>> From the SiliconANGLE media office in Boston, Massachusetts, it's theCUBE. Now here's your host, Stu Miniman. (techy music) >> Hi, I'm Stu Miniman, and welcome to a special CUBE conversation here in our Boston area studio. Happy to welcome to the program first time guest, Patrick Morley, who's the CEO of Carbon Black. Of course, recently announced acquisition by VMware of $2.1 billion. Patrick, thanks so much for joining us. >> Stu, thanks for having me. >> All right. So, you know, we love digging into tech. There is no hotter space than security, you know? All the cybers are, you know, really exciting stuff, and even your company's Waltham-based. >> That's right. >> So actually a little closer to Boston than we are here in Marlborough, Massachusetts. When we had a green screen we used to kind of fake it with the skyline, but you know, the Boston area people know more than just Massachusetts Tech, but you know, a lot of, you know, great technology in Boston of course, you know? A lot of good technologies, a lot of good schools that have driven things. You have been CEO since 2007 and have seen quite a bit. You know, merger, Bit9 and Carbon Black many years ago, IPO, you know, not that long ago in the past, and now acquisition, as we said, for $2.1 billion. So, you know, give us a little bit of step back as to, you know, the journey, how we got here, and you know, what's it like to be kind of at the helm with your crew through, you know, all of those changes? >> Yep, well certainly very, very proud and very thankful to all of the customers that have been with us for many, many, many years. And as you said when you first started here, Boston is an awesome place for cybersecurity. I think I fits a bit of the personality on the East Coast, and if you just look at Boston in general there's a lot of great cybersecurity talent, a lot of great cybersecurity companies. And I'm extremely proud and grateful to all of my employees in Massachusetts who have built Carbon Black over the last number of years. And of course we have offices elsewhere across the globe, but Boston is, and Massachusetts is, where the companies roots really come from. And as you said, 2007 is when I joined the company. Obviously cyber was a very different world back then, and it's amazing if you just kind of roll back. In 2007, the idea of a CISO, of a chief information security officer, was still very new, and most companies we dealt with back then did not have a CISO, they had a network administrator or somebody, so that's all changed. If you look at security as a board-level issue, in 2007 there were certainly some areas of some sectors like the government where it had a lot of importance, but outside of that it did not have the same visibility as a strategic issue as it does now, it's been amazing. >> So much, you know, my background is networking and virtualization. I've spent a lot of time, you know, since 2007 looking at all the cloud world, and as I said, back in the early 2000s security was top of mind but often bottom of budget. You know, the network people, you know, back in the day it was like, "Can't you just lock the door," or you know, "Make sure the rack is secure," and you know, "Well we'll run things over Optical," and therefore we'll know if somebody splices into it from a networking standpoint. Today, as you stated, clearly it's a board-level discussion, CISOs, you know, rising power in the organization, and often dictating a lot of how the stack is built out there. >> Absolutely. >> So wow, bring us a little bit, you know, your portfolio. You know, security is not a thing. You know, any customer I talk to, they're like, you know, there is no such thing as a silver bullet in security. Most customers I talk to really think of security as a programmatic effort, so help us understand a little bit, you know, where Carbon Black fits today, and then we'll get into, you know, your, you know, broadened scope once you're going to be under VMware. >> Yeah, so the core founding idea behind Carbon Black was a simple one, which was that fundamentally the adversary was in a position where they eventually would figure out a way to get in, and if you fundamentally believe that then you do everything you can to stop the adversary, but you say, "I need telemetry. "I need data in order to understand what's happening across my environment in order to be able to see and stop the adversary." And so we began a journey to essentially be able to collect and analyze all the data that an adversary, that an attacker would touch in order to run their program, and you know, we always have equated it to essentially a movie camera that allows you to rewind the tape, and with all that data that we collect we can run tremendous analytics against that in order to be able to see and stop the adversary and understand what's happening across the environment. We essentially created a market that's now called EDR endpoint detection and response, and it's that simple idea of being able to understand and have situational analysis, situational visibility across the whole enterprise. We did that initially on-premise, so we did all that analytics, and each one of our customers' back-ends in their data center, and two years ago we began a journey to say, "Look, we want to do two things." One is we want to leverage that data to be able to provide more security capabilities across a platform, so let's revolutionize, continue to revolutionize cybersecurity by offering a cloud-based platform, we're going to move all of that analytics up into the cloud, all those capabilities up into the cloud, and offer a multi-tenant, cloud native SaaS platform, and over the last two years we've done that with multiple services now up on that cloud, with thousands of customers who are using it, and the benefits of the cloud are pretty straightforward, and they've revolutionized other industries, they're revolutionizing cyber right now. Certainly you can analyze data at a scale that's just not possible when that data's locked up in multiple customers, so that's one big change. Obviously-- >> Yeah, I just, to want to help unpack and tease out that data piece, because you know, we always hear out there it almost, you know, is a bit trite, you know, the importance of data. Data's the new oil, it's the rocket ship, but you know, the value of that data, how much of that is Carbon Black leveraging the data, how much can the customer themselves take advantage of that data, or you know, this isn't in a vacuum. There are other security products, other pieces of, you know, that vendor's stack that might be able to leverage that data. >> Yeah, well Carbon Black's cloud native platform, security platform, is built on a totally, it's totally open, so from an API basis, so you should, you should think about, our customers certainly think about it this way, as one, we're leveraging that data, we analyze a trillion security events a day, one trillion, just immense, and the benefit of that is if we see something across the globe that has a high risk score, that's known malware, that might be a new form of attack, that might be a living-off-the-land attack, all of our customers get the benefit of that analytic. So Carbon Black, we certainly leverage it, but in addition, the way we've built the platform, customers can get access to all the data from their enterprise, and they can correlate that data with other aspects of their security or their IT infrastructure in order to build a more holistic view across the entire enterprise, and we also have third party partners out there, managed security service providers and others, who also have access to that data for their customer set to be able to run analytics on it. So when we think about data, as you said, you know, as the oil of the new world, we need to leverage that data, but we also need, in this new world order, to give our partners and our customers the capabilities to do what they want with that data as well for their own data. >> Yeah, love that, especially if you're talking in that cloud native world it can't just be something that's locked up and only used in one environment. You know, we track the observability companies out there, you know, they have similar type of messaging. Of course data protection, you know, once there is that, you know, breach, you know, how do I recover from this information? So that ripple effect, and love, you know, openness, APIs, making sure that can be shared. You know, maybe not something that traditionally I'd heard from VMware when you talk about the openness and where they're doing maybe. I think there are a couple things you want to talk about Carbon Black, but why not get to the VMware piece, too? >> Yeah, I was just going to, on the cloud side, you know, the power of the cloud, obviously it's revolutionized other industries, and certainly one of it is the ability to provide analytics at scale. The other piece, which I already mentioned, is the network effect on my ability to see something somewhere across the globe and help millions of other customers across the globe when I see something, and the other piece is just my ability to deploy quickly and my ability to innovate quickly, because rather than having to deliver new software into each enterprise I can do that on my cloud native platform. So I think it positions the defender, the security teams around the globe where they can be more on the offensive than they've ever been before because suddenly I don't have to spend my time worrying about deployment mechanics or other pieces. I can focus on what I really want to do, which is I want to secure my environment, I want to be able to understand what the adversary might be doing. So we're real excited about what we've done over the last two years with our cloud platform. >> Okay, so the deal hasn't closed yet but it's announced that you will be leading up the cloud security group at VMware. Give us a little bit, you know, directionally, where's that heading, what will that mean? Of course we've tracked, you know, where VMware touches a lot of that environment, you know, with my background in networking I talked to the Nicira team before, and then through what's become a very successful NSX, Sanjay Poonen with the AirWatch acquisition and where they've gone. Of course I would expect that's the closest piece that you started out with the endpoint protection with that team, with the Workforce ONE. So explain kind of the security portfolio, and interesting, cloud security is the discussion because that's the newer piece of the Carbon Black portfolio. Help us understand how the whole, all the pieces fit together. >> Yeah, so first I'll just reiterate what you said, which is the transaction's not yet closed, so everything I'm talking about is pre-closed, and obviously post-close we'll have additional commentary about what everything will look like. But absolutely we are very, my team, my customers, we announced the transaction a little over a month ago. Everyone was really, really excited, and I think fundamentally they're excited because organizations understand what Carbon Black delivers today, and what we deliver are great security products, and increasingly the majority of those products are in the cloud. And VMware has a tremendous reputation in the industry for the technical capabilities, for the value that they provide to customers, and just for the breadth of the portfolio that they have. You mentioned a few of them, right? And many organizations and people think about VMware from a virtualization standpoint. But increasingly over the last few years they've dramatically expanded their portfolio, network virtualization, and the NSX, the Workspace ONE as well, which was based on the AirWatch acquisition they did. Those are big businesses today, and they're helping organizations transform their infrastructure, the way they manage devices, et cetera. And so Carbon Black, on the security side, we've been partnered with VMware for the last couple of years. We've had an opportunity to get to know each other quite well. We've had an opportunity to integrate in two key spots. One, we've integrated with their App D capabilities, which you can think about essentially as helping to protect and provide telemetry for what's happening inside of the virtualized environment. And then secondarily, we've also partnered with Workspace ONE as well, again more on the device side. Those are two natural points where security, building security intrinsically into that compute stack, we've seen with customer reaction, has a fundamental impact on being able to have security right there rather than having to bolt it on afterwards. >> Yeah, you walk into an interesting configuration. First of all, you know, as you said VMware not thought of as a security company per se, lots of products that absolutely fit in the security space and are there. When you look out, of course VMware, you know, primarily owned by Dell, there's Secureworks, there's RSA, those are well known security brands. You know, how, give us how you think of how all those pieces go together and kind of the trajectory of where things are headed. >> Yeah, well goal number one, once we close the transaction, goal number one is to do two things. One, we're going to continue to drive forward with the cloud roadmap that we have. It's an aggressive road map we've been innovating aggressively over the last couple of years and we're going to continue to do that within VMware. The second piece is obviously to maximize the opportunity to build security into the compute stack of VMware, so that when customers think about security they don't have to think about it as a separate piece, but it's already there at their fingertips. And then as you mentioned, so those are two big goals right there, and as you mentioned obviously Dell has a large portfolio. There's other security products within the Dell portfolio, and you know, when we think about that obviously over time we're already partnered with some of those. Secureworks, for example, has been a very close and valuable part of Carbon Black's for many years. You'll see us continue to partner. There's other parts of the Dell family where we have partnered in the past, not tightly, but I think we'll have the opportunity to do more as part of the Dell family. All of this means for customers more value, because rather than having to go and figure it out themselves we're going to be delivering it in conjunction with the solutions they're already using. >> All right, Patrick, I want to help you, have you address a schism I see in the marketplace when it comes to the messaging around security. When peers of mine went to the RSA conference this year they came back almost unanimously with two words, doom and gloom. >> (laughing) Right. >> In Boston this year Amazon held the inaugural re:Inforce, positioned itself as the, you know, cloud security conference for the industry. We covered that, you know, both of those shows with theCUBE, and Stephen Schmidt from AWS said the state of cloud security is strong. VMware, very much we hear from Pat, you know, we need to do over, security's broken. Friends of mine in the security industry, and Carbon Black's been around since 2002, is you know, come on, you know, it's not just another acquisition, it's going to be a point product. You know, yes we have work to do as a whole, but you know, saying we need a do over or it's broken is a between hyperbolic from my peers in the industry, so what is the state of the industry, is there traditional storage and cloud storage is all rainbows and unicorns, or you know, where do you see it today? Of course we know as an industry there's always work to do, but you know, how do you round that circle? >> Yeah, I would take it, and you're right, by the way, I hear all the same commentary, and I think we have to take a step back and just look at industry, the industry in general, look at security in general. We started the interview talking about well, what was the world like in security in 2007? Security has gone from, "Hey, it's a niche area over here "and we know it's important but don't talk to us," to super strategic, again, at a board level, at a company level, and so that rapid growth has driven a lot of funding into the environment, a lot of vendors, there's over 5,000 security vendors out there today, all competing. I don't know how CISOs and CIOs and practitioners really figure out who does what, it's very challenging, and at the same time you've got the adversary, this third party continuing to advance their attack types using new techniques. You've got ransomware, which is a huge industry now, driving billions of dollars, so you have all of that happening, and so in hyper growth environments like that you get a lot of vendors. The average enterprise security team has 75 different products, and so, and they have to stitch that together, so the fundamentals of what, the way you described it I think are accurate on both sides. One, security's broken, it is broken. We've got too many vendors and we're bolting it on, we got to fix that. VMware is in a position, partnered with Carbon Black, to do that I think really well. The second piece is that the cloud does allow us, I'm not sure about rainbows, but the cloud does allow us to change security fundamentally because of some of the characteristics that I described earlier, and if you take Carbon Black plus VMware, plus what VMware is doing to deliver across any cloud, any device, any application, I think we're in a really interesting spot to help customers get more value from their compute stack and from security. >> You know, one of the things that VMware has always done well is they play in multiple environments. Back in the early days of server ritualization, didn't matter what hardware, they would get that across. Their cloud strategy went through quite a few iterations, you know, Sanjay Poonen came on our program and said, you know, "vCloud Air, we failed. "We got it wrong, we did it," but today every cloud show I go to there's a VMware piece of that. They're partnering with AWS, with Azure, with Google, with Alibaba, with Oracle even-- (chuckling) And IBM recently. But still one of the critiques I have for VMware is VMware does good at managing their house, but security, customers, as you said, they've got 75 tools and they're going to have their VMware state, and they're going to have their native cloud pieces, and they're going to have their non-VMware environment. So how can, you know, once you're under VMware, you know, participate in that environment? Will you primarily be VMware environment and the VMware cloud environment, or will it be a broader cloud security strategy? >> Yeah, well I think certainly VMware has done an amazing job over the last few years of really pushing this any-cloud model, right? "Hey, no matter where your workloads "are going to be in a hybrid cloud environment," you know, "we're going to be there to help you," and more effectively, more efficiently, faster, better performance, strong ROI. And so if you look at Carbon Black's roots, and I mentioned this earlier, one of our core beliefs is that one vendor can't do it all. You have to build on an open, extensible API-based platform, and that's what we've done since the beginning of the company, and so you will not see Carbon Black change our philosophy. You know, we will continue to be very, very open, and I think, by the way, that reflects very much VMware's strategy as of late, which is an open strategy where they're playing with lots of providers in the marketplace. Again, the benefit of Carbon Black plus VMware on that platform is that for VMware infrastructure, their products, I think you're going to see out of the box security capabilities that are going to give advantage to customers, from ease of use, from the way that that security works, et cetera, and then we will continue to partner with other vendors out there across the market. >> All right, Patrick, we know, you mentioned how many different tools customers have to deal with. There are more new threats coming out, you know, every day. There's no way that a person or a team can keep up with all of this, so you know, is AI the answer? How are these technologies going to be able to allow our systems to be able to protect us better and update, you know, we haven't talked abut AI yet. I know it does fit in-- >> We have to talk about AI. (chuckling) >> So just to understand how you know, the systems and the software and the solutions are going to help enable teams to be able to keep up with, you know, the rapidly expanding and changing landscape in security. >> Yeah, AI is a tool, we use it, and just as I've mentioned cloud, right, along with the ability to analyze trillions of events on a daily basis, things like AI can play a very significant role in helping me to understand what's happening across very large corpuses of data, and so we use a lot of it, and that allows us to understand when there's an anomaly somewhere across the globe on some system, some endpoint or device, anywhere across the globe and then leverage that to help our other customers. So AI role is playing an important part. It will continue to play an important part. But AI leverages the data that we collect, so if you go back to where Carbon Black is today with all that data that we're analyzing, one of the really interesting things is VMware today has 70 million VMs. 60 million of those are on-prem, 10 million of them are on the cloud. Part of the benefit that Carbon Black gets from VMware is we're going to get all this additional telemetry that we're going to be able to, again, consume, leverage AI capabilities to help with the analysis of that, and again, provide more customer back to the value on seeing and stopping the adversary. That also extends to what VMware's doing on the device side with Workspace ONE, et cetera, so there's a lot of opportunity over the coming quarters and years to provide more value for customers in understanding what's happening across their environment because of all of the touchpoints we're going to have as part of the VMware compute stack. >> All right, Patrick, final thing, what does this mean for your customers? You know, I think back to, you know, not that long ago you did an IPO, you know? What would that mean for the growth, the investment into technology and growing the team. Now, you know, in industry parlance, you know, you had another exit and you will be part of VMware, so we might not get as much visibility into the specific revenues and the hiring that you're doing there, but what will this ultimately mean for Carbon Black's current and potential future customers? >> Yeah, so we have over 5,000 global customers out there today, and first and foremost it's going to mean more investment from a product roadmap standpoint. If you look at 2019, this year, the number one area of investment for Carbon Black was in R&D, and as we move forward, again post-close, our customers are going to see continued investment in the platform, in our cloud security platform, in order to ensure we continue to bring more capabilities to market. And then, as I said earlier, in conjunction with that do everything we can to integrate in with the VMware product portfolio, again, so that security's not bolted on but it's intrinsic to the compute stack, and so I think that's the biggest thing. I have had the opportunity to go out and speak to many customers over the last four weeks. Customer and partner reaction has been outstanding. They get it, they understand it, they understand that there's a better way and that's what we're going to be doing as part of VMware. >> Yeah, any surprising nuggets in the last month talking to the customers and partners more that you've learned? >> This is going to sound self-serving, but it's the truth. I will tell you that the VMware reputation out there is outstanding. I mean, and I had been surprised at how little I have to do to tell them why this makes so much sense. They get it, the majority of our customers get it. They understand the possibilities of what we can provide, and there's a level of excitement out there, again with our customers and partners. It's just, it's awesome. >> All right, Patrick Morley, CEO of Carbon Black. Thank you so much for joining us on theCUBE. >> Stu, thanks. >> All right, lots of coverage, of course, through 2019 and gearing up for 2020 where we'll all have perfect hindsight, I'm sure. Check out thecube.net for the events we've been at, search where we're going to be, and please reach out if you have any questions. I'm Stu Miniman, and as always, thank you for watching theCUBE. (techy music)

>> Live from San Francisco, celebrating 10 years of high tech coverage, it's the cube. Covering VMWorld 2019 Brought to you by VMware and it's ecosystem partners. >> It is 10 years and going strong for the cube coverage here at Vmworld, Vmworld 2019, we were here 10 years back, and looking forward to the next 10 or more. We're at Moscone Center North San Francisco, the cube with Dave Vellante, John Walls. We're joined now by Tom Barsi, who is the senior vice president, business development at Carbon Black Inc. Tom kind of required couple of weeks for you not much really going on in all serious.. >> Tom: Just a little bit (laughs) >> Yeah I mean big purchase VMware, I'm sure you're aware pick up Carbon Black making that announcement official this week. You were in the center of that, that discussion so if you would kind of give us a little behind the scenes peek, behind the curtain if you will of how those talks developed and really back to your relationship with VMware to begin with. >> Tom: Yeah >> Cause this goes back for a while. >> Tom: Needless to say a super, a super exciting week and accomodation of a lot of work amongst a army of people to get us to where we are and obviously announcement last week, around the acquisition of Carbon Black was huge but I think the announcement this week in terms of going into more detail that Sanjay and Pat went to in terms of combining the best infrastructure management with our best app reek cloud, native, modern, security platform with analytics combine that together, I think there is really an opportunity to transform the industry and currently we've been working with VMware for well over 2 years. So 2 years ago Vmworld we announced an exclusive partnership with VM where we integrated with Vmwares newly announced app defense product, which is really around securing cloud workloads, obviously their in a unique position to secure workloads because of where they sit, leveraging the infrastructure and knowing what's good and what should be running within those workloads so they've leveraged that and build app defense and for the first time we built that integration, exclusive integration and for the first time a security operation center has been able to have visibility into the hypervisor. So that's where we started to see that potential and the opportunity and it also gave us an opportunity to really start to work closely with the Vmworld team, understand their culture, understand their community, understand their leadership, their commitment to winning, understanding commitment to really sort of transform in security and it just became, we dated and it became just obvious that there is so much energy between our leadership and theirs, so much energy in terms of vision of you know, securing the world from, make them safe from cyber attacks and so it just made so much sense. So in Pat's words sure it de-risked the acquisition over a period of time but it also allowed us to really work closer together know what we're getting into and really getting super excited. So I can tell you the response from our employees has been overwhelming and their response here at Vmworld has been just amazing in terms of traffic and the partners, customers and all that. >> Dave: I asked Pat Gelsinger 5 years ago if the cube was security broken and he said "Yeah, it's broken" and I was like "what you going to do about it" stay tuned well, we've been tuned. I did an analysis of, and this may be, first of all Patrick is going to take over as to run Vmwares cloud security business? >> Tom: Correct. >> Dave: So when Patrick stated... >> John: Patrick Morelik >> Dave: Yeah, Patrick Morelik CEO of Carbon Black and Pat Gelsinger said that we want to be the cloud security company. >> Tom: Absolutely. >> Dave: Okay, so I love when they lace down aspirations like that, now this now may not be fair to you because you... >> Tom: We've been in the security, yeah. >> Dave: But there's a portfolio there that may not be as familiar with but I'll ask you anyway cause you're going to have to come familiar with it soon. So I did analysis of the Carbon Black acquisition, obviously app defense was in there but if you look at the VMware security portfolio, NSX has a micro segmentation. >> Tom: Absolutely. >> Dave: News case. Obviously, Air watch you know. >> Tom: Workspace One >> Dave: Competing with Workspace Once >> Tom: Absolutely >> Dave: Cloud Corio, E8 security bracket, Trinsic is another tuck in acquisition that VMware did so while their building up this portfolio, can you help us understand how that's shaping out and where Carbon Black fits. >> Tom: Yeah, absolutely. So let's talk about first the opportunity here. The opportunity is to leverage infrastructure management and security portfolio that VMware has and then sprinkling the Carbon Black portfolio, capabilities across that infrastructures, so in betting NSX for network to end point. And embedding works in base one, which we've already done. Embedding it with integrating app defense, which we've already done. The ability to do agent less within the steer, super super powerful. Post close we'll be working on things like that, so basically by integrating across that portfolio you really have the ability to transform the entire security space, and I'll talk about that in a second. But what that means is basically by embedding security across that infrastructure management and eliminate a lot of complexity in the overhead in the bloat you're coming up with basically intrinsic security. The best thing from a human prespective to increase your immune system, you know, is or staying healthy is boosting your immune system and the best way, reason we're doing this, the best best way to secure enterprise is to integrate, embed security into the actual infrastructure and take the benefits of infrastructure management with security, combine it and eliminate a lot complexity, so let's talk just a second about being broken. It's hard for a security guy coming in and saying the industry is broken, I will tell you that but truth is it needs to be transformed there is just no question about it. So let's talk about it just from in point perspective, and then we'll get into the whole opportunity to extend that capability. You look at the end point from a enterprise customer perspective it's well documented that you know Legacy AV was built 20 years ago and not built for the modern tact factor so it's well documented, yes customers still have Legacy AV, it's not, you know it's 35% effective so what have customers done? They've gone and deployed EDR and point detection response, which is what Carbon Black strive has been a market leader hands down market leader in this space in terms of adding EDR's, yet another sensor. Then you want to have the ability to say look we got workloads and there's another sensor for that. Then you want to talk about, hey, vulnerability is coming out and we want to be able to query across the fleet to understand what vulnerabilities were in your environment, tanium like, right, there's a sensor for that. So you know what 2 and a half years ago our customers came back to us and said look we love you guys, what you guys are doing but there's too many sensors on the end point bloating and slowing my systems and my security teams is getting fatigue with all this point tools they said we need a integrated approach, in comes the Carbon Black clouds and that's we're we had the ability to integrate multiple services, NG, next-gen anti-virus, EDR, Life ops, the ability to query across. We've integrated App D for hard workload all those are shipping today, all those service on single, soft, light weight sensor and a modern cloud native SAS back in with analytics, so it's just super powerful and so now you're consolidating on that, you're getting more efficient, you're eliminating overhead and you're making the security operations team that much more effective, now, imagine taking that approach to the broken network and workload and exedra and extending that capability across the entire infrastructure and that really is what we're talking about in terms of teaming with VMware embedding our security capabilities across infrastructure a lot across NXS into work app D into workspace one which we're already doing and again eliminating a lot of that bloat and making our customers more secure and much more efficient. >> Dave: So there's another dimension to this acquisition which I like which is your SAS business, so I think it's about 38% of your revenue, I call it roughly 40% of your revenue, but growing very very rapidly, growing to 70% of the year. >> Tom: Exactly. >> Dave: So VMware has said that this acquisition along with pivotal is going to have add a billion dollars in, basically, mostly in all subscription revenue next year and three billion in year two and it's going to be accretive in cash flow deposit acquisition by year two so all very, VMware actually keeps well generally in acquisitions and so notwithstanding some weird stuff in the economy they usually hit their targets. >> Tom: Yes. >> Dave: You know they intend to be conservative so I really like that and that's clearly the direction you're moving. The other thing about this, a lot of people on Wall street said well it's maybe overpaid for stock and I want to get your opinion. Cause you're out competing everyday and cloud strike is obviously the comparison to use, okay. Say a company is a 16/17 billion dollar valuation you're valuation was 2.7 billion, you look at cloud strikes post IPO's, doc chart, it looks like a bathtub you know, it kind of goes like this and then goes like that because people start to realize wow this asset actually has you know a lot of intrinsic value upon attend it. So in comparing cloud strike with Carbon Black in terms of feature, function, capabilities you know execution and those technology. Is it really that much of difference 16 billion and 2.7 billion (laughs) >> Tom: You know I can't really comment on Crowdstrike's market cap, obviously I respect them as a competitor. >> Dave: Great, great job. >> Tom: I don't have to like them but I respect them as a competitor no question. >> Dave: What in terms of the function and the capabilities. >> Tom: In terms of the functionality look we've significantly close the gap and adding cloud workload capability with app D adding the query kit with live ops and extending that capabilities so from a feature functionality look at VMware is technology driven they kick tires and they do the diligence on technology that's the strength of VMware, they look deep and what they came away with was we have a super competitive platform, you're seeing it in our wins our growth rate you're seeing it with our wins and large customers that I can't really name so from a feature functionality perspective you know we're at parr in many ways we're better now, now if you look at where the market is going look Crowdstrike is going to be a great point product solution for end point. But we believe, that they're going to do phenomenally well but we believe there's an opportunity here, again to integrate infrastructure management that VMWare has security capability and deliver an end to end platform and truly transform across the entire infrastructure of an enterprise so that really where we see the opportunity and the opportunity for growth and then you want to look at our growth rate I mean to your point, VMware does an incredible job and you know you start talking about the reach of VMware and talk about the reach of DellEMC and it's super exciting. >> Dave: Yeah the VMware brain trust is very capable both from a strategy standpoint and a technical, strong, very strong engineering culture. >> Tom: Yeah >> Dave: You saw this with Airwatch so Airwatch when VMware required Airwatch VMware was struggling what was then the VDI business and airwatch wasn't you know number one in the market place but VMware like now crushes, people are making similar analogy with regard to Carbon Black do you think that's fair, I mean you think you can repeat that sort of momentum. >> Tom: Yeah you know I've obviously been very very close to this relationship and I have been sort of the number one fan and cheerleader of this partnership because I just believe in my soul that it's going to be transformative really is so to that point I you know I think and I've talked about it internally what they've done with my serie what they've done with aiwth now workspace one and the ability to take a business from me no revenues or couple hundred million and take them to two billion. I absolutely believe you will see, it's going to take a lot of work but we're going to see rejectorty I've been focussed on if there are gaps we're going to force it in or anything to accelerate the road map to allow us to win and then you're going to talk about the triple acceleration with VMWare and DeliMC so answer I say I truly truly believe that we can take our position to number two and really be number one >> John: Transformative in a significant way a significant word to use. What's that end product going to be that makes you looking at it at this visionary stand point that, this is a perfect marriage this is a fantastic opportunity. You're not you're selling hard >> Tom: Yeah >> Dave: It's a platform really >> Tom: Look it is a platform and at the end of the day we're focused on here as customers we're talking about how do we protect our customers and the best way to protect those customers is to embed the capability you know we did many years back Carbon Black we exposed our data and many of our partners, sometimes we compete with cisco or firehire a number of other players because customers demand the end to end visibility from network to end point. Can you imagine the kind of damage when you integrate Carbon Black and our modern platform are analytics and the ability to pull data from hypervisor the ability to pull data from NSX to ability to pull data from workspace one into a common console and then understand exactly what is happening from an attack perspective and then let's talk about okay, so now you have the visibility it's a 360 degree view of what happening in the network now you want to talk about the ability to orgistrate or imidiate like solve the problem. Well historically it's been security operations center over here and you got IT over there. And there's been this friction because Sycguys says take it down take the server down there's a problem and the IT guys ops, hey, I got run time I got to keep it up so now you have the opportunity again to leverage that management to identify a threat and the ability to seemlessly leverage VMware infrastructure's management tools to instantly reimmediate and orgistrate a problem without the conflict with IT and security operations. So we've actually seen an opportunity to eliminate our friction and create coloboration between those two. >> Dave: And security is broken, it is a do over and to talk to ops team they'll tell you, we're fighting everyday and bombs are dropping, we have to succeed everyday. The bad guy only has to succeed once so yeah they bring in all these tools and a lot of times they don't work together and they have a very hard time to just figure out okay, what do we prioritize on and obviously analytics helping that but yeah, you see that stats after you get infiltrated to whatever 300 days 250 days they even identify that you have been infiltrated and it's just a very complex environment so the do over is a platform that will give you end visibility and doesn't force you to different point tools and it has a comprehensive in a view of your >> [Tom[ That Right >> Dave: Infrastructure >> Tom: That's right and I do want to point out it doesn't mean that we're going to create this platform that's closed. A lot of competitors like to built closed platforms and Carbon Black has always been API driven like open, and the whole point of this openness is to, we collect this powerful end point data and we want to expose that data across the infrastructure so we're exposing it to the network security guys whether it be Vectra or Palato networks or FireMandion depending on who it is. We're exposing that data to splunk IBMQ radar and IBM rasilion and we're going to continue to do that, leverage this platform and all this powerful delimentry and we're going to continue to have this open platform and continue to work across the industry to make sure it's not just our platform from the MDM just across the ecosystem. >> Dave: Well it's something VMware has been strong if this heritage genaty, you know they help you know balance the score card >> Tom: Yeah >> John: It's been a understatement that it's been an exciting week for you, it's been a great two years it sounds like and we wish you success now it's on down the road like he said a lot of hard work still ahead of you. >> Tom: Absolutely, so congratulations on ten years, I look forward being here in year 20. (laughs) >> John: We'll be right back, we'll be right back just taking a break here on the cube we're at Vmworld 2019. Moscone center, San Francisco. (music)

from the silicon angle media office in Boston Massachusetts it's the queue now here's your host David on tape hi everybody welcome to this breaking analysis this is Dave Volante and VMware announced yesterday its quarterly results and it also announced the acquisition of two companies pivotal which was the news was broken before of the earnings announcement but also carbon black a Walton Massachusetts based security company and you may be wondering what the hell is VM we are up to what are they doing and I want to sort of unpack that and explain it to you from my perspective so pivotal and carbon black are getting paid 2.7 billion and 2.1 billion dollar respectively is the value of those deals so VMware is paying an enterprise value to sales ratio of 3.8 and 7x respectively for pivotal and carbon black the motivation here in my view is really to clean up pivotal I'm going to explain that in a second and also to increase VMware's cloud multi cloud and recurring revenue contributions today the SAS business of VMware is only about 12% of the company's revenue so they want to increase that because they want to have a cloud like model and recurring revenue the challenge for a company like VMware who's largely based on perpetual license models upfront get paid for the whole license and then you do some maintenance is it's like a heroin injection you get the big rush of cash whereas with the recurring revenue model you're streaming out over and deferring it over a twelve or thirty six month or 24 month period and so the revenue impact is somewhat negative on the income statement and that's putting a little bit pressure on the stock but VMware management understands that that long term it's a much more predictable and attractive business model to be a SAS company than it is to be a traditional license based perpetual license based software company now the pivotal deal is somewhat complicated and of course when Michael Dell's involved we tend to have these complicated transactions as organization is very savvy in terms of from a financial standpoint we saw that remember when Michael Dell and Silverlake bought a EMC for 67 billion dollars they shelled out only only four billion dollars of their own cash now they took out a lot of debt but it was a very interesting and complicated financial transaction so part of this is cleaning up some of that transaction that all I'll explain in my opinion VMware is getting a pretty good deal for both pivotal and a decent deal for carbon black so so let me explain first of all Alex if you would bring up the the chart on pivotal let's take a look at it now you can see here you know pivotal did its IPO you know last year a when IPO is I think that we know close to a four billion dollar valuation and you can see the stock is not performed well subsequent to that it you know it was never able to get back to its IPO price it had a you know decent uptick you know in in March of this year as the market was running up and you can see the earnings miss in in the late spring early summer back in the June announcement date big hit there the company's been struggling in the marketplace you know it's got a lot of assets remember pivotal was originally put together as a collection of what I used to call misfit toys some of the EMC assets some of the VMware assets they put together at Palmer its you know created this entity to try to create a platform for application development Michael Dell saw this as an opportunity to take it public and actually you know create another asset in part of the Dell family but you can see here post June you know the the decline in the stock price and then you see the announcement from VMware or the rumor that came out actually was an announcement that came out in the press this week and the stock jumped over 70% on a day when the Dow dropped 800 points but you can see now the the today's price it was fourteen eighty eight when I took this snapshot about 50 cents on the dollar from the IPO price and so you can see that that VMware and Michael Dell are kind of doing the top cat they did the IP that pulled the coin back and now they're gonna repurchase the stock so kind of interesting but here's what the interesting part is VMware is only paying nine hundred million dollars in cash to the public shareholders how can that be so here's the deal vmware already owns about 15% of pivotal where dell owns about 70 percent of the company so what's happened l controls 95 percent of the voting shares which is why you know one of the reasons why this stock really never took off it's one of those one of those ownership structures and governance structures where you know a single individual really controls the stock so that often times keeps stock prices down but nonetheless Dells 70% is being exchanged for VMware stock for pivotal stocks that are owned by Dell so let me read you the statement Alex if you could bring up that statement from the earnings call this is from the VMware a CFO explaining the mechanics with regards to pivotal VMware has agreed to acquire a pivotal at a blended price per share of eleven dollars and 71 cents comprised of $15 per share in cash to public stockholders that's why the stock is trading at 14 dollars and 88 cents today and a little bit of arbitrage flowed in there and VMware's Class B common shares exchange for pivotal Class B common shares held by Dell technologies in an exchange rate of point zero five five VMware shares for each pivotal share the transaction has an excuse me enterprise value of 2.7 billion Dell technologies will receive approximately 7.2 million shares of VMware Class B common stock and now drew aggregate this results in an expected net cash payout for VMware of 0.8 billion I said I said point nine billion the impact of the equity issue to Dell technologies would increase its ownership stake in VMware by approximately 0.34 percentage points to a total of 81 0.09 percent based on the shares currently outstanding as it said VMware currently holds 15 percent of outstanding shares pivotal ones clothes will update blahblahblah so Michael Dell's buying VMware stock he's increasing his share of VMware which is also a kind of an interesting side note but now let's look at the pivotal fundamentals does this make strategic sense yes in my opinion why is that this is all about containers and it's all about next-generation application development for cloud it's also a hedge for VMware everybody said containers are gonna kill VMware well it's it's a hedge in the instance that that that containers start to impact VMware's traditional virtualization business now as I showed yesterday on the video where I was looking at ETR research there's no evidence today that it containers are slowing down the spending on VMware you deploy containers in many many ways certainly they're deployed in in bare metal and that's somewhat of a risk to a VMware but they're also they're also deployed on top of virtual machines on top of VMware so you know right now it's not been a negative for for VMware and by acquiring pivotal it can bring those synergies into the VMware mothership which is Dells a software mothership I call it and there's also synergies in sales and marketing and R&D and it kind of cleans up pivotal and consolidates the assets now let's look at carbon black this is a security play and it's really a different story than pivotal first you got to remember the Pat Gallagher told John Fourier in me several years ago in the cube that security is a do-over and I'll tell you right now Pat Gail singer and VMware are architecting a security do-over you've got on pram you've got hybrid you've got cloud you've got multi ply cloud traditional security models aren't gonna cut it so let's look at this clip by pat gyal singer and he'll it'll give you a sense of how he and VMware are thinking about the future watch this and we'll come back and talk about it Steve Herod on our Crouch at pre game on Friday with the hot opportunities are for startups he said security or mainly not getting caught at this perimeter basically what's your view on that well you know the krusty you know the hard crust the exterior and the soft gooey inside as I described it this morning my morning breakfast every day and you know with it right this whole idea of micro segmentation and nsx really redefines how you build networks and that's gonna allow us to refactor every aspect of security every aspect of routing and load balancing etc okay so what Pat was saying is he's talking about micro segmentation nsx the critical acquisition from nice Syrah refactoring security and everything security is a do-over okay Alex let's bring up the chart of carbon black I wanna I want to look at that and explain to our audience kind of what's going on there so you can see it's a it's a little bit of a different picture from from pivotal you've got that kind of bathtub look to it so you see at the IPO it was a hot company but it underperformed and and it was struggling there you know coming into at the end of last year and then into 2019 you could see it was kind of bouncing around at its lows and then what happened was you saw it earlier this year the company guided down so you can see that you know big drop after into February announced you big spike downwards they guided down the CFO resigned and there were several down grades from Wall Street analysts and that really crushed the stock but then you sort of bouncing back through May and then what happened is you know you had this growth company they've grown at 25 to 30% a year and they beat earnings estimates in May so they guide it down in in February but then they beat and you had a new CFO you just kind of had this new renewed emphasis on on the company and then this summer they hired morgan stanley and so the acquisition rumors started and that you can see you know into august it starts to pick up again so i have no doubt that this was a competitive bid of vmware wanted it so so here's another comment that i want to share with you from last year at VMworld and again it'll give you an additional insight as to how Pat Gallagher is thinking about the future go ahead and play the clip and then we'll come back what together into my application and in that sense the application is a network of these different services data sources etc and we believe in that you're bridging across silos isn't important it is essential to do that yeah because as you say security models across that you know how does the you know when that application isn't performing like I expect it to how do I go even debug it so think about what Pat said the application is a network of services services it's not as such it's not important it's essential that we deliver that in a consolidated model including security models okay so you got VMware looking to make its platform the place to run modern apps you got carbon black at 250 million dollar company trading at a discount of about 5.5 X revenue they got strong growth at the time but 25 to 30 percent of years it's consistent and then nearly 40 percent of its business is coming from the cloud and the cloud business is growing at 70 percent a year so VMware remember jettisoned its cloud business vCloud air but it still has a desire it covets participating in cloud at least in the form of multi cloud and on-prem cloud like experiences Carbon Black is a modern endpoint security company you heard John's question about the perimeter and you know you can't build moats anymore you you really endpoints are really the the new vulnerability especially when you start thinking about IOT so VMware is desirous of cloud revenue multi cloud and recurring revenue you got a growth company that's looking to sell they've got leading technology as I said this it was a competitive bid and VMware wanted it so now the other thing is VMware knows carbon black they've they've integrated carbon black into its app defense offering and VMware has been expanding its portfolio not so quietly lately app defense NSX has a you know with its micro segmentation is really a security use case AirWatch has a security component cloud choreo ee8 security was another acquisition bracket intrinsic was you know these little tuck-ins you sort of draw a picture of how Dell senior and VMware are starting to build out its portfolio again making vmware the software mothership security is a critical component of that it also gives VMware much more of a strategic entrance into the c-suite particularly with the chief information security officer we've talked many times on the cube that security is now a board level discussion to the extent that VMware can be the platform for multi cloud security and of course you know that's not assured right there battling cisco who's coming at it from a network position they're battling google who's coming you know announced anthos they're certainly battling Microsoft certainly IBM and Red Hat have similar designs and as we've said watch this space Amazon ultimately we think is going to get into this area but any rate VMware's making security a fundamental part of its platform it's bridging those silos is what what Pat Gayle singer talked about in the video and giving you access to sets of infrastructure so with pivotal it's building out you know in cloud native application development and and tooling container technology and that's clearly strategic to its multi cloud strategy helps VMware stay relevant VMware doesn't own a cloud so it's got to move fast and be first in this multi cloud space ok so let me summarize VMware's gonna spend 2.7 billion on two key acquisitions they're gonna add it's gonna add a billion dollars in two points of revenue growth that's largely in SAS and hybrid cloud and recurring revenue for VMware and three billion dollars in year two now let me do some Volante math for you VMware trades at about five to six times revenue so essentially they just added five to six billion dollars in market value in year one and by the way the stock is off eight percent today so because of these acquisitions so and it's got upside in my view assuming that you know there's not some big economic downturn but we're talking about 15 to 18 billion in market cap in year two so this acceleration VMware's transition to SATs ass it's a cash flow positive and the creative acquisitions in year two according to vmware vmware throws off nearly four billion dollars in annual and operating annually and operating cash flow to me this is a good use of cash balancing acquisitions and to continue growth and tuck in your ability to be that platform for cloud and multi cloud services and hybrid cloud is a good use of cash I like it better than stock buybacks frankly so a combination of stock buybacks organic Rd which VM was very strong engineering culture and acquisitions in this case using your stock as currency I like the deals we're gonna watch him very closely and we're gonna be talking about this this next week at vmworld so watch the cube at vmworld the cube net will be there myself john fourier stu minimun Jeff Rick the entire team celebrating our 10th year at vmworld if you have any questions on this or comments please tweet me at diva want a thanks for watching everybody we'll see you next week

>> Announcer: Live from Las Vegas, Nevada. It's the Cube covering Accelerate 2017, brought to you by Fortinet. Now here are your hosts Lisa Martin and Peter Burris. >> Hi welcome back to the Cube. I'm Lisa Martin joined by my co-host Peter Burris and we are with Fortinet in beautiful Las Vegas at their Fortinet Accelerate 2017 event. A great event that brings together over 700 partners from 93 countries. And right now we're very excited to be joined by one of their technology partners, Carbon Black. Jim Rein, welcome to the Cube. >> Thank you very much, I appreciate it. Great to be here. >> Absolutely. You are a key alliance partner, Carbon Black, as you're the director of technology alliances. I knew you've been at Carbon Black for three years but you're quite the veteran in terms of technology, engineering, sales, channel services expertise, quite the veteran, quite the sage. But some interesting things that I wanted to let our viewers know about Carbon Black, and we'll have you expand upon this is that you guys are the leading cloud based endpoint security company that stops cyber threats. And that your roots are actually in offensive security. You now protect more than seven million endpoints worldwide and 30 of the Fortune 100 are your customers. Tell our viewers a little more about Carbon Black. what are you doing? What are some of the things that you are seeing as security now as a boardroom level topic? >> We're seeing a lot of changes. It's the idea of taking an endpoint context, what's actually happening at the endpoints. The endpoints are always the real source of where the attacker was really targeting to get to the information. For such a long period of time we've used legacy technology to really to do that. So we're looking at what are some things that we need to do now to really change that entire game. And one of the key things about that is looking beyond just simple files. Malware's bad, we know that, and we have great ways of stopping that for years and our attackers are moving well beyond just malware today and they're moving really into leveraging different attacks by actual actors within the customers' environments. And so we're really positioning ourselves to stop those next threats, the new threats that we're seeing and do it in such a way that it's very easy for a customer to do. Still manage, still maintain it, and then integrate that with other things. >> And I think the key word is integrate it with other things. Because it's not just enough to know what the endpoint's doing, you have to know what the endpoint's doing in the context of what its supposed to be able to do with those other things. Talk a little bit about that and Fortinet come together for customers. >> So it was really important. We've had a really strong opinion that open APIs are very important. The idea that we're better together than we are apart. And that really is true in security. For too long we've had different vendors that have tried to installing everything under one roof and the problem is that most customers will make financial investments within a given product and then they need to capitalize on that, on every single new product they bring on board. With us at Endpoint Contacts we really wanted to make sure that our endpoint data, the actual vision of what we're seeing, could be shared with network entities, could be shared with a sock. And so the sock can have a holistic picture of the entire environment not just on premise but also off. >> Talking about endpoints, tablets, mobile, the proliferation of IOT devices, how does a company nowadays that, we we're talking off air, but the day of everyone getting issued a phone or a Black Berry is over. But when we're all providing our own devices as employees, how realistic is it for a company to actually secure the things that I as an employee are doing with my own devices? On a corporate network. >> It's really tough. It's really tough. We have to control the things we can control, right? Which are the endpoints that we issue. So the laptops, the desktops, the home systems. For a lot of engineers now with a remote context, they're working from home on an iMac. We need to be able to protect that as it was on a corporate network. And so part of that is taking that off network devices, but enabling the corporate assets, the actual on network devices, to leverage that. And that's what we've done with Fortinet. We leverage the FortiSandbox so that whenever we see a brand new binary on an endpoint, we can submit that to FortiSandbox and say, is it good or is it bad? Obviously we don't know that binary at that point, we're making a determination. And if FortiSandbox comes back and says that is malicious, we can not only stop it from executing again, but also terminating in motion. >> One of the things I'm curious about, during the general session this morning, there was a Cecil panel of Levis, AT&T, and Lizard was there. There were also some great customer videos. Pittsburgh Stealers. And some other telecommunications companies. When we're talking about what you're doing at Fortinet, expand upon that a little bit more in terms of the integration. Also are you focused on certain industries that might be at higher risk? Health care, financial services, for example? >> I mean I'd like to say yes, but honestly I think everybody's at a high risk. The hard part today is that attackers are going after wherever they can find the most valuable data to them. And it's not based upon my role or my job or my industry, it's based upon what that attacker actually needs. And so we see it in small mom and pop shops, we see it in health care, we see it in finance. Definitely see it in retail a lot recently and manufacturing. And so we really view it as the customer needs to take a proper assessment, understand where their assets are, and then deploy multiple different layers, which includes an endpoint solution, to actually stop that. So you take our next generation endpoint. You take Fortinet's advanced capabilities on the network. You take the visibility what they've done with the fabric, and now all of a sudden you have this really great solution that does protect the assets they can control. For IOT I mean honestly that'll be something that we'll have to challenged for with a while. But if these can segment that a little bit and protect what I can control, I don't throw my hands up and say I can't do anything. Now I have IOT segment in such a way that I can properly address that with an overall posture. >> Can we presume that your customers have this awareness as knowledge that we're already breached, we now have to be providing or limiting damage? Is that the feeling and the vibe that you're getting when you're talking to customers about endpoint security? >> We hope so. We came out about three years ago and said that there's an assumption of breach. Which is don't assume you won't be, assume it's already happened. And assume you just don't know about it. And that's really a reality I think for a lot of people nowadays. You know Ponamon does a really great yearly expose where it talks about how long a breach has occurred within environments, and it's 200 plus days or some number. The point is it's always a significant amount of time. So the ability to have more visibility within a network, not only on the network side but also on the endpoint side, and combine that into one view is so important. Because most customers honestly don't know they have that. And then what it is, it's a panic situation. And that's rough. >> But increasingly, in enterprise, it's providing service to a customer or partner, is really providing service to an endpoint somewhere. >> It is. >> And so we know for example that when the bad guys are trying to do something malicious, they're just not getting into your network, and working their way through your systems until they can find the most valuable data. They also know that if you are a trading partner, that even if your data is not that valuable, the trading partner's data may be very valuable. And so they are hopping corporate boundaries as well. And so trading partners absolutely have to be able to secure and validate that their relations are working the way that they're supposed to be working. So how does my ability to be a trading partner go up and down based on my ability to demonstrate that I've got great endpoint security in my business? >> You know it's a great question, because I don't know of too many customers that have a strict validation to say if I'm a partner of yours, not a technology partner but a business partner, that I expect you to maintain a certain level of security protection. There's just an automatic assumption that we partner with you know Sea-bil or somebody else and of course they have a protection enabled. I think you have to raise it up a level. So we have to have a policy mindset to not say that you know obviously we have different solutions deployed, but what have I enabled? From a very broad perspective, what kind of things do I allow my endpoints or do I allow my network to do? What kind of things do I disallow, do I block? Do I have control of domain admin? Something as simple as that. But that forms a policy, and then different companies can match policies together and say, yes you actually do comply with our policy or our security posture, therefore we're going to enable the partnership. Because you're right. If I come in through a partner, does that allow my insurance to cover me from a cyber protection perspective? That may be disallowed because it may be seen as an authorized entry within an environment, not a breach. And so there's all kinds of complexities that come out of that. But we have to have a better way of communicating between our companies. >> So as Ken Xie, the CEO of Fortinet, talked about this morning in his key note. He was talking about the evolution of security, going from the perimeter to web, and web 2.0, cloud, and now we're moving towards 2020 in this time of needing to have resilience and automation. And it's also an interesting time as we get towards 2020, and that's not that far away. You know this is 2017, if you can believe that. The proliferation of mobile and IOT and tablet, I mean there's suspected to be about 20 billion IOT devices connected in 2020, and only about a billion PCs. As you see that proliferation, and you look at the future from an endpoint perspective, how has the game changed today, and how do you expect the game for endpoint security to change in the next few years as we get to 2020? >> I mean it's interesting, because I remember the days when I was first installing the firewall, the only one in my enterprise, and working through that, that kind of perimeter and barrier concept. And now that barrier's disappeared. So we see a lot of things moving to cloud. And I think that really is the key enabler. What Fortinet is doing with the structure, they're really targeting for a cloud controller, cloud protection, we're seeing it from a lot of vendors. There's a lot of focus on that right now. Because if I have a mobile device, I may not be able to attach the mobile itself, because of the operating system or restrictions from the provider like IOS has in it. But I can control the application, I can tie into that. And if I tie that back to my corporate environment, so the same policies are being applied, and I can apply that down to my endpoint to make sure that at least from an application perspective, what's running on my laptop is the same control segment running on my application in the cloud. I now have a better control of the entire environment. And I think that's where our first step is. There's going to be a lot of advances I believe really in the next 10 years, five years or less for 2020, that really bring about some unique things concerning to mobile and IOT. >> Can you share with us a little bit more exactly how your technologies integrate with Fortinet's technologies, especially kind of looking at the announcements today? What they're doing with FortiGate, the announcements with the operating system? >> Absolutely. So today from an endpoint perspective, anytime we see a binary that comes on from our CB protection product, we'll send that to FortiSandbox. First we'll quarry it, find out whether or not they've seen it before. If they haven't, we'll send it to them, and they can do a detonation. Obviously we're taking the results of that back and we're making a block determination on that. Obviously those are things that we haven't already seen before. So different protection modes, different protection policies are in place. But if I haven't seen that particular binary, something brand new, it could be malicious, it could be a zero day. I can play that against the FortiSandbox and find out whether or not it actually does have that malicious nature to it and then act upon it. >> I've always though of endpoint security, and tell me if I'm right, as the first line of defense. >> It is. We've always thought of the firewall as the first line, because we think outward in. But really it is inward out, because you use your laptops at home, right? So it is the first place that everything always starts. >> So it's the first line of defense, to my perspective, and increasingly as businesses deliver, provide, or their services are in fact based on data, that that notion of the first line of defense creates new new responsibilities for both customers as well as vendors, as well as sellers. So over the next few years, how is that notion of the first line of defense going to change? Are we going to see customers start thinking about this, and whether or not I'm a good customer? How do we anticipate kind of some of the social changes that are going to be made possible by evolution of endpoint security and how it will make new demands on endpoint security? >> It's going to start with more visibility. I don't mean that in a very broad sense. But today we have antivirus solutions that we're really targeted about, just simply binary yes or no. Do I allow something to execute or not? And that worked very well 10 15 years ago. Increasingly over time we know that it really hasn't, because advanced attacks have come around. So now we're applying more visibility to that endpoint, saying what actually is occurring, and how are those processes working together? If I see something operate from an email file, I click on it, something else happens, now all of a sudden there's code executing. That sequence of events or that stream becomes very very important for the visibility standpoint. Our project CB defense takes that streaming prevention. We say what is the risk factor scoring that we've applied to this, and how does that sum together not only blocking good and bad, but now I'm getting to actions. So now that I'm paying more attention, that rolls into what are users doing? What are they actually doing on the endpoints, and how does that policy dictate? I think for so long we've said that we can't approach endpoints because we can't control them, and that's the CEO's device or whatever it is. We're really changing that methodology. I think mindset wise people are okay with I need more controls on the endpoint, I need more capabilities. That's going to start transitioning to having conversations about well how do you control your endpoints? And suddenly there's more of a focus, besides just saying do you have something installed to block stuff? That conversation got really short, because it just doesn't work today. So I'm not saying do I have Carbon Black installed or anything else installed, it's what am I doing, what policy am I applying there, and then how does that match up to my business partners? >> I've made commitments to this customer, this customer's made commitments to me. Are those commitments being fulfilled, and is someone trying to step beyond those commitments to do something bad? >> I never want to be the source of an attack to my partner. (laughing) That would be the worst. >> And well there are some very high profile cases where an HVAC company for example suddenly discovered that they were a security risk to some very very big companies. It wasn't supposed to happen that way. >> And to your point before, it was an HVAC company. Nobody thought about HVAC being a targeted industry. >> A critical infrastructure, right, right. >> Exactly, it doesn't matter. People are after the data. They're after what's on the endpoint, and that's why we need to protect the endpoints as the first step. But obviously combining that with a bigger motion, because it's not all endpoint. There has to be a network barrier. You have to have other things involved. There's cloud now and were transitioning to Quickway, and that's where partnerships are going to be formed. I really believe that you're going to see more and more partnerships over time with this collective nature of leveraging Fortinet calls it the intent-based networking, right? So intent-based, what is the intent behind it? What is the attacker really trying to do? And I love that and that concept, because it really does match up well with us. >> Well but as security practices and technologies improve in one area, security practices and technologies have to improve in all areas. Otherwise one part of that security infrastructure becomes the point that everybody's using for the attack. >> A vulnerability, right. >> Yeah, it's a vulnerability. My point is a lot of people are now starting to think, oh endpoint security, that's not that, this. No, that too has to evolve. And it's going to create value, and it has to, in context, it has to evolve in the context of the broader class of attacks and the things that people are trying to do with their data in digital business. >> Absolutely. I think that a lot of customers have realized that they're making that a part of their overall security planning. You know for three years our what am I going to do, and where do I stand at today? And obviously there's existing license cycles and things like that on the network side as well. But I think a lot of customers are starting to formulate a whole plan about how do I look at my entire infrastructure? Forget what I have. Let me say I want to have certain protections in place. First off, do I have them? And if not can I plug something in that actually still will seamlessly integrate? And that's a really important point for a lot of our customer base. >> And speaking on kind of giving you the last word Jim, you both talked about evolution here. As we look at where Carbon Black is today, you were just named by Forrester as the market leader for endpoint security, fantastic. Looking at that going into 2017 as we're in January 2017, the announcements from Fortinet today. What most excites you about this continued technology partnership? >> Continued with Fortinet? >> With Fortinet, yes. >> Okay, I thought you were talking over all, it's good. Honestly it's something as simple as their approach to the APIs. I mean it sounds silly, but at the end of the day, if their approach is really to leverage and to work with other partners, and that's what ours has been for a long time. So we're not saying it just has to be our product, it just has to be our solutions. They're saying whatever the customer is already invested in, we're going to make it better. And that's a strong message we've had for a long time as well. I don't care what you've put in for a firewall necessarily. But I do want to be able to integrate with that, because the customer needs that. It's not me being very selfish so to speak. Customers are demanding that they have a simpler solution to manage. And it's that simplistic way, that's where we're headed from and endpoint perspective, of having a solution that actually takes in everything from the environment and really makes it a common view, for the instant responder and the personnel. >> And it's all essential for digital business transformation which is as we've been talking about Peter is the crux of that is data and that. Well Jim Rein from Carbon Black, thank you so much for joining us on the Cube today. And on behalf of Peter Burris and myself Lisa Martin, we thank you so much for watching the Cube, and we're going to be right back.

(upbeat music) (logo shimmers) >> Good afternoon everyone, and welcome back to AWS re Invent 2022. We are live here from the show floor in Las Vegas, Nevada, we're theCUBE, my name is Savannah Peterson, joined by John Furrier, John, are you excited for the next segment? >> I love the innovation story, this next segment's going to be really interesting, an example of ecosystem innovation in action, it'll be great. >> Yeah, our next guests are actually award-winning, I am very excited about that, please welcome Alan and Becky from IBM. Thank you both so much for being here, how's the show going for ya? Becky you got a, just a platinum smile, I'm going to go to you first, how's the show so far? >> No, it's going great. There's lots of buzz, lots of excitement this year, of course, three times the number of people, but it's fantastic. >> Three times the number of people- >> (indistinct) for last year. >> That is so exciting, so what is that... Do you know what the total is then? >> I think it's over 55,000. >> Ooh, loving that. >> John: A lot. >> It's a lot, you can tell by the hallways- >> Becky: It's a lot. >> John: It's crowded, right. >> Yeah, you can tell by just the energy and the, honestly the heat in here right now is pretty good. Alan, how are you feeling on the show floor this year? >> Awesome, awesome, we're meeting a lot of partners, talking to a lot of clients. We're really kind of showing them what the new IBM, AWS relationship is all about, so, beautiful time to be here. >> Well Alan, why don't you tell us what that partnership is about, to start us off? >> Sure, sure. So the partnership started with the relationship in our consulting services, and Becky's going to talk more about that, right? And it grew, this year it grew into the IBM software realm where we signed an agreement with AWS around May timeframe this year. >> I love it, so, like you said, you're just getting started- >> Just getting started. >> This is the beginning of something magic. >> We're just scratching the surface with this right? >> Savannah: Yeah. >> But it represents a huge move for IBM to meet our clients where they are, right? Meet 'em where they are with IBM technology, enterprise technology they're used to, but with the look and feel and usage model that they're used to with AWS. >> Absolutely and so to build on that, you know, we're really excited to be an AWS Premier Consulting Partner. We've had this relationship for a little over five years with AWS, I'd say it's really gone up a notch over the last year or two as we've been working more and more closely, doubling down on our investments, doubling down on our certifications, we've got over 15,000 people certified now, almost 16,000 actually- >> Savannah: Wow. >> 14 competencies, 16 service deliveries and counting. We cover a mass of information and services from Data Analytics, IoT, AI, all the way to Modernization, SAP, Security Services, right. So it's pretty comprehensive relationship, but in addition to the fantastic clients that we both share, we're doing some really great things around joint industry solutions, which I'll talk about in a few minutes and some of those are being launched at the conference this year, so that's even better. But the most exciting thing to me right now is that we just found out that we won the Global Innovator Partner of the Year award, and a LATAM Partner of the Year award. >> Savannah: Wow. >> John: That's (indistinct) >> So, super excited for IBM Consulting to win this, we're honored and it's just a great, exciting part to the conference. >> The news coming out of this event, we know tomorrow's going to be the big keynote for the new Head of the ecosystem, Ruba. We're hearing that it's going to be all about the ecosystem, enabling value creation, enabling new kinds of solutions. We heard from the CEO of AWS, this nextGen environment's upon us, it's very solution-oriented- >> Becky: Absolutely. >> A lot of technology, it's not an either or, it's an and equation, this is a huge new shift, I won't say shift, a continuation for AWS, and you guys, we've been covering, so you got the and situation going on... Innovation solutions and innovation technology and customers can choose, build a foundation or have it out of the box. What's your reaction to that? Do you think it's going to go well for AWS and IBM? >> I think it fits well into our partnership, right? The the thing you mentioned that I gravitate to the most is the customer gets to choose and the thing that's been most amazing about the partnership, both of these companies are maniacally focused on the customer, right? And so we've seen that come about as we work on ways the customer to access our technology, consume the technology, right? We've sold software on-prem to customers before, right, now we're going to be selling SaaS on AWS because we had customers that were on AWS, we're making it so that they can more easily purchase it by being in the marketplace, making it so they can draw down their committed spin with AWS, their customers like that a lot- [John] Yeah. >> Right. We've even gone further to enable our distributor network and our resellers, 'cause a lot of our customers have those relationships, so they can buy through them. And recently we've enabled the customer to leverage their EDP, their committed spend with AWS against IBM's ELA and structure, right, so you kind of get a double commit value from a customer point of view, so the amazing part is just been all about the customers. >> Well, that's interesting, you got the technology relationship with AWS, you mentioned how they're engaging with the software consumption in marketplace, licensed deals, there's all kinds of new business model innovations on top of the consumption and building. Then you got the consulting piece, which is again, a big part of, Adam calls it "Business transformation," which is the result of digital transformation. So digital transformation is the process, the outcome is the business transformation, that's kind of where it all kind of connects. Becky, what's your thoughts on the Amazon consulting relationships? Obviously the awards are great but- >> They are, no- >> What's the next step? Where does it go from here? >> I think the best way for me to describe it is to give you some rapid flyer client examples, you know, real customer stories and I think that's where it really, rubber meets the road, right? So one of the most recent examples are IBM CEO Arvind Krishna, in his three key results actually mentioned one of our big clients with AWS which is the Department of Veterans Affairs in the US and is an AI solution that's helped automate claims processing. So the veterans are trying to get their benefits, they submit the claims, snail mail, phone calls, you know, some in person, some over email- >> Savannah: Oh, it gives me all the feels hearing you talk about this- >> It's a process that used to take 25 to 30 days depending on the complexity of the claims, we've gotten it down with AWS down to within 24 hours we can get the veterans what they need really quickly so, I mean, that's just huge. And it's an exciting story that includes data analytics, AI and automation, so that's just one example. You know, we've got examples around SAP where we've developed a next generation SAP for HANA Platform for Phillips Carbon Black hosted on AWS, right? For them, it created an integrated, scalable, digital business, that cut out a hundred percent the capital cost from on-prem solutions. We've got security solutions around architectures for telecommunications advisors and of course we have lots of examples of migration and modernization and moving workloads using Red Hat to do that. So there's a lot of great client examples, so to me, this is the heart of what we do, like you said, both companies are really focused on clients, Amazon's customer-obsessed, and doing what we can for our clients together is where we get the impact. >> Yeah, that's one of the things that, it sounds kind of cliche, "Oh we're going to work backwards from the customer," I know Amazon says that, they do, you guys are also very customer-focused but the customers are changing. So I'd love to get your reaction because we're now in that cloud 2.0, I call that 2.0 or you got the Amazon Classic, my word, and then Next Gen Cloud coming, the customers are different, they're transforming because IT's not a department anymore, it's in the DevOps pipeline. The developers are driving a lot of IT but security and on DataOps, it's the structural change happening at the customer, how do you guys see that at IBM? I know we cover a lot of Red Hat and Arvind talks to us all the time, meeting the customer where they are, where are they? Where are the customers? Can you share your perspective on where they are? >> It's an astute observation, right, the customer is changing. We have both of those sets of customers, right, we still have the traditional customer, our relationship with Central IT, right, and driving governance and all of those things. But the folks that are innovating many times they're in the line of business, they're discovering solutions, they're building new things. And so we need our offerings to be available to them. We need them to understand how to use them and be convenient for these guys and take them through that process. So that change in the customer is one that we are embracing by making our offerings easy to consume, easy to use, and easy to build into solutions and then easy to parlay into what central IT needs to do for governance, compliance, and these types of things, it's becoming our new bread and butter. >> And what's really cool is- >> Is that easy button- >> We've been talking about- >> It's the easy button. >> The easy button a lot on the show this week and if you just, you just described it it's exactly what people want, go on Becky. >> Sorry about that, I was going to say, the cool part is that we're co-creating these things with our clients. So we're using things like the Amazon Working Backward that you just mentioned.` We're using the IBM garage methodology to get innovative to do design working, design thinking workshops, and think about where is that end user?, Where is that stakeholder? Where are they, they thinking, feeling, doing, saying how do we make the easier? How do we get the easy button for them so that they can have the right solutions for their businesses. We work mostly with lines of business in my part of the organization, and they're hungry for that. >> You know, we had a quote on theCUBE yesterday, Savannah remember one of our guests said, you know, back in the, you know, 1990s or two 2000s, if you had four production apps, it was considered complex >> Savannah: Yeah. >> You know, now you got hundreds of workloads, thousands of workloads, so, you know, this end-to-end vision that we heard that's playing out is getting more complex, but the easy button is where these abstraction layers and technology could come in. So it's getting more complex because there's more stuff but it's getting easier because- >> Savannah: What is the magnitude? >> You can make it easier. This is a dynamic, share your thoughts on that. >> It's getting more complex because our clients need to move faster, right, they need to be more agile, right, so not only are there thousands of applications there are hundreds of thousands microservices that are composing those applications. So they need capabilities that help them not just build but govern that structure and put the right compliance over that structure. So this relationship- >> Savannah: Lines of governance, yeah- >> This relationship we built with AWS is in our key areas, it's a strategic move, not a small thing for us, it covers things like automation and integration where you need to build that way. It covers things like data and AI where you need to do the analytics, even things like sustainability where we're totally aligned with what AWS is talking about and trying to do, right, so it's really a good match made there. >> John: It really sounds awesome. >> Yeah, it's clear. I want to dig in a little bit, I love the term, and I saw it in my, it stuck out to me in the notes right away, getting ready for you all, "maniacal", maniacal about the customer, maniacal about the community, I think that's really clear when we're talking about 24 days to 24 hours, like the veteran example that you gave right there, which I genuinely felt in my heart. These are the types of collaborations that really impact people's lives, tell me about some of the other trends or maybe a couple other examples you might have because I think sometimes when our head's in the clouds, we talk a lot about the tech and the functionality, we forget it's touching every single person walking around us, probably in a different way right now than we may even be aware- >> I think one of the things that's been, and our clients have been asking us for, is to help coming into this new era, right, so we've come out of a pandemic where a lot of them had to do some really, really basic quick decisions. Okay, "Contact Center, everyone work from home now." Okay, how do we do that? Okay, so we cobbled something together, now we're back, so what do we do? How do we create digital transformation around that so that we are going forward in a really positive way that works for our clients or for our contact center reps who are maybe used to working from home now versus what our clients need, the response times they need, and AWS has all the technology that we're working with like Amazon Connect to be able to pull those things together with some of our software like Watson Assistant. So those types of solutions are coming together out of that need and now we're moving into the trend where economy's getting tougher, right? More cost cutting potentially is coming, right, better efficiencies, how do we leverage our solutions and help our clients and customers do that? So I think that's what the customer obsession's about, is making sure we really understand where their pain points are, and not just solve them but maybe get rid of 'em. >> John: Yeah, great one. >> Yeah. And not developing in a silo, I mean, it's a classic subway problem, you got to be communicating with your community if you want to continue to serve them. And IBM's been serving their community for a very long time, which is super impressive, do you think they're ready for the challenge? >> Let's do it. >> So we have a new thing on theCUBE. >> Becky: Oh boy. >> We didn't warn you about this, but here we go. Although you told, Alan, you've mentioned you're feeling very cool with the microphone on, so I feel like, I'm going to put you in the hot seat first on this one. Not that I don't think Becky's going to smash it, but I feel like you're channeling the power of the microphone. New challenges, treat it like a 32nd Instagram reel-style story, a hot take, your thought leadership, money clip, you know, this is your moment. What is the biggest takeaway, most important thing happening at the show this year? >> Most important thing happening at the show? Well, I'm glad you mentioned it that way, because earlier you said we may have to sing (presenters and guests all laughing) >> So this is much better than- >> That's actually part of the close. >> John: Hey, hey. >> Don't worry, don't worry, I haven't forgotten that, it's your Instagram reel, go. (Savannah laughs) >> Original audio happening here on theCUBE, courtesy of Alan and IBM, I am so here for it. >> So what my takeaway and what I would like for the audience to take away, out of this conversation especially, but even broadly, the IBM AWS relationship is really like a landmark type of relationship, right? It's one of the biggest that we've established on both sides, right- >> Savannah: It seems huge, okay you are too monolith in the world of companies, like, yeah- >> Becky: Totally. >> It's huge. And it represents a strategic change on both sides, right? With that customer- >> Savannah: Fundamentally- >> In the middle right? >> Savannah: Yeah. >> So we're seeing things like, you know, AWS is working with us to make sure we're building products the way that a AWS client likes to consume them, right, so that we have the right integration, so they get that right look and feel, but they still get the enterprise level capabilities they're used to from IBM, right? So the big takeaway I like for people to take, is this is a new IBM, it's a new AWS and IBM relationship, and so expect more of that goodness, more of those new things coming out of it. [John] Excellent, wow. >> That was great, well done, you nailed it. and you're going to finish with some acapella, right? (Alan laughs) >> You got a pitch pipe ready? (everyone laughs) >> All right Becky, what about you? Give us your hot take. >> Well, so for me, the biggest takeaway is just the way this relationship has grown so much, so, like you said, it's the new IBM it's the new AWS, we were here last year, we had some good things, this year we're back at the show with joint solutions, have been jointly funded and co-created by AWS and IBM. This is huge, this is a really big opportunity and a really big deal that these two companies have come together, identified joint customer needs and we're going after 'em together and we're putting 'em in the booth. >> Savannah: So cool. And there's things like smart edge for welding solutions that are out there. >> Savannah: Yes. >> You know, I talked about, and it's, you know you wouldn't think, "Okay, well what's that?" There's a lot to that, a lot of saving when you look at how you do welding and if you apply things like visual AI and auditory AI to make sure a weld is good. I mean, I think these are, these things are cool, I geek out on these things- >> John: Every vertical. >> I'm geeking out with you right now, just geeking- >> Yeah, yeah, yeah, so- >> Every vertical is infected. >> They are and it's so impactful to have AWS just in lockstep with us, doing these solutions, it's so different from, you know, you kind of create something that you think your customers like and then you put it out there. >> Yeah, versus this moment. >> Yeah, they're better together. >> It's strategic partnership- >> It's truly a strategic partnership. and we're really bringing that this year to reinvent and so I'm super excited about that. >> Congratulations. >> Wow, well, congratulations again on your awards, on your new partnership, I can't wait to hear, I mean, we're seven months in, eight months in to this this SaaS side of the partnership, can't wait to see what we're going to be talking about next year when we have you back on theCUBE. >> I know. >> and maybe again in between now and then. Alan, Becky, thank you both so much for being here, this was truly a joy and I'm sure you gave folks a taste of the new IBM, practicing what you preach. >> John: Great momentum. >> And I'm just, I'm so impressed with the two companies collaborating, for those of us OGs in tech, the big companies never collaborated before- >> Yeah. >> John: Yeah. Joint, co-created solutions. >> And you have friction between products and everything else. I mean's it's really, co-collaboration is, it's a big theme for us at all the shows we've been doing this year but it's just nice to see it in practice too, it's an entirely different thing, so well done. >> Well it's what gets me out of the bed in the morning. >> All right, congratulations. >> Very clearly, your energy is contagious and I love it and yeah, this has been great. Thank all of you at home or at work or on the International Space Station or wherever you might be tuning in from today for joining us, here in Las Vegas at AWS re Invent where we are live from the show floor, wall-to-wall coverage for three days with John Furrier. My name is Savannah Peterson, we're theCUBE, the source for high tech coverage. (cheerful upbeat music)

>>We're back with Jerome West, product management security lead at for HCI at Dell Technologies Hyper-converged infrastructure. Jerome, welcome. >>Thank you, David. >>Hey, Jerome, In this series, A blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage, servers and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? >>So what's unique about Hyperconverge infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system, so like a server or a storage system or a virtualization piece of software. I mean, HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft, and internal partners like the Dell Power Edge team, the Dell storage team, the Dell networking team, and on and on. These partnerships, in these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past, we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short term solutions and we need long term solutions as well. >>So for the short term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio. We build our software on VMware, so we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily, VX Rail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle so that VMware will produce a patch and within 14 days we will integrate our own code. With the VMware release, we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, Vxl had over 40 releases of software updates last year for a longer term solution. We're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co engineer with effective collaborations with our, with our partners. >>Great, Thank you for that. That description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, and to me my takeaway was you gotta have a short term instant patch solution and then you gotta do an integration in a very short time, you know, two weeks to then have that integration done. And then longer term you have to have a software bill of materials so that you can ensure the providence of all the components help us. Is that a right way to think about cybersecurity resilience? Do you have, you know, a additives to that definition? >>I do. I really think that site cybersecurity and resilience for hci, because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me, let me give you an example. So hci, it's a, basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtual virtualizing hardware functionality, like say a storage controller, you could implement it in a hardware, but for hci, for example, in our VX rail portfolio, we, or our vxl product, we integrate it into a product called vsan, which is provided by our partner VMware. So that portfolio strength is still, you know, through our, through our partnerships. >>So what we do, we integrate these, these security functionality and features in into our product. So our partnership grows to our ecosystem through products like VMware, products like nsx, Verizon, Carbon Black and Bsphere. All of them integrate seamlessly with VMware. And we also leverage VMware's software, par software partnerships on top of that. So for example, VX supports multifactor authentication through bsphere integration with something called Active Directory Federation services for adfs. So there is a lot of providers that support adfs, including Microsoft Azure. So now we can support a wide array of identity providers such as Off Zero or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my my answer, we consume all of the security advantages of our partners, but we also expand on that to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >>Great. I mean that's super helpful. You've mentioned nsx, Horizon, Carbon Black, all the, you know, the VMware component OTH zero, which the developers are gonna love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway cuz you've got this software defined environment and you're managing servers and networking and storage with this software led approach, how do you ensure that the entire system is secure end to end? >>That's a really great question. So the, the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, the xra is the market's only co engineered solution with VMware, other vendors sell VMware as a hyperconverged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development life cycle, which other products might talk about in their discussions with you that we integrate into our engineering life cycle. So because we follow the same framework, all of the, all of the codes should interoperate from a security standpoint. And so when we do our final validation testing when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >>That's great. All right, let's, let's close pitch me, what would you say is the strong suit summarize the, the strengths of the Dell hyperconverged infrastructure and converged infrastructure portfolio specifically from a security perspective? Jerome? >>So I talked about how hyper hyper-converged infrastructure simplifies security management because basically you're gonna take all of these features that are abstracted in in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be, say, you know, in for VX rail would be b be center, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the, the key to making it to hci. Now, what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co engineered, it's not bolted on. So I gave the example of, I gave the example of how we, we modify our software release process with VMware to make it very responsive. >>A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell that's not done through a partnership. So we digitally sign our software updates so you, the user can be sure that the, the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for, for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage. It all comes in a package. So it, it can be all managed through vCenter, for example, or, and then the specific hyper, hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few pains of glass that the, the administrator or user ever has to worry about. It's all self contained and manageable. >>That makes a lot of sense. So you got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, you know, they gotta deal with cloud security, they gotta deal with multiple clouds. Now they have their shared responsibility model going across multiple, They got all this other stuff that they have to worry, they gotta secure containers and the run time and, and, and, and, and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the, the securities is gonna get worse. So what my takeaway is, you're removing that infrastructure piece and saying, Okay guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners to, and your own teams to really nail that. Is that a fair summary? >>I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define, to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use in our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because we are, our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I, I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and, and other highly regulated environments, and we're very successful >>There. Excellent. Okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry and so would appreciate that. >>I would look forward to it. Thank you very much, Dave. >>You're really welcome. In a moment I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I wanna thank our guests for their contributions and helping us understand how investments by a company like Dell can both reduce the need for dev sec up teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality providence and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, OnPrem or at the edge, you are responsible for your own security. But vendor r and d and vendor process must play an important role in easing the burden faced by security devs and operation teams. And on behalf of the cube production content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember part one of this series as well as all the videos associated with this program, and of course, today's program are available on demand@thecube.net with additional coverage@siliconangle.com. And you can go to dell.com/security solutions dell.com/security solutions to learn more about Dell's approach to securing infrastructure. And there's tons of additional resources that can help you on your journey. This is Dave Valante for the Cube, your leader in enterprise and emerging tech coverage. We'll see you next time.

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented, They are. There just aren't enough of them to go around and the adversary is also talented and very creative, and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years, we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents, >>Right? What is that is exactly right, right? Breachers are bound to happen and given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry, but we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized so they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach and that's where Dell pays a lot of attention into assuring the security approach approaching and it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it and bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube, your leader in enterprise and emerging tech coverage. We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome, good to see you. >>Hey, good morning Dell's, nice to meet, meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so few years ago IT security and an enterprise was primarily putting a wrapper around data center out because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the environment and data small enough control today with the distributed data, intelligent software, different systems, multi-cloud environment and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure In today's, you know, data driven world, it operates everywhere and data has created and accessed everywhere so far from, you know, the centralized monolithic data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a rapper around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic, they need to be integrated, scalable, one that span the entire enterprise and with a co and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing changing best destroy or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you think about securing network infrastructure, when you're looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say roles for that matter in a role based access control, whether you are a security admin or a network admin or a storage admin. >>And it's imperative that logging is enable because any of the change to the configuration is actually logged and monitored as that. Talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get UND desire results in terms of say validation of the images. It's, it needs to be done through say digital signature. So, so it's important that when you're talking about say, software integrity, a, you are ensuring that the platform is not compromised, you know, is not compromised and be that any upgrades, you know, that happens to the platform is happening through say validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i I think response, but please continue. >>Yeah, so you know, the third one is about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different, you know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And these are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It provides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging off any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like segmentation isolated segments and via VRF or, or some micro segmentation via partners, this allows various level of security for each of those segments. So it's important you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? >>You know, there are multiple layer of defense, you know, both at the edge and in the network in this hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. If you look at say that you know the different pillars of a zero trust architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trust platform in a trusted platform models tpms on certain offer products and you know, the physical security know plain, simple old one love port enable from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. >>If you look at say a transport and decision trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain hotel net or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or is certificate authority based certification. And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the b g peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here, you know, you know, it's, it's typical that if you don't have a control plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. >>From an application test perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. And I did talk about, say the digital signature and the cryptographic check that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about sales multi 10 aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift the vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz scop teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our >>Portfolio, it enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the fabric and you know, from a deployment and you know, the management of the network infrastructure that are simplicities, you know, using like Ansible s for Sonic for example are, you know, for a better sit and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and Avan has and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic no is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center, you know, right up to the edge. Now if you look at our north from a smart traffic OS 10 perspective, you know, as I mentioned, we do have smart traffic services which essentially, you know, simplifies the deployment day zero, I mean rather day one, day two deployment expansion plans and the lifecycle management of our conversion infrastructure and hyper and hyper conversion infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick, just pitch me, what can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned, we're talking about the physical security for examples, say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is data for the digital signature, you know, prior to any upgrade process. And if you are looking at secure access control, we do have things like role based access control, SSH to the switches, control plane access control that pre do tags and say access control from multifactor authentication. >>We do have various tech ads for entry control to the network and things like CSE and PRV support, you know, from a federal perspective we do have say logging wherein, you know, any event, any auditing capabilities can be possible by say looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say network segment, you know, say network separation and you know, these, you know, separation, you know, ensures that are, that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone and, you know, just can be implemented by a, a micro segmentation, you know, just a plain old wheel or using virtual route of framework VR for example. >>A lot there. I mean I think frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you could be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the cube, your leader in enterprise and emerging tech coverage, your own west product management security lead at for HCI at Dell Technologies hyper-converged infrastructure. Jerome, welcome. >>Thank you Dave. >>Hey Jerome, in this series of blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? >>So what's unique about hyper-converge infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system. So like a server or storage system or a virtualization piece of software, software. I mean HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft, and internal partners like the Dell Power Edge team, the Dell storage team, the Dell networking team, and on and on. These partnerships in these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short term solutions and we need long term solutions as well. >>So for the short term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio. We build our software on VMware, so we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily VX rail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle so that VMware would produce a patch and within 14 days we will integrate our own code with the VMware release we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VHA had over 40 releases of software updates last year for a longer term solution. We're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co engineer with effective collaborations with our, with our partners. >>Great, thank you for that. That description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, and to me my takeaway was you gotta have a short term instant patch solution and then you gotta do an integration in a very short time, you know, two weeks to then have that integration done. And then longer term you have to have a software bill of materials so that you can ensure the providence of all the components help us. Is that a right way to think about cybersecurity resilience? Do you have, you know, a additives to that definition? >>I do. I really think that's site cybersecurity and resilience for hci because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me, let me give you an example. So hci, it's a, basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtual virtualizing hardware functionality, like say a storage controller, you could implement it in hardware, but for hci, for example, in our VX rail portfolio, we, our Vxl product, we integrated it into a product called vsan, which is provided by our partner VMware. So that portfolio of strength is still, you know, through our, through our partnerships. >>So what we do, we integrate these, these security functionality and features in into our product. So our partnership grows to our ecosystem through products like VMware, products like nsx, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware and we also leverage VMware's software, part software partnerships on top of that. So for example, VX supports multifactor authentication through vSphere integration with something called Active Directory Federation services for adfs. So there's a lot of providers that support adfs including Microsoft Azure. So now we can support a wide array of identity providers such as Off Zero or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >>Great, I mean that's super helpful. You've mentioned nsx, Horizon, Carbon Black, all the, you know, the VMware component OTH zero, which the developers are gonna love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway cuz you've got this software defined environment and you're managing servers and networking and storage with this software led approach, how do you ensure that the entire system is secure end to end? >>That's a really great question. So the, the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, VxRail is the market's only co engineered solution with VMware, other vendors sell VMware as a hyper converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development life cycle, which other products might talk about in their discussions with you that we integrate into our engineering life cycle. So because we follow the same framework, all of the, all of the codes should interoperate from a security standpoint. And so when we do our final validation testing when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >>That's great. All right, let's, let's close pitch me, what would you say is the strong suit summarize the, the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio specifically from a security perspective? Jerome? >>So I talked about how hyper hyper-converged infrastructure simplifies security management because basically you're gonna take all of these features that are abstracted in in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be, say, you know, in for VX rail would be b be center, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the, the key to making it to hci. Now, what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co engineered, it's not bolted on. So I gave the example of spo, I gave the example of how we, we modify our software release process with VMware to make it very responsive. >>A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell that's not done through a partnership. So we digitally signed our software updates so the user can be sure that the, the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own a specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for, for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage it all comes in a package. So it, it can be all managed through vCenter, for example, or, and then the specific hyper, hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few pains of glass that the, the administrator or user ever has to worry about. It's all self contained and manageable. >>That makes a lot of sense. So you've got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, you know, they gotta deal with cloud security, they gotta deal with multiple clouds. Now they have their shared responsibility model going across multiple cl. They got all this other stuff that they have to worry, they gotta secure the containers and the run time and and, and, and, and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the, the securities is gonna get worse. So what my takeaway is, you're removing that infrastructure piece and saying, Okay guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners to and your own teams to really nail that. Is that a fair summary? >>I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define, to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because we are, our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I, I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and, and other highly regulated environments and we're very successful there. >>Excellent. Okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry and so would appreciate that. >>I would look forward to it. Thank you very much, Dave. >>You're really welcome. In a moment I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I wanna thank our guests for their contributions in helping us understand how investments by a company like Dell can both reduce the need for dev sec up teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality providence and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, on prem or at the edge, you are responsible for your own security. But vendor r and d and vendor process must play an important role in easing the burden faced by security devs and operation teams. And on behalf of the cube production content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember part one of this series as well as all the videos associated with this program and of course today's program are available on demand@thecube.net with additional coverage@siliconangle.com. And you can go to dell.com/security solutions dell.com/security solutions to learn more about Dell's approach to securing infrastructure. And there's tons of additional resources that can help you on your journey. This is Dave Valante for the Cube, your leader in enterprise and emerging tech coverage. We'll see you next time.

(upbeat music) >> We're back with Jerome West, the Product Management Security Lead for HCI at Dell Technologies Hyper-Converged Infrastructure. Jerome, welcome. >> Thank you, Dave. >> Hey, Jerome, in this series "A Blueprint for Trusted Infrastructure," we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyper-converged infrastructure. So my first question is what's unique about HCI that presents specific security challenges? What do we need to know? >> So what's unique about hyper-converged infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system, so like a server or a storage system or a virtualization piece of software. I mean, HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft and internal partners, like the Dell Power Edge Team, the Dell Storage Team, the Dell Networking Team, and on and on. These partnerships and these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past, we're seeing growing scope and sophistication in supply chain attacks. This means an attacker is going to attack your software supply chain upstream, so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or a Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short-term solutions and we need long-term solutions as well. So for the short-term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio, we build our software on VMware. So we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily, VxRail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle, so that VMware will produce a patch, and within 14 days we will integrate our own code with the VMware release. We will have tested and validated the update, and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VxRail had over 40 releases of software updates last year. For a longer term solution, we're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability, and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co-engineer with effective collaborations with our partners. >> Great, thank you for that description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, to me, my takeaway was you got to have a short-term instant patch solution and then you got to do an integration in a very short time, you know, two weeks to then have that integration done. And then longer-term, you have to have a software bill of materials so that you can ensure the provenance of all the components. Help us, is that a right way to think about cybersecurity resilience? Do you have, you know, additives to that definition? >> I do. I really think that cybersecurity and resilience for HCI, because like I said it has sort of unprecedented breadth across our portfolio. It's not a single thing. It's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me give you an example. So HCI, it's a basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtualizing hardware functionality, like say a storage controller. You could implement it in the hardware, but for HCI, for example, in our VxRail portfolio, our VxRail product, we integrated it into a product called vSan which is provided by our partner VMware. So that portfolio strength is still, you know, through our partnerships. So what we do, we integrate these security functionality and features into our product. So our partnership grows through our ecosystem through products like VMware products, like NSX, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware. And we also leverage VMware's software partnerships on top of that. So for example, VxRail supports multifactor authentication through vSphere's integration with something called Active Directory Federation Services or ADFS. So there is a lot of providers that support ADFS, including Microsoft Azure. So now we can support a wide array of identity providers such as Auth0, or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners' partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >> Great, I mean, that's super helpful. You've mentioned NSX, Horizon, Carbon Black, all the you know, the VMware component, Auth0, which the developers are going to love. You got Azure Identity. So it's really an ecosystem. So you may have actually answered my next question, but I'm going to ask it anyway cause you've got this software-defined environment, and you're managing servers and networking and storage with this software-led approach. How do you ensure that the entire system is secure end to end? >> That's a really great question. So the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example VxRail is the market's only co-engineered solution with VMware. Other vendors sell VMware as a hyper-converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code, and their process dovetails with ours because we have a secure development lifecycle which other products might talk about in their discussions with you, that we integrate into our engineering lifecycle. So because we follow the same framework, all of the code should inter-operate from a security standpoint. And so when we do our final validation testing, when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >> That's great. All right, let's close. Pitch me. What would you say is the strong suit, summarize the the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio, specifically from a security perspective, Jerome? >> So I talked about how hyper-converged infrastructure simplifies security management because basically you're going to take all of these features that are abstracted in hardware. They're not abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be say, you know, for VxRail it would be vCenter, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the key to making, to HCI. Now what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co-engineered. It's not bolted on. So I gave the example of SBOM. I gave the example of how we modify our software release process with VMware to make it very responsive. A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell. It's not done through a partnership. So we digitally sign our software updates. So the user can be sure that the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for example, the benefit to the customer is you don't have to create a complicated security framework. That's hard for your users to use, and it's hard for your system administrators to manage. It all comes in a package, so it can be all managed through vCenter, for example. And then the specific hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few panes of glass that the administrator or user ever has to worry about. It's all self-contained and manageable. >> That makes a lot of sense. So you've got your own infrastructure. You're applying your best practices to that like the digital signatures. You've got your ecosystem. You're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason, Jerome, this is so important is because SecOps teams, you know, they got to deal with Cloud security. They got to deal with multiple Clouds. Now they have their shared responsibility model going across multiple. They got all this other stuff that they have to worry. They got to secure the containers and the run time and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the security is just going to get worse. So my takeaway is you're removing that infrastructure piece and saying, okay, guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners and your own teams to really nail that. Is that a fair summary? >> I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define and develop a new security feature, the thing I keep foremost in mind is will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user-friendly and practical. And this is a challenge sometimes because our products operate in highly regulated environments, and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and other highly regulated environments. And we're very successful there. >> Excellent, okay, Jerome, thanks. We're going to leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry, and so would appreciate that >> I would look forward to it. Thank you very much, Dave. >> You're really welcome. In a moment, I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. (upbeat music)

(light music) >> Hello, welcome back everybody to theCUBE's coverage in New York City of AWS Summit 2022. I'm John Furrier, host of theCUBE. We had Dave Vellante, Lisa Martin here earlier. I'm going to wrap it up here with James Forrester, last interview of the day here in New York. Wish we would have had another day. It's a packed house, 10,000 people. James Forrester's the VP Worldwide Technical Leader for VMware's Cloud on AWS. On AWS is a big distinction. James, welcome to theCube. Thanks for coming on. >> Thank you so much, John. It's great to be here. >> So I think it's been like six years since the announcement of VMware's Cloud on AWS, which is a separate instance, separate hardware, but it's changed the game for VMware. You guys have done a lot of work, successful traction with customers. Clarified, I remember at that time, it really clarified VMware's Cloud play. Which then gave VMware more time to work on what it's doing now, which is, you know, using all their assets and their operations with Tanzu, Monterey, Cloud Native, Cross Cloud. What they call you guys call Cross Cloud, I call Super Cloud, action, a lot of stuff happening. So thanks for coming on. Okay. So first question is, what's the future look like for VMware's Cloud on AWS? >> Super bright, super bright. And there's a couple of great reasons for that. I think firstly, what we're seeing is that customers have now made enough progress in their cloud journeys. Many of them have chosen AWS and they're going full force. We're going to help them go faster. We're going to help them get there and get native to those adjacent services much quicker with more confidence and more resiliency. So it's a super exciting time to be doing what we do. >> You know, VMware has had a steady install base, okay. I mean basically it's like almost ingrained in the operations. What do you guys see as that next level step up function? Because you know, obviously Broadcom is buying VMware. Obviously that utility will be in place, but there's more. There's more there that customers can tap into. This is the promise of the cross-cloud. How do you talk about that when you got the AWS action? How does that all integrate? >> Yeah, absolutely. And of course, because so many customers are going to AWS on their own cloud journeys right now, what we get to have the conversation about is how they can get there more confidently. And so for customers who are just starting out, who are looking at their application portfolios, who have a ton of skilled IT professionals who they want to bring into that cloud journey, they can use the skills they already have. For those folks who are a little bit further along but they may be finding that refactoring their applications is more complex, more difficult that they anticipated, we give them a way of moving with confidence and with much less risk so they can do those cloud journeys that they anticipated. >> You know, James, I want to get your thoughts on what the state of the current situation is, vis-à-vis, your customers and your customers' appetite for AWS services. 'Cause one of the promises of the original deal was clarifying messaging but more importantly, customers can get the VMware Cloud and take advantage of the higher level services on AWS. What's the update there? What's the current state of the art? What's some of the patterns that you're seeing on the uptake of services and how they're working together? >> Yeah, it's a great call out. And honestly, one of the misconceptions that I address right out of the gate is that somehow going VMware Cloud takes you away from those services. It doesn't, it gets you closer to them. Full, direct, native access to all of those hundreds of great AWS services. So what we often find is that customers have their enterprise data, inside data workloads in their data centers. But what they want to do is get that up next to the AWS services that can use it, like Redshift and Athena and Glue. They can move those workloads right adjacent to those services to start using them right away. So it's a great way to look at the platform. >> So one of the observations that's pretty well understood right now by most people, I'd say 90%, if not more, not a hundred percent 'cause I've heard people like not get it, but it's pretty clear that the operating model for the the enterprise will be hybrid as a steady state. I don't think there's any debate on that unless you think there is. >> Do you feel the same- >> No debate. No debate. >> Okay. Hybrid's a steady state. What does that mean as clients start to think about edge and their data centers. 'Cause now the private cloud is back in the game. So I've heard people talk about private cloud, which we, I think we coined the term with Dave, Wikibon years ago, but it kind of went away because that was not the public cloud. So public cloud won, on premise didn't go away. We saw Amazon with Outpost. So now they're like, I can still have stuff on prem and run it in a cloud operations. So they're calling that private cloud, I think. So you're starting to hear the same things. What it means basically is that hybrid is winning. It's the standard. What does the hybrid environment look like from a VMware perspective as you guys look at that and have been building that out 'cause you have customers that are on premises. >> Yeah. >> Is it just to the cloud and back? Is it, is there any changes? Is there new connective tissue? Is there a glue layer? What's the operating model for VMware customers? >> Well, customers wanted those same benefits from public cloud agility, cost benefits, elasticity, innovation, sovereignty, sustainability, but they wanted to be able to do that everywhere. They wanted it in their data centers. They wanted it at the edge. And as you've pointed out public cloud delivered that for customers. AWS first out there delivering that for customers. Now with innovations like VMware Cloud and AWS outpost, we're able to bring that back into the data center. We're able to bring those same benefits of public cloud into the customers on-prem environment. And you're right. We see hybrid just rolling and rolling and being able to offer our solution across all of it. >> Yeah, we're big fans of VMware because theCube's 12 years old, we've been at every VMworld. Now they're calling it VMware Explorer, the events coming up. So the folks watching, plug for VMware Explorer, formerly VMworld, it's on the schedule. Content catalog just came out last week. It's looking pretty good. So put a plug out there. We'll be there with theCube, two sets. So you know, if you're going to VMworld, now Explorer go register, get up there. It's in San Francisco, always a great event. vSphere and vSAN, always great products. But you got Carbon Black, you got Security. So these things have all been working kind of pistons for VMware. Tanzu, I know Raghu and those guys are doing it. Craig McLuckie and team, they're working on that. You got Tanzu, you got Monterey. That's the new cloud native thing. How is that tracking vis-à-vis, the operating model of the the core engine, vSphere, vSAN and others. And then with the native services of Cloud. So you got AWS Cloud with VMware Cloud, vSphere, vSAN, Carbon Black, and Security. And then you got the Tanzu over here. How are those three things coming together? >> Well, the services that customers know and love first and foremost that they've been running the mission critical workloads on, vSphere, vSAN, NSX. What VMware cloud and AWS is, is a packaging together of those services. So customers don't have to configure it all themselves and do the heavy lifting. We manage and run it on their behalf. What we are adding to that most recently with Tanzu is now the ability to run containers within the same environment. 'Cause customers tell us they've got parts of their organization that are very much on vSphere VMs. Parts of their organization are moving to containers. We want be able to provide a single operating model, a single layer, a single way of managing all of that. No matter where it's deployed. >> You know, remember back in the day, when Raghu wasn't the CEO, Carl Eschenbach was there, Sanjay Poonen was there. Carl's now at Sequoia Capital, Raghu's a CEO. Sanjay's kind of looking for a next gig. I always said, why doesn't vSphere and NSX become that abstraction layer and commoditize the network so that white boxes and Dell and HP could all play in that layer? It just never happened yet. Is that something you guys talk about at all? Like, I mean in the, in the smokey room, in the execs, is that happening? What's the vision? >> Well, we always work backwards- from customers, right? (John laughing) And what customers are telling us is they want us to help them with that undifferentiated heavy lifting. So who knows where that could take us, but right now we're very focused on helping those customers move with confidence to the cloud. >> You didn't take the bait on that one. I appreciate that. (James laughing) Okay. So let's get some perspective. You're out with customers. What are the big things that you're seeing right now from your customers right now? 'Cause you look behind us here, 10,000 people at this event. This is not a no-show. This is not a throwaway event in, you know, somewhere in the corner of the world. This is New York City, only one summit. This is bigger than Snowflake Summit and that was packed. So from an event standpoint, this is pretty a big game statement here for AWS. These companies are not experiencing headwinds, they're changing. So what are your customers telling you around what they're looking at for the cloud native architecture? I mean obviously the digital transformation is continuing, obviously clouds here. And again, we were saying earlier, this is the first time in history that the cloud hyperscalers have been in market during a so-called downturn. So there's no other data. 2008, I wouldn't call 'em up and running. They were building, but AWS, Azure, others, these cloud players they're in market. And so you're starting to see kind of some data coming out saying, Hey, this thing's still working, the engine of innovation is cranking out and it's not slowing down the digital transformation. It might change the capital markets and valuations but it's not changing customers. That's what I'm hearing. Now, you probably would agree with that, right? >> James: I think that's exactly right. >> Okay. So let's stay with that. If you believe that, then it's like, okay, what are they doing? So what are customers doubling down on? What are some of the patterns you're seeing in the environment today that you could share with the audience? >> Yeah, so I think first and foremost is that steady transition to the cloud to deliver all of those benefits, agility, cost, elasticity, innovation, sovereignty, sustainability that hasn't gone away at all. In fact, it's only accelerated. With workloads like virtual desktops, which became so critical during COVID the need to be able to provide that kind of scalable elastic capacity has only increased. Now, coupled with that, most of these customers are already on a cloud journey. And while some folks may have had the luxury of letting that go a little bit more slowly, nowadays the urgency is pervasive across all of the industries that we get to talk to in New York. Everyone needs to go faster. Everybody's not seeing the progress that they expected that we think we can help them deliver. So the opportunity I think that's come out of COVID is more workloads, different use cases, disaster recovery, ransomware- >> Is that more of an awareness or reality or both? >> Both. Absolutely. >> Okay. So let me ask the next question. 'Cause this is a good conversation, I think. I agree a hundred percent. We're seeing the same exact thing. Now let's talk about how companies are thinking about the real opportunity that's emerged, which is refactoring the business model without actually changing the makeup of the organization per se, to take on new territories and potentially take over categories. >> James: Mm hmm. >> So I mean a data warehouse and a data cloud's kind of the same thing. Snowflake probably wouldn't like me saying that they're a data warehouse because they call themselves a data cloud, but it's kind of the same thing, just refactored on AWS. >> James: Yep. >> That's a super cloud. So that's an opportunity for everyone to do that in every vertical. How many customers are actually thinking that way and actually taking steps to pursue that, capture that opportunity? Or do you agree it's the opportunity? >> No, I think that that is an opportunity and I love that idea of super cloud in that what I think customers have started to realize, over the last couple of years in particular, is it's very difficult to take advantage of all of those great cloud services if your applications are still behind a whole lot of different layers of firewalls and so forth. So getting the application close to those services, in proximity to those services is that first step in modernization. Then it doesn't have to be a change the wings on the plane while it's flying conversation, which- >> John: Yeah. >> You know, is very risky for a lot of organizations. >> John: Exactly. >> It's a let's get the plane going a little bit faster. Let's get the plane going a little bit smoother, and let's get the plane to its destination with less risk. >> You know, James, that reminds me of the old school conversations of non disruptive operations. Remember those days? >> James: I do, yeah. >> Mostly around storage and, and servers. But that's what basically what you're saying. Transform while operating, right? >> James: Exactly. >> So this is, you can do both. You got to make time and it's a talent question too. I'd love to get your thoughts on how customers are thinking about who do you put on which task. 'Cause you want your A players on both areas. You don't want all your A players, what I hear, CSOs and CIOs telling me is that, I put all my A players on transformation, I got no one running the business. >> James: Mm hmm. >> So you got to kind of balance. That's a cultural team decision. >> It's a cultural team decision. It's also a skills marketplace decision. >> John: Yeah. >> And there's a practical reality to the skills that are available and how fast you can hire them. So a big part of the conversation that we have is when customers have existing skills sets, plug those into their transformation, plug those into their business outcomes. I like to use the phrase, "Let's make heroes out of IT" because they can be a much more critical player than they think they can be. Yeah, IT basically is not even around anymore. It's part of the organization. And then you have data science and data engineering coming in. So it's, you know, IT is not a department anymore, it's the company >> Exactly right. >> If you're kind of going down that road, yeah. >> Yeah. Alright, so final question. What's the biggest change you've seen and observed in your current year and a half? You know, we're coming out of COVID, knowing what was before, what sea change, what inflection point are we in now? How would you describe this current market? 'Cause again, we're kind of in a unique market. You know, you got crypto around the corner, people getting attracted to that, little bubbly obviously, reality of cloud and 2.0 or super cloud emerging. On premise is not going away. Edge exploding on the industrial side, especially with machine learning coming along. So this operating model is clearly in sight. What's the biggest observation you've noticed. >> I think it's the sense of urgency over the last couple of years in that most customers I talked to are no longer relaxed about the timing of delivering cloud capabilities to their organizations. Most customers are on sort of a transformation journey of their own and digital transformation and cloud transformation are absolutely fundamental to that. >> One more real quick follow up question if you don't mind, 'cause I appreciate your time. One of the things that's come up a lot in our conversations is the role of the ecosystem. Not only as a part of the business model but also validation of the enablement that cloud offers companies. You have an enabling platform, your ecosystem is well known. And so your customers are starting to develop ecosystems. So if the cloud model kind of trickles like downstream, ecosystem is kind of a proof of something. >> James: Mm hmm. >> What's your view of all this ecosystem discussion as we transform this next generation? >> Yeah, I think it touches on a couple of things. So obviously there is a technology ecosystem, which is evolving very rapidly in support of cloud and cloud transformation. But what's interesting, I think is the business ecosystem that's evolving around it. We're seeing our customers evolve their own businesses to assume that those cloud capabilities will be available to them. And if the cloud capabilities are not available to them in a timely fashion, then the ecosystem starts to have a domino effect. So the ecosystems are interdependent between business, and technology, and skills, and talent. And I think that's a great to be >> James Forrester, they're going to shut us down. The speakers are on, they're going to pull the plug. Thanks for being our last interview here in New York City and bringing us home. Really appreciate you taking the time to come on theCube. >> John, thanks so much. Great to be here, really enjoyed it. Okay. We are wrapping it up here in New York City. I'm John Ford with theCube, great day. For Lisa Martin, Dave Vellante, and the entire crew of theCube here on the ground. Live in person events are back. theCube hybrid, get online, check out our coverage there. The SiliconANGLE and thecube.net. I'm John Furrier signing off from New York City. See you next time. (light music)

>> From theCUBE studios in Palo Alto in Boston, bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> In the words of my colleague CTO David Nicholson, Broadcom buys old cars, not to restore them to their original luster and beauty. Nope. They buy classic cars to extract the platinum that's inside the catalytic converter and monetize that. Broadcom's planned 61 billion acquisition of VMware will mark yet another new era and chapter for the virtualization pioneer, a mere seven months after finally getting spun out as an independent company by Dell. For VMware, this means a dramatically different operating model with financial performance and shareholder value creation as the dominant and perhaps the sole agenda item. For customers, it will mean a more focused portfolio, less aspirational vision pitches, and most certainly higher prices. Hello and welcome to this week's Wikibon CUBE Insights powered by ETR. In this Breaking Analysis, we'll share data, opinions and customer insights about this blockbuster deal and forecast the future of VMware, Broadcom and the broader ecosystem. Let's first look at the key deal points, it's been well covered in the press. But just for the record, $61 billion in a 50/50 cash and stock deal, resulting in a blended price of $138 per share, which is a 44% premium to the unaffected price, i.e. prior to the news breaking. Broadcom will assume 8 billion of VMware debt and promises that the acquisition will be immediately accretive and will generate 8.5 billion in EBITDA by year three. That's more than 4 billion in EBITDA relative to VMware's current performance today. In a classic Broadcom M&A approach, the company promises to dilever debt and maintain investment grade ratings. They will rebrand their software business as VMware, which will now comprise about 50% of revenues. There's a 40 day go shop and importantly, Broadcom promises to continue to return 60% of its free cash flow to shareholders in the form of dividends and buybacks. Okay, with that out of the way, we're going to get to the money slide literally in a moment that Broadcom shared on its investor call. Broadcom has more than 20 business units. It's CEO Hock Tan makes it really easy for his business unit managers to understand. Rule number one, you agreed to an operating plan with targets for revenue, growth, EBITDA, et cetera, hit your numbers consistently and we're good. You'll be very well compensated and life will be wonderful for you and your family. Miss the number, and we're going to have a frank and uncomfortable bottom line discussion. You'll four, perhaps five quarters to turn your business around, if you don't, we'll kill it or sell it if we can. Rule number two, refer to rule number one. Hello, VMware, here's the money slide. I'll interpret the bullet points on the left for clarity. Your fiscal year 2022 EBITDA was 4.7 billion. By year three, it will be 8.5 billion. And we Broadcom have four knobs to turn with you, VMware to help you get there. First knob, if it ain't recurring revenue with rubber stamp renewals, we're going to convert that revenue or kill it. Knob number two, we're going to focus R&D in the most profitable areas of the business. AKA expect the R&D budget to be cut. Number three, we're going to spend less on sales and marketing by focusing on existing customers. We're not going to lose money today and try to make it up many years down the road. And number four, we run Broadcom with 1% GNA. You will too. Any questions? Good. Now, just to give you a little sense of how Broadcom runs its business and how well run a company it is, let's do a little simple comparison with this financial snapshot. All we're doing here is taking the most recent quarterly earnings reports from Broadcom and VMware respectively. We take the quarterly revenue and multiply by four X to get the revenue run rate and then we calculate the ratios off of the most recent quarters revenue. It's worth spending some time on this to get a sense of how profitable the Broadcom business actually is and what the spreadsheet gurus at Broadcom are seeing with respect to the possibilities for VMware. So combined, we're talking about a 40 plus billion dollar company. Broadcom is growing at more than 20% per year. Whereas VMware's latest quarter showed a very disappointing 3% growth. Broadcom is mostly a hardware company, but its gross margin is in the high seventies. As a software company of course VMware has higher gross margins, but FYI, Broadcom's software business, the remains of Symantec and what they purchased as CA has 90% gross margin. But the I popper is operating margin. This is all non gap. So it excludes things like stock based compensation, but Broadcom had 61% operating margin last quarter. This is insanely off the charts compared to VMware's 25%. Oracle's non gap operating margin is 47% and Oracle is an incredibly profitable company. Now the red box is where the cuts are going to take place. Broadcom doesn't spend much on marketing. It doesn't have to. It's SG&A is 3% of revenue versus 18% for VMware and R&D spend is almost certainly going to get cut. The other eye popper is free cash flow as a percentage of revenue at 51% for Broadcom and 29% for VMware. 51%. That's incredible. And that my dear friends is why Broadcom a company with just under 30 billion in revenue has a market cap of 230 billion. Let's dig into the VMware portfolio a bit more and identify the possible areas that will be placed under the microscope by Hock Tan and his managers. The data from ETR's latest survey shows the net score or spending momentum across VMware's portfolio in this chart, net score essentially measures the net percent of customers that are spending more on a specific product or vendor. The yellow bar is the most recent survey and compares the April 22 survey data to April 21 and January of 22. Everything is down in the yellow from January, not surprising given the economic outlook and the change in spending patterns that we've reported. VMware Cloud on AWS remains the product in the ETR survey with the most momentum. It's the only offering in the portfolio with spending momentum above the 40% line, a level that we consider highly elevated. Unified Endpoint Management looks more than respectable, but that business is a rock fight with Microsoft. VMware Cloud is things like VMware Cloud foundation, VCF and VMware's cross cloud offerings. NSX came from the Nicira acquisition. Tanzu is not yet pervasive and one wonders if VMware is making any money there. Server is ESX and vSphere and is the bread and butter. That is where Broadcom is going to focus. It's going to look at VSAN and NSX, which is software probably profitable. And of course the other products and see if the investments are paying off, if they are Broadcom will keep, if they are not, you can bet your socks, they will be sold off or killed. Carbon Black is at the far right. VMware paid $2.1 billion for Carbon Black. And it's the lowest performer on this list in terms of net score or spending momentum. And that doesn't mean it's not profitable. It just doesn't have the momentum you'd like to see, so you can bet that is going to get scrutiny. Remember VMware's growth has been under pressure for the last several years. So it's been buying companies, dozens of them. It bought AirWatch, bought Heptio, Carbon Black, Nicira, SaltStack, Datrium, Versedo, Bitnami, and on and on and on. Many of these were to pick up engineering teams. Some of them were to drive new revenue. Now this is definitely going to be scrutinized by Broadcom. So that helps explain why Michael Dell would sell VMware. And where does VMware go from here? It's got great core product. It's an iconic name. It's got an awesome ecosystem, fantastic distribution channel, but its growth is slowing. It's got limited developer chops in a world that developers and cloud native is all the rage. It's got a far flung R&D agenda going at war with a lot of different places. And it's increasingly fighting this multi front war with cloud companies, companies like Cisco, IBM Red Hat, et cetera. VMware's kind of becoming a heavy lift. It's a perfect acquisition target for Broadcom and why the street loves this deal. And we titled this Breaking Analysis taming the VMware beast because VMware is a beast. It's ubiquitous. It's an epic software platform. EMC couldn't control it. Dell used it as a piggy bank, but really didn't change its operating model. Broadcom 100% will. Now one of the things that we get excited about is the future of systems architectures. We published a breaking analysis about a year ago, talking about AWS's secret weapon with Nitro and it's Annapurna custom Silicon efforts. Remember it acquired Annapurna for a measly $350 million. And we talked about how there's a new architecture and a new price performance curve emerging in the enterprise, driven by AWS and being followed by Microsoft, Google, Alibaba, a trend toward custom Silicon with the arm based Nitro and which is AWS's hypervisor and Nick strategy, enabling processor diversity with things like Graviton and Trainium and other diverse processors, really diversifying away from x86 and how this leads to much faster product cycles, faster tape out, lower costs. And our premise was that everyone in the data center is going to competes, is going to need a Nitro to be competitive long term. And customers are going to gravitate toward the most economically favorable platform. And as we describe the landscape with this chart, we've updated this for this Breaking Analysis and we'll come back to nitro in a moment. This is a two dimensional graphic with net score or spending momentum on the vertical axis and overlap formally known as market share or presence within the survey, pervasiveness that's on the horizontal axis. And we plot various companies and products and we've inserted VMware's net score breakdown. The granularity in those colored bars on the bottom right. Net score is essentially the green minus the red and a couple points on that. VMware in the latest survey has 6% new adoption. That's that lime green. It's interesting. The question Broadcom is going to ask is, how much does it cost you to acquire that 6% new. 32% of VMware customers in the survey are increasing spending, meaning they're increasing spending by 6% or more. That's the forest green. And the question Broadcom will dig into is what percent of that increased spend (chuckles) you're capturing is profitable spend? Whatever isn't profitable is going to be cut. Now that 52% gray area flat spending that is ripe for the Broadcom picking, that is the fat middle, and those customers are locked and loaded for future rent extraction via perpetual renewals and price increases. Only 8% of customers are spending less, that's the pinkish color and only 3% are defecting, that's the bright red. So very, very sticky profile. Perfect for Broadcom. Now the rest of the chart lays out some of the other competitor names and we've plotted many of the VMware products so you can see where they fit. They're all pretty respectable on the vertical axis, that's spending momentum. But what Broadcom wants is that core ESX vSphere base where we've superimposed the Broadcom logo. Broadcom doesn't care so much about spending momentum. It cares about profitability potential and then momentum. AWS and Azure, they're setting the pace in this business, in the upper right corner. Cisco very huge presence in the data center, as does Intel, they're not in the ETR survey, but we've superimposed them. Now, Intel of course, is in a dog fight within Nvidia, the Arm ecosystem, AMD, don't forget China. You see a Google cloud platform is in there. Oracle is also on the chart as well, somewhat lower on the vertical axis, but it doesn't have that spending momentum, but it has a big presence. And it owns a cloud as we've talked about many times and it's highly differentiated. It's got a strategy that allows it to differentiate from the pack. It's very financially driven. It knows how to extract lifetime value. Safra Catz operates in many ways, similar to what we're seeing from Hock Tan and company, different from a portfolio standpoint. Oracle's got the full stack, et cetera. So it's a different strategy. But very, very financially savvy. You could see IBM and IBM Red Hat in the mix and then Dell and HP. I want to come back to that momentarily to talk about where value is flowing. And then we plotted Nutanix, which with Acropolis could suck up some V tax avoidance business. Now notice Symantec and CA, relatively speaking in the ETR survey, they have horrible spending momentum. As we said, Broadcom doesn't care. Hock Tan is not going for growth at the expense of profitability. So we fully expect VMware to come down on the vertical axis over time and go up on the profit scale. Of course, ETR doesn't measure the profitability here. Now back to Nitro, VMware has this thing called Project Monterey. It's essentially their version of Nitro and will serve as their future architecture diversifying off x86 and accommodating alternative processors. And a much more efficient performance, price in energy consumption curve. Now, one of the things that we've advocated for, we said this about Dell and others, including VMware to take a page out of AWS and start developing custom Silicon to better integrate hardware and software and accelerate multi-cloud or what we call supercloud. That layer above the cloud, not just running on individual clouds. So this is all about efficiency and simplicity to own this space. And we've challenged organizations to do that because otherwise we feel like the cloud guys are just going to have consistently better costs, not necessarily price, but better cost structures, but it begs the question. What happens to Project Monterey? Hock Tan and Broadcom, they don't invest in something that is unproven and doesn't throw off free cash flow. If it's not going to pay off for years to come, they're probably not going to invest in it. And yet Project Monterey could help secure VMware's future in not only the data center, but at the edge and compete more effectively with cloud economics. So we think either Project Monterey is toast or the VMware team will knock on the door of one of Broadcom's 20 plus business units and say, guys, what if we work together with you to develop a version of Monterey that we can use and sell to everyone, it'd be the arms dealer to everyone and be competitive with the cloud and other players out there and create the de facto standard for data center performance and supercloud. I mean, it's not outrageously expensive to develop custom Silicon. Tesla is doing it for example. And Broadcom obviously is capable of doing it. It's got good relationships with semiconductor fabs. But I think this is going to be a tough sell to Broadcom, unless VMware can hide this in plain site and make it profitable fast, like AWS most likely has with Nitro and Graviton. Then Project Monterey and our pipe dream of alternatives to Nitro in the data center could happen but if it can't, it's going to be toast. Or maybe Intel or Nvidia will take it over or maybe the Monterey team will spin out a VMware and do a Pensando like deal and demonstrate the viability of this concept and then Broadcom will buy it back in 10 years. Here's a double click on that previous data that we put in tabular form. It's how the data on that previous slide was plotted. I just want to give you the background data here. So net score spending momentum is the sorted on the left. So it's sorted by net score in the left hand chart, that was the y-axis in the previous data set and then shared and or presence in the data set is the right hand chart. In other words, it's sorted on the right hand chart, right hand table. That right most column is shared and you can see it's sorted top to bottom, and that was the x-axis on the previous chart. The point is not many on the left hand side are above the 40% line. VMware Cloud on AWS is, it's expensive, so it's probably profitable and it's probably a keeper. We'll see about the rest of VMware's portfolio. Like what happens to Tanzu for example. On the right, we drew a red line, just arbitrarily at those companies and products with more than a hundred mentions in the survey, everything but Tanzu from VMware makes that cut. Again, this is no indication of profitability here, and that's what's going to matter to Broadcom. Now let's take a moment to address the question of Broadcom as a software company. What the heck do they know about software, right. Well, they're not dumb over there and they know how to run a business, but there is a strategic rationale to this move beyond just doing portfolios and extracting rents and cutting R&D, et cetera, et cetera. Why, for example, isn't Broadcom going after coming back to Dell or HPE, it could pick up for a lot less than VMware, and they got way more revenue than VMware. Well, it's obvious, software's more profitable of course, and Broadcom wants to move up the stack, but there's a trend going on, which Broadcom is very much in touch with. First, it sells to Dell and HPE and Cisco and all the OEM. so it's not going to disrupt that. But this chart shows that the value is flowing away from traditional servers and storage and networking to two places, merchant Silicon, which itself is morphing. Broadcom... We focus on the left hand side of this chart. Broadcom correctly believes that the world is shifting from a CPU centric center of gravity to a connectivity centric world. We've talked about this on theCUBE a lot. You should listen to Broadcom COO Charlie Kawwas speak about this. It's all that supporting infrastructure around the CPU where value is flowing, including of course, alternative GPUs and XPUs, and NPUs et cetera, that are sucking the value out of the traditional x86 architecture, offloading some of the security and networking and storage functions that traditionally have been done in x86 which are part of the waste right now in the data center. This is that shifting dynamic of Moore's law. Moore's law, not keeping pace. It's slowing down. It's slower relative to some of the combinatorial factors. When you add up in all the CPU and GPU and NPU and accelerators, et cetera. So we've talked about this a lot in Breaking Analysis episodes. So the value is shifting left within that middle circle. And it's shifting left within that left circle toward components, other than CPU, many of which Broadcom supplies. And then you go back to the middle, value is shifting from that middle section, that traditional data center up into hyperscale clouds, and then to the right toward infrastructure software to manage all that equipment in the data center and across clouds. And look Broadcom is an arms dealer. They simply sell to everyone, locking up key vectors of the value chain, cutting costs and raising prices. It's a pretty straightforward strategy, but not for the fate of heart. And Broadcom has become pretty good at it. Let's close with the customer feedback. I spoke with ETRs Eric Bradley this morning. He and I both reached out to VMware customers that we know and got their input. And here's a little snapshot of what they said. I'll just read this. Broadcom will be looking to invest in the core and divest of any underperforming assets, right on. It's just what we were saying. This doesn't bode well for future innovation, this is a CTO at a large travel company. Next comment, we're a Carbon Black customer. VMware didn't seem to interfere with Carbon Black, but now that we're concerned about short term disruption to their tech roadmap and long term, are they going to split and be sold off like Symantec was, this is a CISO at a large hospitality organization. Third comment, I got directly from a VMware practitioner, an IT director at a manufacturing firm. This individual said, moving off VMware would be very difficult for us. We have over 500 applications running on VMware, and it's really easy to manage. We're not going to move those into the cloud and we're worried Broadcom will raise prices and just extract rents. Last comment, we'll share as, Broadcom sees the cloud data center and IoT is their next revenue source. The VMware acquisition provides them immediate virtualization capabilities to support a lightweight IoT offering. Big concern for customers is what technology they will invest in and innovate, and which will be stripped off and sold. Interesting. I asked David Floyer to give me a back of napkin estimate for the following question. I said, David, if you're running mission critical applications on VMware, how much would it increase your operating cost moving those applications into the cloud? Or how much would it save? And he said, Dave, VMware's really easy to run. It can run any application pretty much anywhere, and you don't need an army of people to manage it. All your processes are tied to VMware, you're locked and loaded. Move that into the cloud and your operating cost would double by his estimates. Well, there you have it. Broadcom will pinpoint the optimal profit maximization strategy and raise prices to the point where customers say, you know what, we're still better off staying with VMware. And sadly, for many practitioners there aren't a lot of choices. You could move to the cloud and increase your cost for a lot of your applications. You could do it yourself with say Zen or OpenStack. Good luck with that. You could tap Nutanix. That will definitely work for some applications, but are you going to move your entire estate, your application portfolio to Nutanix? It's not likely. So you're going to pay more for VMware and that's the price you're going to pay for two decades of better IT. So our advice is get out ahead of this, do an application portfolio assessment. If you can move apps to the cloud for less, and you haven't yet, do it, start immediately. Definitely give Nutanix a call, but going to have to be selective as to what you actually can move, forget porting to OpenStack, or do it yourself Hypervisor, don't even go there. And start building new cloud native apps where it makes sense and let the VMware stuff go into manage decline. Let certain apps just die through attrition, shift your development resources to innovation in the cloud and build a brick wall around the stable apps with VMware. As Paul Maritz, the former CEO of VMware said, "We are building the software mainframe". Now marketing guys got a hold of that and said, Paul, stop saying that, but it's true. And with Broadcom's help that day we'll soon be here. That's it for today. Thanks to Stephanie Chan who helps research our topics for Breaking Analysis. Alex Myerson does the production and he also manages the Breaking Analysis podcast. Kristen Martin and Cheryl Knight help get the word out on social and thanks to Rob Hof, who was our editor in chief at siliconangle.com. Remember, these episodes are all available as podcast, wherever you listen, just search Breaking Analysis podcast. Check out ETRs website at etr.ai for all the survey action. We publish a full report every week on wikibon.com and siliconangle.com. You can email me directly at david.vellante@siliconangle.com. You can DM me at DVellante or comment on our LinkedIn posts. This is Dave Vellante for theCUBE Insights powered by ETR. Have a great week, stay safe, be well. And we'll see you next time. (upbeat music)

(bright music) >> Welcome back to theCUBE's coverage of AWS re:Invent 2021. I'm John Furrier, your host of theCUBE. We have Michael D´aniello, platform architect at VMware's Carbon Black. Michael, great to see you. We're here at re-Invent virtual hybrid in person. Great to have you on theCUBE. Thanks for coming on. >> Yeah, thanks a lot. Glad to be here. >> So one of the big stories that we're tracking, obviously, is workloads. All cloud for all workloads. Obviously the data is a big part of things, but under the covers and optimizing cloud for the application developers, this modern application movement is more and more at the top of the stack. People just wanting to code. Infrastructure as code. You've seen DevSecOps is a big trend that's driving all new microservices, all new greatness for developers, but still, there's an optimization question. I want to get your thoughts on this, is what you do. Take a minute to explain what your role is at Carbon Black around this cloud optimization. >> Yeah, absolutely. Yeah, so my name is Michael D'aniello. I am a platform architect of VMware Carbon Black. I work across all the different engineering teams. And our main objective is to develop scalable platform tools and that includes, yeah, cloud security, automation pieces, pipelines, cost optimization, like we'll be talking about today, developer enablement tooling and observability tooling. >> One of the big things about instances is that, you know, do I have enough instances? 'Cause honestly, the elastic cloud is amazing, all kinds of new resources there, but talk about the AMD portion of the instances. How do we identify these instances? How to developers understand it, what's in them, and what's the selection criteria? Take us through that whole process of the Amazon web service and the AMD instances. >> Yeah, sure. So essentially, we're leveraging a lot of our instances to run our EKS clusters, which is a managed service for me and for us to run our Kubernetes clusters. And we identify that we can take a bunch of those instances and gain some cost optimization benefits by selecting from Intel to AMD processors. And, you know, initially, we had measured out to be roughly a 10% reduction in cost just for selecting that instance type. But yeah, we actually learned we gained quite a bit more, so. >> John: You know, developers are always like, I want more power, and this is what, you know, the whole idea of Cloud is. Cloud scale has been a big competitive advantage, but also the cost aspect of it. What's the balance between maximizing performance and cost optimization? Because now, you know, people don't want to, you know, they want more power. They also don't want to have a lot of extra spend. And this is kind of one of those things they talk about in Cloud where it's been so successful, cost is important. >> Yeah, yeah, for sure. And it's got to be easy, too, to get that cost optimization benefit. Otherwise, you're spending all your cycles and burning that money there in the human capital and the team and the engineering effort. So luckily, this change is a one-line change. We use Terraform for our automated provisioning, a layer, and we were able to make that one line change and then developers didn't have to make any application changes, which was great. So it was a no-brainer for us to pursue this. >> Talk about the EC2 instances that leverage AMD based process for the EKS, you mentioned that earlier, what is that all about? What's the benefits, what's in it for you guys? >> Yeah, for sure. So essentially, the workloads that are running on these instance types are actual Carbon Black Cloud application. So, all the backend systems that support our customers. And so in that use case, we're, you know, we're spinning up all of our containers that are running our applications and essentially, that's our use case for those instance types. >> How did you come to use the AWS EC2 instances on the AMD? Did you have an evaluation process? Did you just go select it? I mean, take us through that migration aspect of it. >> Yeah, sure, yeah. So originally, we're looking across the board. How can we do better cost optimization, right? And that goes across every different AWS resource, but we targeted this one specifically. We worked alongside with their AWS TAMs and representatives to basically find out, "Hey, is this financially worth the effort?" And we did reach that conclusion with some analysis, basically targeting these instance types and doing some analysis on that cost optimization specifically. And it ended up, you know, being the right thing to target. >> What was the ease of use of the switch? Take us through that. Was it a heavy lift? Was it seamless? Take us through the impact, there, on the move over and what were the results of that? >> Yeah, so I mean, that's the greatest thing. Like I said before, I mean, we had to make just a single line change just to change that instance type in our config and then roll that out across our regions. We did slow roll that in order to make sure that those changes in our development environments didn't make any, you know, performance hits or we didn't run into any snags with the applications themselves. But yeah, I mean, that's the greatest part about the story from my perspective is the ease to migrate over and to switch to these instance types, and then you just immediately gain that cost optimization benefit. >> You know what I love about what your job is, platform architect, that word kind of had a lot of meaning even 10, 15 years ago, but now with the Cloud, it's almost like you're always finagling and managing and massaging and nurturing the infrastructure to enable it. More new things are coming online as well, more high level services. So you've got a fun job and it's always evolving. How do you stay on top of it? What's the impact been for your customers, too, as you start deploying some of these new instance capabilities? Take us through kind of a day in the life of what you do and then what's the impact of customers? >> Yeah, sure. So, you know, like you said, there's quite a bit now to look at. You know, you got to stay on top of different blogs and keep connected with your network to see what your other colleagues are doing across different companies. You know, you can go into conferences like AWS re:Invent, right, to keep on the cutting edge here. But yeah, that's essentially, you know, one of the key aspects is just trying to look at all the different aspects, all the new technologies that are coming out, making sure you're making the right choices there and trying to get the most bang for your buck while you're at it. >> What are some of the big factors that you see in cloud native as you start to look at what customers are doing? Obviously with Kubernetes, you're starting to see that platform develop inside the industry as well as de facto, kind of orchestration layer. But now as customers start to look at it, they want to have more ease of use there, too. At the same time, they don't want to have to do a lot of front end work. They want to get instant benefits in the Cloud, obviously, whether it's from a security standpoint or just rolling out a modern application. Okay, so as having all this infrastructure under the covers, how do you look at that problem and how do you capture that opportunity? >> Yeah, and I think that's why we're seeing a movement here on platform teams. It's kind of a newer terminology, usually a band of developers and SREs come together and say, "Well, we've got a lot of different things to look at. We're onboarding applications to Kubernetes, and we need to make tools so that developers don't have to think much about the transition and the underlying platform." And so that's one of our success metrics on the platform engineering team is just to almost, you know, be non-existent, right? To just have everything flow through our systems and then have just a high ease of use to onboard the applications to the new platform. >> You know, it looks like you have some great success with the AMD based instances. Can I ask you a question? 'Cause I wanted figure this out. How do you identify an AMD based instance when you're making the selections? >> Yeah, sure. It's as easy as just the A after the name. So for us, it was the C5.4XL. And if you want the AMD one, it's just the C5A.4XL. So I guess technically, instead of a one line change, it's actually a one letter change. So, quite easy there. >> Yeah, it's almost like back in the old glory days of command line, one quick update. The customer aspect of this is also important, too. If you don't mind, while I got you here, what are some of the things that you're hearing from your customers, from a performance standpoint, that they're looking for? Obviously, the cost optimization is key, but as they look to deploy more power and more performance, what are some of the things that your customers are looking for from Carbon Black? >> Yeah, so I mean, we are a security company, but we're really a data company because we have, you know, 8,000 customers, we processed over a trillion events per day, we ingress over a hundred terabytes of data per day. And so, our customers need high level performance. And if we can't provide that with low latency, we're not successful. So that's why, you know, performance on the underlying systems that are running our applications is super critical. >> Yeah, you're looking at trailblazer over there. I mean, the work that you guys are doing with the data is amazing. And that's a big theme at re:Invent this year is that data is a huge part. We look at the success of the cloud growth on this, I call gen-two cloud, happening. This whole modern movement is all about how people handle the data at scale, 'cause cloud scales here and now you've got processing all that data, The trailblazing that's going on, there's like this new wave of, I almost called it first-generation trailblazers, but you guys are doing that. What advice would you have for other architects out there and kind of the mainstream enterprises who are like, "Hey, I want to take advantage of the path that you guys have plowed through." What's your advice? >> Yeah, I think one of the key things in a place where we've had a lot of success is creating standards, making sure that we're choosing technology wisely, and making sure that your company isn't building the same solution in silos. And you know, that's a huge pattern that I've seen in my career. And if you can negate that, you're going to be in a great place. So, you know, choose the right technology, container first, cloud native first, push forward, and then make sure that everybody's kind of on that same ship running in the same direction. >> Well, great case study on this AMD based instance migration. Was there any uplift and experience that you've seen on the switch and the performance? Can you just talk about that? What does it mean to upgrade? What benefits are you seeing on the performance you have? >> Yeah, so I didn't hit on this yet and I really wanted to. Yeah, so upfront, the instance itself is 10% cheaper. However, we found out that we had to run far less instances because of that performance increase. So we ended up saving roughly 30% and we've continued to scale out. So at first, it was a couple of hundred instances. Now we're in the thousands and we're going to keep ramping up to over 10 thousands, tens of that. >> John: Let me get this right. So single line change, letter change, instance change. So you get not as many instances, and you save money, so you get cost optimization and higher performance. >> Yep. They say, if it's too good to be true, it's not. But in this case, it actually is. >> So why is it so good in your opinion? What did you discover? What was the big revelation that went down this path? Because that's good value proposition. >> Yeah, for sure. I mean, so initially, we were just chasing that initial BC to 10% and then as we kind of push it forward, we're looking at the metrics, month to month costs and we're actually saying, well, as we kind of swap over from one instance type to another, we're actually paying less. And then once we fully swapped over, it took five or six months to get to the same amount of costs as we continued to scale upward. So it's been a great story. >> It is a great story. It's super nuanced, but it's super important to know these platform benefits. I got to ask you on a personal question, if you don't mind. We love covering Cloud. We've been covering Amazon, it's our ninth year at re:Invent. Just love covering all the action and tech as this just total awesomeness environment. Cloud scale, innovation, capabilities, it's like surfing a big wave. But there's a bigger wave coming and we're seeing it now. I want to get your thoughts on this. As you look to the next big wave, beyond Cloud now, Cloud scale, data, new architecture is rolling out with Edge, basically distributing computing at large scale, and tons of security challenges, right? How do you look at this next big wave coming? Are you staring at it saying, wow, this is going to be huge? And how do you ride that wave? What's your mindset and how do you look at that? >> Well first of all, I'm extremely excited about it. Just the further this thing grows out, there's definitely more complexity, but just a whole slew of fun problems to solve. But when we look at these different problems and solving them at scale across multiple regions, it gets pretty exciting, right? So I can say one example of this is our security of our Cloud, not the security product, and we've developed automation for prevention and auto-remediation in our pipelines. It's been such a success story. And these type of technologies did not exist even a couple of years ago and we've been able to take advantage of them. So, there's going to be a lot more of that where that came from. So, yeah. >> Michael, great work. And again, you're truly a trailblazer, and this is, again, you got to do it. You got to screw your own cloud and stay on the cutting edge and ride that wave. Congratulations on the CostOp cloud optimization and the success with AMD based instances. Congratulations. Thanks. >> Thanks. >> Okay, this is theCUBEs coverage of AWS's re:Invent 2021. I'm John Furrier, your host of theCUBE. Thanks for watching. (inspirational music)

(bright music) >> Welcome back to theCUBE's coverage of AWS re:Invent 2021. I'm John Furrier, your host of theCUBE. We have Michael D´aniello, platform architect at VMware's Carbon Black. Michael, great to see you. We're here at re-Invent virtual hybrid in person. Great to have you on theCUBE. Thanks for coming on. >> Yeah, thanks a lot. Glad to be here. >> So one of the big stories that we're tracking, obviously, is workloads. All cloud for all workloads. Obviously the data is a big part of things, but under the covers and optimizing cloud for the application developers, this modern application movement is more and more at the top of the stack. People just wanting to code. Infrastructure as code. You've seen DevSecOps is a big trend that's driving all new microservices, all new greatness for developers, but still, there's an optimization question. I want to get your thoughts on this, is what you do. Take a minute to explain what your role is at Carbon Black around this cloud optimization. >> Yeah, absolutely. Yeah, so my name is Michael D'aniello. I am a platform architect of VMware Carbon Black. I work across all the different engineering teams. And our main objective is to develop scalable platform tools and that includes, yeah, cloud security, automation pieces, pipelines, cost optimization, like we'll be talking about today, developer enablement tooling and observability tooling. >> One of the big things about instances is that, you know, do I have enough instances? 'Cause honestly, the elastic cloud is amazing, all kinds of new resources there, but talk about the AMD portion of the instances. How do we identify these instances? How to developers understand it, what's in them, and what's the selection criteria? Take us through that whole process of the Amazon web service and the AMD instances. >> Yeah, sure. So essentially, we're leveraging a lot of our instances to run our EKS clusters, which is a managed service for me and for us to run our Kubernetes clusters. And we identify that we can take a bunch of those instances and gain some cost optimization benefits by selecting from Intel to AMD processors. And, you know, initially, we had measured out to be roughly a 10% reduction in cost just for selecting that instance type. But yeah, we actually learned we gained quite a bit more, so. >> John: You know, developers are always like, I want more power, and this is what, you know, the whole idea of Cloud is. Cloud scale has been a big competitive advantage, but also the cost aspect of it. What's the balance between maximizing performance and cost optimization? Because now, you know, people don't want to, you know, they want more power. They also don't want to have a lot of extra spend. And this is kind of one of those things they talk about in Cloud where it's been so successful, cost is important. >> Yeah, yeah, for sure. And it's got to be easy, too, to get that cost optimization benefit. Otherwise, you're spending all your cycles and burning that money there in the human capital and the team and the engineering effort. So luckily, this change is a one-line change. We use Terraform for our automated provisioning, a layer, and we were able to make that one line change and then developers didn't have to make any application changes, which was great. So it was a no-brainer for us to pursue this. >> Talk about the EC2 instances that leverage AMD based process for the EKS, you mentioned that earlier, what is that all about? What's the benefits, what's in it for you guys? >> Yeah, for sure. So essentially, the workloads that are running on these instance types are actual Carbon Black Cloud application. So, all the backend systems that support our customers. And so in that use case, we're, you know, we're spinning up all of our containers that are running our applications and essentially, that's our use case for those instance types. >> How did you come to use the AWS EC2 instances on the AMD? Did you have an evaluation process? Did you just go select it? I mean, take us through that migration aspect of it. >> Yeah, sure, yeah. So originally, we're looking across the board. How can we do better cost optimization, right? And that goes across every different AWS resource, but we targeted this one specifically. We worked alongside with their AWS TAMs and representatives to basically find out, "Hey, is this financially worth the effort?" And we did reach that conclusion with some analysis, basically targeting these instance types and doing some analysis on that cost optimization specifically. And it ended up, you know, being the right thing to target. >> What was the ease of use of the switch? Take us through that. Was it a heavy lift? Was it seamless? Take us through the impact, there, on the move over and what were the results of that? >> Yeah, so I mean, that's the greatest thing. Like I said before, I mean, we had to make just a single line change just to change that instance type in our config and then roll that out across our regions. We did slow roll that in order to make sure that those changes in our development environments didn't make any, you know, performance hits or we didn't run into any snags with the applications themselves. But yeah, I mean, that's the greatest part about the story from my perspective is the ease to migrate over and to switch to these instance types, and then you just immediately gain that cost optimization benefit. >> You know what I love about what your job is, platform architect, that word kind of had a lot of meaning even 10, 15 years ago, but now with the Cloud, it's almost like you're always finagling and managing and massaging and nurturing the infrastructure to enable it. More new things are coming online as well, more high level services. So you've got a fun job and it's always evolving. How do you stay on top of it? What's the impact been for your customers, too, as you start deploying some of these new instance capabilities? Take us through kind of a day in the life of what you do and then what's the impact of customers? >> Yeah, sure. So, you know, like you said, there's quite a bit now to look at. You know, you got to stay on top of different blogs and keep connected with your network to see what your other colleagues are doing across different companies. You know, you can go into conferences like AWS re:Invent, right, to keep on the cutting edge here. But yeah, that's essentially, you know, one of the key aspects is just trying to look at all the different aspects, all the new technologies that are coming out, making sure you're making the right choices there and trying to get the most bang for your buck while you're at it. >> What are some of the big factors that you see in cloud native as you start to look at what customers are doing? Obviously with Kubernetes, your starting to see that platform develop inside the industry as well as defacto, kind of orchestration layer. But now as customers start to look at it, they want to have more ease of use there, too. At the same time, they don't want to have to do a lot of front end work. They want to get instant benefits in the Cloud, obviously, whether it's from a security standpoint or just rolling out a modern application. Okay, so as having all this infrastructure under the covers, how do you look at that problem and how do you capture that opportunity? >> Yeah, and I think that's why we're seeing a movement here on platform teams. It's kind of a newer terminology, usually a band of developers and SREs come together and say, "Well, we've got a lot of different things to look at. We're onboarding applications to Kubernetes, and we need to make tools so that developers don't have to think much about the transition and the underlying platform." And so that's one of our success metrics on the platform engineering team is just to almost, you know, be non-existent, right? To just have everything flow through our systems and then have just a high ease of use to onboard the applications to the new platform. >> You know, it looks like you have some great success with the AMD based instances. Can I ask you a question? 'Cause I wanted figure this out. How do you identify an AMD based instance when you're making the selections? >> Yeah, sure. It's as easy as just the A after the name. So for us, it was the C5.4XL. And if you want the AMD one, it's just the C5A.4XL. So I guess technically, instead of a one line change, it's actually a one letter change. So, quite easy there. >> Yeah, it's almost like back in the old glory days of command line, one quick update. The customer aspect of this is also important, too. If you don't mind, while I got you here, what are some of the things that you're hearing from your customers, from a performance standpoint, that they're looking for? Obviously, the cost optimization is key, but as they look to deploy more power and more performance, what are some of the things that your customers are looking for from Carbon Black? >> Yeah, so I mean, we are a security company, but we're really a data company because we have, you know, 8,000 customers, we processed over a trillion events per day, we ingress over a hundred terabytes of data per day. And so, our customers need high level performance. And if we can't provide that with low latency, we're not successful. So that's why, you know, performance on the underlying systems that are running our applications is super critical. >> Yeah, you're looking at trailblazer over there. I mean, the work that you guys are doing with the data is amazing. And that's a big theme at re:Invent this year is that data is a huge part. We look at the success of the cloud growth on this, I call gen-two cloud, happening. This whole modern movement is all about how people handle the data at scale, 'cause cloud scales here and now you've got processing all that data, The trailblazing that's going on, there's like this new wave of, I almost called it first-generation trailblazers, but you guys are doing that. What advice would you have for other architects out there and kind of the mainstream enterprises who are like, "Hey, I want to take advantage of the path that you guys have plowed through." What's your advice? >> Yeah, I think one of the key things in a place where we've had a lot of success is creating standards, making sure that we're choosing technology wisely, and making sure that your company isn't building the same solution in silos. And you know, that's a huge pattern that I've seen in my career. And if you can negate that, you're going to be in a great place. So, you know, choose the right technology, container first, cloud native first, push forward, and then make sure that everybody's kind of on that same ship running in the same direction. >> Well, great case study on this AMD based instance migration. Was there any uplift and experience that you've seen on the switch and the performance? Can you just talk about that? What does it mean to upgrade? What benefits are you seeing on the performance you have? >> Yeah, so I didn't hit on this yet and I really wanted to. Yeah, so upfront, the instance itself is 10% cheaper. However, we found out that we had to run far less instances because of that performance increase. So we ended up saving roughly 30% and we've continued to scale out. So at first, it was a couple of hundred instances. Now we're in the thousands and we're going to keep ramping up to over 10 thousands, tens of that. >> John: Let me get this right. So single line change, letter change, instance change. So you get not as many instances, and you save money, so you get cost optimization and higher performance. >> Yep. They say, if it's too good to be true, it's not. But in this case, it actually is. >> So why is it so good in your opinion? What did you discover? What was the big revelation that went down this path? Because that's good value proposition. >> Yeah, for sure. I mean, so initially, we were just chasing that initial BC to 10% and then as we kind of push it forward, we're looking at the metrics, month to month costs and we're actually saying, well, as we kind of swap over from one instance type to another, we're actually paying less. And then once we fully swapped over, it took five or six months to get to the same amount of costs as we continued to scale upward. So it's been a great story. >> It is a great story. It's super nuanced, but it's super important to know these platform benefits. I got to ask you on a personal question, if you don't mind. We love covering Cloud. We've been covering Amazon, it's our ninth year at re:Invent. Just love covering all the action and tech as this just total awesomeness environment. Cloud scale, innovation, capabilities, it's like surfing a big wave. But there's a bigger wave coming and we're seeing it now. I want to get your thoughts on this. As you look to the next big wave, beyond Cloud now, Cloud scale, data, new architecture is rolling out with Edge, basically distributing computing at large scale, and tons of security challenges, right? How do you look at this next big wave coming? Are you staring at it saying, wow, this is going to be huge? And how do you ride that wave? What's your mindset and how do you look at that? >> Well first of all, I'm extremely excited about it. Just the further this thing grows out, there's definitely more complexity, but just a whole slew of fun problems to solve. But when we look at these different problems and solving them at scale across multiple regions, it gets pretty exciting, right? So I can say one example of this is our security of our Cloud, not the security product, and we've developed automation for prevention and auto-remediation in our pipelines. It's been such a success story. And these type of technologies did not exist even a couple of years ago and we've been able to take advantage of them. So, there's going to be a lot more of that where that came from. So, yeah. >> Michael, great work. And again, you're truly a trailblazer, and this is, again, you got to do it. You got to screw your own cloud and stay on the cutting edge and ride that wave. Congratulations on the CostOp cloud optimization and the success with AMD based instances. Congratulations. Thanks. >> Thanks. >> Okay, this is theCUBEs coverage of AWS's re:Invent 2021. I'm John Furrier, your host of theCUBE. Thanks for watching. (inspirational music)

(upbeat music) >> Welcome back to theCUBE's, ongoing coverage of VMworld 2021. My name is Dave Volante. You know, I've been following VMware since the early days. And what is the one of, one of the most interesting stories in the history of enterprise tech? One of the hallmarks of VMware over the course of its long history has been a strong number two leader, an individual who looked after operations or advanced corporate development and enhanced, if you will, expanded the eyes, the ears, the heart, and the mind of the CEO. You know, at one point last decade, VMware actually had four co presidents. Some of the most accomplished individuals in Silicon valley have held this role. And it's our pleasure to welcome in VMware's newest president, Sumit Dhawan. Sumit welcome back to the cube, good to see you. >> Thank you, Dave. Great to be here. >> Okay, so you've been in this role for just over a hundred days after a 16 month stint as chief customer officer. So that's certainly a nice dovetail into your new role as president, but give us an overview of your new role here at VMware. What are your priorities? What are the key areas of focus? You know, SAS transformation, you got a lot going on, share with us. >> Yeah. You know, I think the main focus for me is to make sure our company's priorities are aligned with our customers. And in the first hundred days, my first objective was to spend as much time as possible with customers because it's, it's a source of learning for us. It's, it's clear speaking with customers, what their challenges are and what we ought to be doing to assist them in addressing those challenges. So I, really my responsibility, obviously I've got all the operations part of the business, which enable our customers to be successful, starting from, you know, ensuring that we chart the right path for them in success, in the sales organization, all the way to making sure that they are successful with the adoption of our solutions, with our services and support organizations. So, so spending time with the customers has been critical. And Dave, what I've learned is that customers are looking for VMware, just like they have in the past, be this trusted foundation for all of their innovation in the prior era pre cloud era to their data center and mobility technologies take that forward into the multicloud era, which is where now is where they're building new applications, taking their existing applications to the power of the cloud and across multiple clouds. And our objective is to make sure we keep providing that trusted foundation for them, for the new multi-cloud era. And I'm excited about it. >> Yeah, me too. Let's do it. We're going to dig into that a little bit. So you're obviously spending time getting close to the customers, of course, remotely, for the most part, some of those big themes you've mentioned, but I'd like to sort of peel the onion on that. Maybe some of the challenges that your customers are facing in terms of actually bringing forth that multi-cloud vision and specifically what's your approach to solving those challenges. >> Yeah. So, you know, as we all know, customers start out with this adopt started out adoption of the cloud. They started building some applications on the cloud. A lot of times these were the applications that were built, which were customer facing. And there was this cloud first thinking at that point of time. But soon the customers have realized and now customers have realized that power of building new innovation doesn't just lie in one cloud because there are certain capabilities like AI and ML that maybe they get from a cloud like Google. There are certain capabilities that may be storage and compute where maybe they prefer AWS productivity and identity maybe coming from Microsoft cloud. So the power comes in by adopting all of these services across cloud. It has lots of benefits, innovation at the fastest possible speed for our customers. Secondly, it helps customers not necessarily risk locking in and helps manage them, manage their costs. But in this multicloud world, it's a fairly complicated, and it can get very complex. Think about all the security networking developer experience control. Now this is where our customers need freedom and yet control to be able to have this multicloud environment managed and enabled for developer experience as best as possible. That's the problem we are committed to solving, and our solution and we call that across cloud services. >> I want to stay on this for a minute because I've been talking about multi-cloud this abstraction layer. This is really your opportunity on the cube last year with John farrier. You said the following quote multicloud doesn't mean you're running two different architectures on two different clouds. That's not multicloud. Multicloud means running a singular architecture on multiple clouds. Now Sumit, you're a technologist at the core. What you described is not trivial, it's a huge technical challenge. Can you talk about what VMware has to do to make that single architecture a reality? >> That's exactly the challenge team because you can adopt multiple clouds, but if you're doing so with different architectures, you're not getting the benefits of the velocity of building new applications fast, security is done in a unified fashion operations, at scale. To me, I would call that not a smart path to multi multiple clouds. The smart path to multiple cloud would be through a unified experience for developers, a control layer, which helps you orchestrate your applications in a unified fashion for your operators and security done in an, in a unified or a consistent fashion so that you know that you have the right governance. That's what I consider the smart path to multicloud. Doing any other way would actually be not fruitful. And that's what customers have had to face with without a solution like VMs. So we provide, that's what I call the smart path to multicloud. >> All right. So don't hate me for this, but I want to, I want to push on this and get your point of view on record if I can, because it's an important topic and you've intimated that choosing a single cloud provider, it's, it's problematic for customers, it's it, it limits the customers flexibility and choice. And I want to unpack that a bit and if I'm mischaracterizing your view, please correct me, but, but I want to understand why this is limiting. For example, if I go to AWS, I got access to primitives and API APIs. I got a range of compute storage, networking options, dozens of databases, open source, I get VMware cloud and AWS. So explain why this is a constraint for a customer. >> Yeah, it's a, it's a constraint for really three major reasons. Number one, different services are available across cloud that provide different capabilities. Sure, AWS provides a very rich set of primitives. So does Azure. So does Google. And in certain cases, when you're dealing with data sovereignty requirements across different countries, so to those clouds. So the, but if you are really looking for the best possible solution for AI and ML that may or may not sit in the cloud that you may have preferred for your compute and storage. If you're looking for identity solutions that integrate really well with the productivity applications that you have, that may not be the same cloud that you may have booked picked for AI and ML. You don't need to make compromises. In fact, developers don't want to make those compromises, but because by making those compromises, you're increasing your cost and lowering their customer experience. That's the power of leveraging innovation across cloud. Secondly, think about now, if you just build all your applications, buy services from one cloud and your entire business gets dependent on it. If there's risk there's cost. And that's why customers are telling us that they have made a decision for multicloud. In fact, we did a recent study Dave, and in the recent study, we found out that 73% of our customers are already running their applications on multi-cloud. If this is no longer a something of a future it's here today, they're just facing these challenges today with multicloud. >> And am I right? That there they're running applications on multiple clouds, but it's your job and your challenge now, to be able to abstract the underlying complexity of those multiple clouds and make it appear as one, I'm assuming that's not fully happening today, maybe that's an understatement, but that is your opportunity and your customer's opportunity, is that a fair statement? >> That's exactly our mission. We are providing our customers that foundation so that they can enable multicloud and drive their own innovation agenda at the pace that they want to. We did that in the past for data center technologies or mobile devices. Remember mobile devices come in different operating systems, different formats and data centers, hardware from servers, storage and network has always come in different flavors. We have abstracted that complexity for our customers in the past to deliver innovation three cloud, we're bringing the same value proposition. Now in the world of multicloud, obviously the applications have changed. They're no longer traditional applications. Now they are more and more cloud native applications. So we have solutions for cloud native enterprise applications that continue to be the heartbeat of more, more, most customers. We have solutions for traditional enterprise applications and the new and emerging edge native applications because of just now people and workforce being anywhere. We have solutions for providing security and providing additional functions for edge native applications. So that's what we are bringing to our customers as a platform that abstracts this complexity of multicloud. >> So much to talk to you about because you're right, the application is, are evolving. It's not just the standard SAP windows, et cetera. There's cloud native applications, there's data intensive applications. But, but I want to ask you, so in order for you to achieve that, you have to be able to exploit those primitives that we were talking about, whether it's AWS or Google Azure, Alibaba, you've got to understand as engineers, how to take advantage of whatever the cloud provider is offering, and then hide that complexity from the customer, and then build that, that layer and to do that it, to accommodate all these new applications. Not only do you have to have traditional, you have to have processor optionality, you got edge, you see arm coming in. If my understanding is, that's a big part of what project Monterrey is all about is offering that optionality around different workloads. Can you, can we dig into that a little bit? >> Yeah. So I think first of all, the people under appreciated or under estimate what it would be required for making sure that the applicant, the complexity of all of these different cloud platforms is, is, you know, abstracted by VMware solution. So customers don't have to think about, you know, what are the-- what is the different storage or server or primitives that are needed on Azure versus AWS? All of that gets hidden from customers in a simplified fashion, so with our solution, okay. So, and yet at the same time, there's no compromise that customers have. They can still leverage all the native primitives and services that the different cloud providers are using seamlessly. So that's very important. Now, in addition, what we are doing is we are continually making sure our platform can run the next generation of applications we are continually innovating to do so. And that's where project Monterey comes in. As customers build new applications, when they want to build those new applications and run emerging services that are highly sort of compute centric or network centric, or are providing rich amount of data. This is where project Monterey comes in. It enables our customers to, A, take all of the traditional applications onto VMware cloud, run it on across any cloud. And then B, when they are trying to expand those capabilities into the applications, the project Monterey enables them to do so by enabling new capabilities being powered in to the VMware cloud foundation. >> Yeah. So essentially you're, you're, you're building what I would look at as a new type of cloud that, that comprises on prem connections to public, to public cloud, across public clouds. And then out to the edge, you've talked a lot about telco, the specialized needs of the telco. Clearly there's different processing requirements. You've talked about 5G where we might not always have connectivity out there. Developers need to be able to write code for that edge. So it's an entirely new world you're essentially building out your own cloud. So you have to build in all that optionality all the tools. And at the same time, if, if just like the big cloud providers, you have to provide your own tooling, but also be open to providing other people's tooling. Am I getting that right? >> Yeah, I think you're right. In terms of the tooling part there, what has happened is standards for controlling. All of the infrastructure has, you know, has become Kubernetes. Okay. So we have embraced that in fact, most the talent that has created the best Kubernetes at this point in time, we have it at VMware. Okay. The most contributions that are being made in terms of that standard, the most interesting ones are coming from VMware. So in terms of Kubernetes, we have embraced it. And what we are seeing is a tooling needs to be done in a way so that our customers can manage from infrastructure to their platform, all via code, all the standard like Kubernetes. And that's what we have embraced while at the same time, this tooling is done in a fashion so that the entire VM-ware cloud and the entire VMware Tansu platform can be controlled in a fashion that fits into customer's entire environment on how they manage it overall. >> Okay. So let's take that conversation to security. I don't know if you're familiar with the Optiva, it's this mind blowing, eye bleeding chart with all the different security tools in there, and I've been watching the moves that you guys have been making, you know, Carbon Black's an obvious one, what you're doing with end user computing and a number of other applications, creating a security, you know, cloud group within VMware. So that's a good example, but at the same time, customers are using all kinds of different, different toolings based on that chart. So are you saying it's the Kubernetes is the, is the secret their API APIs that allow you to, if a customer wants to use Octa or CrowdStrike or whatever it is, you can, you can incorporate that into the framework, or if they want to go all VMware, they can do that as well. Can you help us understand that? >> Yeah, I think our philosophy is that there are two components that are critical for making a solution, help our customers take the smartest path to multicloud, networking and security. So on security front, the philosophy is quite simple. You know, these days when you're going out and buying a car, you're not getting buying the car and outfitting it with airbags and, you know, AB, ABS, and any other sort of safety features, okay, why do we do that in the world of infrastructure and technology? It should just come as an, as an, even an option or a required component within the infrastructure itself, that's our philosophy. And so coming back to, if, if customers say they want to take an approach to multicloud, they want to make sure their developer experience their DevOps capabilities and their infrastructure management capabilities are there across all types of three applications, I mentioned, you know, the, the, the modern apps, the traditional enterprise apps and edge edge native apps. Our approach is quite simple, networking and security. Firstly is built in, okay, it's integrated in, you're not installing agents, you're not managing security thing on top. You're not putting air bags into the car after the purchase, they come with the purchase, you can choose to activate them or not activate them based on your price sensitivity. Second, we tell, we have, they're consistent once you learn them how to do it for traditional enterprise applications, the same capabilities, the same security workbench, the same detection and response capabilities carry forward to cloud native applications and edge native applications. That's the way we are thinking about for security for in our portfolio. >> It is the strategy summit to sort of be an end to end supplier of security, in other words, when you touch all parts of the stack, I mean, obviously with carbon black could do an end point, but, but things like identity and privilege, access and governance, I mean, there's just so many pieces to the value chain. Ca, will you try to try to be best of breed across that chain? Or do you see yourself picking this picking spots? >> No, Our focus is to pick the areas that we have focused on which is to enable customers to run, build and run and secure those, those applications that I mentioned, you know, the cloud native applications, edge native applications and enterprise applications. And our focus is to, to be able to secure those applications in, A, a consistent fashion and, B, built into the infrastructure, so it's not boarded on. So that's a focus on strategy and we still have great partnerships in the ecosystem for the rest of the portfolio, for the security technology to fit in with the rest of it. We just don't think that for the infrastructure that's running these critical business applications, you need, you should have, you know, a requirement to build these applications, build a security on top of it. And that's sort of our commitment to our customers. >> Got it. That makes sense. I mean, you've got a pretty clear swim lane in your infrastructure space. There might be a little gray area there, but you'll let the ecosystem take care of that if it makes sense. So I guess I would say I look back and if it was, first of all, VMware has had amazing engineering over the years, you're, you're very well known for that. You just, you just mentioned some of the best Kubernetes engineers on the planet. And of course, November is a big milestone for VMware, with the spin, you now will become a completely independent company again. And, and that's a big deal in my mind because I think, I think this is going to be expensive. I mean, to actually do this, these are big investments that you have to make. And I've, I feel like you finally going to get control of your own balance sheet, so you can make these investments as you see fit. So that's got to be an exciting time for you. And because I think you're going to need that free cash flow to really drive this in, in addition to the other things that you're going to do with buybacks and stock options, et cetera. >> I think we had excited about this whole upcoming, you know, spin off from Dell. Dell will continue to be a very important partner of ours. In fact, we have quoted and quantified what we are doing with them on innovation, as well as on sales and distribution perspective together. And I think, you know, to be candid just through that agreements that we have put in place without, I think the partnership could even get stronger because we have 15 statements of work where we have defined new innovation projects with Dell, for example. Okay. But at the same time, like you mentioned, we get a little bit more flexibility to be able to chart our own course, which is critical in the world of multicloud. Okay. We need, we are able to, not, not that we were constrained on, but customers still always asked us about how would you continue to sustain the partnerships with the cloud and hyperscalers? That's no longer a question in customers' eyes once you're independent. And secondly, it does give us flexibility on balance sheet to be able to make investments as needed within the agenda that we have on multicloud without having to, you know, sort of negotiate that. >> Yeah, I think it's an awesome move, of course, because I mean, I've certainly since the, the, the Dell acquisition of EMC, your business has even grown more with those combined companies. So we've seen that, but I, you know, I liken it to the, to the coach who has a kid on the team and the coach is extra hard on the kid, you know, and that's kind of almost the way it had to be in that relationship because your posture with the ecosystem had to be, hey, we're an open ecosystem. And so, and that was sometimes kind of weird and uncomfortable. Now it's clean, it's transparent. So I'm really looking forward to the innovation that you can create with Dell, of course, but with other parts of the ecosystem, which you always have, but I'm hoping the ecosystem now leans in even more. It's always had too, because you've got half a million customers and you've got a, such a huge presence in the market, but, but I think now there's going to be a little more comfort level there. So I'm really excited for that Sumit. >> Great. >> Hey, so this was great conversation. I can't wait to have you back really appreciate your time and insights. >> Well, thank you so much, Dave, from our perspective at VMware, you know, as I started with customers, I'm going to end sort of this thing with customers as well, always great times, great to spend time with customers. And we truly believe we have the best platform to give our customers the smartest path to multicloud. And I know, I know the feedback so far has been great. It's always great spending time with you. Thank you for having me. >> It's our pleasure, and we wish you the best. And thank you everybody for watching. This is Dave Volante for the cubes, continuous coverage of VM world 2021. Keep it right there. (upbeat music)

from the cube studios in palo alto in boston bringing you data-driven insights from the cube and etr this is breaking analysis with dave vellante the pandemic not only accelerated the shift to digital but also highlighted a rush of cyber criminal sophistication collaboration and chaotic responses by virtually every major company in the planet the solar winds hack exposed supply chain weaknesses and so-called island hopping techniques that are exceedingly difficult to detect moreover the will and aggressiveness of well-organized cyber criminals has elevated to the point where incident responses are now met with counterattacks designed to both punish and extract money from victims via ransomware and other criminal activities the only upshot is the cyber security market remains one of the most enduring and attractive investment sectors for those that can figure out where the market is headed and which firms are best positioned to capitalize hello everyone and welcome to this week's wikibon cube insights powered by etr in this breaking analysis we'll provide our quarterly update of the security industry and share new survey data from etr and thecube community that will help you navigate through the maze of corporate cyber warfare we'll also share our thoughts on the game of 3d chest that octa ceo todd mckinnon is playing against the market now we all know this market is complicated fragmented and fast moving and this next chart says it all it's an interactive graphic from optiv a denver colorado based si that's focused on cyber security they've done some really excellent research and put together this awesome taxonomy and mapped vendor names therein and this helps users navigate the complex security landscape and there are over a dozen major sectors high-level sectors within the security taxonomy in nearly 60 sub-sectors from monitoring vulnerability assessment identity asset management firewalls automation cloud data center sim threat detection and intelligent endpoint network and so on and so on and so on but this is a terrific resource and can help you understand where players fit and help you connect the dots in the space now let's talk about what's going on in the market the dynamics in this crazy mess of a landscape are really confusing sometimes now since the beginning of cyber time we've talked about the increasing sophistication of the adversary and the back and forth escalation between good and evil and unfortunately this trend is unlikely to stop here's some data from carbon black's annual modern bank heist report this is the fourth and of course now vmware's brand highlights the carbon black study since the acquisition and it catalyzed the creation of vmware's cloud security division destructive malware attacks according to the recent study are up 118 percent from last year now one major takeaway from the report is that hackers aren't just conducting wire fraud they are 57 of the bank surveyed saw an increase in wire fraud but the cyber criminals are also targeting non-public information such as future trading strategies this allows the bad guys to front run large block trades and profit it's become very lucrative practice now the prevalence of so-called island hopping is up 38 from already elevated levels this is where a virus enters a company's supply chain via a partner and then often connects with other stealthy malware downstream these techniques are more common where the malware will actually self-form with other infected parts of the supply chain and create actions with different signatures designed to identify and exfiltrate valuable information it's a really complex problem of major concern is that 63 of banking respondents in the study reported that responses to incidents were then met with retaliation designed to intimidate or initiate ransomware attacks to extract a final pound of flesh from the victim notably the study found that 75 percent of csos reported to the cio which many feel is not the right regime the study called for a rethinking of the right cyber regime where the cso has increased responsibility in a direct reporting line to the ceo or perhaps the co with greater exposure to boards of directors so many thanks to vmware and tom kellerman specifically for sharing this information with us this past week great work by your team now some of the themes that we've been talking about for several quarters are shown in the lower half of the chart cloud of course is the big driver thanks to work from home and the pandemic to pandemic and the interesting corollary of course is we see a rapid rethinking of endpoint and identity access management and the concept of zero trust in a recent esg survey two-thirds of respondents said that their use of cloud computing necessitated a change in how they approach identity access management now as shown in the chart from optiv the market remains highly fragmented and m a is of course way up now based on our research it looks like transaction volume has increased more than 40 percent just in the last five months so let's dig into the m a the merger and acquisition trends for just a moment we took a five month snapshot and we were able to count about 80 deals that were completed in that time frame those transactions represented more than 20 billion dollars in value some of the larger ones are highlighted here the biggest of course being the toma bravo taking proof point private for a 12 plus billion dollar price tag the stock went from the low 130s and is trading in the low 170s based on 176 dollar per share offer so there's your arbitrage folks go for it perhaps the more interesting acquisition was auth 0 by octa for 6.5 billion which we're going to talk about more in a moment there's more private equity action we saw as insight bought armis and iot security play and cisco shelled out 730 million dollars for imi mobile which is more of an adjacency to cyber but it's going to go under cisco's security and applications business run by g2 patel but these are just the tip of the iceberg some of the themes that we see connecting the dots of these acquisitions are first sis like accenture atos and wipro are making moves in cyber to go local they're buying secops expertise as i say locally in places like france germany netherlands canada and australia that last mile that belly-to-belly intimate service israel israeli-based startups chalked up five acquired companies in the space over the last five months also financial services firms are getting into the act with goldman and mastercard making moves to own its own part of the stack themselves to combat things like fraud and identity theft and then finally numerous moves to expand markets octa with zero crowdstrike buying a log management company palo alto picking up devops expertise rapid seven shoring up its kubernetes chops tenable expanding beyond insights and going after identity interesting fortinet filling gaps in a multi-cloud offering sale point extending to governance risk and compliance grc zscaler picked up an israeli firm to fill gaps in access control and then vmware buying mesh 7 to secure modern app development and distribution services so tons and tons of activity here okay so let's look at some of the etr data to put the cyber market in context etr uses the concept of market share it's one of the key metrics which is a measure of pervasiveness in the data set so for each sector it calculates the number of respondents for that sector divided by the total to get a sense for how prominent the sector is within the cio and i.t buyer communities okay this chart shows the full etr sector taxonomy with security highlighted across three survey periods april last year january this year in april this year now you wouldn't expect big moves in market share over time so it's relatively stable by sector but the big takeaway comes from observing which sectors are most prominent so you see that red line that dotted line imposed at the sixty percent level you can see there are only six sectors above that line and cyber security is one of them okay so we know that security is important in a large market but this puts it in the context of the other sectors however we know from previous breaking analysis episodes that despite the importance of cyber and the urgency catalyzed by the pandemic budgets unfortunately are not unlimited and spending is bounded it's not an open checkbook for csos as shown in this chart this is a two-dimensional graphic showing market share in the horizontal axis or pervasiveness and net score in the vertical axis net score is etr's measurement of spending velocity and we've superimposed a red line at 40 percent because anything over 40 percent we consider extremely elevated we've filtered and limited the number of sectors to simplify the graphic and you can see in the sectors that we've highlighted only the big four four are above that forty percent line ai containers rpa and cloud they exceed that sort of forty percent magic water line information security you can see that is highlighted and it's respectable but it competes for budget with other important sectors so this of course creates challenges for organization because not only are they strapped for talent as we've reported they like everyone else in it face ongoing budget pressures research firm cybersecurity ventures estimates that in 2021 6 trillion dollars worldwide will be lost on cyber crime conversely research firm canalis pegs security spending somewhere around 60 billion dollars annually idc has it higher around 100 billion so either way we're talking about spending between one to one point six percent annually of how much the bad guys are taking out that's peanuts really when you consider the consequences so let's double click into the cyber landscape a bit and further look at some of the companies here's that same x y graphic with the company's etr captures from respondents in the cyber security sector that's what's shown on the chart here now the usefulness of the red lines is 20 percent on the horizontal indicates the largest presence in the survey and the magic 40 percent line that we talked about earlier shows those firms with the most elevated momentum only microsoft and palo alto exceed both high water marks of course splunk and cisco are prominent horizontally and there are numerous companies to the left of the 20 percent line and many above that 40 percent high water mark on the vertical axis now in the bottom left quadrant that includes many of the legacy names that have been around for a long time and there are dozens of companies that show spending momentum on their platforms i.e above single digits so that picture is like the first one we showed you very very crowded space but so let's filter it a bit and only include companies in the etr survey that had at least a hundred responses so an n of a hundred or greater so it's a little easy to read but still it's kind of crowded when you think about it okay so same graphic and we've superimposed the data that determined the plot position over in the bottom right there so it's net score and shared n including only companies with more than 100 n so what does this data tell us about the market well microsoft is dominant as always it seems in all dimensions but let's focus on that red line for a moment some of the names that we've highlighted over the past two years show very well here first i want to talk about palo alto networks pre-covet as you might recall we highlighted the valuation divergence between palo alto and fortinet and we said fortinet was executing better on its cloud strategy and palo alto was at the time struggling with the transition especially with its go to market and its sales force compensation and really refreshing its portfolio but we told you that we were bullish on palo alto networks at the time because of its track record and the fact that cios consistently told us that they saw palo alto as a thought leader in the space that they wanted to work with they said that palo alto was the gold standard the best especially larger company cisos so that gave us confidence that palo alto a very well-run company was going to get its act together and perform better and palo alto has just done just that as we expected they've done very well and they've been rapidly moving customers to the next generation of platforms and we're very impressed by the company's execution and the stock has generally reflected that now some other names that hit our radar and the etr data a couple of years ago continue to perform well crowdstrike z-scaler sales sail point and cloudflare a cloudflare just reported and beat earnings but was off the stock fell on headwinds for tech overall the big rotation but the company is doing very well and they're growing rapidly and they have momentum as you can see from the etr data and we put that double star around proof point to highlight that it was worthy of fetching 12 and a half billion dollars from private equity firm so nice exit there supporting the continued control consolidation trend that we've predicted in cyber security now let's turn our attention to octa and auth zero this is where it gets interesting and is a clever play for octa we think and we want to drill into it a bit octa is acquiring auth zero for big money why well we think todd mckinnon octa ceo wants to run the table on identity and then continue to expand his tam he has to do that to justify his lofty valuation so octa's ascendancy around identity and single sign sign-on is notable the fragmented pictures that we've shown you they scream out for simplification and trust and that's what octa brings but it competes with some major players most notably microsoft with active directory so look of course microsoft is going to dominate in its massive customer base but the rest of the market that's like jump ball it's wide open and we think mckinnon saw the opportunity to go dominate that sector now octa comes at this from an enterprise perspective bringing top-down trust to the equation and throwing a big blanket over all the discrete sas platforms and unifying employee access octa's timing was perfect it was founded in 2009 just as the massive sasification trend was happening around crm and hr and service management and cloud etc but the one thing that octa didn't have that auth 0 does is serious developer chops while octa was crushing it with its enterprise sales strategy auth 0 was laser focused on developers and building a bottoms up approach to identity by acquiring auth0 octa can dominate both sides of the barbell and then capture the fat middle so yes it's a pricey acquisition but in our view it's a great move by mckinnon now i don't know mckinnon personally but last week i spoke to arun shrestha who's the ceo of security specialist beyond id they're a platinum services partner of octa and there a zero trust expert he worked for octa for a number of years and shared with me a bit about mckinnon's style and think big approach arun said something that caught my attention he said firewalls used to be the perimeter now people are and while that's self-serving to octa and probably beyond id it's true people apps and data are the new perimeter and they're not in one location and that's the point now unfortunately i had lined up an interview with dia jolly who was the chief product officer at octa in a cube alum for this past week knowing that we were running this segment in this episode but she unfortunately fell ill the day of our interview and had to cancel but i want to follow up with her and understand how she's thinking about connecting the dots with auth 0 with devs and enterprises and really test our thesis there this is a really interesting chess match that's going on let's look a little deeper into that identity space this chart here shows some of the major identity players it has some of the leaders in the identity market and there's a breakdown of etr's net score now net score comprises five elements the lime green is we're adding the platform new the forest green is we're spending six percent or more relative to last year the gray is flat send plus or minus flat spend plus or minus five percent the pinkish is spending less and the bright red is where exiting the platform retiring now you subtract the red from the green and that gets you the result for net score which you can see superimposed on the right hand chart at the bottom that first column there the far column is shared in which informs and indicates the number of responses and is a proxy for presence in the market oh look at the top two players in terms of spending momentum now sales sale point is right there but auth 0 combined with octa's distribution channel will extend octa's lead significantly in our view and then there's microsoft now just a caveat this includes all of microsoft's security offerings not just identity but it's there for context and cyber arc as well includes its acquisition of adaptive but also other parts of cyberarks portfolio so you can see some of the other names that are there many of which you'll find in the gartner magic quadrant for identity and as we said we really like this move by octa it combines positive market forces with lead offerings from very well-run companies that have winning dna and passionate people now to further emphasize emphasize what what's happening here take a look at this this chart shows etr data for octa within sale point and cyber arc accounts out of the 230 cyber and sale point customers in the data set there are 81 octa accounts that's a 35 overlap and the good news for octa is that within that base of sale point in cyber arc accounts octa is shown by the net score line that green line has a very elevated spending and momentum and the kicker is if you read the fine print in the right hand column etr correctly points out that while sailpoint and cyberarc have long been partners with octa at the recent octane 21 event octa's big customer event the company announced that it was expanding into privileged access management pam and identity governance hello and welcome to coopetition in the 2020s now our current thinking is that this bodes very well for octa and cyberark and sailpoint well they're going to have to make some counter moves to fend off the onslaught that is coming now let's wrap up with what has become a tradition in our quarterly security updates looking at those two dimensions of net score and market share we're going to see which companies crack the top 10 for both measures within the etr data set we do this every quarter so here on the left we have the top 20 sorted by net score or spending momentum and on the right we sort by shared n so again top 20 which informs shared end and forms the market share metric or presence in the data set that red horizontal lines those two lines on each separate the top 10 from the remaining 10 within those top 20. in our method what we do is we assign four stars to those companies that crack the top ten for both metrics so again you see microsoft palo alto networks octa crowdstrike and fortinet fortinet by the way didn't make it last quarter they've kind of been in and out and on the bubble but you know this company is very strong and doing quite well only the other four did last quarter there was same four last quarter and we give two stars to those companies that make it in both categories within the top 20 but didn't make the top 10. so cisco splunk which has been steadily decelerating from a spending momentum standpoint and z-scaler which is just on the cusp you know we really like z-scaler and the company has great momentum but that's the methodology it is what it is now you can see we kept carbon black on the rightmost chart it's like kind of cut off it's number 21 only because they're just outside looking in on netscore you see them there they're just below on on netscore number 11. and vmware's presence in the market we think that carbon black is really worth paying attention to okay so we're going to close with some summary and final thoughts last quarter we did a deeper dive on the solar winds hack and we think the ramifications are significant it has set the stage for a new era of escalation and adversary sophistication now major change we see is a heightened awareness that when you find intruders you'd better think very carefully about your next moves when someone breaks into your house if the dog barks or if you come down with a baseball bat or other weapon you might think the intruder is going to flee but if the criminal badly wants what you have in your house and it's valuable enough you might find yourself in a bloody knife fight or worse what's happening is intruders come to your company via island hopping or inside or subterfuge or whatever method and they'll live off the land stealthily using your own tools against you so they can you can't find them so easily so instead of injecting new tools in that send off an alert they just use what you already have there that's what's called living off the land they'll steal sensitive data for example positive covid test results when that was really really sensitive obviously still is or other medical data and when you retaliate they will double extort you they'll encrypt your data and hold it for ransom and at the same time threaten to release the sensitive information to crushing your brand in the process so your response must be as stealthy as their intrusion as you marshal your resources and devise an attack plan you face serious headwinds not only is this a complicated situation there's your ongoing and acute talent shortage that you tell us about all the time many companies are mired in technical debt that's an additional challenge and then you've got to balance the running of the business while actually affecting a digital transformation that's very very difficult and it's risky because the more digital you become the more exposed you are so this idea of zero trust people used to call it a buzzword it's now a mandate along with automation because you just can't throw labor at the problem this is all good news for investors as cyber remains a market that's ripe for valuation increases and m a activity especially if you know where to look hopefully we've helped you squint through the maze a little bit okay that's it for now thanks to the community for your comments and insights remember i publish each week on wikibon.com and siliconangle.com these episodes they're all available as podcasts all you do is search breaking analysis podcast put in the headphones listen when you're in your car out for your walk or run and you can always connect on twitter at divalante or email me at david.valante at siliconangle.com i appreciate the comments on linkedin and in clubhouse please follow me so you're notified when we start a room and riff on these topics and others and don't forget to check out etr.plus for all the survey data this is dave vellante for the cube insights powered by etr be well and we'll see you next time [Music] you

>> From The Cube Studios in Palo Alto in Boston, bringing you data-driven insights from The Cube in ETR. This is "Breaking Analysis" with Dave Vellante >> The pandemic not only accelerated the shift to digital but it also highlighted a rush of cyber criminal sophistication, collaboration, and chaotic responses by virtually every major company in the planet. The SolarWinds hack exposed supply chain weaknesses and so-called island hopping techniques that are exceedingly difficult to detect. Moreover, the will and aggressiveness of well-organized cybercriminals has elevated to the point where incident responses are now met with counter attacks, designed to both punish and extract money from victims via ransomware and other criminal activities. The only upshot is the cybersecurity market remains one of the most enduring and attractive investment sectors for those that can figure out where the market is headed and which firms are best positioned to capitalize. Hello, everyone. And welcome to this week's Wikibon Cube Insights powered by ETR. In this "Breaking Analysis" we'll provide our quarterly update of the security industry, and share new survey data from ETR and the Cube community that will help you navigate through the maze of corporate cyber warfare. We'll also share our thoughts on the game of 3D chess that Okta CEO, Todd McKinnon, is playing against the market. Now, we all know this market is complicated, fragmented and fast moving. And this next chart says it all. It's an interactive graphic from Optiv, a Denver, Colorado-based SI that's focused on cybersecurity. They've done some really excellent research and put together this awesome taxonomy, and it mapped vendor names therein. And this helps users navigate the complex security landscape. And there are over a dozen major sectors, high-level sectors within the security taxonomy and nearly 60 subsectors. From monitoring, vulnerability assessment, identity, asset management, firewalls, automation, cloud, data center, sim, threat detection and intelligent endpoint network, and so on and so on and so on. But this is a terrific resource, and going to help you understand where players fit and help you connect the dots in the space. Now let's talk about what's going on in the market. The dynamics in this crazy mess of a landscape are really confusing sometimes. Now, since the beginning of cyber time, we've talked about the increasing sophistication of the adversary, and the back and forth escalation between good and evil. And unfortunately, this trend is unlikely to stop. Here's some data from Carbon Black's annual modern bank heist report. This is the fourth, and of course now, VMware's brand, highlights the Carbon Black study since the acquisition, and to catalyze the creation of VMware's cloud security division. Destructive malware attacks, according to the recent study are up 118% from last year. Now, one major takeaway from the report is that hackers aren't just conducting wire fraud, they are. 57% of the banks surveyed, saw an increase in wire fraud, but the cybercriminals are also targeting non-public information such as future trading strategies. This allows the bad guys to front-run large block trades and profit. It's become a very lucrative practice. Now the prevalence of so-called island hopping is up 38% from already elevated levels. This is where a virus enters a company supply chain via a partner, and then often connects with other stealthy malware downstream. These techniques are more common where the malware will actually self-form with other infected parts of the supply chain and create actions with different signatures, designed to identify and exfiltrate valuable information. It's a really complex problem. Of major concern is that 63% of banking respondents in the study reported that responses to incidents were then met with retaliation designed to intimidate, or initiate ransomware tax to extract a final pound of flesh from the victim. Notably, the study found that 75% of CISOs reported to the CIO, which many feel is not the right regime. The study called for a rethinking of the right cyber regime where the CISO has increased responsibility and a direct reporting line to the CEO, or perhaps the COO, with greater exposure to boards of directors. So, many thanks to VMware and Tom Kellerman specifically for sharing this information with us this past week. Great work by your team. Now, some of the themes that we've been talking about for several quarters are shown in the lower half of the chart. Cloud, of course is the big driver thanks to work-from-home and to the pandemic. And the interesting corollary of course, is we see a rapid rethinking of end point and identity access management, and the concept of zero trust. In a recent ESG survey, two thirds of respondents said that their use of cloud computing necessitated a change in how they approach identity access management. Now, as shown in the chart from Optiv, the market remains highly fragmented, and M&A is of course, way up. Now, based on our research, it looks like transaction volume has increased more than 40% just in the last five months. So let's dig into the M&A, the merger and acquisition trends for just a moment. We took a five-month snapshot and we were able to count about 80 deals that were completed in that timeframe. Those transactions represented more than $20 billion in value. Some of the larger ones are highlighted here. The biggest of course, being the Thoma Bravo, taking Proofpoint private for a $12 plus billion price tag. The stock went from the low 130s and is trading in the low 170s based on the $176 per share offer. So there's your arbitrage, folks. Go for it. Perhaps the more interesting acquisition was Auth0 by Optiv for 6.5 billion, which we're going to talk about more in a moment. There was more private equity action we saw as Insight bought Armis, an IOT security play, and Cisco shelled out $730 million for IMImobile, which is more of an adjacency to cyber, but it's going to go under Cisco security and applications business run by Jeetu Patel. But these are just the tip of the iceberg. Some of the themes that we see connecting the dots of these acquisitions are first, SIs like Accenture, Atos and Wipro are making moves in cyber to go local. They're buying SecOps expertise, as I say, locally in places like France, Germany, Netherlands, Canada, and Australia, that last mile, that belly to belly intimate service. Israeli-based startups chocked up five acquired companies in the space over the last five months. Also financial services firms are getting into the act with Goldman and MasterCard making moves to own its own part of the stack themselves to combat things like fraud and identity theft. And then finally, numerous moves to expand markets. Okta with Auth0, CrowdStrike buying a log management company, Palo Alto, picking up dev ops expertise, Rapid7 shoring up it's Coobernetti's chops, Tenable expanding beyond Insights and going after identity, interesting. Fortinet filling gaps in a multi-cloud offering. SailPoint extending to governance risk and compliance, GRC. Zscaler picked up an Israeli firm to fill gaps in access control. And then VMware buying Mesh7 to secure modern app development and distribution service. So tons and tons of activity here. Okay, so let's look at some of the ETR data to put the cyber market in context. ETR uses the concept of market share, it's one of the key metrics which is a measure of pervasiveness in the dataset. So for each sector, it calculates the number of respondents for that sector divided by the total to get a sense for how prominent the sector is within the CIO and IT buyer communities. Okay, this chart shows the full ETR sector taxonomy with security highlighted across three survey periods; April last year, January this year, and April this year. Now you wouldn't expect big moves in market share over time. So it's relatively stable by sector, but the big takeaway comes from observing which sectors are most prominent. So you see that red line, that dotted line imposed at the 60% level? You can see there are only six sectors above that line and cyber security is one of them. Okay, so we know that security is important in a large market. But this puts it in the context of the other sectors. However, we know from previous breaking analysis episodes that despite the importance of cyber, and the urgency catalyzed by the pandemic, budgets unfortunately are not unlimited, and spending is bounded. It's not an open checkbook for CSOs as shown in this chart. This is a two-dimensional graphic showing market share in the horizontal axis, or pervasiveness in net score in the vertical axis. Net score is ETR's measurement of spending velocity. And we've superimposed a red line at 40% because anything over 40%, we consider extremely elevated. We've filtered and limited the number of sectors to simplify the graphic. And you can see, in the sectors that we've highlighted, only the big four are above that 40% line; AI, containers, RPA, and cloud. They exceed that sort of 40% magic waterline. Information security, you can see that as highlighted and it's respectable, but it competes for budget with other important sectors. So this is of course creates challenges for organization, because not only are they strapped for talent as we've reported, they like everyone else in IT face ongoing budget pressures. Research firm, Cybersecurity Ventures estimates that in 2021, $6 trillion worldwide will be lost on cyber crime. Conversely, research firm, Cannolis peg security spending somewhere around $60 billion annually. IDC has at higher, around $100 billion. So either way, we're talking about spending between 1 to 1.6% annually of how much the bad guys are taking out. That's peanuts really when you consider the consequences. So let's double-click into the cyber landscape a bit and further look at some of the companies. Here's that same X/Y graphic with the companies ETR captures from respondents in the cybersecurity sector. That's what's shown on the chart here. Now, the usefulness of the red lines is 20% on the horizontal indicates the largest presence in the survey, and the magic 40% line that we talked about earlier shows those firms with the most elevated momentum. Only Microsoft and Palo Alto exceed both high watermarks. Of course, Splunk and Cisco are prominent horizontally. And there are numerous companies to the left of the 20% line and many above that 40% high watermark on the vertical axis. Now in the bottom left quadrant, that includes many of the legacy names that have been around for a long time. And there are dozens of companies that show spending momentum on their platforms, i.e above single digits. So that picture is like the first one we showed you, very, very crowded space. But so let's filter it a bit and only include companies in the ETR survey that had at least 100 responses. So an N of 100 or greater. So it was a little easier to read but still it's kind of crowded when you think about it. Okay, so same graphic, and we've superimposed the data that determined the plot position over in the bottom right there. So there's net score and shared in, including only companies with more than 100 N. So what does this data tell us about the market? Well, Microsoft is dominant as always, it seems in all dimensions but let's focus on that red line for a moment. Some of the names that we've highlighted over the past two years show very well here. First, I want to talk about Palo Alto Networks. Pre-COVID as you might recall, we highlighted the valuation divergence between Palo Alto and Fortinet. And we said Fortinet was executing better on its cloud strategy, and Palo Alto was at the time struggling with the transition especially with its go-to-market and its Salesforce compensation, and really refreshing its portfolio. But we told you that we were bullish on Palo Alto Networks at the time because of its track record, and the fact that CIOs consistently told us that they saw Palo Alto as a thought leader in the space that they wanted to work with. They said that Palo Alto was the gold standard, the best, especially larger company CISOs. So that gave us confidence that Palo Alto, a very well-run company was going to get its act together and perform better. And Palo Alto has just done just that. As we expected, they've done very well and rapidly moving customers to the next generation of platforms. And we're very impressed by the company's execution. And the stock has generally reflected that. Now, some other names that hit our radar in the ETR data a couple of years ago, continue to perform well. CrowdStrike, Zscaler, SailPoint, and CloudFlare. Now, CloudFlare just reported and beat earnings but was off, the stock fell on headwinds for tech overall, the big rotation. But the company is doing very well and they're growing rapidly and they have momentum as you can see from the ETR data. Now, we put that double star around Proofpoint to highlight that it was worthy of fetching $12.5 billion from private equity firm. So nice exit there, supporting the continued consolidation trend that we've predicted in cybersecurity. Now let's turn our attention to Okta and Auth0. This is where it gets interesting, and is a clever play for Okta we think, and we want to drill into it a bit. Okta is acquiring Auth0 for big money. Why? Well, we think Todd McKinnon, Okta CEO, wants to run the table on identity and then continue to expand as TAM has to do that, to justify his lofty valuation. So Okta's ascendancy around identity and single sign-on is notable. The fragmented pictures that we've shown you, they scream out for simplification and trust, and that's what Okta brings. But it competes with some major players, most notably Microsoft with active directory. So look, of course, Microsoft is going to dominate in its massive customer base, but the rest of the market, that's like (indistinct) wide open. And we think McKinnon saw the opportunity to go dominate that sector. Now Okta comes at this from an enterprise perspective bringing top-down trust to the equation, and throwing a big blanket over all the discreet SaaS platforms and unifying employee access. Okta's timing was perfect. It was founded in 2009, just as the massive SaaSifiation trend was happening around CRM and HR, and service management and cloud, et cetera. But the one thing that Okta didn't have that Auth0 does is serious developer chops. While Okta was crushing it with its enterprise sales strategy, Auth0 was laser-focused on developers and building a bottoms up approach to identity. By acquiring Auth0, Okta can dominate both sides of the barbell and then capture the fat middle. So yes, it's a pricey acquisition, but in our view, it's a great move by McKinnon. Now, I don't know McKinnon personally, but last week I spoke to Arun Shrestha, who's the CEO of security specialist, BeyondID, they're a platinum services partner of Okta. And they're a zero trust expert. He worked for Okta for a number of years and shared with me a bit about McKinnon's style, and think big approach. Arun said something that caught my attention. He said, firewalls used to be the perimeter, now people are. And while that's self-serving to Okta and probably BeyondID, it's true. People, apps and data are the new perimeter, and they're not in one location. And that's the point. Now, unfortunately, I had lined up an interview with Diya Jolly, who was the chief product officer at Okta and a Cube alum for this past week, knowing that we were running this segment in this episode but she unfortunately fell ill the day of our interview and had to cancel. But I want to follow up with her, and understand how she's thinking about connecting the dots with Auth0 with devs and enterprises and really test our thesis there. This is a really interesting chess match that's going on. Let's look a little deeper into that identity space. This chart here shows some of the major identity players. It has some of the leaders in the identity market, and is a breakdown at ETR's net score. Now net score comprises five elements. The lime green is, we're adding the platform new. The forest green is we're spending 6% or more relative to last year. The gray is flat send plus or minus flat spend, plus or minus 5%. The pinkish is spending less. And the bright red is we're exiting the platform, retiring. Now you subtract the red from the green, and that gets you the result for net score which you can see super-imposed on the right hand chart at the bottom, that first column there. The far column is shared in which informs and indicates the number of responses and is a proxy for presence in the market. Oh, look at the top two players in terms of spending momentum. Now SailPoint is right there, but Auth0 combined with Okta's distribution channel will extend Okta's lead significantly in our view. And then there's Microsoft. Now just a caveat, this includes all of Microsoft's security offerings, not just identity, but it's there for context. And CyberArk as well includes this acquisition of adaptive, but also other parts of CyberArk's portfolio. So you can see some of the other names that are there, many of which you'll find in the Gartner magic quadrant for identity. And as we said, we really like this move by Okta. It combines positive market forces with lead offerings from very well-run companies that have winning DNA and passionate people. Now, to further emphasize what's happening here, take a look at this. This chart shows ETR data for Okta within SailPoint and CyberArk accounts. Out of the 230 CyberArk and SailPoint customers in the dataset, there are 81 Okta accounts. That's a 35% overlap. And the good news for Okta is that within that base of SailPoint and CyberArk accounts, Okta is shown by the net score line, that green line has a very elevated spending in momentum. And the kicker is, if you read the fine print in the right hand column, ETR correctly points out that while SailPoint and CyberArk have long been partners with Okta, at the recent Octane21 event, Okta's big customer event, The company announced that it was expanding into privileged access management, PAM, and identity governance. Hello, and welcome to co-opetition in the 2020s. Now, our current thinking is that this bodes very well for Okta and CyberArk and SailPoint. Well, they're going to have to make some counter moves to fend off the onslaught that is coming. Now, let's wrap up with what has become a tradition in our quarterly security updates. Looking at those two dimensions of net score and market share, we're going to see which companies crack the top 10 for both measures within the ETR dataset. We do this every quarter. So here in the left, we have the top 20, sorted by net score spending momentum and on the right, we sort by shared N. So it's again, top 20, which informs, shared N informs the market share metric or presence in the dataset. That red horizontal lines, those two lines on each separate the top 10 from the remaining 10 within those top 20. And our method, what we do is we assign four stars to those companies that crack the top 10 for both metrics. So again, you see Microsoft, Palo Alto Networks, Okta, CrowdStrike, and Fortinet. Fortinet by the way, didn't make it last quarter. They've kind of been in and out and on the bubble, but company is very strong, and doing quite well. Only the other four did last quarter. They were the same for last quarter. And we give two stars to those companies that make it in both categories within the top 20 but didn't make the top 10. So Cisco, Splunk, which has been steadily decelerating from a spending momentum standpoint, and Zscaler, which is just on the cusp. We really like Zscaler and the company has great momentum, but that's the methodology. That is what it is. Now you can see, we kept Carbon Black on the right most chart, it's like kind of cut off, it's number 21. Only because they're just outside looking in on net score. You see them there, they're just below on net score, number 11. And VMware's presence in the market we think, that Carbon Black is right really worth paying attention to. Okay, so we're going to close with some summary and final thoughts. Last quarter, we did a deeper dive on the SolarWinds hack, and we think the ramifications are significant. It has set the stage for a new era of escalation and adversary sophistication. Now, major change we see is a heightened awareness that when you find intruders, you'd better think very carefully about your next moves. When someone breaks into your house, if the dog barks, or if you come down with a baseball bat or other weapon, you might think the intruder is going to flee. But if the criminal badly wants what you have in your house and it's valuable enough, you might find yourself in a bloody knife fight or worse. Well, what's happening is intruders come to your company via island hopping or insider subterfuge or whatever method. And they'll live off the land stealthily using your own tools against you so that you can't find them so easily. So instead of injecting new tools in that send off an alert, they just use what you already have there. That's what's called living off the land. They'll steal sensitive data, for example, positive COVID test results when that was really, really sensitive, obviously still is, or other medical data. And when you retaliate, they will double-extort you. They'll encrypt your data and hold it for ransom, and at the same time threaten to release the sensitive information, crushing your brand in the process. So your response must be as stealthy as their intrusion, as you marshal your resources and devise an attack plan. And you face serious headwinds. Not only is this a complicated situation, there's your ongoing and acute talent shortage that you tell us about all the time. Many companies are mired in technical debt, that's an additional challenge. And then you've got to balance the running of the business while actually effecting a digital transformation. That's very, very difficult, and it's risky because the more digital you become, the more exposed you are. So this idea of zero trust, people used to call it a buzzword, it's now a mandate along with automation. Because you just can't throw labor at the problem. This is all good news for investors as cyber remains a market that's ripe for valuation increases and M&A activity, especially if you know where to look. Hopefully we've helped you squint through the maze a little bit. Okay, that's it for now. Thanks to the community for your comments and insights. Remember I publish each week on wikibon.com and siliconangle.com. These episodes, they're all available as podcasts. All you got to do is search breaking analysis podcasts, put in the headphones, listen when you're in your car, or out for your walk or run, and you can always connect on Twitter @DVellante, or email me at david.vellante@siliconangle.com. I appreciate the comments on LinkedIn and in Clubhouse, please follow me, so you're notified when we start a room and riff on these topics and others. And don't forget to check out etr.plus for all the survey data. This is Dave Vellante for The Cube Insights powered by ETR. Be well, and we'll see you next time. (light instrumental music)

[Music] from the cube studios in palo alto in boston bringing you data-driven insights from the cube and etr this is breaking analysis with dave vellante top security pros indicate that the solar winds hack on top of the pandemic have further heightened a change in how they think about security not only musciso secure an increasingly distributed workforce and network infrastructure but they now must be wary of software code coming from reputable vendors including the very patches designed to protect them against cyber attacks hello everyone and welcome to this week's wikibon cube insights powered by etr in this breaking analysis we'll summarize cso sentiments from a recent etr venn session and provide our quarterly update of the cyber security sector now in an upcoming episode we'll be inviting eric bradley of etr to provide deeper analysis and insights on these trends but we wanted to give you a preliminary preview of what's happening in the sector as we start off 2021. now the solar winds attack was like nothing we've ever seen before it's been covered quite widely in the press but in case you don't know the details solarwinds is a company that provides software to monitor many aspects of largely on-prem infrastructure including things like network performance log files configuration data storage servers and the like now as with all software companies solarwinds sends out regular updates and patches hackers were able to infiltrate the update and trojanize the software meaning when customers installed the updates the malware just went along for the ride now the reason this is so insidious is that often hackers they're going to target installations that haven't installed patches or updates and identified vulnerabilities in the infrastructure that haven't been addressed doors that are open that haven't been closed if you will now here the very code designed to protect against the breach actually facilitated that breach now according to experts this was quite a sophisticated attack that most believe was perpetrated by the russian hacker group cozy bear an advanced persistent threat or apt as classified by the u.s government now it's suspected that somehow they fished their way into a github repo and stole username and password access to allow them to penetrate the supply chain of software that's delivered over the internet but public information on this attack it's still spotty people are still learning now what is known is that the attackers have been lurking since march of last year and they exfiltrated lots of information from the u.s government and many other high-profile companies now here's what the csos and the etr van had to say about it let me just read some of the quotes the impact of this breach is profound it really turned a lot of heads and conventions about cyber security i don't think this threat has been exaggerated in the media we're now in a situation where we have to monitor the monitors this attack didn't have any signatures of a previous attack so you got down to the code level 80 to 90 of that code is being downloaded from the internet it's bringing devops security processes and making us rethink how to reinvent security and i'll add my business friend val berkovici said to me on twitter last year that he thinks the government hack is going to have permanent implications on how organizations approach cyber security it seems these cisos agree now the one question is what can be done about this and when you talk to security pros they'll definitely tell you they're rethinking security practices but look there's only so much you can do here's a tag cloud summarizing some of what we hear in the cube community and in the venn from etr practitioners you hear a lot about xero trust many csos are really leaning into identity access management and pam and mandates around two-factor authentication we've talked a lot about firms like octa sale point cyber arc software and microsoft is coming up more and more in this conversation especially as octa is seen as setting a price umbrella there's definitely some frustration amongst csos about octa's pricing strategies and auth 0 which does authentication as a service that's hitting our radar as well now of course endpoint security is something we've talked a lot about as the work from home trend hit during the pandemic it's become much much more important and you can see in the growth of crowdstrike and as you see in a moment we're getting some traction with vmware and carbon black in the survey data and of course titanium is another company that we've talked about csos look they're not just going to rip out what they have so companies like cisco especially with umbrella and duo they come up in the conversation as does palo alto networks we've said many times palo alto is seen as a thought leader csos like them they also like fortinet especially those that may be more cost cost conscious we see that a lot in mid-market and so on with analytics micro-segmentation cloud security with z-scaler and even rpa to automate certain tasks uipath has come up in the conversation more and more in a security context so you look at this tag cloud and there's no one answer as is often the case case with cyber security lots of tools lots of disciplines and a very capable adversary who has learned to as they say live off the land using your own infrastructure and tooling against you now the common narrative is that security is a top priority with cios and csos and budgets are going to be up so let's take a look at that well kind of here's a chart that shows the net scores or spending momentum for various sectors of the etr tech taxonomy and we've highlighted the information security segment yes it's up relative to the october survey but it really doesn't stand out i mean everything's up as we've reported coming off a down year in tech spending minus four percent last year and we're forecasting a plus six to seven percent increase this year really depending on on the pace of their recovery but the point is cyber is one of many budget organizations and organizations they're simply not going to open up a blank check to the cso now part of the reason is they're heavily invested in cyber this graphic shows several sectors in context and we've highlighted security in the red box the vertical axis that shows spending velocity and the horizontal axis is market share or presence in the data set and you can see the security it's got a big presence it's pervasive of course but it lags some of the top sectors in terms of spending velocity because look organizations they've got lots of priorities and as you'll see in a moment this space like most mature markets has some companies with off the charts spending patterns and others that lag so let's dig into that a little bit here you see that same xy graphic and we've plotted a number of security players so there's a couple of points here that we want to make first microsoft as usual is off the charts to the right and amazingly has a net score of 48 percent so highly elevated octa continues to lead this pack in net score as it has the last several surveys it's got a net score of 61.5 percent up from last quarter survey octa crowdstrike cyberark fortinet proof point and splunk are all up nicely from last quarter's survey we also really want to highlight carbon black the company's net score last quarter was 23.9 percent with 134 mentions in this quarter its net score shot up to nearly 38 so a very meaningful and noticeable move for vmware's 2.1 billion dollar acquisition that it made in the summer of 2019. so a number of companies that have momentum which stems from a rebound in tech spending but also a shift in security spend that we've highlighted and you can see a couple of legacy security firms that are also there in the chart losing momentum we've highlighted fireeye and rsa okay so now let's dig deeper into the data and the vendor performance here's a view of the data that we first showed you in 2019 it shows the net score and the shared n which identifies the number of mentions within the sector and it's an indicator of presence in the marketplace the leftmost chart is sorted by netscore and the right-hand chart is sorted by shared n so to make this chart you had to have at least an n of 50 in the survey again you can see octa sale and sale point lead in net score and microsoft has the biggest presence in the right hand side along with cisco and palo alto and something we started two years ago was if a vendor shows up in the top 10 for both net score and shared n we anointed them with four stars so these are the four star companies microsoft palo alto octa and crowdstrike which crouch by the way it fell off but it's back on and i think that was probably a survey anomaly because based on the company's financials there has been no loss of momentum for crowdstrike and we give two stars to those companies that make the top 20 in both categories so cisco because of umbrella and duo splunk proofpoint fortinet z z-scaler cyborg and carbon black vmware carbon black is new to the two-star list due to its rapid rise in net score that we just talked about now just a quick aside on carbon black at vmworld 2019 pat gelsinger told john furrier and me that he felt like he got a great deal picking up carbon black for 2.1 billion dollars now his logic was in part based on the valuation of crowdstrike at the time which is of course carbon black competitor crowdstrike as you can see on this chart had a valuation that was at nine times higher than that of carbon black and you can see from the trailing 12-month revenue that crowdstrike was a significantly larger company by more than 100 million dollars in revenue so the real story though was the company's growth crowdstrike at the time was growing much much faster than carbon black at more than a hundred percent compared to carbon blacks 22 roughly now in vmware's recent earnings call they said that carbon black had good bookings performance so who knows exactly what that means but if it were more than 22 my guess is that vmware vmware would have been more effusive in its commentary so let's assume that since the acquisition carbon black growth has been flattish you know maybe down maybe up but probably flat so vmware they're figuring out how to integrate the company and we think that as it does that it's going to use its channel of distribution and global presence to really drive carbon black sales now nonetheless we would still peg carbon black's valuation of having increased pretty substantially since the time of the acquisition perhaps in the three to five billion range we don't know for sure so but a nice pickup in our view for vmware and it'll likely grow from here based on the etr data then that's very encouraging for carbon black now let's look at how the valuations in this sector have changed since before covid here's an updated view of our valuation matrix since just before the pandemic hit in the u.s as you can see the s p is up 16 from that time frame the nas composite up 43 percent wow now look at the others only splunk really hasn't seen a huge uptick in valuation but the others have either risen noticeably like proof point cyber arc sail point they bounced up like palo alto or fortinet or exploded like crowd chat octa and z scalar you combine all these and you're talking about 114 billion dollar increase in market cap for these so one would think carbon black as a vmware asset has done pretty well along with these names and we would expect that the tech spending rebound this year combined with the heightened concerns over the solar winds hack and the tectonic shifts from the accelerated work from home and digital business transformations will continue to bode well for many of these names for quite some time all right let's wrap it up with some of the things we're watching in this space as we exit the pandemic and experience a new digital reality cyber threats have never been greater look each january if you look back on the prior year you'd be able to say the same thing for the last couple of decades and the reality is the budgets and spending on cyber they're asymmetric to the economic risks we just don't spend enough and probably can't spend enough to solve this problem csos they have to balance their legacy legacy install base security infrastructure with the shift to zero trust accelerated endpoint new access management challenges the ever expanding cloud and dot dot dot lack of talent remains the single biggest challenge for organizations which are stretch thin making investments in automation a trend that is not going to abate anytime soon in cyber all the cliches apply there is no silver bullet there is no rest for the weary the adversary they are well funded and extremely capable and they only have to succeed once to create a business disaster for an organization that has to succeed every day 24 hours a day so expect more of the same with no end in sight in terms of complexity fragmentation and whack-a-mole approaches to fighting cyber crime i hate to say this but it just means the fundamentals for the sector just keep getting better and better sorry okay that's it for this week remember all these episodes are available as podcasts wherever you listen so please subscribe i publish weekly on wikibon.com and siliconangle.com and don't forget to check out etr.plus for all the survey data and the analytics i appreciate the comments on my linkedin post you can dm me at [Music] you