(bright music) >> Hello everyone and welcome back to AWS re:Invent, here in wonderful Las Vegas, Nevada. We're theCUBE. I am Savannah Peterson. Joined with my co-host, Dave Vellante. Day four, you look great. Your voice has come back somehow. >> Yeah, a little bit. I don't know how. I took last night off. You guys, I know, were out partying all night, but - >> I don't know what you're talking about. (Dave laughing) >> Well, you were celebrating John's birthday. John Furrier's birthday today. >> Yes, happy birthday John! >> He's on his way to England. >> Yeah. >> To attend his nephew's wedding. Awesome family. And so good luck, John. I hope you feel better, he's got a little cold. >> I know, good luck to the newlyweds. I love this. I know we're both really excited for our next guest, so I'm going to bring out, Lena Smart from MongoDB. Thank you so much for being here. >> Thank you for having me. >> How's the show going for you? >> Good. It's been a long week. And I just, not much voice left, so. >> We'll be gentle on you. >> I'll give you what's left of it. >> All right, we'll take that. >> Okay. >> You had a fireside chat, at the show? >> Lena: I did. >> Can you tell us a little bit about that? >> So we were talking about the Rise, The developer is a platform. In this massive theater. I thought it would be like an intimate, you know, fireside chat. I keep believing them when they say to me come and do these talks, it'll be intimate. And you turn up and there's a stage and a theater and it's like, oh my god. But it was really interesting. It was well attended. Got some really good questions at the end as well. Lots of follow up, which was interesting. And it was really just about, you know, how we've brought together this developer platform that's got our integrated services. It's just what developers want, it gives them time to innovate and disrupt, rather than worry about the minutia of management. >> Savannah: Do the cool stuff. >> Exactly. >> Yeah, so you know Lena, it's funny that you're saying that oh wow, the lights came on and it was this big thing. When when we were at re:Inforced, Lena was on stage and it was so funny, Lena, you were self deprecating like making jokes about the audience. >> Savannah: (indistinct) >> It was hilarious. And so, but it was really endearing to the audience and so we were like - >> Lena: It was terrifying. >> You got huge props for that, I'll tell you. >> Absolutely terrifying. Because they told me I wouldn't see anyone. Because we did the rehearsal the day before, and they were like, it's just going to be like - >> Sometimes it just looks like blackness out there. >> Yeah, yeah. It wasn't, they lied. I could see eyeballs. It was terrifying. >> Would you rather know that going in though? Or is it better to be, is ignorance bliss in that moment? >> Ignorance is bliss. >> Yeah, yeah yeah. >> Good call Savannah, right? Yeah, just go. >> The older I get, the more I'm just, I'm on the ignorance is bliss train. I just, I don't need to know anything that's going to hurt my soul. >> Exactly. >> One of the things that you mentioned, and this has actually been a really frequent theme here on the show this week, is you said that this has been a transformative year for developers. >> Lena: Yeah. >> What did you mean by that? >> So I think developers are starting to come to the fore, if you like, the fore. And I'm not in any way being deprecating about developers 'cause I love them. >> Savannah: I think everyone here does. >> I was married to one, I live with one now. It's like, they follow me everywhere. They don't. But, I think they, this is my opinion obviously but I think that we're seeing more and more the value that developers bring to the table. They're not just code geeks anymore. They're not just code monkeys, you know, churning out lines and lines of code. Some of the most interesting discussions I've had this week have been with developers. And that's why I'm so pleased that our developer data platform is going to give these folks back time, so that they can go and innovate. And do super interesting things and do the next big thing. It was interesting, I was talking to Mary, our comms person earlier and she had said that Dave I guess, my boss, was on your show - >> Dave: Yeah, he was over here last night. >> Yeah. And he was saying that two thirds of the companies that had been mentioned so far, within the whole gamut of this conference use MongoDB. And so take that, extrapolate that, of all the developers >> Wow. >> who are there. I know, isn't that awesome? >> That's awesome. Congrats on that, that's like - >> Did I hear that right now? >> I know, I just had that moment. >> I know she just told me, I'm like, really? That's - >> That's so cool. >> 'Cause the first thing I thought of was then, oh my god, how many developers are we reaching then? 'Cause they're the ones. I mean, it's kind of interesting. So my job has kind of grown from, over the years, being the security geek in the back room that nobody talks to, to avoiding me in the lift, to I've got a seat at the table now. We meet with the board. And I think that I can see that that's where the developer mindset is moving towards. It's like, give us the right tools and we'll change your world. >> And let the human capital go back to doing the fun stuff and not just the maintenance stuff. >> And, but then you say that, you can't have everything automated. I get that automation is also the buzzword of the week. And I get that, trust me. Someone has to write the code to do the automation. >> Savannah: Right. >> So, so yeah, definitely give these people back time, so that they can work on ML, AI, choose your buzzword. You know, by giving people things like queriable encryption for example, you're going to free up a whole bunch of head space. They don't have to worry about their data being, you know harvested from memory or harvested while at rest or in motion. And it's like, okay, I don't have to worry about that now, let me go do something fun. >> How about the role of the developer as it relates to SecOps, right? They're being asked to do a lot. You and I talked about this at re:Inforce. You seem to have a pretty good handle on it. Like a lot of companies I think are struggling with it. I mean, the other thing you said said to me is you don't have a lack of talent at Mongo, right? 'Cause you're Mongo. But a lot of companies do. But a lot of the developers, you know we were just talking about this earlier with Capgemini, the developer metrics or the application development team's metrics might not be aligned with the CSO's metrics. How, what are you seeing there? What, how do you deal with it within Mongo? What do you advise your customers? >> So in terms of internal, I work very closely with our development group. So I work with Tara Hernandez, who's our new VP of developer productivity. And she and her team are very much interested in making developers more productive. That's her job. And so we get together because sometimes security can definitely be seen as a blocker. You know, funnily enough, I actually had a Slack that I had to respond to three seconds before I come on here. And it was like, help, we need some help getting this application through procurement, because blah, blah, blah. And it's weird the kind of change, the shift in mindset. Whereas before they might have gone to procurement or HR or someone to ask for this. Now they're coming to the CSO. 'Cause they know if I say yes, it'll go through. >> Talk about social engineering. >> Exactly. >> You were talking about - >> But turn it around though. If I say no, you know, I don't like to say no. I prefer to be the CSO that says yes, but. And so that's what we've done. We've definitely got that culture of ask, we'll tell you the risks, and then you can go away and be innovative and do what you need to do. And we basically do the same with our customers. Here's what you can do. Our application is secure out of the box. Here's how we can help you make it even more, you know, streamlined or bespoke to what you need. >> So mobile was a big inflection point, you know, I dunno, it seems like forever ago. >> 2007. >> 2007. Yeah, iPhone came out in 2007. >> You remember your first iPhone? >> Dave: Yeah. >> Yeah? Same. >> Yeah. It was pretty awesome, actually. >> Yeah, I do too. >> Yeah, I was on the train to Boston going up to see some friends at MIT on the consortium that I worked with. And I had, it was the wee one, 'member? But you thought it was massive. >> Oh, it felt - >> It felt big. And I remember I was sitting on the train to Boston it was like the Estella and there was these people, these two women sitting beside me. And they were all like glam, like you and unlike me. >> Dave: That's awesome. >> And they, you could see them like nudging each other. And I'm being like, I'm just sitting like this. >> You're chilling. >> Like please look at my phone, come on just look at it. Ask me about it. And eventually I'm like - >> You're baiting them. >> nonchalantly laid it on the table. And you know, I'm like, and they're like, is that an iPhone? And I'm like, yeah, you want to see it? >> I thought you'd never ask. >> I know. And I really played with it. And I showed them all the cool stuff, and they're like, oh we're going to buy iPhones. And so I should have probably worked for Apple, but I didn't. >> I was going to say, where was your referral kickback on that? Especially - >> It was a little like Tesla, right? When you first, we first saw Tesla, it was Ray Wong, you know, Ray? From Pasadena? >> It really was a moment and going from the Blackberry keyboard to that - >> He's like want to see my car? And I'm like oh yeah sure, what's the big deal? >> Yeah, then you see it and you're like, ooh. >> Yeah, that really was such a pivotal moment. >> Anyway, so we lost a track, 2007. >> Yeah, what were we talking about? 2007 mobile. >> Mobile. >> Key inflection point, is where you got us here. Thank you. >> I gotchu Dave, I gotchu. >> Bring us back here. My mind needs help right now. Day four. Okay, so - >> We're all getting here on day four, we're - >> I'm socially engineering you to end this, so I can go to bed and die quietly. That's what me and Mary are, we're counting down the minutes. >> Holy. >> That's so sick. >> You're breaking my heart right now. I love it. I'm with you, sis, I'm with you. >> So I dunno where I was, really where I was going with this, but, okay, there's - >> 2007. Three things happened. >> Another inflection point. Okay yeah, tell us what happened. But no, tell us that, but then - >> AWS, clones, 2006. >> Well 2006, 2007. Right, okay. >> 2007, the iPhone, the world blew up. So you've already got this platform ready to take all this data. >> Dave: Right. >> You've got this little slab of gorgeousness called the iPhone, ready to give you all that data. And then MongoDB pops up, it's like, woo-hoo. But what we could offer was, I mean back then was awesome, but it was, we knew that we would have to iterate and grow and grow and grow. So that was kind of the three things that came together in 2007. >> Yeah, and then Cloud came in big time, and now you've got this platform. So what's the next inflection point do you think? >> Oh... >> Good question, Dave. >> Don't even ask me that. >> I mean, is it Edge? Is it IOT? Is there another disruptor out there? >> I think it's going to be artificial intelligence. >> Dave: Is it AI? >> I mean I don't know enough about it to talk about it, to any level, so don't ask me any questions about it. >> This is like one of those ignorance is bliss moments. It feels right. >> Yeah. >> Well, does it scare you, from a security perspective? Or? >> Great question, Dave. >> Yeah, it scares me more from a humanity standpoint. Like - >> More than social scared you? 'Cause social was so benign when it started. >> Oh it was - >> You're like, oh - I remember, >> It was like a yearbook. I was on the Estella and we were - >> Shout out to Amtrak there. >> I was with, we were starting basically a wikibond, it was an open source. >> Yeah, yeah. >> Kind of, you know, technology community. And we saw these and we were like enamored of Facebook. And there were these two young kids on the train, and we were at 'em, we were picking the brain. Do you like Facebook? "I love Facebook." They're like "oh, Facebook's unbelievable." Now, kids today, "I hate Facebook," right? So, but social at the beginning it was kind of, like I say, benign and now everybody's like - >> Savannah: We didn't know what we were getting into. >> Right. >> I know. >> Exactly. >> Can you imagine if you could have seen into the future 20 years ago? Well first of all, we'd have all bought Facebook and Apple stock. >> Savannah: Right. >> And Tesla stock. But apart from, but yeah apart from that. >> Okay, so what about Quantum? Does that scare you at all? >> I think the only thing that scares me about Quantum is we have all this security in place today. And I'm not an expert in Quantum, but we have all this security in place that's securing what we have today. And my worry is, in 10 years, is it still going to be secure? 'Cause we're still going to be using that data in some way, shape, or form. And my question is to the quantum geniuses out there, what do we do in 10 years like to retrofit the stuff? >> Dave: Like a Y2K moment? >> Kind of. Although I think Y2K is coming in 2038, isn't it? When the Linux date flips. I'll be off the grid by then, I'll be living in Scotland. >> Somebody else's problem. >> Somebody else's problem. I'll be with the sheep in Glasgow, in Scotland. >> Y2K was a boondoggle for tech, right? >> What a farce. I mean, that whole - >> I worked in the power industry in Y2K. That was a nightmare. >> Dave: Oh I bet. >> Savannah: Oh my God. >> Yeah, 'cause we just assumed that the world was going to stop and there been no power, and we had nuclear power plants. And it's like holy moly. Yeah. >> More than moly. >> I was going to say, you did a good job holding that other word in. >> I think I was going to, in case my mom hears this. >> I grew up near Diablo Canyon in, in California. So you were, I mean we were legitimately worried that that exactly was going to happen. And what about the waste? And yeah it was chaos. We've covered a lot. >> Well, what does worry you? Like, it is culture? Is it - >> Why are you trying to freak her out? >> No, no, because it's a CSO, trying to get inside the CSO's head. >> You don't think I have enough to worry about? You want to keep piling on? >> Well if it's not Quantum, you know? Maybe it's spiders or like - >> Oh but I like spiders, well spiders are okay. I don't like bridges, that's my biggest fear. Bridges. >> Seriously? >> And I had to drive over the Tappan Zee bridge, which is one of the longest, for 17 years, every day, twice. The last time I drove over it, I was crying my heart out, and happy as anything. >> Stay out of Oakland. >> I've never driven over it since. Stay out of where? >> Stay out of Oakland. >> I'm staying out of anywhere that's got lots of water. 'Cause it'll have bridges. >> Savannah: Well it's good we're here in the desert. >> Exactly. So what scares me? Bridges, there you go. >> Yeah, right. What? >> Well wait a minute. So if I'm bridging technology, is that the scary stuff? >> Oh God, that was not - >> Was it really bad? >> It was really bad. >> Wow. Wow, the puns. >> There's a lot of seems in those bridges. >> It is lit on theCUBE A floor, we are all struggling. I'm curious because I've seen, your team is all over the place here on the show, of course. Your booth has been packed the whole time. >> Lena: Yes. >> The fingerprint. Talk to me about your shirt. >> So, this was designed by my team in house. It is the most wanted swag in the company, because only my security people wear it. So, we make it like, yeah, you could maybe have one, if this turns out well. >> I feel like we're on the right track. >> Dave: If it turns out well. >> Yeah, I just love it. It's so, it's just brilliant. I mean, it's the leaf, it's a fingerprint. It's just brilliant. >> That's why I wanted to call it out. You know, you see a lot of shirts, a lot of swag shirts. Some are really unfortunately sad, or not funny, >> They are. >> or they're just trying too hard. Now there's like, with this one, I thought oh I bet that's clever. >> Lena: It is very cool. Yes, I love it. >> I saw a good one yesterday. >> Yeah? >> We fix shit, 'member? >> Oh yeah, yeah. >> That was pretty good. >> I like when they're >> That's a pretty good one. >> just straightforward, like that, yeah yeah. >> But the only thing with this is when you're say in front of a green screen, you look as though you've got no tummy. >> A portal through your body. >> And so, when we did our first - >> That's a really good point, actually. >> Yeah, it's like the black hole to nothingless. And I'm like wow, that's my soul. >> I was just going to say, I don't want to see my soul like that. I don't want to know. >> But we had to do like, it was just when the pandemic first started, so we had to do our big presentation live announcement from home. And so they shipped us all this camera equipment for home and thank God my partner knows how that works, so he set it all up. And then he had me test with a green screen, and he's like, you have no tummy. I'm like, what the hell are you talking about? He's like, come and see. It's like this, I dunno what it was. So I had to actually go upstairs and felt tip with a magic marker and make it black. >> Wow. >> So that was why I did for two hours on a Friday, yeah. >> Couldn't think of another alternative, huh? >> Well no, 'cause I'm myopic when it comes to marketing and I knew I had to keep the tshirt on, and I just did that. >> Yeah. >> In hindsight, yes I could have worn an "I Fix Shit" tshirt, but I don't think my husband would've been very happy. I secure shit? >> There you go, yeah. >> There you go. >> Over to you, Savannah. >> I was going to say, I got acquainted, I don't know if I can say this, but I'm going to say it 'cause we're here right now. I got acquainted with theCUBE, wearing a shirt that said "Unfuck Kubernetes," 'cause it was a marketing campaign that I was running for one of my clients at Kim Con last year. >> That's so good. >> Yeah, so - >> Oh my God. I'll give you one of these if you get me one of those. >> I can, we can do a swapskee. We can absolutely. >> We need a few edits on this film, on the file. >> Lena: Okay, this is nothing - >> We're fallin' off the wheel. Okay, on that note, I'm going to bring us to our challenge that we discussed, before we got started on this really diverse discussion that we have had in the last 15 minutes. We've covered everything from felt tip markers to nuclear power plants. >> To the darkness of my soul. >> To the darkness of all of our souls. >> All of our souls, yes. >> Which is perhaps a little too accurate, especially at this stage in the conference. You've obviously seen a lot Lena, and you've been rockin' it, I know John was in your suite up here, at at at the Venetian. What's your 30 second hot take? Most important story, coming out of the show or for you all at Mongo this year? >> Genuinely, it was when I learned that two-thirds of the customers that had been mentioned, here, are MongoDB customers. And that just exploded in my head. 'Cause now I'm thinking of all the numbers and the metrics and how we can use that. And I just think it's amazing, so. >> Yeah, congratulations on that. That's awesome. >> Yeah, I thought it was amazing. >> And it makes sense actually, 'cause Mongo so easy to use. We were talking about Tengen. >> We knew you when, I feel that's our like, we - >> Yeah, but it's true. And so, Mongo was just really easy to use. And people are like, ah, it doesn't scale. It's like, turns out it actually does scale. >> Lena: Turns out, it scales pretty well. >> Well Lena, without question, this is my favorite conversation of the show so far. >> Thank you. >> Thank you so much for joining us. >> Thank you very much for having me. >> Dave: Great to see you. >> It's always a pleasure. >> Dave: Thanks Lena. >> Thank you. >> And thank you all, tuning in live, for tolerating wherever we take these conversations. >> Dave: Whatever that was. >> I bet you weren't ready for this one, folks. We're at AWS re:Invent in Las Vegas, Nevada. With Dave Vellante, I'm Savannah Peterson. You're washing theCUBE, the leader for high tech coverage.

foreign welcome back everyone to our special presentation here at thecube with Horizon 3.a I'm John Furrier host thecube here in Palo Alto back it's niho and Tony CEO and co-founder of horizon 3 for deep dive on going under the hood around the big news and also the platform autonomous pen testing changing the game and security great to see you welcome back thank you John I love what you guys have been doing with the cube huge fan been here a bunch of times and yeah looking forward to the conversation let's get into it all right so what what's the market look like and how do you see it evolving we're in a down Market relative to startups some say our data we're reporting on siliconangle in the cube that yeah there might be a bit of downturn in the economy with inflation but the tech Market is booming because the hyperscalers are still pumping out massive scale and still innovating so so you know for the first time in history this is a recession or downturn where there's now Cloud scale players that are an economic engine what's your view on this where's the market heading relative to the downturn and how are you guys navigating that so um I think about it one the there's a lot of belief out there that we're going to hit a downturn and we started to see that we started to see deals get longer and longer to close back in May across the board in the industry we continue to see deals get at least backloaded in the quarter as people understand their procurement how much money they really have to spend what their earnings are going to be so we're seeing this across the board one is quarters becoming lumpier for tech companies and we think that that's going to become kind of the norm over the next over the next year but what's interesting in our space of security testing is a very basic supply and demand problem the demand for security testing has skyrocketed when I was a CIO eight years ago I only had to worry about my on-prem attack surface my perimeter and Insider threat those are my primary threat vectors now if I was a CIO I have to include multiple clouds all of the data in my SAS offerings my Salesforce account and so on as well as work from home threat vectors and other pieces and I've got Regulatory Compliance in Europe in Asia in in the U.S tons of demand for testing and there's just not enough Supply there's only 5 000 certified pen testers in the United States so I think for starters you have a fundamental supply and demand problem that plays to our strength because we're able to bring a tremendous amount of pen testing supply to the table but now let's flip to if you are the CEO of a large security company or whether it's a Consulting shop or so on you've got a whole bunch of deferred revenue in your business model around security testing services and what we've done in our past in previous companies I worked at is if we didn't think we were going to make the money the quarter with product Revenue we would start to unlock some of that deferred Services Revenue to make the number to hit what we expected Wall Street to hit what Wall Street expected of us in testing that's not possible because there's not enough Supply except us so if I'm the CEO of an mssp or a large security company and I need I see a huge backlog of security testing revenue on the table the easy button to convert that to recognized revenue is Horizon 3. and when I think about the next six months and the amount of Revenue misses we're going to see in security shops especially those that can't fulfill their orders I think there's a ripe opportunity for us to win yeah one of the few opportunities where on any Market you win because the forces will drive your flywheel that's exactly right very basic supply and demand forces that are only increasing with pressure and there's no way it takes 10 years just to build a master hacker just it's a very hard complex space we become the easy button to address that supply problem yeah and this and the autonomous aspect makes appsec reviews as new things get pushed with Cloud native developers they're shifting left but still the security policies need to stay Pace as these new vectors threat vectors appear yeah I mean because that's what's happening a new new thing makes a vector possible that's exactly right I think there's two aspects one is the as you in increase change in your environment you need to increase testing they are absolutely correlated the second thing though is you know for 20 years we focused on remote code execution or rces as an industry what was the latest rce that gave an attacker access to my environment but if you look over the past few years that entire mindset has shifted credentials are the new code execution what I mean by that is if I have a large organization with a hundred a thousand ten thousand employees all it takes is one of them to have a password I can crack in credential spray and gain access to as an attacker and once I've gained access to a single user I'm going to systematically snowball that into something of consequence and so I think that the attackers have shifted away from looking for code execution and looked more towards harvesting credentials and cascading credentials from a regular domain user into an admin this brings up the conversation I would like to do it more Deep dive now shift into more of like the real kind of landscape of the market and your positioning and value proposition in that and that is managed services are becoming really popular as we move into this next next wave of super cloud and multi-cloud and hybrid Cloud because I mean multi-cloud and hybrid hybrid than multi-cloud sounds good on paper but the security Ops become big and one of the things we're reporting with here on the cube and siliconangle the past six months is devops has made the developer the IT team because they've essentially run it now in CI CD pipeline as they say that means it's replaced by data Ops or AI Ops or security Ops and data and security kind of go hand in hand so I can see that playing out do you believe that to be true that that's kind of the new operational kind of beach head that's critical and if so secure if data is part of security that makes security the new it yeah I I think that if you think about organizations hell even for Horizon 3 right now I don't need to hire a CIO I'll have a CSO and that CSO will own it and governance risk and compliance and security operations because at the end of the day the most pressing question for me to answer as a CEO is my security posture IIT is a supporting function of that security posture and we see that at say or a growth stage company like Horizon 3 but when I thought about my time at GE Capital we really shifted to this mindset of security by Design architecture as code and it was very much security driven conversation and I think that is the norm going forward and how do you view the idea that you have to enable a managed service provider with security also managing comp and which then manages the company to enable them to have agile security um security is code because what you're getting at is this autonomous layer that's going to be automated away to make the next talented layer whether it's coder or architect scale so the question is what is abstracted away at at automation seems to be the conversation that's coming out of this big cloud native or super cloud next wave of cloud scale I think there's uh there's two Dimensions to that and honestly I think the more interesting Dimension is not the technical side of it but rather think of the Equifax hack a bunch of years ago had Equifax used a managed security services provider would the CEO have been fired after the breach and the answer is probably not I think the CEO would have transferred enough reputational risk in operational risk to the third party mssp to save his job from being you know from him being fired you can look at that across the board I think that if if I were a CIO again I would be hard-pressed to build my own internal security function because I'm accepting that risk as an executive and we saw what just happened at Uber there's a ton of risk coming with that with the with accepting that as a security person so I think in the future the role of the mssp becomes more significant as a mechanism for transferring enough reputational and operational and legal risk to a third party so that you as the Core Company are able to protect yourself and your people now then what you think is a super cloud printables and Concepts being applied at mssp scale and I think that becomes really interesting talk about the talent opportunity because I think the managed service providers point to markets that are growing and changing also having managed service means that the customers can't always hire Talent hence they go to a Channel or a partner this seems to be a key part of the growth in your area talk about the talent aspect of it yeah um think back to what we saw in Cloud so as as Cloud picked up we saw IBM HP other Hardware companies sell more servers but to fewer customers Amazon Google and others right and so I think something similar is going to happen in the security space where I think you're going to see security tools providers selling more volume but to fewer customers that are just really big mssps so that is the the path forward and I think that the underlying Talent issue gives us economies at scale and that's what we saw this with Cloud we're going to see the same thing in the mssp space I've got a density of Talent Plus a density of automation plus a density of of relationships and ecosystem that give mssps a huge economies of scale advantage over everybody else I mean I want to get into the mssp business sounds like I make a lot of money yeah definitely it's profitable no doubt about it like that I got to ask more on the more of the burden side of it because if you're a partner I don't need another training class I don't need another tool I don't need someone saying this is the highest margin product I need to actually downsize my tools so right now there's hundreds of tools that mssps have all the time dealing with and does the customer so tools platforms we've kind of teased this out in previous conversations together but more more relevant to the mssp is what they do to the customers so talk about this uh burden of tools and the socks out there in the in in the landscape how do you how do you view that and what's the conversation like on average an organization has 130 different cyber security tools installed none of those tools were designed to work together none of those tools are from the same vendor and in fact oftentimes they're from vendors that have competing products and so what we don't have and they're still getting breached in the industry we don't have a tools problem we have an Effectiveness problem we have to reduce the number of tools we have get more out of out of the the effectiveness out of the existing infrastructure build muscle memory you know how to detect and respond to a breach and continuously verify that posture I think that's what the the most successful security organizations have mastered the fundamentals and they mastered that by making sure they were effective in detection and response not mastering it by buying the next shiny AI tool on the defensive side okay so you mentioned supply and demand early since you're brought up economics we'll get into the economic equations here when you have great profits that's going to attract more entrance into the marketplace so as more mssps enter the market you're going to start to see a little bit of competition maybe some fud maybe some price competitive price penetration all kinds of different Tactics get out go on there um how does that impact you because now does that impact your price or are you now part of them just competing on their own value what's that mean for the channel as more entrants come in hey you know I can compete against that other one does that create conflict is that an opportunity does are you neutral on that what's the position it's a great question actually I think the way it plays out is one we are neutral two the mssp has to stand on their own with their own unique value proposition otherwise they're going to become commoditized we saw this in the early cloud provider days the cloud providers that were just basically wrapping existing Hardware with with a race to the bottom pricing model didn't survive those that use the the cloud infrastructure as a starting point to build higher value capabilities they're the ones that have succeeded to this day the same Mo I think will occur in mssps which is there's a base level of capability that they've got to be able to deliver and it is the burden of the mssp to innovate effectively to elevate their value problem it's interesting Dynamic and I brought it up mainly because if you believe that this is going to be a growing New Market price erosion is more in mature markets so it's interesting to see that Dynamic come up and we'll see how that handles on the on the economics and just the macro side of it getting more into kind of like the next gen autonomous pen testing is a leading indicator that a new kind of security assessment is here um if I said that to you how do you respond to that what is this new security assessment mean what does that mean for the customer and to the partner and that that relationship down that whole chain yeah um back to I'm wearing a CIO hat right now don't tell me we're secure in PowerPoint show me we're secure Today Show me where we're secure tomorrow and then show me we're secure again next week because that's what matters to me if you can show me we're secure I can understand the risk I'm accepting and articulate it up to my board to my Regulators up until now we've had a PowerPoint tell me where secure culture and security and I just don't think that's going to last all that much longer so I think the future of security testing and assessment is this shift from a PowerPoint report to truly showing me that my I'm secure enough you guys auto-generate those statements now you mentioned that earlier that's exactly right because the other part is you know the classic way to do security reports was garbage in garbage out you had a human kind of theoretically fill out a spreadsheet that magically came up with the risk score or security posture that doesn't work that's a check the box mentality what you want to have is an accurate High Fidelity understanding of your blind spots your threat vectors what data is at risk what credentials are at risk you want to look at those results over time how quickly did I find problems how quickly did I fix them how often did they reoccur and that is how you get to a show me where secure culture whether I'm a company or I'm a channel partner working with Horizon 3.ai I have to put my name on the line and say Here's a service level agreement I'm going to stand behind there's levels of compliance you mentioned that earlier how do you guys help that area because that becomes I call the you know below the line I got to do it anyway usually it's you know they grind out the work but it has to be fundamental because if the threats vectors are increasing and you're handling it like you say you are the way it is real time today tomorrow the next day you got to have that other stuff flow into it can you describe how that works under the hood yeah there's there's two parts to it the first part is that attackers don't have to hack in with zero days they log in with credentials that they found but often what attackers are doing is chaining together different types of problems so if you have 10 different tactics you can chain those together a number of different ways it's not just 10 to the 10th it's it's actually because you don't you don't have to use all the tactics at once this is a very large number of combinations that an attacker can apply upon you is what it comes down to and so at the base level what you want to have is what are the the primary tactics that are being used and those tactics are always being added to and evolving what are the primary outcomes that an attacker is trying to achieve steal your data disrupt your systems become a domain admin and borrow and now what you have is it actually looks more like a chess game algorithm than it does any sort of hard-coded automation or anything else which is based on the pieces on the board the the it infrastructure I've discovered what is the next best action to become a domain admin or steal your data and that's the underlying innovation in IP we've created which is next best action Knowledge Graph analytics and adaptiveness to figure out how to combine different problems together to achieve an objective that an attacker cares about so the 3D chess players out there I'd say that's more like 3D chess are the practitioners implementing it but when I think about compliance managers I don't see 3D chess players I see back office accountants in my mind like okay are they actually even understand what comes out of that so how do you handle the compliance side do you guys just check the boxes there is it not part of it is it yeah I I know I don't Envision the compliance guys on the front lines identifying vectors do you know what it doesn't even know what it means yeah it's a great question when you think about uh the market segmentation I think there are we've seen are three basic types of users you've got the the really mature high frequency security testing purple team type folks and for them we are the the force multiplier for them to secure the environment you then have the middle group where the IT person and the security person are the same individual they are barely Treading Water they don't know what their attack surface is and they don't know what to focus on we end up that's actually where we started with the barely Treading Water Persona and that's why we had a product that helped those Network Engineers become superheroes the third segment are those that view security and compliance as synonymous and they don't really care about continuous they care about running and checking the box for PCI and forever else and those customers while they use us they are better served by our partner ecosystem and that's really so the the first two categories tend to use us directly self-service pen tests as often as they want that compliance-minded folks end up going through our partners because they're better served there steel great to have you on thanks for this deep dive on um under the hood section of the interview appreciate it and I think autonomous is is an indicator Beyond pen testing pen testing has become like okay penetration security but this is not going away where do you see this evolving what's next what's next for Horizon take a minute to give a plug for what's going on with copy how do you see it I know you got good margins you're raising Capital always raising money you're not yet public um looking good right now as they say yeah yeah well I think the first thing is our company strategy is in three chapters chapter one is become the best security testing platform in the industry period that's it and be very good at helping you find and fix your security blind spots that's chapter one we've been crushing it there with great customer attraction great partner traction chapter two which we've started to enter is look at our results over time to help that that GRC officer or auditor accurately assess the security posture of an organization and we're going to enter that chapter about this time next year longer term though the big Vision I have is how do I use offense to inform defense so for me chapter three is how do I get away from just security testing towards autonomous security overall where you can use our security testing platform to identify ways to attack that informs defensive tools exactly where to focus how to adjust and so on and now you've got offset and integrated learning Loop between attack and defense that's the future never been done before Master the art of attack to become a better Defender is the bigger vision of the company love the new paradigm security congratulations been following you guys we will continue to follow you thanks for coming on the Special Report congratulations on the new Market expansion International going indirect that a big way congratulations thank you John appreciate it okay this is a special presentation with the cube and Horizon 3.ai I'm John Furrier your host thanks for watching thank you

>>We're back with the cube at Falcon 2022, Dave ante and Dave Nicholson. We're at the aria. We do of course, a lot of events in Las Vegas. It's the, it's the place to do events. Dave, I think is my sixth or seventh time here this year. At least. I don't know. I lose track. Jeff Swain is here. He's the vice president of global programs store and tech alliances at CrowdStrike. Jeff. Good to see you again. We saw each other at reinvent in July in Boston. >>Yes. Yeah, it was great to see you again, Dave, thank >>Very much. And we talked about making this happen so thrilled to be here at, at, at CrowdStrike Falcon. We're gonna talk today about the CrowdStrike XDR Alliance partners. First of all, what's XDR >>Well, I hope you were paying attention to George's George's keynote this morning. I guess. You know, the one thing we know is that if you ask 10, five people, what XDR is you'll get 10 answers. >>I like this answer a holistic approach to endpoint security. I, that was, >>It was good. Simple. >>That was a good one at black hat. So, but tell us about the XDR Alliance partners program. Give us the update there. >>Yeah, so I mean, we spoke about it reinforced, you know, the XDR program is really predicated on having a robust ecosystem of partners to help us share that telemetry across all of the different parts of our customers' environment. So we've done a lot of work over the last few weeks and trying to bolster that environment specifically, putting a lot of focus on firewall. You'll see that Cisco and fortunate have both joined the XD XDR Alliance. So we're working on that right now. A lot of customer demand for firewall data into the telemetry set. You know, obviously it's a very rich data environment. There's a lot of logs on firewalls. And so it drives a lot of, of, of information that we can, we can leverage. So we're continuing to grow that. And what we're doing is building out different content packs that support different use cases. So firewall is one CAS B is another emails another and we're building, building out the, the partner set right across the board. So it's, it's, it's been a, a great set of >>Activity. So it's it's partners that have data. Yep. There's probably some, you know, Joe Tuchi year old boss used to say that that overlap is better than gaps. So there's sometimes there's competition, but that's from a customer standpoint, overlap is, is better than gaps. So as gonna mention Cisco forte and there are a number of others, they've got data. Yes. And they're gonna pump it into your system, our platform, and you've got the, your platform. You've got the ability to ingest. You've got the cloud native architecture, you've got the analytics and you've got the near real time analysis capability. Right, right. >>Augmented by people as well, which is a really important part of our value proposition. You know, we, it's not just relying purely on AI, but we have a human, a human aspect to it as well to make sure we're getting extremely accurate responses. And then there's the final phase is the response phase. So being able to take action on a CASB, for example, when we have a known bad actor operating in the cloud is a really important, easy action for our customer to take. That's highly valuable. You're >>Talking about your threat hunting capability, right? >>So it's threat hunting and our Intel capability as well. We use all of that information as well as the telemetry to make sure we're making good, actionable >>Decisions, Intel being machine intelligence or, or human and machine >>Human and human and machine intelligence that we have. We have a whole business that's out there gathering Intel. I believe you think to Adam Myers who runs that business. And you know, that Intel is critical to making good decisions for our customers. >>So the X and XDR is extended, correct. Extending to things like firewalls. That's pretty obvious in the security space. Are there some less obvious data sources that you look to extend to at some point? >>Yeah, I think we're gonna continually go with where the customer demand is. And firewalls is one of the first and is very significant. Other one, you'll see that we're announcing support for Microsoft 365 as well as part of this, this announcement, but then we'll still grow out into the other areas. NDR is, you know, a specific area where we've already got a number of partners in that, in that space. And, and we'll grow that as we go. I think one of the really exciting additional elements is the, the OCS F announcement that we made at at, at, at, at reinforced, which also is a shared data scheme across a number of vendors as well. So talking to Mike's point, Microsoft ST's point this morning in his keynote, it's really about the industry getting together to do better job for our customers. And XDR is the platform to do that. And crowd strikes it way of doing it is the only really true, visible way for a customer to get their hands on all that information, make the decision, see the good from the bad and take the action. So I feel like we're really well placed to help our customers in >>That space. Well, Kevin mania referenced this too today, basically saying the industry's doing a better job of collaborations. I mean, sometimes I'm skeptical because we've certainly seen people try to, you know, commercialize private information, private reports. Yeah. But, but, but you're talking about, you know, some of your quasi competitors cooperatives, you know, actually partnering with you now. So that's a, that's a good indicator. Yeah. I want to step back a little bit, talk about the macro, the big conversation on wall street. Everybody wants to talk about the macro of course, for obvious reasons, we just published our breaking analysis, talking about you guys potentially being a generational company and sort of digging into that a little bit. We've seen, you know, cyber investments hold up a little bit better, both in terms of customer spending and of course the stock market better than tech broadly. Yeah. So in that case it would, it would suggest that cyber investments are somewhat non-discretionary. So, but that is my question are cyber investments non-discretionary if, if so, how, >>You know, I think George George calls that out directly in our analyst reports as well that, you know, we believe that cyber is a non-discretionary spend, but I, I actually think it's more than that. I think in this current macro or economic environment where CIOs and CSOs are being asked to sweat their assets for significantly longer period of time, that actually creates vulnerabilities because they have older kit, that's running for a longer period that they normally, you know, round out or churn out of their environment. They're not getting the investment to replace those laptops. They're not getting the, I placement to replace those servers. We have to sweat them for a little bit longer, longer, which means they need to be on top of the security posture of those devices. So that means that we need the best possible telemetry that we can get to protect those in the best possible way. So I actually think not only is it makes it non-discretionary, it actually increases the, the business case for, for, for taking on a, a cyber project. >>And I buy that. I buy that the business case is better potentially for cyber business case. And cyber is about, about risk reduction, right? It's about, it's about reducing expected loss. I, I, I, I, but the same time CISOs don't have an open wallet. They have to compete with other P and L managers. I also think the advantage for CrowdStrike I'm, I'm getting deeper into the architecture and beginning to understand the power of a lightweight agent that can do handle. I think you're up to 22 modules now, correct? Yes. I've got questions on how you keep that lightweight, but, but nonetheless, if you can consolidate the point tools, which is, you know, one of the biggest challenges that, that SecOps teams face that strengthens the ROI as well. >>Absolutely. And if you look at what George was saying this morning in the keynote, the combination of being able to provide tools, not only to the SecOps team, but the it ops team as well, being able to give the it ops team visibility on how many assets they have. I mean, these simple, these are simple questions that we should be able to answer. But often when we ask, you know, an operations leader, can you answer it? It sometimes it's hard for them. We actually have a lot of that information. So we are able to bring that into the platform. We're able to show them, we're able to show them where the assets are, where the vulnerabilities are against those assets and help it ops do a better job as well as SecOps. So the, the strength, the case strengthens, as you said, the CSO can also be talking to the it ops budget. >>The edge is getting more real. We're certainly hearing a lot about it now we're seeing a lot more and you kind of got the, the near edge, like the home Depot and the lows, you know, stores. Yeah. Okay. That I, I can get a better handle on, okay. How do I secure that? I've got some standards, but that's the far edge. It's, it's the, the OT yes. Piece of it. That's sort of the brave new world. What are you seeing there? How do you protect those far flowing estates? >>I think this gets back to the question of what's what's new or what's coming and where do we see the, the next set of workloads that we have to tackle? You know, when we came along first instance, we were really doing a lot of the on-prem on-prem and, and, and known cloud infrastructure suites. Then we started really tackling the broader crowd market with tools and technology to give visibility and control of the overall cloud environment. OT represents that next big addressable market for us, because there are so many questions around devices where they are, how old they are, what they're running. So visibility into the OT network is extremely, extremely important. And, you know, the, the wall that has existed again between the CISO and the OT environments coming down, we're seeing that's closer, closer alignment between the security on both those worlds. So the announcement that we've made around extending our Falcon discover product, to be able to receive and understand device information from the OT network and bring it into the same console as the, the it and the OT in the same console to give one cohesive picture of, of visibility of all of our devices is a major step forward for our customers and for, for the industry as well. >>And we see that being, being able to get the visibility will then lead us to a place of being able to build our AI models, build our response frameworks. So then we can go to a full EDR and then beyond that, there's, you know, all the other things that CrowdStrike do so well, but this is the first step to really the first step on control is visibility. And >>The OT guys are engineers. So they're obviously conscious of this stuff. It's, it's more it's again, you're extending that culture, isn't >>It? Yeah, yeah, yeah. Now when you're looking at threats, great, you want to do things to protect against those threats, but how much, how much of CrowdStrike's time is spent thinking about the friction that's involved in transactions? If I wanna go to the grocery store, think of me as an end point. If I wanna go to the grocery store, if I had to drive through three DUI checkpoints or car safety inspections. Yeah. Every time I went to the grocery store, I wouldn't be happy as an end point as an end user in this whole thing. Ideally, we'd be able just to be authenticated and then not have to worry about anything moving forward. Do you see that as your role, reducing friction 1%, >>That's again, one of the core tenants of, of, of why George founded the company. I mean, he tells the story of sitting on an airplane and seeing an executive who was also on the airplane, trying to boot their machine up and try and get an email out before the plane took off and watching the scanning happen, you know, old school virus scanning happening on the laptop and, and that executive not making it because, and he is like in this day and age, how can we be holding people back with that much friction in their day to day life? So that's one of the, again, founding principles of what we do at CrowdStrike was the security itself needs to support business growth, support, user growth, and actually get out of the way of how people do things. And we've seen progression along that lines. I think the zero trust work that we're doing right now really helps with that as well. >>Our integrations into other companies that play within the zero trust space makes that frictionless experience for the user, because yeah, we, we, we want to be there. We want to know everything that's happening, but we don't wanna see where we always want control points, but that's the value of the telemetry we take. We're taking all the data so we can see everything. And then we pick what we want to review rather than having to do the, the checkpoint approach of stop here. Now, let me see your credentials. Stop here. Let me see your credentials because we have a full field of, of knowledge and information on what the device is doing and what the user is doing. We're able to then do the trust with verify style approach. >>So coming back to the, to the edge in IOT, you know, bringing that zero trust concept to the, to the edge you've got, you've got it. And OT. Okay. So that's a new constituency, but you're consolidating that view. Your job gets harder. Doesn't it? So, so, so talk about how you resolve that. Do do the, do the concepts that you apply to traditional it endpoints apply at the edge. >>So first things we have to do is gain the visibility. And, and so the way in which we're doing that is effectively drawing information out from the OT environment at, by, by having a collector that's sitting there and bringing that into our console, which then will give us the ability to run our AI models and our other, you know, indications of attack or our indicators of misconfiguration into the model. So we can see whether something's good or bad whilst we're doing that. Obviously we're also working on building specific senses that will then sit in OT devices down, you know, one layer down from rather being collected and pulled and brought into the platform, being collected at the individual sensor level when we have that completed. And that requires a whole different ecosystem for us, it means that we have to engage with organizations like Rockwell and Siemens and Schneider, because they're the people who own the equipment, right? Yeah. And we have to certify with them to make sure that when we put technology onto their equipment, we're not going to cause any kind of critical failure that, you know, that could have genuine real world physical disastrous consequences. So we have to be super careful with how we build that, which we're we're in the process of >>Doing are the IOA signatures indicator as a tax. So I don't have to throw a dollar in the jar. Are the IOA signatures substantially similar at, at the edge, or >>I think we learn as we go, you know, first we have to gain the information and understand what good and bad looks like, what the kind of behaviors are there. But what we will see is that, you know, as someone's trying to, there's an actor, you know, making an attack, you know, will be able to see how they're affecting each of those endpoints individually, whether they're trying to take some form of control, whether they're switching them on and off in the edge and the far edge, it's a little bit more binary in terms of the kind of function of the device. It is the valve open or is the valve closed? It's is the production line running or is the production not line running, not running. So we need to be able to see that it's more about protecting the outcomes there as well. But again, you know, it's about first, we have to get the information. That's what this product will help us do, get it into the platform, get our teams over the top of it, learn more about what's going on there and then be able to take action. >>But the key point is the architecture will scale. And that's where the cloud native things comes >>Into. Yeah, it'll, it'll it'll scale. But to your, to your point about the lack of investment and infrastructure means older stuff means potentially wider gaps, bigger security holes, more opportunity for the security sector. Yep. I buy that. That makes sense. I think if it's a valid argument, when you, when you, when you know, we, we loosely talk about internet of things, edge, a lot of those things on the edge, there's probably a trillion dollars worth of a hundred year old garbage, and I'm only slightly exaggerating on the trillion and the a hundred years old, a lot of those critical devices that need to be sensed that are controlling our, our, our, our electrical grid. For example, a lot of those things need to be updated. So, so as you're pushing into that frontier, are you, you know, are, are you extending out developer kits and APIs to those people as they're developing those new things? Well, because some of the old stuff will never work. >>And that's what we're we're seeing is that there is a movement within the industrial control side of things to actually start, you know, doing this. Some, some simple things like removing the air gap from certain systems because you, now we can build a system around it. That's trustable and supportable. So now we can get access there over, over and over a network over the internet to, to, to kind of control a valve set that's down a pipeline or something like that. So there is, there is, there is willingness within the ecosystem, the, the IOT provider ecosystem to give us access to some of those, those controls, which, which wasn't there, which has led to some of some of these issues. Are we gonna be able to get to all of them? No, we're gonna have to make decisions based on customer demand, based on where the big, the big rock lie. And, and so we will continue to do that based on customer feedback on again, on what we see >>And the legacy air gaps in the OT worlds were by design for security reasons, or just sort of >>Mostly because there was no way to, to do before. Right. So it was, was like black >>Connectivity is >>So, so, so it was, people felt more comfortable sending an engineer route to the field truck roll. Yeah, yeah, yeah. To do it rather than expensive, rather. And, and exactly that, again, going back to our macro economic situation, you know, it's a very expensive way of managing and maintaining your fleet if you have to send someone to it every time. So there is a lot of there's, there's a lot of customer demand for change, and we're engaging in that change. And we want, we see a huge opportunity there >>Coming back to the X XDR Alliance, cuz that's kind of where we started. Where do you wanna see that go? What's your vision for that? >>So the Alliance itself has been fundamental in terms of now where we go with the overall platform. We are always constantly looking for customer feedback on where we go next on what additional elements to add that the Alliance members have been this fantastic time and effort in terms of engaging with us so that we can build in responses to their platforms, into, you know, into, into what we do. And they're seeing the value of it. I, I feel that over the next, you know, over the next two year period, we're gonna see those, our XDR Alliance and other XDR alliances growing out to get to each other and they will they'll touch each other. We will have to do it like the OSF project at AWS. And as that occurs, we're gonna be able to focus on customer outcomes, which is, you know, again, if you listen to George, you listen to Mike protecting the customers, the mission of CrowdStrike. So I think that's core to that, to, to that story. What we will see now is it's a great vehicle for us to give a structured approach to partnership. So we'll continue to invest in that. We've, we've got, we've got a pipeline of literally hundreds of, of partners who want to join. We've just gotta do that in a way that's consumable for us and consumable for the customer. >>Jeff Swain. Thanks so much for coming back in the cube. It's great to have you. Yeah. Thanks guys. Thank you. Okay. And thank you for watching Dave Nicholson and Dave ante. We'll be back right after this short break. You're watching the cube from Falcon 22 in Las Vegas, right back.

(upbeat music) >> Hello everyone, and welcome to Fal.Con 2022, CrowdStrike's big user conference. You're watching the Cube. My name is Dave Vallante. I'm here with my co-host David Nicholson. CrowdStrike is a company that was founded over 10 years ago. This is about 11 years, almost to the day. They're 2 billion company in revenue terms. They're growing at about 60% a year. They've got a path they've committed to wall street. They've got a path to $5 billion by mid decade. They got a $40 billion market cap. They're free, free cash flow positive and trying to build essentially a generational company with a very growing Tam and a modern platform. CrowdStrike has the fundamental belief that the unstoppable breach is a myth. David Nicholson, even though CSOs don't believe that, CrowdStrike is on a mission. Right? >> I didn't hear the phrase. Zero trust mentioned in the keynote >> Right. >> What was mentioned was this idea that CrowdStrike isn't simply a tool, it's a platform. And obviously it takes a platform to get to 5 billion. >> Yeah. So let's talk about the keynote. George Kurtz, the CEO came on. I thought the keynote was, was measured, but very substantive. It was not a lot of hype in there. Most security conferences, the two exceptions are this one and Reinforce, Amazon's big security conference. Steven Schmidt. The first time I was at a Reinforce said "All this narrative about security is such a bad industry" and "We're not doing a great job." And "It's so scary." That doesn't help the industry. George Kurtz sort of took a similar message. And you know what, Dave? When I think of security outside the context of IT I think of like security guards >> Right. >> Like protecting the billionaires. Right? That's a powerful, you know, positive thing. It's not really a defensive movement even though it is defensive but so that was kind of his posture there. But he talked about essentially what I call, not his words permanent changes in the, in the in the cyber defense industry, subsequent to the pandemic. Again, he didn't specifically mention the pandemic but he alluded to, you know, this new world that we live in. Fal.Con is a hundred sessions, eight tracks. And really his contention is we're in the early innings. These guys got 20,000 customers. And I think they got the potential to have hundreds of thousands. >> Yeah. Yeah. So, if I'm working with a security company I want them to be measured. I'm not looking for hype. I don't want those. I don't want those guards to be in disco shirts. I want them in black suits. So, you know, so the, the, the point about measured is is I think a positive one. I was struck by the competence of the people who were on stage today. I have seen very very large companies become kind of bureaucratic. And sometimes you don't get the best of the best up on stage. And we saw a lot of impressive folks. >> Yeah. Michael Santonis get up, but before we get to him. So, a couple points that Kurtz made he said, "digital transformation is needed to bring modern architectures to IT. And that brings modern security." And he laid out that whole sort of old way, new way very Andy Jassy-like old guard, new guard. He didn't hit on it that hard but he basically said "security is all about mitigating risk." And he mentioned that the the CSO I say CSO, he says CSO or CSO has a seat at the board. Now, many CSOs are board level participants. And then he went into the sort of four pillars of, of workload, and the areas that they focus on. So workload to them is end point, identity, and then data. They don't touch network security. That's where they partner with the likes of Cisco, >> Right. >> And Palo Alto networks. But then they went deep into identity threat protection, data, which is their observability platform from an acquisition called Humio. And then they went big time into XDR. We're going to talk about all this stuff. He said, "data is the new digital currency." Talked a lot about how they're now renaming, Humio, Log Scale. That's their Splunk killer. We're going to talk about that all week. And he talked a little bit about the single agent architecture. That is kind of the linchpin of CrowdStrike's architecture. And then Michael Santonis, the CTO came on and did a deep dive into each of those, and really went deep into XDR extended, right? Detection and response. XDR building on EDR. >> Yeah. I think the subject of XDR is something we'll be, we'll be touching on a lot. I think in the next two days. I thought the extension into observability was very, very interesting. When you look at performance metrics, where things are gathering those things in and being able to use a single agent to do so. That speaks to this idea that they are a platform and not just a tool. It's easy to say that you aspire to be a platform. I think that's a proof point. On the subject, by the way of their fundamental architecture. Over the years, there have been times when saying that your infrastructure requires an agent that would've been a deal killer. People say "No agents!" They've stuck to their guns because they know that the best way to deliver what they deliver is to have an agent in the environment. And it has proven to be the right strategy. >> Well, this is one of the things I want to explore with the technical architects that come on here today is, how do you build a lightweight agent that can do everything that you say it's going to do? Because they started out at endpoint, and then they've extended it to all these other modules, you know, identity. They're now into observability. They've got this data platform. They just announced that acquisition of another company they bought Preempt, which is their identity. They announced Responsify, responsify? Reposify, which is sort of extends the observability and gives them visualization or visibility. And I'm like, how do you take? How do you keep an agent lightweight? That's one of the things I want to better understand. And then the other is, as you get into XDR I thought Michael Santonis was pretty interesting. He had black hat last month. He did a little video, you know. >> That was great >> Man in the street, what's XDR what's XDR what's XDR. I thought the best response was, somebody said "a holistic approach to end point security." And so it's really an evolution of, of EDR. So we're going to talk about that. But, how do you keep an agent lightweight and still support all these other capabilities? That's something I really want to dig into, you know, without getting bloated. >> Yeah, Yeah. I think it's all about the TLAs, Dave. It's about the S, it's about SDKs and APIs and having an ecosystem of partners that will look at the lightweight agent and then develop around it. Again, going back to the idea of platform, it's critical. If you're trying to do it all on your own, you get bloat. If you try to be all things to all people with your agent, if you try to reverse engineer every capability that's out there, it doesn't work. >> Well that's one of the things that, again I want to explore because CrowdStrike is trying to be a generational company. In the Breaking Analysis that we published this week. One of the things I said, "In order to be a generational company you have to have a strong ecosystem." Now the ecosystem here is respectable, you know, but it's obviously not AWS class. You know, I think Snowflake is a really good example, ServiceNow. This feels to me like ServiceNow circa 2013. >> Yeah. >> And we've seen how ServiceNow has evolved. You know, Okta, bought Off Zero to give them the developer angle. We heard a little bit about a developer platform today. I want to dig into that some more. And we heard a lot about everybody hates their DLP. I want to get rid of my DLP, data loss prevention. And so, and the same thing with the SIM. One of the ETR round table, Eric Bradley, our colleague at a round table said "If it weren't for the compliance requirements, I would replace my SIM with XDR." And so that's again, another interesting topic. CrowdStrike, cloud native, lightweight agent, you know, some really interesting tuck in acquisitions. Great go-to-market, you know, not super hype just product that works and gets stuff done, you know, seems to have a really good, bright future. >> Yeah, no, I would agree. Definitely. No hype necessary. Just constant execution moving forward. It's clearly something that will be increasingly in demand. Another subject that came up that I thought was interesting, in the keynote, was this idea of security for elections, extending into the realm of misinformation and disinformation which are both very very loaded terms. It'll be very interesting to see how security works its way into that realm in the future. >> Yeah, yeah, >> Yeah. >> Yeah, his guy, Kevin Mandia, who is the CEO of Mandiant, which just got acquired. Google just closed the deal for $5.4 billion. I thought that was kind of light, by the way, I thought Mandiant was worth more than that. Still a good number, but, and Kevin, you know was the founder and, >> Great guy. >> they were self-funded. >> Yeah, yeah impressive. >> So. But I thought he was really impressive. He talked about election security in terms of hardening you know, the election infrastructure, but then, boom he went right to what I see as the biggest issue, disinformation. And so I'm sitting there asking myself, okay how do you deal with that? And what he talked about was mapping network effects and monitoring network effects, >> Right. >> to see who's pumping the disinformation and building career streams to really monitor those network effects, positive, you know, factual or non-factual network or information. Because a lot of times, you know, networks will pump factual information to build credibility. Right? >> Right. >> And get street cred, earn that trust. You know, you talk about zero trust. And then pump disinformation into the network. So they've now got a track. We'll get, we have Kevin Mandia on later with Sean Henry who's the CSO yeah, the the CSO or C S O, chief security officer of CrowdStrike >> more TLA. Well, so, you can think of it as almost the modern equivalent of the political ad where the candidate at the end says I support this ad or I stand behind whatever's in this ad. Forget about trying to define what is dis or misinformation. What is opinion versus fact. Let's have a standard for finding, for exposing where the information is coming from. So if you could see, if you're reading something and there is something that is easily de-code able that says this information is coming from a troll farm of a thousand bots and you can sort of examine the underlying ethos behind where this information is coming from. And you can take that into consideration. Personally, I'm not a believer in trying to filter stuff out. Put the garbage out there, just make sure people know where the garbage is coming from so they can make decisions about it. >> So I got a thought on that because, Kevin Mandia touched on it. Again, I want to ask about this. He said, so this whole idea of these, you know detecting the bots and monitoring the networks. Then he said, you can I think he said something that's to the effect of. "You can go on the offensive." And I'm thinking, okay, what does that mean? So for instance, you see it all the time. Anytime I see some kind of fact put out there, I got to start reading the comments and like cause I like to see both sides, you know. I'm right down the middle. And you'll go down and like 40 comments down, you're like, oh this is, this is fake. This video was edited, >> Right. >> Da, da, da, da, and then a bunch of other people. But then the bots take over and that gets buried. So, maybe going on the offensive is to your point. Go ahead and put it out there. But then the bots, the positive bots say, okay, by the way, this is fake news. This is an edited video FYI. And this is who put it out and here's the bot graph or something like that. And then you attack the bots with more bots and then now everybody can sort of of see it, you know? And it's not like you don't have to, you know email your friend and saying, "Hey dude, this is fake news." >> Right, right. >> You know, Do some research. >> Yeah. >> Put the research out there in volume is what you're saying. >> Yeah. So, it's an, it's just I thought it was an interesting segue into another area of security under the heading of election security. That is fraught with a lot of danger if done wrong, if done incorrectly, you know, you you get into the realm of opinion making. And we should be free to see information, but we also should have access to information about where the information is coming from. >> The other narrative that you hear. So, everything's down today again and I haven't checked lately, but security generally, we wrote about this in our Breaking Analysis. Security, somewhat, has held up in the stock market better than the broad tech market. Why? And the premise is, George Kurt said this on the last conference call, earnings call, that "security is non-discretionary." At the same time he did say that sales cycles are getting a little longer, but we see this as a positive for CrowdStrike. Because CrowdStrike, their mission, or one of their missions is to consolidate all these point tools. We've talked many, many times in the Cube, and in Breaking Analysis and on Silicon Angle, and on Wikibon, how the the security business use too many point tools. You know this as a former CTO. And, now you've got all these stove pipes, the number one challenge the CSOs face is lack of talent. CrowdStrike's premise is they can consolidate that with the Fal.Con platform, and have a single point of control. "Single pane of glass" to use that bromide. So, the question is, is security really non-discretionary? My answer to that is yes and no. It is to a sense, because security is the number one priority. You can't be lax on security. But at the same time the CSO doesn't have an open checkbook, >> Right. >> He or she can't just say, okay, I need this. I need that. I need this. There's other competing initiatives that have to be taken in balance. And so, we've seen in the ETR spending data, you know. By the way, everything's up relative to where it was, pre you know, right at the pandemic, right when, pandemic year everything was flat to down. Everything's up, really up last year, I don't know 8 to 10%. It was expected to be up 8% this year, let's call it 6 to 7% in 21. We were calling for 7 to 8% this year. It's back down to like, you know, 4 or 5% now. It's still healthy, but it's softer. People are being more circumspect. People aren't sure about what the fed's going to do next. Interest rates, you know, loom large. A lot of uncertainty out here. So, in that sense, I would say security is not non-discretionary. Sorry for the double negative. What's your take? >> I think it's less discretionary. >> Okay. >> Food, water, air. Non-discretionary. (David laughing) And then you move away in sort of gradations from that point. I would say that yeah, it is, it falls into the category of less-discretionary. >> Alright. >> Which is a good place to be. >> Dave Nicholson and David Vallante here. Two days of wall to wall coverage of Fal.Con 2022, CrowdStrike's big user conference. We got some great guests. Keep it right there, we'll be right back, right after this short break. (upbeat music)

(upbeat music) >> Hello, welcome everyone to "theCUBE" presentation of the AWS Startup Showcase, this is Season Two, Episode Four of the ongoing series covering exciting startups from the AWS ecosystem. Here to talk about Cyber Security. I'm your host John Furrier here joined by two great "CUBE" alumnus, Liz Rice who's the chief open source officer at Isovalent, and Mark Nunnikhoven who's the distinguished cloud strategist at Lacework. Folks, thanks for joining me today. >> Hi. Pleasure. >> You're in the U.K. Mark, welcome back to the U.S, I know you were overseas as well. Thanks for joining in this panel to talk about set the table for the Cybersecurity Showcase. You guys are experts out in the field. Liz we've had many conversations with the rise of open source, and all the innovations coming from out in the open source community. Mark, we've been going and covering the events, looking at all the announcements we're kind of on this next generation security conversation. It's kind of a do over in progress, happening every time we talk security in the cloud, is what people are are talking about. Amazon Web Services had reinforced, which was more of a positive vibe of, Hey, we're all on it together. Let's participate, share information. And they talk about incidents, not breaches. And then, you got Black Hat just happened, and they're like, everyone's getting hacked. It's really interesting as we report that. So, this is a new market that we're in. People are starting to think differently, but still have to solve the same problems. How do you guys see the security in the cloud era unfolding? >> Well, I guess it's always going to be an arms race. Isn't it? Everything that we do to defend cloud workloads, it becomes a new target for the bad guys, so this is never going to end. We're never going to reach a point where everything is completely safe. But I think there's been a lot of really interesting innovations in the last year or two. There's been a ton of work looking into the security of the supply chain. There's been a ton of new tooling that takes advantage of technology that I'm really involved with and very excited about called eBPF. There's been a continuation of this new generation of tooling that can help us observe when security issues are happening, and also prevent malicious activities. >> And it's on to of open source activity. Mark, scale is a big factor now, it's becoming a competitive advantage on one hand. APIs have made the cloud great. Now, you've got APIs being hacked. So, all the goodness of cloud has been great, but now we've got next level scale, it's hard to keep up with everything. And so, you start to see new ways of doing things. What's your take? >> Yeah, it is. And everything that's old is new again. And so, as you start to see data and business workloads move into new areas, you're going to see a cyber crime and security activity move with them. And I love, Liz calling out eBPF and open source efforts because what we've really seen to contrast that sort of positive and negative attitude, is that as more people come to the security table, as more developers, as more executives are aware, and the accessibility of these great open source tools, we're seeing that shift in approach of like, Hey, we know we need to find a balance, so let's figure out where we can have a nice security outcome and still meet our business needs, as opposed to the more, let's say to be polite, traditional security view that you see at some other events where it's like, it's this way or no way. And so, I love to see that positivity and that collaboration happening. >> You know, Liz, this brings up a good point. We were talking at our Super Cloud Event we had here when we were discussing the future of how cloud's emerging. One of the conversations that Adrian Cockcroft brought up, who's now retired from AWS, former with Netflix. Adrian being open source fan as well. He was pointing out that every CIO or CISO will buy an abstraction layer. They love the dream. And vendors sell the dream, so to speak. But the reality it's not a lot of uptake because it's complex, And there's a lot of non-standard things per vendor. Now, we're in an era where people are looking for some standardization, some clean, safe ways to deploy. So, what's the message to CSOs, and CIOs, and CXOs out there around eBPF, things like that, that are emerging? Because it's almost top down, was the old way, now as bottoms up with open source, you're seeing the shift. I mean, it's complete flipping the script of how companies are buying? >> Yeah. I mean, we've seen with the whole cloud native movement, how people are rather than having like ETF standards, we have more of a defacto collaborative, kind of standardization process going on. So, that things like Kubernetes become the defacto standard that we're all using. And then, that's helping enterprises be able to run their workloads in different clouds, potentially in their own data centers as well. We see things like EKS anywhere, which is allowing people to run their workloads in their data center in exactly the same way as they're running it in AWS. That sort of leveling of the playing field, if you like, can help enterprises apply the same tooling, and that's going to always help with security if you can have a consistent approach wherever you are running your workload. >> Well, Liz's take a minute to explain eBPF. The Berkeley packet filtering technology, people know from Trace Dumps and whatnot. It's kind of been around for a while, but what is it specifically? Can you take a minute to explain eBPF, and what does that mean for the customer? >> Yeah. So, you mentioned the packet filtering acronym. And honestly, these days, I tell people to just forget that, because it means so much more for. What eBPF allows you to do now, is to run custom programs inside the kernel. So, we can use that to change the way that the kernel behaves. And because the kernel has visibility over every process that's running across a machine, a virtual machine or a bare metal machine, having security tooling and observability tooling that's written using eBPF and sitting inside the kernel. It has this great perspective and ability to observe and secure what's happening across that entire machine. This is like a step change in the capabilities really of security tooling. And it means we don't have to rely on things like kernel modules, which traditionally people have been quite worried about with good reason. eBPF is- >> From a vulnerability standpoint, you mean, right? From a reliability. >> From a vulnerability standpoint, but even just from the point of view that kernel modules, if they have bugs in them, a bug in the kernel will bring the machine to a halt. And one of the things that's different with eBPF, is eBPF programs go through a verification process that ensures that they're safe to run that, but happens dynamically and ensures that the program cannot crash, will definitely run to completion. All the memory access is safe. It gives us this very sort of reassuring platform to use for building these kernel-based tools. >> And what's the bottom line for the customer and the benefit to the organization? >> I think the bottom line is this new generation of really powerful tools that are very high performance. That have this perspective across the whole set of workloads on a machine. That don't need to rely on things like a CCAR model, which can add to a lot of complexity that was perfectly rational choice for a lot of security tools and observability tools. But if you can use an abstraction that lives in the kernel, things are much more efficient and much easier to deploy. So, I think that's really what that enterprise is gaining, simpler to deploy, easier to manage, lower overhead set of tools. >> That's the dream they want. That's what they want. Mark, this is whether the trade offs that comes up. We were talking about the supercloud, and all kinds. Even at AWS, you're going to have supercloud, but you got super hackers as well. As innovation happens on one side, the hackers are innovating on the other. And you start to see a lot of advances in the lower level, AWS with their Silicon and strategies are continuing to happen and be stronger, faster, cheaper, better down the lower levels at the network lay. All these things are innovating, but this is where the hackers are going too, right? So, it's a double edge sword? >> Yeah, and it always will be. And that's the challenge of technology, is sort of the advancement for one, is an advancement for all. But I think, while Liz hit the technical aspects of the eBPF spot on, what I'm seeing with enterprises, and in general with the market movement, is all of those technical advantages are increasing the confidence in some of this security tooling. So, the long sort of anecdote or warning in security has always been things like intrusion prevention systems where they will look at network traffic and drop things they think bad. Well, for decades, people have always deployed them in detect-only mode. And that's always a horrible conversation to have with the board saying, "Well, I had this tool in place that could have stopped the attack, but I wasn't really confident that it was stable enough to turn on. So, it just warned me that it had happened after the fact." And with the stability and the performance that we're seeing out of things based on technologies like eBPF, we're seeing that confidence increase. So, people are not only deploying this new level of tooling, but they're confident that it's actually providing the security it promised. And that's giving, not necessarily a leg up, but at least that level of parody with that push forward that we're seeing, similar on the attack side. Because attackers are always advancing as well. And I think that confidence and that reliability on the tooling, can't be underestimated because that's really what's pushing things forward for security outcomes. >> Well, one of the things I want get your both perspective on real quick. And you kind of segue into this next set of conversations, is with DevOps success, Dev and Ops, it's kind of done, right? We're all happy. We're seeing DevOps being so now DevSecOps. So, CSOs were like kind of old school. Buy a bunch of tools, we have a vendor. And with cloud native, Liz, you mentioned this earlier, accelerating the developers are even driving the standards more and more. So, shifting left is a security paradigm. So, tooling, Mark, you're on top of this too, it's tooling versus how do I organize my team? What are the processes? How do I keep the CICD pipeline going, higher velocity? How can I keep my app developers programming faster? And as Adrian Cockcroft said, they don't really care about locking, they want to go faster. It's the ops teams that have to deal with everything. So, and now security teams have to deal with the speed and velocity. So, you're seeing a new kind of step function, ratchet game where ops and security teams who are living DevOps, are still having to serve the devs, and the devs need more help here. So, how do you guys see that dynamic in security? Because this is clearly the shift left's, cloud native trend impacting the companies. 'Cause now it's not just shifting left for developers, it has a ripple effect into the organization and the security posture. >> We see a lot of organizations who now have what they would call a platform team. Which is something similar to maybe what would've been an ops team and a security team, where really their role is to provide that platform that developers can use. So, they can concentrate on the business function that they don't have to really think about the underlying infrastructure. Ideally, they're using whatever common definition for their applications. And then, they just roll it out to a cloud somewhere, and they don't have to think about where that's operating. And then, that platform team may have remit that covers, not just the compute, but also the networking, the common set of tooling that allows people to debug their applications, as well as securing them. >> Mark, this is a big discussion because one, I love the team, process collaboration. But where's the team? We've got a skills gap going on too, right? So, in all this, there's a lot of action happening. What's your take on this dynamic of tooling versus process collaboration for security success? >> Yeah, it's tough. And I think what we're starting to see, and you called it out spot on, is that the developers are all about dynamic change and rapid change, and operations, and security tend to like stability, and considered change in advance. And the business needs that needle to be threaded. And what we're seeing is sort of, with these new technologies, and with the ideas of finally moving past multicloud, into, as you guys call supercloud, which I absolutely love is a term. Let's get the advantage of all these things. What we're seeing, is people have a higher demand for the outputs from their tooling, and to find that balance of the process. I think it's acknowledged now that you're not going to have complete security. We've gotten past that, it's not a yes or no binary thing. It's, let's find that balance in risk. So, if we are deploying tooling, whether that's open source, or commercial, or something we built ourselves, what is the output? And who is best to take action on that output? And sometimes that's going to be the developers, because maybe they can just fix their architecture so that it doesn't have a particular issue. Sometimes that's going to be those platform teams saying like, "Hey, this is what we're going to apply for everybody, so that's a baseline standard." But the good news, is that those discussions are happening. And I think people are realizing that it's not a one size-fits-all. 10 years ago was sort of like, "Hey, we've got a blueprint and everyone does this." That doesn't work. And I think that being out in the open, really helps deliver these better outcomes. And because it isn't simple, it's always going to be an ongoing discussion. 'Cause what we decide today, isn't going to be the same thing in a week from now when we're sprint ahead, and we've made a whole bunch of changes on the platform and in our code. >> I think the cultural change is real. And I think this is hard for security because you got so much current action happening that's really important to the business. That's hard to just kind of do a reset without having any collateral damage. So, you kind of got to mitigate and manage all the current situation, and then try to build a blueprint for the future and transform into a kind of the next level. And it kind of reminds me of, I'm dating myself. But back in the days, you had open source was new. And the common enemy was proprietary, non-innovative old guard, kind of mainframe mini computer kind of proprietary analysis, proprietary everything. Here, there is no enemy. The clouds are doing great, right? They're leaning in open source is at all time high and not stopping, it's it's now standard. So, open is not a rebel. It's not the rebel anymore, it's the standard. So, you have the innovation happening in open source, Liz, and now you have large scale cloud. And this is a cultural shift, right? How people are buying, evaluating product, and implementing solutions. And I when I say new, I mean like new within the decades or a couple decades. And it's not like open source is not been around. But like we're seeing new things emerge that are pretty super cool in the sense that you have projects defining standards, new things are emerging. So, the CIO decision making process on how to structure teams and how to tackle security is changing. Why IT department? I mean, just have a security department and a Dev team. >> I think the fact that we are using so much more open source software is a big part of this cultural shift where there are still a huge ecosystem of vendors involved in security tools and observability tools. And Mark and I both represent vendors in those spaces. But the rise of open source tools, means that you can start with something pretty powerful that you can grow with. As you are experimenting with the security tooling that works for you, you don't have to pay a giant sum to get a sort of black box. You can actually understand the open source elements of the tooling that you are going to use. And then build on that and get the enterprise features when you need those. And I think that cultural change makes it much easier for people to work security in from the get go, and really, do that shift left that we've been talking about for the last few years. >> And I think one of the things to your point, and not only can you figure out what's in the open source code, and then build on top of it, you can also leave it too. You can go to something better, faster. So, the switching costs are a lot lower than a lock in from a vendor, where you do all the big POCs and the pilots. And, Mark, this is changing the game. I mean, I would just be bold enough to say, IT is going to be irrelevant in the sense of, if you got DevOps and it works, and you got security teams, do you really need IT 'cause the DevOps is the IT? So, if everyone goes to the cloud operations, what does IT even mean? >> Yeah, and it's a very valid point. And I think what we're seeing, is where IT is still being successful, especially in large companies, is sort of the economy of scale. If you have enough of the small teams doing the same thing, it makes sense to maybe take one tool and scale it up because you've got 20 teams that are using it. So, instead of having 20 teams run it, you get one team to run it. On the economic side, you can negotiate one contract if it's a purchase tool. There is still a place for it, but I think what we're seeing and in a very positive way, is that smaller works better when it comes to this. Because really what the cloud has done and what open source continues to do, is reduce the barrier to entry. So, a team of 10 people can build something that it took a 1000 people, a decade ago. And that's wonderful. And that opens up all these new possibilities. We can work faster. But we do need to rethink it at reinforce from AWS. They had a great track about how they're approaching it from people side of things with their security champion's idea. And it's exactly about this, is embedding high end security talent in the teams who are building it. So, that changes the central role, and the central people get called in for big things like an incident response, right? Or a massive auditor reviews. But the day-to-day work is being done in context. And I think that's the real key, is they've got the context to make smarter security decisions, just like the developers and the operational work is better done by the people who are actually working on the thing, as opposed to somebody else. Because that centralized thing, it's just communication overhead most of the time. >> Yeah. I love chatting with you guys because here's are so much experts on the field. To put my positive hat on around IT, remember the old argument of, "Oh, automation's, technology's going to kill the bank teller." There's actually more tellers now than ever before. So, the ATM machine didn't kill that. So, I think IT will probably reform from a human resource perspective. And I think this is kind of where the CSO conversation comes full circle, Liz and Mark, because, okay, let's assume that this continues the trajectory to open source, DevOps, cloud scale, hybrid. It's a refactoring of personnel. So, you're going to have DevOps driving everything. So, now the IT team becomes a team. So, most CSOs we talk to are CXOs, is how do I deploy my teams? How do I structure things, my investment in people, and machines and software in a way that I get my return? At the end of the day, that's what they live for, and do it securely. So, this is the CISO's kind of thought process. How do you guys react to that? What's the message to CISOs? 'Cause they have a lot of companies to look at here. And in the marketplace, they got to spend some money, they got to get a return, they got to reconfigure. What's your advice? Liz, what's your take? Then we'll go to Mark. >> That's a really great question. I think cloud skills, cloud engineering skills, cloud security skills have never been more highly valued. And I think investing in training people to understand cloud that there are tons of really great resources out there to help ramp people up on these skills. The CNCF, AWS, there's tons of organizations who have really great courses and exams, and things that people can do to really level up their skills, which is fantastic right from a grassroots level, through to the most widely deployed global enterprise. I think we're seeing a lot of people are very excited, develop these skills. >> Mark, what's your take for the CSO, the CXO out there? They're scratching their head, they're going, "Okay, I need to invest. DevOps is happening. I see the open source, I'm now got to change over. Yeah, I lift and shift some stuff, now I got to refactor my business or I'm dead." What's your advice? >> I think the key is longer term thinking. So, I think where people fell down previously, was, okay, I've got money, I can buy tools, roll 'em out. Every tool you roll out, has not just an economic cost, but a people cost. As Liz said, those people with those skills are in high demand. And so, you want to make sure that you're getting the most value out of your people, but your tooling. So, as you're investing in your people, you will need to roll out tools. But they're not the answer. The answer is the people to get the value out of the tools. So, hold your tools to a higher standard, whether that's commercial, open source, or something from the CSP, to make sure that you're getting actionable insights and value out of them that your people can actually use to move forward. And it's that balance between the two. But I love the fact that we're finally rotating back to focus more on the people. Because really, at the end of the day, that's what's going to make it all work. >> Yeah. The hybrid work, people processes. The key, the supercloud brings up the conversation of where we're starting to see maturation into OPEX models where CapEx is a gift from the clouds. But it's not the end of bilk. Companies are still responsible for their own security. At the end of the day, you can't lean on AWS or Azure. They have infrastructure and software, but at the end of the day, every company has to maintain their own. Certainly, with hybrid and edge coming, it's here. So, this whole concept of IT, CXO, CIO, CSO, CSO, I mean, this is hotter than ever in terms of like real change. What's your reaction to that? >> I was just reading this morning that the cost of ensuring against data breaches is getting dramatically more expensive. So, organizations are going to have to take steps to implement security. You can't just sort of throw money at the problem, you're going to actually have to throw people and technology at the problem, and take security really seriously. There is this whole ecosystem of companies and folks who are really excited about security and here to help. There's a lot of people interested in having that conversation to help those CSOs secure their deployments. >> Mark, your reaction? >> Yeah. I think, anything that causes us to question what we're doing is always a positive thing. And I think everything you brought up really comes down to remembering that no matter what, and no matter where, your data is always your data. And so, you have some level of responsibility, and that just changes depending on what system you're using. And I think that's really shifting, especially in the CSO or the CSO mindset, to go back to the basics where it used to be information security and not just cyber security. So, whether that information and that data is sitting on my desk physically, in a system in our data center, or in the cloud somewhere. Looking holistically, and that's why we could keep coming back to people. That's what it's all about. And when you step back there, you start to realize there's a lot more trade offs. There's a lot more levers that you can work on, to deliver the outcome you want, to find that balance that works for you. 'Cause at the end of the day, security is just all about making sure that whatever you built and the systems you're working with, do what you want them to do, and only what you want them to do. >> Well, Liz and Mark, thank you so much for your expert perspective. You're in the trenches, and really appreciate your time and contributing with "theCUBE," and being part of our Showcase. For the last couple of minutes, let's dig into some of the things you're working on. I know network policies around Kubernetes, Liz, EKS anywhere has been fabulous with Lambda and Serverless, you seeing some cool things go on there. Mark, you're at Lacework, very successful company. And looking at a large scale observability, signaling and management, all kinds of cool things around native cloud services and microservices. Liz, give us an update. What's going on over there at Isovalent? >> Yeah. So, Isovalent is the company behind Cilium Networking Project. Its best known as a Kubernetes networking plugin. But we've seen huge amount of adoption of cilium, it's really skyrocketed since we became an incubating project in the CNCF. And now, we are extending to using eBPF to not just do networking, but incredibly in depth observability and security observability have a new sub project called Tetragon, that gives you this amazing ability to see out of policy behavior. And again, because it's using eBPF, we've got the perspective of everything that's happening across the whole machine. So, I'm really excited about the innovations that are happening here. >> Well, they're lucky to have you. You've been a great contributor to the community. We've been following your career for very, very long time. And thanks for everything that you do, really appreciate it. Thanks. >> Thank you. >> Mark, Lacework, we we've following you guys. What are you up to these days? You know, we see you're on Twitter, you're very prolific. You're also live tweeting all the events, and with us as well. What's going on over there at Lacework? And what's going on in your world? >> Yeah. Lacework, we're still focusing on the customer, helping deliver good outcomes across cloud when it comes to security. Really looking at their environments and helping them understand, from their data that they're generating off their systems, and from the cloud usage as to what's actually happening. And that pairs directly into the work that I'm doing, the community looking at just security as a practice. So, a lot of that pulling people out of the technology, and looking at the process and saying, "Hey, we have this tech for a reason." So, that people understand what they need in place from a skill set, to take advantage of the great work that folks like Liz and the community are doing. 'Cause we've got these great tools, they're outputting all this great insights. You need to be able to take actions on top of that. So, it's always exciting. More people come into security with a security mindset, love it. >> Well, thanks so much for this great conversation. Every board should watch this video, every CSO, CIO, CSO. Great conversation, thanks for unpacking and making something very difficult, clear to understand. Thanks for your time. >> Pleasure. >> Thank you. >> Okay, this is the AWS Startup Showcase, Season Two, Episode Four of the ongoing series covering the exciting startups from the AWS ecosystem. We're talking about cybersecurity, this segment. Every quarter episode, we do a segment around a category and we go deep, we feature some companies, and talk to the best people in the industry to help you understand that. I'm John Furrier your host. Thanks for watching. (upbeat music)

>>Hello, everyone. Welcome to the AWS startup showcase. This is season two, episode four, the ongoing series covering exciting startups from the AWS ecosystem to talk about cybersecurity. I'm your host, John furrier. And today I'm excited for this keynote presentation and I'm joined by John Ramsey, vice president of AWS security, John, welcome to the cubes coverage of the startup community within AWS. And thanks for this keynote presentation, >>Happy to be here. >>So, John, what do you guys, what do you do at AWS? Take, take minutes to explain your role, cuz it's very comprehensive. We saw at AWS reinforce event recently in Boston, a broad coverage of topics from Steven Schmid CJ, a variety of the executives. What's your role in particular at AWS? >>If you look at AWS, there are, there is a shared security responsibility model and CJ, the C the CSO for AWS is responsible for securing the AWS portion of the shared security responsibility model. Our customers are responsible for securing their part of the shared security responsible, responsible model. For me, I provide services to those customers to help them secure their part of that model. And those services come in different different categories. The first category is threat detection with guard. We that does real time detection and alerting and detective is then used to investigate those alerts to determine if there is an incident vulnerability management, which is inspector, which looks for third party vulnerabilities and security hub, which looks for configuration vulnerabilities and then Macy, which does sensitive data discovery. So I have those sets of services underneath me to help provide, to help customers secure their part of their shared security responsibility model. >>Okay, well, thanks for the call out there. I want to get that out there because I think it's important to note that, you know, everyone talks inside out, outside in customer focus. 80 of us has always been customer focused. We've been covering you guys for a long time, but you do have to secure the core cloud that you provide and you got great infrastructure tools technology down to the, down to the chip level. So that's cool. You're on the customer side. And right now we're seeing from these startups that are serving them. We had interviewed here at the showcase. There's a huge security transformation going on within the security market. It's the plane at 35,000 feet. That's engines being pulled out and rechange, as they say, this is huge. And, and what, what's it take for your, at customers with the enterprises out there that are trying to be more cyber resilient from threats, but also at the same time, protect what they also got. They can't just do a wholesale change overnight. They gotta be, you know, reactive, but proactive. How does it, what, what do they need to do to be resilient? That's the >>Question? Yeah. So, so I, I think it's important to focus on spending your resources. Everyone has constrained security resources and you have to focus those resources in the areas and the ways that reduce the greatest amount of risk. So risk really can be summed up is assets that I have that are most valuable that have a vulnerability that a threat is going to attack in that world. Then you wanna mitigate the threat or mitigate the vulnerability to protect the asset. If you have an asset that's vulnerable, but a threat isn't going to attack, that's less risky, but that changes over time. The threat and vulnerability windows are continuously evolving as threats, developing trade craft as vulnerabilities are being discovered as new software is being released. So it's a continuous picture and it's an adaptive picture where you have to continuously monitor what's happening. You, if you like use the N framework cybersecurity framework, you identify what you have to protect. >>That's the asset parts. Then you have to protect it. That's putting controls in place so that you don't have an incident. Then you from a threat perspective, then you ha to de detect an incident or, or a breach or a, a compromise. And then you respond and then you remediate and you have to continuously do that cycle to be in a position to, to de to have cyber resiliency. And one of the powers of the cloud is if you're building your applications in a cloud native form, you, your ability to respond can be very surgical, which is very important because then you don't introduce risk when you're responding. And by design, the cloud was, is, is architected to be more resilient. So being able to stay cyber resilient in a cloud native architecture is, is important characteristic. >>Yeah. And I think that's, I mean, it sounds so easy. Just identify what's to be protected. You monitor it. You're protected. You remediate sounds easy, but there's a lot of change going on and you got the cloud scale. And so you got security, you got cloud, you guys's a lot of things going on there. How do you think about security and how does the cloud help customers? Because again, there's two things going on. There's a shared responsibility model. And at the end of the day, the customer's responsible on their side. That's right, right. So that's right. Cloud has some tools. How, how do you think about going about security and, and where cloud helps specifically? >>Yeah, so really it's about there, there's a model called observe, orient, decide an actor, the ULO and it was created by John Boyd. He was a fighter pilot in the Korean war. And he knew that if I could observe what the opponent is doing, orient myself to my goals and their goals, make a decision on what the next best action is, and then act, and then follow that UTI loop, or, or also said a sense sense, making, deciding, and acting. If I can do that faster than the, than the enemy, then I can, I will win every fight. So in the cyber world, being in a position where you are observing and that's where cloud can really help you, because you can interrogate the infrastructure, you can look at what's happening, you can build baselines from it. And then you can look at deviations from, from the norm. It's just one way to observe this orient yourself around. Does this represent something that increases risk? If it does, then what's the next best action that I need to take, make that decision and then act. And that's also where the cloud is really powerful, cuz there's this huge con control plane that lets you lets you enable or disable resources or reconfigure resources. And if you're in, in the, in the situation where you can continuously do that very, very rapidly, you can, you can outpace and out maneuver the adversary. >>Yeah. You know, I remember I interviewed Steven Schmidt in 2014 and at that time everybody was poo pooing. Oh man, the cloud is so unsecure. He made a statement to me and we wrote about this. The cloud is more secure and will be more secure because it can be complicated to the hacker, but also easy for the, for provisioning. So he kind of brought up this, this discussion around how cloud would be more secure turns out he's right. He was right now. People are saying, oh, the cloud's more secure than, than standalone. What's different John now than not even going back to 2014, just go back a few years. Cloud is helpful, is more interrogation. You mentioned, this is important. What's, what's changed in the cloud per se in AWS that enables customers and say third parties who are trying to comply and manage risk as well. So you have this shared back and forth. What's different in the cloud now than just a few years ago that that's helping security. >>Yeah. So if you look at the, the parts of the shared responsibility model, AWS is the further up the stack you go from just infrastructure to platforms, say containers up to serverless the, the, we are taking more of the responsibility of that, of that stack. And in the process, we are investing resources and capabilities. For example, guard duty takes an S audit feed for containers to be able to monitor what's happening from a container perspective. And then in server list, really the majority of what, what needs to be defended is, is part of our responsibility model. So that that's an important shift because in that world, we have a very large team in our world. We have a very large team who knows the infrastructure who knows the threat and who knows how to protect customers all the way up to the, to the, to the boundary. And so that, that's a really important consideration. When you think about how you design your design, your applications is you want the developers to focus on the business logic, the business value and let, but still, also the security of the code that they're writing, but let us take over the rest of it so that you don't have to worry about it. >>Great, good, good insight there. I want to get your thoughts too. On another trend here at the showcase, one of the things that's emerging besides the normal threat landscape and the compliance and whatnot is API protection. I mean APIs, that's what made the cloud great. Right? So, you know, and it's not going away, it's only gonna get better cuz we live in an interconnected digital world. So, you know, APIs are gonna be lingual Franko what they say here. Companies just can't sit back and expect third parties complying with cyber regulations and best practices. So how do security and organizations be proactive? Not just on API, it's just a, a signal in my mind of, of, of more connections. So you got shared responsibility, AWS, your customers and your customers, partners and customers of connection points. So we live in an interconnected world. How do security teams and organizations be proactive on the cyber risk management piece? >>Yeah. So when it comes to APIs, the, the thing you look for is the trust boundaries. Where are the trust boundaries in the system between the user and the, in the machine, the machine and another machine on the network, the API is a trust boundary. And it, it is a place where you need to facilitate some kind of some form of control because what you're, what could happen on the trust boundaries, it could be used to, to attack. Like I trust that someone's gonna give me something that is legitimate, but you don't know that that a actually is true. You should assume that the, the one side of the trust boundary is, is malicious and you have to validate it. And by default, make sure that you know, that what you're getting is actually trustworthy and, and valid. So think of an API is just a trust boundary and that whatever you're gonna receive at that boundary is not gonna be legitimate in that you need to validate, validate the contents of, of whatever you receive. >>You know, I was noticing online, I saw my land who runs S3 a us commenting about 10 years anniversary, 10, 10 year birthday of S3, Amazon simple storage service. A lot of the customers are using all their applications with S3 means it's file repository for their application, workflow ingesting literally thousands and trillions of objects from S3 today. You guys have about, I mean, trillions of objects on S3, this is big part of the application workflow. Data security has come up as a big discussion item. You got S3. I mean, forget about the misconfiguration about S3 buckets. That's kind of been reported on beyond that as application workflows, tap into S3 and data becomes the conversation around securing data. How do you talk to customers about that? Because that's also now part of the scaling of these modern cloud native applications, managing data on Preem cross in flight at rest in motion. What's your view on data security, John? >>Yeah. Data security is also a trust boundary. The thing that's going to access the data there, you have to validate it. The challenge with data security is, is customers don't really know where all their data is or even where their sensitive data is. And that continues to be a large problem. That's why we have services like Macy, which are whose job is to find in S3 the data that you need to protect the most because it's because it's sensitive. Getting the least privilege has always been the, the goal when it comes, when it comes to data security. The problem is, is least privilege is really, really hard to, to achieve because there's so many different common nations of roles and accounts and org orgs. And, and so there, there's also another technology called access analyzer that we have that helps customers figure out like this is this the right, if are my intended authorizations, the authorizations I have, are they the ones that are intended for that user? And you have to continuously review that as a, as a means to make sure that you're getting as close to least privilege as you possibly can. >>Well, one of the, the luxuries of having you here on the cube keynote for this showcase is that you also have the internal view at AWS, but also you have the external view with customers. So I have to ask you, as you talk to customers, obviously there's a lot of trends. We're seeing more managed services in areas where there's skill gaps, but teams are also overloaded too. We're hearing stories about security teams, overwhelmed by the solutions that they have to deploy quickly and scale up quickly cost effectively the need for in instrumentation. Sometimes it's intrusive. Sometimes it agentless sensors, OT. I mean, it's getting crazy at re Mars. We saw a bunch of stuff there. This is a reality, the teams aspect of it. Can you share your experiences and observations on how companies are organizing, how they're thinking about team formation, how they're thinking about all these new things coming at them, new environments, new scale choices. What, what do you seeing on, on the customer side relative to security team? Yeah. And their role and relationship to the cloud and, and the technologies. >>Yeah, yeah. A absolutely it. And we have to remember at the end of the day on one end of the wire is a black hat on the other end of the wire is a white hat. And so you need people and, and people are a critical component of being able to defend in the context of security operations alert. Fatigue is absolutely a problem. The, the alerts, the number of alerts, the volume of alerts is, is overwhelming. And so you have to have a means to effectively triage them and get the ones into investigation that, that you think will be the most, the, the most significant going back to the risk equation, you found, you find those alerts and events that are, are the ones that, that could harm you. The most. You'll also one common theme is threat hunting. And the concept behind threat hunting is, is I don't actually wait for an alert I lean in and I'm proactive instead of reactive. >>So I find the system that I at least want the hacker in. I go to that system and I look for any anomalies. I look for anything that might make me think that there is a, that there is a hacker there or a compromise or some unattended consequence. And the reason you do that is because it reduces your dwell time, time between you get compromised to the time detect something, which is you, which might be, you know, months, because there wasn't an alert trigger. So that that's also a very important aspect for, for AWS and our security services. We have a strategy across all of the security services that we call end to end, or how do we move from APIs? Because they're all API driven and security buyers generally not most do not ha have like a development team, like their security operators and they want a solution. And so we're moving more from APIs to outcomes. So how do we stitch all the services together in a way so that the time, the time that an analyst, the SOC analyst spends or someone doing investigation or someone doing incident response is the, is the most important time, most valuable time. And in the process of stitching this all together and helping our customers with alert, fatigue, we'll be doing things that will use sort of inference and machine learning to help prioritize the greatest risk for our customers. >>That's a great, that's a great call out. And that brings up the point of you get the frontline, so to speak and back office, front office kind of approach here. The threats are out there. There's a lot of leaning in, which is a great point. I think that's a good, good comment and insight there. The question I have for you is that everyone's kind of always talks about that, but there's the, the, I won't say boring, the important compliance aspect of things, you know, this has become huge, right? So there's a lot of blocking and tackling that's needed behind the scenes on the compliance side, as well as prevention, right? So can you take us through in your mind how customers are looking at the best strategies for compliance and security, because there's a lot of work you gotta get done and you gotta lay out everything as you mentioned, but compliance specifically to report is also a big thing for >>This. Yeah. Yeah. Compliance is interesting. I suggest taking a security approach to compliance instead of a compliance approach to security. If you're compliant, you may not be secure, but if you're secure, you'll be compliant. And the, the really interesting thing about compliance also is that as soon as something like a, a, a category of control is required in, in some form of compliance, compliance regime, the effectiveness of that control is reduced because the threats go well, I'm gonna presume that they have this control. I'm gonna presume cuz they're compliant. And so now I'm gonna change my tactic to evade the control. So if you only are ever following compliance, you're gonna miss a whole set of tactics that threats have developed because they presume you're compliant and you have those controls in place. So you wanna make sure you have something that's outside of the outside of the realm of compliance, because that's the thing that will trip them up. That's the thing that they're not expecting that threats not expecting and that that's what we'll be able to detect them. >>Yeah. And it almost becomes one of those things where it's his fault, right? So, you know, finger pointing with compliance, you get complacent. I can see that. Can you give an example? Cause I think that's probably something that people are really gonna want to know more about because it's common sense. But can you give an example of security driving compliance? Is there >>Yeah, sure. So there's there they're used just as an example, like multifactor authentication was used everywhere that for, for banks in high risk transactions, in real high risk transactions. And then that like that was a security approach to compliance. Like we said, that's a, that's a high net worth individual. We're gonna give them a token and that's how they're gonna authenticate. And there was no, no, the F F I C didn't say at the time that there needed to be multifactor authentication. And then after a period of time, when account takeover was, was on the rise, the F F I C the federally financial Institute examiner's council, something like that said, we, you need to do multifactor authentication. Multifactor authentication was now on every account. And then the threat went down to, okay, well, we're gonna do man in the browser attacks after the user authenticates, which now is a new tactic in that tactic for those high net worth individuals that had multifactor didn't exist before became commonplace. Yeah. And so that, that, that's a, that's an example of sort of the full life cycle and the important lesson there is that security controls. They have a diminishing halflife of effectiveness. They, they need to be continuous and adaptive or else the value of them is gonna decrease over time. >>Yeah. And I think that's a great call up because agility and speed is a big factor when he's merging threats. It's not a stable, mature hacker market. They're evolving too. All right. Great stuff. I know your time's very valuable, John. I really appreciate you coming on the queue. A couple more questions for you. We have 10 amazing startups here in the, a AWS ecosystem, all private looking grade performance wise, they're all got the kind of the same vibe of they're kind of on something new. They're doing something new and clever and different than what was, what was kind of done 10 years ago. And this is where the cloud advantage is coming in cloud scale. You mentioned that some of those things, data, so you start to see new things emerge. How, how would you talk to CSOs or CXOs that are watching about how to evaluate startups like these they're, they're, they're somewhat, still small relative to some of the bigger players, but they've got unique solutions and they're doing things a little bit differently. How should some, how should CSOs and Steve evaluate them? How can startups work with the CSOs? What's your advice to both the buyer and the startup to, to bring their product to the market. And what's the best way to do that? >>Yeah. So the first thing is when you talk to a CSO, be respected, be respectful of their time like that. Like, they'll appreciate that. I remember when I was very, when I just just started, I went to talk to one of the CISOs as one of the five major banks and he sat me down and he said, and I tried to tell him what I had. And he was like son. And he went through his book and he had, he had 10 of every, one thing that I had. And I realized that, and I, I was grateful for him giving me an explanation. And I said to him, I said, look, I'm sorry. I wasted your time. I will not do that again. I apologize. I, if I can't bring any value, I won't come back. But if I think I can bring you something of value now that I know what I know, please, will you take the meeting? >>He was like, of course. And so be respectful of their time. They know what the problem is. They know what the threat is. You be, be specific about how you're different right now. There is so much confusion in the market about what you do. Like if you're really have something that's differentiated, be very, very specific about it. And don't be afraid of it, like lean into it and explain the value to that. And that, that, that would, would save a, a lot of time and a lot and make the meeting more valuable for the CSO >>And the CISOs. Are they evaluate these startups? How should they look at them? What are some kind of markers that you would say would be good, kind of things to look for size of the team reviews technology, or is it doesn't matter? It's more of a everyone's environment's different. What >>Would your, yeah. And, you know, for me, I, I always look first to the security value. Cause if there isn't security value, nothing else matters. So there's gotta be some security value. Then I tend to look at the management team, quite frankly, what are, what are the, what are their experiences and what, what do they know that that has led them to do something different that is driving security value. And then after that, for me, I tend to look to, is this someone that I can have a long term relationship with? Is this someone that I can, you know, if I have a problem and I call them, are they gonna, you know, do this? Or are they gonna say, yes, we're in, we're in this together, we'll figure it out. And then finally, if, if for AWS, you know, scale is important. So we like to look at, at scale in terms of, is this a solution that I can, that I can, that I can get to, to the scale that I needed at >>Awesome. Awesome. John Ramsey, vice president of security here on the cubes. Keynote. John, thank you for your time. I really appreciate, I know how busy you are with that for the next minute, or so share a little bit of what you're up to. What's on your plate. What are you thinking about as you go out to the marketplace, talk to customers what's on your agenda. What's your talk track, put a plug in for what you're up to. >>Yeah. So for, for the services I have, we, we are, we are absolutely moving. As I mentioned earlier, from APIs to outcomes, we're moving up the stack to be able to defend both containers, as well as, as serverless we're, we're moving out in terms of we wanna get visibility and signal, not just from what we see in AWS, but from other places to inform how do we defend AWS? And then also across, across the N cybersecurity framework in terms of we're doing a lot of, we, we have amazing detection capability and we have this infrastructure that we could respond, do like micro responses to be able to, to interdict the threat. And so me moving across the N cybersecurity framework from detection to respond. >>All right, thanks for your insight and your time sharing in this keynote. We've got great 10 great, amazing startups. Congratulations for all your success at AWS. You guys doing a great job, shared responsibility that the threats are out there. The landscape is changing. The scale's increasing more data tsunamis coming every day, more integration, more interconnected, it's getting more complex. So you guys are doing a lot of great work there. Thanks for your time. Really appreciate >>It. Thank you, John. >>Okay. This is the AWS startup showcase. Season two, episode four of the ongoing series covering the exciting startups coming out of the, a AWS ecosystem. This episode's about cyber security and I'm your host, John furrier. Thanks for watching.

(upbeat music) >> Hey everyone and welcome back to The Cube. We are covering VMware Explore live in San Francisco. This is our third day of wall to wall coverage. And John Furrier is here with me, Lisa Martin. We are excited to welcome two guests from Kasten by Veeam, please welcome Tom Laden, VP of marketing and Matt LeBlanc, not Joey from friends, Matt LeBlanc, the systems engineer from North America at Kasten by Veeam. Welcome guys, great to have you. >> Thank you. >> Thank you for having us. >> Tom-- >> Great, go ahead. >> Oh, I was going to say, Tom, talk to us about some of the key challenges customers are coming to you with. >> Key challenges that they have at this point is getting up to speed with Kubernetes. So everybody has it on their list. We want to do Kubernetes, but where are they going to start? Back when VMware came on the market, I was switching from Windows to Mac and I needed to run a Windows application on my Mac and someone told me, "Run a VM." Went to the internet, I downloaded it. And in a half hour I was done. That's not how it works with Kubernetes. So that's a bit of a challenge. >> I mean, Kubernetes, Lisa, remember the early days of The Cube Open Stack was kind of transitioning, Cloud was booming and then Kubernetes was the paper that became the thing that pulled everybody together. It's now de facto in my mind. So that's clear, but there's a lot of different versions of it and you hear VMware, they call it the dial tone. Usually, remember, Pat Gelter, it's a dial tone. Turns out that came from Kit Colbert or no, I think AJ kind of coined the term here, but it's since been there, it's been adopted by everyone. There's different versions. It's open source. AWS is involved. How do you guys look at the relationship with Kubernetes here and VMware Explore with Kubernetes and the customers because they have choices. They can go do it on their own. They can add a little bit with Lambda, Serverless. They can do more here. It's not easy. It's not as easy as people think it is. And then this is a skill gaps problem too. We're seeing a lot of these problems out there. What's your take? >> I'll let Matt talk to that. But what I want to say first is this is also the power of the cloud native ecosystem. The days are gone where companies were selecting one enterprise application and they were building their stack with that. Today they're building applications using dozens, if not hundreds of different components from different vendors or open source platforms. And that is really what creates opportunities for those cloud native developers. So maybe you want to... >> Yeah, we're seeing a lot of hybrid solutions out there. So it's not just choosing one vendor, AKS, EKS, or Tanzu. We're seeing all the above. I had a call this morning with a large healthcare provider and they have a hundred clusters and that's spread across AKS, EKS and GKE. So it is covering everything. Plus the need to have a on-prem solution manage it all. >> I got a stat, I got to share that I want to get your reactions and you can laugh or comment, whatever you want to say. Talk to big CSO, CXO, executive, big company, I won't say the name. We got a thousand developers, a hundred of them have heard of Kubernetes, okay. 10 have touched it and used it and one's good at it. And so his point is that there's a lot of Kubernetes need that people are getting aware. So it shows that there's more and more adoption around. You see a lot of managed services out there. So it's clear it's happening and I'm over exaggerating the ratio probably. But the point is the numbers kind of make sense as a thousand developers. You start to see people getting adoption to it. They're aware of the value, but being good at it is what we're hearing is one of those things. Can you guys share your reaction to that? Is that, I mean, it's hyperbole at some level, but it does point to the fact of adoption trends. You got to get good at it, you got to know how to use it. >> It's very accurate, actually. It's what we're seeing in the market. We've been doing some research of our own, and we have some interesting numbers that we're going to be sharing soon. Analysts don't have a whole lot of numbers these days. So where we're trying to run our own surveys to get a grasp of the market. One simple survey or research element that I've done myself is I used Google trends. And in Google trends, if you go back to 2004 and you compare VMware against Kubernetes, you get a very interesting graph. What you're going to see is that VMware, the adoption curve is practically complete and Kubernetes is clearly taking off. And the volume of searches for Kubernetes today is almost as big as VMware. So that's a big sign that this is starting to happen. But in this process, we have to get those companies to have all of their engineers to be up to speed on Kubernetes. And that's one of the community efforts that we're helping with. We built a website called learning.kasten.io We're going to rebrand it soon at CubeCon, so stay tuned, but we're offering hands on labs there for people to actually come learn Kubernetes with us. Because for us, the faster the adoption goes, the better for our business. >> I was just going to ask you about the learning. So there's a big focus here on educating customers to help dial down the complexity and really get them, these numbers up as John was mentioning. >> And we're really breaking it down to the very beginning. So at this point we have almost 10 labs as we call them up and they start really from install a Kubernetes Cluster and people really hands on are going to install a Kubernetes Cluster. They learn to build an application. They learn obviously to back up the application in the safest way. And then there is how to tune storage, how to implement security, and we're really building it up so that people can step by step in a hands on way learn Kubernetes. >> It's interesting, this VMware Explore, their first new name change, but VMWorld prior, big community, a lot of customers, loyal customers, but they're classic and they're foundational in enterprises and let's face it. Some of 'em aren't going to rip out VMware anytime soon because the workloads are running on it. So in Broadcom we'll have some good action to maybe increase prices or whatnot. So we'll see how that goes. But the personas here are definitely going cloud native. They did with Tanzu, was a great thing. Some stuff was coming off, the fruit's coming off the tree now, you're starting to see it. CNCF has been on this for a long, long time, CubeCon's coming up in Detroit. And so that's just always been great, 'cause you had the day zero event and you got all kinds of community activity, tons of developer action. So here they're talking, let's connect to the developer. There the developers are at CubeCon. So the personas are kind of connecting or overlapping. I'd love to get your thoughts, Matt on? >> So from the personnel that we're talking to, there really is a split between the traditional IT ops and a lot of the people that are here today at VMWare Explore, but we're also talking with the SREs and the dev ops folks. What really needs to happen is we need to get a little bit more experience, some more training and we need to get these two groups to really start to coordinate and work together 'cause you're basically moving from that traditional on-prem environment to a lot of these traditional workloads and the only way to get that experience is to get your hands dirty. >> Right. >> So how would you describe the persona specifically here versus say CubeCon? IT ops? >> Very, very different, well-- >> They still go ahead. Explain. >> Well, I mean, from this perspective, this is all about VMware and everything that they have to offer. So we're dealing with a lot of administrators from that regard. On the Kubernetes side, we have site reliability engineers and their goal is exactly as their title describes. They want to architect arch applications that are very resilient and reliable and it is a different way of working. >> I was on a Twitter spaces about SREs and dev ops and there was people saying their title's called dev ops. Like, no, no, you do dev ops, you don't really, you're not the dev ops person-- >> Right, right. >> But they become the dev ops person because you're the developer running operations. So it's been weird how dev ops been co-opted as a position. >> And that is really interesting. One person told me earlier when I started Kasten, we have this new persona. It's the dev ops person. That is the person that we're going after. But then talking to a few other people who were like, "They're not falling from space." It's people who used to do other jobs who now have a more dev ops approach to what they're doing. It's not a new-- >> And then the SRE conversation was in site, reliable engineer comes from Google, from one person managing multiple clusters to how that's evolved into being the dev ops. So it's been interesting and this is really the growth of scale, the 10X developer going to more of the cloud native, which is okay, you got to run ops and make the developer go faster. If you look at the stuff we've been covering on The Cube, the trends have been cloud native developers, which I call dev ops like developers. They want to go faster. They want self-service and they don't want to slow down. They don't want to deal with BS, which is go checking security code, wait for the ops team to do something. So data and security seem to be the new ops. Not so much IT ops 'cause that's now cloud. So how do you guys see that in, because Kubernetes is rationalizing this, certainly on the compute side, not so much on storage yet but it seems to be making things better in that grinding area between dev and these complicated ops areas like security data, where it's constantly changing. What do you think about that? >> Well there are still a lot of specialty folks in that area in regards to security operations. The whole idea is be able to script and automate as much as possible and not have to create a ticket to request a VM to be billed or an operating system or an application deployed. They're really empowered to automatically deploy those applications and keep them up. >> And that was the old dev ops role or person. That was what dev ops was called. So again, that is standard. I think at CubeCon, that is something that's expected. >> Yes. >> You would agree with that. >> Yeah. >> Okay. So now translating VM World, VMware Explore to CubeCon, what do you guys see as happening between now and then? Obviously got re:Invent right at the end in that first week of December coming. So that's going to be two major shows coming in now back to back that're going to be super interesting for this ecosystem. >> Quite frankly, if you compare the persona, maybe you have to step away from comparing the personas, but really compare the conversations that we're having. The conversations that you're having at a CubeCon are really deep dives. We will have people coming into our booth and taking 45 minutes, one hour of the time of the people who are supposed to do 10 minute demos because they're asking more and more questions 'cause they want to know every little detail, how things work. The conversations here are more like, why should I learn Kubernetes? Why should I start using Kubernetes? So it's really early day. Now, I'm not saying that in a bad way. This is really exciting 'cause when you hear CNCF say that 97% of enterprises are using Kubernetes, that's obviously that small part of their world. Those are their members. We now want to see that grow to the entire ecosystem, the larger ecosystem. >> Well, it's actually a great thing, actually. It's not a bad thing, but I will counter that by saying I am hearing the conversation here, you guys'll like this on the Veeam side, the other side of the Veeam, there's deep dives on ransomware and air gap and configuration errors on backup and recovery and it's all about Veeam on the other side. Those are the guys here talking deep dive on, making sure that they don't get screwed up on ransomware, not Kubernete, but they're going to Kub, but they're now leaning into Kubernetes. They're crossing into the new era because that's the apps'll end up writing the code for that. >> So the funny part is all of those concepts, ransomware and recovery, they're all, there are similar concepts in the world of Kubernetes and both on the Veeam side as well as the Kasten side, we are supporting a lot of those air gap solutions and providing a ransomware recovery solution and from a air gap perspective, there are a many use cases where you do need to live. It's not just the government entity, but we have customers that are cruise lines in Europe, for example, and they're disconnected. So they need to live in that disconnected world or military as well. >> Well, let's talk about the adoption of customers. I mean this is the customer side. What's accelerating their, what's the conversation with the customer at base, not just here but in the industry with Kubernetes, how would you guys categorize that? And how does that get accelerated? What's the customer situation? >> A big drive to Kubernetes is really about the automation, self-service and reliability. We're seeing the drive to and reduction of resources, being able to do more with less, right? This is ongoing the way it's always been. But I was talking to a large university in Western Canada and they're a huge Veeam customer worth 7000 VMs and three months ago, they said, "Over the next few years, we plan on moving all those workloads to Kubernetes." And the reason for it is really to reduce their workload, both from administration side, cost perspective as well as on-prem resources as well. So there's a lot of good business reasons to do that in addition to the technical reliability concerns. >> So what is those specific reasons? This is where now you start to see the rubber hit the road on acceleration. >> So I would say scale and flexibility that ecosystem, that opportunity to choose any application from that or any tool from that cloud native ecosystem is a big driver. I wanted to add to the adoption. Another area where I see a lot of interest is everything AI, machine learning. One example is also a customer coming from Veeam. We're seeing a lot of that and that's a great thing. It's an AI company that is doing software for automated driving. They decided that VMs alone were not going to be good enough for all of their workloads. And then for select workloads, the more scalable one where scalability was more of a topic, would move to Kubernetes. I think at this point they have like 20% of their workloads on Kubernetes and they're not planning to do away with VMs. VMs are always going to be there just like mainframes still exist. >> Yeah, oh yeah. They're accelerating actually. >> We're projecting over the next few years that we're going to go to a 50/50 and eventually lean towards more Kubernetes than VMs, but it was going to be a mix. >> Do you have a favorite customer example, Tom, that you think really articulates the value of what Kubernetes can deliver to customers where you guys are really coming in and help to demystify it? >> I would think SuperStereo is a really great example and you know the details about it. >> I love the SuperStereo story. They were a AWS customer and they're running OpenShift version three and they need to move to OpenShift version four. There is no upgrade in place. You have to migrate all your apps. Now SuperStereo is a large French IT firm. They have over 700 developers in their environment and it was by their estimation that this was going to take a few months to get that migration done. We're able to go in there and help them with the automation of that migration and Kasten was able to help them architect that migration and we did it in the course of a weekend with two people. >> A weekend? >> A weekend. >> That's a hackathon. I mean, that's not real come on. >> Compared to thousands of man hours and a few months not to mention since they were able to retire that old OpenShift cluster, the OpenShift three, they were able to stop paying Jeff Bezos for a couple of those months, which is tens of thousands of dollars per month. >> Don't tell anyone, keep that down low. You're going to get shot when you leave this place. No, seriously. This is why I think the multi-cloud hybrid is interesting because these kinds of examples are going to be more than less coming down the road. You're going to see, you're going to hear more of these stories than not hear them because what containerization now Kubernetes doing, what Dockers doing now and the role of containers not being such a land grab is allowing Kubernetes to be more versatile in its approach. So I got to ask you, you can almost apply that concept to agility, to other scenarios like spanning data across clouds. >> Yes, and that is what we're seeing. So the call I had this morning with a large insurance provider, you may have that insurance provider, healthcare provider, they're across three of the major hyperscalers clouds and they do that for reliability. Last year, AWS went down, I think three times in Q4 and to have a plan of being able to recover somewhere else, you can actually plan your, it's DR, it's a planned migration. You can do that in a few hours. >> It's interesting, just the sidebar here for a second. We had a couple chats earlier today. We had the influences on and all the super cloud conversations and trying to get more data to share with the audience across multiple areas. One of them was Amazon and that super, the hyper clouds like Amazon, as your Google and the rest are out there, Oracle, IBM and everyone else. There's almost a consensus that maybe there's time for some peace amongst the cloud vendors. Like, "Hey, you've already won." (Tom laughs) Everyone's won, now let's just like, we know where everyone is. Let's go peace time and everyone, then 'cause the relationship's not going to change between public cloud and the new world. So there's a consensus, like what does peace look like? I mean, first of all, the pie's getting bigger. You're seeing ecosystems forming around all the big new areas and that's good thing. That's the tides rise and the pie's getting bigger, there's bigger market out there now so people can share and share. >> I've never worked for any of these big players. So I would have to agree with you, but peace would not drive innovation. And in my heart is with tech innovation. I love it when vendors come up with new solutions that will make things better for customers and if that means that we're moving from on-prem to cloud and back to on-prem, I'm fine with that. >> What excites me is really having the flexibility of being able to choose any provider you want because you do have open standards, being cloud native in the world of Kubernetes. I've recently discovered that the Canadian federal government had mandated to their financial institutions that, "Yes, you may have started all of your on cloud presence in Azure, you need to have an option to be elsewhere." So it's not like-- >> Well, the sovereign cloud is one of those big initiatives, but also going back to Java, we heard another guest earlier, we were thinking about Java, right once ran anywhere, right? So you can't do that today in a cloud, but now with containers-- >> You can. >> Again, this is, again, this is the point that's happening. Explain. >> So when you have, Kubernetes is a strict standard and all of the applications are written to that. So whether you are deploying MongoDB or Postgres or Cassandra or any of the other cloud native apps, you can deploy them pretty much the same, whether they're in AKS, EKS or on Tanzu and it makes it much easier. The world became just a lot less for proprietary. >> So that's the story that everybody wants to hear. How does that happen in a way that is, doesn't stall the innovation and the developer growth 'cause the developers are driving a lot of change. I mean, for all the talk in the industry, the developers are doing pretty good right now. They've got a lot of open source, plentiful, open source growing like crazy. You got shifting left in the CICD pipeline. You got tools coming out with Kubernetes. Infrastructure has code is almost a 100% reality right now. So there's a lot of good things going on for developers. That's not an issue. The issue is just underneath. >> It's a skillset and that is really one of the biggest challenges I see in our deployments is a lack of experience. And it's not everyone. There are some folks that have been playing around for the last couple of years with it and they do have that experience, but there are many people that are still young at this. >> Okay, let's do, as we wrap up, let's do a lead into CubeCon, it's coming up and obviously re:Invent's right behind it. Lisa, we're going to have a lot of pre CubeCon interviews. We'll interview all the committee chairs, program chairs. We'll get the scoop on that, we do that every year. But while we got you guys here, let's do a little pre-pre-preview of CubeCon. What can we expect? What do you guys think is going to happen this year? What does CubeCon look? You guys our big sponsor of CubeCon. You guys do a great job there. Thanks for doing that. The community really recognizes that. But as Kubernetes comes in now for this year, you're looking at probably the what third year now that I would say Kubernetes has been on the front burner, where do you see it on the hockey stick growth? Have we kicked the curve yet? What's going to be the level of intensity for Kubernetes this year? How's that going to impact CubeCon in a way that people may or may not think it will? >> So I think first of all, CubeCon is going to be back at the level where it was before the pandemic, because the show, as many other shows, has been suffering from, I mean, virtual events are not like the in-person events. CubeCon LA was super exciting for all the vendors last year, but the attendees were not really there yet. Valencia was a huge bump already and I think Detroit, it's a very exciting city I heard. So it's going to be a blast and it's going to be a huge attendance, that's what I'm expecting. Second I can, so this is going to be my third personally, in-person CubeCon, comparing how vendors evolved between the previous two. There's going to be a lot of interesting stories from vendors, a lot of new innovation coming onto the market. And I think the conversations that we're going to be having will yet, again, be much more about live applications and people using Kubernetes in production rather than those at the first in-person CubeCon for me in LA where it was a lot about learning still, we're going to continue to help people learn 'cause it's really important for us but the exciting part about CubeCon is you're talking to people who are using Kubernetes in production and that's really cool. >> And users contributing projects too. >> Also. >> I mean Lyft is a poster child there and you've got a lot more. Of course you got the stealth recruiting going on there, Apple, all the big guys are there. They have a booth and no one's attending you like, "Oh come on." Matt, what's your take on CubeCon? Going in, what do you see? And obviously a lot of dynamic new projects. >> I'm going to see much, much deeper tech conversations. As experience increases, the more you learn, the more you realize you have to learn more. >> And the sharing's going to increase too. >> And the sharing, yeah. So I see a lot of deep conversations. It's no longer the, "Why do I need Kubernetes?" It's more, "How do I architect this for my solution or for my environment?" And yeah, I think there's a lot more depth involved and the size of CubeCon is going to be much larger than we've seen in the past. >> And to finish off what I think from the vendor's point of view, what we're going to see is a lot of applications that will be a lot more enterprise-ready because that is the part that was missing so far. It was a lot about the what's new and enabling Kubernetes. But now that adoption is going up, a lot of features for different components still need to be added to have them enterprise-ready. >> And what can the audience expect from you guys at CubeCon? Any teasers you can give us from a marketing perspective? >> Yes. We have a rebranding sitting ready for learning website. It's going to be bigger and better. So we're not no longer going to call it, learning.kasten.io but I'll be happy to come back with you guys and present a new name at CubeCon. >> All right. >> All right. That sounds like a deal. Guys, thank you so much for joining John and me breaking down all things Kubernetes, talking about customer adoption, the challenges, but also what you're doing to demystify it. We appreciate your insights and your time. >> Thank you so much. >> Thank you very much. >> Our pleasure. >> Thanks Matt. >> For our guests and John Furrier, I'm Lisa Martin. You've been watching The Cube's live coverage of VMware Explore 2022. Thanks for joining us. Stay safe. (gentle music)

>>Hey, everyone. Welcome back to San Francisco. Lisa Martin and John furrier live on the floor at VMware Explorer, 2022. This is our third day of wall to wall coverage on the cube. But you know that cuz you've been here the whole time. We're pleased to welcome up. First timer to the cubes we saw is here. The CEO and founder of ZDA. Saed welcome to the program. >>Thank you for having me >>Talk to me a little bit about what ZDA does in edge. >>Sure. So ZDA is a company purely focused in edge computing. I started a company about five years ago, go after edge. So what we do is we help customers with orchestrating their edge, helping them to deploy secure monitor application services and devices at the edge. >>What's the business model for you guys. We get that out there. So the targeting the edge, which is everything from telco to whatever. Yeah. What's the business model. Yeah. >>Maybe before we go there, let's talk about edge itself. Cuz edge is complex. There's a lot of companies. I call 'em lens company nowadays, if you're not a cloud company, you're probably an edge company at this point. So we are focusing something called the distributed edge. So distributed edge. When you start putting tiny servers in environments like factory floors, solar farms, wind farms, even inside machines or well sites, et cetera. And a question that people always ask me, like why, why would you want to put, you know, servers there on servers supposed to be in a data center in the cloud? And the answer to the question actually is data gravity. So traditionally wherever the data gets created is where your applications live. But as we're connecting more and more devices to the edge of the network, we basically customers now are required to push the applications to the edge cause they can't go all the data to the cloud. So basically that's where we focus on people call it the far edge as well. You know, that's the term we've heard in the past as well. And what we do in our business model is provide customers a, a software as a service solution where they can basically deploy and monitor these applications at these highly distributed environments. >>Data, gravity comes up a lot and I want you to take a minute to explain the definition as it is today. And people have used that term, you know, with big data, going back to 2010 leads when we covering the Hadoop wave, which ended up becoming, you know, data, data, bricks, and snowflake now, but, but a lots changed, but what does it mean to be data gravity? It means that staying local, it's just what specifically describe and, and define what data gravity is. >>Yeah. So for me, data gravity is where you need to process the data, right? It's where the data usually gets created. So if you think about a web app, where does the data get created? Where people click on buttons, they, they interface with it. They, they upload content to it, et cetera. So that's where the data gravity therefore is therefore that's where you do your analytics. That's where you do your visualization processing, machine learning and all of those pieces. So it's really where that data gets created is where the data gravity in my view says, >>What are some of the challenges that data and opportunities that data gravity presents to customers? >>Well, obviously I think every enterprise in this day is trying to take data and make it a competitive advantage, right? Like faster decisions, better decisions, outcompete your competition by, you know, being first with a product or being first with a product with the future, et cetera. So, so I think, you know, if you're not a data driven enterprise by now, then I think the future may be a little bit bleak. >>Okay. So you're targeting the market distributed edge business model, SAS technology, secret sauce. What's that piece. >>Yeah. So that's, that's what the interesting part comes in. I think, you know, if you kind of look at the data center in the cloud, we've had these virtualization and orchestration stacks create, I mean, we're here in VMware Explorer. And as an example, what we basically, what we saw is that the edge is so unique and so different than what we've seen in the data center, in the cloud that we needed to build a complete brand new purpose-built illustration and virtualization solution. So that's really what we, we set off to do. So there's two components that we do. One end is we built a purpose-built edge operating system for the edge and we actually open sourced it. And the reason we opensource it, we said, Hey, you know, edge is so diverse. You know, depending on the environment you're running in a machine or in a vehicle or in a well site, you have different hardware, different networks, different applications you need to enable. >>And we will never be able to support all of them ourselves. As a matter of fact, we actually think there's a need for standardization at the edge. We need to kind of cut through all these silos that have been created traditionally from the embedded way of thinking. So we created basically an open source project in the Linux foundation in LFS, which is a sister organization through the CNCF it's called project Eve. And the idea is to create the Android of the edge, basically what Android became for mobile computing, an a common operating system. So you build one app. You can run in any phone in the world that runs Android, build an architecture. You build one app. You can run in any Eve powered node in the world, >>So distributed edge and you get the tech here, get the secret sauce. We'll get more into that in a second, but I wanna just tie one kick quick point and get your clarification on edge is becoming much more about the physical side too. I mean, absolutely. So when you talk about Android, you're making the reference of a phone. I get that's metaphor to what you're doing at the edge, wind farms, factories, alarms, light bulbs, buildings. I mean, that's what you're talking about, right? Yes. We're getting down to that very, >>Very physical, dark distributed locations. >>We're gonna come back to the CISO CSO. We're gonna come back to the CISO versus CSO question because is the CISO or CIO or who runs that anyway? So that's true. What's the important thing that's happening because that sounds like old OT world, like yes. Operating technology, not it information technology, is it a complete reset of those worlds or is it a collision? >>It's a great question. So what we're seeing is first of all, there is already compute in these environments, industrial PCs of existed well beyond, you know, an industrial automation has been done for many, many decades. The point is that that stuff has been done. Collect data has been collected, but never connected, right? So with edge computing, we're connecting now this data from an industrial machine and industrial process to the cloud, right? And one of the problems is it's data that comes of that industrial process too much to upload to the cloud. So I gotta analyze, analyze it locally. So one of the, the things we saw early on in edge is there's a lot of brownfield. Most of our customers today actually have applications running on windows and they would love to make in Linux and containers and Kubernetes, but it took them 20, 30 years to build those apps. And they basically are the money makers of the enterprise. So they are in a, in a transitionary phase and they need something that can take them from the brown to the Greenfield. So to your point, you gotta support all of these types of unique brownfield applications. >>So you're, you're saying I don't really care if this is a customer, how you get the data, you wanna start new start fresh. That's cool. But if you wanna take your old data, you'll >>Take that. Yeah. You don't wanna rebuild the whole machine. You're >>Just, they can life cycle it out on their own timetable. Yeah. >>So we had to learn, first of all, how do we take and lift and shift windows based industrial application and make it run at the edge on, on our architecture. Right? And then the second step is how do we then Sen off that data that this application is generating and do we fuse it with cloud native capability? Like, >>So your cloud, so your staff is your open source that you're giving to the Linux foundation as part of that Eve project that's available to everybody. So they can, they can look at the code, which is great by the way. Yeah. So people wanna do that. Yeah. Your self source, I'm assuming, is your hardened version with support? >>Well, we took what we took, what the open source companies did, opensource companies traditionally have sold, you know, basically a support model around the open source. We actually saw another problem. Customers has like, okay, now I have this node running and I can, you know, do this data analytics, but what if I have 15 or 20,000 of these node? And they're all around the world in remote locations on satellite links or wireless connectivity, how do I orchestrate them? So we actually build an orchestration service for these nodes running this open source >>Software. So that's a key secret sauce right there. >>That is the business model that taking open store and a lot. >>And you're taking your own code that you have. Okay. Got it. Cool. And then the customer's customer piece is, is key. So that's the final piece, I guess who's using it. >>Yeah. Well, and, >>And, and one of the business outcomes that they're achieving. Oh >>Yeah. Well, so maybe start with that first. I mean, we are deployed in customers in all and gas, for instance, helping them with the transition to renewable energy, right? So basically we, we have customers for instance, that deploy us in the, how they drill Wells is one use case and doing that better, faster, and cheaper and, and less environmental impacting. But we also have customers that use us in wind farms. We have, and solar farms, like we, one of the leading solar energy companies in the world is using us to bring down the cost of power by predicting failures ahead of time, for >>Instance. And when you're working with customers to create the optimal solution at the distributed edge, who are you working with in, within an organization? Yeah. >>It's usually a mix of OT and it people. Okay. So the OT people typically they're >>Arm wrestling, well, or they're getting along, actually, >>I think they're getting along very well. Okay, good. But they also agree that they have to have swim lanes. The it folks, obviously their job is to make sure, you know, everything is secure. Everything is according to the compliance it's, it's, you know, the, the best TCO on the infrastructure, those type of things, the OT guy, they, they, or girl, they care about the application. They care about the services. They care about the support new business. So how can you create a model that too can coexist? And if you do that, they get along really well. >>You know, we had an event called Supercloud and@theurlsupercloud.world, if you're watching check it out, it's our version of what we think multicloud will merge into including edge cuz edge is just another node in the, in the, in the network. As far as we're concerned, hybrid is the steady state. That's distributed computing on premise, private cloud, public cloud. We know what that looks like. People love that things are happening. Edge is like a whole nother new area. That's blossoming and with disruption, yeah. There's a lot of existing market and incumbents that need to be disrupted. And there's also a new capabilities that are coming that we don't yet see. So we're seeing it with the super cloud idea that these new kinds of clouds are emerging. Like there could be an edge cloud. Yeah. Why isn't there a security cloud, whereas the financial services cloud, whereas the insurance cloud, whereas the, so these become super clouds where the CapEx could be done by the Amazon, whatnot you've been following them is edge cloud. Can you make that a cloud? Is that what you guys are trying to do? And if so, what does that look like? Cause we we're adding a new track to our super cloud site. I mentioned on edge specifically, we're trying to figure out you and if you share your opinion, it'd be great. Can the E can edge clouds exist and be run by companies? Yeah. Or is that what you guys are trying to do? >>I, I, I mean, I think first of all, there is no edge without cloud, right? So when I meet any customer who says, Hey, we're gonna do edge without cloud. Then I'm like, you're probably not gonna do edge computing. Right. And, and the way we built the company and the way we think about it, it's about extending the cloud experience all the way into these embedded distributed environments. That's really, I think what customers are looking for, cuz customers love the simplicity of the cloud. They love the ease of use agility, all of that greatness. And they're like, Hey, I want that. But not in a, you know, in an Amazon or Azure data center. I want that in my factories. I want that in my wealth sites, in my vehicles. And that's really what I think the future >>Is gonna. And how long have you guys been around? What's the, what's the history of the company because you might actually be that cloud. Yeah. And are you on AWS or Azure? You're building your own. What's the, >>Yeah. Yeah. So >>Take it through the, the architecture because yeah, yeah, sure. You're a modern startup. I mean you gotta, and the edges you're going after you gotta be geared up. Yeah. To win that. Yeah. >>So, so the company's about five years old. So we, when we started focusing on edge, people didn't necessarily talk as much about edge. We kind of identified the it's like, you know, how do you find a black hole in, in the universe? Cuz you can't see it, but you sort of look around that's why you in it. And so we were like looking at it, like there's something gonna happen here at the edge of the network, because everybody's saying we're connecting these vice upload the data to the cloud's never gonna work. My background is networking. I worked at companies like Juniper and Ericsson ran several products there. So I know how the internet networks have built. And it was very Evan to me. It's not gonna be possible. My co-founders come from open source companies like pivotal and Cloudera. My auto co-founder was a, an engineer at sun Microsystems built the first network stack in the solar is operating system. So a lot of experience that kind of came together to build this. >>Yeah. Cloudera is a big day. That's where the cube started by the way. Yeah. >>Yeah. So, so we, we, we have, I think a good view on the stack, the cloud stack and therefore a good view of what the ed stack needs to look like. And then I think, you know, to answer your other question, our orchestration service runs in the cloud. We have, we actually are multi-cloud company. So we offer customers choice where they want to orchestrate the node from the nodes themself, never sit in a data center. They always highly embedded. We have customers are putting machines or inside these factory lines, et cetera. Are >>You running your SAS on Amazon web services or which >>Cloud we're running it on several clouds, including Amazon, all of, pretty much the cloud. So some customers say, Hey, I'd prefer to be on the Amazon set. And others customers say, I wanna be on Azure set. >>And you leverage their CapEx on that side. Yes. On behalf of yeah. >>Yeah. We, yes. Yes. But the majority of the customer data and, and all the data that the nodes process, the customer send it to their clouds. They don't send it to us. We don't get a copy of the camera feed analytics or the machine data. We actually decouple those though. So basically the, the team production data go straight to the customer's cloud and that's why they love us. >>And they choose that they can control their own desktop. >>Yeah. So we separate the management plane from the data plane at the edge. Yeah. >>That's a good call >>Actually. Yeah. That was another very important part of the architecture early on. Cause customers don't want us to see their, you know, highly confidential production data and we don't wanna have it either. So >>We had a great chat with Chris Wolf who works with kit culvert about control plane, data, plane. So that seems to be the trend data, plane customers want full yeah. Management of that. Yeah. Control plane. Maybe give multiple >>Versions. Yeah. Yeah. So our cloud consumption what the data we stories about the apps, their behavior, the networking, the security, all of that. That's what we store in our cloud. And then customers can access that and monitor. But the actual machine that I go somewhere else >>Here we are at VMware. Explore. Talk a little bit about the VMware relationship. You just had some big news the other day. >>Yeah. So two days ago we actually made a big announcement with VMware. So we signed an OEM agreement with VMware. So we're part now of VMware's edge compute stack. So VMware customers, as they start using the recently announced edge compute stack 2.0, that was announced here. Basically it's powered by Edda technology. So it's a really exciting partnership as part of this, we actually building integrations with the VMware organization products. So that's basically now extending to more, you know, other groups inside VMware. >>So what's the value in it for VMware customers. >>Yeah. So I think the, the, the benefit of, of VMware customers, I think cus VMware customers want that multi-cloud multi edge orchestration experience. So they wanna be able to deploy workloads in the cloud. They wanna deploy the workloads in the data center. And of course also at the edge. So by us integrating in that vision customers now can have that unified experience from cloud to edge and anywhere in between. >>What's the big vision that you see happening at the edge. I mean, a lot of the VMware customers here, they're classic it that have evolved into ops now, dev ops. Now you've got second data ops coming. The edge is gonna right around the corner for them. They're dealing with it now, probably just kicking the tires, towing the water kind of thing. Where do you see the vision going? Cuz now, no matter what happens with VMware, the Broadcom, this wave is still here. You got AWS, got Azure, got Google cloud, you got Oracle, Alibaba internationally. And the cloud native surges here. How do you see that disrupting the existing edge? Because let's face it the O some of those OT players, a little bit old and antiquated, a little bit outdated. I mean, I was talking to a telco person. They, they puked the word open source. I mean, these people are so dogmatic on, on their architecture. Yeah. They're gonna get disrupted. It's a matter of time. Yeah. Where's the new guard come in. How do you see the configuration changing in the landscape? Because some people will cross over to the right side of the street here. Yeah. Some won't yeah. Open circle. Dominate cloud native will be key. Yeah. >>Well, I mean, I think, again, let's, let's take an example of a vertical that's heavily disrupted now as the automotive market, right? The, so look at Tesla and look at all these companies, they built, they built software first cars, right? Software, first delivery of capabilities and everything else. And the, and the incumbents. They have only two options, right? Either they try to respond by adopting open source cloud, native technologies. Like the, these new entrants have done and really, you know, compete with them at that level, or they can become commodity. Right. So, and I think that's the customers we're seeing the smart customers go like, we need to compete with these guys. We need to figure out how to take this technology in. And they need partners like us and partners like VMware for them. >>Do you see customers becoming cloud super cloud players? If they continue to keep leveraging the CapEx of the clouds and focus all their operational capital on top line revenue, generating activities. >>Yeah. I, so I think the CapEx model of the cloud is a great benefit of the cloud, but I think that is not, what's the longer term future of the cloud. I think the op the cloud operating model is the future. Like the agility, the ability imagine embedded software that, you know, you do an over the year update to fix a bug, but it's very hard to make a, an embedded device smarter over time. And then imagine if you can run cloud native software, you can roll out every two weeks new features and make that thing smarter, intelligent, and continue to help you in your business. That I think is what cloud did ultimately. And I think that is what really these customers are gonna need at their edge. >>Well, we talked about the value within it for customers with the VMware partnership, but what are some of your expectations? Obviously, this is a pretty powerful partnership for you guys. Yeah. What are some of the things that you're expecting that this is gonna drive? Yeah, >>So we, we, we have always operated at the more OT layer, distributed organizations in retail, energy, industrial automotive. Those are the verticals we, so we've developed. I think a lot of experience there, what, what we're seeing as we talk to those customers is they obviously have it organizations and the it organizations, Hey, that's great. You're looking at its computing, but how do we tie this into the existing investments we made with VMware? And how do we kind of take that also to this new environment? And I think that's the expectation I have is that I think we will be able to, to talk to the it folks and say, Hey, you can actually talk to the OT person. And both of you will speak the same language. You probably will both standardize on the same architecture and you'll be together deploying and enabling this new agility at the edge. >>What are some of the next things coming up for ZDA and the team? >>Well, so we've had a really amazing few quarters. We just close a series B round. So we've raised the companies raised over 55 million so far, we're growing very rapidly. We opened up no new international offices. I would say the, the early customers that we started deploying, wait a while back, they're now going into mass scale deployment. So we have now deployments underway in, you know, the 10 to hundred thousands of nodes at certain customers and in amazing environments. And so, so for us, it's continuing to prove the product in more and more verticals. Our, our product is really built for the largest of the largest. So, you know, for the size of the company, we are, we have a high concentration of fortune 500 global 500 customers, and some of them even invested in our rounds recently. So we we've been really, you know, honored with that support. Well, congratulations. Good stuff, edges popping. All right. Thank you. >>Thank you so much for joining us, talking about what you're doing in distributed edge. What's in it for customers, the VMware partnership, and by the way, congratulations on >>That too. Thank you. Thank you so much. Nice to meet you. Thank >>You. All right. Nice to meet you as well for our guest and John furrier. I'm Lisa Martin. You're watching the cube live from VMware Explorer, 22, John and I will be right back with our next guest.

>>Okay, welcome back everyone. There's the cubes coverage of VMware Explorer, 22 formerly world. We've been here since 2010 and world 2010 to now it's 2022. And it's VMware Explorer. We're here at the CEO, regular writer. Welcome back to the cube. Great to see you in person. >>Yeah. Great to be here in person, >>Dave and I are, are proud to say that we've been to 12 straight years of covering VMware's annual conference. And thank you. We've seen the change in the growth over time and you know, it's kind of, I won't say pinch me moment, but it's more of a moment of there's the VMware that's grown into the cloud after your famous deal with Andy jazzy in 2016, we've been watching what has been a real sea change and VMware since taking that legacy core business and straightening out the cloud strategy in 2016, and then since then an acceleration of, of cloud native, like direction under your leadership at VMware. Now you're the CEO take us through that because this is where we are right now. We are here at the pinnacle of VMware 2.0 or cloud native VMware, as you point out on your keynote, take us through that history real quick. Cuz I think it's important to know that you've been the architect of a lot of this change and it's it's working. >>Yeah, definitely. We are super excited because like I said, it's working, the history is pretty simple. I mean we tried running our own cloud cloud air. We cloud air didn't work so well. Right. And then at that time, customers really gave us strong feedback that the hybrid they wanted was a Amazon together. Right. And so that's what we went back and did and the andjay announcement, et cetera. And then subsequently as we were continue to build it out, I mean, once that happened, we were able to go work with the Satia and Microsoft and others to get the thing built out all over. Then the next question was okay, Hey, that's great for the workloads that are running on vSphere. What's the story for workloads that are gonna be cloud native and benefit a lot from being cloud native. So that's when we went the Tansu route and the Kubernetes route, we did a couple of acquisitions and then we started that started paying off now with the Tansu portfolio. And last but not the least is once customers have this distributed portfolio now, right. Increasingly everything is becoming multi-cloud. How do you manage and connect and secure. So that's what you start seeing that you saw the management announcement, networking and security and everything else is cooking. And you'll see more stuff there. >>Yeah know, we've been talking about super cloud. It's kinda like a multi-cloud on steroids kind a little bit different pivot of it. And we're seeing some use cases. >>No, no, it's, it's a very great, it's a, it's pretty close to what we talk about. >>Awesome. I mean, and we're seeing this kind of alignment in the industry. It's kind of open, but I have to ask you, when did you, you have the moment where you said multicloud is the game changer moment. When did you have, because you guys had hybrid, which is really early as well. When was the Raghu? When did you have the moment where you said, Hey, multicloud is what's happening. That's we're doubling down on that go. >>I mean, if you think about the evolution of the cloud players, right. Microsoft really started picking up around the 2018 timeframe. I mean, I'm talking about Azure, right? >>In a big way. >>Yeah. In a big way. Right. When that happened and then Google got really serious, it became pretty clear that this was gonna be looking more like the old database market than it looked like a single player cloud market. Right. Equally sticky, but very strong players all with lots of IP creation capability. So that's when we said, okay, from a supplier side, this is gonna become multi. And from a customer side that has always been their desire. Right. Which is, Hey, I don't want to get locked into anybody. I want to do multiple things. And the cloud vendors also started leveraging that OnPrem. Microsoft said, Hey, if you're a windows customer, your licensing is gonna be better off if you go to Azure. Right. Oracle did the same thing. So it just became very clear. >>I am, I have gone make you laugh. I always go back to the software mainframe because I, I think you were here. Right. I mean, you're, you're almost 20 years in. Yeah. And I, the reason I appreciate that is because, well, that's technically very challenging. How do you make virtualization overhead virtually non-existent how do you run any workload? Yeah. How do you recover from, I mean, that's was not trivial. Yeah. Okay. So what's the technical, you know, analog today, the real technical challenge. When you think about cross cloud services. >>Yeah. I mean, I think it's different for each of these layers, right? So as I was alluding to for management, I mean, you can go each one of them by themselves, there is one way of Mo doing multi-cloud, which is multiple clouds. Right. You could say, look, I'm gonna build a great product for AWS. And then I'm gonna build a great product for Azure. I'm gonna build a great product for Google. That's not what aria is. Aria is a true multi-cloud, which means it pulls data in from multiple places. Right? So there are two or three, there are three things that aria has done. That's I think is super interesting. One is they're not trying to take all the data and bring it in. They're trying to federate the data sources. And secondly, they're doing it in real time and they're able to construct this graph of a customer's cloud resources. >>Right. So to keep the graph constructed and pulling data, federating data, I think that's a very interesting concept. The second thing that, like I said is it's a real time because in the cloud, a container might come and go like that. Like that is a second technical challenge. The third it's not as much a technical challenge, but I really like what they have done for the interface they've used GraphQL. Right? So it's not about if you remember in the old world, people talk about single pan or glass, et cetera. No, this is nothing to do with pan or glass. This is a data model. That's a graph and a query language that's suited for that. So you can literally think of whatever you wanna write. You can write and express it in GraphQL and pull all sorts of management applications. You can say, Hey, I can look at cost. I can look at metrics. I can look at whatever it is. It's not five different types of applications. It's one, that's what I think had to do it at scale is the other problem. And, and >>The, the technical enable there is just it's good software. It's a protocol. It's >>No, no, it's, it's, it's it's software. It's a data model. And it's the Federation architecture that they've got, which is open. Right. You can pull in data from Datadog, just as well as from >>Pretty >>Much anything data from VR op we don't care. Right? >>Yeah. Yeah. So rego, I have to ask you, I'm glad you like the Supercloud cuz you know, we, we think multi-cloud still early, but coming fast. I mean, everyone has multiple clouds, but spanning this idea of spanning across has interesting sequences. Do you data, do you do computer both and a lot of good things happening. Kubernetes been containers, all that good stuff. Okay. How do you see the first rev of multi-cloud evolving? Like is it what happens? What's the sequence, what's the order of operations for a client standpoint? Customer standpoint of, of multicloud or Supercloud because we think we're seeing it as a refactoring of something like snowflake, they're a data base, they're a data warehouse on the cloud. They, they say data cloud they'd they like they'll tell us no, you, we're not a data. We're not a data warehouse. We're data cloud. Okay. You're a data warehouse refactored for the CapEx from Amazon and cooler, newer things. Yeah, yeah, yeah. That's a behavior change. Yeah. But it's still a data warehouse. Yeah. How do you see this multi-cloud environment? Refactoring? Is there something that you see that might be different? That's the same if you know what I'm saying? Like what's what, what's the ne the new thing that's happening with multi-cloud, that's different than just saying I'm I'm doing SAS on the cloud. >>Yeah. So I would say, I would point to a, a couple of things that are different. Firstly, my, the answer depends on which category you are in. Like the category that snowflake is in is very different than Kubernetes or >>Something or Mongo DB, right? >>Yeah. Or Mongo DB. So, so it is not appropriate to talk about one multi-cloud approach across data and compute and so, so on and so forth. So I'll talk about the spaces that we play. Right. So step one, for most customers is two application architectures, right? The cloud native architecture and an enterprise native architecture and tying that together either through data or through networks or through et cetera. So that's where most of the customers are. Right. And then I would say step two is to bring these things together in a more, in a closer fashion and that's where we are going. And that is why you saw the cloud universal announcement and that's already, you've seen the Tansu announcement, et cetera. So it's really, the step one was two distinct clouds. That is just two separate islands. >>So the other thing that we did, that's really what my, the other thing that I'd like to get to your reaction on, cause this is great. You're like a masterclass in the cube here. Yeah, totally is. We see customers becoming super clouds because they're getting the benefit of, of VMware, AWS. And so if I'm like a media company or insurance company, if I have scale, if I continue to invest in, in cloud native development, I do all these things. I'm gonna have a da data scale advantage, possibly agile, which means I can build apps and functionality very quick for customers. I might become my own cloud within the vertical. Exactly. And so I could then service other people in the insurance vertical if I'm the insurance company with my technology and create a separate power curve that never existed before. Cause the CapEx is off the table, it's operating expense. Yep. That runs into the income statement. Yep. This is a fundamental business model shift and an advantage of this kind of scenario. >>And that's why I don't think snowflakes, >>What's your reaction to that? Cuz that's something that, that is not really, talk's highly nuanced and situational. But if Goldman Sachs builds the biggest cloud on the planet for financial service for their own benefit, why wouldn't they >>Exactly. >>And they're >>Gonna build it. They sort of hinted at it that when they were up on stage on AWS, right. That is just their first big step. I'm pretty sure over time they would be using other clouds. Think >>They already are on >>Prem. Yeah. On prem. Exactly. They're using VMware technology there. Right? I mean think about it, AWS. I don't know how many billions of dollars they're spending on AWS R and D Microsoft is doing the same thing. Google's doing the same thing we are doing. Not as much as them that you're doing oral chair. Yeah. If you are a CIO, you would be insane not to take advantage of all of this IP that's getting created and say, look, I'm just gonna bet on one. Doesn't make any sense. Right. So that's what you're seeing. And then >>I think >>The really smart companies, like you talked about would say, look, I will do something for my industry that uses these underlying clouds as the substrate, but encapsulates my IP and my operating model that I then offer to other >>Partners. Yeah. And their incentive for differentiation is scale. Yeah. And capability. And that's a super cloud. That's a, or would be say it environment. >>Yeah. But this is why this, >>It seems like the same >>Game, but >>This, I mean, I think it environment is different than >>Well, I mean it advantage to help the business, the old day service, you >>Said snowflake guys out the marketing guys. So you, >>You said snowflake data warehouse. See, I don't think it's in data warehouse. It's not, that's like saying, you >>Know, I, over >>VMware is a virtualization company or service now is a help desk tool. I, this is the change. Yes. That's occurring. Yes. And that you're enabling. So take the Goldman Sachs example. They're gonna run OnPrem. They're gonna use your infrastructure to do selfer. They're gonna build on AWS CapEx. They're gonna go across clouds and they're gonna need some multi-cloud services. And that's your opportunity. >>Exactly. That's that's really, when you, in the keynote, I talked about cloud universal. Right? So think of a future where we can go to a customer and say, Mr. Customer buy thousand scores, a hundred thousand cores, whatever capacity you can use it, any which way you want on any application platform. Right. And it could be OnPrem. It could be in the cloud, in the cloud of their choice in multiple clouds. And this thing can be fungible and they can tie it to the right services. If they like SageMaker they could tie it to Sage or Aurora. They could tie it to Aurora, cetera, et cetera. So I think that's really the foundation that we are setting. Well, I think, I >>Mean, you're building a cloud across clouds. I mean, that's the way I look at it. And, and that's why it's, to me, the, the DPU announcement, the project Monterey coming to fruition is so important. Yeah. Because if you don't have that, if you're not on that new Silicon curve yep. You're gonna be left behind. Oh, >>Absolutely. It allows us to build things that you would not otherwise be able to do, >>Not to pat ourselves on the back Ragu. But we, in what, 2013 day we said, feel >>Free. >>We, we said with Lou Tucker when OpenStack was crashing. Yeah. Yeah. And then Kubernetes was just a paper. We said, this could be the interoperability layer. Yeah. You got it. And you could have inter clouding cuz there was no clouding. I was gonna riff on inter networking. But if you remember inter networking during the OSI model, TCP and IP were hardened after the physical data link layer was taken care of. So that enabled an entire new industry that was open, open interconnect. Right. So we were saying inter clouding. So what you're kind of getting at with cross cloud is you're kind of creating this routing model if you will. Not necessarily routing, but like connection inter clouding, we called it. I think it's kinda a terrible name. >>What you said about Kubernetes is super critical. It is turning out to be the infrastructure API so long. It has been an infrastructure API for a certain cluster. Right. But if you think about what we said about VSE eight with VSE eight Kubernetes becomes the data center API. Now we sort of glossed over the point of the keynote, but you could do operations storage, anything that you can do on vSphere, you can do using a Kubernetes API. Yeah. And of course you can do all the containers in the Kubernetes clusters and et cetera, is what you could always do. Now you could do that on a VMware environment. OnPrem, you could do that on EKS. Now Kubernetes has become the standard programming model for infrastructure across. It >>Was the great equalizer. Yeah. You, we used to say Amazon turned the data center through an API. It turns, turns of like a lot of APIs and a lot of complexity. Right. And Kubernetes changed. >>Well, the role, the role of defacto standards played a lot into the T C P I P revolution before it became a standard standard. What the question Raghu, as you look at, we had submit on earlier, we had tutorial on as well. What's the disruptive enabler from a defacto. What in your mind, what should, because Kubernetes became kind of defacto, even though it was in the CNCF and in an open source open, it wasn't really standard standard. There's no like standards, body, but what de facto thing has to happen in your mind's eye around making inter clouding or connecting clouds in a, in a way that's gonna create extensibility and growth. What do you see as a de facto thing that the industry should rally around? Obviously Kubernetes is one, is there something else that you see that's important for in an open way that the industry can discuss and, and get behind? >>Yeah. I mean, there are things like identity, right? Which are pretty critical. There is connectivity and networking. So these are all things that the industry can rally around. Right. And that goes along with any modern application infrastructure. So I would say those are the building blocks that need to happen on the data side. Of course there are so many choices as well. So >>How about, you know, security? I think about, you know, when after stuck net, the, the whole industry said, Hey, we have to do a better job of collaborating. And then when you said identity, it just sort of struck me. But then a lot of people tried to sort of monetize private reporting and things like that. So you do you see a movement within the technology industry to do a better job of collaborating to, to solve the acute, you know, security problems? >>Yeah. I think the customer pressure and government pressure right. Causes that way. Yeah. Even now, even in our current universe, you see, there is a lot of behind the scenes collaboration amongst the security teams of all of the tech companies that is not widely seen or known. Right. For example, my CISO knows the AWS CSO or the Microsoft CSO and they all talk and they share the right information about vulnerability attacks and so on and so forth. So there's already a certain amount of collaboration that's happening and that'll only increase. Do, >>Do you, you know, I was somewhat surprised. I didn't hear more in your face about security would, is that just because you had such a strong multi-cloud message that you wanted to get, get across, cuz your security story is very strong and deep. When you get into the DPU side of things, the, you know, the separation of resources and the encryption and I'll end to end >>I'm well, we have a phenomenal security story. Yeah. Yeah. Tell security story and yes. I mean I'll need guilty to the fact that in the keynote you have yeah, yeah, sure time. But what we are doing with NSX and you will hear about some NSX projects as you, if you have time to go to some of the, the sessions. Yeah. There's one called project, not star. Another is called project Watchman or watch, I think it's called, we're all dealing with this. That is gonna strengthen the security story even more. Yeah. >>We think security and data is gonna be a big part of it. Right. As CEO, I have to ask you now that you're the CEO, first of all, I'd love to talk about product with you cuz you're yeah. Yeah. We just great conversation. We want to kind of read thet leaves and ask pointed questions cuz we're putting the puzzle together in real time here with the audience. But as CEO, now you have a lot of discussions around the business. You, the Broadcom thing happening, you got the rename here, you got multi-cloud all good stuff happening. Dave and I were chatting before we came on this morning around the marketplace, around financial valuations and EBIDA numbers. When you have so much strategic Goodwill and investment in the oven right now with the, with the investments in cloud native multi-year investments on a trajectory, you got economies of scale there. >>It's just now coming out to be harvest and more behind it. Yeah. As you come into the Broadcom and or the new world wave that's coming, how do you talk about that value? Cuz you can't really put a number on it yet because there's no customers on it. I mean some customers, but you can't probably some for form. It's not like sales numbers. Yeah. Yeah. How do you make the argument to the PE type folks out there? Like EBIDA and then all the strategic value. What's the, what's the conversation like if you can share any, I know it's obviously public company, all the things going down, but like how do you talk about strategic value to numbers folks? >>Yeah. I mean, we are not talking to PE guys at all. Right. I mean the only conversation we have is helping Broadcom with >>Yeah. But, but number people who are looking at the number, EBIDA kind of, >>Yeah. I mean, you'd be surprised if, for, for example, even with Broadcom, they look at the business holistically as what are the prospects of this business becoming a franchise that is durable and could drive a lot of value. Right. So that's how they look at it holistically. It's not a number driven. >>They do. They look at that. >>Yeah. Yeah, absolutely. So I think it's a misperception to say, Hey, it's a numbers driven conversation. It's a business driven conversation where, I mean, and Hawk's been public about it. He says, look, I look at businesses. Can they be leaders in their market? Yeah. Because leaders get, as we all know a disproportionate share of the economic value, is it a durable franchise that's gonna last 10 years or more, right. Obviously with technology changes in between, but 10 years or more >>Or 10, you got your internal, VMware talent customers and >>Partners. Yeah. Significant competitive advantage. So that's, that's really where the conversation starts and the numbers fall out of it. Got it. >>Okay. So I think >>There's a track record too. >>That culture >>That VMware has, you've always had an engineering culture. That's turned, you know, ideas and problems into products that, that have been very successful. >>Well, they had different engineering cultures. They're chips. You guys are software. Right. You guys know >>Software. Yeah. Mean they've been very successful with Broadcom, the standalone networking company since they took it over. Right. I mean, it's, there's a lot of amazing innovation going on there. >>Yeah. Not, not that I'm smiling. I want to kind of poke at this question question. I'll see if I get an answer out of you, when you talk to Hawk tan, does he feel like he bought a lot more than he thought or does he, did he, does he know it's all here? So >>The last two months, I mean, they've been going through a very deliberate process of digging into each business and certainly feels like he got a phenomenal asset base. Yeah. He said that to me even today after the keynote, right. Is the amazing amount of product capability that he's seeing in every one of our businesses. And that's been the constant frame. >>But congratulations on that. >>I've heard, I've heard Hawk talk about the shift to, to Mer merchant Silicon. Yeah. From custom Silicon. But I wanted to ask you when you look at things like AWS nitro yeah. And graviton and train and the advantage that AWS has with custom Silicon, you see Google and Microsoft sort of Alibaba following suit. Would it benefit you to have custom Silicon for, for DPU? I mean, I guess you, you know, to have a tighter integration or do you feel like with the relationships that you have that doesn't buy you anything? >>Yeah. I mean we have pretty strong relationships with in fact fantastic relationships with the Invidia and Intel and AMD >>Benon and AMD now. >>Yeah. Yeah. I mean, we've been working with the Pendo team in their previous incarnations for years. Right, right. When they were at Cisco and then same thing with the, we know the Melanox team as well as the invi original teams and Intel is the collaboration right. From the get go of the company. So we don't feel a need for any of that. We think, I mean, it's clear for those cloud folks, right. They're going towards a vertical integration model and select portions of their stack, like you talked about, but there is always a room for horizontal integration model. Right. And that's what we are a part of. Right. So there'll be a number of DPU pro vendors. There'll be a number of CPU vendors. There'll be a number of other storage, et cetera, et cetera. And we think that is goodness in an alternative model compared to a vertically integr >>And yeah. What this trade offs, right. It's not one or the other, I mean I used to tell, talk to Al Shugar about this all the time. Right. I mean, if vertically integrated, there may be some cost advantages, but then you've got flexibility advantages. If you're using, you know, what the industry is building. Right. And those are the tradeoffs, so yeah. Yeah. >>Greg, what are you excited about right now? You got a lot going on obviously great event. Branding's good. Love the graphics. I was kind of nervous about the name changed. I likem world, but you know, that's, I'm kind of like it >>Doesn't readily roll off your phone. Yeah. >>I know. We, I had everyone miscue this morning already and said VMware Explorer. So >>You pay Laura fine. Yeah. >>Now, I >>Mean a quarter >>Curse jar, whatever I did wrong. I don't believe it. Only small mistake that's because the thing wasn't on. Okay. Anyway, what's on your plate. What's your, what's some of the milestones. Do you share for your employees, your customers and your partners out there that are watching that might wanna know what's next in the whole Broadcom VMware situation. Is there a timeline? Can you talk publicly about what? To what people can expect? >>Yeah, no, we, we talk all the time in the company about that. Right? Because even if there is no news, you need to talk about what is where we are. Right. Because this is such a big transaction and employees need to know where we are at every minute of the day. Right? Yeah. So, so we definitely talk about that. We definitely talk about that with customers too. And where we are is that the, all the processes are on track, right? There is a regulatory track going on. And like I alluded to a few minutes ago, Broadcom is doing what they call the discovery phase of the integration planning, where they learn about the business. And then once that is done, they'll figure out what the operating model is. What Broadcom is said publicly is that the acquisition will close in their fiscal 23, which starts in November of this year, runs through October of next year. >>So >>Anywhere window, okay. As to where it is in that window. >>All right, Raghu, thank you so much for taking valuable time out of your conference time here for the queue. I really appreciate Dave and I both appreciate your friendship. Congratulations on the success as CEO, cuz we've been following your trials and tribulations and endeavors for many years and it's been great to chat with you. >>Yeah. Yeah. It's been great to chat with you, not just today, but yeah. Over a period of time and you guys do great work with this, so >>Yeah. And you guys making, making all the right calls at VMware. All right. More coverage. I'm shot. Dave ante cube coverage day one of three days of world war cup here in Moscone west, the cube coverage of VMware Explorer, 22 be right back.

(air whooshing) (cymbal crashing) >> Hello everybody, I'm John Furrier, host of theCUBE. Join us for the season two, episode four of the ongoing series, The AWS Startup Showcase. For this episode, it's all about cybersecurity, hackers, super hackers, super cloud, all 10 companies presenting are the latest, hottest companies in cybersecurity startups. Of course, John Ramsey will be keynoting. He's the vice president of AWS, a security team. And of course, we've got great expert panels with the heroes, Liz Rice from Open Source, talking about kernaling in Linux kernal, security programming to best practices for CSOs. If you're a CSO or CXO, check it out.

>>Okay. We're back in Boston covering AWS reinvent 2022. This is our second live reinvent. We've done the other ones, uh, in between as digital. Uh, my name is Dave Lanta and you're watching the cube. Peter McKay is here. He's the CEO of sneaking ad Shani is the chief technical officer guys. Great to see you again. Awesome. Being here in Boston >>In July. It is Peter. You can't be weather's good weather. Yeah, red SOS. Aren't good. But everything else >>Is SOS are ruin in our sub, you know, >>Hey, they're still in the playoff, the hunt, you >>Know, all you gotta do is make it in. Yes. >>Right. And there's a new season. Simple >>Kinda like hockey, but you know, I'm worried they're gonna be selling at the trading >>Deadline. Yeah. I think they should be. I think it's you think so it's not looking good. Oh, >>You usually have a good angle on this stuff, but uh, well, Hey, we'll see. We'll go. I got a lot of tickets. We'll go and see the Yankees at least we'll see a winning team. Anyway, we last talked, uh, after your fundraising. Yeah. You know, big, big round at your event last night, a lot of buzz, one of the largest, I think the largest event I saw around here, a lot of good customers there. >>It's great. Great time. >>So what's new. Give us the update. You guys have made some, an acquisition since then. Integration. We're gonna talk >>About that. Yeah. It's been, uh, a lot has happened. So, uh, the business itself has done extremely well. We've been growing at 170% year, over year, a hundred percent growth in our number of customers added. We've done six acquisitions. So now we have, uh, five products that we've added to the mix. We've tripled the size of the company. Now we're 1300 people, uh, in the organization. So quite a bit in a very short period of time. >>Well, and of course my, in my intro, I, I said, reinvent, I'm getting ahead of myself. Right. >>Of course we'll >>Reinforced. We'll be at reinve >>In November. Are that's the next one at >>Reinforced. We've done a lot of reinvents by the way, you know? >>So there's a lot, lot of reinvention >>Here. So of course, well, you're reinventing security, right? Yes. So, you know, I try to, I think about when I go to these events, like, what's the takeaway, what's the epiphany. And we're really seeing the, the developer security momentum, and it's a challenge. They gotta worry about containers. They gotta worry about run time. They gotta worry about platform. Yeah. You guys are attacking that problem. Maybe describe that a >>Little bit for us. Yeah. I mean, for years it was always, um, you know, after the fact production fixing security in run time and billions and billions of dollars spent in fixing after the fact. Right. And so the realization early on with the was, you know, you gotta fix these issues earlier and earlier, we started with open source was the first product at wait. Then six, six years ago, then we added container security and we added infrastructure's code. We added code security. We added, um, most recently cloud security with the F acquisition. So one platform, one view that a developer can look at to fix all the issues through the, be from the beginning, all the way through the software development life cycle. So we call it developer security. So allowing developers to develop fast, but stay secure at the same time. >>So I like the fact that you're using some of your capital to do acquisitions. Yeah. Now a lot of M and a is, okay, we're gonna buy this company. We're gonna leave them alone. You guys chose to integrate them. Maybe describe what that process was like. Yeah. Why you chose that. Yeah. How hard it was, how long it took. Take us through that. >>Yeah. Yeah. I'll give, uh, two examples, maybe one on sneak, which was an acquisition of, of the company that was focused on, uh, code analysis, actually not for security. And we have identified the merit of what we need in terms of the first security solution, not an ability to take a security product and put it in the end of developer, but rather build something that will build into the dev motion, which means very fast, very accurate things that it can rely on source and not just on the build code and so on. And we have built that into the platform and by that our customers can gain all of their code related issues together with all of their ISE related issues together with all of the container issues in one platform that they can prioritize accordingly. >>Yeah. Okay. So, so talk more about the, the, the call, the few, the sneak cloud, right? Yeah. So the few name goes away. I presume, right. Or yes, it does. Okay. So you retire that and bring it in the brand is sneak. Yeah. Right. So talk about the cloud, what it does, what problems >>It's solving. Yeah. Awesome. And, and this goes exactly the same. As we mentioned on, on the code, we have looked at the, the, the cloud security solutions for a while now. And what we loved about the few team is that they were building their product with their first approach. Okay. So the notion is as followed as you are, you know, you're a CSO, you have your pro you have your program, you're looking, you have different types of controls and capabilities. And your team is constantly looking for threats. When we are monitoring your cloud environment, we can detect problems like, you know, your FL bucket is not exposing the right permissions and is exposed to the world or things like that. But from a security perspective, it might be okay to stop there. But if you're looking at an operation perspective, you need to know who needs to fix, how do they need to fix it? >>Where do they need to fix it? What will the be the impact if they would fix it? So what do we actually doing is we are connecting all the dots of the platform. So on one end, you know, the actual resources that are running and what's the implication in the actual deployed environment. On the other end, we get correlation back to the actual code that generates that. And then I can give that context both to the security person, the context of how it affects the application. But more importantly, the context for the developer is required to fix the problem. What's the context of the cloud. Yeah. And a lot of things are being exposed this way. And we can talk about that. Uh, >>So this is really interesting because, and look, I love AWS to do an amazing job. One of the other things I really like about 'em is it seems like they're not trying to go hard and monetize their security products. Mm-hmm, they're leaving that to the ecosystem, which I like. Yeah. Microsoft taken a little different approach, right? Yeah, yeah, yeah. Ton a lot. But this, this, this example you're giving ad about the S3 bucket. So we heard in the keynotes yesterday about, you know, reasoning, AI reasoning, they said, we can say, is this S3 bucket exposed to the public? We can do that with math. Right. Yeah. But you're what I'm inferring is you don't stop there. Yeah. Yeah. There's a lot of other stuff that has to, >>And sometimes have to, not as simple, just as a configuration change, sometimes the correlation between what your application is doing affects what is the resulted experience of, you know, the remote user or in this case, the attacker, right. I mean, >>The application has access, who has access to the application, is this, this the chain. >>So propagates, you have to, you have to have a, a solution that looks both at have very good understanding of the application context. A very good understanding of what we refer to as the application graph, like understanding how it works, being able to analyze that and apply the same policies, both at development time, as well as run time. >>So there's, there's human to app. There's also a machine to machine. Can you guys help with that problem as well? Or is that sort of a futures thing or >>Could you, I'm not sure. I understand what >>Referring, so machines talking to machines, right. I mean, there's data flowing. Yep. You know, between those machines, right. It's not just the humans interacting with the application. Is that a trend that you see and is that something that you guys can solve? >>So at, at the end of the day, there is a lot of automation that happens both for, by humans for good reasons, as well as by humans for bads. Right. <laugh> and, and the notion is that we are really trying to focus on what matters to the developer as they're trying to improve their business around that. So both improves making sure they know, you know, quality problems or things of this kind. But as part of that, more importantly, when we're looking at security as a quality problem, making sure that we have a flow in the development life cycle that streamline what the developer is expecting to do as they're building the solution. And if every single point, whether it's the ID, whether it's the change management, whether it's the actual build, whether it's the deployed instance on the cloud, making sure that we identify with that and connect that back to the code. >>Okay. So if there's machine automation coming in, that shouldn't be there, you can sort of identify that and then notify remediate or whatever action should be >>Taken. Yeah. Identify, identify remediate. Yep. >>Yeah. We, we really focus on making sure that we help developers build better products. So our core focus is identify areas where the product is not built way in a good way, and then suggest the corrective action that is required to make that happen. >>And I think part of this is the, you know, just, uh, the speed of the software development today. I mean, you look at developers are constantly and not just look at sneak you're, you're trying to get so much more productivity outta the developers that you have. Every company is trying to get more productivity out of developers, incredible innovation, incredible pace, get those is a competitive advantage. And so what we're trying to do is we make it easier for developers to go fast innovate, but also do it securely and embed it without slowing them down, develop fast and secure. >>So again, I love, I love AWS love what they're doing. We heard, uh, yesterday from, from CJ, you know, a lot of talk about, you know, threat detection and, you know, some talk about DevOps, et cetera. But yeah, I, I, I didn't hear a lot about how to reduce the complexity for the CSO. And the reason I bring this up is it feels like the cloud is now the first level of defense and the CISO is, is becoming the next level, which is on the developer. So the developer is becoming responsible for security at a whole shift left, maybe shield. Right. But, but shift left is becoming critical. Seems like your role and maybe others in the ecosystem is to address my concern about simplifying the life of the CISO. Is that a reasonable way to think about it? I >>Think it's changing the role of the CISO. How so? You know, really it's, I, I think it's before it, in this, in the security organization and D you should chime in here is, you know, it used to be, I did, I owned all application security, I owned the whole thing and they couldn't keep up. Like, I think it's just every security organization is totally overwhelmed. And so they have to share the responsibility. They have to get that fix the issues earlier and earlier, because it's waiting too long. It's after the fact. And then you gotta throw this over the fence and developers have to fix it. So they've gotta find a new way because they're the bottleneck they're slowing down the company from, in innovating and bringing these applications to market. So we are the kind of this bridge between the security teams that wanna make sure the, that we're staying secure and the development organizations and engineering and CEOs go fast. We need you guys to go faster and faster. So we, we tend to be the bridge between the two of them. >>One of the things I really love happening these days is that we change the culture of the organization from a culture where the CSO is trying to, you know, push and enforce and dictate the policy, which, which they should, but they really wanna see the development team speak up like that. The whole motion of DevOps is that we are empowering them to make the decisions that are right for the business, right? And then there is a gap because on one hand, this is always like, you need to do this, you need to do this. You need to do that. And the dev teams don't understand how that impacts their business. Good enough. And they don't have the tools and, you know, the ability to add a source problem. So with the solution liken, we really empower the developers to bake security as part of their cycle, which is what was done in many other fields, quality, other things, everything, it, everything moves into development already, right? So we're doing that. And the entire discussion now changes into an enablement discussion. >>So interesting. Cause you saw, this is the role of the CSOs changing. How so? I see that in a way like frees, sneak the CSO with the cloud is becoming a compliance officer. Like you do this, you do this, you do this, you do this, you third >>One would take a responsibility >>Trying. Yeah. Right, right. And so you're flipping that equation saying, Hey, we're gonna actually make this an accelerant to your business. >>So, so set the policy, determine compliance, but make sure that the teams, the developers are building applications in compliance with your policy. Right. So make sure and, and don't allow them to do something. If they're doing, if they're developing an application with a number of vulnerabilities, you can stop that from happening so you can oversee it, but you don't have to be the one who owns it all the way through from beginning to, >>Or, or get it before it's deployed. So you don't have to go back after the fact and, and remediate it with, you know, but, >>But think about deploy, they're deploying apps today. I mean, they're updating by the hour, right? Where, you know, six years ago, five years ago, two years ago was every six to nine months. Right? So the pace of this innovation from developers is so fast that the old way of doing security can't keep up. Like they're built for six month release cycles. This is six hour release cycles. And so we had to, it has to change security. Can't stay the way it is. So what we've been doing for se seven years for application security is exactly what we're doing for cloud security is moving all that earlier. All these products that we've been building over the years is really taking these afterthought security components and bringing 'em all earlier, you know, bringing everything like cloud security is done after the fact. Now we can take those issues and bring 'em right to the developers who created that and can fix the issues. So it's code to cloud back to code in a very automated fashion. So doesn't slow developers down. >>Okay. So what's the experience. We all know there's, everybody has more than one cloud. What's the experience across clouds. Can you create a consistent, continuous experience, cloud agnostic, >>Agnostic, cloud agnostic, uh, development environment, agnostic, you know, language agnostic. So that's kind of the beauty oft where you have maybe other certain tools for certain clouds, uh, or certain languages or certain development environments, but you have to learn different tools, you know, and, and they all roll up to security in a different way. And so what we have done is consolidated all that spend for open source security, container security infrastructure, now, cloud security, all that spend and all that fragmentation all under one platform. So it's one company that brings all those pieces >>Together. So it's a single continuous experience. Yeah. The developer experience you're saying is identical. Yes. >>Actually one product >>It's entitlement that we're getting. Yes. So you're hiding the underlying complexities of the respective clouds and those primitives developer doesn't have to worry about them. No, I call that a super cloud super >>Cloud. >>Okay. But no, but essentially that's what you're, you're building, building on the, on this ed Walsh would say on the shoulders of giants. Yeah, exactly. You know, you don't have to worry about the hyperscale infrastructure. Yep. Right. That you're building a layer of value on top of that. Yes. Is, is that essentially a PAs layer or is it, is it, can I think of it that way or is it not? Hmm. Is it platform? I >>Mean, yeah. I, I, I would say that at the end of the day, the, the way developers want to use a security tool is the same. Right. So we expose our functionality to them in those ways, if you're using, you know, uh, uh, one GI repository or another, if you're using one cloud or we, we are agnostic to data, don't, it's not, it doesn't really affect us in that manner. Um, I want to add another thing about the, the experience and associated with the consolidation that Peter referred to, uh, earlier, when you have a motion that automatically assess, you know, uh, problems that the developer is putting as part of the change management, as example, you do creating pool request. Now adding more capabilities into that motion is easy. So from enablement of the team, you can add another functionality, add cloud at ISC, add code and so on like that, because you already, you already made the decisions on how you are looking at that. And now you're integrated at, into your developer workflows, >>Right? So it's, it's already, it's already integrated for open source, adding container and ISD is real easy. It's all, you've already done all the integrations. And so for us going to five products and eventually 6, 7, 8, all, all based on the integrations that you already have in the same workflows that developers have become a use accustomed >>To. And that's what we, a lot of work from the company perspective. Right. >>I can ask you about another sort of trend we're seeing where you see Goldman Sachs last reinvent announced a cloud product, essentially bringing their data, their tools, their software. They're gonna run it on AWS at the snowflake summit, uh, capital one announced the service running on snowflake, Oracle by Cerner, right? Yeah. You know, they're gonna be, do something on OCI. Of course, make 'em do that. But it's, it's a spin on Andreessens every company's a software company. It's like every company's now becoming digital, a software company building their own SAS, essentially building their own clouds, or maybe, maybe something they'll be super clouds. Are you seeing industry come to sneak and say, Hey, help us build products that we can monetize >>There companies. So, first off, I think kind of the first iteration is, you know, all these industries of becoming software driven, like you said, and more software is more software risk. And so that kind of led us down this journey of now financial services, you know, tech, you know, media and entertainment, financial services, healthcare. Now it's this long tail of, of low tech. Yeah. Within those companies, they are offering services to the other parts of the organization. We have >>So far, mostly >>Internal, mostly internal, other than the global SI. And some of the companies who do that for a living, you know, they build the apps for companies and they are offering a sneak service. So before I give you these, I update these applications. I'm gonna make sure I'm running. I'm, I'm, I'm signifying those applications to make sure that they're secure before you get them. And so that now a company like a capital one coming to us saying, I wanna offer this to others. I think that's a, that's a leap because you know, companies are taking on security of someone else's and I think that's a, that's not there yet. It may be, >>Do you think it'll happen? >>We do have the, uh, uh, threat Intel that we, we have a very, a very strong security group that constantly monitors and analyzing the threat. And we create this vulnerability database. So in open sources, an example, we're the fact of standard, uh, in the field. So many of our partners are utilizing the threat Intel feed of snake as part of their offering. Okay. If you go to dock as an example, you can scan with, with snake intelligence immediately out of the gate over there, right? Yeah. >>And tenable, rapid seven trend micro. They all use the vulnerability database as well. Okay. So a lot of financial institutions use it because they had, they'd have seven, 10 people doing re security research on their own. And now they can say, well, I don't have to have those seven. I've got the industry standard for vulnerability database from Steve. >>And they don't have to throw out their existing tool sets where they have skills. >>Yes, exactly. >>Peter bring us homes, give us the bumper sticker, summarize, you know, reinforce and kind what we can expect going forward. >>Yeah, no, I mean, we're gonna continue the pace. We don't see anything slowing, slowing us down in terms of, um, just the number of customers that are, that are shifting left. Everybody's talking about, Hey, I need to embed this earlier and earlier. And I think what they're finding is this, this need to rein reinnovate like get innovation back into their business. And a lot of it had to slow down because, well, you know, you, we can't let developers develop an app without it going through security. And that takes time. It slows you down and allows you not to like slow the pace of innovation. And so for us, it's it help developers go fast, incredibly, you know, quickly, aggressively, creatively, but do it in a secure way. And I think that balance, you know, making sure that they're doing what they're doing, they're increasing developer productivity, increasing the amount of innovation that developers are trying to do, but you gotta do it securely. And that's where we compliment really what every CEO is pushing companies. I need more productivity. I need more aggressive creativity, innovation, but you better be secure at the same time. And that's what we bring together for our customers. >>And you better do that without slowing us down. That's >>Don't trade off, slow >>Us down. Always had to make. Yes, guys. Thanks so much for coming to the cube. Thanks, David. Always great to see you guys see ID. Appreciate it. All right. Keep it right there. This is the Cube's coverage of reinforced 2022 from Boston. We'll be right back right after the short break.

hi everybody welcome back to boston you're watching thecube's coverage of reinforce 2022 last time we were here live was 2019. had a couple years of virtual merit bear is here she's with the office of the cso for aws merit welcome back to the cube good to see you thank you for coming on thank you so much it's good to be back um yes cso chief information security officer for folks who are acronym phobia phobic yeah okay so what do you do for the office of the is it ciso or sizzo anyway ah whatever is it sim or theme um i i work in three areas so i sit in aws security and i help us do security we're a shop that runs on aws i empathize with folks who are running shops it is process driven it takes hard work but we believe in certain mechanisms and muscle groups so you know i work on getting those better everything from how we do threat intelligence to how we guard rail employees and think about vending accounts and those kinds of things i also work in customer-facing interactions so when a cso wants to meet awssc so that's often me and then the third is product side so ensuring that everything we deliver not just security services are aligned with security best practices and expectations for our customers so i have to ask you right off the bat so we do a lot of spending surveys we have a partner etr i look at the data all the time and for some reason aws never shows up in the spending metrics why do you think that is maybe that talks to your strategy let's double click on that yeah so first of all um turn on guard duty get shield advanced for the you know accounts you need the 3k is relatively small and a large enterprise event like this doesn't mean don't spend on security there is a lot of goodness that we have to offer in ess external security services but i think one of the unique parts of aws is that we don't believe that security is something you should buy it's something that you get from us it's something that we do for you a lot of the time i mean this is the definition of the shared responsibility model right everything that you interact with on aws has been subject to the same rigorous standards and we aws security have umbrella arms around those but we also ensure that service teams own the security of their service so a lot of times when i'm talking to csos and i say security teams or sorry service teams own the security of their service they're curious like how do they not get frustrated and the answer is we put in a lot of mechanisms to allow those to go through so there's automation there are robots that resolve those trouble tickets you know like and we have emissaries we call them guardian champions that are embedded in service teams at any rate the point is i think it's really beautiful the way that customers who are you know enabling services in general benefit from the inheritances that they get and in some definition this is like the value proposition of cloud when we take care of those lower layers of the stack we're doing everything from the concrete floors guards and gates hvac you know in the case of something like aws bracket which is our quantum computing like we're talking about you know near vacuum uh environments like these are sometimes really intricate and beautiful ways that we take care of stuff that was otherwise manual and ugly and then we get up and we get really intricate there too so i gave a talk this morning about ddos protection um and all the stuff that we're doing where we can see because of our vantage point the volume and that leads us to be a leader in volumetric attack signatures for example manage rule sets like that costs you nothing turn on your dns firewall like there are ways that you just as a as an aws customer you inherit our rigorous standards and you also are able to benefit from the rigor with which we you know exact ourselves to really you're not trying to make it a huge business at least as part of your your portfolio it's just it's embedded it's there take advantage of it i want everyone to be secure and i will go to bad to say like i want you to do it and if money is a blocker let's talk about that because honestly we just want to do the right thing by customers and i want customers to use more of our services i genuinely believe that they are enablers we have pharma companies um that have helped enable you know personalized medicine and some of the copic vaccines we have you know like there are ways that this has mattered to people in really intimate ways um and then fun ways like formula one uh you know like there are things that allow us to do more and our customers to do more and security should be a way of life it's a way of breathing you don't wake up and decide that you're going to bolt it on one day okay so we heard cj moses keynote this morning i presume you were listening in uh we heard a lot about you know cool tools you know threat detection and devops and container security but he did explicitly talked about how aws is simplifying the life of the cso so what are you doing in that regard and what's that that's let's just leave it there for now i talk to c sales every day and i think um most of them have two main concerns one is how to get their organization to grow up like to understand what security looks like in a cloudy way um and that means that you know your login monitoring is going to be the forensics it's not going to be getting into the host that's on our side right and that's a luxury like i think there are elements of the cso job that have changed but that even if you know cj didn't explicitly call them out these are beauties things like um least privilege that you can accomplish using access analyzer and all these ways that inspector for example does network reachability and then all of these get piped to security hub and there's just ways that make it more accessible than ever to be a cso and to enable and embolden your people the second side is how csos are thinking about changing their organization so what are you reporting to the board um how are you thinking about hiring and um in the metrics side i would say you know being and i get a a lot of questions that are like how do we exhibit a culture of security and my answer is you do it you just start doing it like you make it so that your vps have to answer trouble tickets you may and and i don't mean literally like every trouble ticket but i mean they are 100 executives will say that they care about security but so what like you know set up your organization to be responsive to security and to um have to answer to them because it matters and and notice that because a non-decision is a decision and the other side is workforce right and i think um i see a lot of promise some of it unfulfilled in folks being hired to look different than traditional security folks and act different and maybe a first grade teacher or an architect or an artist and who don't consider themselves like particularly technical like the gorgeousness of cloud is that you can one teach yourself this i mean i didn't go to school for computer science like this is the kind of thing we all have to teach ourselves but also you can abstract on top of stuff so you're not writing code every day necessarily although if you are that's awesome and we love debbie folks but you know there's there's a lot of ways in which the machine of the security organization is suggesting i think cj was part to answer your question pointedly i think cj was trying to be really responsive to like all the stuff we're giving you all the goodness all the sprinkles on your cupcake not at all the organizational stuff that is kind of like you know the good stuff that we know we need to get into so i think so you're saying it's it's inherent it's inherently helping the cso uh her life his life become less complex and i feel like the cloud you said the customers are trying to become make their security more cloudy so i feel like the cloud has become the first line of defense now the cso your customer see so is the second line of defense maybe the audit is the third line what does that mean for the role of the the cso how is that they become a compliance officer what does that mean no no i think actually increasingly they are married or marriable so um when you're doing so for example if you are embracing [Music] ephemeral and immutable infrastructure then we're talking about using something like cloud formation or terraform to vend environments and you know being able to um use control tower and aws organizations to dictate um truisms through your environment you know like there are ways that you are basically in golden armies and you can come back to a known good state you can embrace that kind of cloudiness that allows you to get good to refine it to kill it and spin up a new infrastructure and that means though that like your i.t and your security will be woven in in a really um lovely way but in a way that contradicts certain like existing structures and i think one of the beauties is that your compliance can then wake up with it right your audit manager and your you know security hub and other folks that do compliance as code so you know inspector for example has a tooling that can without sending a single packet over the network do network reachability so they can tell whether you have an internet facing endpoint well that's a pci standard you know but that's also a security truism you shouldn't have internet facing endpoints you don't approve up you know like so these are i think these can go in hand in hand there are certainly i i don't know that i totally disregard like a defense in-depth notion but i don't think that it's linear in that way i think it's like circular that we hope that these mechanisms work together that we also know that they should speak to each other and and be augmented and aware of one another so an example of this would be that we don't just do perimeter detection we do identity-based fine-grained controls and that those are listening to and reasoned about using tooling that we can do using security yeah we heard a lot about reasoning as well in the keynote but i want to ask about zero trust like aws i think resisted using that term you know the industry was a buzzword before the pandemic it's probably more buzzy now although in a way it's a mandate um depending on how you look at it so i mean you anything that's not explicitly allowed is denied in your world and you have tools and i mean that's a definition if it's a die that overrides if it's another it's a deny call that will override and allow yeah that's true although anyway finish your question yeah yeah so so my it's like if there's if there's doubt there's no doubt it seems in your world but but but you have a lot of capabilities seems to me that this is how you you apply aws internal security and bring that to your customers do customers talk to you about zero trust are they trying to implement zero trust what's the best way for them to do that when they don't have that they have a lack of talent they don't have the skill sets uh that it and the knowledge that aws has what are you hearing from customers in that regard yeah that's a really um nuanced phrasing which i appreciate because i think so i think you're right zero trust is a term that like means everything and nothing i mean like this this notebook is zero trust like no internet comes in or out of it like congratulations you also can't do business on it right um i do a lot of business online you know what i mean like you can't uh transact something to other folks and if i lose it i'm screwed yeah exactly i usually have a water bottle or something that's even more inanimate than your notebook um but i guess my point is we i don't think that the term zero trust is a truism i think it's a conceptual framework right and the idea is that we want to make it so that someone's position in the network is agnostic to their permissioning so whereas in the olden days like a decade ago um we might have assumed that when you're in the perimeter you just accept everything um that's no longer the right way to think about it and frankly like covid and work from home may have accelerated this but this was ripe to be accelerated anyway um what we are thinking about is both like you said under the network so like the network layer are we talking about machine to machine are we talking about like um you know every api call goes over the open internet with no inherent assurances human to app or it's protected by sig v4 you know like there is an inherent zero trust case that we have always built this goes back to a jeff bezos mandate from 2002 that everything be an api call that is again this kind of like building security into it when we say security is job zero it not only reflects the fact that like when you build a terraform or a cloud formation template you better have permission things appropriately or try to but also that like there is no cloud without security considerations you don't get to just bolt something on after the fact so that being said now that we embrace that and we can reason about it and we can use tools like access analyzer you know we're also talking about zero trust in that like i said augmentation identity centric fine grained controls so an example of this would be a vpc endpoint policy where it is a perm the perimeter is dead long live the perimeter right you'll have your traditional perimeter your vpc or your vpn um augmented by and aware of the fine-grained identity-centric ones which you can also reason about prune down continuously monitor and so on and that'll also help you with your logging and monitoring because you know what your ingress and egress points are how concerned should people be with quantum messing up all the encryption algos oh it's stopping created right okay so but we heard about this in the keynote right so is it just a quantum so far off by the time we get there is it like a y2k you're probably not old enough to remember y2k but y2k moment right i mean i can't take you anywhere what should we um how should we be thinking about quantum in the context of security and sure yeah i mean i think we should be thinking about quantum and a lot of dimensions as operationally interesting and how we can leverage i think we should be thinking about it in the security future for right now aes256 is something that is not broken so we shouldn't try to fix it yeah cool encrypt all the things you can do it natively you know like i love talking about quantum but it's more of an aspirational and also like we can be doing high power compute to solve problems you know but like for it to get to a security uh potentially uh vulnerable state or like something that we should worry about is a bit off yeah and show me an application that can yeah and i mean and i think at that point we're talking about homomorphic improvements about another thing i kind of feel the same way is that you know there's a lot of hype around it a lot of ibm talks about a lot you guys talked about in your keynote today and when i really talk to people who understand this stuff it seems like it's a long long way off i don't think it's a long long way off but everything is dog years in tech world but um but for today you know like for today encrypt yourself we will always keep our encryption up to standard and you know that will be for now like the the industry grade standard that folks i mean like i i have i have never heard of a case where someone had their kms keys broken into i um i always ask like awesome security people this question did you like how did you get into this did you have like did you have a favorite superhero as a kid that was going to save the world i um was always the kid who probably would have picked up a book about the cia and i like find this and i don't remember who i was before i was a security person um but i also think that as a woman um from an american indian family walking through the world i think about the relationship between dynamics with the government and companies and individuals and how we want to construct those and the need for voices that are observant of the ways that those interplay and i always saw this as a field where we can do a lot of good yeah amazing merritt thanks so much for coming on thecube great guest john said you would be really appreciate your time of course all right keep it ready you're very welcome keep it right there this is dave vellante for the cube we'll be right back at aws reinforced 2022 from boston keep right there [Music]

>> (upbeat music) >> Okay, we just covered some of the critical aspects from Infinidat recent announcement and the importance of cyber resilience and fast recovery. Eric Hertzog is back and joining us is Stan Wysocki, who's president of Mark III Systems. Stan, welcome to the Cube, good to see you. >> Thank you, pleasure to be here. >> Tell us about Mark III Systems. You specialize in IT infrastructure and artificial intelligence. It says in your website. I'd love to hear more about your business. >> Yeah, yeah, definitely. You know, I think we're a little bit unique in our industry, right? There've been business partners resellers around for, we've been around for 26 years. And in 26 years, we've supported some of largest enterprise customers in the Southeast, with server storage networking virtualization. We have VCP number 94, so we've been doing that from the very beginning. But about six years ago, we realized that IT was changing, that business was changing, that the demands of the customers was changing and we needed to create the full stack message and a full-stack practice. So we hired data scientists and developers in DevOps, MLOps and gave them the environments and the tools that they could use to build experience around AI, ML deep learning. So now when we engage with our customers, not only can we handle the entire enterprise stack that they have, but we can help accelerate them on their adoption of open-source technologies, cloud native development and AI and integrating that into their business processes. >> I love it. You got to keep moving. You've been around for a long time, but you're not just sitting still. I wonder if you could comment in an Eric, I want you to comment as well. From your customer's perspective Stan, what are the big trends that you see that are impacting their business and the challenges that they're facing? >> Yeah, that's great. So kind of ties into what I just said. Today we live in a data-driven society. Everything that we do is really driven by how the customer wants to engage. And that's both an internal customer and your end user customers, on how they want to engage, how they want to consume and how they want to interact with everything out there in the world, right? So the real trends is really around engaging with the customer, but that means that you need to be data-driven, you need to adopt AI platforms, you need to adopt a more holistic view of what you're doing with your customers. That drives up the importance of the data that you have in your shop, right? So then cybersecurity becomes extremely important, not just because of the technical skills of the hacker is getting better and better, but because we're becoming more reliant on the data that we have moving forward and we're proud to partner with Infinidat in leveraging InfiniGuard and Infinni safe to really protect our customer's data. >> Great. Eric, thinking about the trends and some of the issues that Stan just mentioned, when you think about the launch and the announcement that you just made, how do you see it fitting in to Stan's business? How's how it's going to help the end customers? >> Well, I think there's one key aspect. As noted in the fortune survey of CEOs in 2021. The number one concern of CEOs of the fortune 500, was cybersecurity and they saw that as biggest threat to their business. As Stan pointed out, that becomes of the importance of the digital data, that all companies generate, of all types, financial services, healthcare, government institutions, manufacturing, you name it. So one of the key things you've got to do, is make sure that your storage estate, fits into an overall cybersecurity strategy. And with InfiniGuard, or Ifini safe technologies, we can ensure that Stan's customers and customers of our other business partners all over the world, can make sure that the data is safe, protected and can help them form a malware or ransomware attack, against that valuable data set. >> Well then you know, one of you guys could come with, I mean, we talked to CSOs and they've told us that there be could in part due to the pandemic, largely actually, their whole strategy has changed. Their spending strategies changed, no longer than just sort of putting up hardware firewalls. They're shifting their focus to two different areas, obviously endpoint, you know, cloud security is a big deal, identity access management, but ransomware, is just top of mind for everybody. And as we talked about earlier, the exposure, now the weak links, whether you're working from home, or Stan you mentioned greater sophistication of hacker. So what are you hearing from customers in this regard, Stan? >> Well, you know I think you have that, right? But then you always have, we've been doing this for 26 years. I've never heard of an IT budget that that's gone up, in any year, right? So, with the sophistication of these hackers that are coming out and the different angles that they're using to get in, it is extremely important for our customers to be very efficient and choose their security strategy and products very wisely, right? I think I read an article a year or so ago that the average enterprise had like something like 27 different security products and imagine a CSO and his team, who is struggling with their budget to manage that. So for us to be able to leverage InfiniGuard and Infini safe and to be able to provide, you know the immutable snapshots. The logical air gas, the physical air backs and offense network for recovery. That's all extremely easy to manage. I mean I talked to my customers on why they have chosen Infinidat, you know through us, right? And one of the things that they always talk about is how easy and how amazing the support is. How easy it is to install, how easy it is to manage. And normally when you have a simple product, right, you think you can sell that to an unsophisticated customers. But my most technical customers really appreciate this, because of the way Infinidat manages itself and provides the tools saying, just for example, the host tools, right? It does it in the way that they do it, so they trust it, so that they can focus on the more important tasks, rather than the tier and feeding other storage environment. >> Yeah, thank you and then when you talk to CSOs, you ask them what's the number one problem, they'll tell you lack of talent and you just nailed it. You've got on average 27 different tools, new tools coming out every day, you're getting billion dollar, VC investments and more and more companies are getting into it. It just adds to that confusion. So Stan, I wonder if you could talk about, specifically InfiniGuard, how it fits into your stack like where and how you're applying it? Maybe you could talk about some specific use cases. >> Oh yeah definitely, you know we have customers in pretty much every vertical, that we're supporting their stores environments and Infinidat plays and all of those verticals with all of our customers. One in particular a healthcare account, one of our very first Infinidat customers and over the years, is become the de facto standard, stores platform that they have. And they also now have InfiniGuard as the backup target for commovault. And this is one of those examples of the very technical discerning customer, that really demands excellence, right? So they love, you know, the three controller setup versus a dual controller set up, they love the availability and the resiliency, but then when it comes to the cybersecurity, before they moved on to this platform, they did have some ransomware attacks and they did have to pay out and it was very public. And, you know, since they've gone onto this platform, they feel much more comfortable. >> Excellent. So Eric, I want to bring you in. So let's talk through some of the options that customers have. You and I were talking earlier about, you know, the local air gap, what is that? You know, the logical air gap if you will and then the physical labor, what patterns are you seeing with customers to really try to protect themselves against some of this ransomware? How are they approaching it? >> Well, first of all, obviously, we with the InfiniGuard, has a purpose built backup appliance can work with all the various backup vendors. But because backup, is one of the first things these sophisticated ransomware, or malware it entity is going to attack. right? Otherwise the CIO will just call up say, hey, do we have a good backup? Let's recover from that. So secondary storage, AK their backup estate, is exactly the first thing they're going to target. And they do it certain viciously of course. So what are the key things we do, is we allow them to take those backup datasets, commvault for example and in Stan's example, or Vain or veritas or IBM Spectrum Protector, many other packages, even directly with databases like with Oracle Armin and allow them to create a mutable snapshots. Can't delete them, can't change them, can alter them. And then we air gap them locally, from the management framework. So in an InfiniGuard, we have a technology known as our day-to-day dupe engines ODDES. Those are really the management scanner for the entire solution. So when we create an immutable snapshots, we create a logical air gap, with ODDES, cannot alter the immutability characteristics, they cannot shorten them, they can not lengthen them, in short we take that management scheme away and create this separation. But we also allow them to replicate those backup datasets to a remote InfiniGuard box. You would set up the exact same parameters, I want to make an immutable snap every day, every 12 hours, every six hours and then you've got the duplicate. Remember the average length, from breach to closure on a cyber attack is 287 days. So once the attack starts, you don't know until they ask you for the ransom, it could be going on for 50 days, a hundred days, 150 days. And it's all done, if you will on the download, hidden. So if by the way, you happen to have a data center fire, or you happen to have a tornado or an earthquake, or some other natural disaster, you still want that data replicated to a secondary site, but then you still want the capability of the cyber resilience, as Stan pointed out. So you can do that. We can create a then a isolated fence network and we can do that on one InfiniGarden. Most of our competitors require two data protection appliances and it's public it's right on their websites. So we save you on some CapEx there and then we can do this near instantaneous recovery. And that's not just of the dataset. Some of the cyber reasons, technology you'll see out there, including on primary storage, only recovers the dataset. We can recover the entire backup data set and all the surrounding environment. So to second that Vain or Veritas, IBM spectrum protect commvault, backup is available. The backup admins or the storage admins, could immediately restored, it's ready to go. And we can do that in 15 to 30 minutes. Now that is being fast to react to a problem. >> So thank you for that. So Stan, I wonder if you could talk about the best practice Eric was just sharing, the local air gap and then the secondary, is that really in the case of a disaster, or is it also to isolate the network? What are you seeing as the gold standard that customers are applying with your advice? >> Yeah, definitely the gold standard would be three sites. We do have a lot of our customers. The one healthcare customer in particular is splits it between two sides and they are actually working with us right now to architect the third site. Just for that fact, we are down in Texas, hurricanes can come in 60, 70, 80 miles on in land. And then there's, you know, hurricane Harvey, right with all the flooding and stuff like that. So they do want to set up a third side. I think that gives them the peace of mind. And you know the whole thing about it is right. You know, having an environment like this means the CSO and his team can focus on preventing attacks, while they're very confident that their infrastructure team, can handle anything that slips by them. >> Okay, great. Thank you. We're about out of time but Eric, I wonder if you could kind of bring us home, give us a summary of, how you see InfiniGuard impacting customers, you know where's that value that business case for them. I wonder if you could just tie that note for us. >> Sure. We want to make sure that we tie everything back, normally technical value, as Stan very eloquently did with several different customers, but what we can do from a business value perspective. So as an example, one of our infiniGuard customers, is a global financial services company and they were using a solution from a different purpose-built backup appliance provider. They switched to us, not only they're able to increase the number of daily backups, from 30,000 to 90,000. So they get better data protection, but on top of that, they cut 40% of their costs. So you want to make sure that while you're doing this, you're doing things like consolidation. One of our other customers, which is in EMEA, in the European area, they had 14 purpose-built backup appliances, seven in one data center and set seven and a second data center. Now they've got two, one in one data center, one of the other, they of course do the local backups right then and there. And then they replicate, from one data center to the other data center. As both data centers are both active data centers, but differ for the other data center. So from their perspective, dramatic reduction of OPEX and CapEx, 14 physical boxes down to two. And of course the associated management of both the manpower side, but why I love to call the watch slots, power and floor. All of those things that go into an OPEX budget, they were cut dramatically, 'cause there's only two systems now, to power cool, et cetera et cetera. Floor space, Rackspace from 14. So wow, did they save money. So I think, it's not only providing that data protection and cyber resilience technology, but doing it in a cost-effective way. And as Stan pointed out, in a highly automated way, that cuts back on the manpower they need to manage these systems, because they're overworked and they need to focus on as Stan pointed out, their AI infrastructure, where they're doing for AI applications, don't have time to deal with it. So the more we automate, the better it is for them and the easier it is for everyone from the end-user perspective, as well as up in through their entire IT chain of command. >> Okay, if you want more information, you can go to infinidatguard.com or it's markiisis.com and check it out, learn about their full stack solution. A little bit about AI. Gentlemen, thanks so much for the conversation today, great to have you. >> Mark and Steve: Thank you, Dave. Now in a moment, I'm going to have some closing thoughts on the market and what we heard today. Thank you for watching the cube. You're a leader in enterprise tech coverage.

(upbeat music) >> Okay, we just covered some of the critical aspects from Infinidat recent announcement and the importance of cyber resilience and fast recovery. Eric Hertzog is back and joining us is Stan Wysocki, who's president of Mark Three Systems. Stan, welcome to the Cube, good to see you. >> Thank you, pleasure to be here. >> Tell us about Mark Three Systems. You specialize in IT infrastructure and artificial intelligence. It says in your website. I'd love to hear more about your business. >> Yeah, yeah, definitely. You know, I think we're a little bit unique in our industry, right? There've been business partners resellers around for, we've been around for 26 years. And in 26 years, we've supported some of largest enterprise customers in the Southeast, with server storage networking virtualization. We have VCP number 94, so we've been doing that from the very beginning. But about six years ago, we realized that IT was changing, that business was changing, that the demands of the customers was changing and we needed to create the full stack message and a full-stack practice. So we hired data scientists and developers in DevOps, MLOps and gave them the environments and the tools that they could use to build experience around AI, ML deep learning. So now when we engage with our customers, not only can we handle the entire enterprise stack that they have, but we can help accelerate them on their adoption of open-source technologies, cloud native development and AI and integrating that into their business processes. >> I love it. You got to keep moving. You've been around for a long time, but you're not just sitting still. I wonder if you could comment in an Eric, I want you to comment as well. From your customer's perspective Stan, what are the big trends that you see that are impacting their business and the challenges that they're facing? >> Yeah, that's great. So kind of ties into what I just said. Today we live in a data-driven society. Everything that we do is really driven by how the customer wants to engage. And that's both an internal customer and your end user customers, on how they want to engage, how they want to consume and how they want to interact with everything out there in the world, right? So the real trends is really around engaging with the customer, but that means that you need to be data-driven, you need to adopt AI platforms, you need to adopt a more holistic view of what you're doing with your customers. That drives up the importance of the data that you have in your shop, right? So then cybersecurity becomes extremely important, not just because of the technical skills of the hacker is getting better and better, but because we're becoming more reliant on the data that we have moving forward and we're proud to partner with Infinidat in leveraging InfiniGuard and Infinni safe to really protect our customer's data. >> Great. Eric, thinking about the trends and some of the issues that Stan just mentioned, when you think about the launch and the announcement that you just made, how do you see it fitting in to Stan's business? How's how it's going to help the end customers? >> Well, I think there's one key aspect. As noted in the fortune survey of CEOs in 2021. The number one concern of CEOs of the fortune 500, was cybersecurity and they saw that as biggest threat to their business. As Stan pointed out, that becomes of the importance of the digital data, that all companies generate, of all types, financial services, healthcare, government institutions, manufacturing, you name it. So one of the key things you've got to do, is make sure that your storage estate, fits into an overall cybersecurity strategy. And with InfiniGuard, or Ifini safe technologies, we can ensure that Stan's customers and customers of our other business partners all over the world, can make sure that the data is safe, protected and can help them form a malware or ransomware attack, against that valuable data set. >> Well then you know, one of you guys could come with, I mean, we talked to CSOs and they've told us that there be could in part due to the pandemic, largely actually, their whole strategy has changed. Their spending strategies changed, no longer than just sort of putting up hardware firewalls. They're shifting their focus to two different areas, obviously endpoint, you know, cloud security is a big deal, identity access management, but ransomware, is just top of mind for everybody. And as we talked about earlier, the exposure, now the weak links, whether you're working from home, or Stan you mentioned greater sophistication of hacker. So what are you hearing from customers in this regard, Stan? >> Well, you know I think you have that, right? But then you always have, we've been doing this for 26 years. I've never heard of an IT budget that that's gone up, in any year, right? So, with the sophistication of these hackers that are coming out and the different angles that they're using to get in, it is extremely important for our customers to be very efficient and choose their security strategy and products very wisely, right? I think I read an article a year or so ago that the average enterprise had like something like 27 different security products and imagine a CSO and his team, who is struggling with their budget to manage that. So for us to be able to leverage InfiniGuard and Infini safe and to be able to provide, you know the immutable snapshots. The logical air gas, the physical air backs and offense network for recovery. That's all extremely easy to manage. I mean I talked to my customers on why they have chosen Infinidat, you know through us, right? And one of the things that they always talk about is how easy and how amazing the support is. How easy it is to install, how easy it is to manage. And normally when you have a simple product, right, you think you can sell that to an unsophisticated customers. But my most technical customers really appreciate this, because of the way Infinidat manages itself and provides the tools saying, just for example, the host tools, right? It does it in the way that they do it, so they trust it, so that they can focus on the more important tasks, rather than the tier and feeding other storage environment. >> Yeah, thank you and then when you talk to CSOs, you ask them what's the number one problem, they'll tell you lack of talent and you just nailed it. You've got on average 27 different tools, new tools coming out every day, you're getting billion dollar, VC investments and more and more companies are getting into it. It just adds to that confusion. So Stan, I wonder if you could talk about, specifically InfiniGuard, how it fits into your stack like where and how you're applying it? Maybe you could talk about some specific use cases. >> Oh yeah definitely, you know we have customers in pretty much every vertical, that we're supporting their stores environments and Infinidat plays and all of those verticals with all of our customers. One in particular a healthcare account, one of our very first Infinidat customers and over the years, is become the de facto standard, stores platform that they have. And they also now have InfiniGuard as the backup target for commovault. And this is one of those examples of the very technical discerning customer, that really demands excellence, right? So they love, you know, the three controller setup versus a dual controller set up, they love the availability and the resiliency, but then when it comes to the cybersecurity, before they moved on to this platform, they did have some ransomware attacks and they did have to pay out and it was very public. And, you know, since they've gone onto this platform, they feel much more comfortable. >> Excellent. So Eric, I want to bring you in. So let's talk through some of the options that customers have. You and I were talking earlier about, you know, the local air gap, what is that? You know, the logical air gap if you will and then the physical labor, what patterns are you seeing with customers to really try to protect themselves against some of this ransomware? How are they approaching it? >> Well, first of all, obviously, we with the InfiniGuard, has a purpose built backup appliance can work with all the various backup vendors. But because backup, is one of the first things these sophisticated ransomware, or malware it entity is going to attack. right? Otherwise the CIO will just call up say, hey, do we have a good backup? Let's recover from that. So secondary storage, AK their backup estate, is exactly the first thing they're going to target. And they do it certain viciously of course. So what are the key things we do, is we allow them to take those backup datasets, commvault for example and in Stan's example, or Vain or veritas or IBM Spectrum Protector, many other packages, even directly with databases like with Oracle Armin and allow them to create a mutable snapshots. Can't delete them, can't change them, can alter them. And then we air gap them locally, from the management framework. So in an InfiniGuard, we have a technology known as our day-to-day dupe engines ODDES. Those are really the management scanner for the entire solution. So when we create an immutable snapshots, we create a logical air gap, with ODDES, cannot alter the immutability characteristics, they cannot shorten them, they can not lengthen them, in short we take that management scheme away and create this separation. But we also allow them to replicate those backup datasets to a remote InfiniGuard box. You would set up the exact same parameters, I want to make an immutable snap every day, every 12 hours, every six hours and then you've got the duplicate. Remember the average length, from breach to closure on a cyber attack is 287 days. So once the attack starts, you don't know until they ask you for the ransom, it could be going on for 50 days, a hundred days, 150 days. And it's all done, if you will on the download, hidden. So if by the way, you happen to have a data center fire, or you happen to have a tornado or an earthquake, or some other natural disaster, you still want that data replicated to a secondary site, but then you still want the capability of the cyber resilience, as Stan pointed out. So you can do that. We can create a then a isolated fence network and we can do that on one InfiniGarden. Most of our competitors require two data protection appliances and it's public it's right on their websites. So we save you on some CapEx there and then we can do this near instantaneous recovery. And that's not just of the dataset. Some of the cyber reasons, technology you'll see out there, including on primary storage, only recovers the dataset. We can recover the entire backup data set and all the surrounding environment. So to second that Vain or Veritas, IBM spectrum protect commvault, backup is available. The backup admins or the storage admins, could immediately restored, it's ready to go. And we can do that in 15 to 30 minutes. Now that is being fast to react to a problem. >> So thank you for that. So Stan, I wonder if you could talk about the best practice Eric was just sharing, the local air gap and then the secondary, is that really in the case of a disaster, or is it also to isolate the network? What are you seeing as the gold standard that customers are applying with your advice? >> Yeah, definitely the gold standard would be three sites. We do have a lot of our customers. The one healthcare customer in particular is splits it between two sides and they are actually working with us right now to architect the third site. Just for that fact, we are down in Texas, hurricanes can come in 60, 70, 80 miles on in land. And then there's, you know, hurricane Harvey, right with all the flooding and stuff like that. So they do want to set up a third side. I think that gives them the peace of mind. And you know the whole thing about it is right. You know, having an environment like this means the CSO and his team can focus on preventing attacks, while they're very confident that their infrastructure team, can handle anything that slips by them. >> Okay, great. Thank you. We're about out of time but Eric, I wonder if you could kind of bring us home, give us a summary of, how you see InfiniGuard impacting customers, you know where's that value that business case for them. I wonder if you could just tie that note for us. >> Sure. We want to make sure that we tie everything back, normally technical value, as Stan very eloquently did with several different customers, but what we can do from a business value perspective. So as an example, one of our infiniGuard customers, is a global financial services company and they were using a solution from a different purpose-built backup appliance provider. They switched to us, not only they're able to increase the number of daily backups, from 30,000 to 90,000. So they get better data protection, but on top of that, they cut 40% of their costs. So you want to make sure that while you're doing this, you're doing things like consolidation. One of our other customers, which is in EMEA, in the European area, they had 14 purpose-built backup appliances, seven in one data center and set seven and a second data center. Now they've got two, one in one data center, one of the other, they of course do the local backups right then and there. And then they replicate, from one data center to the other data center. As both data centers are both active data centers, but differ for the other data center. So from their perspective, dramatic reduction of OPEX and CapEx, 14 physical boxes down to two. And of course the associated management of both the manpower side, but why I love to call the watch slots, power and floor. All of those things that go into an OPEX budget, they were cut dramatically, 'cause there's only two systems now, to power cool, et cetera et cetera. Floor space, Rackspace from 14. So wow, did they save money. So I think, it's not only providing that data protection and cyber resilience technology, but doing it in a cost-effective way. And as Stan pointed out, in a highly automated way, that cuts back on the manpower they need to manage these systems, because they're overworked and they need to focus on as Stan pointed out, their AI infrastructure, where they're doing for AI applications, don't have time to deal with it. So the more we automate, the better it is for them and the easier it is for everyone from the end-user perspective, as well as up in through their entire IT chain of command. >> Okay, if you want more information, you can go to infinidatguard.com or it's markiisis.com and check it out, learn about their full stack solution. A little bit about AI. Gentlemen, thanks so much for the conversation today, great to have you. >> Thank you, Dave. Now in a moment, I'm going to have some closing thoughts on the market and what we heard today. Thank you for watching the cube. You're a leader in enterprise tech coverage.

>>Good morning live from Las Vegas. It's the Q with AWS reinvent 2021. This is our fourth day of coverage. The third full day of the conference. Lisa Martin here with Dave Nicholson. Dave, we had had a tremendous number of conversations. In fact, we've two live sets over a hundred guests on the program, and I have another web. I've got two Dave's for you for the price of one. Dave trader joins us the field CSO client advisor at Presidio. We're going to be talking about ransomware and security, Dave, welcome to the program. Thank you for having me. So it's looking at your background. You've got a very cool background. You hold numerous cybersecurity certifications, including CIS SP you've received numerous endorsements from the department of Homeland security, the FBI and NSA. And in 2018, you graduated from the FBI's CSO academy in Quantico. Wow. Yeah, it sounds like he's a man with a very special set of skills. I think you're right. I think you're right. One of the things that we have seen the cybersecurity landscape has changed dramatically in the last year and a half 22 months or so. I was reading some stats ransomware and the check happens delivery once every 11 seconds. It's now a matter of when not, if talk to us about some of the things that you're seeing, the threat landscape, changing ransomware as a service what's going on. >>The last part that you mentioned was ransomware as a service is key. The access to be able to launch a tax has become so simplified that the, the, the, uh, the attacker level doesn't have to be sophisticated. Really. You can get down to the 100 level brand new hackers that are just getting into the space. They can go to a help desk and they can purchase ransomware, and they can run this ransomware that has the comes with quality assurance, by the way. And if they didn't run correctly, they've got a help desk support system. That'll help them run this in a, you know, as a criminal enterprise. Um, the access is really what is, what has made this so prevalent, and it really exacerbated the problem to the massive scale that we're seeing today. Yeah. >>And of course, we're only hearing about the big ones, you know, re you know, Conti colonial pipeline. But as I mentioned, an attack occurring every 11 seconds, I also was reading the first half of calendar, 21, that ransomware was up nearly 11 X. So the trajectory it's going the wrong way, it's going up into the right and the way that we don't want it to go, are they becoming more brazen? Is it easier? Ransomware is the surface, but also they're able to be paid in Bitcoin and that's less traceable. >>Yeah. So, um, exponential is not even fair, right? Cause it, that's not even a fair assessment because that up and right, it's just, it's been so pervasive that we just see that continued growth. Uh, you know, there's how, you know, different ways and how we're going to stop that. And what we're, what we're doing from a national perspective is all coming into play and what we're going to do about it. You know? So the, one of the things that I'm seeing, that's kind of new is the taunting aspect. So the taunting aspect is, uh, you know, they've been in your network for a little while, the dwell times extended and they're collecting intelligence, but what they're doing is, you know, they used to let you, after they would present you with the ransomware note, they would let you kind of circle the wagons. And then you would come to a decision point as an organization. >>Is, am I going to pay or am I not well? And they would give you a little bit of time to deliberate. Well, now during your deliberation time, they're actually sending texts to the CEO and the CFO and there's, and they're, they're, they're showcasing their, their, uh, technical prowess and that they've got you, they own you at that point. And they're, they're texting on your personal device. And they're saying, you should go ahead and pay us, or we're going to make this worse. The taunting aspect is even twisting the knife and it's, uh, you know, out of box isn't even from a criminal aspect, I expect that to be out of bounds, no >>Crazy. And of course, you know, some of the things that we've seen, um, uh, the, the white houses, counter ransomware initiative, a coalition of 30 countries aimed to ramp up global efforts to attack that it's like, are you seeing cyber crime with the rise and the proliferation, you think there's gonna be more regulations and organizations that are going to be having to deal with? What do you think? Some of the things that we're going to see on that legal? >>Yeah. So we have to, we have to leverage compliance, and there's a lot of really great frameworks out there today that we are leveraging. And there's, there's good methodology on how to stop this. The issue is it's the adoption and really the, the, the knowledge, the subject matter expertise, and really that consultant side, that's the message that I try and get out to, to, to our customers and our clients. And I'm trying to really get them to understand what that evolution looks like and what, what is needed in each discipline, because there's various disciplines across the board and you almost have to have them all, um, you know, in order to be able to stop ransomware and solve for that ransomware problem. And I do think the regulation is going to be key. I also think that I need some air support from not only the federal government, but our internet service providers and, and we as a free country, we need to be careful of, you know, on, on some of that, some of those fronts. But I, I, I still think that I would appreciate, you know, my ISP doing a little bit of block and tackle for me, you know, and helping me out, even though I want the freedom to do and be able to do whatever I want. I still like them to say, you know, we're gonna block known that because, you know, it would just be nice to have a little bit of support even on that side. So how does >>An ISP prevent me from panning out my password and being fooled in a, in a, in a phishing attack is the, is the question that, is, that, is that still a real issue? >>So I wouldn't put that. I wouldn't put that on the ISP. I would put that more on the end point and some personal responsibility, right. Knowing, and I do, I do stress that a little bit, but relatively early >>Morning sarcasm in my bag. >>Yeah. So I do put that on, but there, but there are tremendous partners that I work with that are able to do that and automate a lot of that for you. And I need to make it simple, but simple as hard. And that's what you know is, especially in cybersecurity, we want to make it simple for it and really be able to remove the threat to the end user and protect the user. But in order to do that, there's a ton of things on a ton of sophistication and innovation that happens in the background. And we really need to be able to showcase how that's done. And, um, I, it's, obviously I'm excited about it, but we need more people that are able to just specialize in this. We need more good guys that are able to come in and help us on this front. >>I also think we need to break down some barriers for on the competition with, you know, market share and the partners we need to, we need to kind of elevate the conversation a little bit and we all need to work together because we're all in the same boat when it comes to how we're being attacked. Um, you know, from a national perspective on a global scale. And I think that if we elevate the conversation, our collective, uh, mindset in that, that, that, that, uh, that, that mind share is going to be able to really help us innovate and, and put a stop to this. >>So then how is Presidio and AWS, how are you helping them until you get to it? Ransomware and mitigation can talk to us about that. How are you going to be helping, especially there's cyber security skills gap that's gone on like five years. >>Sure. Yeah. That skills gap is going to continue to, we're going to continue to see that grow as well. And we're efforting that on many fronts, but I'm really excited about the ransomware mitigation kit that got, uh, unveiled yesterday. Um, I got a call earlier this year from, uh, AWS and, and, uh, we basically, the question was posed to me, you know, what are we going to do about this is from an AWS perspective, what can we do? Um, you know, cause th the cyber adversaries are, uh, are, are relatively unchecked and, and, and their attitude is what are you going to do about it? So AWS posed the question, what are we going to do about it? And what we came up with was, you know, as, as an isolated organization, or as an isolated discipline as with like a managed detection and response or endpoint protection, um, that silo could not by itself accomplish and the solve to eliminate ransomware or to make a dent in eliminate ransomware. >>So what we had to do was combine disciplines, and we reached over to BCDR disaster recovery and, and, and, and our backup teams. And we said, let's put together endpoint protection, MDR, and let's, let's merge the two of these. And let's automate that. So that what happens is, is when we detect the ransomware attack, there's, there's a specific indicators of compromise that happened in the attack, the end point protection, which is CrowdStrike in our case can see that and can notify that, and then can tell the backup and recovery team, Hey, we know that this is a, this is an indicator of compromise. We know that this system is, has been owned. And then there's an inflection point where we can ask the user if they want to manually intervene, or if they want us to automate that and intervene for them. So it really keeps production going full-time and, uh, it doesn't, it takes away the cyber adversaries ability to hold our data hostage. So this is an, it was this one, and I don't use PI verbally, uh, frequently, but this is a monumental, uh, uh, evolution of what, of what we're going to see and how to prevent ransomware. >>Wow. I was reading that, that ransomware is backups, or you talked about backup, the backup backup attacks are on the rise as well. How can organizations, how can they work with Presidio in AWS? You described this as monumental kind of game-changing, how can they work with you guys to, to implement this technology so that we can start dialing down the threats? >>Yeah. So we would love to, we would love to hear from you, right? Give us a, give us a call. Um, but, uh, our teams, you know, with, with CloudEndure and AWS CloudEndure and CrowdStrike and what they've really come up with, and, and you have to have these two things ahead of time. So I sit on our critical incident response team, and, you know, I, I do work with, you know, the, the bureau as often as I can on attribution, but you have to have these ahead of time. So your, your, your, your, uh, critical response plan needs to be in place. And if you have the two things that we, that we've really put a lot of effort into over the last eight months, if you've got CrowdStrike and you've got cloud on, on the backend, we can establish all of those, um, and, and really set this up for you to eliminate that threat. And, and that's what we're excited to showcase this week, and, you know, in the coming months, and we're going to, and we've also got additional things in additional features that we plan to add to that in the, in the coming months, Dave, >>Your thoughts on the partnership between private industry and government entities. Uh, you mentioned that the level of sophistication to engage in this bad behavior doesn't necessarily have to be the, have to rise to the level of state sponsored. Um, but can we do this in the private sector, by ourselves? What are your, what are your sort of philosophical? >>I will give you my, I will give you a statistic on this and it will, it'll be self-explanatory. But, um, 80% of our critical infrastructure in the United States is privately held. So we're unique in that perspective, we aren't like some other countries where they can just mandate the requirement that the government will control critical infrastructure. It's privately held here in the United States. So you almost have to invite the federal government to come in, even though you are a critical infrastructure, they still have to be invited to come help you. And that partnership is key in order to be able to defend yourself, but also to defend the nation. Our power grids are our water sources. I mean, you'll see those are private private companies, but we need that federal help. And I try and evangelize that partnership. I mean, you know, there's always the, um, you know, when you think about working with federal agencies, like the, like the FBI, um, there's a little bit of hesitation and you're not really quite sure. >>I will tell you that those, those men and women are, um, uh, they're amazing. They're amazing to work with they're, they're really good at what they do. And, and you're certainly it's a partnership and they have a whole division set up there's the office of the private sector is designed to have these conversations and help you prepare. And then in the unfortunate instance where you might have an attack there, right. They're trying to figure out who did that to you, you know, and, and you're a victim, you're a victim of a federal crime at that point. And they, they treat you with such care and, you know, they're, uh, they do such a great job. So I think we have to engage them in order to, and we should actually be able to help them with the technology and how, and make it easier for them to do their job, but something I'm also very interested in. >>Talk to me about your interests as the last question, in terms of what's going to go on here, we are wrapping up 2021 entering 2022, which hopefully will be a much better year for on many fronts, including the decrease in ransomware. What are some of the things that you're excited about? There's so much technology, there's so much opportunity and innovation going on with AWS and its partner ecosystem. What excites you, what opportunities do you see as we head into 2020? Yeah. >>So I do see some, I do see some threats that are going to evolve. Um, ransomware is certainly going to be more of the same until we get this out in this new methodology and what we've built until that becomes widely adopted. I think we, you know, we're not going to make a dent in the numbers that we're seeing just yet, but I'm hoping that that will change when, you know, when the industries do start to adopt that. The other thing that I'm seeing is I think operational technology is going to take a hit in 2022 because the bad guys have started to figure out how, um, you know, that, that, that, that operational technology is not as, uh, it's not front and center. And it's not top of mind for a lot of CSOs. So they're, they're targeting that weakness and going after that. So I think we really need to brace for that and, and really, uh, get in front of that. Uh, so that's one of the things that I'm prepping for is really the operational IOT conversation, and then how I can help, uh, organizations and even, even home users, you know, with some of the stuff that you've got, you know, maybe in your own home that could be used again, >>Right? Cause that work from anywhere is going to persist for quite some time. Dave, thank you so much for joining Dave Nicholson and me on the program this morning, talking about what's going on in the threat landscape ransomware, but also this monumental shift and from, from a technology and a partnership perspective that Presidio and AWS are doing to help customers and every industry, private and public sector. We appreciate your insights. Thank you >>For having me. Thanks >>For being here. Very Dave and Dave I'm Lisa you're watching the cube, the global leader in live tech coverage.