>> From "theCube" Studios in Palo Alto in Boston bringing you data-driven insights from "theCube" and ETR. This is "Breaking Analysis" with Dave Vellante. >> As an independent pure play company, Palo Alto Networks has earned its status as the leader in security. You can measure this in a variety of ways. Revenue, market cap, execution, ethos, and most importantly, conversations with customers generally. In CISO specifically, who consistently affirm this position. The company's on track to double its revenues in fiscal year 23 relative to fiscal year 2020. Despite macro headwinds, which are likely to carry through next year, Palo Alto owes its position to a clarity of vision and strong execution on a TAM expansion strategy through acquisitions and integration into its cloud and SaaS offerings. Hello and welcome to this week's "Wikibon Cube Insights" powered by ETR and this breaking analysis and ahead of Palo Alto Ignite the company's user conference, we bring you the next chapter on top of the last week's cybersecurity update. We're going to dig into the ETR data on Palo Alto Networks as we promised and provide a glimpse of what we're going to look for at "Ignite" and posit what Palo Alto needs to do to stay on top of the hill. Now, the challenges for cybersecurity professionals. Dead simple to understand. Solving it, not so much. This is a taxonomic eye test, if you will, from Optiv. It's one of our favorite artifacts to make the point the cybersecurity landscape is a mosaic of stovepipes. Security professionals have to work with dozens of tools many legacy combined with shiny new toys to try and keep up with the relentless pace of innovation catalyzed by the incredibly capable well-funded and motivated adversaries. Cybersecurity is an anomalous market in that the leaders have low single digit market shares. Think about that. Cisco at one point held 60% market share in the networking business and it's still deep into the 40s. Oracle captures around 30% of database market revenue. EMC and storage at its peak had more than 30% of that market. Even Dell's PC market shares, you know, in the mid 20s or even over that from a revenue standpoint. So cybersecurity from a market share standpoint is even more fragmented perhaps than the software industry. Okay, you get the point. So despite its position as the number one player Palo Alto might have maybe three maybe 4% of the total market, depending on what you use as your denominator, but just a tiny slice. So how is it that we can sit here and declare Palo Alto as the undisputed leader? Well, we probably wouldn't go that far. They probably have quite a bit of competition. But this CISO from a recent ETR round table discussion with our friend Eric Bradley, summed up Palo Alto's allure. We thought pretty well. The question was why Palo Alto Networks? Here's the answer. Because of its completeness as a platform, its ability to integrate with its own products or they acquire, integrate then rebrand them as their own. We've looked at other vendors we just didn't think they were as mature and we already had implemented some of the Palo Alto tools like the firewalls and stuff and we thought why not go holistically with the vendor a single throat to choke, if you will, if stuff goes wrong. And I think that was probably the primary driver and familiarity with the tools and the resources that they provided. Now here's another stat from ETR's Eric Bradley. He gave us a glimpse of the January survey that's in the field now. The percent of IT buyers stating that they plan to consolidate redundant vendors, it went from 34% in the October survey and now stands at 44%. So we fo we feel this bodes well for consolidators like Palo Alto networks. And the same is true from Microsoft's kind of good enough approach. It should also be true for CrowdStrike although last quarter we saw softness reported on in their SMB market, whereas interestingly MongoDB actually saw consistent strength from its SMB and its self-serve. So that's something that we're watching very closely. Now, Palo Alto Networks has held up better than most of its peers in the stock market. So let's take a look at that real quick. This chart gives you a sense of how well. It's a one year comparison of Palo Alto with the bug ETF. That's the cyber basket that we like to compare often CrowdStrike, Zscaler, and Okta. Now remember Palo Alto, they didn't run up as much as CrowdStrike, ZS and Okta during the pandemic but you can see it's now down unquote only 9% for the year. Whereas the cyber basket ETF is off 27% roughly in line with the NASDAQ. We're not showing that CrowdStrike down 44%, Zscaler down 61% and Okta off a whopping 72% in the past 12 months. Now as we've indicated, Palo Alto is making a strong case for consolidating point tools and we think it will have a much harder time getting customers to switch off of big platforms like Cisco who's another leader in network security. But based on the fragmentation in the market there's plenty of room to grow in our view. We asked breaking analysis contributor Chip Simington for his take on the technicals of the stock and he said that despite Palo Alto's leadership position it doesn't seem to make much difference these days. It's all about interest rates. And even though this name has performed better than its peers, it looks like the stock wants to keep testing its 52 week lows, but he thinks Palo Alto got oversold during the last big selloff. And the fact that the company's free cash flow is so strong probably keeps it at the one 50 level or above maybe bouncing around there for a while. If it breaks through that under to the downside it's ne next test is at that low of around one 40 level. So thanks for that, Chip. Now having get that out of the way as we said on the previous chart Palo Alto has strong opinions, it's founder and CTO, Nir Zuk, is extremely clear on that point of view. So let's take a look at how Palo Alto got to where it is today and how we think you should think about his future. The company was founded around 18 years ago as a network security company focused on what they called NextGen firewalls. Now, what Palo Alto did was different. They didn't try to stuff a bunch of functionality inside of a hardware box. Rather they layered network security functions on top of its firewalls and delivered value as a service through software running at the time in its own cloud. So pretty obvious today, but forward thinking for the time and now they've moved to a more true cloud native platform and much more activity in the public cloud. In February, 2020, right before the pandemic we reported on the divergence in market values between Palo Alto and Fort Net and we cited some challenges that Palo Alto was happening having transitioning to a cloud native model. And at the time we said we were confident that Palo Alto would make it through the knot hole. And you could see from the previous chart that it has. So the company's architectural approach was to do the heavy lifting in the cloud. And this eliminates the need for customers to deploy sensors on prem or proxies on prem or sandboxes on prem sandboxes, you know for instance are vulnerable to overwhelming attacks. Think about it, if you're a sandbox is on prem you're not going to be updating that every day. No way. You're probably not going to updated even every week or every month. And if the capacity of your sandbox is let's say 20,000 files an hour you know a hacker's just going to turn up the volume, it'll overwhelm you. They'll send a hundred thousand emails attachments into your sandbox and they'll choke you out and then they'll have the run of the house while you're trying to recover. Now the cloud doesn't completely prevent that but what it does, it definitely increases the hacker's cost. So they're going to probably hit some easier targets and that's kind of the objective of security firms. You know, increase the denominator on the ROI. All right, the next thing that Palo Alto did is start acquiring aggressively, I think we counted 17 or 18 acquisitions to expand the TAM beyond network security into endpoint CASB, PaaS security, IaaS security, container security, serverless security, incident response, SD WAN, CICD pipeline security, attack service management, supply chain security. Just recently with the acquisition of Cider Security and Palo Alto by all accounts takes the time to integrate into its cloud and SaaS platform called Prisma. Unlike many acquisitive companies in the past EMC was a really good example where you ended up with a kind of a Franken portfolio. Now all this leads us to believe that Palo Alto wants to be the consolidator and is in a good position to do so. But beyond that, as multi-cloud becomes more prevalent and more of a strategy customers tell us they want a consistent experience across clouds. And is going to be the same by the way with IoT. So of the next wave here. Customers don't want another stove pipe. So we think Palo Alto is in a good position to build what we call the security super cloud that layer above the clouds that brings a common experience for devs and operational teams. So of course the obvious question is this, can Palo Alto networks continue on this path of acquire and integrate and still maintain best of breed status? Can it? Will it? Does it even have to? As Holger Mueller of Constellation Research and I talk about all the time integrated suites seem to always beat best of breed in the long run. We'll come back to that. Now, this next graphic that we're going to show you underscores this question about portfolio. Here's a picture and I don't expect you to digest it all but it's a screen grab of Palo Alto's product and solutions portfolios, network cloud, network security rather, cloud security, Sassy, CNAP, endpoint unit 42 which is their threat intelligence platform and every imaginable security service and solution for customers. Well, maybe not every, I'm sure there's more to come like supply chain with the recent Cider acquisition and maybe more IoT beyond ZingBox and earlier acquisition but we're sure there will be more in the future both organic and inorganic. Okay, let's bring in more of the ETR survey data. For those of you who don't know ETR, they are the number one enterprise data platform surveying thousands of end customers every quarter with additional drill down surveys and customer round tables just an awesome SaaS enabled platform. And here's a view that shows net score or spending momentum on the vertical axis in provision or presence within the ETR data set on the horizontal axis. You see that red dotted line at 40%. Anything at or over that indicates a highly elevated net score. And as you can see Palo Alto is right on that line just under. And I'll give you another glimpse it looks like Palo Alto despite the macro may even just edge up a bit in the next survey based on the glimpse that Eric gave us. Now those colored bars in the bottom right corner they show the breakdown of Palo Alto's net score and underscore the methodology that ETR uses. The lime green is new customer adoptions, that's 7%. The forest green at 38% represents the percent of customers that are spending 6% or more on Palo Alto solutions. The gray is at that 40 or 8% that's flat spending plus or minus 5%. The pinkish at 5% is spending is down on Palo Alto network products by 6% or worse. And the bright red at only 2% is churn or defections. Very low single digit numbers for Palo Alto, that's a real positive. What you do is you subtract the red from the green and you get a net score of 38% which is very good for a company of Palo Alto size. And we'll note this is based on just under 400 responses in the ETR survey that are Palo Alto customers out of around 1300 in the total survey. It's a really good representation of Palo Alto. And you can see the other leading companies like CrowdStrike, Okta, Zscaler, Forte, Cisco they loom large with similar aspirations. Well maybe not so much Okta. They don't necessarily rule want to rule the world. They want to rule identity and of course the ever ubiquitous Microsoft in the upper right. Now drilling deeper into the ETR data, let's look at how Palo Alto has progressed over the last three surveys in terms of market presence in the survey. This view of the data shows provision in the data going back to October, 2021, that's the gray bars. The blue is July 22 and the yellow is the latest survey from October, 2022. Remember, the January survey is currently in the field. Now the leftmost set of data there show size a company. The middle set of data shows the industry for a select number of industries in the right most shows, geographic region. Notice anything, yes, Palo Alto up across the board relative to both this past summer and last fall. So that's pretty impressive. Palo Alto network CEO, Nikesh Aurora, stressed on the last earnings call that the company is seeing somewhat elongated deal approvals and sometimes splitting up size of deals. He's stressed that certain industries like energy, government and financial services continue to spend. But we would expect even a pullback there as companies get more conservative. But the point is that Nikesh talked about how they're hiring more sales pros to work the pipeline because they understand that they have to work harder to pull deals forward 'cause they got to get more approvals and they got to increase the volume that's coming through the pipeline to account for the possibility that certain companies are going to split up the deals, you know, large deals they want to split into to smaller bite size chunks. So they're really going hard after they go to market expansion to account for that. All right, so we're going to wrap by sharing what we expect and what we're going to probe for at Palo Alto Ignite next week, Lisa Martin and I will be hosting "theCube" and here's what we'll be looking for. First, it's a four day event at the MGM with the meat of the program on days two and three. That's day two was the big keynote. That's when we'll start our broadcasting, we're going for two days. Now our understanding is we've never done Palo Alto Ignite before but our understanding it's a pretty technically oriented crowd that's going to be eager to hear what CTO and founder Nir Zuk has to say. And as well CEO Nikesh Aurora and as in addition to longtime friend of "theCube" and current president, BJ Jenkins, he's going to be speaking. Wendy Whitmore runs Unit 42 and is going to be several other high profile Palo Alto execs, as well, Thomas Kurian from Google is a featured speaker. Lee Claridge, who is Palo Alto's, chief product officer we think is going to be giving the audience heavy doses of Prisma Cloud and Cortex enhancements. Now, Cortex, you might remember, came from an acquisition and does threat detection and attack surface management. And we're going to hear a lot about we think about security automation. So we'll be listening for how Cortex has been integrated and what kind of uptake that it's getting. We've done some, you know, modeling in from the ETR. Guys have done some modeling of cortex, you know looks like it's got a lot of upside and through the Palo Alto go to market machine, you know could really pick up momentum. That's something that we'll be probing for. Now, one of the other things that we'll be watching is pricing. We want to talk to customers about their spend optimization, their spending patterns, their vendor consolidation strategies. Look, Palo Alto is a premium offering. It charges for value. It's expensive. So we also want to understand what kind of switching costs are customers willing to absorb and how onerous they are and what's the business case look like? How are they thinking about that business case. We also want to understand and really probe on how will Palo Alto maintain best of breed as it continues to acquire and integrate to expand its TAM and appeal as that one-stop shop. You know, can it do that as we talked about before. And will it do that? There's also an interesting tension going on sort of changing subjects here in security. There's a guy named Edward Hellekey who's been in "theCube" before. He hasn't been in "theCube" in a while but he's a security pro who has educated us on the nuances of protecting data privacy, public policy, how it varies by region and how complicated it is relative to security. Because securities you technically you have to show a chain of custody that proves unequivocally, for example that data has been deleted or scrubbed or that metadata does. It doesn't include any residual private data that violates the laws, the local laws. And the tension is this, you need good data and lots of it to have good security, really the more the better. But government policy is often at odds in a major blocker to sharing data and it's getting more so. So we want to understand this tension and how companies like Palo Alto are dealing with it. Our customers testing public policy in courts we think not quite yet, our government's making exceptions and policies like GDPR that favor security over data privacy. What are the trade-offs there? And finally, one theme of this breaking analysis is what does Palo Alto have to do to stay on top? And we would sum it up with three words. Ecosystem, ecosystem, ecosystem. And we said this at CrowdStrike Falcon in September that the one concern we had was the pace of ecosystem development for CrowdStrike. Is collaboration possible with competitors? Is being adopted aggressively? Is Palo Alto being adopted aggressively by global system integrators? What's the uptake there? What about developers? Look, the hallmark of a cloud company which Palo Alto is a cloud security company is a thriving ecosystem that has entries into and exits from its platform. So we'll be looking at what that ecosystem looks like how vibrant and inclusive it is where the public clouds fit and whether Palo Alto Networks can really become the security super cloud. Okay, that's a wrap stop by next week. If you're in Vegas, say hello to "theCube" team. We have an unbelievable lineup on the program. Now if you're not there, check out our coverage on theCube.net. I want to thank Eric Bradley for sharing a glimpse on short notice of the upcoming survey from ETR and his thoughts. And as always, thanks to Chip Symington for his sharp comments. Want to thank Alex Morrison, who's on production and manages the podcast Ken Schiffman as well in our Boston studio, Kristen Martin and Cheryl Knight they help get the word out on social and of course in our newsletters, Rob Hoof, is our editor in chief over at Silicon Angle who does some awesome editing, thank you to all. Remember all these episodes they're available as podcasts. Wherever you listen, all you got to do is search "Breaking Analysis" podcasts. I publish each week on wikibon.com and silicon angle.com where you can email me at david.valante@siliconangle.com or dm me at D Valante or comment on our LinkedIn post. And please do check out etr.ai. They've got the best survey data in the enterprise tech business. This is Dave Valante for "theCube" Insights powered by ETR. Thanks for watching. We'll see you next week on "Ignite" or next time on "Breaking Analysis". (upbeat music)

(upbeat music) >> Hello, fellow cloud nerds and welcome back to AWS re:Invent here in a beautiful sin city. We are theCUBE. My name is Savannah Peterson, joined by my dear colleague and co-host Paul Gillon. Paul, last segment. >> Good thing too. >> Of our first re:Invent. >> A good thing too 'cause I think you're going to lose your voice after this one. >> We are right on the line. (laughter) You can literally hear it struggling to come out right now. But that doesn't mean that the conversation we're going to have is not just as important as our first or our middle interview. Very excited to have Ganesh from Uptycs with us today. Ganesh, welcome to the show. >> Savannah and Paul, thank you for having me here. >> It's a pleasure. I can tell from your smile and your energy. You're like us, you've been having a great time. How has the show been for you so far? >> Tremendous. Two reasons. One, we've had great parties since Monday night. >> Yes. Love that. >> The turnout has been fantastic. >> You know, honestly you're the first guest to bring up the party side of this. But it is such, and obviously there's a self-indulgence component of that. But beyond the hedonism. It is a big part of the networking in the community. And I love that you had a whiskey tasting. Paul and I will definitely be at the next one that you have. In case folks aren't familiar. Give us the Uptycs pitch. >> So we are a Boston based venture. What we provide is cloud infrastructure security. I know if you raise your hand. >> Hot topic. >> Yeah, hot topic obviously in given where we are. But we have a unique way of providing visibility into workloads from inside the workload. As well as by connecting to the AWS control plane. We cover the entire Gartner acronym soup, they call it as CNAP. Which is cloud native application protection platform. That's what we do. >> Now you provide cloud infrastructure security. I thought the cloud providers did that. >> Cloud providers, they provide elements of it because they can only provide visibility from outside in. And if you were to take AWS as an example they give you only at an account level. If you want to do things at an organization where you might have a thousand accounts. You're left to fend to yourself. If you want to span other cloud service providers at the same time. Then you're left to fend to yourself. That's why technologies like us exist. Who can not only span across accounts but go across cloud and get visibility into your workload. >> Now we know that the leading cause of data loss in the cloud or breaches if you'll call them, is misconfiguration. Is that something that you address as well? >> Yes. If you were to look at the majority of the breaches they're due to two reasons. One, due to arguably what you can call as vulnerabilities, misconfigurations, and compliance related issues. Or the second part, things related to like behavioral nature. Which are due to threats. Which then result in like some kind of data loss. But misconfiguration is a top issue and it's called a cloud security posture management. Where once you scope and assess what's the extent of misconfigurations. Maybe there's a chance that you go quickly remediate it. >> So how do you address that? >> Oh, yeah. >> How does that work? So if you were to look at AWS and if you were to think of it as orchestration plane for your workload and services. They provide a API. And this API allows you to get visibility into what's your configuration looking like. And it also allows you to like figure out on an ongoing basis. If there are any changes to your configurations. And usually when you start with a baseline of configuration and as a passage of time. Is where misconfigurations come into play. By understanding the full stream of how it's been configured and how changes are occurring. You get the chance to like go remediate any kind of misconfigure and hence vulnerabilities from that. >> That was a great question Paul. And I'm sure, I mean people want to do that. 23 billion was invested in cybersecurity in 2021 alone, casual dollar amount. I can imagine cybersecurity is a top priority for all of your customers. Probably most of the people on the show floor. How quickly does that mean your team has to scale and adapt given how smart attacks and various things are getting on the dark side of things? >> Great question. The biggest bigger problem than what we are solving for scale is the shortage of people. There's the shortage of people who actually know. >> I was curious about that. Yeah. >> So a shortage of people who understand how to configure it. Let alone people who can secure it like with technology like ours, right? So if you go in that pecking order of pull. It's people and organizations like us exist. Such that at scale you can identify these changes. And help enable those people to quickly scope and assess what's wrong. And potentially help them remediate before it really goes out of control. (metal clinking) >> This is the so-called XDR part of your business, right? >> Yes. So there are two parts. One is around the notion of auditing and compliance and getting visibility. Like the first question that you asked around misconfiguration. And that's one part what we do from the control plane of the cloud. The second part is more behavioral in nature. It results from having visibility into the actual workload. For example, if there's been a misconfiguration. If it's been exploited. You then want to reduce the type well time to figure out like. What really is happening in case there's something potentially nefarious and malicious activity going on. That's the part where XDR (metal clinking) or CWPP comes into play where it's basically called as detection and response of cloud workload protection. >> And how is, it's a fairly new concept, XDR. How is the market taking to it? How popular is this with the customer? >> XDR is extremely popular. So much so that thanks to Gartner and other top analysts. It's become like a catchall for a whole bunch of things. So it's popularity is incredibly on the rise. However, there are elements of XDR the last two part detection and response. Which are like very crucial. X could stand for whatever it is it's extended version. As applied to cloud there's a bunch of things you can do as applied to like laptops. There's a bunch of things it can do. Where we fit into the equation is. Especially from a AWS or a cloud-centric perspective. If the crown jewels of software are developed on a laptop. And the journey of the software is from the laptop to the cloud. That's the arc that we protect. That's where we provide the visibility. >> Mm. >> Wow, that's impressive. So I imagine you get to see quite a few different trends. Working with different customers across the market. What do you think is coming next? How are you and your brilliant team adapting for an ever-changing space? (nails tapping) >> That's a great question. And this is what we are seeing especially with some of our large barrier customers. There's a notion of what's emerging what's called a security as infrastructure. >> Mm. >> Unlike security traditionally being like an operational spend. There's a notion investing in that. Look, if you're going to be procuring technology from AWS as infrastructure. What else will you do to secure it? And that's the notion that that's really taking off. >> Nice. >> You are an advocate of what you call shift up the shift up approach to security. I haven't heard that term before. What is shift? >> Me either. >> I sure have heard of shift left and shift right? >> Yes. >> But what is shift up? >> Great question. So for us, given the breadth of what's possible. And the scale at which one needs to do things. The traditional approach has been shift left where you try to get into like the developer side of laptops. Which is what we do. But if you were to look at it from the perspective that the scale at which these changes occur. And for you to figure out if there is anything malicious in there. You then need to look across it using observability techniques. Which means that you take a step up and look across the complete spectrum. From where the software is developed to where it's deployed. And that's what we call as shift up security. Taking it up like one level notch and looking at it using a telemetry driven approach. >> Yeah, go for it. >> So telemetry driven. So do you integrate with the observability platforms that your customers are using? >> Yeah, so we've taken a lot of cues and IP from observability techniques. Which are traditionally applied to like numerical approaches to figuring out if things are changing. Because there's a number which tells you. And we've applied that to like state related changes. We use similar approach, but we don't look at numbers. We look at what's changing and then the rate of change. And what's actually changing allows us to figure out if there's something malicious. And the only way you can do it at scale by getting the telemetry and not doing it on the actual workload. >> I'm curious, I'm taking, this is maybe your own thought leadership moment. But I as we adapt to nefarious things. Love your use of the word nefarious. Despite folks investing in cybersecurity. I mean the VCs are obviously funding all these startups. But not, but beyond that it is a, it's a huge priority. Breaches still happen. >> Yes. >> And they still happen all the time. They happen every day, every second. There's probably multiple breaches happen. I'm sure there are multiple breaches happening right now. Do you think we'll get to a point where things are truly secure and these breaches don't continue to happen? >> I'd love to say that (crowd cheering) the short answer is no. >> Right? (laughing) >> And this is where there are two schools of thought. You can always try to figure out is there a lead up? With a high degree of conviction that you can say there's something malicious? The second part is you figure out like once you've been breached. How do you reduce the time by like figuring out your dwell time and like meantime to know. >> Nice. So we have a bit of a challenge. I'm going to put his in the middle of this segment. >> Oh, okay. >> I feel like spicing it up for our last one. >> All right. >> I'm feeling a little zesty. >> All right. >> We've been giving everyone a challenge. This is your 30 seconds of thought leadership. Your hot take on the most important theme for, for you coming out of the show and looking towards 2023. >> For us, the most important thing coming out of the show is that you need to get visibility across your cloud from two perspectives. One is from your workload. Second, in terms of protecting your identity. You need to protect your workload. And you need to protect your identity. And then you need to protect the rest of the services. Right? So identity is probably the next perimeter in conjunction with the workload. And that is the most important theme. And we see it consistent in our customer conversations out here. >> Now when you say identity are you referring to down to the individual user level? >> At a cloud level, when you have both bots as well as humans interacting with cloud and you know bringing up workloads and bringing them down. The potential things which can go wrong due to like automated accounts. You know, going haywire. Is really high. And if some privileges are leaked which are meant only for automation. Get into the hands of people they could do inflict a lot of damage, right? So understanding the implications of IAM in the realm of cloud is extremely important. >> Is this, I thought zero trust was supposed to solve for that. How, where does zero trust fall short? >> So zero trust is a bigger thing. It could be in the context of someone trying to access services from their laptop. To like a, you know email exchange or something internal >> Hm. >> on the internet. In a similar way, when you use AWS as a provider. You've got like a role and then you've got like privileges associated with the role. When your identity is asserted. We need to make sure that it's actually indeed you. >> Mm. >> And there's a bunch of analytics that we do today. Allow us to like get that visibility. >> Talk about the internal culture. I'm going to let you get a little recruiting sound bite. >> Yes. >> Out of this interview. What, how big is the team? What's the vibe like? Where are you all based? >> So we are based in Boston. These days we are globally distributed. We've got R and D centers in Boston. We've got in two places in India. And we've got a distributed workforce across the US. Since pre-pandemic to now we've like increased four X or five X from around 60 employees to 300 plus. And it's a very. >> Nicely done. >> We have a very strong ethos and it's very straightforward. We are very engineering product driven when it comes to innovation. Engineering driven when it comes to productivity. But we are borderline maniacal about customer experience. And that's what resulted in our success today. >> Something that you have in common with AWS. >> I would arguably say so, yes. (laughter) Thank you for identifying that. I didn't think of it that way. But now that you put it, yes. >> Yeah, I think. One of the things that I've loved about the whole show. And I am curious if you felt this way too. So much community first, customer first, behavior here. >> Yeah. >> Has that been your take as well? >> Yes, very much so. And that's reflected in the good fortune of our customer engagement. And if you were to look at our. Where has our growth come from? Despite the prevalent macroeconomic conditions. All our large customers have doubled on us because of the experience we provide. >> Ganesh, it has been absolutely fantastic having you on theCUBE. Thank you so much for joining us today. >> Yes, thank you. And if I may say one last thing? >> Of course you can. >> As, a venture, we've put together a new program. Especially for AWS Re:Invent. And it allows people to experience everything that Uptycs has to offer up to a thousand endpoints for a dollar. It's called as the Uptyc Secret menu. >> Woo. >> Go to Uptycsecretmenu.com and you'd be available to avail that until the end of the year. >> I'm signing up right now. >> I know. I was going to say, I feel like that's the best deal of reinvent. That's fantastic Ganesh. >> Yes. >> Well again, thank you so much. We look forward to our next conversation. Can't wait to see how many employees you have then. As a result of this wonderful recruitment video that we've just. >> We hope to nominally double. Thank you for having me here. (laughter) >> Absolutely. And thank all of you for tuning into our over 100 interviews here at AWS re:Invent. We are in Las Vegas, Nevada. Signing off for the last time with Paul Gillon. I'm Savannah Peterson. You're watching theCUBE, the leader in high tech coverage. (upbeat music fading) (upbeat music fading)

(gentle music) >> Hi everybody, this is Dave Vellante of TheCUBE. This is day two of Fal.Con 2022, CrowdStrike's big customer event. Over 2000 people here, a hundred sessions, a lot of deep security talk. Amol Kulkarni is here. He's the chief product and engineering officer at CrowdStrike, and we're going to get into it. Amol, thanks for coming to theCUBE. >> Great to be here. >> I enjoyed your keynote today. It was very informative. First of all, how's the show going for you? >> It's going fantastic. I mean, first and foremost, like to be having everyone here in person, after three years, that's just out the world, right? So great to meet and a lot of great conversations across the board with customers, partners. It's been fantastic. >> Yeah, so I want to start with Cloud Native, it's kind of your dogma. This whole, the new acronym is CNAP Cloud Native Application Protection Platform. >> Amol: That's right. >> There's a mouthful. What is that? How does it relate to what you guys are doing? >> Yeah, so CNAP is what Gartner has coined as the term for covering entire cloud security. And they have identified various components in it. The first and foremost is the runtime protection, cloud workload protection, as we call it. Second is posture management. That's CSBM cloud security posture management. Third is CIEM, which we announced today. And then the fourth is shift left, kind of Dev SecOps part of cloud security. And all together Gartner coins that as a solution or a suite, if you will, to cover various aspects of cloud security. >> Okay, so shift left and then shield right. You still got to shield right. Is that where network security comes in? Which is not your main focus, but okay. So now it explains... Gartner is an acronym. Now I get it. But the CIEM announcement cloud infrastructure entitlement management. So you're managing identities. Is that right? Explain that in more detail. >> So, yeah, so I mean, as in the on-premise world, but even more exacerbated in the crowd world you have lots and lots of identities, both human identities and service accounts that are accessing cloud services. And lot of the time the rigor is not there in terms of what permissions those identities are provisioned with. So are they over provisioned? Do they have lots of rights that they should not have? Are they able... Are services able to connect to resources that they should not be able to connect to all of that falls under the entitlement management, the identity entitlement management part. And that's where CIEM comes in. So what we said is, we have a great identity security story for on-premise, right? And now we are applying that to understand identities, the entitlements they have, secrets that are lying around, maybe leaked, or just, available for adversaries to exploit in the cloud security world. So taking all of that into account and giving you... Giving customers a snapshot view of one single view to say; these are the identities, these are their permissions, this is where you can trim them down because these are the dependencies that are present across services. And you see something that's not right from a dependency perspective, you can say, okay, this connection doesn't make sense. There's something malicious going on here. So there's a lot that you can do by having that scope of identities. Be very narrowed down. It's a first step in the zero trust journey for the cloud infrastructure. >> So I have to ask you when you now extend this conversation to the edge, and operations technology. Traditionally the infrastructure has been air gapped by, you know, brute force air gap. Don't worry about it. And maybe hasn't had to worry so much about the hygiene. So now as you... as the business drives and forces essentially digital connect... Digital transformation and connectivity >> Connectivity. Yeah. >> I mean, wow, that's a playground for the hackers. >> You absolutely nailed it. So most of these infrastructure was not designed with security in mind, unfortunately, right? As you said, most of it was air-gapped, disconnected. And now everything is getting to be connected because the updates are being pushed rapidly changes are happening. So, and that really, in some sense has changed the environment in which these devices are operating. The operational technology, industrial control. We had the colonial pipeline breach last year. And, that really opened people's eyes like, Hey, nation state adversaries are going to come after critical infrastructure. And that can... That is going to cause impact directly to the end end users, to the citizens. So we have to protect this infrastructure. And that's why we announced discover for IOT as a new module that looks at and understands all the IOT and industrial control systems assets. >> So that didn't require an architectural change though. Right? That was a capability that you introduced with partners. Right? Am I right about that? You don't have to re-architect anything. It's just... Your architecture fits perfectly into those scenarios. >> Absolutely, absolutely. Yeah, yeah, yeah. You actually... While the pace of change is there, architectural change is almost very difficult, because these are very large systems. They are built up over time. It take an industrial control system. The tracing speed is very different from a laptop. So yeah, you can't impose any architectural change. It has to be seamless from what the customers have. >> You were talking, I want to go back to CNAP. You were talking about the protecting the run time. You can do that with an agent. You had said agent... In your keynote. Agentless solutions don't give you runtime security protection. Can you double click on that and just elaborate? >> Yeah, absolutely. So what agentless solutions today are doing they're essentially tapping into APIs from AWS or Azure CloudTrail, for example and looking at misconfigurations. So that is indeed a challenge. So that is one part of the story, but that only gives you a partial view. Let's say that an attacker attacks and uses a existing credential. A legitimate credential to access one of the cloud services. And from there they escalate the privileges and then now start branching off the, the CSP, and the agentless-only solutions will not catch that. Right? So what you need is you, you need this agentless part but you have to couple that with; seeing the activity that's actually happening the living of the land attacks that cannot be caught by the CSP end-piece. So you need a combination of agentless and agent runtime to give that overall protection. >> What's the indicator of attack for a hacker that's living off the land, meaning using your own tools against you. >> That's right. So the indicators of attack are saying accessing services, for example, that are not normally accessed or escalating privileges. So you come in as a normal user, but then suddenly you have admin privileges because you have escalated those privileges, or you are moving laterally very rapidly from one place to another, or spraying across a lot of services in order to do reconnaissance and understand what is out there. So it's almost like looking for what is an abnormal attack path, abnormal behavior compared to what is normal and the good part is cloud. There's a lot that is normal, right? It's fairly constrained. It's not like a end user who is downloading stuff from the internet. And like doing all sorts of things. Cloud services are fairly constrained, so you can profile and you can figure out where there is a drift from the normal. And that's really the indicator of attack. In some sense, from cloud services >> In a previous life I want to change subjects. In a previous life. I spent a lot of time with CIOs. Helping them look at their application portfolio, understanding what to rationalize, what to get rid of, what to invest in, you know, bringing in new projects, cause you know, it's just you never throw a stuff away in IT. >> There is no obsolescence >> Right. So, but they wanted to... Anytime you go through these rationalization exercises change management is everything. And one of the hardest things to do was to map and understand the business impact of all the dependencies across the portfolio. Cause when application A needs this dataset. If you retire it, you're going to... It has ripple effects. And you talked about that in a security context today when you were talking about the asset graph and the threat graphs giving you the ability to understand those dependencies. Can you add some color to that? >> Absolutely. Absolutely. So what we've done with the asset graph; It's a fundamental piece of technology that we've been building now for some time that complements the thread graph. And the asset graph looks at: Assets, identities, applications, and configuration. All of those aspects. And the interconnections between them. So if a user is accessing an application on a server, all those, and in what role, all of that relationship is tied together in the asset graph. So what that does now is, it gives you an ability to say this application connects to this application. And that's the dependency on that port, for example. So you can now build up a dependency map and then the thread graph, what it does, it looks at the continuous activity that's happening. So if you now take the events that are coming into the thread graph and the graphical representation of those, combine it with the asset graph, you get that full dependency map. And now you can start doing that impact analysis that you talked about. Which is... It's an unsolved problem, right? And that's why security as I said in my keynote is most people do not have their security tools enabled to the highest level or they don't have full coverage just because the pace of change is so rapid. They cannot keep up with it. So we want to enable change management, at a rapid pace where businesses and customers can say; we are confident about the change management, about the change we are going to implement. Because we know what the potential impact would be. We can validate, test it in a smaller subset and then roll it out quickly. And that's the journey we are on. Sort of the theme of my talk was to make IT and security friends again. >> Right, you talked about that gap and bringing those two together. You also had a great quote in there; 'The pace of change and securities is insane.' And so this assets graph capability, dependencies and the threat graph, help you manage that accelerating pace of change. Before I forget, I want to ask you about your interview with Girls Who Code. What was that like? Who'd you interview? I unfortunately couldn't see it. I apologize. >> Yeah, fantastic. So, Reshma Saujani she heads Girls Who Code and she first off had a very very powerful talk just from her own own experiences. And essentially, like, what do we need to do to get more women into computer science first, but then within that, into cybersecurity. and what all have they done with Girls Who Code. So very, I mean, we were very touched at the audience was like super into her talk. And then I had a chance to chat with her for a few minutes, ask her a few questions. Just my view was more like, okay. What can we do together? What can CrowdStrike do in our position, in to attract more women? We've done a lot in terms of tailoring our job descriptions to make sure it's more... Remove the biases. Tuning the interview processes to be more welcoming and Reshma gave an example saying; 'Hey, many of these interviews, they start with a baseball discussion.' And I mean, some women may maybe interested in it but may not all maybe. And so is that the right? Is it a gender kind-of affirming or gender neutral kind-of discussion or do you want to have other topics? So a lot of that is about training the interviewers because most of the interviewers are men, unfortunately. That's the mix we have. And it was a great discussion. I mean, just like very practical. She's very much focused on increasing the number of people and increasing the pipeline which is honestly the biggest problem. Because if we have a lot of candidates we would definitely hire them and essentially improve the diversity. And we've done a great job with our intern program, for example, which has helped significantly improve the diversity on our workforce. >> And, but the gap keeps getting bigger in terms of unfulfilled jobs. That leads me to developers as a constituency. Because you guys are building the security cloud. You're on a mission to do that. And to me, if you have a security cloud, it's got to be programmable. You're going to have developers there. You don't... From what I can tell you have a specific developer platform, but it's organic. It's sort of happening out there. What's the strategy around, I mean, the developer today is so critical in terms of implementing a lot of security strategy and putting it into action. They've got to secure the run time. They got to worry about the APIs. They got to secure the PaaS. They got to secure the containers. Right, and so what's your developer strategy. >> Yeah, so within cloud security, enabling developers to implement DevSecOps as a as a philosophy, as a strategy, is critical. And so we, we have a lot of offerings there on the shift-left side, for example, you talked about securing containers. So we have container image assessment where we plug in into the container repositories to check for vulnerabilities and bad configuration in the container images. We then complement that with the runtime side where our agent can protect the container from runtime violations, from breakouts, for example. So it's a combination. It's a full spectrum, right? From the developer building an application, all the way to the end. Second I'd say is, we are a very much an API first company. So all of the things that you can do from a user interface perspective, you can do from APIs what is enable that is a bunch of partners a rich partner ecosystem that is building using those APIs. So the developers within our partners are leveraging those APIs to build very cool applications. And the manifestation of that is CrowdStrike store where essentially we have as Josh mentioned, in his ski-notes, we have a agent cloud architecture that is very rich. And we said, okay, why can't we open that up for partners to enable them to leverage that architecture for their scenarios? So we have a lot of applications that are built on the CrowdStrike store, leveraging our platform, right. Areas that we are not in, for example. >> And here, describe it. Is there a PaaS layer that's purpose-built for CrowdStrike so that developers can build applications? >> That's a great question. So I'll say that we have a beginnings of a PaaS layer. We definitely talked about CrowdStrike store as being passed for cybersecurity but there's a lot more to do. And we are in the process of building up an application platform so that customers can build the applications for their SOC workflow or IT workflow and and Falcon Fusion is a key part of that. So Falcon Fusion is our automation platform built right into the security cloud. And what that enables customers to do is to define... Encode their business process the way they want and leverage the platform the way they want. >> It seems like a logical next step. Because you're going to enable a consistent experience across the board. And fulfill your promise, your brand promise, and the capabilities that you bring. And this ecosystem will explode once you announce that. >> And that's the notion we talk about of being the sales force of security. >> Right, right. Yeah. That's the next step. Amol, thank you so much. I got to run and wrap. We really appreciate you coming on theCUBE. >> Thank you very much. >> Congratulations on your keynote and all the success and great event. >> Appreciate it. Thank you very much for the time and great chatting with you. >> You're very welcome. All right, keep it right there. We'll be back very shortly to wrap up from Fal.Con 2022. This is Dave Vellante for theCUBE. (soft electronic music)

(upbeat music) >> Welcome back to Fal.Con 22. We're here at the ARIA hotel in Las Vegas. We're here in Las Vegas, a lot. Dave Nicholson, Dave Alante. Fal.Con 22, wall to wall coverage, you're watching theCUBE. Anthony Kunya is here. He's the chief information security officer at Mercury Financial. And he's joined by his deputy CISO, Alex Arengo. Welcome, gentlemen. >> Good to see you. >> Thank you very much. Good to be here. Thank you for the opportunity to speak. >> Yeah, so this is a great event. This is our first time being at the, a CrowdStrike customer event. We do a lot of security shows, but this is really intimate. We got a high flying company. Tell us first about, of Mercury Financial. What are you guys all about? >> Oh, that's a fantastic question. Let's leeway into that. So Mercury Financial is a credit card company that serves people who are near prime. So be it some kind of hardship in their life. They had something impacted, be a financial impact, maybe a medical impact, an emergency, something, a death family where somehow their credit was impacted. We give 'em the opportunity through our motto, better credit, better life, to build up that credit score to add livelihood to their ability to be financially stable. >> I mean, I think this is huge because you know, so many people it's like, okay, one strike and you're out. >> Right. >> You know, that's just not right. You got- >> No, not at all. >> You got to give people another chance. And so there's so much talent out there. I think about some of the mistakes I made, Dave, when I was a younger man, but- >> No comment. >> Right. So I heard a stat today that I thought was great. Did you guys see the keynote? >> Yes. >> Of course. >> So in the keynote, the, they did the thing at Black Hat but they said what's XDR and I thought- Anthony] Oh goodness. >> My favorite, and I'm not going to ask you what XDR is. >> Okay, good, thank God. >> But my favorite answer was a holistic approach to endpoint security. And, you know, I think as a CISO you have to take a holistic approach to a security- >> Of course. >> Okay. >> Maybe talk about, a little bit about how you do that. >> Wow, a holistic approach I would say and I could, I'll give you an opportunity to speak as well, but a holistic approach it's people processes in technology. So a holistic approach would be, it isn't one box that you check. It's not a technology that is a silver bullet that fixes anything. Those technologies, those services are implemented by people. So good training, our human firewall, the forefront of implementing those technologies to build those processes and incorporate people and a level of sincerity and integrity that we build. So I feel like a holistic approach is both cyber culture to build the cyber resilience program that we so dearly need. >> And I could spend all day talking about security organizations, SecOps, DevSecOps, data SecOps, et cetera, but, but Alex, how, what is your role as the deputy CISO? How do you compliment what Anthony does? >> I got to bring it all together, right? So technically, what are we putting in place? What are the requirements that these stakeholders have? Their needs, their wants. We all have something that we need and want in our environment as an employee, as a customer, as a stakeholder. How do do we get that to market? How can we get it there quickly? You know, and it's really about finding the partners that can get us there, right? That can leverage us, that can force multiply us. >> Yes. >> You know, give my people more time to get the work done, the good work. >> Right, the hard work, of course. >> So paint a picture. You know, we hear a lot about all the different, the bevy of tools, the, how complicated CISOs tell us all the time, that we just don't have enough talent. We're looking for partners to help us compromise, but paint a picture of your environment and how you guys use CrowdStrike. >> Oh, that's a good one. Do you want to take this one? >> Great one, right? I mean, we leverage CrowdStrike at every way we can. We're a Fal.Con complete customer. So they're an extension of our team. They're an extension of our SOC right? >> Yeah. >> We leverage them for many things. We leverage them to understand the risk in our environment. Where we're at in zero trust. How we can really bring a lot of the new processes that the business wants to market, right? How can we get there as fast as possible? Can we make it secure, right? I'm a Mercury card customer also. So I'm, I have a vested interested in that. And I like to drive that, that's, so it comes down to can you align your holistic approach, or your organizational goals and bring that to a really good security product that is world class? >> And I can add a little bit to that as well. So I look at it as a triangle. So we leverage Fal.Con complete as that first level, tier one triage, people who do and understand the product extremely well, we leverage them quite a bit. We also have a VSOC service that we have this like, consider tier two or the middle of the triangle, by Verse, right? >> Yeah. >> Fantastic boutique security company that just has been working with us year over year, innovation, strategic initiatives, always there to play. And then Alex Arengo, and the threat management team, is our top tier, that's tier three, that's the top of the pyramid. By the time it bubbles up to Alex, that's when the real work happens, everyone's triaging, collecting data, putting together pieces. And then Alex and his teammates, and people that he's trained, fantastic, comes and puts it all together and paints a picture so we can then take that information and describe it in layman's terms, simple terms, to the business, to make them understand the level of risk, what we have to do to get to, and through that attack, or that indication of compromise, et cetera, so that we can remediate it, rectify it. >> Right, it's building that security culture foundation, right? It's getting everyone to buy into that. >> Yeah. >> It's a holistic approach and it's really the best way to do it, right? You get bought in from the stakeholders understand what they need to do, and what the goals of the business are. And it really works really well >> We journey together. >> We build a program together. >> Dave, I think that that cultural aspect is critical. Cause I've said many times, bad user behavior trumps good security every time. >> Yeah, absolutely. >> Oh goodness. >> Every time. >> Nicely put, I like that. >> So, I know we're early in the week still, but we did have the keynote. Is there anything that you are hearing, in terms of vision, that peaks your interest specifically, and then also sort of the follow up question is, are you guys kind of like lifeguards who can't ever relax at the beach? >> That's why I have a deputy CISO. Well, nobody can take time off, we have to share this. Of course we do. Most definitely. What would you say would be the next, most innovative thing that were looking for? >> Yeah, what's the next big thing, as far as you're concerned? >> The next biggest thing is definitely building the relationships we have. As we bring in new technologies, we go even more Cloud native. How do we leverage that expertise, that of the partners that we're bringing on board like Zscaler, CrowdStrike, Verse, right? How do we make them a part of the team, and make them perform, bring that world class quality talent across the spectrum, you know, from DevOps to that security analyst, picking up the phone and saying, I'm not really sure what's going on, but there's a culture that's built there where everybody comes to the table to feed, right? We all eat together. >> The ecosystem. >> Yes. >> That is the tooling that we leverage day in and day out. That's how we sleep at night. We have to pick our partners. >> You know, we talked about the ecosystem up front, and you look around, you can see the ecosystem and it's growing. >> Yes. >> And I predict it's going to grow a lot more. >> Yes. >> That's, and it has to, right? I mean, exactly what you're saying is that no one company can do it alone. And we heard, you know, we heard, it is confusing. You hear CrowdStrike's doing Identity, but then they partner with Okta. Right, and they're here out on the floor. So that's what you guys need. Talk a little bit more about the importance of ecosystem and partnerships from your perspective. >> Oh I got a good one for this. So I use the metaphor of having a restaurant. So we run a restaurant really well. We know what we want in the menu. We have a chef, we know how we want to put together, but we need excellent ingredients. You make muffins well. Bring your muffin into the restaurant. That brings and builds that rapport. That I want the menu to be rich and empower people to come in and say, you know, I've never had scallops or octopus before, I hear you guys make it better than anyone else, well, our ingredients are fantastic. Therefore, no matter what we do when we present it, it's perfect, it's palatable. >> Yeah. That's great. You're not making ice cream, but you're serving it. >> I can't, if you ever want to show us. >> We're just converging our bakery, you know? >> Yeah, yeah, yeah, salt, salt is the key. >> We're just working the bakery part out, yeah. >> Okay, I want to ask you about Cloud because you know, in 2010, 2011, when you talk to a financial services firm, Cloud, no, that's an evil word, now everybody's Cloud first. George Kurts talks about how, I mean essentially CrowdStrike is dogmatic. We are Cloud native. We have a Cloud native architecture. I know Gartner has this term CNAP or Cloud native application platform. So what does the Cloud mean to you guys? How does it fit in? What does Cloud native architecture do for you? >> It lets us converge everything we've been talking about. How do we, you know, that's a really big struggle that all security teams are having at, having today. How do I converge threat intelligence? How do I converge the environment that I'm in? How do I converge the threat intel that's coming in, right? All this, you're getting, security teams are constantly on a swivel, right? They're looking left, they're looking right. They're trying to identify what to do first. And you bring in the right partners. >> Yes. >> And you get in, you build the right program. You cement that culture internally. And it really provides dividends. >> You know what I think as well, Dave, is in the past, everyone was more data center based. >> Right. >> The Cloud was like a thing we'd forklift, we'd move over, we were born in the Cloud. So Cloud native Application protection is something that we need and will drive innovation. Will align with our strategic initiatives. We need people to think like the Cloud is what's happening. Super Cloud, some of the things that we spoke about. >> Yeah, so I was at, when we were at reinforced, I had this new mental model emerge, and it sort of hit me in the face. And you tell me, I'd love to talk to practitioners to say, yeah, that makes sense or, no, that's crap. So it seems like the Cloud has become the first line of defense for CISOs. Now you're Cloud first or Cloud native, so, okay. But then now you've got the shared responsibility model. And I don't know if you use multiple Clouds. Do you use multiple Clouds? >> We cannot say. >> Cannot say, okay, let's assume for a second, your, some of your colleagues, CISO colleagues, use multiple Clouds. >> They should, okay, sure. >> Now they've got multiple shared responsibility models. Now you've got also the application development team. They're being asked to be the pivot point to actually execute, they got to secure the platform. They got to secure the containers, their run time. >> Workloads, yes. >> And then you got audit behind you is kind of the last line of defense. So things are shifting. Describe sort of the organizational dynamic that you see, not necessarily specific to Mercury Financial, or that would be cool, but generally in the industry. >> Oh, I would say, I could say this, that having Cloud, multitenancy Cloud or the super Cloud model where we could abstract our services our protection, the different levels of security tooling, being able to abstract and speak a common language where you could run in Azure, GCP or AWS, and still have a common language that you can interpret and leverage between all the tooling would be something I would love to see. >> That's Super Cloud >> A magical, that is that. >> That is a Cloud interpreter essentially. >> I think we use different words, but yes. >> A PAs layer, super PAs layer, sorry to take it too far. >> Yeah, like, I want to be able to abstract it and speak a language that would work in any of the- >> What does that do for you as a technology practitioner? >> Well, imagine if you had to speak three different languages with three different people, get lost in translation. If we could speak a common language across all the different platforms and all the different footprints, it would be easier to define our security posture. Where are we? Are we secure? You might say security groups in AWS, it might be, mean something else, but it's still a level of protection that surrounds the end point, right? Something that would abstract that level would be very fun. Very good for me. >> It's, you know, it's pretty easy to understand your use case for this. When you're talking about here we are, Mercury Financial, you have the most sensitive financial information about people, right? >> Right, absolutely. >> A data breach where all of the information about your customers getting out there on the dark web. Right? Heart attack time. >> Instantly. >> What are some things that people might not think about though, that are going on in your world? What would surprise someone who maybe isn't a security specialist in terms of the things that you're dealing with as far as threats are concerned? >> I'm going to leave that on you. >> Can you think of some examples of things that you could, you know, obviously generic examples. >> Right. >> Yes. >> I'm going to point to the number one and two most common ways that applications and businesses are getting owned right now. And that's misconfigurations on your web app or a vulnerable application or phishing. And those are both very important things, right? A lot of development teams, they want to get things to market as soon as possible. And maybe security's on the back foot. It's about building that culture and to, you know, being Cloud native helps you have a, you can provide different tool sets to your organization that helps you understand that posture and makes you help those business decisions. Are we in a good posture to go forward right now? That's a big question that I think most security organizations need to ask themselves and the need to hold other stakeholders accountable. >> So phishing and the concept of social engineering, still alive and well? >> Oh, goodness. >> Always. >> Everything starts with people. The human firewall has to be front of mind. Security can't be an afterthought or a bolt on, that's something that you think about, well, I guess if I have to meet our compliance, it doesn't work with us. >> Comes back to the culture that you're actually talking about before. >> 100%, yeah, cyber resiliency starts with cyber culture. >> Kevin Mandy has said it today. I, never underestimate the adversary. The adversary- >> Of course. >> Is highly capable, motivated, big ROI and it just keeps getting bigger. The more technology gets embedded into our lives. The more lucrative hacking becomes. >> And more attack vectors. We have more areas that we could be potentially penetrated. >> They have a lot of time. Those threat actors have a lot of time. >> They do have a lot of time, yeah. >> Right. >> Right and to your point, you're constantly on the swivel. Right, you don't have time. >> Right. >> No, we don't. >> So do your responsibilities touch on things like fraud detection as well? >> Yeah, oh, that- >> Is that a silly question? I'm thinking- >> Yeah, no, it really is, so- >> No, not at all. >> Or there isn't segregation between what we would think of as IT and the credit card transaction that fires up a red flag. >> Those are integrated. >> It's definitely important. And in any business, right? Is to, like I mentioned, I use this word a lot converge, right? It's converging that intel, that fraud intelligence and making it into a process where we're reducing the risk and the losses that the business is incurring. >> Yes. >> It's so important, right? That we build that culture within the fraud teams, the operational teams, the, you know really anybody who has a really large stake in whatever the business product is. And, you know, being Cloud native, bringing in the right partners, building that security culture. I mean, that's the biggest one. >> Yeah, we've flown. >> It's last and definitely not least, it is, the culture's where you need to be. >> Absolutely. >> You know, you guys, I'm sure, you know, work with a lot of different vendors, a lot of tools, or sometimes the tools are point tools, they're best to breed. CrowdStrike says it wants to be a generational company. >> Oh, yeah. >> It says this notion of an unstoppable breach is a myth. You guys can't live that way. You have to assume you're going to breach but can CrowdStrike be a generational company? >> I think they've proven themselves. They've been around over a decade now. it's 11 years. They just had their birthday yesterday, right? >> Yeah. >> Or anniversary, the company started? >> Yeah. 11 years, yeah. >> I absolutely, and I also agree to add it a little bit part, from the fraud part. I think CrowdStrike would be an integral piece of the overall solution that we have. It hits so many different aspects and looks at so many different potential attack vectors. I keep using that word, but I think integrating fraud in other parts and other functions of the business will start to see that they can leverage CrowdStrike. That there's tooling within CrowdStrike innovatively, like ahead of the game. And I always like that about CrowdStrike, being way ahead of the game and thinking in front of our adversaries. I think other departments will be like, what tools do you have, how can we use them? This is fantastic, this makes us feel better. We don't have to worry about that. We can focus in on what we're good at and build that best of breed solution. So fraud can focus on fraud and you can leverage the tooling and the infrastructure that we provide them together holistically to build a security program that's beyond reproach. >> Guys, we got to go, great perspectives. Always love having the practitioners on. >> Yeah, thank you. >> I really appreciate your time, thank you. >> Yeah, absolutely, always a pleasure. Thank you so much for your time. >> Anthony, Alex, Dave and Dave will be right back, right after this short break. You're watching theCUBE from Fal.Con 2022 from the ARIA in Las Vegas. >> Cheers my friend. >> Yeah, of course. (cheerful music)