. So going back to our, when our first segment, we talked about the, the, the security operations center triad, and it has data from different perspectives, as we were saying, right? And XCR, to me is the, is, is trying to bring them all together. All these disparate data source sets or sources bring them together, conduct some level of analysis on that data for the analyst and potentially, you know, float to the top. The most, you know, important events are events that we, that you know, that the system deems high priority or most risky and so on. But as I, as I'm describing this, I know there are many advanced Sims out there trying to do this today too. Or they do do this today. So this there's this little area of confusion around, you know, what exactly is XDR, but really it is just trying to pull together these different sources of information and trying to help that analyst figure out, you know, what, where's the high priority event that's they should be looking at, >>Right? Getting those high priority events elevated to the top as soon as possible. One of the things that I wanted to ask you about was something that occurred in March of this year, just a couple of months ago, when the white house released a statement from president Biden regarding the nation's cyber security, it included recommendations for private companies. I think a lot of you are familiar with this, but the first set of recommendations were best practices that all organizations should already be following, right? Multifactor authentication, patching against known vulnerabilities, educating employees on the phishing attempts on how to be effective against them. And the next statement in the president's release, focus on data safety practices, also stuff that probably a lot of corporations doing encryption maintaining offline backups, but where the statement focused on proactive measures companies should take to modernize and improve their cybersecurity posture. It was vague. It was deploy modern security tools on your computers and devices to continuously look for and mitigate threats. So my question to you is how do, how do you advise organizations do that? Deploy modern security tools look for and mitigate threats, and where do the data sources, the SOC tri that we talked about NDR XDR EDR, where did they help fit into helping organizations take something that's a bit nebulous and really figure out how to become much more secure? >>Yeah, it was, it was definitely a little vague there with that, with that sentence. And also if you, if you, I think if, if you look at the sentence, deploy modern security tools on your computers and devices, right. It's missing the network as we've been talking about there, there's, there's a key, key point of, of reference that's missing from that, from that sentence. Right. But I think what they mean by deploying monitor security tools is, is really taking advantage of all these, these ways to gain visibility into, you know, the threats like we've been talking about, you're deploying advanced Sims that are pulling logs from all kinds of different security devices or, and, or servers cetera. You're, you're deploying advanced endpoint detection systems, advanced NDR systems. And so on, you're trying to use, you're trying to utilize XDR new technology to pull data from all those different sources and analyze it further. And then, you know, the other one we, we haven't even mentioned yet. It was the, so the security operation and automation, right. Response it's now, now what do we do? We've detected something, but now help me automate the response to that. And so I think that's what they mean by leveraging modern, you know, security tools and so on >>When you're in customer conversations, I imagine they're coming to, to Netscale looking for advice like what we just talked through the vagueness in that statement and the different tools that organizations can use. So when you're talking to customers and they're talking about, we need to gain visibility across our entire network, across all of our devices, from your perspective from net Scout's perspective, what does that visibility actually look like and deliver across an organization that does it well? >>Yeah, we, I mean, I think the simple way to put it is you need visibility. That is both broad and deep. And what I mean by broad is that you need visibility across your network, no matter where that network may reside, no matter what protocols it's running, what, you know, technologies is it, is it virtualized or, or legacy running in a hundred gigabits? Is it in a private cloud, a public cloud, a combination of both. So that broadness, meaning wherever that network is or whatever it's running, that's, that's what you need visibility into. It has to be able to support that environment. Absolutely. And the, the, absolutely when I, we talk about being deep it's, it has to get down to a packet level. It can't be, you know, as high as say, just looking at net flow records or something like that, that they are valuable, they have their role. However, you know, when we talk about getting deep, it has to ultimately get down to the packet level and that's, and we've said this in this time that it's ultimately that source of truth. So that, that's what that's, I think that's what we need. >>Got it. That that depth is incredibly important. Thanks so much, Tom, for talking about this in a moment, you and I are gonna be back, we're gonna be talking about why not all NDR is created equally, and Tom's gonna actually share with you some of the features and capabilities that you should be looking for when you're choosing an NDR solution. You're watching the cube, the leader in enterprise tech coverage, >>And we're clear. >>All right. >>10 45. Perfect. You guys are >>Okay. Good >>Cruising. Well, >>Welcome back everyone. This is segment three. I'm Lisa Martin with Tom gin. Kowski senior director of product marketing at nets scout. Welcome back to the growing importance of advanced NDR in this segment, Tom and I are gonna be talking about the fact that not all NDR is created equally. He's gonna impact the features, the capabilities that are most important when organizations are choosing an NDR solution. Tom, it's great to have you back on the program. >>Great, great to be here. >>So we've, we've covered a lot of content in the first two segments, but as we, as we see enterprises expanding their it infrastructure, enabling the remote workforce, which is here to stay leveraging the crowd cloud, driving innovation, the need for cybersecurity approaches and strategies that are far more robust and deep is really essential. But in response to those challenges, more and more enterprises are relying on NDR solutions that fill some of the gaps that we talked about with some of the existing tool sets in the last segment, we talked about some of the gaps in EDR solutions, how NDR resolves those. But we also know that not all NDR tools are created equally. So what, in your perspective, Tom are some of the absolutely fundamental components of NDR tools that organizations need to have for those tools to really be robust. >>Yeah. So we, we, we touched upon this a little bit in the previous segment when we talked about first and foremost, your NDR solution is providing you comprehensive network visibility that must support whatever your network environment is. And it should be in a single tool. It shouldn't have a one vendor per providing you, you know, network visibility in the cloud and another vendor providing network visibility in a local network. It should be a single NDR solution that provides you visibility across your entire network. So we also talked about it, not only does it need to be broadened like that, but also has to be deep too, eventually down to a packet level. So those are, those are sort of fundamental table stakes, but the NDR solution also must give you the ability to access a robust source of layer two or layer three metadata, and then ultimately give you access to, to packets. And then last but not least that solution must integrate into your existing cybersecurity stack. So in the prior segments, we talked a lot about, you know, the, the SIM, so that, that, that NDR solution must have the ability to integrate into that SIM or into your XDR system or even into your source system. >>Let's kind of double click on. Now, the evolution of NDR can explain some of the differences between the previous generations and advanced NDR. >>Yeah. So let's, let's start with what we consider the most fundamental difference. And that is solution must be packet based. There are other ways to get network visibility. One is using net flow and there are some NDR solutions that rely upon net flow for their source of, of, of visibility. But that's too shallow. You ultimately, you need to get deeper. You need to get down to a pack level and that's again where some, so, you know, you, you want to make sure that your NDR or advanced NDR solution is packet based. Number two, you wanna make sure that when you're pulling packets off the wire, you can do it at scale, that full line rate and in any environment, as we, as we spoke about previously, whether it be your local environment or a public cloud environment, number three, you wanna be able to do this when your traffic is encrypted. As we know a lot of, lot of not of network traffic is encrypted today. So you have the ability to have to have the ability to decrypt that traffic and then analyze it with your NDR system. >>Another, another, another one number four is, okay, I'm not just pulling packets off the wire, throwing full packets into a data storage someplace. That's gonna, you know, fill up a disc in a matter of seconds, right? You want the ability to extract a meaningful set of metadata from layer two to layer seven, the OSI model look at key metrics and conducting initial set of analysis, have the ability to index and compress that data, that metadata as well as packets on these local storage devices on, you know, so having the ability to do this packet capture at scale is really important, storing that packets and metadata locally versus up in a cloud to, you know, help with some compliance and, and confidentiality issues. And then, you know, last final least when we talk about integration into that security stack, it's multiple levels of integration. Sure. We wanna send alerts up into that SIM, but we also want the ability to, you know, work with that XDR system to, or that, that source system to drill back down into that metadata packets for further analysis. And then last but not least that piece of integration should be that there's a robust set of information that these NDR systems are pulling off the wire many times in more advanced mature organizations, you know, security teams, data scientists, et cetera. They just want access to that raw data, let them do their own analysis outside, say the user interface with the boundaries of a, of a vendor's user interface. Right? So have the ability to export that data too is really important and advance in the systems. >>Got it. So, so essentially that the, the, the breadth, the visibility across the entire infrastructure, the depth you mentioned going down to a packet level, the scale, the metadata encryption, is that what net scout means when you talk about visibility without borders? >>Yeah, exactly. You know, we, we have been doing this for over 30 years, pulling packets off of wire, converting them using patent technology to a robust set of metadata, you know, at, at full line rates up to a hundred in any network environment, any protocols, et cetera. So that, that's what we mean by that breadth. And in depth of visibility, >>Can you talk a little bit about smart detection if we say, okay, advanced NDR needs to deliver this threat intelligence, but it also needs to enable smart detection. What does net scout mean by that? >>So what you wanna make sure you have multiple methods of detection, not just a methods. So, you know, not just doing behavioral analysis or not just detecting threats based on known indicators or compromise, what you wanna wanna have multiple ways of detecting threats. It could be using statistical behavioral analysis. It could be using curated threat intelligence. It could be using, you know, open source signature engine, like from Sara COTA or other threat analytics, but to, but you also wanna make sure that you're doing this both in real time and have the ability to do it historically. So after a, a threat has been detected, for example, with another, with another product, say an EDR device, you now want the ability to drill into the data from the network that had occurred in, in, you know, prior to this. So historically you want the ability to comb through a historical set of metadata or packets with new threat intelligence that you've you've gathered today. I wanna be able to go back in time and look through with a whole new perspective, looking for something that I didn't know about, but you know, 30 days ago. So that's, that's what we, what we mean by smart detection. >>So really what organizations need is these tools that deliver a far more comprehensive approach. I wanna get into a little bit more on in integration. You talked about that in previous segments, but can you, can you give us an example of, of what you guys mean by smart integration? Is that, what does that deliver for organizations specifically? >>Yeah, we really it's three things. One will say the integration to the SIM to the security operations center and so on. So when, when an ed, when an NDR device detects something, have it send an alert to the SIM using, you know, open standards or, or, or like syslog standards, et cetera, the other direction is from the SIM or from the so, so one, you know, that SIM that, so is receiving information from many different devices that are, or detecting threats. The analyst now wants the ability to one determine if that's a true threat or not a false positive, if it is a true threat, you know, what help me with the remediation effort. So, you know, an example could be an alert comes into a SIM slash. So, and part of the playbook is to go out and grab the metadata packets associated with this alert sometime before and sometime after when that alert came in. >>So that could be part of the automation coming from the SIM slash. So, and then last one, not least is we alluded to this before is having the ability to export that robust set of layer two through layer seven metadata and or packets to a third party data lake, if you will, and where analysts more sophisticated analysts, data scientists, and so on, can do their own correlation, enrich it with their own data, combined it with other data sets and so on, do their own analysis. So it's that three layers of, of integration, if you will, that really what should be an advanced NDR system? >>All right, Tom, take this home for me. How does nets scout deliver advanced NDRs for organizations? >>We do that via solution. We call Omni the security. This is Netscout's portfolio of, of multiple different cyber security products. It all starts with the packets. You know, our core competency for the last 30 years has been to pull packets off the wire at scale, using patented technologies, for example, adapt service intelligence technologies to convert those broad packets into robust set of layer seven layer two through seven metadata. We refer to that data as smart data with that data in hand, you now have the ability to conduct multiple types of threat detection using statistical behavioral, you know, curative threat intelligence, or even open source. So rules engine, you have the ability to detect threats both in real time, as well as historically, but then a solution goes beyond just detecting threats or investigating threats has the ability to influence the blocking of threats too. So we have integrations with different firewall vendors like Palo Alto, for example, where they could take the results of our investigation and then, you know, create policies, blocking policies into firewall. >>In addition to that, we have our own Omni a E D product or our Arbor edge defense. That's, that's a product that sits in front of the firewall and protects the firewall from different types of attacks. We have integration that where you can, you can also influence policies being blocked in the a E and in last but not least, our, our solution integrates this sort of three methods of integration. As we mentioned before, with an existing security system, sending alerts to it, allowing for automation and investigation from it, and having the ability to export our data for, you know, custom analysis, you know, all of this makes that security stack that we've been talking about better, all those different tools that we have. That's that operations triads that we talked about or visibility triad, we talked about, you know, our data makes that entire triad just better and makes the overall security staff better and makes overall security just, just better too. So that, that that's our solution on the security. >>Got it. On the security. And what you've talked about did a great job. The last three segments talking about the differences between the different technologies, data sources, why the complimentary and collaborative nature of them working together is so important for that comprehensive cybersecurity. So Tom, thank you so much for sharing such great and thoughtful information and insight for the audience. >>Oh, you're welcome. Thank you. >>My pleasure. We wanna thank you for watching the program today. Remember that all these videos are available@thecube.net, and you can check out today's news on Silicon angle.com and of course, net scout.com. We also wanna thank net scout for making this program possible and sponsoring the cube. I'm Lisa Martin for Tomski. Thanks for watching and bye for now.

(upbeat music) >> Lately Infinidat has been on a bit of a Super cycle of product announcements. Adding features, capabilities, and innovations to its core platform that are applied across its growing install base. CEO, Phil Bollinger has brought in new management and really emphasized a strong and consistent cadence of product releases, a hallmark of successful storage companies. And one of those new executives is a CMO with a proven product chops, who seems to bring an energy and an acceleration of product output, wherever he lands. Eric Herzog joins us on "theCUBE". Hey, man. Great to see you. Awesome to have you again. >> Dave. Thank you. And of course, for "theCUBE", of course, I had to put on a Hawaiian shirt as always. >> They're back. All right, I love it.(laughs) Watch out for those Hawaiian shirt police, Eric. (both laughing) All right. I want to have you start by. Maybe you can make some comments on the portfolio over the past year. You heard my intro, InfiniBox is the core, the InfiniBox SSA, which announced last year. InfiniGuard you made some substantial updates in February of this year. Real focus on cyber resilience, which we're going to talk about with Infinidat. Give us the overview. >> Sure. Well, what we've got is it started really 11 years ago with the InfiniBox. High end enterprise solution, hybrid oriented really incredible magic fairy dust around the software and all the software technology. So for example, the Neural Cache technology, which has multiple patents on it, allowed the original InfiniBox to outperform probably 85% of the All-Flash Arrays in the industry. And it still does that today. We also of course, had our real, incredible ease-of-use the whole point of the way it was configured and set up from the beginning, which we continued to make sure we do is if you will a set it and forget it model. For example, When you install, you don't create lungs and raid groups and volumes it automatically and autonomously configures. And when you add new solutions, AKA additional applications or additional servers and point it at the InfiniBox. It automatically, again in autonomously, adjust to those new applications learning what it needs to configure everything. So you're not setting cash size and Q depth, or Stripes size, anything you would performance to you don't have to do any of that. So that entire set of software is on the InfiniBox. The InfiniBox SSA II, which we're of course launching today and then inside of the InfiniGuard platform, there's a actually an InfiniBox. So the commonality of snapshots replication, ease of use. All of that is identical across the platform of all-flash array, hybrid array and purpose-built backup secondary storage and no other vendor has that breadth of product that has the same exact software. Some make a similar GUI, but we're talking literally the same exact software. So once you learn it, all three platforms, even if you don't have them, you could easily buy one of the other platforms that you don't have yet. And once you've got it, you already know how to use it. 'Cause you've had one platform to start as an example. So really easy to use from a customer perspective. >> So ever since I've been following the storage business, which has been a long time now, three things that customers want. They want something that is rock solid, dirt cheap and super fast. So performance is something that you guys have always emphasized. I've had some really interesting discussions over the years with Infinidat folks. How do you get performance? If you're using this kind of architecture, it's been quite amazing. But how does this launch extend or affect performance? Why the focus on performance from your standpoint? >> Well, we've done a number of different things to bolster the performance. We've already been industry-leading performance again. The regular InfiniBox outperforms 80, 85% of the All-Flash Arrays. Then, when the announcement of the InfiniBox SSA our first all-flash a year ago, we took that now to the highest demanding workloads and applications in the industry. So what did it add to the super high end Oracle app or SAP or some custom app that someone's created with Mongo or Cassandra. We can absolutely meet the performance between either the InfiniBox or the InfiniBox all-flash with the InfiniBox SSA. However, we've decided to extend the performance even farther. So we added a whole bunch of new CPU cores into our tri part configuration. So we don't have two array controllers like many companies do. We actually have three everything's in threes, which gives us the capability of having our 100% availability guarantee. So we've extended that now we've optimized. We put a additional InfiniBand interconnects between the controllers, we've added the CPU core, we've taken if you will the InfiniBox operating system, Neural Cache and everything else we've had. And what we have done is we have optimized that to take advantage of all those additional cores. This has led us to increase performance in all aspects, IOPS bandwidth and in fact in latency. In latency we now are at 35 mikes of latency. Real world, not a hero number, but real-world on an array. And when you look end to end, if I Mr. Oracle, or SAP sitting in the server and I'll look across that bridge, of course the sand and over to the other building the storage building that entire traversing can be as fast as a 100 microseconds of latency across the entire configuration, not just the storage. >> Yeah. I think that's best in class for an external array. Well, so what's the spectrum you can now hit with the performance ranges. Can you hit all the aspects of the market with the two InfiniBoxes, your original, and then the SSA? >> Yes, even with the original SSA. In fact, we've had one of our end users, who's been first InfiniBox customer, then InfiniBox SSA actually has been running for the last two months. A better version of the SSA II. So they've had a better version and this customer's running high end Oracle rack configurations. So they decided, you know what? We're not going to run storage benchmarks. We're going to run only Oracle benchmarks. And in every benchmark IOPS, latency and bandwidth oriented, we outperformed the next nearest competition. So for example, 57% faster in IOPS, 58% faster in bandwidth and on the latency side using real-world Oracle apps, we were three times better performance on the latency aspect, which of course for a high end high performance workload, that's heavily transactional. Latency is the most important, but when you look across all three of those aspects dramatically outperform. And by the way, that was a beta unit that didn't of course have final code on it yet. So incredible performance angle with the InfiniBox SSA II. >> So I mean you earlier, you were talking about the ease of use. You don't have to provision lungs and all that sort of nonsense, and you've always emphasized ease-of-use. Can you double click on that a little bit? How do you think about that capability? And I'm really interested in why you think it's different from other vendors? >> Well, we make sure that, for example, when you install you don't have to do anything, you have to rack and stack, yes and cable. And of course, point the servers at the storage, but the storage just basically comes up. In fact, we have a customer and it's a public reference that bought a couple units many years ago and they said they were up and going in about two hours. So how many high-end enterprise storage array can be up and going in two hours? Almost I mean, basically nobody about us. So we wanted to make sure that we maintain that when we have customers, one of our big plays, particularly helping with CapEx and OpEx is because we are so performant. We can consolidate, we have a large customer in Europe that took 57 arrays from one of our competitors and consolidate it to five of the original InfiniBox. 57 to 5. They saved about $25 million in capital expense and they're saving about a million and a half a year in operational expense. But the whole point was as they kept adding more and more servers that were connected to those competitive arrays and pointing them at the InfiniBox, there's no performance tuning. Again, that's all ease-of-use, not only saving on operational expense, but obviously as we know, the headcount for storage admins is way down from its peak, which was probably in 2007. Yet every admin is managing what 25 to 50 times the amount of storage between 2007 and 2022. So the reality is the easier it is to use. Not only does of course the CIO love it because both the two of us together probably been storage, doing storage now for close to 80 years would be my guess I've been doing it for 40. You're a little younger. So maybe we're at 75 to 78. Have you ever met a CIO used to be a storage admin ever? >> No. >> And I can't think of one either so guess what? The easier it is to use the CIOs know that they need storage. They don't like it. They're all these days are all software guys. There used to be some mainframe guys in the old days, but they're long gone too. It's all about software. So when you say, not only can we help reduce your CapEx at OpEx, but the operational manpower to run the storage, we can dramatically reduce that because of our ease-of-use that they get and ease-of-use has been a theme on the software side ever since the Mac came out. I mean, Windows used to be a dog. Now it's easy to use and you know, every time the Linux distribution come out, someone's got something that's easier and easier to use. So, the fact that the storage is easy to use, you can turn that directly into, we can help you save on operational manpower and OPEX and CIOs. Again, none of which ever met are storage guys. They love that message. Of course the admins do too 'cause they're managing 25 to 50 times more storage than they had to manage back in 2007. So the easier it is for them at the tactical level, the storage admin, the storage manager, it's a huge deal. And we've made sure we've maintained that as you've added the SSA, as we brought up the InfiniGuard, as we've continue to push new feature function. We always make it easy to use. >> Yeah. Kind of a follow up on that. Just focus on software. I mean, I would think every storage company today, every modern storage company is going to have more software engineers than hardware engineers. And I think Infinidat obviously is no different. You got a strong set of software, it's across the portfolio. It's all included kind of thing. I wonder if you could talk about your software approach and how that is different from your competitors? >> Sure, so we started out 11 years ago when in Infinidat first got started. That was all about commodity hardware. So while some people will use custom this and custom that, yeah and I having worked at two of the biggest storage companies in the world before I came here. Yes, I know it's heavily software, but our percentage of hardware engines, softwares is even less hardware engineering than our competitors have. So we've had that model, which is why this whole what we call the set it and forget it mantra of ease-of-use is critical. We make sure that we've expanded that. For example, we're announcing today, our InfiniOps focus and Infini Ops all software allows us to do AIOps both inside of our storage system with our InfiniVerse and InfiniMetrics packages. They're easy to use. They come pre-installed and they manage capacity performance. We also now have heavy integration with AI, what I'll call data center, AIOps vendors, Vetana ServiceNow, VMware and others. And in that case, we make sure that we expose all of our information out to those AIOps data center apps so that they can report on the storage level. So we've made sure we do that. We have incredible support for the Ansible framework again, which is not only a software statement, but an ease-of-use statement as well. So for the Ansible framework, which is trying to allow an even simpler methodology for infrastructure deployment in companies. We support that extensively and we added some new features. Some more, if you will, what I'll say are more scripts, but they're not really scripts that Ansible hides all that. And we added more of that, whether that be configuration installations, that a DevOps guy, which of course just had all the storage guys listening to this video, have a heart attack, but the DevOps guy could actually configure storage. And I guess for my storage buddies, they can do it without messing up your storage. And that's what Ansible delivers. So between our AIOps focus and what we're doing with InfiniOps, that extends of course this ease-of-use model that we've had and includes that. And all this again, including we already talked about a little bit cyber resilience Dave, within InfiniSafe. All this is included when you buy it. So we don't piecemeal, which is you get this and then we try to upcharge you for that. We have the incredible pricing that delivers this CapEx and an OpEx. Not just for the array, but for the associated software that goes with it, whether that be Neural Cache, the ease-of-use, the InfiniOps, InfiniSafes. You get all of that package together in the way we deploy from a business now perspective, ease of doing business. You don't cut POS for all kinds of pieces. You cut APO and you just get all the pieces on the one PO when we deliver it. >> I was talking yesterday to a VC and we were chatting about AI And of course, everybody's chasing AI. It's a lot of investments go in there, but the reality is, AI is like containers. It's just getting absorbed into virtually every thing. And of course, last year you guys made a pretty robust splash into AIOps. And then with this launch, you're extending that pretty substantially. Tell us a little bit more about the InfiniOps announcement news. >> So the InfiniOps includes our existing in the box framework InfiniVerse and what we do there, by the way, InfiniVerse has the capability with the telemetry feed. That's how we could able to demo at our demo today and also at our demo for our channel partner pre-briefing. Again a hundred mics of latency across the entire configuration, not just to a hundred mics of latency on storage, which by the way, several of our competitors talk about a hundred mics of latency as their quote hero number. We're talking about a hundred mics of latency from the application through the server, through the SAN and out to the storage. Now that is incredible. But the monitoring for that is part of the InfiniOps packaging, okay. We support again with DevOps with all the integration that we do, make it easy for the DevOps team, such as with Ansible. Making sure for the data center people with our integration, with things like VMware and ServiceNow. The data center people who are obviously often not the storage centric person can also be managing the entire data center. And whether that is conversing with the storage admin on, we need this or that, or whether they're doing it themselves again, all that is part of our InfiniOps framework and we include things like the Ansible support as part of that. So InfiniOps is sort of an overarching theme and then overarching thing extends to AIops inside of the storage system. AIops across the data center and even integration with I'll say something that's not even considered an infrastructure play, but something like Ansible, which is clearly a red hat, software oriented framework that incorporates storage systems and servers or networks in the capability of having DevOps people manage them. And quite honestly have the DevOps people manage them without screwing them up or losing data or losing configuration, which of course the server guys, the network guys and the storage guys hate when the DevOps guys play with it. But that integration with Ansible is part of our InfiniOps strategy. >> Now our shift gears a little bit talk about cyber crime and I mean, it's a topic that we've been on for a long time. I've personally been writing about it now for the last few years. Periodically with my colleagues from ETR, we hit that pretty hard. It's top of mind, and now the house just approved what's called the Better Cybercrime Metrics Act. It was a bipartisan push. I mean, the vote was like 377 to 48 and the Senate approved this bill last year. Once president Biden signs it, it's going to be the law's going to be put into effect and you and many others have been active in this space Infinidat. You announced cyber resilience on your purpose bill backup appliance and secondary storage solution, InfiniGuard with the launch of InfiniSafe. What are you doing for primary storage from InfiniBox around cyber resilience? >> So the goal between the InfiniGuard and secondary storage and the InfiniBox and the InfiniBox SSA II, we're launching it now, but the InfiniSafe for InfiniBox will work on the original InfiniBox. It's a software only thing. So there's no extra hardware needed. So it's a software only play. So if you have an InfiniBox today, when you upgrade to the latest software, you can have the InfiniSafe reference architecture available to you. And the idea is to support the four key legs of the cybersecurity table from a storage perspective. When you look at it from a storage perspective, there's really four key things that the CISO and the CIO look for first is a mutable snapshot technology. An article can't be deleted, right? You can schedule it. You can do all kinds of different things, but the point is you can't get rid of it. Second thing of course, is an air gap. And there's two types of air gap, logical air gap, which is what we provide and physical the main physical air gaping would be either to tape or to course what's left of the optical storage market. But we've got a nice logical air gap and we can even do that logical air gaping remotely. Since most customers often buy for disaster recovery purposes, multiple arrays. We can then put that air gap, not just locally, but we can put the air gap of course remotely, which is a critical differentiator for the InfiniBox a remote logical air gap. Many other players have logical, we're logical local, but we're going remote. And then of course the third aspect is a fenced forensic environment. That fence forensic environment needs to be easily set up. So you can determine a known good copy to a restoration after you've had a cyber incident. And then lastly is rapid recovery. And we really pride ourself on this. When you go to our most recent launch in February of the InfiniGuard within InfiniSafe, we were able to demo live a recovery taking 12 minutes and 12 seconds of 1.5 petabytes of backup data from Veeam. Now that could have been any backup data. Convolt IBM spectrum tech Veritas. We happen to show with Veeam, but in 12 minutes and 12 seconds. Now on the primary storage side, depending on whether you're going to try to recover locally or do it from a remote, but if it's local, we're looking at something that's going to be 1 to 2 minutes recovery, because the way we do our snapshot technology, how we just need to rebuild the metadata tree and boom, you can recover. So that's a real differentiator, but those are four things that a CISO and a CIO look for from a storage vendor is this imutable snapshot capability, the air gaping capability, the fenced environment capability. And of course this near instantaneous recovery, which we have proven out well with the InfiniGuard. And now with the InfiniBox SSA II and our InfiniBox platform, we can make that recovery on primary storage, even faster than what we have been able to show customers with the InfiniGuard on the secondary data sets and backup data sets. >> Yeah. I love the four layer cake. I just want to clarify something on the air gap if I could so you got. You got a local air gap. You can do a remote air gap with your physical storage. And then you're saying there's I think, I'm not sure I directly heard that, but then the next layer is going to be tape with the CTA, the Chevy truck access method, right? >> Well, so while we don't actively support tape and go to that there's basically two air gap solutions out there that people talk about either physical, which goes to tape or optical or logical. We do logical air gaping. We don't do air gaping to tape 'cause we don't sell tape. So we make sure that it's a remote logical air gap going to a secondary DR Site. Now, obviously in today's world, no one has a true DR data center anymore, right. All data centers are both active and DR for another site. And because we're so heavily concentrated in the global Fortune 2000, almost all the InfiniBoxes in the field already are set up as in a disaster recovery configuration. So using a remote logical air gap would be is easy for us to do with our InfiniBox SSA II and the whole InfiniBox family. >> And, I get, you guys don't do tape, but when you say remote, so you've got a local air gap, right? But then you also you call a remote logical, but you've got a physical air gap, right? >> Yeah, they would be physically separated, but when you're not going to tape because it's fully removable or optical, then the security analysts consider that type of air gap, a logical air gap, even though it's physically at a remote. >> I understand, you spent a lot of time with the channel as well. I know, and they must be all over this. They must really be climbing on to the whole cyber resiliency. What do you say, do they set up? Like a lot of the guys, doing managed services as well? I'm just curious. Are there separate processes for the air gap piece than there are for the mainstream production environment or is it sort of blended together? How are they approaching that? >> So on the InfiniGuard product line, it's blended together, okay. On the InfiniBox with our InfiniSafe reference architecture, you do need to have an extra server where you create an scuzzy private VLAN and with that private VLAN, you set up your fenced forensic environment. So it's a slightly more complicated. The InfiniGuard is a 100% automated. On the InfiniBox we will be pushing that in the future and we will continue to have releases on InfiniSafe and making more and more automated. But the air gaping and the fence reference now are as a reference architecture configuration. Not with click on a gooey in the InfiniGuard case are original InfiniSafe. All you do is click on some windows and it just goes does. And we're not there yet, but we will be there in the future. But it's such a top of mind topic, as you probably see. Last year, Fortune did a survey of the Fortune 500 CEOs and the number one cited threat at 66% by the way was cybersecurity. So one of the key things store storage vendors do not just us, but all storage vendors is need to convince the CISO that storage is a critical component of a comprehensive cybersecurity strategy. And by having these four things, the rapid recovery, the fenced forensic environment, the air gaping technology and the immutable snapshots. You've got all of the checkbox items that a CISO needs to see to make sure. That said many CISOs still even today stood on real to a comprehensive cybersecurity strategy and that's something that the storage industry in general needs to work on with the security community from a partner perspective. The value is they can sell a full package, so they can go to their end user and say, look, here's what we have for edge protection. Here's what we've got to track the bad guide down once something's happened or to alert you that something's happened by having tools like IBM's, Q Radar and competitive tools to that product line. That can traverse the servers and the software infrastructure, and try to locate malware, ransomware akin to the way all of us have Norton or something like Norton on our laptop that is trolling constantly for viruses. So that's sort of software and then of course storage. And those are the elements that you really need to have an overall cybersecurity strategy. Right now many companies have not realized that storage is critical. When you think about it. When you talk to people in security industry, and I know you do from original insertion intrusion to solution is 287 days. Well guess what if the data sets thereafter, whether it be secondary InfiniGuard or primary within InfiniBox, if they're going to trap those things and they're going to take it. They might have trapped those few data sets at day 50, even though you don't even launch the attack until day 200. So it's a big deal of why storage is so critical and why CISOs and CIOs need to make sure they include it day one. >> It's where the data lives, okay. Eric. Wow.. A lot of topics we discovered. I love the agile sort of cadence. I presume you're not done for the year. Look forward to having you back and thanks so much for coming on today. >> Great. Thanks you, Dave. We of course love being on "theCUBE". Thanks again. And thanks for all the nice things about Infinidat. You've been saying thank you. >> Okay. Yeah, thank you for watching this cube conversation. This is Dave Vellante and we'll see you next time. (upbeat music)

>> From the theCUBE studios in Palo Alto, in Boston, bringing you data-driven insights from theCUBE and ETR. This is "Breaking Analysis", with Dave Vellante. >> The recent security breach of an Okta third party supplier has been widely reported. The criticisms of Okta's response have been harsh, and the impact on Okta's value has been obvious, investors shaved about $6 billion off the company's market cap during the week the hack was made public. We believe Okta's claim that the customer technical impact was, "Near zero," may be semantically correct. However, based on customer data, we feel Okta has a blind spot. There are customer ripple effects that require clear action which are missed in Okta's public statements, in our view. Okta's product portfolio remains solid, it's a clear leader in the identity space. But in our view, one part of the long journey back to credibility requires Okta to fully understand and recognize the true scope of this breach on its customers. Hello, and welcome to this week's Wikibon "CUBE Insights", powered by ETR. In this "Breaking Analysis", we welcome our ETR colleague, Erik Bradley, to share new data from the community. Erik, welcome. >> Thank you, Dave, always enjoy being on the show, particularly when we get to talk about a topic that's not being well covered in the mainstream media in my opinion. >> Yeah, I agree, you've got some new data, and we're going to share some of that today. Let's first review the timeline of this hack. On January 20th this year, Okta got an alert that something was amiss at one of its partners, a company called Sitel, that provides low-level contact center support for Okta. The next day, Sitel retained a forensic firm to investigate, which was completed, that investigation was completed on February 28th. A report dated March 10th was created, and Okta received a summary of that from Sitel on March 17th. Five days later, Lapsus$ posted the infamous screenshots on Twitter. And later that day, sheesh, Okta got the full report from Sitel, and then responded publicly. Then the media frenzy in the back and forth ensued. So Erik, you know, there's so much wrong with this timeline, it's been picked apart by the media. But I will say this, what appeared to be a benign incident and generally has turned into a PR disaster for Okta, and I imagine Sitel as well. Who I reached out to by the way, but they did not provide a comment, whereas Okta did. We'll share that later. I mean, where do we start on this, Erik? >> It's a great question, "Where do we start?" As you know, our motto here is opinions only exist due to a lack of data, so I'm going to start with the data. What we were able to do is because we had a survey that was in the field when the news broke, is that we were able to observe the data in realtime. So we sequestered the data up until that moment when it was announced, so before March 23rd and then after March 23rd. And although most of the responses came in prior, so it wasn't as much of an end as we would've liked. It really was telling to see the difference of how the survey responses changed from before the breach was announced to after, and we can get into a little bit more- >> So let's... Sorry, sorry to interrupt, let's bring that up, let's look at some of that data. And as followers of this program know... Let me just set it up, Erik. Every quarter, ETR, they have a proprietary net score methodology to determine customer spending momentum, and that's what we're talking about here. Essentially measuring the net number of customers spending more on a particular product or platform. So apologize for interrupting, but you're on this data right here. >> Not at all. >> So take us through this. >> Yeah, so again, let's caveat. Okta is still a premier company in our work. Top five in overall security, not just in their niche, and they still remained extremely strong at the end of the survey. However, when you kind of look at that at a more of a micro analysis, what you noticed was a true difference between before March 23rd and after. Overall, their cumulative net score or proprietary spending intention score that we use, was 56% prior. That dropped to 44% during the time period after, that is a significant drop. Even a little bit more telling, and again, small sample size, I want to be very fair about that. Before March 23rd, only three of our community members indicated any indication of replacing Okta. That number went to eight afterwards. So again, small number, but a big difference when you're talking about a percentage change. >> Yeah, so that's that sort of green line that was shown there. You know, not too damaging, but definitely a noticeable downturn with the caveat that it's a small end. But here's the thing that I love working with you, we didn't stop there. You went out, you talked to customers, I talked to a number of customers. You actually organized a panel. This week, Erik hosted a deep dive on the topic with CISOs. And we have, if we could bring up that next slide, Alex. These are some of the top CISOs in the community, and I'm going to just summarize the comments and then turn it over to you, Erik. The first one was really concerning, "We heard about this in the media," ooh, ooh, ouch. Next one, "Not a huge hit, but loss of trust." "We can't just shut Okta off like SolarWinds." So there's definitely a lock in effect there. "We may need to hire new people," i.e, "There's a business impact to us beyond the technical impact." "We're rethinking contract negotiations with Okta." And bottom line, "It's still a strong solution." "We're not really worried about our Okta environment, but this is a trust and communications issue." Erik, these are painful to read, and in the end of the day, Okta has to own this. Todd McKinnon did acknowledge this. As I said at the top, there are domino business impacts that Okta may not be seeing. What are your thoughts? >> There's a lot we're going to need to get into in a little bit, and I think you were spot on earlier, when McKinnon said there was no impact. And that's not actually true, there's a lot of peripheral, derivative impact that was brought up in our panel. Before we even did the panel though, I do want to say we went out quickly to about 20 customers and asked them if they were willing to give an opinion. And it was sort of split down the middle where about, you know, half of them were saying, "You know, this is okay. We're going to stand by 'em, Okta's the best in the industry." A few were cautious, "Opinion's unchanged, but we're going to take a look deeper." And then another 40% were just flat out negative. And again, small sample size, but you don't want to see that. It's indicative of reputational damage right away. That was what led us to say, "You know what, let's go do this panel." And as you know, from reading it and looking at the panel, well, a lot of topics were brought up about the derivative impact of it. And whether that's your own, you know, having to hire people to go look into your backend to deal with and manage Okta. Whether it's cyber insurance ramifications down the road, there's a lot of aspects that need to be discussed about this. >> Yeah now, so before I go on... And by the way, I've spent a fair amount of time just parsing, listening very carefully to Todd McKinnon's commentary. He did an interview with Emily Chang, it was quite useful. But before I go on, I reached out to Okta, and they were super responsive and I appreciate that. And I do believe they're taking this seriously, here's a statement they provided to theCUBE. Quote, "As a global leader in identity, we recognize the critical role Okta plays for our customers and our customers' end users. Okta has a culture of learning and improving, and we are taking the steps to prevent this from happening again. We know trust is earned, and building back our customers' trust in Okta through our actions and our ongoing support as their secure identity partner is our top priority." Okay, so look, you know, what are you going to say, right? I mean, I think they do own it. Again, the concern is the blind spots. So we put together this visual to try to explain how Okta is describing the impact, and maybe another way to look at it. So let me walk you through this. Here's a simple way in which organizations think about the impact of a breach. What's the probability of a breach, that's the vertical axis, and what's the impact on the horizontal. Now I feel as though business impact really is the financial, you know, condition. But we've narrowed this to map to Todd McKinnon's statements of the technical impact. And they've said the technical impact in terms of things customers need to do or change, is near zero, and that's the red dot that you see there. Look, the fact is, that Okta has more than 15,000 customers, and at most, 366 were directly impacted by this. That's less than 3% of the base, and it's probably less than that, they're just being conservative. And the technical impact which Todd McKinnon described in an interview, again, with Emily Chang, was near zero in terms of actions the customers had to take on things like reporting and changes and remediation. Basically negligible. But based on the customer feedback outside of that 366, that's what we're calling that blind spot and that bracket. And then we list the items that we are hearing from customers on things that they have to do now, despite that minimal exposure. Erik, this is new information that we've uncovered through the ETR process, and there's a long list of collateral impacts that you just referred to before, actions that customers have to take, right? >> Yeah, there's a lot, and the panel really brought that to life even more than I expected to be quite honest. First of all, you're right, most of them believe that this was a minimal impact. The true damage here was reputational, and the derivatives that come from it. We had one panelist say that they now have to go hire people, because, and I hate to say this, but Okta isn't known for their best professional support. So they have to go get people now in to kind of do that themselves and manage that. That's obviously not the easiest thing to do in this environment. We had other ones express concern about, "Hey I'm an Okta customer. When I have to do my cyber insurance renewal, is my policy going to go up? Is my premium going to go up?" And it's not something that they even want to have to handle, but they do. There were a lot of concerns. One particular person didn't think the impact was minimal, and I just think it's worth bringing up. There was no demand for ransom here. So there were only two and a half percent of Okta customers that were hit, but we don't know what the second play is, right, this could just be stage one. And I think that there was one particular person on the panel who truly believes that, that could be the case, that this was just the first step. And in his opinion, there wasn't anything specific about those 366 customers that made him feel like the bad actor was targeting them. So he does believe that this might be a step one of a step two situation. Now that's a, you know, bit of an alarmist opinion and the rest of the panel didn't really echo it, but it is something that's kind of worth bringing up out there. >> Well, you know, it just pays to be paranoid. I mean, you know, it was reported that supposedly, this hack was done by a 16-year-old in England, out of his, you know, mother's house, but who knows? You know, other actors might have paid that individual to see what they could do. It could have been a little bit of reconnaissance, throw the pawn in there and see how, you know, what the response is like. So I want to parse some of Todd McKinnon's statements from that Bloomberg interview. Look, we've always, you and I both have been impressed with Okta, and Todd McKinnon's management. His decisions, execution, leadership, super impressive individual. You know, big fans of the company. And in the interview, it looked like (chuckles) the guy hadn't slept in three weeks, so really you have to feel for him. But I think there are some statements that have to be unpacked. The first one, McKinnon took responsibility and talked about how they'll be transparent about steps they're taking in the future to avoid you know, similar problems. We talked about the near-zero technical impact, we don't need to go there anymore. But Erik, the two things that struck me as communication misfires were the last two. Especially the penultimate statement there, quote, "The competitor product was at fault for this breach." You know, by the way, I believe this to be true. Evidently, Sitel was not using Okta as its identity access platform. You know, we're all trying to figure out who that is. I can tell you it definitely was not CyberArk, we're still digging to find out who. But you know, you can't say in my view, "We are taking responsibility," and then later say it was the competitor's fault. And I know that's not what he meant, but that's kind of how it came across. And even if it's true, you just don't say that later in a conversation after saying that, "We own it." Now on the last point, love your thoughts on this, Erik? My first reaction was Okta's throwing Sitel under the bus. You know, Okta's asking for forgiveness from its customers, but it just shot its partner, and I kind of get it. This shows that they're taking action but I would've preferred something like, "Look, we've suspended our use of Sitel for the time being pending a more detailed review. We've shut down that relationship to block any exposures. Our focus right now is on customers, and we'll take a look at that down the road." But I have to say in looking at the timeline, it looks like Sitel did hide the ball a little bit, and so you can't blame 'em. And you know, what are your thoughts on that? >> Well, I'll go back to my panelists again, who unanimously agreed this was a masterclass on how not to handle crisis management. And I do feel for 'em, they're a fantastic management team. The acquisition of Auth0 alone, was just such a brilliant move that you have to kind of wonder what went wrong here, they clearly were blindsided. I agree with you that Sitel was not forthcoming quickly enough, and I have a feeling that, that's what got them in this position, in a bad PR. However, you can't go ahead and fire your partner and then turn around and ask other people not to fire you. Particularly until a very thorough investigation and a root cause analysis has been released to everyone. And the customers that I have spoken to don't believe that, that is done yet. Now, when I ask them directly, "Would you consider leaving Okta?" Their answers were, "No, it is not easy to rip and replace, and we're not done doing our due diligence." So it's interesting that Okta's customers are giving them that benefit of the doubt, but we haven't seen it, you know, flow the other way with Okta's partner. >> Yeah, and that's why I would've preferred a different public posture, because who knows? I mean, is Sitel the only partner that's not using Okta as its identity management, who knows? I'd like to learn more about that. And to your point, you know, maybe Okta's got to vertically integrate here and start, you know, supporting the lower level stuff directly itself, you know, and/or tightening up those partnerships. Now of course, the impact on Okta obviously has been really serious, big hit on the stock. You know, they're piling on inflation and quantitative tightening and rate hikes. But the real damage, as we've said, is trust and reputation, which Okta has earned, and now it has to work hard to earn back. And it's unfortunate. Look, Okta was founded in 2009 and in over a decade, you know, by my count, there have been no major incidents that are obvious. And we've seen the damage that hackers can do by going after the digital supply chain and third and fourth party providers. You know, rules on disclosure is still not tight and that maybe is part of the problem here. Perhaps the new law The House just sent over to President Biden, is going to help. But the point, Erik, is Okta is not alone here. It feels like they got what looked like a benign alert. Sitel wasn't fully transparent, and Okta is kind of fumbling on the comms, which creates this spiraling effect. Look, we're going to have to wait for the real near-term and midterm impacts, but longterm, I personally believe Okta is going to be fine. But they're going to have to sacrifice some margin possibly in the near to midterm, and go through more pain to regain the loyalty of its customers. And I really would like to hear from Okta that they understand that customers, the impact of this breach to customers, actually does go beyond the 366 that were possibly compromised. Erik, I'll give you the final word. >> Yeah, there's a couple of things there if I can have a moment, and yes, Okta... Well, there was a great quote, one of the guys said, "Okta's built like a tank, but they just gave the keys to a 16 year old valet." So he said, "There is some concern here." But yes, they are best of breed, they are the leader, but there is some concern. And every one of the guys I spoke to, all CISOs, said, "This is going to come up at renewal time. At a minimum, this is leverage. I have to ask them to audit their third parties and their partners. I have to bring this up when it comes time." And then the other one that's a little bit of a concern is data-wise. We saw Ping Identity jump big, from 9% net score to 24% net score. Don't know if it's causative or correlated, but it did happen. Another thing to be concerned about out there, is Microsoft is making absolutely massive strides in security. And all four of the panelists said, "Hey, I've got an E5 license, why don't I get the most out of it? I'm at least going to look." So for Okta to say, you know, "Hey, there's no impact here," it's just not true, there is an impact, they're saying what they need to say. But there's more to this, you know, their market cap definitely got hit. But you know, I think over time if the market stabilized, we could see that recover. It's a great management team, but they did just open the door for a big, big player like Microsoft. And you and I also both know that there's a lot of emerging names out there too, that would like to, you know, take a little bit of that share. >> And you know, but here's the thing, I want to keep going here for a minute. Microsoft got hit by lapses, Nvidia got hit by lapses. But I think, Erik, I feel like people, "Oh yeah, Microsoft, they get hit all the time." They're kind of used to it with Microsoft, right? So that's why I'm saying, it's really interesting here. Customers want to consolidate their security portfolio and the number of tools that they have, you know. But then you look at something like this and you say, "Okay, we're narrowing the blast radius. You know, maybe we have to rethink that and that creates more complexity," and so it's a very complicated situation. But you know, your point about Microsoft is ironic, right. Because you know, when you see Microsoft, Amazon, you know, customers get hit all the time and it's oftentimes the fault of the customer, or the partner. And so it seems like, again, coming back to the comms of this, is that really is the one thing that they just didn't get right. >> Yeah, the biggest takeaway from this without a doubt is it's not the impact of the breach, it was the impact of their delay and how they handled it and how they managed it. That's through the course of 25 CISOs I've spoken to now, that's unanimous. It's not about that this was a huge damaging hit, but the damage really came from their reaction or lack thereof. >> Yeah, and it's unfortunate, 'cause it feels like a lot of it was sort of, I want to say out of their control because obviously they could have audited the partners. But still, I feel like they got thrown a curve ball that they really had a, you know, difficult time, you know, parsing through that. All right, hey, we got to leave it there for now. Thank you, Erik Bradley, appreciate you coming on, It's always a pleasure to have you >> Always good talking to you too, Dave, thanks a lot. >> ETR team, you guys are amazing, do some great work. I want to thank Stephanie Chan, who helps me with background research for "Breaking Analysis". Kristen Martin and Cheryl Knight, help get the word out, as do some others. Alex Myerson on production, Alex, thank you. And Rob Hof, is our EIC at SiliconANGLE. Remember, all these episodes, they are available as podcasts. Wherever you listen, just search, "Breaking Analysis podcast." I publish each week on wikibon.com and siliconangle.com. Check out etr.ai, it's the best in the business for real customer data real-time, near real-time, awesome platform. You can reach out to me at david.vellante@siliconangle.com, or @DVellante, or comment on my LinkedIn post. This is Dave Vellante, for Erik Bradley, and "theCUBE Insights", powered by ETR. Thanks for watching, be well, and we'll see you next time. (bright music)

(upbeat music) >> Okay, we're here talking about how you can better understand and manage the risks associated with the digital supply chain. How in this day and age where software comes from so many different places and sources throughout the ecosystem, how can organizations manage the risks associated with our dependence on software? And with me now are two great guests, Andrea Hall, who is a specialist solution architect and project manager for security and compliance at Red Hat. She's going to focus on public sector. And Andrew Block who's a distinguished architect at Red Hat Consulting, folks welcome. >> Welcome >> Thank you. Thanks for having us. >> You're very welcome. Andrea, let's start with you. Let's talk about regulations. What exists today that we should be aware of that organizations should be paying attention to? >> Oh sure, so the thing that comes to mind first being in the US is the presidential executive order on cybersecurity that came out a few months ago. Organizations are really paying attention to that. And in the US, it's having a ripple effect with policy, but we're also seeing policy considerations pop up in other countries, Australia and England. The supply chain is a big focus right now, of course, but we see these changes coming down the road as more and more government organizations are trying to secure their critical infrastructure. >> Is there kind of a leadership, or probably in other words, is somebody saying seeing what the UK does and say, okay, we're going to follow that template? Or is it just a variety and a mish mash with no sort of consolidation? How is that sort of playing out? >> I see a lot of organizations kind of basing their requirements on (indistinct) However, each organization has its own nuances. Each agency has its own nuances to how it wants them implemented. >> Andrew, maybe you could chime in here. What are you seeing when you talk to customers that are tuned into this issue? >> You know, as Andrea had just mentioned having that north star in terms of regulations is so fundamentally great for them because many of them especially in regulate industries, look to these regulations on how they apply their own policies. So at least it has some guidance on how to move forward because as we all know the secure software supply chain is getting news every day and how they react to it is something that I know all their leaders are asking themselves, especially those IT leaders. >> Andrea, when I talk to practitioners, sometimes they're frustrated. They understand they have to comply. They know new regulations are coming out, but sometimes it's hard for them to keep up. It would be helpful if you're sitting across the table from somebody who's frustrated and they ask you, what are your expectations? What are the trends in regulations? How do you see the current regulations evolving to specifically accommodate the digital supply chain and the security exposures and corollary requirements there? >> We see a lot of organizations struggling in the sense of trying to understand what the policy actually wants. Definitions are still a little bit vague, but implementation is also difficult because sometimes organizations will add more tools to their toolkit, adding a layer of complexity there. Really automation has to be pulled in. That's key to implementing this instead of adding more workload and more burden to your folks. It's really important for these organizations to pull stakeholders in the organization together. So the IT leaders bring together the developers, the security operations sit at the same table, talk about whether or not what needs to be implemented or what's proposed to be implemented, will affect the mission or in any way or disrupt operations. It's important for everybody to be on the same page so it doesn't slow anything down as you're trying to roll it out. >> And one of the things here is that we're seeing a lot of change with these new regulations and with a lot of organizations, any type of change is scary. And that is one area that they're looking for guidance not only in the tooling, but also how they apply it in the organization. >> I'll add on. >> Please. >> I'll add onto that and say, organizations really need to take into account the people side of things too. People need to understand what the impact is to the organization, so that they don't try to find the loopholes, they're buying into what needs to be done. They understand the why behind it. You for example, if you walk into your house, you normally close the door behind you. Security needs to be seen as that, as well, that's the culture and it's the habit. And it's ingrained in the fabric of the organization to live this way, not just implement the tools to do it. >> Right, and the number of doors you have in your infrastructure are a lot more than just a couple. Andrew mentioned sort of guidance and governments are obviously taking a more active role. I mean, sometimes I'm a cynic. I mean, the president Biden signs an executive order, but swipe of a pen doesn't really give us enough to go on. Do you think Andrea, that we're going to see new guidance from governments in the very near future? What are you expecting? >> I expect to see more conversations happening. I know that agencies who developed the policies are pulling together stakeholders and getting input. But I do see in the not too distant future, that mandates will be rolling out, yes. >> Well, so Andrew of course, Andrea, if you have a thought on this as well, but how do you see organizations dealing with adopting these new policies. >> Slowly, don't boil the ocean is one thing I tell a lot to every one of them, because a lot of these tooling, a lot of these concepts are foreign to them, brand new. How they adopt those and how they implement them, needs to be done in a very agile fashion, very slow and prescriptive. Go ahead and try to find one area of improvement and go ahead and work upon it and build upon it. Because not only does that normally make your organization more successful and secure, but also helps your organization just from a more out standpoint. One thing that you need to emphasize is that don't blame anyone. 'Cause a lot of times when you're going through this, you're reassessing your own supply chain. You might find where you could see improvements that need to be done. Don't blame things that may have occurred in the past. See how you can benefit from these lessons learned in the future. >> It's interesting you say that the blame game, I mean it used to be that failure meant you get fired and that's obviously has changed. As many have said, you know you're going to have incidents. It's how you respond to those incidents. What you learn from them. Do you have Andrew, any insights from specifically working with customers on securing their software supply chain? What can you tell us about what leading practitioners are doing today? >> They're going in and not only assessing what their software components consist of. Using tools like an SBOM, a software bill of materials, understand where all the components of their ecosystem and their lineage comes from. We're hearing almost every single day, new vulnerabilities that are being introduced in various software packages. By having that understanding of what is in your ecosystem, you can then better understand how to mitigate those concerns moving forward. >> Andrea, Andrew was just saying, one of the things is you don't just dive in. You've got to be careful. There's going to be ripple effects is what I'm inferring, but at the same time, there's a mandate to move quickly. Are there things that could accelerate the adoption of regulation or even the creation of regulations and that guidance in your view? What could accelerate this? >> As far as accelerating it goes, I think it's having those conversations proactively with the stakeholders in your organization and understanding the environment like Andrew said. Go ahead and get that baseline. And just know that whatever changes you make are maybe going to be audited down the road, because as we were moving towards this kind of third-party verification, that you're actually implementing things in order to do business with another organization. The importance of that, if organizations see that gravity to this, I think they will try to speed things up. I think that if organizations and the people in those organizations understand that why, that I talked about earlier and they understand how things like solar winds or things like the oil disruption that happened earlier this year. The personal effect to cyber events will help your organization move forward. Again, everybody's bought into the concept, everybody's working towards the same goals and they understand that why behind it. >> In addition to that, having tooling available, that makes it easy for them. You have a lot of individuals who this is all foreign, providing that base level tooling that aligns to a lot of the regulations that might be applicable within their real realm and their domain, makes it easier for them to start to complying and taking less burden off of them to be able to be successful. >> So it's a hard problem because Andrew, how do you deal with sort of the comment more tools, okay. But I look at that the Optiv map, if you've seen that. It makes your eyes cross. You've got so many tools, so much fragmentation, you're introducing new tools. Can automation help that? Is there hope for consolidation of that tools portfolio? >> Right now, this space is very emerging. It's very emerging, it's very fluid to be honest, 'cause there is actually mandates only a year or two old. But as they come over the course of time, however, I do see these types of tooling starting to consolidate where right now it seems like every vendor has a tool that tries to address this. It's being able to have the people work together, have more regulations that will come out that will allow us to start to redefine and solidify on certain tools like ISO standards. There are certain ones that I mentioned on as balance previously, there's now a ISO standard on SBOM there wasn't previously. So as more and more of these regulations come out, it makes it easier to provide that recommended set of tooling that organizations can start leveraging instead of vendor A, vendor B. >> Andrea, I said this before I was a cynic, but will give you the last word, give us some hope. I mean, obviously public policy is very important. A partnership between governments and industry, both the practitioners, the organizations that are buying these tools, as well as the technology industry got to work together in an ecosystem. Give us some hope. >> The hope I think will come from realizing that as you're doing this, as you are implementing these changes, you're in a sense trying to prevent those future incidents from happening. There's some assurance that you're doing everything that you can do here. It's a situation, it can be daunting, I'll put it that way. It can be really daunting for organizations, but just know that organizations like Red Hat are doing what we can to help you down the road. >> And really it's just continuing this whole shifting left mentality. The top of supply chain is just one component, but the introducing dev sec ops security at the beginning, that really will make the organizations become successful because this is not just a technology problem, It's a people issue as well. And being able to kind of package them all up together will help organizations as a whole. >> Yeah, so that's a really important point. You hear that term shift left. For years, people say, hey, you can't just bolt security on, as an afterthought, that's problematic. And that's the answer to that problem, right? Is shifting left meaning designing it in at the point of code, infrastructure as code, dev sec ops. That's where it starts, right? >> Exactly, being able to have security at the forefront and then have everything afterwards. Propagate from your security mindset. >> Excellent, okay, Andrea, Andrew, thanks so much for coming to the program today. >> Thank you for having us. >> Very welcome, thanks for watching. This is Dave Vellante for The Cube. Your a global leader in enterprise tech coverage. (soft music)

(upbeat music) >> Okay, we're here talking about how you can better understand and manage the risks associated with the digital supply chain. How in this day and age where software comes from so many different places and sources throughout the ecosystem, how can organizations manage the risks associated with our dependence on software? And with me now are two great guests, Andrea Hall, who is a specialist solution architect and project manager for security and compliance at Red Hat. She's going to focus on public sector. And Andrew Block who's a distinguished architect at Red Hat Consulting, folks welcome. >> Welcome >> Thank you. Thanks for having us. >> You're very welcome. Andrea, let's start with you. Let's talk about regulations. What exists today that we should be aware of that organizations should be paying attention to? >> Oh sure, so the thing that comes to mind first being in the US is the presidential executive order on cybersecurity that came out a few months ago. Organizations are really paying attention to that. And in the US, it's having a ripple effect with policy, but we're also seeing policy considerations pop up in other countries, Australia and England. The supply chain is a big focus right now, of course, but we see these changes coming down the road as more and more government organizations are trying to secure their critical infrastructure. >> Is there kind of a leadership, or probably in other words, is somebody saying seeing what the UK does and say, okay, we're going to follow that template? Or is it just a variety and a mish mash with no sort of consolidation? How is that sort of playing out? >> I see a lot of organizations kind of basing their requirements on (indistinct) However, each organization has its own nuances. Each agency has its own nuances to how it wants them implemented. >> Andrew, maybe you could chime in here. What are you seeing when you talk to customers that are tuned into this issue? >> No as Andrea had just mentioned having that north star in terms of regulations is so fundamentally great for them because many of them especially in regulate industries, look to these regulations on how they apply their own policies. So at least it has some guidance on how to move forward because as we all know the secure software supply chain is getting news every day and how they react to it is something that I know all their leaders are asking themselves, especially those IT leaders. >> Andrea, when I talk to practitioners, sometimes they're frustrated. They understand they have to comply. They know new regulations are coming out, but sometimes it's hard for them to keep up. It would be helpful if you're sitting across the table from somebody who's frustrated and they ask you, what are your expectations? What are the trends in regulations? How do you see the current regulations evolving to specifically accommodate the digital supply chain and the security exposures and corollary requirements there? >> We see a lot of organizations struggling in the sense of trying to understand what the policy actually wants. Definitions are still a little bit vague, but implementation is also difficult because sometimes organizations will add more tools to their toolkit, adding a layer of complexity there. Really automation has to be pulled in. That's key to implementing this instead of adding more workload and more burden to your folks. It's really important for these organizations to pull stakeholders in the organization together. So the IT leaders bring together the developers, the security operations sit at the same table, talk about whether or not what needs to be implemented or what's proposed to be implemented, will affect the mission or in any way or disrupt operations. It's important for everybody to be on the same page so it doesn't slow anything down as you're trying to roll it out. >> And one of the things here is that we're seeing a lot of change with these new regulations and with a lot of organizations, any type of change is scary. And that is one area that they're looking for guidance not only in the tooling, but also how they apply it in the organization. >> I'll add on. >> Please. >> I'll add onto that and say, organizations really need to take into account the people side of things too. People need to understand what the impact is to the organization, so that they don't try to find the loopholes, they're buying into what needs to be done. They understand the why behind it. You for example, if you walk into your house, you normally close the door behind you. Security needs to be seen as that, as well, that's the culture and it's the habit. And it's ingrained in the fabric of the organization to live this way, not just implement the tools to do it. >> Right, and the number of doors you have in your infrastructure are a lot more than just a couple. Andrew mentioned sort of guidance and governments are obviously taking a more active role. I mean, sometimes I'm a cynic. I mean, the president Biden signs an executive order, but swipe of a pen doesn't really give us enough to go on. Do you think Andrea, that we're going to see new guidance from governments in the very near future? What are you expecting? >> I expect to see more conversations happening. I know that agencies who developed the policies are pulling together stakeholders and getting input. But I do see in the not too distant future, that mandates will be rolling out, yes. >> Well, so Andrew of course, Andrea, if you have a thought on this as well, but how do you see organizations dealing with adopting these new policies. >> Slowly, don't boil the ocean is one thing I tell a lot to every one of them, because a lot of these tooling, a lot of these concepts are foreign to them, brand new. How they adopt those and how they implement them, needs to be done in a very agile fashion, very slow and prescriptive. Go ahead and try to find one area of improvement and go ahead and work upon it and build upon it. Because not only does that normally make your organization more successful and secure, but also helps your organization just from a more out standpoint. One thing that you need to emphasize is that don't blame anyone. 'Cause a lot of times when you're going through this, you're reassessing your own supply chain. You might find where you could see improvements that need to be done. Don't blame things that may have occurred in the past. See how you can benefit from these lessons learned in the future. >> It's interesting you say that the blame game, I mean it used to be that failure meant you get fired and that's obviously has changed. As many have said, you know you're going to have incidents. It's how you respond to those incidents. What you learn from them. Do you have Andrew, any insights from specifically working with customers on securing their software supply chain? What can you tell us about what leading practitioners are doing today? >> They're going in and not only assessing what their software components consist of. Using tools like an SBOM, a software bill of materials, understand where all the components of their ecosystem and their lineage comes from. We're hearing almost every single day, new vulnerabilities that are being introduced in various software packages. By having that understanding of what is in your ecosystem, you can then better understand how to mitigate those concerns moving forward. >> Andrea, Andrew was just saying, one of the things is you don't just dive in. You've got to be careful. There's going to be ripple effects is what I'm inferring, but at the same time, there's a mandate to move quickly. Are there things that could accelerate the adoption of regulation or even the creation of regulations and that guidance in your view? What could accelerate this? >> As far as accelerating it goes, I think it's having those conversations proactively with the stakeholders in your organization and understanding the environment like Andrew said. Go ahead and get that baseline. And just know that whatever changes you make are maybe going to be audited down the road, because as we were moving towards this kind of third-party verification, that you're actually implementing things in order to do business with another organization. The importance of that, if organizations see that gravity to this, I think they will try to speed things up. I think that if organizations and the people in those organizations understand that why, that I talked about earlier and they understand how things like solar winds or things like the oil disruption that happened earlier this year. The personal effect to cyber events will help your organization move forward. Again, everybody's bought into the concept, everybody's working towards the same goals and they understand that why behind it. >> In addition to that, having tooling available, that makes it easy for them. You have a lot of individuals who this is all foreign, providing that base level tooling that aligns to a lot of the regulations that might be applicable within their real realm and their domain, makes it easier for them to start to complying and taking less burden off of them to be able to be successful. >> So it's a hard problem because Andrew, how do you deal with sort of the comment more tools, okay. But I look at that the Optiv map, if you've seen that. It makes your eyes cross. You've got so many tools, so much fragmentation, you're introducing new tools. Can automation help that? Is there hope for consolidation of that tools portfolio? >> Right now, this space is very emerging. It's very emergent, it's very fluid to be honest, 'cause there is actually mandates only a year or two old. But as they come over the course of time, however, I do see these types of tooling starting to consolidate where right now it seems like every vendor has a tool that tries to address this. It's being able to have the people work together, have more regulations that will come out that will allow us to start to redefine and solidify on certain tools like ISO standards. There are certain ones that I mentioned on as balance previously, there's now a ISO standard on SBOM there wasn't previously. So as more and more of these regulations come out, it makes it easier to provide that recommended set of tooling that organization is leveraging instead of vendor A, vendor B. >> Andrea, I said this before I was a cynic, but will give you the last word, give us some hope. I mean, obviously public policy is very important. A partnership between governments and industry, both the practitioners, the organizations that are buying these tools, as well as the technology industry got to work together in an ecosystem. Give us some hope. >> The hope I think will come from realizing that as you're doing this, as you are implementing these changes, you're in a sense trying to prevent those future incidents from happening. There's some assurance that you're doing everything that you can do here. It's a situation, it can be daunting, I'll put it that way. It can be really daunting for organizations, but just know that organizations like Red Hat are doing what we can to help you down the road. >> And really it's just continuing this whole shifting left mentality. The top of supply chain is just one component, but the introducing dev sec ops security at the beginning, that really will make the organizations become successful because this is not just a technology problem, It's a people issue as well. And being able to kind of package them all up together will help organizations as a whole. >> Yeah, so that's a really important point. You hear that term shift left. For years, people say, hey, you can't just bolt security on, as an afterthought, that's problematic. And that's the answer to that problem, right? Is shifting left meaning designing it in at the point of code, infrastructure as code, dev sec ops. That's where it starts, right? >> Exactly, being able to have security at the forefront and then have everything afterwards. Propagate from your security mindset. >> Excellent, okay, Andrea, Andrew, thanks so much for coming to the program today. >> Thank you for having us. >> Very welcome, thanks for watching. This is Dave Vellante for The Cube. Your a global leader in enterprise tech coverage. (soft music)

(upbeat music) >> Okay, we're here talking about how you can better understand and manage the risks associated with the digital supply chain. How in this day and age where software comes from so many different places and sources throughout the ecosystem, how can organizations manage the risks associated with our dependence on software? And with me now are two great guests, Andrea Hall, who is a specialist solution architect and project manager for security and compliance at Red Hat. She's going to focus on public sector. And Andrew Block who's a distinguished architect at Red Hat Consulting, folks welcome. >> Welcome >> Thank you. Thanks for having us. >> You're very welcome. Andrea, let's start with you. Let's talk about regulations. What exists today that we should be aware of that organizations should be paying attention to? >> Oh sure, so the thing that comes to mind first being in the US is the presidential executive order on cybersecurity that came out a few months ago. Organizations are really paying attention to that. And in the US, it's having a ripple effect with policy, but we're also seeing policy considerations pop up in other countries, Australia and England. The supply chain is a big focus right now, of course, but we see these changes coming down the road as more and more government organizations are trying to secure their critical infrastructure. >> Is there kind of a leadership, or probably in other words, is somebody saying seeing what the UK does and say, okay, we're going to follow that template? Or is it just a variety and a mish mash with no sort of consolidation? How is that sort of playing out? >> I see a lot of organizations kind of basing their requirements on (indistinct) However, each organization has its own nuances. Each agency has its own nuances to how it wants them implemented. >> Andrew, maybe you could chime in here. What are you seeing when you talk to customers that are tuned into this issue? >> No as Andrea had just mentioned having that north star in terms of regulations is so fundamentally great for them because many of them especially in regulate industries, look to these regulations on how they apply their own policies. So at least it has some guidance on how to move forward because as we all know the secure software supply chain is getting news every day and how they react to it is something that I know all their leaders are asking themselves, especially those IT leaders. >> Andrea, when I talk to practitioners, sometimes they're frustrated. They understand they have to comply. They know new regulations are coming out, but sometimes it's hard for them to keep up. It would be helpful if you're sitting across the table from somebody who's frustrated and they ask you, what are your expectations? What are the trends in regulations? How do you see the current regulations evolving to specifically accommodate the digital supply chain and the security exposures and corollary requirements there? >> We see a lot of organizations struggling in the sense of trying to understand what the policy actually wants. Definitions are still a little bit vague, but implementation is also difficult because sometimes organizations will add more tools to their toolkit, adding a layer of complexity there. Really automation has to be pulled in. That's key to implementing this instead of adding more workload and more burden to your folks. It's really important for these organizations to pull stakeholders in the organization together. So the IT leaders bring together the developers, the security operations sit at the same table, talk about whether or not what needs to be implemented or what's proposed to be implemented, will affect the mission or in any way or disrupt operations. It's important for everybody to be on the same page so it doesn't slow anything down as you're trying to roll it out. >> And one of the things here is that we're seeing a lot of change with these new regulations and with a lot of organizations, any type of change is scary. And that is one area that they're looking for guidance not only in the tooling, but also how they apply it in the organization. >> I'll add on. >> Please. >> I'll add onto that and say, organizations really need to take into account the people side of things too. People need to understand what the impact is to the organization, so that they don't try to find the loopholes, they're buying into what needs to be done. They understand the why behind it. You for example, if you walk into your house, you normally close the door behind you. Security needs to be seen as that, as well, that's the culture and it's the habit. And it's ingrained in the fabric of the organization to live this way, not just implement the tools to do it. >> Right, and the number of doors you have in your infrastructure are a lot more than just a couple. Andrew mentioned sort of guidance and governments are obviously taking a more active role. I mean, sometimes I'm a cynic. I mean, the president Biden signs an executive order, but swipe of a pen doesn't really give us enough to go on. Do you think Andrea, that we're going to see new guidance from governments in the very near future? What are you expecting? >> I expect to see more conversations happening. I know that agencies who developed the policies are pulling together stakeholders and getting input. But I do see in the not too distant future, that mandates will be rolling out, yes. >> Well, so Andrew of course, Andrea, if you have a thought on this as well, but how do you see organizations dealing with adopting these new policies. >> Slowly, don't boil the ocean is one thing I tell a lot to every one of them, because a lot of these tooling, a lot of these concepts are foreign to them, brand new. How they adopt those and how they implement them, needs to be done in a very agile fashion, very slow and prescriptive. Go ahead and try to find one area of improvement and go ahead and work upon it and build upon it. Because not only does that normally make your organization more successful and secure, but also helps your organization just from a more out standpoint. One thing that you need to emphasize is that don't blame anyone. 'Cause a lot of times when you're going through this, you're reassessing your own supply chain. You might find where you could see improvements that need to be done. Don't blame things that may have occurred in the past. See how you can benefit from these lessons learned in the future. >> It's interesting you say that the blame game, I mean it used to be that failure meant you get fired and that's obviously has changed. As many have said, you know you're going to have incidents. It's how you respond to those incidents. What you learn from them. Do you have Andrew, any insights from specifically working with customers on securing their software supply chain? What can you tell us about what leading practitioners are doing today? >> They're going in and not only assessing what their software components consist of. Using tools like an SBOM, a software bill of materials, understand where all the components of their ecosystem and their lineage comes from. We're hearing almost every single day, new vulnerabilities that are being introduced in various software packages. By having that understanding of what is in your ecosystem, you can then better understand how to mitigate those concerns moving forward. >> Andrea, Andrew was just saying, one of the things is you don't just dive in. You've got to be careful. There's going to be ripple effects is what I'm inferring, but at the same time, there's a mandate to move quickly. Are there things that could accelerate the adoption of regulation or even the creation of regulations and that guidance in your view? What could accelerate this? >> As far as accelerating it goes, I think it's having those conversations proactively with the stakeholders in your organization and understanding the environment like Andrew said. Go ahead and get that baseline. And just know that whatever changes you make are maybe going to be audited down the road, because as we were moving towards this kind of third-party verification, that you're actually implementing things in order to do business with another organization. The importance of that, if organizations see that gravity to this, I think they will try to speed things up. I think that if organizations and the people in those organizations understand that why, that I talked about earlier and they understand how things like solar winds or things like the oil disruption that happened earlier this year. The personal effect to cyber events will help your organization move forward. Again, everybody's bought into the concept, everybody's working towards the same goals and they understand that why behind it. >> In addition to that, having tooling available, that makes it easy for them. You have a lot of individuals who this is all foreign, providing that base level tooling that aligns to a lot of the regulations that might be applicable within their real realm and their domain, makes it easier for them to start to complying and taking less burden off of them to be able to be successful. >> So it's a hard problem because Andrew, how do you deal with sort of the comment more tools, okay. But I look at that the Optiv map, if you've seen that. It makes your eyes cross. You've got so many tools, so much fragmentation, you're introducing new tools. Can automation help that? Is there hope for consolidation of that tools portfolio? >> Right now, this space is very emerging. It's very emergent, it's very fluid to be honest, 'cause there is actually mandates only a year or two old. But as they come over the course of time, however, I do see these types of tooling starting to consolidate where right now it seems like every vendor has a tool that tries to address this. It's being able to have the people work together, have more regulations that will come out that will allow us to start to redefine and solidify on certain tools like ISO standards. There are certain ones that I mentioned on as balance previously, there's now a ISO standard on SBOM there wasn't previously. So as more and more of these regulations come out, it makes it easier to provide that recommended set of tooling that organization is leveraging instead of vendor A, vendor B. >> Andrea, I said this before I was a cynic, but will give you the last word, give us some hope. I mean, obviously public policy is very important. A partnership between governments and industry, both the practitioners, the organizations that are buying these tools, as well as the technology industry got to work together in an ecosystem. Give us some hope. >> The hope I think will come from realizing that as you're doing this, as you are implementing these changes, you're in a sense trying to prevent those future incidents from happening. There's some assurance that you're doing everything that you can do here. It's a situation, it can be daunting, I'll put it that way. It can be really daunting for organizations, but just know that organizations like Red Hat are doing what we can to help you down the road. >> And really it's just continuing this whole shifting left mentality. The top of supply chain is just one component, but the introducing dev sec ops security at the beginning, that really will make the organizations become successful because this is not just a technology problem, It's a people issue as well. And being able to kind of package them all up together will help organizations as a whole. >> Yeah, so that's a really important point. You hear that term shift left. For years, people say, hey, you can't just bolt security on, as an afterthought, that's problematic. And that's the answer to that problem, right? Is shifting left meaning designing it in at the point of code, infrastructure as code, dev sec ops. That's where it starts, right? >> Exactly, being able to have security at the forefront and then have everything afterwards. Propagate from your security mindset. >> Excellent, okay, Andrea, Andrew, thanks so much for coming to the program today. >> Thank you for having us. >> Very welcome, thanks for watching. This is Dave Vellante for The Cube. Your a global leader in enterprise tech coverage. (soft music)

(upbeat music) >> Good evening, guys. Welcome back to Las Vegas, theCUBE is here live at AWS re:Invent 2021. I'm Lisa Martin. We have two live sets, two remote sets, over 100 guests on theCUBE talking with AWS, and its massive ecosystem of partners bringing you this hybrid tech event, probably the biggest of the year, and I'm pleased to welcome Stephen Kovac next, the Chief Compliance Officer at Zscaler. Stephen, how's it going? >> Well, it's going well, Lisa. Thank you for asking, enjoying Vegas, loving the conference, unbelievable. >> Isn't it great to be back in person? >> Oh, it's so great, I've seen people. >> Conversations you can't replicate on video conferencing, you just can't. >> Can't, and you see people you haven't seen in two years, and it's like all of a sudden you're best buddies again. It's just wonderful, it's so great to back. >> It is, and AWS in typical fashion has done a great job of getting everybody in here safely. I'm not at all surprised, that's what I expected, but it's been great. And I hope that this can demonstrate to other companies, you can do this safely. >> You can, I think so. I mean, there's a lot of effort going into this, but as usual AWS does it right. So, you expect that. >> They do. Talk to me about the Zscaler-AWS partnership. What's going on? >> Well, it's a great partnership. So AWS and Zscaler have been partners since the beginning of Zscaler. We are the largest security cloud in the world. We're born and bred in the cloud security company. So literally we wrote one application that does global security, everything from firewall to proxy, secure web gateway, to DLP, to all this in one piece of software. So, in the past where people would buy appliances for all these devices and put them in their own data center, we wrote a software that allows us to put that in the cloud, run it on the cloud globally around the world. And our partnership with AWS is, we originally built that on AWS, and today still AWS is our prime partner, especially in the zero trust side of our business. So, great relationship, long-term and great I think for both of us, it's been a very, very... >> Fruitful partnership, synergistic? >> Synergistic, love that, so yes. >> You mentioned zero trust, and we have seen such massive changes to the security and the threat landscape the last 20, 22 months. Talk to me about the recent executive order calling for zero trust, how does Zscaler's partnership with AWS help you enable organizations, fed, SLED, DoD, to be able to actually bring in and apply zero trust? >> Yeah, great question. Five years ago I was tasked to bring Zscaler into the government side of the business. So I was employee one to do that. It was a great honor to do it. And the first thing we did is we partnered with AWS because we needed to get FedRAMP compliant. We knew we were going to go into DoD. So we needed to go to the Impact Level five. And eventually we'll be able to go up level six with AWS. And so it was our partnership started there. And as you've seen in five years with all the change that's happened, that obviously the breaches like SolarWinds, and the people up here talking about them all week with you I'm sure. The executive order came down from the Biden Administration, who I completely salute for being just tremendous leaders in the cybersecurity space. And the executive order, one of the big pieces of the executive order was every agency must produce a plan for zero trust. So our cloud platform that is on AWS is a zero trust platform. It is the first and only zero trust platform to get authorized by the federal government at the FedRAMP level, and now the IL five level. So, together we are literally capturing and taking over the, being the leader in the zero trust space for the federal government. And I'm going to get a sip of water, so forgive me, I've been here all week talking to a lot of people, so forgive me for that. >> That's one thing that we don't have to deal with when we're on Zoom, right, is you don't really have the risk of losing your voice. >> Stephen: There you go. >> But in terms of the executive order, something that you mentioned, SolarWinds, Colonial Pipeline, we only hear about some of the big ones. The fact that ransomware happens one attack every 10, 11 seconds, it's a matter of when we get hit, not if. >> As you know, the story coming up from me, coming up on stage with you today, I just got myself breached just this morning, just individually. So yes, it's going to get all of us. And especially, I think when you look at zero trust and ransomware and how they worked out how zero trust can prevent it, you look at the SLED market, you know, state, local governments, they don't have the dollars to go spend like DHS does, or say, some of the DoD does. So, our partnership with AWS allows us to produce a product that is very cost-effective on a per user basis, consumption model, which is what AWS has been famous for since day one, right, the consumption model, use it when you need it, don't use it when you don't. We built our software the same way. So, at some point in a year, in a school year, we'll ramp up with some schools up to a hundred thousand users in the district, and over the summer we'll ramp down to a thousand, and we just bill them for that. So it's a beautiful relationship that we partner in not just the executive order, but being a partner in SLED, fed in the sense that matches making our business together, match the government's business. And that makes us a true leader and makes us a cost-effective solution. And if you think about it just for a moment, yesterday, I told you I was testifying in front of the Senate. And one of the questions I got asked was, oh, how many security updates do you guys see a year? I said, a year, well, we do over 200,000 a day. 200,000 security updates from potential hackers every single day. And we're doing that over 200 billion transactions a day run on AWS. So it's tremendous partnership, and to be able to work like that, and at that kind of volume, and be able to go up and down with the, and you got AWS able to scope up and down, and us to be able to ride that wave with them. It's been great. >> One of the things that we always talk about when we talk AWS is they're customer focused or customer obsession that, hey, we start backwards, we work backwards from the customer. Same thing, synergistic from a cultural perspective? >> Absolutely, I mean, one of the things I always love about AWS and I've been a customer of AWS for many years, even prior to my Zscaler days, I love the way they approach things, right? If they're not trying to go out and sell it, they're trying to meet with the customer and find out what the customer needs, and then build a solution. We're the same way. I always tell, you know, when you think of our solutions, Zscaler, I always tell my sales teams, I say it takes four sales calls for people to really understand what we do. And AWS, in the beginning of AWS, it was kind of the same thing. In the old days, you know, we all just built data centers and we had all these racks, and all this expense and mesh is what you did. It was unusual back in the day, 10 years ago, and I've been to every single re:Invent. I mean, the first one there was like, you're actually going to put all your stuff in this unknown cloud thing, and it will be available when you need it? So yes, you know, the way that they did it is the same way we do it together today. And we do it together today. We partner on many deals today where we're both, our teams are in there together, selling together, whether it's the DoD, federal agencies, SLED agencies, and commercial, you know, selling it hand-in-hand because it's that same philosophy is we're going to build what a customer needs. We're not going to tell the customer what they need. We're going to hear what they need, and that's the same relationship. So I'm going to get another sip real quick. >> Go for it. One of the things that has been a theme that we've heard the last couple of days is every company needs to be a data company or private sector, public sector, and if they're not, they're probably not going to be around much longer. How do you help customers get their handle around that? Because the security threats are only increasing. I mean, it's ransomware as a service. The fact that these criminals are getting much more brazen, you just had this happen to yourself, but enabling them to become data-driven organizations and use the data, extract the value from it securely, that's hard. >> It is, I mean, if you think back in the day, I mean, companies didn't have chief compliance officers that worked in the space that we do. Their chief compliance officer back in the day was the guy that was writing your HR issues and what OSHA issues, and of course, I still deal with some of that stuff, but my true job is really around the data, right? You know, how do we build our platforms, what decisions we make on our platforms, how we're going to certify them to support that, and I mean, chief data officers, chief security officers, I mean, you go into companies today, even car dealerships today. I mean, I'm picking one, you never thought of them having a security officer, but they do, they have to, they have to. And I mean, basic school districts, I mean, I don't about you, when I was a kid and went to school, they didn't have computers, but when my kid went to school, they did, but they didn't have a security officer. Now today, every single school district has security officers. I mean, I love how you said it, that data-driven, that data thought is there. It has to be, it's a real threat. And the sad thing is of these ransomware attacks, how many don't get reported. >> Oh, right, we're only hearing about a select few. >> The numbers are something like 88% don't get reported. It's that big. So that just tells you, we hear the big ones, right, Colonial Pipeline, things like that. We don't hear about West Texas or Middle Illinois school district that paid five grand because somebody had something on the school. That's how, as you said, this ransomware as a service security, we call it a security as a service, there's SaaS, which is software as a service, we're security software as a service, and AWS is the infrastructure as a service that we run on. And that's how it works well together. >> Do you guys go into accounts together from a go-to-market perspective? >> We, do, we can always do a better job. And my good friend here at AWS, who's probably listening, we can always do better. But yeah, so it is become something that, especially in the government space we do, in federal, DoD, because the certifications are really important, certifications are important everywhere, and we have many, we talked about all the certifications we have in federal, FedRAMP and IL five, and we have a plethora of those certifications in the commercial space. But they mean in a federal space, they're really the ticket. They call them the ENERGY STAR of approval, good housekeeping piece. So, you know, having that, teaming up with AWS who we partner together and because AWS has the same certs, we can sell at the same levels. And we do a really great job of co-selling in that space together. And I think when they look at us and they say, well, you're AWS, they've got their FedRAMP high, IL five, and you're Zscaler, you got your FedRAMP high, IL five. Yes, we can do business with these guys, and that's important. >> So you guys both open doors for each other. >> We do, we do in many cases, yeah. As a matter of fact, re:Invent five years ago, a buddy of mine here opened a big, big account for us, which is today our largest account in federal came from re:Invent, where came up to me and said, hey, my customer wants to, he's looking to do something, they're an agency that has global footprint, and they're like, we want to do something as a security as a service. They don't want to ship boxes all over the place. And we just met the customer for a coffee, and next thing you know, became our, still today, our probably largest customer in federal. >> Wow, well, this is the 10th re:Invent, you said you've been to all of them. >> Stephen: I have been to all of them. I can't lie, but I can't say I did all the virtual ones. I mean, I was logged in. (laughs) >> That's okay, we'll wink on that one. But, one of the things then, we've just got about a minute left here, is in new leadership, Andy Jassy being promoted to the CEO of Amazon, we've got Adam Selipsky, heard lot of announcements and news from Adam yesterday, but some of the things that we've been talking about on theCUBE is the first 15 years of innovation at AWS, that's going to accelerate. Do you see that also, like if you look forward to the next decade, do you see things moving much faster than they did the past decade? >> I don't think they can't. I mean, I shouldn't say they have to. And the change of the guard as you might call it here, is it's always good to have a change of the guard I think. You know, the question is when's Andy going to go to space? I mean, that's the next. (Lisa laughs) I think you have the guys who got AWS to the dance, and now the dance, who's going to become the belle of the ball. And this next generation of leadership coming in is fabulous. I think they've made great decisions, and I think they're going to do really well. And we're behind them, we support it. I got a chance to meet with most of them, love a chance to meet with Andy, I haven't met with him yet. So Andy, I'd love to meet you sometime soon. But I'm very impressed with what they've done. And yes, I think it's going to be, the last 10 years of growth is going to be a year next year. I think literally, you take 10 years be compressed to a year, and then next year it will be compressed to a day. So it's moving that fast. >> Yep, get your neck brace on, prepare for that whiplash. >> Yeah, right? That's what I said to Jeff when Jeff went to space, that's how fast we're about to travel, right? But it's really relative. >> It is, there is no limit. Well, Stephen, thank you for joining me, talking about Zscaler, AWS, what you guys are doing, how you're helping to revolutionize the public sector, fed, SLED, a lot of great stuff there. Security is an ever-evolving topic, and we appreciate all of your insights. >> Well, it was wonderful to be here. Great to see you again. And great to be back with all our friends at re:Invent. >> All of our friends, exactly. >> Stephen: Thank you so much for the time today. >> My pleasure. For Stephen Kovac, I'm Lisa Martin. You're watching theCUBE, the global leader in live tech coverage. (pleasant music)

>>Welcome to the cubes, continuing coverage of AWS reinvent 2021. I'm your host, Lisa Martin. We are running one of the industry's most important and largest hybrid tech events of the year. This year with AWS and its ecosystem partners. We have two life studios, two remote studios, and over 100 guests. So stick around as we talk about the next 10 years of cloud innovation, I'm very excited to be joined by another Lisa from Zscaler. Lisa Lorenzen is here with me, the field CTO for the Americas. She's here to talk about ZScaler's mission to make doing business and navigating change a simpler, faster, and more productive experience. Lisa, welcome to the program. >>Thank you. It's a pleasure to be here. >>So let's talk about Zscaler in AWS. Talk to me about the partnership, what you guys are doing together. >>Yeah, definitely. Z scaler is a strategic security ISV partner with AWS. So we provide AWS customers with zero trust, secure remote access to AWS, and this can improve their security posture as well as their user experience with AWS. These scaler recently announced that we are the first and only cloud security service to achieve the FedRAMP PI authorization to operate. And that FedRAMP ZPA service is built on AWS gov cloud. ZScaler's also an AWS marketplace seller where our customers can purchase our zero trust exchange services as well as request or high value security assessments. We're excited about that as we're seeing a rapid increase in customer adoption as these scaler via the AWS marketplace, we vetted our software on AWS edge services that support emerging use cases, including 5g, IOT, and OT. So for example, Zscaler runs on wavelength, outposts, snowball and snowcones, and Zscaler has strategic partnerships with leading AWS service providers and system integration partners, including Verizon NTT, BT, Accenture, Deloitte, and many of the leading national and regional AWS consulting partners. >>Great summary there. So you mentioned something I want to get more understanding on this. It sounds like it's a differentiator for CSO scale. You said that you guys recently announced to the first and only cloud security service to achieve FedRAMP high. Uh, ATO built on AWS gov cloud. Talk to me about and what the significance of that is. >>I L five authorization to operate means that we are able to protect federal assets for the department of defense, as well as for the civilian agencies. It just extends the certification of our cloud by the government to ensure that we meet all of the requirements to protect that military side of the house, as well as the civilian side of the house. >>Got it super important there, let's talk about zero trust. It's a super hot topic. We've seen so many changes to the threat landscape during the pandemic. How are some of the ways that Z scaler and AWS are helping customers tackle this together? >>Well, I'd actually like to answer that by telling a little bit of a story. Um, Growmark is one of our Z scaler and AWS success stories when they had to send everyone home to work from home overnight, the quote that we had from is the users just went home and nothing changed. ZPA made work from anywhere, just work, and they were able to maintain complete business continuity. So even though their employers might have had poor internet service at home, or, you know, 80 challenging infrastructure, if you've got kids on your wifi bunch of kids in the neighborhood doing remote school, everyone's working from home, you don't have the reliability or the, maybe the bandwidth capacity that you would when you're sitting in an office. And Zscaler private access is a cloud delivered zero trust solution that leverages dynamic resilient, TLS encrypted tunnels to connect the user to an application rather than putting an end point on a network. >>And the reason that's important is it makes for a much more reliable and resilient service, even in environments that may not have the best connectivity I live out in the county. I really, some days think that there's a hamster on a wheel somewhere in my cable modem network, and I am a consumer of this, right. I connect to Z scaler over Zscaler private access, I'm protected by Zscaler internet access. And so I access our internal applications that are running in AWS as well this way. And it makes a huge difference. Growmark really started with an SAP migration to AWS, and this was long before the pandemic. So they started out looking for that better user experience and the zero trust capability. They were able to ensure that their SAP environment was dark to the internet, even though it was running in the cloud. And that put them in this position to leverage that zero trust service when the pandemic was upon us, >>That ability or that quote that you mentioned, it just worked was absolutely critical for all of us in every industry. And I'm sure a lot of folks who were trying to manage working from home, the spouses from home kids doing, you know, school online also felt like you with the hamster on the wheel, I'm sure their internet access, but being able to have that business continuity was table-stakes especially early on for most organizations. We saw a lot of digital transformation, a lot of acceleration of it in the last 20 months during the pandemic. Talk to me about how Z scaler helps customers from a digital transformation perspective and maybe what some of the things were that you saw in the last 20 months that have accelerated >>Absolutely. Um, another example, there would be Jefferson health, and really, as we saw during the pandemic, as you say, it accelerated a lot of the existing trends of mobility, but also migration to the cloud. And when you move applications to the cloud, honestly, it's a complex environment and maybe the controls and the risk landscape is not as well. Understood. So Z scaler also has another solution, which is our cloud security posture management. And this is really ensuring that your configuration on your environment, that those workloads run in is controlled, understood correctly, coordinated and configured. So as deference and health migrated to the cloud first model, they were able to leverage the scalers workload posture to measure and control that risk. Again, it's environment where the combination of AWS and Z scaler together gives them a flexible, resilient solution that they can be confident is correctly configured and thoroughly locked down. >>And that's critical for businesses in any organization, especially as quickly as how quickly things changed in the last 20 months or so I do wonder how your customer conversations have has changed as I introduced you as the field CTO of the America's proceeds killer. I'm sure you talk with a lot of customers. How has the security posture, um, zero trust? How has that risen up within the organizational chain? Is that something that the board is concerned about? >>My gosh, yes. And zero trust really has gone through the Gartner hype cycle. You've got the introduction, the peak of interest, the trough of despair, and then really rising back into what's actually feasible. Only zero trust has done that on a timeline of over a decade. When the term was first introduced, I was working with firewall VPN enact technology, and frankly, we didn't necessarily have the flexibility, the scalability, or the resilience to offer true zero trust. You can try to do that with network security controls, but when you're really protecting a user connecting to an application, you've got an abstraction layer mismatch. What we're seeing now is the reemergence of zero trust as a priority. And this was greatly accelerated honestly by the cybersecurity executive order that came out a few months ago from the Biden administration, which made zero trust a priority for the federal government and the public sector, but also raised visibility on zero trust for the private sector as well. >>When we're looking at zero trust as a way to perhaps ward off some of these high profile breaches and outages like the colonial pipeline, whole situation that was based on some legacy technology for remote access that was exploited and led to a breach that they had to take their entire infrastructure offline to mitigate. If we can look at more modern delivery mechanisms and more sophisticated controls for zero trust, that helps the board address a number of challenges ranging from obviously risk management, but also agility and cost reduction in an environment where more than ever belts are being tightened. New ways of delivering applications are being considered. But the ability to innovate is more important than ever. >>It is more important than ever the ability to innovate, but it really changing security landscape. I'm glad to hear that you're seeing, uh, this change as a result of the executive order that president Biden put down in the summer. That's good news. It sounds like there's some progress being made there, but we saw, you mentioned colonial pipeline. We saw a lot in the last 20, 22 months or so with ransomware becoming a household word, also becoming something that is a matter of when companies in any industry get hit and versus if it's no longer kind of that choice anymore. So talk to me about some of the threats and some of the stats that Z scaler has seen particularly in the last 20, 22 months. >>Oh gosh. Well, let's see. I'm just going to focus on the last 12 months, cause that's really where we've got some of the best data. We've seen a 500% increase in ransomware delivered over encrypted channels. And what that means is it's really critical to have scalable SSL inspection that can operate at wire speed without impeding the user experience or delay in critical projects, server communications, activities that need to happen without any introduced in any additional latency. So if you think about what that takes the Z scaler internet access solution is protecting users, outbound access in the same way that Zscaler private access protects access to private resources. So we're really seeing more and more organizations seeing that both of these services are necessary to deliver a comprehensive zero trust. You have to protect and control the outbound traffic to make sure that nothing good leaks out, nothing bad sneaks in. >>And at the same time, you have to protect and control the inbound traffic and inbound is, you know, a much broader definition with apps in the data center in the cloud these days. We're also seeing that 30% of malware is delivered through trusted applications like file shares or collaboration tools. So it's no longer enough to only inspect web traffic. Now you have to be able to really inspect all flavors of traffic when you're doing that outbound protection. So another good example where Z scaler and AWS work together here is in Amazon workspaces. And there's a huge trend towards desktop as a service, for example, and organizations are starting to recognize that they need to protect both the user experience and also the connectivity onward in Amazon workspaces, the same way that they would for a traditional end user device. So we see Z scaler running in the Amazon workspaces instances to protect that outbound traffic and control that inbound traffic as well. >>Another big area is the ransomware infections are not the problem. It's the result. So over half of the ransomware infections include data theft or leakage. And that is a double whammy because you get what's called double extortion where not only do you have to pay to unlock your machines, but you have to pay not to have that stolen data exposed to the rest of the world. So it's more important than ever to be able to break that kill chain as early as possible to ensure that the or the server traffic itself isn't exposed to the initial infection vector. If you do happen to get an infection vector that sneaks through, you need to be able to control the lateral movement so that it doesn't spread in your environment. And then if both of those controls fail, you also need the outbound protection such as CASBY and DLP to ensure that even if they get into the environment, they can't exfiltrate any of the data that they find as a result. We're seeing that the largest security risk today is lateral movement inside the corporate network. And that's one of the things that makes these ransomware double extortion situations, such a problem. >>Last question for you. And we've got about a minute left. I'm curious, you said over 50% of ransomware attacks are now double extortion. How do you guys help customers combat that? So >>We really deliver a solution that eliminates a lot of the attack surface and a lot of the risks. We have no inbound listener, unlike a traditional VPN. So the outbound only connections mean you don't have the external attack surface. You can write these granular policy controls to eliminate lateral movement. And because we integrate with customer's existing identity and access management, we can eliminate the credential exposure that can lead to a larger spread in a compromised environment. We also can eliminate the problem of unpatched gateways, which led to things like colonial pipeline or some of the other major breaches we've seen recently. And we can remove that single point of failure. So you can rely on dynamic optimized traffic distribution for all of these secure services. Basically, what we're trying to do is make it simpler and more secure at the same time, >>Simpler and more secure at the same time is what everyone needs regardless of industry. Lisa, thank you for joining me today, talking about Zscaler in AWS, zero trust the threat landscape that you're seeing, and also how's the scaler and AWS together can help customers mitigate those growing risks. We appreciate your insights and your thoughtfulness. >>Thank you >>For Lisa Lorenzen. I'm Lisa Martin. You're watching the cubes coverage of AWS reinvent stick around more great content coming up next.

hello and welcome to this special cube conversation i'm dave nicholson and this is part of our continuing coverage of google cloud next 2021 i have two very special guests with me and we are going to talk about the topic of security uh i have sunil potti who is vice president and general manager of google cloud security uh who in a previous life had senior leadership roles at nutanix and citrix along with lior div who is the ceo and co-founder of cyber reason lior was formerly a commander in the much famed unit 8200 uh part of the israeli defense forces uh where he was actually a medal of honor recipient uh very uh honored to have him here this morning sunil and lior welcome to the cube sunil welcome back to the cube yeah great to be here david and and to be in the presence of a medal of honor recipient by the way a good friend of mine leor so be here well good to have both of you here so uh i'm the kind of person who likes my dessert before my uh before my entree so why don't we just get right to it you're the two of you are here to announce something very very significant uh in the field of security uh sunil do you want to start us out what are we here to talk about yeah i mean i think maybe uh you know just to set this context um as as many of you know about a decade ago a nation's sponsored attack you know actually got into google plus a whole bunch of tech companies you know the project aurora was quite uh you know infamous for a certain period of time and actually google realized almost a decade ago that look you know security can't just be a side thing it has to be the primary thing including one of the co-founders becoming for lack of a better word the chief security officer for a while but one of the key takeaways from that whole incident was that look you have to be able to detect everything and trust nothing and and the underpinning for at least one of them led to this whole zero trust architectures that everybody now knows about but the other part which is not as popular at least in industry vernacular but in many ways equally important and some ways more important is the fact that you need to be able to detect everything so that you can actually respond and that led to the formation of you know a project internal to google to actually say that look let's democratize uh storage and make sure that nobody has to pay for capturing security events and that led to the formation of this uh new industry concept called a security data lake in chronicle was born and then as we started evolving that over into the enterprise segment partnering with you know cyber reason on one hand created a one plus one equals three synergy between say the presence around what do you detect from the end point but also generally just so happens that as lior will tell you the cyber reason technology happens to start with endpoint but it's actually the core tech is around detecting events but doing it in a smart way to actually respond to them in much more of a contextual manner but beyond just that you know synergy between uh you know a world-class planet scale you know security data like forming the foundation and integrating you know in a much more cohesive way with uh cyber reasons detection response offering the spirit was actually that this is the first step of a long journey to really hit the reset button in terms of going from reactive mode of security to a proactive mode of security especially in a nation-state-sponsored attack vector so maybe leo you can speak a few minutes on that as well absolutely so um as you said i'm coming from a background of uh nation state hacking so for us at cyberism it's uh not is foreign uh what the chinese are doing uh on a daily basis and the growing uh ransomware cartel that's happening right now in russia um when we looked at it we said then uh cyberism is very famous by our endpoint detection and response capability but when we establish cyber reason we establish the cyberism on a core or almost fundamental idea of finding malicious operation we call it the male idea so basically instead of looking for alerts or instead of looking for just pieces of data we want to find the hackers we want to find the attack we want to be able to tell basically the full story of what's going on uh in order to do that we build the inside cyberism basically from day one the ability to analyze any data in real time in order to stitch it into the story of the male the malicious operation but what we realize very quickly that while our solution can process more than 27 trillion events a week we cannot feed it fast enough just from end point and we are kind of blind when it comes to the rest of the attack surface so we were looking uh to be honest quite a while for the best technology that can feed this engine and to as sunil said the one plus one equal three or four or five to be able to fight against those hackers so in this journey uh we we found basically chronicle and the combination of the scale that chronicle bringing the ability to feed the engine and together basically to be able to find those hackers in real time and real time is very very important and then to response to those type of attack so basically what is uh exciting here we created a solution that is five times faster than any solution that exists right now in the market and most importantly it enables us to reverse the atmospheric advantage and basically to find them and to push them out so we're moving from hey just to tell you a story to actually prevent hackers to being in your environment so leor can you i want to double click on that just just a little bit um can you give give us a kind of a concrete example of this difference between simply receiving alerts and uh and actually um you know taking taking uh uh correlating creating correlations and uh and actually creating actionable proactive intelligence can you give us an example of that working in in the real world yeah absolutely we can start from a simple example of ransomware by the time that i will tell you that there is a ransomware your environment and i will send an alert uh it will be five computers that are encrypted and by the time that you gonna look at the alert it's gonna be five thousand uh basically machines that are encrypted and by the time that you will do something it's going to be already too little too late and this is just a simple example so preventing that thing from happening this is critical and very timely manner in order to prevent the damage of ransomware but if you go aside from ransomware and you look for example of the attack like solarwind basically the purpose of this attack was not to create damage it was espionage the russian wanted to collect data on our government and this is kind of uh the main purpose that they did this attack so the ability to be able to say hey right now there is a penetration this is the step that they are doing and there is five ways to push them out of the environment and actually doing it this is something that today it's done manually and with the power of chronicle and cyberism we can do it automatically and that's the massive difference sunil are there specific industries that should be really interested in this or is this a is this a broad set of folks that should be impacted no you know in some ways uh you know the the the saying these days to learn's point on ransomware is that you know if if a customer or an enterprise has a reasonable top-line revenue you're a target you know you're a target to some extent so in that sense especially given that this has moved from pure espionage or you know whether it be you know government oriented or industrial espionage to a financial fraud then at that point in time it applies to pretty much a wide gamut of industries not just financial services or you know critical infrastructure companies like oil and gas pipeline or whatever it could be like any company that has any sort of ip that they feel drives their top line business is now a target for such attacks so when you talk about the idea of partnership and creating something out of a collaboration what's the meat behind this what what what do you what are you guys doing beyond saying you know hey sunil lior these guys really like each other and they respect what the other is doing what's going on behind the scenes what are you actually implementing here moving forward so every partnership is starting with love so it's good [Laughter] but then it need to translate to to really kind of pure value to our customers and pure value coming from a deep integration when it's come to the product so basically uh what will happen is every piece of data that we can collect at cyber is in uh from endpoint any piece of data that the chronicle can collect from any log that exists in the world so basically this is kind of covering the whole attack surface so first we have access to every piece of information across the full attack surface then the main question is okay once you collect all this data what you're gonna do with it and most of companies or all the companies today they don't have an answer they're saying oh we're gonna issue an alert and we hope that there is a smart person behind the keyboard that can understand what just happened and make a decision and with this partnership and with this integration basically we're not asking and outsourcing the question what to do to the user we're giving them the answer we're telling them hey this is the story of the attack this is all the pieces that's going on right now and in most cases we're gonna say hey and by the way we just stopped it so you can prevent it from the future when will people be able to leverage this capability in an integrated way and and and by the way restate how this is going to market as an integrated solution what is what is the what is what are we going to call this moving forward so basically this is the cyber reason xdr uh powered by chronicle and we are very very um uh happy about it yeah and i think just to add to that i would say look the the meta strategy here and the way it'll manifest is in this offering that comes out in early 2022 um is that if you think about it today you know a classical quote-unquote security pipeline is to detect you know analyze and then respond obviously you know just just doing those three in a good way is hard doing it in real time at scale is even harder so just that itself was where cyber reason and chronicle would add real value where we are able to collect a lot of events react in real time but a couple of things that i think that you know to your original point of why this is probably going to be a little for game changer in the years to come is we're trying to change that from detect analyze respond to detect understand and anticipate so because ultimately that's really how we can change you know the profile from being reactive in a world of ransomware or anything else to being proactive against a nation sponsored or nation's influenced attacks because they're not going to stop right so the only way to do this is to rather than just go back up the hatches is just really you know change change the profile of how you'll actually anticipate what they were probably going to do in 6 months or 12 months and so the the graph technology that powers the heart of you know cyber reason is going to be intricately woven in with the contextual information that chronicle can get so that the intermediate step is not just about analysis but it's about truly understanding the overall strategy that has been employed in the past to predict what could happen in the future so therefore then actions could be taken downstream that you can now say hey most likely this these five buckets have this kind of personal information data there's a reasonable chance that you know if they're exposed to the internet then as you create more such buckets in that project you're going to be susceptible to more ransomware attacks or some other attacks right and that's the the the kind of thinking or the transformation that we're trying to bring out with this joint office so lior uh this this concept of uh of mallops and uh cyber reason itself you weren't just born yesterday you've been you've been uh you have thousands of customers around the globe he does look like he was born i i know i know i know well you you know it used to be that the ideal candidate for ceo of a startup company was someone who dropped out of stanford i think it's getting to the point where it's people who refused admission to stanford so uh the the dawn of the 14 year old ceo it's just it's just around the corner but uh but lior do you get frustrated when you see um you know when you become aware of circumstances that would not have happened had they implemented your technology as it exists today yeah we have a for this year it was a really frustrating year that starting with solarwind if you analyze the code of solarwind and we did it but other did it as well basically the russians were checking if cyberism is installed on the machine and if we were installed on the machine they decided to stop the attack this is something that first it was a great compliment for us from you know our not friend from the other side that decided to stop the attack but on a serious note it's like we were pissed because if people were using this technology we know that they are not going to be attacked when we analyze it we realize that we have three different ways to find the solar wind hackers in a three different way so this is just one example and then the next example in the colonial pipeline hack we were the one that found darkseid as a group that we were hacking we were the first one that released a research on them and we showed how we can prevent the basically what they are doing with our technology so when you see kind of those type of just two examples and we have many of them on a daily basis we just know that we have the technology in order to do that now when we're combining uh the chronicle technology into the the technology that we already have we basically can reverse the adversary advantage this is something that you're not doing in a single day but this is something that really give power to the defenders to the communities of siso that exist kind of across the us um and i believe that if we're going to join forces and lean into this community and and basically push the solution out the ability for us to fight against those cartels specifically the ransomware cartels is going to be massive sunil this time next year when we are in uh google cloud next 2022 um are you guys going to come back on and offer up the we told you so awards because once this is actually out there and readily available the combination of chronicle and cyber reasons technology um it's going to be hard for some csos to have an excuse uh it may be it may be a uncomfortable to know that uh they could have kept the door secure uh but didn't yeah where's that bad business is that bad business to uh hand out awards for doing dumb things i don't know about uh you know a version of darwin awards probably don't make sense but but but generally speaking so i do think uh you know we're all like as citizens in this right because you know we talk about customers i mean you know alphabet and google is a customer in some ways cyber reason is a customer the cube is a customer right so i think i think the robot hitting the road a year from now will be we should we should do this where i don't know if the cube does more than two folks at the same time david but we should i mean i'm sure we'll have enough to have at least a half a dozen in in the room to kind of talk about the solution because i think the the you know as you can imagine this thing didn't materialize i mean it's been being cooked for a while between your team and our team and in fact it was inspired by feedback from some joint customers out in the market and all that good stuff so so a year from now i think the best thing would be not just having customers to talk about the solution but to really talk about that transformation from respond to anticipate and do they feel better on their security posture in a world that they know like and leo should probably spend a few minutes on this is i think we're on the tip of the sphere of this nation-state era and what we've just seen in the last few years is what maybe the nation-states have seen over two decades ago and they're going to run those playbooks on the enterprise for the next decade or so yeah leor talk about that for a minute yeah it's it's really you know just to continue the sunil thought it's it's really about finding the unknown because what's happening on the other side it's like specifically china and russia and lately we saw iran starting to gain uh power um basically their job is to become better and better and to basically innovate and create a new type of attack on a daily basis as technology has evolved so basically there is a very simple equation as we're using more technology and relying more on technology the other side is going to exploit it in order to gain more power espionage and create financial damage but it's important to say that this evolution it's not going to stop this is just the beginning and a lot of the data that was belong just to government against government fight basically linked in the past few years now criminals starting to use it as well so in a sense if you think about it what's happening right now there is basically a cold war that nobody is talking about it between kind of the giant that everybody is hacking everybody and in the crossfire we see all of those enterprises across the world it was not a surprise that um you know after the biden and putin uh meeting suddenly it was a quiet it was no ransomware for six weeks and after something changing the politics suddenly we can see a a groin kind of attack when it's come to ransomware that we know that was directed from russia in order to create pressure on the u.s economy sunil wrap us up what are your f what are what are your final thoughts and uh what's what's the what's the big takeaway here no i think you know i i think the key thing for everyone to know is look i think we are going into an era of state-sponsored uh not espionage as much as threat vectors that affect every business and so in many ways the chiefs the chief information security officer the chief risk officer in many ways the ceo and the board now have to pay attention to this topic much like they paid attention to mobile 15 years ago as a transformation thing or maybe cloud 10 years ago i think cyber has been one of those it's sort of like the wireless error david like it existed in the 90s but didn't really break around until iphone hit or the world of consumerization really took off right and i think we're at the tip of the spear of that cyber really becoming like the era of mobile for 15 years ago and so i think that's the if there's like a big takeaway i think yes there's lots of solutions the good news is great innovations are coming through companies like cyber reason working with you know proven providers like google and so forth and so there's a lot of like support in the ecosystem but i think if there was one takeaway that was that everybody should just be ready internalized we don't have to be paranoid about it but we anticipate that this is going to be a long game that we'll have to play together well with that uh taking off my journalist hat for a moment and putting on my citizen hat uh it's reassuring to know that we have really smart people working on this uh because when we talk about critical infrastructure control systems and things like that being under threat um that's more significant than simply having your social security number stolen in a in a data breach so um with that uh i'd like to thank you sunil leor thank you so much for joining us on this special cube conversation this is dave nicholson signing off from our continuing coverage of google cloud next 2021 [Music] you

>>Well, hi everybody, John Walls here, continuing our coverage on the cube of splunk.com 21. And then we talked a lot about data these days of companies and enterprise all the way down to small business and the importance of day to day to security data protection. But the public sector also has those very same concerns and some unique worries as well. And with me to talk about the public sector and its data transformation, and of course what's going on in that space is Jeremy Reesey, who was the group vice president of the public sector at Splunk. Jeremy. Good to see you today. Thanks for joining us. Thank you. >>Thanks for making time for me, John. You bet. >>Glad to have you. Well, let's, let's just, if first off, let's just paint the picture for those watching who are kind of focused on the private sector a little bit, just share with some general thoughts about the public sector and what's going on in terms of its digital transformation and what kind of concerns or, um, I guess, challenges you think there are broadly speaking first in the public sector around. >>Thanks, John. There's quite a bit of transformation going on right now in our government. And just like in industry, we've seen the pandemic as a catalyst for a lot of that transformation. Uh, you may have seen that Splunk recently released a report on the state of data innovation. And what we found is that, um, a lot of good things are happening, but the government still has a lot of work to do. And so there were pockets of excellence that we saw in the last 18 months where agencies really responded to things like the requirement for vaccinations and the requirement for monitoring, uh, health status in general. Uh, and we saw tremendous, um, speed in rolling out things like tele-health across, uh, the veterans affairs administration. But, uh, we also saw in our report that there were many agencies that haven't yet been able to modernize in the way that they want. And one of the inhibitors to that, frankly, John is their ability to adopt software as a service. And so we've seen a lot of things happening in the last year that, um, moved agency customers towards software as a service, but there's work yet. >>So, and why is that? So when you're talking about SAS, is it, is it, um, bureaucratic, uh, red tape as a regulatory issues? Or is it just about, uh, this is a large, huge institution that makes independent decisions, you know, HHS might make decisions separate from state separate from deity, uh, and then it's fragmented. I mean, what are those challenges? >>Sure. Well, I think there are two sides of a John. I think that our government is inherently designed to move cautiously and to move in such a way that we don't make mistakes. Uh, you use the word re bureaucratic. I'm not a huge fan of that word, but I understand the sentiment. Uh, I think that there are layers to any decision that any part of the government makes and certainly that support of, um, inhibiting speed. But I think the other part of it is our acquisition rules and regulations. And I think we've seen a number of positive changes made, uh, not only in the last administration, but even in this current administration that are helping our government agencies to take advantage of software as a service. Um, but there's still work to do there as well. Uh, we've seen the rise of things like, uh, other transactional authorities, OTAs. Uh, we've seen the establishment of an agile procurement office inside the general services administration, GSA, uh, but uh, other parts have heritage systems, systems that are working really well. And you don't want to change something that's not broken just for the sake of changing it. You want to change it in such a way, uh, that you really do transform and deliver new capabilities. >>Yeah. And I guess, um, you know, it's a matter of obviously of developing an expertise and, and maybe confidence too, right? Because this is, this is a new world, a new tech world, if you will here in the 21st century. And, um, and maybe I misused the word bureaucratic. Um, and I know you said you don't like it, but, but there's a certain kind of institutional energy or whatever you want to call it that kind of prohibits fast changes and, and is cautious and is conservative because, I mean, these are big dollar decisions and they're important decisions to based on security. So, I mean, how do you wrap your arms around that from a Splunk perspective to deal with the government, you know, at large, uh, when they have those kinds of, um, uh, I guess considerations >>Certainly, well, the beauty of where we find ourselves today is that data is incredibly powerful and there's more data available to our agency customers or to any company than ever before. So Splunk is inherently a data platform. We allow our customers be the agency customers, or be the industry customers to ask questions of data that they collect from any source, be it a structured data or unstructured data using Splunk, a customer can say, what's happening. Why is it happening? Where is it happening? And that's incredibly powerful. And I think, um, in this current age where, uh, the pandemic is forcing us to rethink how we deliver services and citizen services specifically, uh, having a data platform is incredibly powerful because the way that we're answering questions today is different than the way we answered questions last year. And it may be very different the way we have to ask questions a year from now. Uh, and that's really what Splunk's is delivering to our customers is that flexibility to be able to ask any question of any data set, uh, and to ask those questions in the context of today, not just the context that they knew yesterday. >>Yeah. W w and you mentioned the pandemic, what has that impact then? Um, obviously the need of, uh, I think about, you know, vaccination of disease, monitoring of outbreak monitoring, uh, emergency care, ICU units, all these things, um, critically important to the government's role right now, um, and continue to be, so what kind of impact has the, the pandemic had in terms of their modernization plans? Um, I'm guessing some of these had to be put on hold, right? Because you've, you've got, uh, you've got an emergency and so you can't conduct business as usual. >>Sure. So it's caused a shift in priorities as you know, John, and then it's also caused us to rethink what has to be done in person and what can be done remotely. And when we think about what can be done remotely, we're seeing a proliferation of devices. Um, we're seeing a proliferation of, uh, the, the level of network access, uh, that is enabled and supported. And with that, we see new security concerns, right? We are seeing, uh, uh, really, uh, an intriguing rise of thought around authentication and making sure that the right person is coming in from the right device, uh, using the right applications at the right time, that is incredibly challenging for our agency customers. Uh, and they have to think about what's happening in, in ways that they didn't have to last year. >>Let's talk about certification a little bit, and I know you announced a FedRAMP a couple of years ago, and now you've come out with a new iteration, if you will. Um, I hear about that. So walk me through that a little bit in our audience as well. And then just talk about the value of certification. Why does that really matter? What's the importance of that? >>Thanks, John. We did recently announced that we've received a provisional authority to operate, uh, in aisle five impact level five. And that's incredibly exciting. I've, I've never worked for a software company that had FedRAMP certification previously. And I think it demonstrates Splunk's commitment to this market, the public sector market. Uh, we are absolutely, um, committed to delivering our software in any environment at any level of classification that our customers need, and that allows them to rest assured that they can decide anything they want to about their data without worrying about the sanctity of that data itself, or the platform that they're using to process that data. That's incredibly exciting. I hope, >>Yeah. You mentioned, uh, the current administration just a little bit ago, you know, the Biden administration, um, no executive orders, you know, focusing in on, on, um, use of, of, uh, or I guess taking appropriate measures, right. To protect your data cyber from a cyber security perspective. Um, what exactly has that done to change the approach the government is taking now, uh, to protecting data and then how have you adapted to that executive order to provide the right services for governments looking to, to make sure they meet those standards and that criteria? >>Well, it's an exciting time as you, as you point out on May 12th, president Biden's son and executive order on improving the nation's cybersecurity. So, uh, from the highest levels, we're seeing the government sort of set a baseline for what makes sense. And they went further in a memo just released on August 27th, uh, by releasing what they call an enterprise logging maturity model. And it has four levels. And it, it indicates what sorts of data agencies should be storing from, and in their systems and for how long they should be storing it. And that's incredibly exciting because a lot of agencies are using Splunk, uh, to make sense of that data. And so this gives them sort of a baseline for what data do they need to collect? How long do they need to keep it collected for what questions do they need to ask of it? And as a result, um, we're making some offers to our customers about how they use Splunk, uh, how they take advantage of our cloud-based storage within our product, um, how they take advantage of our services in mapping their data strategy to this enterprise logging maturity model. And it represents a great opportunity to sort of take a step forward in cybersecurity for these agency customers. >>Yeah. I'm kind of curious here. I mean, I, I came from the wireless space and we had an active dialogue with the government in terms of, uh, communications, emergency communications, um, and, um, and also in, in services, the rural areas, that kind of thing. But sometimes that collaboration didn't go as smoothly as we would've liked, frankly. And, and so maybe lessons have been learned from that in terms of how the private sector melds with the public sector and works with the policy makers, you know, in that respect, what, how would you characterize just overall the relationship, you know, the public private sector relationship in terms of, you know, the sharing of resources and of information and collaboration? >>Well at the federal government level, uh, there's always been pretty incredible collaboration between industry and government, but I think, um, we at Splunk have been engaged through organizations like the Alliance for digital innovation, uh, the us chamber of commerce, um, act by act the American council for technology and the industry advisory council. And we're seeing a rise actually in university partnerships as well, particularly at the state level where, uh, let's say local governments are saying, Hey, we don't have the capacity to do some of these things that we now know we need to do. And we know that, uh, some of those things could be done in collaboration with our university partners and with our state partners. Um, and that's exciting. I think that it is an era where everyone realizes there are new threats. Uh, there are threats that are, um, hard to handle in a silo and that the more we collaborate, whether it's government industry collaboration, or whether it's cross government collaboration, or whether it's cross industry collaboration, the better, and the more effectively, uh, we'll solve some of these problems that face us as a nation. >>What do you make a great point too? Because, uh, it is about pulling resources at some point, and everybody pulling together, uh, in order to combat what has become a certainly vaccine, uh, challenge to say the least Jeremy, thanks for the time. Uh, I appreciate it. And, uh, wish you all the success down the road. >>Thanks for having me, John, you >>Bet Jeremy Risa joining us, talking about the public sector and sparks just exemplary work in that respect. You're watching the cube. Our coverage continues here of.com for 21.

>>From the Bellagio hotel in Las Vegas. It's the cube covering UI path forward for brought to you by UI path. >>Good morning. Welcome to the cubes coverage of UI path forward for day two. Live from the Bellagio in Las Vegas. I'm Lisa Martin with Dave Velante, Dave. We had a great action packed day yesterday. We're going to have another action packed day today. We've got the CEO coming on. We've got customers coming on, but there's been a lot in the news last 24 hours. Facebook, what are your thoughts? >>Yeah, so wall street journal today, headline Facebook hearing fuels call for rain in on big tech. All right, everybody's going after big tech. Uh, for those of you who missed it, 60 minutes had a, uh, an interview with the whistleblower. Her name is, uh, Francis Haugen. She's very credible, just a little background. I'll give you my take. I mean, she was hired to help set Facebook straight and protect privacy of individuals, of children. And I really feel like, again, she, she didn't come across as, as bitter or antagonistic, but, but I feel as though she feels betrayed, right, I think she was hired to do a job. They lured her in to say, Hey, this is again, just my take to say, Hey, we want your help in earnest to protect the privacy of our users, our citizens, et cetera. And I think she feels betrayed because she's now saying, listen, this is not cool. >>You hired us to do a job. We in earnest, went in and tried to solve this problem. And you guys kind of ignored it and you put profit ahead of safety. And I think that is the fundamental crux of this. Now she made a number of really good points in her hearing yesterday and I'll, and we'll try to summarize, I mean, there's a lot of putting advertising revenue ahead of children's safety and, and, and others. The examples they're using are during the 2020 election, they shut down any sort of negative conversations. They would be really proactive about that, but after the election, they turned it back on and you know, we all know what happened on January 6th. So there's sort of, you know, the senators are trying that night. Um, the second thing is she talked about Facebook as a wall garden, and she made the point yesterday at the congressional hearings that Google actually, you can data scientists, anybody can go download all the data that Google has on you. >>You and I can do that. Right? There's that website that we've gone to and you look at all the data Google has and you kind of freak out. Yeah, you can't do that with Facebook, right? It's all hidden. So it's kind of this big black box. I will say this it's interesting. The calls for breaking up big tech, Bernie Sanders tweeted something out yesterday said that, uh, mark Zuckerberg was worth, I don't know. I think 9 billion in 2007 or eight or nine, whatever it was. And he's worth 122 billion today, which of course is mostly tied up in Facebook stock, but still he's got incredible wealth. And then Bernie went on his red it's time to break up big tech. It's time to get people to pay their fair share, et cetera. I'm intrigued that the senators don't have as much vigilance around other industries, whether it's big pharma, food companies addicting children to sugar and the like, but that doesn't let Facebook. >>No, it doesn't, but, but you ha you bring up a good point. You and I were chatting about this yesterday. What the whistleblower is identifying is scary. It's dangerous. And the vast majority, I think of its users, don't understand it. They're not aware of it. Um, and why is big tech being maybe singled out and use as an example here, when, to your point, you know, the addiction to sugar and other things are, uh, have very serious implications. Why is big tech being singled out here as the poster child for what's going wrong? >>Well, and they're comparing it to big tobacco, which is the last thing you want to be compared to as big tobacco. But the, but the, but the comparison is, is valid in that her claim, the whistleblower's claim was that Facebook had data and research that it knew, it knows it's hurting, you know, you know, young people. And so what did it do? It created, you know, Instagram for kids, uh, or it had 600,000. She had another really interesting comment or maybe one of the senators did. Facebook said, look, we scan our records and you know, kids lie. And we, uh, we kicked 600,000 kids off the network recently who were underaged. And the point was made if you have 600,000 people on your network that are underage, you have to go kill. That's a problem. Right? So now the flip side of this, again, trying to be balanced is Facebook shut down Donald Trump and his nonsense, uh, and basically took him off the platform. >>They kind of thwarted all the hunter Biden stuff, right. So, you know, they did do some, they did. It's not like they didn't take any actions. Uh, and now they're up, you know, in front of the senators getting hammered. But I think the Zuckerberg brings a lot of this on himself because he put out an Instagram he's on his yacht, he's drinking, he's having fun. It's like he doesn't care. And he, you know, who knows, he probably doesn't. She also made the point that he owns an inordinate percentage and controls an inordinate percentage of the stock, I think 52% or 53%. So he can kind of do what he wants. And I guess, you know, coming back to public policy, there's a lot of narrative of, I get the billionaires and I get that, you know, the Mo I'm all for billionaires paying more taxes. >>But if you look at the tax policies that's coming out of the house of representatives, it really doesn't hit the billionaires the way billionaires can. We kind of know the way that they protect their wealth is they don't sell and they take out low interest loans that aren't taxed. And so if you look at the tax policies that are coming out, they're really not going after the billionaires. It's a lot of rhetoric. I like to deal in facts. And so I think, I think there's, there's a lot of disingenuous discourse going on right now at the same time, you know, Facebook, they gotta, they gotta figure it out. They have to really do a better job and become more transparent, or they are going to get broken up. And I think that's a big risk to the, to their franchise and maybe Zuckerberg doesn't care. Maybe he just wants to give it a, give it to the government, say, Hey, are you guys are on? It >>Happens. What do you think would happen with Amazon, Google, apple, some of the other big giants. >>That's a really good question. And I think if you look at the history of the us government, in terms of ant anti monopolistic practices, it spent decade plus going after IBM, you know, at the end of the day and at the same thing with Microsoft at the end of the day, and those are pretty big, you know, high profiles. And then you look at, at T and T the breakup of at T and T if you take IBM, IBM and Microsoft, they were slowed down by the U S government. No question I've in particular had his hands shackled, but it was ultimately their own mistakes that caused their problems. IBM misunderstood. The PC market. It gave its monopoly to Intel and Microsoft, Microsoft for its part. You know, it was hugging windows. They tried to do the windows phone to try to jam windows into everything. >>And then, you know, open source came and, you know, the world woke up and said, oh, there's this internet that's built on Linux. You know, that kind of moderated by at T and T was broken up. And then they were the baby bells, and then they all got absorbed. And now you have, you know, all this big, giant telcos and cable companies. So the history of the U S government in terms of adjudicating monopolistic behavior has not been great at the same time. You know, if companies are breaking the law, they have to be held accountable. I think in the case of Amazon and Google and apple, they, a lot of lawyers and they'll fight it. You look at what China's doing. They just cut right to the chase and they say, don't go to the, they don't litigate. They just say, this is what we're doing. >>Big tech, you can't do a, B and C. We're going to fund a bunch of small startups to go compete. So that's an interesting model. I was talking to John Chambers about this and he said, you know, he was flat out that the Western way is the right way. And I believe in, you know, democracy and so forth. But I think if, to answer your question, I think they'll, they'll slow it down in courts. And I think at some point somebody's going to figure out a way to disrupt these big companies. They always do, you know, >>You're right. They always do >>Right. I mean, you know, the other thing John Chambers points out is that he used to be at 1 28, working for Wang. There is no guarantee that the past is prologue that because you succeeded in the past, you're going to succeed in the future. So, so that's kind of the Facebook break up big tech. I'd like to see a little bit more discussion around, you know, things like food companies and the, like >>You bring up a great point about that, that they're equally harmful in different ways. And yet they're not getting the visibility that a Facebook is getting. And maybe that's because of the number of users that it has worldwide and how many people depend on it for communication, especially in the last 18 months when it was one of the few channels we had to connect and engage >>Well. And, and the whistleblower's point, Facebook puts out this marketing narrative that, Hey, look at all this good we're doing in reality. They're all about the, the, the advertising profits. But you know, I'm not sure what laws they're breaking. They're a public company. They're, they're, they have a responsibility to shareholders. So that's, you know, to be continued. The other big news is, and the headline is banks challenge, apple pay over fees for transactions, right? In 2014, when apple came up with apple pay, all the banks lined up, oh, they had FOMO. They didn't want to miss out on this. So they signed up. Now. They don't like the fact that they have to pay apple fees. They don't like the fact that apple introduced its own credit card. They don't like the fact that they have to pay fees on monthly recurring charges on your, you know, your iTunes. >>And so we talked about this and we talk about it a lot on the cube is that, that in, in, in, in his book, seeing digital David, Michelle, or the author talked about Silicon valley broadly defined. So he's including Seattle, Microsoft, but more so Amazon, et cetera, has a dual disruption agenda. They're not only trying to disrupt horizontally the technology industry, but they're also disrupting industry. We talked about this yesterday, apple and finances. The example here, Amazon, who was a bookseller got into cloud and is in grocery and is doing content. And you're seeing these a large companies, traverse industry value chains, which have historically been very insulated right from that type of competition. And it's all because of digital and data. So it's a very, pretty fascinating trends going on. >>Well, from a financial services perspective, we've been seeing the unbundling of the banks for a while. You know, the big guys with B of A's, those folks are clearly concerned about the smaller, well, I'll say the smaller FinTech disruptors for one, but, but the non FinTech folks, the apples of the world, for example, who aren't in that industry who are now to your point, disrupting horizontally and now going after individual specific industries, ultimately I think as consumers we want, whatever is going to make our lives easier. Um, do you ever, ever, I always kind of scratch my nose when somebody doesn't take apple pay, I'm like, you don't take apple pay so easy. It's so easy to make this easy for me. >>Yeah. Yeah. So it's, it's going to be really interesting to see how this plays out. I, I do think, um, you know, it begs the question when will banks or Willbanks lose control of the payment systems. They seem to be doing that already with, with alternative forms of payment, uh, whether it's PayPal or Stripe or apple pay. And then crypto is, uh, with, with, with decentralized finance is a whole nother topic of disruption and innovation, >>Right? Well, these big legacy institutions, these organizations, and we've spoke with some of them yesterday, we're going to be speaking with some of them today. They need to be able to be agile, to transform. They have to have the right culture in order to do that. That's the big one. They have to be willing. I think an open to partner with the broader ecosystem to unlock more opportunities. If they want to be competitive and retain the trust of the clients that they've had for so long. >>I think every industry has a digital disruption scenario. We used to always use the, don't get Uber prized example Uber's coming on today, right? And, and there isn't an industry, whether it's manufacturing or retail or healthcare or, or government that isn't going to get disrupted by digital. And I think the unique piece of this is it's it's data, data, putting data at the core. That's what the big internet giants have done. That's what we're hearing. All these incumbents try to do is to put data. We heard this from Coca-Cola yesterday, we're putting data at the core of our company and what we're enabling through automation and other activities, uh, digital, you know, a company. And so, you know, can these, can these giants, these hundred plus year old giants compete? I think they can because they don't have to invent AI. They can work with companies like UI path and embed AI into their business and focused on, on what they do best. Now, of course, Google and Amazon and Facebook and Microsoft there may be going to have the best AI in the world. But I think ultimately all these companies are on a giant collision course, but the market is so huge that I think there's a lot of, >>There's a tremendous amount of opportunity. I think one of the things that was exciting about talking to one, the female CIO of Coca-Cola yesterday, a hundred plus old organization, and she came in with a very transformative, very different mindset. So when you see these, I always appreciate when I say legacy institutions like Coca-Cola or Merck who was on yesterday, blue cross blue shield who's on today, embracing change, cultural change going. We can't do things the way we used to do, because there are competitors in that review mirror who are smaller, they're more nimble, they're faster. They're going to be, they're going to take our customers away from us. We have to deliver this exceptional customer and employee experience. And Coca-Cola is a great example of one that really came in with CA brought in a disruptor in order to align digital with the CEO's thoughts and processes and organization. These are >>Highly capable companies. We heard from the head of finance at, at applied materials today. He was also coming on. I was quite, I mean, this is a applied materials is really strong company. They're talking about a 20 plus billion dollar company with $120 billion market cap. They supply semiconductor equipment and they're a critical component of the semiconductor supply chain. And we all know what's going on in semiconductors today with a huge shortage. So they're a really important company, but I was impressed with, uh, their finance leaders vision on how they're transforming the company. And it was not like, you know, 10 years out, these were not like aspirational goals. This is like 20, 19, 20, 22. Right. And, and really taking costs out of the business, driving new innovation. And, and it's, it was it's, it's refreshing to me Lisa, to see CFOs, you know, typically just bottom line finance focused on these industry transformations. Now, of course, at the end of the day, it's all about the bottom line, but they see technology as a way to get there. In fact, he put technology right in the middle of his stack. I want to ask him about that too. I actually want to challenge him a little bit on it because he had that big Hadoop elephant in the middle and this as an elephant in the room. And that picture, >>The strategy though, that applied materials had, it was very well thought out, but it was also to your point designed to create outcomes year upon year upon year. And I was looking at some of the notes. I took that in year one, alone, 274 automations in production. That's a lot, 150,000 in annual work hours automated 124 use cases they tackled in one year. >>So I want to, I want to poke at that a little bit too. And I, and I did yesterday with some guests. I feel like, well, let's see. So, um, I believe it was, uh, I forget what guests it was, but she said we don't put anything forward that doesn't hit the income statement. Do you remember that? Yes, it was Chevron because that was pushing her. I'm like, well, you're not firing people. Right. And we saw from IDC data today, only 13% of organizations are saying, or, or, or the organizations at 13% of the value was from reduction in force. And a lot of that was probably in plan anyway, and they just maybe accelerated it. So they're not getting rid of headcount, but they're counting hours saved. So that says to me, there's gotta be an normally or often CFOs say, well, it's that soft dollars because we're redeploying folks. But she said, no, it hits the income statement. So I don't, I want to push a little bit and see how they connect the dots, because if you're going to save hours, you're going to apply people to new work. And so either they're generating revenue or cutting costs somewhere. So, so there's another layer that I want to appeal to understand how that hits the income state. >>Let's talk about some of that IDC data. They announced a new white paper this morning sponsored by UI path. And I want to get your perspectives on some of the stats that they talked about. They were painting a positive picture, an optimistic picture. You know, we can't talk about automation without talking about the fear of job loss. They've been in a very optimistic picture for the actual gains over a few year period. What are your thoughts about that? Especially when we saw that stat 41% slowed hiring. >>Yeah. So, well, first of all, it's a sponsored study. So, you know, and of course the conferences, so it's going to be, be positive, but I will say this about IDC. IDC is a company I would put, you know, forest they're similar. They do sponsored research and they're credible. They don't, they, they have the answer to their audience, so they can't just out garbage. And so it has to be defensible. So I give them credit there that they won't just take whatever the vendor wants them to write and then write it. I've used to work there. And I, and I know the culture and there's a great deal of pride in being able to defend what you do. And if the answer doesn't come out, right, sorry, this is the answer. You know, you could pay a kill fee or I dunno how they handle it today. >>But, but, so my point is I think, and I know the people who did that study, many of them, and I think they're pretty credible. I, I thought by the way, you, to your 41% point. So the, the stat was 13% are gonna reduce head count, right? And then there were two in the middle and then 41% are gonna reduce or defer hiring in the future. And this to me, ties into the Erik Brynjolfsson and, and, and, uh, and, and McAfee work. Andy McAfee work from MIT who said, look, initially actually made back up. They said, look at machines, have always replaced humans. Historically this was in their book, the second machine age and what they said was, but for the first time in history, machines are replacing humans with cognitive functions. And this is sort of, we've never seen this before. It's okay. That's cool. >>And their, their research suggests that near term, this is going to be a negative economic impact, sorry, negative impact on jobs and salaries. And we've, we've generally seen this, the average salary, uh, up until recently has been flat in the United States for years and somewhere in the mid fifties. But longterm, their research shows that, and this is consistent. I think with IDC that it's going to help hiring, right? There's going to be a boost buddy, a net job creator. And there's a, there's a, there's a chasm you've got across, which is education training and skill skillsets, which Brynjolfsson and McAfee focused on things that humans can do that machines can't. And you have this long list and they revisited every year. Like they used to be robots. Couldn't walk upstairs. Well, you see robots upstairs all the time now, but it's empathy, it's creativity. It's things like that. >>Contact that humans are, are much better at than machines, uh, even, even negotiations. And, and so, so that's, those are skills. I don't know where you get those skills. Do you teach those and, you know, MBA class or, you know, there's these. So their point is there needs to be a new thought process around education, public policy, and the like, and, and look at it. You can't protect the past from the future, right? This is inevitable. And we've seen this in terms of economic activity around the world countries that try to protect, you know, a hundred percent employment and don't let competition, they tend to fall behind competitively. You know, the U S is, is not of that category. It's an open market. So I think this is inevitable. >>So a lot about upskilling yesterday, and the number of we talked with PWC about, for example, about what they're doing and a big focus on upscaling. And that was part of the IDC data that was shared this morning. For example, I'll share a stat. This was a survey of 518 people. 68% of upscaled workers had higher salaries than before. They also shared 57% of upskilled workers had higher roles and their enterprises then before. So some, again, two point it's a sponsored study, so it's going to be positive, but there, there was a lot of discussion of upskilling yesterday and the importance on that education, because to your point, we can't have one without the other. You can't give these people access to these tools and not educate them on how to use it and help them help themselves become more relevant to the organization. Get rid of the mundane tasks and be able to start focusing on more strategic business outcome, impacting processes. >>We talked yesterday about, um, I use the example of, of SAP. You, you couldn't have predicted SAP would have won the ERP wars in the early to mid 1990s, but if you could have figured out who was going to apply ERP to their businesses, you know what, you know, manufacturing companies and these global firms, you could have made a lot of money in the stock market by, by identifying those that were going to do that. And we used to say the same thing about big data, and the reason I'm bringing all this up is, you know, the conversations with PWC, Deloitte and others. This is a huge automation, a huge services opportunity. Now, I think the difference between this and the big data era, which is really driven by Hadoop is it was big data was so complicated and you had a lack of data scientists. >>So you had to hire these services firms to come in and fill those gaps. I think this is an enormous services opportunity with automation, but it's not because the software is hard to get to work. It's all around the organizational processes, rethinking those as people process technology, it's about the people in the process, whereas Hadoop and the big data era, it was all about the tech and they would celebrate, Hey, this stuff works great. There are very few companies really made it through that knothole to dominate as we've seen with the big internet giants. So you're seeing all these big services companies playing in this market because as I often say, they like to eat at the trough. I know it's kind of a pejorative, but it's true. So it's huge, huge market, but I'm more optimistic about the outcomes for a broader audience with automation than I was with, you know, big data slash Hadoop, because I think the software as much, as much more adoptable, easier to use, and you've got the cloud and it's just a whole different ball game. >>That's certainly what we heard yesterday from Chevron about the ease of use and that you should be able to see results and returns very quickly. And that's something too that UI path talks about. And a lot of their marketing materials, they have a 96, 90 7% retention rate. They've done a great job building their existing customers land and expand as we talked about yesterday, a great use case for that, but they've done so by making things easy, but hearing that articulated through the voice of their customers, fantastic validation. >>So, you know, the cube is like a little, it's like a interesting tip of the spirits, like a probe. And I will tell you when I, when we first started doing the cube and the early part of the last decade, there were three companies that stood out. It was Splunk service now and Tableau. And the reason they stood out is because they were able to get customers to talk about how great they were. And the light bulb went off for us. We were like, wow, these are three companies to watch. You know, I would tell all my wall street friends, Hey, watch these companies. Yeah. And now you see, you know, with Frank Slootman at snowflake, the war, the cat's out of the bag, everybody knows it's there. And they're expecting, you know, great things. The stock is so priced to perfection. You could argue, it's overpriced. >>The reason I'm bringing this up is in terms of customer loyalty and affinity and customer love. You're getting it here. Absolutely this ecosystem. And the reason I bring that up is because there's a lot of questions in the, in the event last night, it was walking around. I saw a couple of wall street guys who came up to me and said, Hey, I read your stuff. It was good. Let's, let's chat. And there's a lot of skepticism on, on wall street right now about this company. Right? And to me, that's, that's good news for you. Investors who want to do some research, because the words may be not out. You know, they, they, they gotta prove themselves here. And to me, the proof is in the customer and the lifetime value of that customer. So, you know, again, we don't give stock advice. We, we kind of give fundamental observations, but this stock, I think it's trading just about 50. >>Now. I don't think it's going to go to 30, unless the market just tanks. It could have some, you know, if that happens, okay, everything will go down. But I actually think, even though this is a richly priced stock, I think the future of this company is very bright. Obviously, if they continue to execute and we're going to hear from the CEO, right? People don't know Daniel, Denise, right? They're like, who is this guy? You know, he started this company and he's from Eastern Europe. And we know he's never have run a public company before, so they're not diving all in, you know? And so that to me is something that really pay attention to, >>And we can unpack that with him later today. And we've got some great customers on the program. You mentioned Uber's here. Spotify is here, applied materials. I feel like I'm announcing something on Saturday night. Live Uber's here. Spotify is here. All right, Dave, looking forward to a great action packed today. We're going to dig more into this and let's get going. Shall we let's do it. All right. For David Dante, I'm Lisa Martin. This is the cube live in Las Vegas. At the Bellagio. We are coming to you presenting UI path forward for come back right away. Our first guest comes up in just a second.