hi everybody welcome back to boston you're watching thecube's coverage of reinforce 2022 last time we were here live was 2019. had a couple years of virtual merit bear is here she's with the office of the cso for aws merit welcome back to the cube good to see you thank you for coming on thank you so much it's good to be back um yes cso chief information security officer for folks who are acronym phobia phobic yeah okay so what do you do for the office of the is it ciso or sizzo anyway ah whatever is it sim or theme um i i work in three areas so i sit in aws security and i help us do security we're a shop that runs on aws i empathize with folks who are running shops it is process driven it takes hard work but we believe in certain mechanisms and muscle groups so you know i work on getting those better everything from how we do threat intelligence to how we guard rail employees and think about vending accounts and those kinds of things i also work in customer-facing interactions so when a cso wants to meet awssc so that's often me and then the third is product side so ensuring that everything we deliver not just security services are aligned with security best practices and expectations for our customers so i have to ask you right off the bat so we do a lot of spending surveys we have a partner etr i look at the data all the time and for some reason aws never shows up in the spending metrics why do you think that is maybe that talks to your strategy let's double click on that yeah so first of all um turn on guard duty get shield advanced for the you know accounts you need the 3k is relatively small and a large enterprise event like this doesn't mean don't spend on security there is a lot of goodness that we have to offer in ess external security services but i think one of the unique parts of aws is that we don't believe that security is something you should buy it's something that you get from us it's something that we do for you a lot of the time i mean this is the definition of the shared responsibility model right everything that you interact with on aws has been subject to the same rigorous standards and we aws security have umbrella arms around those but we also ensure that service teams own the security of their service so a lot of times when i'm talking to csos and i say security teams or sorry service teams own the security of their service they're curious like how do they not get frustrated and the answer is we put in a lot of mechanisms to allow those to go through so there's automation there are robots that resolve those trouble tickets you know like and we have emissaries we call them guardian champions that are embedded in service teams at any rate the point is i think it's really beautiful the way that customers who are you know enabling services in general benefit from the inheritances that they get and in some definition this is like the value proposition of cloud when we take care of those lower layers of the stack we're doing everything from the concrete floors guards and gates hvac you know in the case of something like aws bracket which is our quantum computing like we're talking about you know near vacuum uh environments like these are sometimes really intricate and beautiful ways that we take care of stuff that was otherwise manual and ugly and then we get up and we get really intricate there too so i gave a talk this morning about ddos protection um and all the stuff that we're doing where we can see because of our vantage point the volume and that leads us to be a leader in volumetric attack signatures for example manage rule sets like that costs you nothing turn on your dns firewall like there are ways that you just as a as an aws customer you inherit our rigorous standards and you also are able to benefit from the rigor with which we you know exact ourselves to really you're not trying to make it a huge business at least as part of your your portfolio it's just it's embedded it's there take advantage of it i want everyone to be secure and i will go to bad to say like i want you to do it and if money is a blocker let's talk about that because honestly we just want to do the right thing by customers and i want customers to use more of our services i genuinely believe that they are enablers we have pharma companies um that have helped enable you know personalized medicine and some of the copic vaccines we have you know like there are ways that this has mattered to people in really intimate ways um and then fun ways like formula one uh you know like there are things that allow us to do more and our customers to do more and security should be a way of life it's a way of breathing you don't wake up and decide that you're going to bolt it on one day okay so we heard cj moses keynote this morning i presume you were listening in uh we heard a lot about you know cool tools you know threat detection and devops and container security but he did explicitly talked about how aws is simplifying the life of the cso so what are you doing in that regard and what's that that's let's just leave it there for now i talk to c sales every day and i think um most of them have two main concerns one is how to get their organization to grow up like to understand what security looks like in a cloudy way um and that means that you know your login monitoring is going to be the forensics it's not going to be getting into the host that's on our side right and that's a luxury like i think there are elements of the cso job that have changed but that even if you know cj didn't explicitly call them out these are beauties things like um least privilege that you can accomplish using access analyzer and all these ways that inspector for example does network reachability and then all of these get piped to security hub and there's just ways that make it more accessible than ever to be a cso and to enable and embolden your people the second side is how csos are thinking about changing their organization so what are you reporting to the board um how are you thinking about hiring and um in the metrics side i would say you know being and i get a a lot of questions that are like how do we exhibit a culture of security and my answer is you do it you just start doing it like you make it so that your vps have to answer trouble tickets you may and and i don't mean literally like every trouble ticket but i mean they are 100 executives will say that they care about security but so what like you know set up your organization to be responsive to security and to um have to answer to them because it matters and and notice that because a non-decision is a decision and the other side is workforce right and i think um i see a lot of promise some of it unfulfilled in folks being hired to look different than traditional security folks and act different and maybe a first grade teacher or an architect or an artist and who don't consider themselves like particularly technical like the gorgeousness of cloud is that you can one teach yourself this i mean i didn't go to school for computer science like this is the kind of thing we all have to teach ourselves but also you can abstract on top of stuff so you're not writing code every day necessarily although if you are that's awesome and we love debbie folks but you know there's there's a lot of ways in which the machine of the security organization is suggesting i think cj was part to answer your question pointedly i think cj was trying to be really responsive to like all the stuff we're giving you all the goodness all the sprinkles on your cupcake not at all the organizational stuff that is kind of like you know the good stuff that we know we need to get into so i think so you're saying it's it's inherent it's inherently helping the cso uh her life his life become less complex and i feel like the cloud you said the customers are trying to become make their security more cloudy so i feel like the cloud has become the first line of defense now the cso your customer see so is the second line of defense maybe the audit is the third line what does that mean for the role of the the cso how is that they become a compliance officer what does that mean no no i think actually increasingly they are married or marriable so um when you're doing so for example if you are embracing [Music] ephemeral and immutable infrastructure then we're talking about using something like cloud formation or terraform to vend environments and you know being able to um use control tower and aws organizations to dictate um truisms through your environment you know like there are ways that you are basically in golden armies and you can come back to a known good state you can embrace that kind of cloudiness that allows you to get good to refine it to kill it and spin up a new infrastructure and that means though that like your i.t and your security will be woven in in a really um lovely way but in a way that contradicts certain like existing structures and i think one of the beauties is that your compliance can then wake up with it right your audit manager and your you know security hub and other folks that do compliance as code so you know inspector for example has a tooling that can without sending a single packet over the network do network reachability so they can tell whether you have an internet facing endpoint well that's a pci standard you know but that's also a security truism you shouldn't have internet facing endpoints you don't approve up you know like so these are i think these can go in hand in hand there are certainly i i don't know that i totally disregard like a defense in-depth notion but i don't think that it's linear in that way i think it's like circular that we hope that these mechanisms work together that we also know that they should speak to each other and and be augmented and aware of one another so an example of this would be that we don't just do perimeter detection we do identity-based fine-grained controls and that those are listening to and reasoned about using tooling that we can do using security yeah we heard a lot about reasoning as well in the keynote but i want to ask about zero trust like aws i think resisted using that term you know the industry was a buzzword before the pandemic it's probably more buzzy now although in a way it's a mandate um depending on how you look at it so i mean you anything that's not explicitly allowed is denied in your world and you have tools and i mean that's a definition if it's a die that overrides if it's another it's a deny call that will override and allow yeah that's true although anyway finish your question yeah yeah so so my it's like if there's if there's doubt there's no doubt it seems in your world but but but you have a lot of capabilities seems to me that this is how you you apply aws internal security and bring that to your customers do customers talk to you about zero trust are they trying to implement zero trust what's the best way for them to do that when they don't have that they have a lack of talent they don't have the skill sets uh that it and the knowledge that aws has what are you hearing from customers in that regard yeah that's a really um nuanced phrasing which i appreciate because i think so i think you're right zero trust is a term that like means everything and nothing i mean like this this notebook is zero trust like no internet comes in or out of it like congratulations you also can't do business on it right um i do a lot of business online you know what i mean like you can't uh transact something to other folks and if i lose it i'm screwed yeah exactly i usually have a water bottle or something that's even more inanimate than your notebook um but i guess my point is we i don't think that the term zero trust is a truism i think it's a conceptual framework right and the idea is that we want to make it so that someone's position in the network is agnostic to their permissioning so whereas in the olden days like a decade ago um we might have assumed that when you're in the perimeter you just accept everything um that's no longer the right way to think about it and frankly like covid and work from home may have accelerated this but this was ripe to be accelerated anyway um what we are thinking about is both like you said under the network so like the network layer are we talking about machine to machine are we talking about like um you know every api call goes over the open internet with no inherent assurances human to app or it's protected by sig v4 you know like there is an inherent zero trust case that we have always built this goes back to a jeff bezos mandate from 2002 that everything be an api call that is again this kind of like building security into it when we say security is job zero it not only reflects the fact that like when you build a terraform or a cloud formation template you better have permission things appropriately or try to but also that like there is no cloud without security considerations you don't get to just bolt something on after the fact so that being said now that we embrace that and we can reason about it and we can use tools like access analyzer you know we're also talking about zero trust in that like i said augmentation identity centric fine grained controls so an example of this would be a vpc endpoint policy where it is a perm the perimeter is dead long live the perimeter right you'll have your traditional perimeter your vpc or your vpn um augmented by and aware of the fine-grained identity-centric ones which you can also reason about prune down continuously monitor and so on and that'll also help you with your logging and monitoring because you know what your ingress and egress points are how concerned should people be with quantum messing up all the encryption algos oh it's stopping created right okay so but we heard about this in the keynote right so is it just a quantum so far off by the time we get there is it like a y2k you're probably not old enough to remember y2k but y2k moment right i mean i can't take you anywhere what should we um how should we be thinking about quantum in the context of security and sure yeah i mean i think we should be thinking about quantum and a lot of dimensions as operationally interesting and how we can leverage i think we should be thinking about it in the security future for right now aes256 is something that is not broken so we shouldn't try to fix it yeah cool encrypt all the things you can do it natively you know like i love talking about quantum but it's more of an aspirational and also like we can be doing high power compute to solve problems you know but like for it to get to a security uh potentially uh vulnerable state or like something that we should worry about is a bit off yeah and show me an application that can yeah and i mean and i think at that point we're talking about homomorphic improvements about another thing i kind of feel the same way is that you know there's a lot of hype around it a lot of ibm talks about a lot you guys talked about in your keynote today and when i really talk to people who understand this stuff it seems like it's a long long way off i don't think it's a long long way off but everything is dog years in tech world but um but for today you know like for today encrypt yourself we will always keep our encryption up to standard and you know that will be for now like the the industry grade standard that folks i mean like i i have i have never heard of a case where someone had their kms keys broken into i um i always ask like awesome security people this question did you like how did you get into this did you have like did you have a favorite superhero as a kid that was going to save the world i um was always the kid who probably would have picked up a book about the cia and i like find this and i don't remember who i was before i was a security person um but i also think that as a woman um from an american indian family walking through the world i think about the relationship between dynamics with the government and companies and individuals and how we want to construct those and the need for voices that are observant of the ways that those interplay and i always saw this as a field where we can do a lot of good yeah amazing merritt thanks so much for coming on thecube great guest john said you would be really appreciate your time of course all right keep it ready you're very welcome keep it right there this is dave vellante for the cube we'll be right back at aws reinforced 2022 from boston keep right there [Music]

(bright music) >> Welcome back everyone to the live Cube coverage here in Boston, Massachusetts for AWS re:Inforce 22, with a great guest here, Denise Hayman, CRO, Chief Revenue of Sonrai Security. Sonrai's a featured partner of Season Two, Episode Four of the upcoming AWS Startup Showcase, coming in late August, early September. Security themed startup focused event, check it out. awsstartups.com is the site. We're on Season Two. A lot of great startups, go check them out. Sonrai's in there, now for the second time. Denise, it's great to see you. Thanks for coming on. >> Ah, thanks for having me. >> So you've been around the industry for a while. You've seen the waves of innovation. We heard encrypt everything today on the keynote. We heard a lot of cloud native. They didn't say shift left but they said don't bolt on security after the fact, be in the CI/CD pipeline or the DevStream. All that's kind of top of line, Amazon's talking cloud native all the time. This is kind of what you guys are in the middle of. I've covered your company, you've been on theCUBE before. Your, not you, but your teammates have. You guys have a unique value proposition. Take a minute to explain for the folks that don't know, we'll dig into it, but what you guys are doing. Why you're winning. What's the value proposition. >> Yeah, absolutely. So, Sonrai is, I mean what we do is it's, we're a total cloud solution, right. Obviously, right, this is what everybody says. But what we're dealing with is really, our superpower has to do with the data and identity pieces within that framework. And we're tying together all the relationships across the cloud, right. And this is a unique thing because customers are really talking to us about being able to protect their sensitive data, protect their identities. And not just people identities but the non-people identity piece is the hardest thing for them to reign in. >> Yeah. >> So, that's really what we specialize in. >> And you guys doing good, and some good reports on good sales, and good meetings happening here. Here at the show, the big theme to me, and again, listening to the keynotes, you hear, you can see what's, wasn't talk about. >> Mm-hmm. >> Ransomware wasn't talked about much. They didn't talk about air-gapped. They mentioned ransomware I think once. You know normal stuff, teamwork, encryption everywhere. But identity was sprinkled in everywhere. >> Mm-hmm. >> And I think one of the, my favorite quotes was, I wrote it down, We've security in the development cycle CSD, they didn't say shift left. Don't bolt on any of that. Now, that's not new information. We know that don't bolt, >> Right. >> has been around for a while. He said, lessons learned, this is Stephen Schmidt, who's the CSO, top dog on security, who has access to what and why over permissive environments creates chaos. >> Absolutely. >> This is what you guys reign in. >> It is. >> Explain, explain that. >> Yeah, I mean, we just did a survey actually with AWS and Forrester around what are all the issues in this area that, that customers are concerned about and, and clouds in particular. One of the things that came out of it is like 95% of clouds are, what's called over privileged. Which means that there's access running amok, right. I mean, it, it is, is a crazy thing. And if you think about the, the whole value proposition of security it's to protect sensitive data, right. So if, if it's permissive out there and then sensitive data isn't being protected, I mean that, that's where we really reign it in. >> You know, it's interesting. I zoom out, I just put my historian hat on going back to the early days of my career in late eighties, early nineties. There's always, when you have these inflection points, there's always these problems that are actually opportunities. And DevOps, infrastructure as code was all about APS, all about the developer. And now open source is booming, open source is the software industry. Open source is it in the world. >> Right. >> That's now the software industry. Cloud scale has hit and now you have the Devs completely in charge. Now, what suffers now is the Ops and the Sec, Second Ops. Now Ops, DevOps. Now, DevSecOps is where all the action is. >> Yep. >> So the, the, the next thing to do is build an abstraction layer. That's what everyone's trying to do, build tools and platforms. And so that's where the action is here. This is kind of where the innovation's happening because the networks aren't the, aren't in charge anymore either. So, you now have this new migration up to higher level services and opportunities to take the complexity away. >> Mm-hmm. >> Because what's happened is customers are getting complexity. >> That's right. >> They're getting it shoved in their face, 'cause they want to do good with DevOps, scale up. But by default their success is also their challenge. >> Right. >> 'Cause of complexity. >> That's exactly right. >> This is, you agree with that. >> I do totally agree with that. >> If you, you believe that, then what's next. What happens next? >> You know, what I hear from customers has to do with two specific areas is they're really trying to understand control frameworks, right. And be able to take these scenarios and build them into something that they, where they can understand where the gaps are, right. And then on top of that building in automation. So, the automation is a, is a theme that we're hearing from everybody. Like how, how do they take and do things like, you know it's what we've been hearing for years, right. How do we automatically remediate? How do we automatically prioritize? How do we, how do we build that in so that they're not having to hire people alongside that, but can use software for that. >> The automation has become key. You got to find it first. >> Yes. >> You guys are also part of the DevCycle too. >> Yep. >> Explain that piece. So, I'm a developer, I'm an organization. You guys are on the front end. You're not bolt-on, right? >> We can do either. We prefer it when customers are willing to use us, right. At the very front end, right. Because anything that's built in the beginning doesn't have the extra cycles that you have to go through after the fact, right. So, if you can build security right in from the beginning and have the ownership where it needs to be, then you're not having to, to deal with it afterwards. >> Okay, so how do you guys, I'm putting my customer hat on for a second. A little hard, hard question, hard problem. I got active directory on Azure. I got, IM over here with AWS. I wanted them to look the same. Now, my on-premises, >> Ah. >> Is been booming, now I got cloud operations, >> Right. >> So, DevOps has moved to my premise and edge. So, what do I do? Do I throw everything out, do a redo. How do you, how do you guys talk about, talk to customers that have that chance, 'cause a lot of them are old school. >> Right. >> ID. >> And, and I think there's a, I mean there's an important distinction here which is there's the active directory identities right, that customers are used to. But then there's this whole other area of non-people identities, which is compute power and privileges and everything that gets going when you get you know, machines working together. And we're finding that it's about five-to-one in terms of how many identities are non-human identities versus human identity. >> Wow. >> So, so you actually have to look at, >> So, programmable access, basically. >> Yeah. Yes, absolutely. Right. >> Wow. >> And privileges and roles that are, you know accessed via different ways, right. Because that's how it's assigned, right. And people aren't really paying that close attention to it. So, from that scenario, like the AD thing of, of course that's important, right. To be able to, to take that and lift it into your cloud but it's actually even bigger to look at the bigger picture with the non-human identities, right. >> What about the CISOs out there that you talk to. You're in the front lines, >> Yep. >> talking to customers and you see what's coming on the roadmap. >> Yep. >> So, you kind of get the best of both worlds. See what they, what's coming out of engineering. What's the biggest problem CISOs are facing now? Is it the sprawl of the problems, the hacker space? Is it not enough talent? What, I mean, I see the fear, what are, what are they facing? How do you, how do you see that, and then what's your conversations like? >> Yeah. I mean the, the answer to that is unfortunately yes, right. They're dealing with all of those things. And, and here we are at the intersection of, you know, this huge complex thing around cloud that's happening. There's already a gap in terms of resources nevermind skills that are different skills than they used to have. So, I hear that a lot. The, the bigger thing I think I hear is they're trying to take the most advantage out of their current team. So, they're again, worried about how to operationalize things. So, if we bring this on, is it going to mean more headcount. Is it going to be, you know things that we have to invest in differently. And I was actually just with a CISO this morning, and the whole team was, was talking about the fact that bringing us on means they have, they can do it with less resource. >> Mm-hmm. >> Like this is a a resource help for them in this particular area. So, that that was their value proposition for us, which I loved. >> Let's talk about Adrian Cockcroft who retired from AWS. He was at Netflix before. He was a big DevOps guy. He talks about how agility's been great because from a sales perspective the old model was, he called it the, the big Indian wedding. You had to get everyone together, do a POC, you know, long sales cycles for big tech investments, proprietary. Now, open sources like speed dating. You can know what's good quickly and and try things quicker. How is that, how is that impacting your sales motions. Your customer engagements. Are they fast? Are they, are they test-tried before they buy? What's the engagement model that you, you see happening that the customers like the best. >> Yeah, hey, you know, because of the fact that we're kind of dealing with this serious part of the problem, right. With the identities and, and dealing with data aspects of it it's not as fast as I would like it to be, right. >> Yeah, it's pretty important, actually. >> They still need to get in and understand it. And then it's different if you're AWS environment versus other environments, right. We have to normalize all of that and bring it together. And it's such a new space, >> Yeah. >> that they all want to see it first. >> Yeah. >> Right, so. >> And, and the consequences are pretty big. >> They're huge. >> Yeah. >> Right, so the, I mean, the scenario here is we're still doing, in some cases we'll do workshops instead of a POV or a POC. 90% of the time though we're still doing a POV. >> Yeah, you got to. >> Right. So, they can see what it is. >> They got to get their hands on it. >> Yep. >> This is one of those things they got to see in action. What is the best-of-breed? If you had to say best-of-breed in identity looks like blank. How would you describe that from a customer's perspective? What do they need the most? Is it robustness? What's some of the things that you guys see as differentiators for having a best-of-breed solution like you guys have. >> A best-of-breed solution. I mean, for, for us, >> Or a relevant solution for that matter, for the solution. >> Yeah. I mean, for us, this, again, this identity issue it, for us, it's depth and it's continuous monitoring, right. Because the issue in the cloud is that there are new privileges that come out every single day, like to the tune of like 35,000 a year. So, even if at this exact moment, it's fine. It's not going to be in another moment, right. So, having that continuous monitoring in there, and, and it solves this issue that we hear from a lot of customers also around lateral movement, right. Because like a piece of compute can be on and off, >> Yeah, yeah, yeah. >> within a few seconds, right. So, you can't use any of the old traditional things anymore. So to me, it's the continuous monitoring I think that's important. >> I think that, and the lateral movement piece, >> Yep. >> that you guys have is what I hear the most of the biggest fears. >> Mm-hmm. >> Someone gets in here and can move around, >> That's right. >> and that's dangerous. >> Mm-hmm. And, and no traditional tools will see it. >> Yeah. Yeah. >> Right. There's nothing in there unless you're instrumented down to that level, >> Yeah. >> which is what we do. You're not going to see it. >> I mean, when someone has a firewall, a perimeter based system, yeah, I'm in the castle, I'm moving around, but that's not the case here. This is built for full observability, >> That's right. >> Yet there's so many vulnerabilities. >> It's all open. Mm-hmm, yeah. And, and our view too, is, I mean you bring up vulnerabilities, right. It, it is, you know, a little bit of the darling, right. People start there. >> Yep. >> And, and our belief in our view is that, okay, that's nice. But, and you do have to do that. You have to be able to see everything right, >> Yep. >> to be able to operationalize it. But if you're not dealing with the sensitive data pieces right, and the identities and stuff that's at the core of what you're trying to do >> Yeah. >> then you're not going to solve the problem. >> Yeah. Denise, I want to ask you. Because you make what was it, five-to-one was the machine to humans. I think that's actually might be low, on the low end. If you could imagine. If you believe that's true. >> Yep. >> I believe that's true by the way If microservices continues to be the, be the wave. >> Oh, it'll just get bigger. >> Which it will. It's going to much bigger. >> Yeah. >> Turning on and off, so, the lateral movement opportunities are going to be greater. >> Yep. >> That's going to be a bigger factor. Okay, so how do I protect myself. Now, 'cause developer productivity is also important. >> Mm-hmm. >> 'Cause, I've heard horror stories like, >> Yep. >> Yeah, my Devs are cranking away. Uh-oh, something's out there. We don't know about it. Everyone has to stop, have a meeting. They get pulled off their task. It's kind of not agile. >> Right. Right. >> I mean, >> Yeah. And, and, in that vein, right. We have built the product around what we call swim lanes. So, the whole idea is we're prioritizing based on actual impact and context. So, if it's a sandbox, it probably doesn't matter as much as if it's like operational code that's out there where customers are accessing it, right. Or it's accessing sensitive data. So, we look at it from a swim lane perspective. When we try to get whoever needs to solve it back to the person that is responsible for it. So we can, we can set it up that way. >> Yeah. I think that, that's key insight into operationalizing this. >> Yep. >> And remediation is key. >> Yes. >> How, how much, how important is the timing of that. When you talk to your customer, I mean, timing is obviously going to be longer, but like seeing it's one thing, knowing what to do is another. >> Yep. >> Do you guys provide that? Is that some of the insights you guys provide? >> We do, it's almost like, you know, us. The, and again, there's context that's involved there, right? >> Yeah. >> So, some remediation from a priority perspective doesn't have to be immediate. And some of it is hair on fire, right. So, we provide actually, >> Yeah. >> a recommendation per each of those situations. And, and in some cases we can auto remediate, right. >> Yeah. >> If, it depends on what the customer's comfortable with, right. But, when I talk to customers about what is their favorite part of what we do it is the auto remediation. >> You know, one of the things on the keynotes, not to, not to go off tangent, one second here but, Kurt who runs platforms at AWS, >> Mm-hmm. >> went on his little baby project that he loves was this automated, automatic reasoning feature. >> Mm-hmm. >> Which essentially is advanced machine learning. >> Right. >> That can connect the dots. >> Yep. >> Not just predict stuff but like actually say this doesn't belong here. >> Right. >> That's advanced computer science. That's heavy duty coolness. >> Mm-hmm. >> So, operationalizing that way, the way you're saying it I'm imagining there's some future stuff coming around the corner. Can you share how you guys are working with AWS specifically? Is it with Amazon? You guys have your own secret sauce for the folks watching. 'Cause this remediation should, it only gets harder. You got to, you have to be smarter on your end, >> Yep. >> with your engineers. What's coming next. >> Oh gosh, I don't know how much of what's coming next I can share with you, except for tighter and tighter integrations with AWS, right. I've been at three meetings already today where we're talking about different AWS services and how we can be more tightly integrated and what's things we want out of their APIs to be able to further enhance what we can offer to our customers. So, there's a lot of those discussions happening right now. >> What, what are some of those conversations like? Without revealing. >> I mean, they have to do with, >> Maybe confidential privilege. >> privileged information. I don't mean like privileged information. >> Yep. I mean like privileges, right, >> Right. >> that are out there. >> Like what you can access, and what you can't. >> What you can, yes. And who and what can access it and what can't. And passing that information on to us, right. To be able to further remediate it for an AWS customer. That's, that's one. You know, things like other AWS services like CloudTrail and you know some of the other scenarios that they're talking about. Like we're, you know, we're getting deeper and deeper and deeper with the AWS services. >> Yeah, it's almost as if Amazon over the past two years in particular has been really tightly integrating as a strategy to enable their partners like you guys >> Mm-hmm. >> to be successful. Not trying to land grab. Is that true? Do you get that vibe? >> I definitely get that vibe, right. Yesterday, we spent all day in a partnership meeting where they were, you know talking about rolling out new services. I mean, they, they are in it to win it with their ecosystem. Not on, not just themselves. >> All right, Denise it's great to have you on theCUBE here as part of re:Inforce. I'll give you the last minute or so to give a plug for the company. You guys hiring? What are you guys looking for? Potential customers that are watching? Why should they buy you? Why are you winning? Give a, give the pitch. >> Yeah, absolutely. So, so yes we are hiring. We're always hiring. I think, right, in this startup world. We're growing and we're looking for talent, probably in every area right now. I know I'm looking for talent on the sales side. And, and again, the, I think the important thing about us is the, the fullness of our solution but the superpower that we have, like I said before around the identity and the data pieces and this is becoming more and more the reality for customers that they're understanding that that is the most important thing to do. And I mean, if they're that, Gartner says it, Forrester says it, like we are one of the, one of the best choices for that. >> Yeah. And you guys have been doing good. We've been following you. Thanks for coming on. >> Thank you. >> And congratulations on your success. And we'll see you at the AWS Startup Showcase in late August. Check out Sonrai Systems at AWS Startup Showcase late August. Here at theCUBE live in Boston getting all the coverage. From the keynotes, to the experts, to the ecosystem, here on theCUBE, I'm John Furrier your host. Thanks for watching. (bright music)

>> From theCUBE Studios in Palo Alto and Boston bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> After a two year hiatus, AWS re:Inforce is back on as an in-person event in Boston next week. Like the All-Star break in baseball, re:Inforce gives us an opportunity to evaluate the cyber security market overall, the state of cloud security and cross cloud security and more specifically what AWS is up to in the sector. Welcome to this week's Wikibon cube insights powered by ETR. In this Breaking Analysis we'll share our view of what's changed since our last cyber update in May. We'll look at the macro environment, how it's impacting cyber security plays in the market, what the ETR data tells us and what to expect at next week's AWS re:Inforce. We start this week with a checkpoint from Breaking Analysis contributor and stock trader Chip Simonton. We asked for his assessment of the market generally in cyber stocks specifically. So we'll summarize right here. We've kind of moved on from a narrative of the sky is falling to one where the glass is half empty you know, and before today's big selloff it was looking more and more like glass half full. The SNAP miss has dragged down many of the big names that comprise the major indices. You know, earning season as always brings heightened interest and this time we're seeing many cross currents. It starts as usual with the banks and the money centers. With the exception of JP Morgan the numbers were pretty good according to Simonton. Investment banks were not so great with Morgan and Goldman missing estimates but in general, pretty positive outlooks. But the market also shrugged off IBM's growth. And of course, social media because of SNAP is getting hammered today. The question is no longer recession or not but rather how deep the recession will be. And today's PMI data was the weakest since the start of the pandemic. Bond yields continue to weaken and there's a growing consensus that Fed tightening may be over after September as commodity prices weaken. Now gas prices of course are still high but they've come down. Tesla, Nokia and AT&T all indicated that supply issues were getting better which is also going to help with inflation. So it's no shock that the NASDAQ has done pretty well as beaten down as tech stocks started to look oversold you know, despite today's sell off. But AT&T and Verizon, they blamed their misses in part on people not paying their bills on time. SNAP's huge miss even after guiding lower and then refusing to offer future guidance took that stock down nearly 40% today and other social media stocks are off on sympathy. Meta and Google were off, you know, over 7% at midday. I think at one point hit 14% down and Google, Meta and Twitter have all said they're freezing new hires. So we're starting to see according to Simonton for the first time in a long time, the lower income, younger generation really feeling the pinch of inflation. Along of course with struggling families that have to choose food and shelter over discretionary spend. Now back to the NASDAQ for a moment. As we've been reporting back in mid-June and NASDAQ was off nearly 33% year to date and has since rallied. It's now down about 25% year to date as of midday today. But as I say, it had been, you know much deeper back in early June. But it's broken that downward trend that we talked about where the highs are actually lower and the lows are lower. That's started to change for now anyway. We'll see if it holds. But chip stocks, software stocks, and of course the cyber names have broken those down trends and have been trading above their 50 day moving averages for the first time in around four months. And again, according to Simonton, we'll see if that holds. If it does, that's a positive sign. Now remember on June 24th, we recorded a Breaking Analysis and talked about Qualcomm trading at a 12 X multiple with an implied 15% growth rate. On that day the stock was 124 and it surpassed 155 earlier this month. That was a really good call by Simonton. So looking at some of the cyber players here SailPoint is of course the anomaly with the Thoma Bravo 7 billion acquisition of the company holding that stock up. But the Bug ETF of basket of cyber stocks has definitely improved. When we last reported on cyber in May, CrowdStrike was off 23% year to date. It's now off 4%. Palo Alto has held steadily. Okta is still underperforming its peers as it works through the fallout from the breach and the ingestion of its Auth0 acquisition. Meanwhile, Zscaler and SentinelOne, those high flyers are still well off year to date, with Ping Identity and CyberArk not getting hit as hard as their valuations hadn't run up as much. But virtually all these tech stocks generally in cyber issues specifically, they've been breaking their down trend. So it will now come down to earnings guidance in the coming months. But the SNAP reaction is quite stunning. I mean, the environment is slowing, we know that. Ad spending gets cut in that type of market, we know that too. So it shouldn't be a huge surprise to anyone but as Chip Simonton says, this shows that sellers are still in control here. So it's going to take a little while to work through that despite the positive signs that we're seeing. Okay. We also turned to our friend Eric Bradley from ETR who follows these markets quite closely. He frequently interviews CISOs on his program, on his round tables. So we asked to get his take and here's what ETR is saying. Again, as we've reported while CIOs and IT buyers have tempered spending expectations since December and early January when they called for an 8% plus spending growth, they're still expecting a six to seven percent uptick in spend this year. So that's pretty good. Security remains the number one priority and also is the highest ranked sector in the ETR data set when you measure in terms of pervasiveness in the study. Within security endpoint detection and extended detection and response along with identity and privileged account management are the sub-sectors with the most spending velocity. And when you exclude Microsoft which is just dominant across the board in so many sectors, CrowdStrike has taken over the number one spot in terms of spending momentum in ETR surveys with CyberArk and Tanium showing very strong as well. Okta has seen a big dropoff in net score from 54% last survey to 45% in July as customers maybe put a pause on new Okta adoptions. That clearly shows in the survey. We'll talk about that in a moment. Look Okta still elevated in terms of spending momentum, but it doesn't have the dominant leadership position it once held in spend velocity. Year on year, according to ETR, Tenable and Elastic are seeing the biggest jumps in spending momentum, with SailPoint, Tanium, Veronis, CrowdStrike and Zscaler seeing the biggest jump in new adoptions since the last survey. Now on the downside, SonicWall, Symantec, Trellic which is McAfee, Barracuda and TrendMicro are seeing the highest percentage of defections and replacements. Let's take a deeper look at what the ETR data tells us about the cybersecurity space. This is a popular view that we like to share with net score or spending momentum on the Y axis and overlap or pervasiveness in the data on the X axis. It's a measure of presence in the data set we used to call it market share. With the data, the dot positions, you see that little inserted table, that's how the dots are plotted. And it's important to note that this data is filtered for firms with at least 100 Ns in the survey. That's why some of the other ones that we mentioned might have dropped off. The red dotted line at 40% that indicates highly elevated spending momentum and there are several firms above that mark including of course, Microsoft, which is literally off the charts in both dimensions in the upper right. It's quite incredible actually. But for the rest of the pack, CrowdStrike has now taken back its number one net score position in the ETR survey. And CyberArk and Okta and Zscaler, CloudFlare and Auth0 now Okta through the acquisition, are all above the 40% mark. You can stare at the data at your leisure but I'll just point out, make three quick points. First Palo Alto continues to impress and as steady as she goes. Two, it's a very crowded market still and it's complicated space. And three there's lots of spending in different pockets. This market has too many tools and will continue to consolidate. Now I'd like to drill into a couple of firms net scores and pick out some of the pure plays that are leading the way. This series of charts shows the net score or spending velocity or granularity for Okta, CrowdStrike, Zscaler and CyberArk. Four of the top pure plays in the ETR survey that also have over a hundred responses. Now the colors represent the following. Bright red is defections. We're leaving the platform. The pink is we're spending less, meaning we're spending 6% or worse. The gray is flat spend plus or minus 5%. The forest green is spending more, i.e, 6% or more and the lime green is we're adding the platform new. That red dotted line at the 40% net score mark is the same elevated level that we like to talk about. All four are above that target. Now that blue line you see there is net score. The yellow line is pervasiveness in the data. The data shown in each bar goes back 10 surveys all the way back to January 2020. First I want to call out that all four again are seeing down trends in spending momentum with the whole market. That's that blue line. They're seeing that this quarter, again, the market is off overall. Everybody is kind of seeing that down trend for the most part. Very few exceptions. Okta is being hurt by fewer new additions which is why we highlighted in red, that red dotted area, that square that we put there in the upper right of that Okta bar. That lime green, new ads are off as well. And the gray for Okta, flat spending is noticeably up. So it feels like people are pausing a bit and taking a breather for Okta. And as we said earlier, perhaps with the breach earlier this year and the ingestion of Auth0 acquisition the company is seeing some friction in its business. Now, having said that, you can see Okta's yellow line or presence in the data set, continues to grow. So it's a good proxy from market presence. So Okta remains a leader in identity. So again, I'll let you stare at the data if you want at your leisure, but despite some concerns on declining momentum, notice this very little red at these companies when it comes to the ETR survey data. Now one more data slide which brings us to our four star cyber firms. We started a tradition a few years ago where we sorted the ETR data by net score. That's the left hand side of this graphic. And we sorted by shared end or presence in the data set. That's the right hand side. And again, we filtered by companies with at least 100 N and oh, by the way we've excluded Microsoft just to level the playing field. The red dotted line signifies the top 10. If a company cracks the top 10 in both spending momentum and presence, we give them four stars. So Palo Alto, CrowdStrike, Okta, Fortinet and Zscaler all made the cut this time. Now, as we pointed out in May if you combined Auth0 with Okta, they jumped to the number two on the right hand chart in terms of presence. And they would lead the pure plays there although it would bring down Okta's net score somewhat, as you can see, Auth0's net score is lower than Okta's. So when you combine them it would drag that down a little bit but it would give them bigger presence in the data set. Now, the other point we'll make is that Proofpoint and Splunk both dropped off the four star list this time as they both saw marked declines in net score or spending velocity. They both got four stars last quarter. Okay. We're going to close on what to expect at re:Inforce this coming week. Re:Inforce, if you don't know, is AWS's security event. They first held it in Boston back in 2019. It's dedicated to cloud security. The past two years has been virtual and they announced that reinvent that it would take place in Houston in June, which everybody said, that's crazy. Who wants to go to Houston in June and turns out nobody did so they postponed the event, thankfully. And so now they're back in Boston, starting on Monday. Not that it's going to be much cooler in Boston. Anyway, Steven Schmidt had been the face of AWS security at all these previous events as the Chief Information Security Officer. Now he's dropped the I from his title and is now the Chief Security Officer at Amazon. So he went with Jesse to the mothership. Presumably he dropped the I because he deals with physical security now too, like at the warehouses. Not that he didn't have to worry about physical security at the AWS data centers. I don't know. Anyway, he and CJ Moses who is now the new CISO at AWS will be keynoting along with some others including MongoDB's Chief Information Security Officer. So that should be interesting. Now, if you've been following AWS you'll know they like to break things down into, you know, a couple of security categories. Identity, detection and response, data protection slash privacy slash GRC which is governance, risk and compliance, and we would expect a lot more talk this year on container security. So you're going to hear also product updates and they like to talk about how they're adding value to services and try to help, they try to help customers understand how to apply services. Things like GuardDuty, which is their threat detection that has machine learning in it. They'll talk about Security Hub, which centralizes views and alerts and automates security checks. They have a service called Detective which does root cause analysis, and they have tools to mitigate denial of service attacks. And they'll talk about security in Nitro which isolates a lot of the hardware resources. This whole idea of, you know, confidential computing which is, you know, AWS will point out it's kind of become a buzzword. They take it really seriously. I think others do as well, like Arm. We've talked about that on previous Breaking Analysis. And again, you're going to hear something on container security because it's the hottest thing going right now and because AWS really still serves developers and really that's what they're trying to do. They're trying to enable developers to design security in but you're also going to hear a lot of best practice advice from AWS i.e, they'll share the AWS dogfooding playbooks with you for their own security practices. AWS like all good security practitioners, understand that the keys to a successful security strategy and implementation don't start with the technology, rather they're about the methods and practices that you apply to solve security threats and a top to bottom cultural approach to security awareness, designing security into systems, that's really where the developers come in, and training for continuous improvements. So you're going to get heavy doses of really strong best practices and guidance and you know, some good preaching. You're also going to hear and see a lot of partners. They'll be very visible at re:Inforce. AWS is all about ecosystem enablement and AWS is going to host close to a hundred security partners at the event. This is key because AWS doesn't do it all. Interestingly, they don't even show up in the ETR security taxonomy, right? They just sort of imply that it's built in there even though they have a lot of security tooling. So they have to apply the shared responsibility model not only with customers but partners as well. They need an ecosystem to fill gaps and provide deeper problem solving with more mature and deeper security tooling. And you're going to hear a lot of positivity around how great cloud security is and how it can be done well. But the truth is this stuff is still incredibly complicated and challenging for CISOs and practitioners who are understaffed when it comes to top talent. Now, finally, theCUBE will be at re:Inforce in force. John Furry and I will be hosting two days of broadcast so please do stop by if you're in Boston and say hello. We'll have a little chat, we'll share some data and we'll share our overall impressions of the event, the market, what we're seeing, what we're learning, what we're worried about in this dynamic space. Okay. That's it for today. Thanks for watching. Thanks to Alex Myerson, who is on production and manages the podcast. Kristin Martin and Cheryl Knight, they helped get the word out on social and in our newsletters and Rob Hoff is our Editor in Chief over at siliconangle.com. You did some great editing. Thank you all. Remember all these episodes they're available, this podcast. Wherever you listen, all you do is search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. You can get in touch with me by emailing avid.vellante@siliconangle.com or DM me @dvellante, or comment on my LinkedIn post and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you in Boston next week if you're there or next time on Breaking Analysis (soft music)

(inspiring music) >> Announcer: theCUBE presents HPE Discover 2022. Brought to you by HPE. >> Welcome back to theCUBE's coverage of HPE Discover 2022, from the Venetian in Las Vegas, the first Discover since 2019. I really think this is my 14th Discover, when you include HP, when you include Europe. And I got to say this Discover, I think has more energy than any one that I've ever seen, about 8,000 people here. Really excited to have one of HPE's longstanding partners, Veeam CTO, Danny Allen is here, joined by David Harvey, Vice President of Strategic Alliances at Veeam. Guys, good to see you again. It was just earlier, let's see, last month, we were together out here. >> Yeah, just a few weeks ago. It's fantastic to be back and what it's telling us, technology industry is coming back. >> And the events business, of course, is coming back, which we love. I think the expectations were cautious. You saw it at VeeamON, a little more than you expected, a lot of great energy. A lot of people, 'cause it was last month, it was their first time out, >> Yes. >> in two years. Here, I think people have started to go out more, but still, an energy that's palpable. >> You can definitely feel it. Last night, I think I went to four consecutive events and everyone's out having those discussions and having conversations, it's good to be back. >> You guys hosted the Storage party last night, which is epic. I left at midnight, I took a picture, it was still packed. I said, okay, time to go, nothing good happens after midnight kids. David, talk about the alliance with HPE, how it's evolved, and where you see it going? >> I appreciate it, and certainly this, as you said, has been a big alliance for us. Over 10 years or so, fantastic integrations across the board. And you touched on 2019 Discover. We launched with GreenLake at that event, we were one of the launch partners, and we've seen fantastic growth. Overall, what we're excited about, is that continuation of the movement of the customer's buying patterns in line with HPE's portfolio and in line with Veeam. We continue to be with all their primary, secondary storage, we continue to be a spearhead position with GreenLake, which we're really excited about. And we're also really excited to hear from HPE, unfortunately under NDA, some of their future stuff they're investing in, which is a really nice invigoration for what they're doing for their portfolio. And we see that being a big deal for us over the next 24 months. >> Your relationship with HPE predates the HP, HPE split. >> Mmm. >> Yes. >> But it was weird, because they had Data Protector, and that was a quasi-competitor, or really not, but it was a competitor, a legacy competitor, of what you guys have, kind of modern data protection I think is the tagline, if I got it right. Post the split, that was an S-curve moment, wasn't it, in terms of the partnership? >> It really was. If you go back 10 years, we did our first integration sending data to StoreOnce and we had some blueprints around that. But now, if you look what we have, we have integrations on the primary side, so, 3PAR, Primera, Nimble, all their top-tier storage, we can manage the snapshots. We have integration on the target side. We integrate with Catalyst in the movement of data and the management of data. And, as David alluded to, we integrate with GreenLake. So, customers who want to take this as a consumption model, we integrate with that. And so it's been, like you said, the strongest relationship that we have on the technology alliance side. >> So, V12, you announced at VeeamON. What does that mean for HPE customers, the relationship? Maybe you guys could both talk about that. >> Technology side, to touch on a few things that we're doing with them, ransomware has been a huge issue. Security's been a big theme, obviously, at the conference, >> Dave: Yeah, you bet. and one of the things we're doing in V12 is adding immutability for both StoreOnce and StoreEver. So, we take the features that our partners have, immutability being big in the security space, and we integrate that fully into the product. So a customer checks a box and says, hey, I want to make sure that the data is secure. >> Yeah, and also, it's another signification about the relationship. Every single release we've done has had HPE at the heart of it, and the same thing is being said with V12. And it shows to our customers, the continual commitment. Relationships come and go. They're hard, and the great news is, 10 years has proven that we get through good times and tricky situations, and we both continue to invest, et cetera. And I think there's a lot of peace of mind and the revenue figures prove that, which is what we're really excited about. >> Yeah I want to come back to that, but just to follow up, Danny, on that immutability, that's a feature that you check? It's service within GreenLake, or within Veeam? How does that all work? >> We have immutability now depending on the target. We introduced the ability to send data, for example, into S3 two years ago, and make it immutable when you send it to an S3 or S3 compatible environment. We added, in Version 11, the ability to take a Linux repository and make it, and harden it, essentially make it immutable. But what we're doing now is taking our partner systems like StoreOnce, like StoreEver, and when we send data there, we take advantage of an API flag or whatever it happens to be, that it makes the data, when it's written to that system, can't be deleted, can't be encrypted. Now, what does that mean for a customer? Well, we do all the hard work in the back end, it's just a check box. They say, I want to make it immutable, and we manage how long it's immutable. Because if you made everything immutable forever, that's hugely expensive, right? So, it's all about, how long is that immutable before you age it out and make sure the new data coming in is immutable. >> Dave: It's like an insurance policy, you have that overlap. >> Yes. >> Right, okay. And then David, you mentioned the revenue, Lou bears that out. I got the IDC guys comin' on later on today. I'll ask 'em about that, if that's their swim lane. But you guys are basically a statistical tie, with Dell for number one? Am I getting that right? And you're growing at a faster rate, I believe, it's hard to tell 'cause I don't think Dell reports on the pace of its growth within data protection. You guys obviously do, but is that right? It's a statistical tie, is it? >> Yeah, hundred percent. >> Yeah, statistical tie for first place, which we're super excited about. When I joined Veeam, I think we were in fifth place, but we've been in the leader's quadrant of the Gartner Magic- >> Cause and effect there or? (panelists laughing) >> No, I don't think so. >> Dave: Ha, I think maybe. >> We've been on a great trajectory. But statistical tie for first place, greatest growth sequentially, and year-over-year, of all of the data protection vendors. And that's a testament not just to the technology that we're doing, but partnerships with HPE, because you never do this, the value of a technology is not that technology alone, it's the value of that technology within the ecosystem. And so that's why we're here at HPE Discover. It's our joint technology solutions that we're delivering. >> What are your thoughts or what are you seeing in the field on As-a-service? Because of course, the messaging is all about As-a-service, you'd think, oh, a hundred percent of everything is going to be As-a-service. A lot of customers, they don't mind CapEx, they got good, balance sheet, and they're like, hey, we'll take care of this, and, we're going to build our own little internal cloud. But, what are you seeing in the market in terms of As-a-service, versus, just traditional licensing models? >> Certainly, there's a mix between the two. What I'd say, is that sources that are already As-a-service, think Microsoft 365, think AWS, Azure, GCP, the cloud providers. There's a natural tendency for the customer to want the data protection As-a-service, as well for those. But if you talk about what's on premises, customers who have big data centers deployed, they're not yet, the pendulum has not shifted for that to be data protection As-a-service. But we were early to this game ourselves. We have 10,000, what we call, Veeam Cloud Service Providers, that are offering data protection As-a-service, whether it be on premises, so they're remotely managing it, or cloud hosted, doing data protection for that. >> So, you don't care. You're providing the technology, and then your customers are actually choosing the delivery model. Is that correct? >> A hundred percent, and if you think about what GreenLake is doing for example, that started off as being a financial model, but now they're getting into that services delivery. And what we want to do is enable them to deliver it, As-a-service, not just the financial model, but the outcome for the customer. And so our technology, it's not just do backup, it's do backup for a multi-tenant, multi-customer environment that does all of the multi-tenancy and billing and charge back as part of that service. >> Okay, so you guys don't report on this, but I'm going to ask the question anyway. You're number one now, let's call you, let's declare number one, 'cause we're well past that last reporting and you're growin' faster. So go another quarter, you're now number one, so you're the largest. Do you spend more on R&D in data protection than any other company? >> Yes, I'm quite certain that we do. Now, we have an unfair advantage because we have 450,000 customers. I don't think there's any other data protection company out there, the size and scope and scale, that we have. But we've been expanding, our largest R&D operation center's in Prague, it's in Czech Republic, but we've been expanding that. Last year it grew 40% year on year in R&D, so big investment in that space. You can see this just through our product space. Five years ago, we did data protection of VMware only, and now we do all the virtual environments, all the physical environments, all the major cloud environments, Kubernetes, Microsoft 365, we're launching Salesforce. We announced that at VeeamON last month and it will be coming out in Q3. All of that is coming from our R&D investments. >> A lot of people expect that when a company like Insight, a PE company, purchases a company like Veeam, that one of the things they'll dial down is R&D. That did not happen in this case. >> No, they very much treat us as a growth company. We had 22% year-over-year growth in 2020, and 25% year-over-year last year. The growth has been tremendous, they continue to give us the freedom. Now, I expect they'll want returns like that continuously, but we have been delivering, they have been investing. >> One of my favorite conversations of the year was our supercloud conversation, which was awesome, thank you for doing that with me. But that's clearly an area of focus, what we call supercloud, and you don't use that term, I know, you do sometimes, but it's not your marketing, I get that. But that is an R&D intensive effort, is it not? To create that common experience. And you see HPE, attempting to do that as well, across all these different estates. >> A hundred percent. We focus on three things, I always say, our differentiators, simplicity, flexibility, and reliability. Making it simple for the customers is not an easy thing to do. Making that checkbox for immutability? We have to do a lot behind the scenes to make it simple. Same thing on flexibility. We don't care if they're using 3PAR, Primera, Nimble, whatever you want to choose as the primary storage, we will take that out of your hands and make it really easy. You mentioned supercloud. We don't care what the cloud infrastructure, it can be on GreenLake, it can be on AWS, can be on Azure, it can be on GCP, it can be on IBM cloud. It is a lot of effort on our part to abstract the cloud infrastructure, but we do that on behalf of our customers to take away that complexity, it's part of our platform. >> Quick follow-up, and then I want to ask a question of David. I like talking to you guys because you don't care where it is, right? You're truly agnostic to it all. I'm trying to figure out this repatriation thing, cause I hear a lot of hey, Dave, you should look into repatriation that's happened all over the place, and I see pockets of it. What are you seeing in terms of repatriation? Have customers over-rotated to the cloud and now they're pullin' back a little bit? Or is it, as I'm claiming, in pockets? What's your visibility on that? >> Three things I see happening. There's the customers who lifted up their data center, moved it into the cloud and they get the first bill. >> (chuckling) Okay. >> And they will repatriate, there's no question. If I talk to those customers who simply lifted up and moved it over because the CIO told them to, they're moving it back on premises. But a second thing that we see is people moving it over, with tweaks. So they'll take their SQL server database and they'll move it into RDS, they'll change some things. And then you have people who are building cloud-native, they're never coming back on premises, they are building it for the cloud environment. So, we see all three of those. We only really see repatriation on that first scenario, when they get that first bill. >> And when you look at the numbers, I think it gets lost, 'cause you see the cloud is growing so fast. So David, what are the conversations like? You had several events last night, The Veeam party, slash Storage party, from HPE. What are you hearing from your alliance partners and the customers at the event. >> I think Danny touched on that point, it's about philosophy of evolution. And I think at the end of the day, whether we're seeing it with our GSI alliances we've got out there, or with the big enterprise conversations we're having with HPE, it's about understanding which workloads they want to move. In our mind, the customers are getting much smarter in making that decision, rather than experimenting. They're really taking a really solid look. And the work we're doing with the GSIs on workplace modernization, data center transformation, they're really having that investment work up front on the workloads, to be able to say, this works for me, for my personality and my company. And so, to the point about movement, it's more about decisive decision at the start, and not feeling like the remit is, I have to do one thing or another, it's about looking at that workflow position. And that's what we've seen with the revenue part as well. We've seen our movement to GreenLake tremendously grow in the last 18 months to two years. And from our GSI work as well, we're seeing the types of conversations really focus on that workload, compared to, hey, I just need a backup solution, and that's really exciting. >> Are you having specific conversations about security, or is it a data protection conversation still, (David chuckles) that's an adjacency to security? >> That's a great question. And I think it's a complex one, because if you come to a company like Veeam, we are there, and you touched on it before, we provide a solution when something has happened with security. We're not doing intrusion detection, we're not doing that barrier position at the end of it, but it's part of an end-to-end assumption. And I don't think that at this particular point, I started in security with RSA and Check Point, it was about layers of protection. Now it's layers of protection, and the inevitability that at some point something will happen, so about the recovery. So the exciting conversations we're having, especially with the big enterprises, is not about the fear factor, it's about, at some point something's going to occur. Speed of recovery is the conversation. And so for us, and your question is, are they talking to us about security, or more, the continuity position? And that's where the synergy's getting a lot simpler, rather than a hard demark between security and backup. >> Yeah, when you look at the stock market, everything's been hit, but security, with the exception of Okta, 'cause it got that weird benign hack, but security, generally, is an area that CIOs have said, hey, we can't really dial that back. We can maybe, some other discretionary stuff, we'll steal and prioritize. But security seems to be, and I think data protection is now part of that discussion. You're not a security company. We've seen some of your competitors actually pivot to become security companies. You're not doing that, but it's very clearly an adjacency, don't you think? >> It's an adjacency, and it's a new conversation that we're having with the Chief Information Security Officer. I had a meeting an hour ago with a customer who was hit by ransomware, and they got the call at 2:00 AM in the morning, after the ransomware they recovered their entire portfolio within 36 hours, from backups. Didn't even contact Veeam, I found out during this meeting. But that is clearly something that the Chief Information Security Officer wants to know about. It's part of his purview, is the recovery of that data. >> And they didn't pay the ransom? >> And they did not pay the ransom, not a penny. >> Ahh, we love those stories. Guys, thanks so much for coming on theCUBE. Congratulations on all the success. Love when you guys come on, and it was such a fun event at VeeamON. Great event here, and your presence is, was seen. The Veeam green is everywhere, so appreciate your time. >> Thank you. >> Thanks, Dave. >> Okay, and thank you for watching. This is Dave Vellante for John Furrier and Lisa Martin. We'll be back right after this short break. You're watching theCUBE's coverage of HPE Discover 2022, from Las Vegas. (inspiring music)

(upbeat music) >> Hello, and welcome back to AWS Startup Showcase, I'm John Furrier, your host. This is the Hero panel, the AWS Heroes. These are folks that have a lot of experience in Open Source, having fun building great projects and commercializing the value and best practices of Open Source innovation. We've got some great guests here. Liz Rice, Chief Open Source Officer, Isovalent. CUBE alumni, great to see you. Brian LeRoux, who is the Co-founder and CTO of begin.com. Erica Windisch who's an Architect for Developer Experience. AWS Hero, also CUBE alumni. Casey Lee, CTO Gaggle. Doing some great stuff in ed tech. Great collection of experts and experienced folks doing some fun stuff, welcome to this conversation this CUBE panel. >> Hi. >> Thanks for having us. >> Hello. >> Let's go down the line. >> I don't normally do this, but since we're remote and we have such great guests, go down the line and talk about why Open Source is important to you guys. What projects are you currently working on? And what's the coolest thing going on there? Liz we'll start with you. >> Okay, so I am very involved in the world of Cloud Native. I'm the chair of the technical oversight committee for the Cloud Native Computing Foundation. So that means I get to see a lot of what's going on across a very broad range of Cloud Native projects. More specifically, Isovalent. I focus on Cilium, which is it's based on a technology called EBPF. That is to me, probably the most exciting technology right now. And then finally, I'm also involved in an organization called OpenUK, which is really pushing for more use of open technologies here in the United Kingdom. So spread around lots of different projects. And I'm in a really fortunate position, I think, to see what's happening with lots of projects and also the commercialization of lots of projects. >> Awesome, Brian what project are you working on? >> Working project these days called Architect. It's a Open Source project built on top of AWSM. It adds a lot of sugar and terseness to the SM experience and just makes it a lot easier to work with and get started. AWS can be a little bit intimidating to people at times. And the Open Source community is stepping up to make some of that bond ramp a little bit easier. And I'm also an Apache member. And so I keep a hairy eyeball on what's going on in that reality all the time. And I've been doing this open-source thing for quite a while, and yeah, I love it. It's a great thing. It's real science. We get to verify each other's work and we get to expand and build on human knowledge. So that's a huge honor to just even be able to do that and I feel stoked to be here so thanks for having me. >> Awesome, yeah, and totally great. Erica, what's your current situation going on here? What's happening? >> Sure, so I am currently working on developer experience of a number of Open Source STKS and CLI components from my current employer. And previously, recently I left New Relic where I was working on integrating with OpenTelemetry, as well as a number of other things. Before that I was a maintainer of Docker and of OpenStack. So I've been in this game for a while as well. And I tend to just put my fingers in a lot of little pies anywhere from DVD players 20 years ago to a lot of this open telemetry and monitoring and various STKs and developer tools is where like Docker and OpenStack and the STKs that I work on now, all very much focusing on developer as the user. >> Yeah, you're always on the wave, Erica great stuff. Casey, what's going on? Do you got some great ed techs happening? What's happening with you? >> Yeah, sure. The primary Open Source project that I'm contributing to right now is ACT. This is a tool I created a couple of years back when GitHub Actions first came out, and my motivation there was I'm just impatient. And that whole commit, push, wait time where you're testing out your pipelines is painful. And so I wanted to build a tool that allowed developers to test out their GitHub Actions workflows locally. And so this tool uses Docker containers to emulate, to get up action environment and gives you fast feedback on those workflows that you're building. Lot of innovation happening at GitHub. And so we're just trying to keep up and continue to replicate those new features functionalities in the local runner. And the biggest challenge I've had with this project is just keeping up with the community. We just passed 20,000 stars, and it'd be it's a normal week to get like 10 PRs. So super excited to announce just yesterday, actually I invited four of the most active contributors to help me with maintaining the project. And so this is like a big deal for me, letting the project go and bringing other people in to help lead it. So, yeah, huge shout out to those folks that have been helping with driving that project. So looking forward to what's next for it. >> Great, we'll make sure the SiliconANGLE riders catch that quote there. Great call out. Let's start, Brian, you made me realize when you mentioned Apache and then you've been watching all the stuff going on, it brings up the question of the evolution of Open Source, and the commercialization trends have been very interesting these days. You're seeing CloudScale really impact also with the growth of code. And Liz, if you remember, the Linux Foundation keeps making projections and they keep blowing past them every year on more and more code and more and more entrance coming in, not just individuals, corporations. So you starting to see Netflix donates something, you got Lyft donate some stuff, becomes a project company forms around it. There's a lot of entrepreneurial activity that's creating this new abstraction layers, new platforms, not just tools. So you start to see a new kickup trajectory with Open Source. You guys want to comment on this because this is going to impact how fast the enterprise will see value here. >> I think a really great example of that is a project called Backstage that's just come out of Spotify. And it's going through the incubation process at the CNCF. And that's why it's front of mind for me right now, 'cause I've been working on the due diligence for that. And the reason why I thought it was interesting in relation to your question is it's spun out of Spotify. It's fully Open Source. They have a ton of different enterprises using it as this developer portal, but they're starting to see some startups emerging offering like a hosted managed version of Backstage or offering services around Backstage or offering commercial plugins into Backstage. And I think it's really fascinating to see those ecosystems building up around a project and different ways that people can. I'm a big believer. You cannot sell the Open Source code, but you can sell other things that create value around Open Source projects. So that's really exciting to see. >> Great point. Anyone else want to weigh in and react to that? Because it's the new model. It's not the old way. I mean, I remember when I was in college, we had the Pirate software. Open Source wasn't around. So you had to deal under the table. Now it's free. But I mean the old way was you had to convince the enterprise, like you've got a hard knit, it builds the community and the community manage the quality of the code. And then you had to build the company to make sure they could support it. Now the companies are actually involved in it, right? And then new startups are forming faster. And the proof points are shorter and highly accelerated for that. I mean, it's a whole new- >> It's a Cambrian explosion, and it's great. It's one of those things that it's challenging for the new developers because they come in and they're like, "Whoa, what is all this stuff that I'm supposed to figure out?" And there's no right answer and there's no wrong answer. There's just tons of it. And I think that there's a desire for us to have one sort of well-known trot and happy path, that audience we're a lot better with a more diverse community, with lots of options, with lots of ways to approach these problems. And I think it's just great. A challenge that we have with all these options and all these Cambrian explosion of projects and all these competing ideas, right now, the sustainability, it's a bit of a tricky question to answer. We know that there's a commercialization aspect that helps us fund these projects, but how we compose the open versus the commercial source is still a bit of a tricky question and a tough one for a lot of folks. >> Erica, would you chime in on that for a second. I want to get your angle on that, this experience and all this code, and I'm a new person, I'm an existing person. Do I get like a blue check mark and verify? I mean, these are questions like, well, how do you navigate? >> Yeah, I think this has been something happening for a while. I mean, back in the early OpenStack days, 2010, for instance, Rackspace Open Sourcing, OpenStack and ANSU Labs and so forth, and then trying, having all these companies forming in creating startups around this. I started at a company called Cloudccaling back in late 2010, and we had some competitors such as Piston and so forth where a lot of the ANSUL Labs people went. But then, the real winners, I think from OpenStack ended up being the enterprises that jumped in. We had Red Hat in particular, as well as HP and IBM jumping in and investing in OpenStack, and really proving out a lot of... not that it was the first time, but this is when we started seeing billions of dollars pouring into Open Source projects and Open Source Foundations, such as the OpenStack Foundation, which proceeded a lot of the things that we now see with the Linux Foundation, which was then created a little bit later. And at the same time, I'm also reflecting a little bit what Brian said because there are projects that don't get funded, that don't get the same attention, but they're also getting used quite significantly. Things like Log4j really bringing this to the spotlight in terms of projects that are used everywhere by everything with significant outsized impacts on the industry that are not getting funded, that aren't flashy enough, that aren't exciting enough because it's just logging, but a vulnerability in it brings every everything and everybody down and has possibly billions of dollars of impact to our industry because nobody wanted to fund this project. >> I think that brings up the commercialization point about maybe bringing a venture capital model in saying, "Hey, that boring little logging thing could be a key ingredient for say solving some observability problems so I think let's put some cash." Again then we'd never seen that before. Now you're starting to see that kind of a real smart investment thesis going into Open Source projects. I mean, Promethease, Crafter, these are projects that turned off companies. This is turning up companies. >> A decade ago, there was no money in Dev tools that I think that's been fully debunked now. They used to be a concept that the venture community believed, but there's just too much evidence to the contrary, the companies like Cash Court, Datadog, the list goes on and on. I think the challenge for the Open Source (indistinct) comes back to foundations and working (indistinct) these developers make this code safe and secure. >> Casey, what's your reaction to all of this? You've got, so a project has gained some traction, got some momentum. There's a lot of mission critical. I won't say white spaces, but the opportunities in the big cloud game happening. And there's a lot of, I won't say too many entrepreneurial, but there's a lot of community action happening that's precommercialization that's getting traction. How does this all develop naturally and then vector in quickly when it hits? >> Yeah, I want to go back to the Log4j topic real quick. I think that it's a great example of an area that we need to do better at. And there was a cool article that Rob Pike wrote describing how to quantify the criticality. I think that's sort of quantifying criticality was the article he wrote on how to use metrics, to determine how valuable, how important a piece of Open Source is to the community. And we really need to highlight that more. We need a way to make it more clear how important this software is, how many people depend on it and how many people are contributing to it. And because right now we all do that. Like if I'm going to evaluate an Open Source software, sure, I'll look at how many stars it has and how many contributors it has. But I got to go through and do all that work myself and come up with. It would be really great if we had an agreed upon method for ranking the criticality of software, but then also the risk, hey, that this is used by a ton of people, but nobody's contributing to it anymore. That's a concern. And that would be great to potential users of that to signal whether or not it makes sense. The Open Source Security Foundation, just getting off the ground, they're doing some work in this space, and I'm really excited to see where they go with that looking at ways to stop score critically. >> Well, this brings up a good point while we've got everyone here, let's take a plug and plug a project you think that's not getting the visibility it needs. Let's go through each of you, point out a project that you think people should be looking at and talking about that might get some free visibility here. Anyone want to highlight projects they think should be focused more on, or that needs a little bit of love? >> I think, I mean, particularly if we're talking about these sort of vulnerability issues, there's a ton of work going on, like in the Secure Software Foundation, other foundations, I think there's work going on in Apache somewhere as well around the bill of material, the software bill of materials, the Secure Software supply chain security, even enumerating your dependencies is not trivial today. So I think there's going to be a ton of people doing really good work on that, as well as the criticality aspect. It's all like that. There's a really great xkcd cartoon with your software project and some really big monolithic lumps. And then, this tiny little piece in a very important point that's maintained by somebody in his bedroom in Montana or something and if you called it out. >> Yeah, you just opened where the next lightening and a bottle comes from. And this is I think the beauty of Open Source is that you get a little collaboration, you get three feet in a cloud of dust going and you get some momentum, and if it's relevant, it rises to the top. I think that's the collective intelligence of Open Source. The question I want to ask that the panel here is when you go into an enterprise, and now that the game is changing with a much more collaborative and involved, what's the story if they say, hey, what's in it for me, how do I manage the Open Source? What's the current best practice? Because there's no doubt I can't ignore it. It's in everything we do. How do I organize around it? How do I build around it to be more efficient and more productive and reduce the risk on vulnerabilities to managing staff, making sure the right teams in place, the right agility and all those things? >> You called it, they got to get skin in the game. They need to be active and involved and donating to a sustainable Open Source project is a great way to start. But if you really want to be active, then you should be committing. You should have a goal for your organization to be contributing back to that project. Maybe not committing code, it could be committing resources into the darks or in the tests, or even tweeting about an Open Source project is contributing to it. And I think a lot of these enterprises could benefit a lot from getting more active with the Open Source Foundations that are out there. >> Liz, you've been actively involved. I know we've talked personally when the CNCF started, which had a great commercial uptake from companies. What do you think the current state-of-the-art kind of equation is has it changed a little bit? Or is it the game still the same? >> Yeah, and in the early days of the CNCF, it was very much dominated by vendors behind the project. And now we're seeing more and more membership from end-user companies, the kind of enterprises that are building their businesses on Cloud Native, but their business is not in itself. That's not there. The infrastructure is not their business. And I think seeing those companies, putting money in, putting time in, as Brian says contributing resources quite often, there's enough money, but finding the talent to do the work and finding people who are prepared to actually chop the wood and carry the water, >> Exactly. >> that it's hard. >> And if enterprises can find peoples to spend time on Open Source projects, help with those chores, it's hugely valuable. And it's one of those the rising tide floats all the boats. We can raise security, we can reduce the amount of dependency on maintain projects collectively. >> I think the business models there, I think one of the things I'll react to and then get your guys' comments is remember which CubeCon it was, it was one of the early ones. And I remember seeing Apple having a booth, but nobody was manning. It was just an Apple booth. They weren't doing anything, but they were recruiting. And I think you saw the transition of a business model where the worry about a big vendor taking over a project and having undue influence over it goes away because I think this idea of participation is also talent, but also committing that talent back into the communities as a model, as a business model, like, okay, hire some great people, but listen, don't screw up the Open Source piece of it 'cause that's a critical. >> Also hire a channel, right? They can use those contributions to source that talent and build the reputation in the communities that they depend on. And so there's really a lot of benefit to the larger organizations that can do this. They'll have a huge pipeline of really qualified engineers right out the gate without having to resort to cheesy whiteboard interviews, which is pretty great. >> Yeah, I agree with a lot of this. One of my concerns is that a lot of these corporations tend to focus very narrowly on certain projects, which they feel that they depend greatly, they'll invest in OpenStack, they'll invest in Docker, they'll invest in some of the CNCF projects. And then these other projects get ignored. Something that I've been a proponent of for a little bit for a while is observability of your dependencies. And I don't think there's quite enough projects and solutions to this. And it sounds maybe from lists, there are some projects that I don't know about, but I also know that there's some startups like Snyk and so forth that help with a little bit of this problem, but I think we need more focus on some of these edges. And I think companies need to do better, both in providing, having some sort of solution for observability of the dependencies, as well as understanding those dependencies and managing them. I've seen companies for instance, depending on software that they actively don't want to use based on a certain criteria that they already set projects, like they'll set a requirement that any project that they use has a code of conduct, but they'll then use projects that don't have codes of conduct. And if they don't have a code of conduct, then employees are prohibited from working on those projects. So you've locked yourself into a place where you're depending on software that you have instructed, your employees are not allowed to contribute to, for certain legal and other reasons. So you need to draw a line in the sand and then recognize that those projects are ones that you don't want to consume, and then not use them, and have observability around these things. >> That's a great point. I think we have 10 minutes left. I want to just shift to a topic that I think is relevant. And that is as Open Source software, software, people develop software, you see under the hood kind of software, SREs developing very quickly in the CloudScale, but also you've got your classic software developers who were writing code. So you have supply chain, software supply chain challenges. You mentioned developer experience around how to code. You have now automation in place. So you've got the development of all these things that are happening. Like I just want to write software. Some people want to get and do infrastructure as code so DevSecOps is here. So how does that look like going forward? How has the future of Open Source going to make the developers just want to code quickly? And the folks who want to tweak the infrastructure a bit more efficient, any views on that? >> At Gaggle, we're using AWS' CDK, exclusively for our infrastructure as code. And it's a great transition for developers instead of writing Yammel or Jason, or even HCL for their infrastructure code, now they're writing code in the language that they're used to Python or JavaScript, and what that's providing is an easier transition for developers into that Infrastructure as code at Gaggle here, but it's also providing an opportunity to provide reusable constructs that some Devs can build on. So if we've got a very opinionated way to deploy a serverless app in a database and do auto-scaling behind and all stuff, we can present that to a developer as a library, and they can just consume it as it is. Maybe that's as deep as they want to go and they're happy with that. But then they want to go deeper into it, they can either use some of the lower level constructs or create PRs to the platform team to have those constructs changed to fit their needs. So it provides a nice on-ramp developers to use the tools and languages they're used to, and then also go deeper as they need. >> That's awesome. Does that mean they're not full stack developers anymore that they're half stack developers they're taking care of for them? >> I don't know either. >> We'll in. >> No, only kidding. Anyway, any other reactions to this whole? I just want to code, make it easy for me, and some people want to get down and dirty under the hood. >> So I think that for me, Docker was always a key part of this. I don't know when DevSecOps was coined exactly, but I was talking with people about it back in 2012. And when I joined Docker, it was a part of that vision for me, was that Docker was applying these security principles by default for your application. It wasn't, I mean, yes, everybody adopted because of the portability and the acceleration of development, but it was for me, the fact that it was limiting what you could do from a security angle by default, and then giving you these tuna balls that you can control it further. You asked about a project that may not get enough recognition is something called DockerSlim, which is designed to optimize your containers and will make them smaller, but it also constraints the security footprint, and we'll remove capabilities from the container. It will help you build security profiles for app armor and the Red Hat one. SELinux. >> SELinux. >> Yeah, and this is something that I think a lot of developers, it's kind of outside of the realm of things that they're really thinking about. So the more that we can automate those processes and make it easier out of the box for users or for... when I say users, I mean, developers, so that it's straightforward and automatic and also giving them the capability of refining it and tuning it as needed, or simply choosing platforms like serverless offerings, which have these security constraints built in out of the box and sometimes maybe less tuneable, but very strong by default. And I think that's a good place for us to be is where we just enforced these things and make you do things in a secure way. >> Yeah, I'm a huge fan of Kubernetes, but it's not the right hammer for every nail. And there are absolutely tons of applications that are better served by something like Lambda where a lot more of that security surface is taken care of for the developer. And I think we will see better tooling around security profiling and making it easier to shrink wrap your applications that there are plenty of products out there that can help you with this in a cloud native environment. But I think for the smaller developer let's say, or an earlier stage company, yeah, it needs to be so much more straightforward. Really does. >> Really an interesting time, 10 years ago, when I was working at Adobe, we used to requisition all these analysts to tell us how many developers there were for the market. And we thought there was about 20 million developers. If GitHub's to be believed, we think there is now around 80 million developers. So both these groups are probably wrong in their numbers, but the takeaway here for me is that we've got a lot of new developers and a lot of these new developers are really struck by a paradox of choice. And they're typically starting on the front end. And so there's a lot of movement in the stack moved towards the front end. We saw that at re:Invent when Amazon was really pushing Amplify 'cause they're seeing this too. It's interesting because this is where folks start. And so a lot of the obstructions are moving in that direction, but maybe not always necessarily totally appropriate. And so finding the right balance for folks is still a work in progress. Like Lambda is a great example. It lets me focus totally on just business logic. I don't have to think about infrastructure pretty much at all. And if I'm newer to the industry, that makes a lot of sense to me. As use cases expand, all of a sudden, reality intervenes, and it might not be appropriate for everything. And so figuring out what those edges are, is still the challenge, I think. >> All right, thank you very much for coming on the CUBE here panel. AWS Heroes, thanks everyone for coming. I really appreciate it, thank you. >> Thank you. >> Thank you. >> Okay. >> Thanks for having me. >> Okay, that's a wrap here back to the program and the awesome startups. Thanks for watching. (upbeat music)

>> Welcome to this Cube Conversation, I'm Lisa Martin. I'm joined by Derek Manky next, the Chief Security Insights and Global Threat Alliances at Fortiguard Labs. Derek, welcome back to the program. >> Hey, it's great to be here again. A lot of stuff's happened since we last talked. >> So Derek, one of the things that was really surprising from this year's Global Threat Landscape Report is a 10, more than 10x increase in ransomware. What's going on? What have you guys seen? >> Yeah so this is massive. We're talking over a thousand percent over a 10x increase. This has been building Lisa, So this has been building since December of 2020. Up until then we saw relatively low high watermark with ransomware. It had taken a hiatus really because cyber criminals were going after COVID-19 lawyers and doing some other things at the time. But we did see a seven fold increase in December, 2020. That has absolutely continued this year into a momentum up until today, it continues to build, never subsided. Now it's built to this monster, you know, almost 11 times increase from, from what we saw back last December. And the reason, what's fueling this is a new verticals that cyber criminals are targeting. We've seen the usual suspects like telecommunication, government in position one and two. But new verticals that have risen up into this third and fourth position following are MSSP, and this is on the heels of the Kaseya attack of course, that happened in 2021, as well as operational technology. There's actually four segments, there's transportation, automotive, manufacturing, and then of course, energy and utility, all subsequent to each other. So there's a huge focus now on, OT and MSSP for cyber criminals. >> One of the things that we saw last year this time, was that attackers had shifted their focus away from enterprise infrastructure devices, to home networks and consumer grade products. And now it looks like they're focusing on both. Are you seeing that? >> Yes, absolutely. In two ways, so first of all, again, this is a kill chain that we talk about. They have to get a foothold into the infrastructure, and then they can load things like ransomware on there. They can little things like information stealers as an example. The way they do that is through botnets. And what we reported in this in the first half of 2021 is that Mirai, which is about a two to three-year old botnet now is number one by far, it was the most prevalent botnet we've seen. Of course, the thing about Mirai is that it's an IOT based botnet. So it sits on devices, sitting inside consumer networks as an example, or home networks, right. And that can be a big problem. So that's the targets that cyber criminals are using. The other thing that we saw that was interesting was that one in four organizations detected malvertising. And so what that means Lisa, is that cyber criminals are shifting their tactics from going just from cloud-based or centralized email phishing campaigns to web born threats, right. So they're infecting sites, waterhole attacks, where, you know, people will go to read their daily updates as an example of things that they do as part of their habits. They're getting sent links to these sites that when they go to it, it's actually installing those botnets onto those systems, so they can get a foothold. We've also seen scare tactics, right. So they're doing new social engineering lures, pretending to be human resource departments. IT staff and personnel, as an example, with popups through the web browser that look like these people to fill out different forms and ultimately get infected on home devices. >> Well, the home device use is proliferate. It continues because we are still in this work from home, work from anywhere environment. Is that, you think a big factor in this increase from 7x to nearly 11x? >> It is a factor, absolutely. Yeah, like I said, it's also, it's a hybrid of sorts. So a lot of that activity is going to the MSSP angle, like I said to the OT. And to those new verticals, which by the way, are actually even larger than traditional targets in the past, like finance and banking, is actually lower than that as an example. So yeah, we are seeing a shift to that. And like I said, that's, further backed up from what we're seeing on with the, the botnet activity specifically with Mirai too. >> Are you seeing anything in terms of the ferocity, we know that the volume is increasing, are they becoming more ferocious, these attacks? >> Yeah, there is a lot of aggression out there, certainly from, from cyber criminals. And I would say that the velocity is increasing, but the amount, if you look at the cyber criminal ecosystem, the stakeholders, right, that is increasing, it's not just one or two campaigns that we're seeing. Again, we're seeing, this has been a record cases year, almost every week we've seen one or two significant, cyber security events that are happening. That is a dramatic shift compared to last year or even, two years ago too. And this is because, because the cyber criminals are getting deeper pockets now. They're becoming more well-funded and they have business partners, affiliates that they're hiring, each one of those has their own methodology, and they're getting paid big. We're talking up to 70 to 80% commission, just if they actually successfully, infect someone that pays for the ransom as an example. And so that's really, what's driving this too. It's a combination of this kind of perfect storm as we call it, right. You have this growing attack surface, work from home environments and footholds into those networks, but you have a whole bunch of other people now on the bad side that are orchestrating this and executing the attacks too. >> So what can organizations do to start- to slow down or limit the impacts of this growing ransomware as a service? >> Yeah, great question. Everybody has their role in this, I say, right? So if we look at, from a strategic point of view, we have to disrupt cyber crime, how do we do that? It starts with the kill chain. It starts with trying to build resilient networks. So things like ZTA and a zero trust network access, SD-WAN as an example for protecting that WAN infrastructure. 'Cause that's where the threats are floating to, right. That's how they get the initial footholds. So anything we can do on the preventative side, making networks more resilient, also education and training is really key. Things like multi-factor authentication are all key to this because if you build that preventatively and it's a relatively small investment upfront Lisa, compared to the collateral damage that can happen with these ransomware paths, the risk is very high. That goes a long way, it also forces the attackers to- it slows down their velocity, it forces them to go back to the drawing board and come up with a new strategy. So that is a very important piece, but there's also things that we're doing in the industry. There's some good news here, too, that we can talk about because there's things that we can actually do apart from that to really fight cyber crime, to try to take the cyber criminals offline too. >> All right, hit me with the good news Derek. >> Yeah, so a couple of things, right. If we look at the botnet activity, there's a couple of interesting things in there. Yes, we are seeing Mirai rise to the top right now, but we've seen big problems of the past that have gone away or come back, not as prolific as before. So two specific examples, EMOTET, that was one of the most prolific botnets that was out there for the past two to three years, there is a take-down that happened in January of this year. It's still on our radar but immediately after that takedown, it literally dropped to half of the activity it had before. And it's been consistently staying at that low watermark now at that half percentage since then, six months later. So that's very good news showing that the actual coordinated efforts that were getting involved with law enforcement, with our partners and so forth, to take down these are actually hitting their supply chain where it hurts, right. So that's good news part one. Trickbot was another example, this is also a notorious botnet, takedown attempt in Q4 of 2020. It went offline for about six months in our landscape report, we actually show that it came back online in about June this year. But again, it came back weaker and now the form is not nearly as prolific as before. So we are hitting them where it hurts, that's that's the really good news. And we're able to do that through new, what I call high resolution intelligence that we're looking at too. >> Talk to me about that high resolution intelligence, what do you mean by that? >> Yeah, so this is cutting edge stuff really, gets me excited, keeps me up at night in a good way. 'Cause we we're looking at this under the microscope, right. It's not just talking about the what, we know there's problems out there, we know there's ransomware, we know there's a botnets, all these things, and that's good to know, and we have to know that, but we're able to actually zoom in on this now and look at- So we, for the first time in the threat landscape report, we've published TTPs, the techniques, tactics, procedures. So it's not just talking about the what, it's talking about the how, how are they doing this? What's their preferred method of getting into systems? How are they trying to move from system to system? And exactly how are they doing that? What's the technique? And so we've highlighted that, it's using the MITRE attack framework TTP, but this is real time data. And it's very interesting, so we're clearly seeing a very heavy focus from cyber criminals and attackers to get around security controls, to do defense innovation, to do privilege escalation on systems. So in other words, trying to be common administrator so they can take full control of the system. As an example, lateral movement, there's still a preferred over 75%, 77 I believe percent of activity we observed from malware was still trying to move from system to system, by infecting removable media like thumb drives. And so it's interesting, right. It's a brand new look on these, a fresh look, but it's this high resolution, is allowing us to get a clear image, so that when we come to providing strategic guides and solutions in defense, and also even working on these takedown efforts, allows us to be much more effective. >> So one of the things that you said in the beginning was we talked about the increase in ransomware from last year to this year. You said, I don't think that we've hit that ceiling yet, but are we at an inflection point? Data showing that we're at an inflection point here with being able to get ahead of this? >> Yeah, I would like to believe so, there is still a lot of work to be done unfortunately. If we look at, there's a recent report put out by the Department of Justice in the US saying that, the chance of a criminal to be committing a crime, to be caught in the US is somewhere between 55 to 60%, the same chance for a cyber criminal lies less than 1%, well 0.5%. And that's the bad news, the good news is we are making progress in sending messages back and seeing results. But I think there's a long road ahead. So, there's a lot of work to be done, We're heading in the right direction. But like I said, they say, it's not just about that. It's, everyone has their role in this, all the way down to organizations and end users. If they're doing their part of making their networks more resilient through this, through all of the, increasing their security stack and strategy. That is also really going to stop the- really ultimately the profiteering that wave, 'cause that continues to build too. So it's a multi-stakeholder effort and I believe we are getting there, but I continue to still, I continue to expect the ransomware wave to build in the meantime. >> On the end-user front, that's always one of the vectors that we talk about, it's people, right? There's so much sophistication in these attacks that even security folks and experts are nearly fooled by them. What are some of the things that you're saying that governments are taking action on some recent announcements from the White House, but other organizations like Interpol, the World Economic Forum, Cyber Crime Unit, what are some of the things that governments are doing that you're seeing that as really advantageous here for the good guys? >> Yeah, so absolutely. This is all about collaboration. Governments are really focused on public, private sector collaboration. So we've seen this across the board with Fortiguard Labs, we're on the forefront with this, and it's really exciting to see that, it's great. There's always been a lot of will to work together, but we're starting to see action now, right? Interpol is a great example, they recently this year, held a high level forum on ransomware. I actually spoke and was part of that forum as well too. And the takeaways from that event were that we, this was a message to the world, that public, private sector we need. They actually called ransomware a pandemic, which is what I've referred to it as before in itself as well too. Because it is becoming that much of a problem and that we need to work together to be able to create action, action against this, measure success, become more strategic. The World Economic Forum were leading a project called the Partnership Against Cyber Crime Threat Map Project. And this is to identify, not just all this stuff we talked about in the threat landscape report, but also looking at, things like, how many different ransomware gangs are there out there. What do the money laundering networks look like? It's that side of the supply chain to map out, so that we can work together to actually take down those efforts. But it really is about this collaborative action that's happening and it's innovation and there's R&D behind this as well, that's coming to the table to be able to make it impactful. >> So it sounds to me like ransomware is no longer a- for any organization in any industry you were talking about the expansion of verticals. It's no longer a, "If this happens to us," but a matter of when and how do we actually prepare to remediate, prevent any damage? >> Yeah, absolutely, how do we prepare? The other thing is that there's a lot of, with just the nature of cyber, there's a lot of connectivity, there's a lot of different, it's not just always siloed attacks, right. We saw that with Colonial obviously, this year where you have attacks on IT, that can affect consumers, right down to consumers, right. And so for that very reason, everybody's infected in this. it truly is a pandemic I believe on its own. But the good news is, there's a lot of smart people on the good side and that's what gets me excited. Like I said, we're working with a lot of these initiatives. And like I said, some of those examples I called up before, we're actually starting to see measurable progress against this as well. >> That's good, well never a dull day I'm sure in your world. Any thing that you think when we talk about this again, in a few more months of the second half of 2021, anything you predict crystal ball wise that we're going to see? >> Yeah, I think that we're going to continue to see more of the, I mean, ransomware, absolutely, more of the targeted attacks. That's been a shift this year that we've seen, right. So instead of just trying to infect everybody for ransom, as an example, going after some of these new, high profile targets, I think we're going to continue to see that happening from the ransomware side and because of that, the average costs of these data breaches, I think they're going to continue to increase, it already did in 2021 as an example, if we look at the cost of a data breach report, it's gone up to about $5 million US on average, I think that's going to continue to increase as well too. And then the other thing too is, I think that we're going to start to see more, more action on the good side like we talked about. There was already a record amount of takedowns that have happened, five takedowns that happened in January. There were arrests made to these business partners, that was also new. So I'm expecting to see a lot more of that coming out towards the end of the year too. >> So as the challenges persist, so do the good things that are coming out of this. Where can folks go to get this first half 2021 Global Threat Landscape? What's the URL that they can go to? >> Yeah, you can check it out, all of our updates and blogs including the threat landscape reports on blog.fortinet.com under our threat research category. >> Excellent, I read that blog, it's fantastic. Derek, always a pleasure to talk to you. Thanks for breaking this down for us, showing what's going on. Both the challenging things, as well as the good news. I look forward to our next conversation. >> Absolutely, it was great chatting with you again, Lisa. Thanks. >> Likewise for Derek Manky, I'm Lisa Martin. You're watching this Cube Conversation. (exciting music)

>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.

>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.

>> From theCUBE studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE at ETR. This is Breaking Analysis with Dave Vellante >> As we've reported extensively, the pandemic has affected cybersecurity markets perhaps more than any other. Remote work has caused CISOs, chief information security officers to shift spending priorities toward identity access management endpoint and cloud security. COVID has been a benefactor for next gen security companies that participate in these sectors. Notably, we believe tactical responses to the coronavirus have resulted in productivity improvements that will create permanent change in the way organizations defend themselves against cyber threats. Hello everyone and welcome to this week's Wikibon CUBE Insights powered by ETR. In this Breaking Analysis, we'll provide you with our quarterly update of the cybersecurity space and share fresh ETR data on the market. We also have some results from Eric Bradley's most recent Venn round table conducted with three senior chief information security officers. Let's start by looking at this notion of a single pane of glass. Now, despite the aspiration, there is no silver bullet to protect organizations from cyber attacks. The complexities of security, they're enormous and they require a layered defense approach. They range from securing internal networks to end points, to DMZ subnets, external traffic security, data in motion, data at rest, protecting from ransomware, dealing with web traffic, emails, phishing, not to mention threats from internal employees and contractors. As we mentioned at the open, there are three areas in particular that have seen significantly elevated spending momentum that is translated into the valuation increases for several companies, including CrowdStrike, Okta, Zscaler and several others. Zero trust security has gone from buzzword to reality. And spending shifts to these technologies have siphoned off demand from traditional hardware based firewalls. Although CISOs seem to be hedging their bets, at some point, they realized that people are actually going to come back to the office, so they have to remain agile. Lack of talent. Well, that remains one of the CISOs biggest challenges to securing applications and data. And automation while sometimes viewed as risky, is becoming increasingly important. Several companies have hit our radar this quarter and were highlighted in the CISO Panel, including Elastic which has seen momentum as an open source alternative to Splunk and notably multiple CIOs in the panel, they cited concerns related to Splunk's pricing and their sales tactics. They actually compared those of Splunk to those of EMC in the past, if anybody remembers how aggressive EMC salespeople could be. CloudFlare also broke into the top 10 in the ETR survey based on net score which is a measure of spending momentum. And that was for those companies with more than 50 mentions in the survey. CloudFlare is a CDN and provides security for websites. Also Netskope, a cloud security specialist cracked the top 10 in terms of net score and received high marks from the CISO panel, particularly with respect to it's vision and roadmap. Microsoft, Palo Alto Networks, Okta, CrowdStrike Cisco, CyberArk, SailPoint, Zscaler and Proofpoint remain focus vendors for us in the ETR survey as measured by spending momentum and their presence in the data set, what we call market share. And we'll talk more about those companies in a moment. Now finally, even CISOs that were skeptical about the permanence of the effects of COVID, they're seeing business benefits that suggest many of these shifts are circular, and not cyclical. Indeed, prior to the pandemic, ETR survey data showed that about 16% of organizations workers were primarily remote. CIOs expect that number to more than double post pandemic to 34%. Let's say you look at some of the cybersecurity vendors. We'll plot some, we don't have enough room to plot all of them, there are so many. But this chart shows one of our favorite XY views. On the Y axis, we measure net score. And that measures against spending velocity by looking at the net percentage of customers that are spending more versus those that are spending less within the ETR survey. The X axis measures market share or pervasiveness in the survey. Now we've included a select list of companies for this view and only include those with more than 50 responses, or 50 Ns, shared Ns, if you will, in the data set. In the upper right, you can see a table that shows the data sorted by both net score and shared Ns for each vendor. Now, as we indicated, Elastic has taken the top spot, just barely edging out Okta who took over from CrowdStrike in the last survey. And you can see the significant market presence of Palo Alto and Splunk and the most pervasive vendor here is Cisco. Note that Cisco also owns Umbrella and Duo which both have meaningful Ns in the survey. Now, if we were to combine these into one view, a single view of Cisco, all three of those, it would pull the company even further up into the right. Security is one of the bright spots in Cisco's portfolio and shows consistent year-on-year growth each quarter. Now having said that, some CISOs complained that Cisco's propensity to rely on acquisitions to fill gaps has caused them integration challenges in the past. Let's go back to Palo Alto for a moment. We'll make some comments later regarding their position relative to Fortinet, but we wanted to call them out here. Look, CISOs, they really liked Palo Alto. They trust the Palo Alto Networks. They consider Palo Alto as a trusted leader with a very strong portfolio and vision. Now let's turn our attention to the pack here, as we mentioned, Okta's momentum is notably elevated and it's meaningfully higher than the others. Its presence continues to increase up to the right, as does CrowdStrike's, or to the right, not necessarily up to the right, but to the right. But CrowdStrike has come off its net score high, so it's coming down actually in the vertical axis. And we're not super concerned about that because they're dramatically increasing their presence on the X axis each survey. But so is Okta, so that's something to watch. In other words, CrowdStrike's coming down in net score while it's increasing its presence, Okta is holding its net score while at the same time increasing its presence, which is really a strong sign. Now that they compete, they don't compete against each other directly, but it's they're still in the same sector. We've also included Carbon Black here because because of their VMware acquisition and VMware CEO, Pat Gelsinger, he's on a mission to fix security and the company has made a number of moves in cyber. VMware has a really good track record could of execution and while fixing Curity is highly aspirational. With its install base and history of success, we wanted to include them here because they're getting more attention of the CISOs in the ETR panel. So we're keeping an eye on VMware and Carbon Black. It's going to take some time, but we'll keep watching them. Now let's take a look at how the players have moved this year over the quarters. We're going to show you four tables here and we're going to compare the net scores and market share of the cyber companies for January, April, July, and October surveys. So pre-COVID and throughout the year. So let's look first at the pre-COVID positions. The left most chart is sorted by net score or spending momentum and the right most chart is the shared Ns, which is the number of mentions in the survey, which is what drives the horizontal axis that I showed you earlier. Now, when you go back to the January survey, you see CrowdStrike was already doing very well with an elevated net score of 68.3% and 123 mentions. By the way, please ignore those companies with less than 50 Ns, I didn't filter the data back then. I was kind of still learning how to use the ETR software platform. Okta was also elevated and you can see the others there as well. Now, last year, we came up with a method to assign stars to those companies that had both top net scores and large shared Ns in the survey. So spending momentum and strong market share. And you can see Microsoft, Splunk, Palo Alto Networks, Proofpoint, CrowdStrike, Zscaler and CyberArk made the cut and all received four stars. And we gave two stars to Cisco and Fortinet because they had strong net scores and very high presence in the survey. Now let's go forward and look at April when the lockdown was in full swing. Okay, so we tightened things up in April and on the presentation of the survey did and only included those companies with more than 50N. And we cut the top 10, that's the red line and we put in their Dell EMC which is RSA and IBM for context. And you can see CrowdStrike, they shot to the top with a 68% net score and increased it's shared N, and you can see the stars right. Now, let's just jump ahead to the July survey. So now we're well into the pandemic. Maybe things are calming down a little bit in the summer. People feeling a little bit more freedom, maybe not as concerned about the work-from-home peace, that's sort of settling in, and CISOs, they had a little time to respond here and that's kind of the picture in the summer. Okta jumped way up on the left, you see in spending momentum and CrowdStrike, they moderated a bit, although they remained elevated. And again, they're not direct competitors, but it's instructive to compare these two firms, 'cause they're both hot and growing. And you see the green lines, they show the direction of the momentum of the net score. CrowdStrike was a bit of a concern because its net score dropped and its presence in the dataset kind of moderated. But the company continued to report strong revenue during its earnings calls and the stock remain a darling. So some mixed signals in the data, one quarter doesn't necessarily make a trend. But Okta, Microsoft, Cisco, Palo Alto, Splunk and several others, they remained very, very strong. Now let's go into the most recent October survey. So again, we continue to fine tune our presentation analysis here. And you can see there are two red lines. The top one is the top 10 cutoff. And the second line is the top 20. As we said, Elastic hit the radar for net score but still not pervasive enough in the dataset on the right to earn some stars with the shared Ns. So Okta in our view continues to hold that top spot for momentum and made the top 10 cut for shared N, two very positive signs. It's shared N, for example, jumped from 139 to 185. So more and more mentions, people are increasingly relying on Okta for identity access management. Now for the green arrows here, the momentum lines, we've tried to take into consideration the shared N. So even though, for example CrowdStrike's net score dropped from 50 down to 43%, it's shared N, or again, the number of mentions, it jumped from 119 to 162. So that's a 36% increase and you might be thinking, well, why is that significant? Well, CIOs and IT buyers in the ETR survey, they're asked to choose the areas with which they are most familiar and then they answer questions on which vendors they use. So the fact that companies like Okta and Palo Alto and CrowdStrike and several others that we've highlighted are increasing their presence in the data set and still maintaining a very strong net score is a really good signal in our view. That's why, for example, take Zscaler, we still give them two stars, even though on a relative basis, it didn't make the top 10 cut. It's net score held relatively firm and it's shared N jumped by 39%. So we continue to like names like Zscaler, Okta, CrowdStrike, CyberArk, Proofpoint Fortinet and of course Microsoft, which consistently shines brightly. Let's look at a comment that underscores the CISOs sentiment and I think the market overall. Here's a comment from a CISO of a global travel and hospitality company. It's a name you would recognize and obviously this individual's business was hit hard by the pandemic. So there's an inherent bias toward hope anyway, toward a return to the normal. But look at the comment, I'll read it. "I was a skeptic on the permanence of the changes due to COVID, but I've seen firsthand, there are legitimate structural changes that are taking place, and that's going to fundamentally shift where companies are investing in cyber. Building leases are expiring, people, they're productive working from home. Products that enable work from home and that are cloud first, that trend will continue and be permanent." And you know what? We agree. Okay, here's a chart that we've been updating since right before the pandemic and it compares the performance of the S & P 500 and Nasdaq with specific security companies that are public. And we've been tracking the revenue multiples on a trailing 12 month revenue basis over time to get a sense of how these companies compare. And we prefer to use forward looking revenue, but find TTM to be more consistent and frankly easier to access quickly. So that's what we're using. Now note that Splunk, Octa, CrowdStrike and Zscaler, those are the guys I've highlighted in red, they have yet to report as of this publication. A couple of points here are worth noting. First, we've been talking a lot about the divergence in valuation between Palo Alto and Fortinet and we'll show some more data on that in a moment but we want to share some CISO comments about Fortinet. People sometimes refer to Fortinet as Forti knife, as in Swiss army knife. They're a Swiss army knife of cyber, Forti everything is what one CISO called it. Fortinet is more price attractive, especially for mid-sized companies who don't have the resources of larger firms that might gravitate toward Palo Alto Networks. And the companies around for awhile and has earned the trust of CISOs because of their portfolio and their track record. Now, the other notable item in this data is the rise in value for Okta, CrowdStrike and Zscaler which have seen values increase 78%, 128%, 124% respectively in the time period we show here. You can see the very highly elevated revenue multiples compared to some of the more mature companies. Splunk, they're a bit of an outlier here 'cause we're showing negative growth in that right-hand column. And that's because of its transition toward a subscription model. That really messes up the income statement. And we just wanted to cite that. Splunk's been doing a good job communicating to the street. There are some concerns in the ETR dataset, which we've talked about. They've sort of moderated lately. There's also concerns about pricing that CISOs have mentioned, but generally there's a real bifurcation in the market in terms of valuations. And we think that while there's a lot of discussion about the so-called stay-at-home stocks and a shift back away from those when the pandemic subsides, we believe that the productivity benefits of remote work are becoming more clear and these next gen security companies are going to continue to thrive. Now let's take a moment to look at the relative performance of Palo Alto and Fortinet. Back in February of this year, we noted that there was a valuation divergence occurring between these two companies. And we cited three factors at the time for this gap. First, we said the Palo Alto was trying to cloud proof its business, and as such, it was in transition. And second, it had some challenges with regard to the pace of that transition, including sales incentives, actually that's part of the first point. That was kind of one A. Secondly, we said that the shift away from appliance-based firewalls was accelerating and that was pressuring Palo Alto's valuation. They were kind of underperforming in that segment. And finally we said the Palo Alto was facing some very tough compares in 2019 relative to 2018. And that was causing investors to pause as Palo Alto began shifting to an annual recurring revenue model. Now we said at the time that CISOs really, they really liked Palo Alto and we felt it would... the company would deal with these issues in 2020. And this chart really shows that and they've begun to reverse this trend. The yellow line is Fortinet. The blue line is Palo Alto and it's showing this sort of relative performance here. And you can see that gap coming into 2020 which extended into the meat of 2020. But now it's starting to compress, thanks to a nice earnings report that beat EPS on revenue this month, as we're talking about Palo Alto. So we continue to believe that Fortinet has done a good job and a better job of moving to the cloud model. And Palo Alto has largely relied on acquisitions to accelerate this trend. And we'll see if they can continue to thrive during this transition to cloud. But there's little doubt that CISOs want to work with Palo Alto networks and they remain committed to having a strategic relationship with the company. Alright, let's wrap. The shift to the subscription model is well underway in the cybersecurity space and it's buoyed by cloud and next generation SAS-based security players. Splunk is in transition. Cisco and Palo Alto emphasize the importance of this trend and virtually all historically on-prem players are being forced to respond. Survey data and anecdotal information from theCUBE community supports what the ETR Venn CISOs are saying, that the internet is becoming the new private network and these trends toward cloud-based and remote worker support are delivering benefits that CEOs and CFOs are going to continue to push to operationalize. CISOs, they got to continue to take a multi-layered approach to defending their data, their applications and their users. And it's such a fragmented market with specialists is going to continue for quite some time. Now, despite these clear trends, CISOs face a real challenge, the timing of the return to semi normal, it's really uncertain. And we still don't have a clear picture of what that future will look like. As such incumbent firms with hardened networks, they're going to have to remain in a hybrid holding pattern to accommodate whatever happens. Why is that important? Well, this means that budgets are going to be stretched. Look, while security remains a top priority, you can't expect an open checkbook going to SecOps team. Throwing money at the problem wouldn't really solve it anyway. Rather CISOs have to take a balanced portfolio of investments, continuing with automation and data analytics and of course, good security practice practices. That's going to be the pattern. Alright, well, thanks everyone for watching this episode of theCUBE insights powered by ETR. There are many ways to get in touch. @dvellante on Twitter, david.vellante@siliconangle.com. You can comment on my LinkedIn posts. I publish weekly on wikibon.com and siliconangle.com and always appreciate the feedback from our community. These episodes, by the way, are all available as podcasts. So you can listen while you multitask and don't forget to check out etr.plus for all the survey action. This is Dave Vellante. Have a great Thanksgiving, be smart, stay safe and we'll see you next time. (light melodic music)

>>from around the globe. It's the Cube with digital coverage of VM World 2020 brought to you by VM Ware and its ecosystem partners. Hello and welcome back to the cubes. Virtual coverage of VM World 2020 Virtual I'm John for your host of the Cube, our 11th year covering V emeralds. Not in person. It's virtual. I'm with my coast, Dave. A lot, of course. Ah, guest has been on every year since the cubes existed. Sanjay Putin, who is now the chief operating officer for VM Ware Sanjay, Great to see you. It's our 11th years. Virtual. We're not in person. Usually high five are going around. But hey, virtual fist pump, >>virtual pissed bump to you, John and Dave, always a pleasure to talk to you. I give you more than a virtual pistol. Here's a virtual hug. >>Well, so >>great. Back at great. >>Great to have you on. First of all, a lot more people attending the emerald this year because it's virtual again, it doesn't have the face to face. It is a community and technical events, so people do value that face to face. Um, but it is virtually a ton of content, great guests. You guys have a great program here, Very customer centric. Kind of. The theme is, you know, unpredictable future eyes is really what it's all about. We've talked about covert you've been on before. What's going on in your perspective? What's the theme of your main talks? >>Ah, yeah. Thank you, John. It's always a pleasure to talk to you folks. We we felt as we thought, about how we could make this content dynamic. We always want to make it fresh. You know, a virtual show of this kind and program of this kind. We all are becoming experts at many Ted talks or ESPN. Whatever your favorite program is 60 minutes on becoming digital producers of content. So it has to be crisp, and everybody I think was doing this has found ways by which you reduce the content. You know, Pat and I would have normally given 90 minute keynotes on day one and then 90 minutes again on day two. So 180 minutes worth of content were reduced that now into something that is that entire 180 minutes in something that is but 60 minutes. You you get a chance to use as you've seen from the keynote an incredible, incredible, you know, packed array of both announcements from Pat myself. So we really thought about how we could organize this in a way where the content was clear, crisp and compelling. Thekla's piece of it needed also be concise, but then supplemented with hundreds of sessions that were as often as possible, made it a goal that if you're gonna do a break out session that has to be incorporate or lead with the customer, so you'll see not just that we have some incredible sea level speakers from customers that have featured in in our pattern, Mikey notes like John Donahoe, CEO of Nike or Lorry beer C I, a global sea of JPMorgan Chase partner Baba, who is CEO of Zuma Jensen Wang, who is CEO of video. Incredible people. Then we also had some luminaries. We're gonna be talking in our vision track people like in the annuity. I mean, one of the most powerful women the world many years ranked by Fortune magazine, chairman, CEO Pepsi or Bryan Stevenson, the person who start in just mercy. If you watch that movie, he's a really key fighter for social justice and criminal. You know, reform and jails and the incarceration systems. And Malala made an appearance. Do I asked her personally, I got to know her and her dad's and she spoke two years ago. I asked her toe making appearance with us. So it's a really, really exciting until we get to do some creative stuff in terms of digital content this year. >>So on the product side and the momentum side, you have great decisions you guys have made in the past. We covered that with Pat Gelsinger, but the business performance has been very strong with VM. Where, uh, props to you guys, Where does this all tie together for in your mind? Because you have the transformation going on in a highly accelerated rate. You know, cov were not in person, but Cove in 19 has proven, uh, customers that they have to move faster. It's a highly accelerated world, a lot. Lots changing. Multi cloud has been on the radar. You got security. All the things you guys are doing, you got the AI announcements that have been pumping. Thean video thing was pretty solid. That project Monterey. What does the customer walk away from this year and and with VM where? What is the main theme? What what's their call to action? What's what do they need to be doing? >>I think there's sort of three things we would encourage customers to really think about. Number one is, as they think about everything in infrastructure, serves APS as they think about their APS. We want them to really push the frontier of how they modernize their athletic applications. And we think that whole initiative off how you modernized applications driven by containers. You know, 20 years ago when I was a developer coming out of college C, C plus, plus Java and then emerge, these companies have worked on J two ee frameworks. Web Logic, Be Aware logic and IBM Web Street. It made the development off. Whatever is e commerce applications of portals? Whatever was in the late nineties, early two thousands much, much easier. That entire world has gotten even easier and much more Micro service based now with containers. We've been talking about kubernetes for a while, but now we've become the leading enterprise, contain a platform making some incredible investments, but we want to not just broaden this platform. We simplified. It is You've heard everything in the end. What works in threes, right? It's sort of like almost t shirt sizing small, medium, large. So we now have tens Ooh, in the standard. The advanced the enterprise editions with lots of packaging behind that. That makes it a very broad and deep platform. We also have a basic version of it. So in some sense it's sort of like an extra small. In addition to the small medium large so tends to and everything around at modernization, I think would be message number one number two alongside modernization. You're also thinking about migration of your workloads and the breadth and depth of, um, er Cloud Foundation now of being able to really solve, not just use cases, you are traditionally done, but also new ai use cases. Was the reason Jensen and us kind of partner that, and I mean what a great company and video has become. You know, the king maker of these ai driven applications? Why not run those AI applications on the best infrastructure on the planet? Remember, that's a coming together of both of our platforms to help customers. You know automotive banking fraud detection is a number of AI use cases that now get our best and we want it. And the same thing then applies to Project Monterey, which takes the B c f e m A Cloud Foundation proposition to smart Knicks on Dell, HP Lenovo are embracing the in video Intel's and Pen Sandoz in that smart make architectural, however, that so that entire world of multi cloud being operative Phobia Macleod Foundation on Prem and all of its extended use cases like AI or Smart Knicks or Edge, but then also into the AWS Azure, Google Multi Cloud world. We obviously had a preferred relationship with Amazon that's going incredibly well, but you also saw some announcements last week from, uh, Microsoft Azure about azure BMR solutions at their conference ignite. So we feel very good about the migration opportunity alongside of modernization on the third priority, gentlemen would be security. It's obviously a topic that I most recently taken uninterested in my day job is CEO of the company running the front office customer facing revenue functions by night job by Joe Coffin has been driving. The security strategy for the company has been incredibly enlightening to talk, to see SOS and drive this intrinsic security or zero trust from the network to end point and workload and cloud security. And we made some exciting announcements there around bringing together MAWR capabilities with NSX and Z scaler and a problem black and workload security. And of course, Lassiter wouldn't cover all of this. But I would say if I was a attendee of the conference those the three things I want them to take away what BMR is doing in the future of APS what you're doing, the future of a multi cloud world and how we're making security relevant for distributed workforce. >>I know David >>so much to talk about here, Sanjay. So, uh, talk about modern APS? That's one of the five franchise platforms VM Ware has a history of going from, you know, Challenger toe dominant player. You saw that with end user computing, and there's many, many other examples, so you are clearly one of the top, you know. Let's call it five or six platforms out there. We know what those are, uh, and but critical to that modern APS. Focus is developers, and I think it's fair to say that that's not your wheelhouse today, but you're making moves there. You agree that that is, that is a critical part of modern APS, and you update us on what you're doing for that community to really take a leadership position there. >>Yeah, no, I think it's a very good point, David. We way seek to constantly say humble and hungry. There's never any assumption from us that VM Ware is completely earned anyplace off rightful leadership until we get thousands, tens of thousands. You know, we have a half a million customers running on our virtualization sets of products that have made us successful for 20 years 70 million virtual machines. But we have toe earn that right and containers, and I think there will be probably 10 times as many containers is their virtual machines. So if it took us 20 years to not just become the leader in in virtual machines but have 70 million virtual machines, I don't think it will be 20 years before there's a billion containers and we seek to be the leader in that platform. Now, why, Why VM Where and why do you think we can win in their long term. What are we doing with developers Number one? We do think there is a container capability independent of virtual machine. And that's what you know, this entire world of what hefty on pivotal brought to us on. You know, many of the hundreds of customers that are using what was formerly pivotal and FDR now what's called Tan Xue have I mean the the case. Studies of what those customers are doing are absolutely incredible. When I listen to them, you take Dick's sporting goods. I mean, they are building curbside, pick up a lot of the world. Now the pandemic is doing e commerce and curbside pick up people are going to the store, That's all based on Tan Xue. We've had companies within this sort of world of pandemic working on contact, tracing app. Some of the diagnostic tools built without they were the lab services and on the 10 zoo platform banks. Large banks are increasingly standardizing on a lot of their consumer facing or wealth management type of applications, anything that they're building rapidly on this container platform. So it's incredible the use cases I'm hearing public sector. The U. S. Air Force was talking about how they've done this. Many of them are not public about how they're modernizing dams, and I tend to learn the best from these vertical use case studies. I mean, I spend a significant part of my life is you know, it s a P and increasingly I want to help the company become a lot more vertical. Use case in banking, public sector, telco manufacturing, CPG retail top four or five where we're seeing a lot of recurrence of these. The Tan Xue portfolio actually brings us closest to almost that s a P type of dialogue because we're having an apse dialogue in the in the speak of an industry as opposed to bits and bytes Notice I haven't talked at all about kubernetes or containers. I'm talking about the business problem being solved in a retailer or a bank or public sector or whatever have you now from a developer audience, which was the second part of your question? Dave, you know, we talked about this, I think a year or two ago. We have five million developers today that we've been able to, you know, as bringing these acquisitions earn some audience with about two or three million from from the spring community and two or three million from the economic community. So think of those five million people who don't know us because of two acquisitions we don't. Obviously spring was inside Vienna where went out of pivotal and then came back. So we really have spent a lot of time with that community. A few weeks ago, we had spring one. You guys are aware of that? That conference record number of attendees okay, Registered, I think of all 40 or 50,000, which is, you know, much bigger than the physical event. And then a substantial number of them attended live physical. So we saw a great momentum out of spring one, and we're really going to take care of that, That that community base of developers as they care about Java Manami also doing really, really well. But then I think the rial audience it now has to come from us becoming part of the conversation. That coupon at AWS re invent at ignite not just the world, I mean via world is not gonna be the only place where infrastructure and developers come to. We're gonna have to be at other events which are very prominent and then have a developer marketplace. So it's gonna be a multiyear effort. We're okay with that. To grow that group of about five million developers that we today Kate or two on then I think there will be three or four other companies that also play very prominently to developers AWS, Microsoft and Google. And if we're one among those three or four companies and remembers including that list, we feel very good about our ability to be in a place where this is a shared community, takes a village to approach and an appeal to those developers. I think there will be one of those four companies that's doing this for many years to >>come. Santa, I got to get your take on. I love your reference to the Web days and how the development environment change and how the simplicity came along very relevant to how we're seeing this digital transformation. But I want to get your thoughts on how you guys were doing pre and now during and Post Cove it. You already had a complicated thing coming on. You had multi cloud. You guys were expanding your into end you had acquisitions, you mentioned a few of them. And then cove it hit. Okay, so now you have Everything is changing you got. He's got more complex city. You have more solutions, and then the customer psychology is change. You got to spectrums of customers, people trying to save their business because it's changed, their customer behavior has changed. And you have other customers that are doubling down because they have a tailwind from Cove it, whether it's a modern app, you know, coming like Zoom and others are doing well because of the environment. So you got your customers air in this in this in this, in this storm, you know, they're trying to save down, modernized or or or go faster. How are you guys changing? Because it's impacted how you sell. People are selling differently, how you implement and how you support customers, because you already had kind of the whole multi cloud going on with the modern APS. I get that, but Cove, it has changed things. How are you guys adopting and changing to meet the customer needs who are just trying to save their business on re factor or double down and continue >>John. Great question. I think I also talked about some of this in one of your previous digital events that you and I talked about. I mean, you go back to the last week of February 1st week of March, actually back up, even in January, my last trip on a plane. Ah, major trip outside this country was the World Economic Forum in Davos. And, you know, there were thousands of us packed into the small digits in Switzerland. I was sitting having dinner with Andy Jassy in a restaurant one night that day. Little did we know. A month later, everything would change on DWhite. We began to do in late February. Early March was first. Take care of employees. You always wanna have the pulse, check employees and be in touch with them. Because the health and safety of employees is much more important than the profits of, um, where you know. So we took care of that. Make sure that folks were taking care of older parents were in good place. We fortunately not lost anyone to death. Covert. We had some covert cases, but they've recovered on. This is an incredible pandemic that connects all of us in the human fabric. It has no separation off skin color or ethnicity or gender, a little bit of difference in people who are older, who might be more affected or prone to it. But we just have to, and it's taught me to be a significantly more empathetic. I began to do certain things that I didn't do before, but I felt was the right thing to do. For example, I've begun to do 25 30 minute calls with every one of my key countries. You know, as I know you, I run customer operations, all of the go to market field teams reporting to me on. I felt it was important for me to be showing up, not just in the big company meetings. We do that and big town halls where you know, some fractions. 30,000 people of VM ware attend, but, you know, go on, do a town hall for everybody in a virtual zoom session in Japan. But in their time zone. So 10 o'clock my time in the night, uh, then do one in China and Australia kind of almost travel around the world virtually, and it's not long calls 25 30 minutes, where 1st 10 or 15 minutes I'm sharing with them what I'm seeing across other countries, the world encouraging them to focus on a few priorities, which I'll talk about in a second and then listening to them for 10 15 minutes and be, uh and then the call on time or maybe even a little earlier, because every one of us is going to resume button going from call to call the call. We're tired of T. There's also mental, you know, fatigue that we've gotta worry about. Mental well, being long term. So that's one that I personally began to change. I began to also get energy because in the past, you know, I would travel to Europe or Asia. You know, 40 50%. My life has travel. It takes a day out of your life on either end, your jet lag. And then even when you get to a Tokyo or Beijing or to Bangalore or the London, getting between sites of these customers is like a 45 minute, sometimes in our commute. Now I'm able to do many of these 25 30 minute call, so I set myself a goal to talk to 1000 chief security officers. I know a lot of CEOs and CFOs from my times at S A P and VM ware, but I didn't know many security officers who often either work for a CEO or report directly to the legal counsel on accountable to the audit committee of the board. And I got a list of these 1,002,000 people we called email them. Man, I gotta tell you, people willing to talk to me just coming, you know, into this I'm about 500 into that. And it was role modeling to my teams that the top of the company is willing to spend as much time as possible. And I have probably gotten a lot more productive in customer conversations now than ever before. And then the final piece of your question, which is what do we tell the customer in terms about portfolio? So these were just more the practices that I was able to adapt during this time that have given me energy on dial, kind of get scared of two things from the portfolio perspective. I think we began to don't notice two things. One is Theo entire move of migration and modernization around the cloud. I describe that as you know, for example, moving to Amazon is a migration opportunity to azure modernization. Is that whole Tan Xue Eminem? Migration of modernization is highly relevant right now. In fact, taking more speed data center spending might be on hold on freeze as people kind of holding till depend, emmick or the GDP recovers. But migration of modernization is accelerating, so we wanna accelerate that part of our portfolio. One of the products we have a cloud on Amazon or Cloud Health or Tan Xue and maybe the other offerings for the other public dog. The second part about portfolio that we're seeing acceleration around is distributed workforce security work from home work from anywhere. And that's that combination off workspace, one for both endpoint management, virtual desktops, common black envelope loud and the announcements we've now made with Z scaler for, uh, distributed work for security or what the analysts called secure access. So message. That's beautiful because everyone working from home, even if they come back to the office, needs a very different model of security and were now becoming a leader in that area. of security. So these two parts of the portfolio you take the five franchise pillars and put them into these two buckets. We began to see momentum. And the final thing, I would say, Guys, just on a soft note. You know, I've had to just think about ways in which I balance work and family. It's just really easy. You know what, 67 months into this pandemic to burn out? Ah, now I've encouraged my team. We've got to think about this as a marathon, not a sprint. Do the personal things that you wanna do that will make your life better through this pandemic. That in practice is that you keep after it. I'll give you one example. I began biking with my kids and during the summer months were able to bike later. Even now in the fall, we're able to do that often, and I hope that's a practice I'm able to do much more often, even after the pandemic. So develop some activities with your family or with the people that you love the most that are seeing you a lot more and hopefully enjoying that time with them that you will keep even after this pandemic ends. >>So, Sanjay, I love that you're spending all this time with CSOs. I mean, I have a Well, maybe not not 1000 but dozens. And they're such smart people. They're really, you know, in the thick of things you mentioned, you know, your partnership with the scale ahead. Scott Stricklin on who is the C. C so of Wyndham? He was talking about the security club. But since the pandemic, there's really three waves. There's the cloud security, the identity, access management and endpoint security. And one of the things that CSOs will tell you is the lack of talent is their biggest challenge. And they're drowning in all these products. And so how should we think about your approach to security and potentially simplifying their lives? >>Yeah. You know, Dave, we talked about this, I think last year, maybe the year before, and what we were trying to do in security was really simplified because the security industry is like 5000 vendors, and it's like, you know, going to a doctor and she tells you to stay healthy. You gotta have 5000 tablets. You just cannot eat that many tablets you take you days, weeks, maybe a month to eat that many tablets. So ah, grand simplification has to happen where that health becomes part of your diet. You eat your proteins and vegetables, you drink your water, do your exercise. And the analogy and security is we cannot deploy dozens of agents and hundreds of alerts and many, many consoles. Uh, infrastructure players like us that have control points. We have 70 million virtual machines. We have 75 million virtual switches. We have, you know, tens of million's off workspace, one of carbon black endpoints that we manage and secure its incumbent enough to take security and making a lot more part of the infrastructure. Reduce the need for dozens and dozens of point tools. And with that comes a grand simplification of both the labor involved in learning all these tools. Andi, eventually also the cost of ownership off those particular tool. So that's one other thing we're seeking to do is increasingly be apart off that education off security professionals were both investing in ah, lot of off, you know, kind of threat protection research on many of our folks you know who are in a threat. Behavioral analytics, you know, kind of thread research. And people have come out of deep hacking experience with the government and others give back to the community and teaching classes. Um, in universities, there are a couple of non profits that are really investing in security, transfer education off CSOs and their teams were contributing to that from the standpoint off the ways in which we can give back both in time talent and also a treasure. So I think is we think about this. You're going to see us making this a long term play. We have a billion dollar security business today. There's not many companies that have, you know, a billion dollar plus of security is probably just two or three, and some of them have hit a wall in terms of their progress sport. We want to be one of the leaders in cybersecurity, and we think we need to do this both in building great product satisfying customers. But then also investing in the learning, the training enable remember, one of the things of B M worlds bright is thes hands on labs and all the training enable that happened at this event. So we will use both our platform. We in world in a variety of about the virtual environments to ensure that we get the best education of security to professional. >>So >>that's gonna be exciting, Because if you look at some of the evaluations of some of the pure plays I mean, you're a cloud security business growing a triple digits and, you know, you see some of these guys with, you know, $30 billion valuations, But I wanted to ask you about the market, E v m. Where used to be so simple Right now, you guys have expanded your tam dramatically. How are you thinking about, you know, the market opportunity? You've got your five franchise platforms. I know you're very disciplined about identifying markets, and then, you know, saying, Okay, now we're gonna go compete. But how do you look at the market and the market data? Give us the update there. >>Yeah, I think. Dave, listen, you know, I like davinci statement. You know, simplicity is the greatest form of sophistication, and I think you've touched on something that which is cos we get bigger. You know, I've had the great privilege of working for two great companies. s a P and B M where the bulk of my last 15 plus years And if something I've learned, you know, it's very easy. Both companies was to throw these TLS three letter acronyms, okay? And I use an acronym and describing the three letter acronyms like er or s ex. I mean, they're all acronyms and a new employee who comes to this company. You know, Carol Property, for example. We just hired her from Google. Is our CMO her first comments like, My goodness, there is a lot of off acronyms here. I've gotta you need a glossary? I had the same reaction when I joined B. M or seven years ago and had the same reaction when I joined the S A. P 15 years ago. Now, of course, two or three years into it, you learn everything and it becomes part of your speed. We have toe constantly. It's like an accordion like you expanded by making it mawr of luminous and deep. But as you do that it gets complex, you then have to simplify it. And that's the job of all of us leaders and I this year, just exemplifying that I don't have it perfect. One of the gifts I do have this communication being able to simplify things. I recorded a five minute video off our five franchise pill. It's just so that the casual person didn't know VM where it could understand on. Then, when I'm on your shore and when on with Jim Cramer and CNBC, I try to simplify, simplify, simplify, simplify because the more you can talk and analogies and pictures, the more the casual user. I mean, of course, and some other audiences. I'm talking to investors. Get it on. Then, Of course, as you go deeper, it should be like progressive layers or feeling of an onion. You can get deeper. It's not like the entire discussion with Sanjay Putin on my team is like, you know, empty suit. It's a superficial discussion. We could go deeper, but you don't have to begin the discussion in the bowels off that, and that's really what we don't do. And then the other part of your question was, how do we think about new markets? You know, we always start with Listen, you sort of core in contact our borough come sort of Jeffrey Moore, Andi in the Jeffrey more context. You think about things that you do really well and then ask yourself outside of that what the Jason sees that are closest to you, that your customers are asking you to advance into on that, either organically to partnerships or through acquisitions. I think John and I talked about in the previous dialogue about the framework of build partner and by, and we always think about it in that order. Where do we advance and any of the moves we've made six years ago, seven years ago and I joined the I felt VM are needed to make a move into mobile to really cement opposition in end user computing. And it took me some time to convince my peers and then the board that we should by Air One, which at that time was the biggest acquisition we've ever done. Okay. Similarly, I'm sure prior to me about Joe Tucci, Pat Nelson. We're thinking about nice here, and I'm moving to networking. Those were too big, inorganic moves. +78 years of Raghu was very involved in that. The decisions we moved to the make the move in the public cloud myself. Rgu pack very involved in the decision. Their toe partner with Amazon, the change and divest be cloud air and then invested in organic effort around what's become the Claudia. That's an organic effort that was an acquisition fast forward to last year. It took me a while to really Are you internally convinced people and then make the move off the second biggest acquisition we made in carbon black and endpoint security cement the security story that we're talking about? Rgu did a similar piece of good work around ad monetization to justify that pivotal needed to come back in. So but you could see all these pieces being adjacent to the core, right? And then you ask yourself, Is that context meaning we could leave it to a partner like you don't see us get into the hardware game we're partnering with. Obviously, the players like Dell and HP, Lenovo and the smart Knick players like Intel in video. In Pensando, you see that as part of the Project Monterey announcement. But the adjacent seas, for example, last year into app modernization up the stack and into security, which I'd say Maura's adjacent horizontal to us. We're now made a lot more logical. And as we then convince ourselves that we could do it, convince our board, make the move, We then have to go and tell our customers. Right? And this entire effort of talking to CSOs What am I doing is doing the same thing that I did to my board last year, simplified to 15 minutes and get thousands of them to understand it. Received feedback, improve it, invest further. And actually, some of the moves were now making this year around our partnership in distributed Workforce Security and Cloud Security and Z scaler. What we're announcing an XDR and Security Analytics. All of the big announcements of security of this conference came from what we heard last year between the last 12 months of my last year. Well, you know, keynote around security, and now, and I predict next year it'll be even further. That's how you advance the puck every year. >>Sanjay, I want to get your thoughts. So now we have a couple minutes left. But we did pull the audience and the community to get some questions for you, since it's virtually wanted to get some representation there. So I got three questions for you. First question, what comes after Cloud and number two is VM Ware security company. And three. What company had you wish you had acquired? >>Oh, my goodness. Okay, the third one eyes gonna be the turkey is one, I think. Listen, because I'm gonna give you my personal opinion, and some of it was probably predates me, so I could probably safely So do that. And maybe put the blame on Joe Tucci or somebody else is no longer here. But let me kind of give you the first two. What comes after cloud? I think clouds gonna be with us for a long time. First off this multi cloud world, you just look at the moment, um, that AWS and azure and the other clouds all have. It's incredible on I think this that multi cloud from phenomenon. But if there's an adapt ation of it, it's gonna be three forms of cloud. People are really only focus today in private public cloud. You have to remember the edge and Telco Cloud and this pendulum off the right balance of workloads between the data center called it a private cloud. The public cloud on one end and the telco edge on the other end. I think we're in a really good position for workloads to really swing between all three of those locations. Three other part that I think comes as a sequel to Cloud is cloud native. All of the capabilities a serverless functions but also containers that you know. Obviously the one could think of that a sister topics to cloud but the entire world of containers. The other seat, uh, then cloud a cloud native will also be topics, but these were all fairly connected. That's how I'd answer the first question. A security company? Absolutely. We you know, we aspire to be one of the leading companies in cyber security. I don't think they will be only one. We have to show this by the wealth on breath of our customers. The revenue momentum we have Gartner ranking us or the analysts ranking us in top rights of magic quadrants being viewed as an innovator simplifying the stack. But listen, we weren't even on the radar. We weren't speaking of the security conferences years ago. Now we are. We have a billion dollar security business, 20,000 plus customers, really strong presences and network endpoint and workload and Cloud Security. The three Coppola's a lot more coming in Security analytics, Cloud Security distributed workforce Security. So we're here to stay. And if anything, BMR persist through this, we're planning for multi your five or 10 year timeframe. And in that course I mean, the competition is smaller. Companies that don't have the breadth and depth of the n words are Andy muscle and are going market. We just have to keep building great products and serving customer on the third man. There's so many. But I mean, I think Listen, when I was looking back, I always wondered this is before I joined so I could say the summit speculatively on. Don't you know, make this This is BMR. Sorry. This is Sanjay one's opinion. Not VM. I gotta make very, very clear. Well, listen, I would have if I was at BMO in 2012 or 2013. I would love to about service now then service. It was a great company. I don't even know maybe the company's talk, but then talk about a very successful company at that time now. Maybe their priorities were different. I wasn't at the company at the time, but I can speculate if that had happened, that would have been an interesting Now I think that was during the time of Paul Maritz here and and so on. So for them, maybe there were other priorities the company need to get done. But at that time, of course, today s so it's not as big of a even slightly bigger market cap than us. So that's not happening. But that's a great example of a good company that I think would have at that time fit very well with VM Ware. And then there's probably we don't look back and regret we move forward. I mean, I think about the acquisitions we have made the big ones. Okay, Nice era air watch pop in black. Pivotal. The big moves we've made in terms of partnership. Amazon. What? We're announcing this This, you know, this week within video and Z scaler. So you never look back and regret. You always look for >>follow up on that To follow up on that from a developer, entrepreneurial or partner Perspective. Can you share where the white spaces for people to innovate around vm Where where where can people partner and play. Whether I'm an entrepreneur in a garage or venture back, funded or say a partner pivoting and or resetting with Govind, where's the white spaces with them? >>I think that, you know, there's gonna be a number off places where the Tan Xue platform develops, as it kind of makes it relevant to developers. I mean, there's, I think the first way we think about this is to make ourselves relevant toe all of that ecosystem around the C I. C. D type apply platform. They're really good partners of ours. They're like, get lab, You know, all of the ways in which open source communities, you know will play alongside that Hash E Corp. Jay frog there number of these companies that are partnering with us and we're excited about all of their relevancy to tend to, and it's our job to go and make that marketplace better and better. You're going to hear more about that coming up from us on. Then there's the set of data companies, you know, con fluent. You know, of course, you've seen a big I p o of a snowflake. All of those data companies, we'll need a very natural synergy. If you think about the old days of middleware, middleware is always sort of separate from the database. I think that's starting to kind of coalesce. And Data and analytics placed on top of the modern day middleware, which is containers I think it's gonna be now does VM or play physically is a data company. We don't know today we're gonna partner very heavily. But picking the right set of partners been fluent is a good example of one on. There's many of the next generation database companies that you're going to see us partner with that will become part of that marketplace influence. And I think, as you see us certainly produce out the VM Ware marketplace for developers. I think this is gonna be a game changing opportunity for us to really take those five million developers and work with the leading companies. You know, I use the example of get Lab is an example get help there. Others that appeal to developers tie them into our developer framework. The one thing you learn about developers, you can't have a mindset. With that, you all come to just us. It's a very mingled village off multiple ecosystems and Venn diagrams that are coalescing. If you try to take over the world, the developer community just basically shuns you. You have to have a very vibrant way in which you are mingling, which is why I described. It's like, Listen, we want our developers to come to our conferences and reinvent and ignite and get the best experience of all those provide tools that coincide with everybody. You have to take a holistic view of this on if you do that over many years, just like the security topic. This is a multi year pursuit for us to be relevant. Developers. We feel good about the future being bright. >>David got five minutes e. >>I thought you were gonna say Zoom, Sanjay, that was That was my wildcard. >>Well, listen, you know, I think it was more recently and very fast catapult Thio success, and I don't know that that's clearly in the complete, you know, sweet spot of the anywhere. I mean, you know, unified collaboration would have probably put us in much more competition with teams and, well, back someone you always have to think about what's in the in the bailiwick of what's closest to us, but zooms a great partner. Uh, I mean, obviously you love to acquire anybody that's hot, but Eric's doing really well. I mean, Erica, I'm sure he had many people try to come to buy him. I'm just so proud of him as a friend of all that he was named to Time magazine Top 100. But what he's done is phenomenon. I think he could build a company that's just his important, his Facebook. So, you know, I encourage him. Don't sell, keep building the company and you'll build a company that's going to be, you know, the enterprise version of Facebook. And I think that's a tremendous opportunity to do this better than anybody else is doing. And you know, I'm as an immigrant. He's, you know, China. Born now American, I'm Indian born, American, assim immigrants. We both have a similar story. I learned a lot from him. I learned a lot from him, from on speed on speed and how to move fast, he tells me he learns a thing to do for me on scale. We teach each other. It's a beautiful friendship. >>We'll make sure you put in a good word for the Kiwi. One more zoom integration >>for a final word or the zoom that is the future Facebook of the enterprise. Whatever, Sanjay, Thank >>you for connecting with us. Virtually. It is a digital foundation. It is an unpredictable world. Um, it's gonna change. It could be software to find the operating models or changing you guys. We're changing how you serve customers with new chief up commercial customer officer you have in place, which is a new hire. Congratulations. And you guys were flexing with the market and you got a tailwind. So congratulations, >>John and Dave. Always a pleasure. We couldn't do this without the partnership. Also with you. Congratulations of Successful Cube. And in its new digital format, Thank you for being with us With VM world here on. Do you know all that you're doing to get the story out? The guests that you have on the show, they look forward, including the nonviable people like, Hey, can I get on the Cuban like, Absolutely. Because they look at your platform is away. I'm telling this story. Thanks for all you're doing. I wish you health and safety. >>I'm gonna bring more community. And Dave is, you know, and Sanjay, and it's easier without the travel. Get more interviews, tell more stories and tell the most important stories. And thank you for telling your story and VM World story here of the emerald 2020. Sanjay Poon in the chief operating officer here on the Cube I'm John for a day Volonte. Thanks for watching Cube Virtual. Thanks for watching.

>> Announcer: From around the globe, it's theCUBE with digital coverage of MIT Chief Data Officer and Information Quality symposium brought to you by SiliconANGLE Media. >> Hi everybody. This is Dave Vellante and welcome back to theCUBE's coverage of the MIT CDOIQ 2020 event. Of course, it's gone virtual. We wish we were all together in Cambridge. They were going to move into a new building this year for years they've done this event at the Tang Center, moving into a new facility, but unfortunately going to have to wait at least a year, we'll see, But we've got a great guest. Nonetheless, Doug Laney is here. He's a Business Value Strategist, the bestselling author, an analyst, consultant then a long time CUBE friend. Doug, great to see you again. Thanks so much for coming on. >> Dave, great to be with you again as well. So can I ask you? You have been an advocate for obviously measuring the value of data, the CDO role. I don't take this the wrong way, but I feel like the last 150 days have done more to accelerate people's attention on the importance of data and the value of data than all the great work that you've done. What do you think? (laughing) >> It's always great when organizations, actually take advantage of some of these concepts of data value. You may be speaking specifically about the situation with United Airlines and American Airlines, where they have basically collateralized their customer loyalty data, their customer loyalty programs to the tunes of several billion dollars each. And one of the things that's very interesting about that is that the third party valuations of their customer loyalty data, resulted in numbers that were larger than the companies themselves. So basically the value of their data, which is as we've discussed previously off balance sheet is more valuable than the market cap of those companies themselves, which is just incredibly fascinating. >> Well, and of course, all you have to do is look to the Trillionaire's Club. And now of course, Apple pushing two trillion to really see the value that the market places on data. But the other thing is of course, COVID, everybody talks about the COVID acceleration. How have you seen it impact the awareness of the importance of data, whether it applies to business resiliency or even new monetization models? If you're not digital, you can't do business. And digital is all about data. >> I think the major challenge that most organizations are seeing from a data and analytics perspective due to COVID is that their traditional trend based forecast models are broken. If you're a company that's only forecasting based on your own historical data and not taking into consideration, or even identifying what are the leading indicators of your business, then COVID and the economic shutdown have entirely broken those models. So it's raised the awareness of companies to say, "Hey, how can we predict our business now? We can't do it based on our own historical data. We need to look externally at what are those external, maybe global indicators or other kinds of markets that proceed our own forecasts or our own activity." And so the conversion from trend based forecast models to what we call driver based forecast models, isn't easy for a lot of organizations to do. And one of the more difficult parts is identifying what are those external data factors from suppliers, from customers, from partners, from competitors, from complimentary products and services that are leading indicators of your business. And then recasting those models and executing on them. >> And that's a great point. If you think about COVID and how it's changed things, everything's changed, right? The ideal customer profile has changed, your value proposition to those customers has completely changed. You got to rethink that. And of course, it's very hard to predict even when this thing eventually comes back, some kind of hybrid mode, you used to be selling to people in an office environment. That's obviously changed. There's a lot that's permanent there. And data is potentially at least the forward indicator, the canary in the coal mine. >> Right. It also is the product and service. So not only can it help you and improve your forecasting models, but it can become a product or service that you're offering. Look at us right now, we would generally be face to face and person to person, but we're using video technology to transfer this content. And then one of the things that I... It took me awhile to realize, but a couple of months after the COVID shutdown, it occurred to me that even as a consulting organization, Caserta focuses on North America. But the reality is that every consultancy is now a global consultancy because we're all doing business remotely. There are no particular or real strong localization issues for doing consulting today. >> So we talked a lot over the years about the role of the CDO, how it's evolved, how it's changed the course of the early... The pre-title days it was coming out of a data quality world. And it's still vital. Of course, as we heard today from the Keynote, it's much more public, much more exposed, different public data sources, but the role has certainly evolved initially into regulated industries like financial, healthcare and government, but now, many, many more organizations have a CDO. My understanding is that you're giving a talk in the business case for the CDO. Help us understand that. >> Yeah. So one of the things that we've been doing here for the last couple of years is a running an ongoing study of how organizations are impacted by the role of the CDO. And really it's more of a correlation and looking at what are some of the qualities of organizations that have a CDO or don't have a CDO. So some of the things we found is that organizations with a CDO nearly twice as often, mention the importance of data and analytics in their annual report organizations with a C level CDO, meaning a true executive are four times more often likely to be using data, to transform the business. And when we're talking about using data and advanced analytics, we found that organizations with a CIO, not a CDO responsible for their data assets are only half as likely to be doing advanced analytics in any way. So there are a number of interesting things that we found about companies that have a CDO and how they operate a bit differently. >> I want to ask you about that. You mentioned the CIO and we're increasingly seeing lines of reporting and peer reporting alter shift. The sands are shifting a little bit. In the early days the CDO and still predominantly I think is an independent organization. We've seen a few cases and increasingly number where they're reporting into the CIO, we've seen the same thing by the way with the chief Information Security Officer, which used to be considered the fox watching the hen house. So we're seeing those shifts. We've also seen the CDO become more aligned with a technical role and sometimes even emerging out of that technical role. >> Yeah. I think the... I don't know, what I've seen more is that the CDOs are emerging from the business, companies are realizing that data is a business asset. It's not an IT asset. There was a time when data was tightly coupled with applications of technologies, but today data is very easily decoupled from those applications and usable in a wider variety of contexts. And for that reason, as data gets recognized as a business, not an IT asset, you want somebody from the business responsible for overseeing that asset. Yes, a lot of CDOs still report to the CIO, but increasingly more CDOs you're seeing and I think you'll see some other surveys from other organizations this week where the CDOs are more frequently reporting up to the CEO level, meaning they're true executives. Along I advocated for the bifurcation of the IT organization into separate I and T organizations. Again, there's no reason other than for historical purposes to keep the data and technology sides of the organizations so intertwined. >> Well, it makes sense that the Chief Data Officer would have an affinity with the lines of business. And you're seeing a lot of organizations, really trying to streamline their data pipeline, their data life cycles, bringing that together, infuse intelligence into that, but also take a systems view and really have the business be intimately involved, if not even owned into the data. You see a lot of emphasis on self-serve, what are you seeing in terms of that data pipeline or the data life cycle, if you will, that used to be wonky, hard core techies, but now it really involving a lot more constituent. >> Yeah. Well, the data life cycle used to be somewhat short. The data life cycles, they're longer and they're more a data networks than a life cycle and or a supply chain. And the reason is that companies are finding alternative uses for their data, not just using it for a single operational purpose or perhaps reporting purpose, but finding that there are new value streams that can be generated from data. There are value streams that can be generated internally. There are a variety of value streams that can be generated externally. So we work with companies to identify what are those variety of value streams? And then test their feasibility, are they ethically feasible? Are they legally feasible? Are they economically feasible? Can they scale? Do you have the technology capabilities? And so we'll run through a process of assessing the ideas that are generated. But the bottom line is that companies are realizing that data is an asset. It needs to be not just measured as one and managed as one, but also monetized as an asset. And as we've talked about previously, data has these unique qualities that it can be used over and over again, and it generate more data when you use it. And it can be used simultaneously for multiple purposes. So companies like, you mentioned, Apple and others have built business models, based on these unique qualities of data. But I think it's really incumbent upon any organization today to do so as well. >> But when you observed those companies that we talk about all the time, data is at the center of their organization. They maybe put people around that data. That's got to be one of the challenge for many of the incumbents is if we talked about the data silos, the different standards, different data quality, that's got to be fairly major blocker for people becoming a "Data-driven organization." >> It is because some organizations were developed as people driven product, driven brand driven, or other things to try to convert. To becoming data-driven, takes a high degree of data literacy or fluency. And I think there'll be a lot of talk about that this week. I'll certainly mention it as well. And so getting the organization to become data fluent and appreciate data as an asset and understand its possibilities and the art of the possible with data, it's a long road. So the culture change that goes along with it is really difficult. And so we're working with 150 year old consumer brand right now that wants to become more data-driven and they're very product driven. And we hear the CIO say, "We want people to understand that we're a data company that just happens to produce this product. We're not a product company that generates data." And once we realized that and started behaving in that fashion, then we'll be able to really win and thrive in our marketplace. >> So one of the key roles of a Chief Data Officers to understand how data affects the monetization of an organization. Obviously there are four profit companies of your healthcare organization saving lives, obviously being profitable as well, or at least staying within the budget, depending upon the structure of the organization. But a lot of people I think oftentimes misunderstand that it's like, "Okay, do I have to become a data broker? Am I selling data directly?" But I think, you pointed out many times and you just did that unlike oil, that's why we don't like that data as a new oil analogy, because it's so much more valuable and can be use, it doesn't fall because of its scarcity. But what are you finding just in terms of people's application of that notion of monetization? Cutting costs, increasing revenue, what are you seeing in the field? What's that spectrum look like? >> So one of the things I've done over the years is compile a library of hundreds and hundreds of examples of how organizations are using data and analytics in innovative ways. And I have a book in process that hopefully will be out this fall. I'm sharing a number of those inspirational examples. So that's the thing that organizations need to understand is that there are a variety of great examples out there, and they shouldn't just necessarily look to their own industry. There are inspirational examples from other industries as well, many clients come to me and they ask, "What are others in my industry doing?" And my flippant response to that is, "Why do you want to be in second place or third place? Why not take an idea from another industry, perhaps a digital product company and apply that to your own business." But like you mentioned, there are a variety of ways to monetize data. It doesn't involve necessarily selling it. You can deliver analytics, you can report on it, you can use it internally to generate improved business process performance. And as long as you're measuring how data's being applied and what its impact is, then you're in a position to claim that you're monetizing it. But if you're not measuring the impact of data on business processes or on customer relationships or partner supplier relationships or anything else, then it's difficult to claim that you're monetizing it. But one of the more interesting ways that we've been working with organizations to monetize their data, certainly in light of GDPR and the California consumer privacy act where I can't sell you my data anymore, but we've identified ways to monetize your customer data in a couple of ways. One is to synthesize the data, create synthetic data sets that retain the original statistical anomalies in the data or features of the data, but don't share actually any PII. But another interesting way that we've been working with organizations to monetize their data is what I call, Inverted data monetization, where again, I can't share my customer data with you, but I can share information about your products and services with my customers. And take a referral fee or a commission, based on that. So let's say I'm a hospital and I can't sell you my patient data, of course, due to variety of regulations, but I know who my diabetes patients are, and I can introduce them to your healthy meal plans, to your gym memberships, to your at home glucose monitoring kits. And again, take a referral fee or a cut of that action. So we're working with customers and the financial services firm industry and in the healthcare industry on just those kinds of examples. So we've identified hundreds of millions of dollars of incremental value for organizations that from their data that we're just sitting on. >> Interesting. Doug because you're a business value strategist at the top, where in the S curve do you see you're able to have the biggest impact. I doubt that you enter organizations where you say, "Oh, they've got it all figured out. They can't use my advice." But as well, sometimes in the early stages, you may not be able to have as big of an impact because there's not top down support or whatever, there's too much technical data, et cetera, where are you finding you can have the biggest impact, Doug? >> Generally we don't come in and run those kinds of data monetization or information innovation exercises, unless there's some degree of executive support. I've never done that at a lower level, but certainly there are lower level more immediate and vocational opportunities for data to deliver value through, to simply analytics. One of the simple examples I give is, I sold a home recently and when you put your house on the market, everybody comes out of the woodwork, the fly by night, mortgage companies, the moving companies, the box companies, the painters, the landscapers, all know you're moving because your data is in the U.S. and the MLS directory. And it was interesting. The only company that didn't reach out to me was my own bank, and so they lost the opportunity to introduce me to a Mortgage they'd retain me as a client, introduce me to my new branch, print me new checks, move the stuff in my safe deposit box, all of that. They missed a simple opportunity. And I'm thinking, this doesn't require rocket science to figure out which of your customers are moving, the MLS database or you can harvest it from Zillow or other sites is basically public domain data. And I was just thinking, how stupid simple would it have been for them to hire a high school programmer, give him a can of red bull and say, "Listen match our customer database to the MLS database to let us know who's moving on a daily or weekly basis." Some of these solutions are pretty simple. >> So is that part of what you do, come in with just hardcore tactical ideas like that? Are you also doing strategy? Tell me more about how you're spending your time. >> I trying to think more of a broader approach where we look at the data itself and again, people have said, "If you tortured enough, what would you tell us? We're just take that angle." We look at examples of how other organizations have monetized data and think about how to apply those and adapt those ideas to the company's own business. We look at key business drivers, internally and externally. We look at edge cases for their customers' businesses. We run through hypothesis generating activities. There are a variety of different kinds of activities that we do to generate ideas. And most of the time when we run these workshops, which last a week or two, we'll end up generating anywhere from 35 to 50 pretty solid ideas for generating new value streams from data. So when we talk about monetizing data, that's what we mean, generating new value streams. But like I said, then the next step is to go through that feasibility assessment and determining which of these ideas you actually want to pursue. >> So you're of course the longtime industry watcher as well, as a former Gartner Analyst, you have to be. My question is, if I think back... I've been around a while. If I think back at the peak of Microsoft's prominence in the PC era, it was like windows 95 and you felt like, "Wow, Microsoft is just so strong." And then of course the Linux comes along and a lot of open source changes and low and behold, a whole new set of leaders emerges. And you see the same thing today with the Trillionaire's Club and you feel like, "Wow, even COVID has been a tailwind for them." But you think about, "Okay, where could the disruption come to these large players that own huge clouds, they have all the data." Is data potentially a disruptor for what appear to be insurmountable odds against the newbies" >> There's always people coming up with new ways to leverage data or new sources of data to capture. So yeah, there's certainly not going to be around for forever, but it's been really fascinating to see the transformation of some companies I think nobody really exemplifies it more than IBM where they emerged from originally selling meat slicers. The Dayton Meat Slicer was their original product. And then they evolved into Manual Business Machines and then Electronic Business Machines. And then they dominated that. Then they dominated the mainframe software industry. Then they dominated the PC industry. Then they dominated the services industry to some degree. And so they're starting to get into data. And I think following that trajectory is something that really any organization should be looking at. When do you actually become a data company? Not just a product company or a service company or top. >> We have Inderpal Bhandari is one of our huge guests here. He's a Chief-- >> Sure. >> Data Officer of IBM, you know him well. And he talks about the journey that he's undertaken to transform the company into a data company. I think a lot of people don't really realize what's actually going on behind the scenes, whether it's financially oriented or revenue opportunities. But one of the things he stressed to me in our interview was that they're on average, they're reducing the end to end cycle time from raw data to insights by 70%, that's on average. And that's just an enormous, for a company that size, it's just enormous cost savings or revenue generating opportunity. >> There's no doubt that the technology behind data pipelines is improving and the process from moving data from those pipelines directly into predictive or diagnostic or prescriptive output is a lot more accelerated than the early days of data warehousing. >> Is the skills barrier is acute? It seems like it's lessened somewhat, the early Hadoop days you needed... Even data scientist... Is it still just a massive skill shortage, or we're starting to attack that. >> Well, I think companies are figuring out a way around the skill shortage by doing things like self service analytics and focusing on more easy to use mainstream type AI or advanced analytics technologies. But there's still very much a need for data scientists and organizations and the difficulty in finding people that are true data scientists. There's no real certification. And so really anybody can call themselves a data scientist but I think companies are getting good at interviewing and determining whether somebody's got the goods or not. But there are other types of skills that we don't really focus on, like the data engineering skills, there's still a huge need for data engineering. Data doesn't self-organize. There are some augmented analytics technologies that will automatically generate analytic output, but there really aren't technologies that automatically self-organize data. And so there's a huge need for data engineers. And then as we talked about, there's a large interest in external data and harvesting that and then ingesting it and even identifying what external data is out there. So one of the emerging roles that we're seeing, if not the sexiest role of the 21st century is the role of the Data Curator, somebody who acts as a librarian, identifying external data assets that are potentially valuable, testing them, evaluating them, negotiating and then figuring out how to ingest that data. So I think that's a really important role for an organization to have. Most companies have an entire department that procures office supplies, but they don't have anybody who's procuring data supplies. And when you think about which is more valuable to an organization? How do you not have somebody who's dedicated to identifying the world of external data assets that are out there? There are 10 million data sets published by government, organizations and NGOs. There are thousands and thousands of data brokers aggregating and sharing data. There's a web content that can be harvested, there's data from your partners and suppliers, there's data from social media. So to not have somebody who's on top of all that it demonstrates gross negligence by the organization. >> That is such an enlightening point, Doug. My last question is, I wonder how... If you can share with us how the pandemic has effected your business personally. As a consultant, you're on the road a lot, obviously not on the road so much, you're doing a lot of chalk talks, et cetera. How have you managed through this and how have you been able to maintain your efficacy with your clients? >> Most of our clients, given that they're in the digital world a bit already, made the switch pretty quick. Some of them took a month or two, some things went on hold but we're still seeing the same level of enthusiasm for data and doing things with data. In fact some companies have taken our (mumbles) that data to be their best defense in a crisis like this. It's affected our business and it's enabled us to do much more international work more easily than we used to. And I probably spend a lot less time on planes. So it gives me more time for writing and speaking and actually doing consulting. So that's been nice as well. >> Yeah, there's that bonus. Obviously theCUBE yes, we're not doing physical events anymore, but hey, we've got two studios operating. And Doug Laney, really appreciate you coming on. (Dough mumbles) Always a great guest and sharing your insights and have a great MIT CDOIQ. >> Thanks, you too, Dave, take care. (mumbles) >> Thanks Doug. All right. And thank you everybody for watching. This is Dave Vellante for theCUBE, our continuous coverage of the MIT Chief Data Officer conference, MIT CDOIQ, will be right back, right after this short break. (bright music)

from the cube studios in Palo Alto in Boston connecting with thought leaders all around the world this is a cube conversation hello and welcome to the cube conversation here in the Palo Alto studio I'm John four host of the cube we are here at the quarantine crew of the cube having the conversations that matter the most now and sharing that with you got a great guest here Phil Quaid was the chief information security officer of Fortinet also the author of book digital bing-bang which I just found out he wrote talking about the difference cybersecurity and the physical worlds coming together and we're living that now with kovat 19 crisis were all sheltering in place Phil thank you for joining me on this cube conversation so I want to get in this quickly that I think the main top thing is that we're all sheltering in place anxiety is high but people are now becoming mainstream aware of what we all in the industry have been known for a long time role of data cybersecurity access to remote tools and we're seeing the work at home the remote situation really putting a lot of pressure on as I've been reporting what I call at scale problems and one of them is security right one of them is bandwidth we're starting to see you know the throttling of the packets people are now living with the reality like wow this is really a different environment but it's been kind of a disruption and has created crimes of opportunity for bad guys so this has been a real thing everyone's aware of it across the world this is something that's now aware on everyone's mind what's your take on this because you guys are fighting the battle and providing solutions and we're doing for a long time around security this highlights a lot of the things in the surface area called the world with what's your take on this carbon 19 orton s been advocating for architectures and strategies that allow you to defend anywhere from the edge through the core all the way up to the cloud boom so with you know high speed and integration and so all the sudden what we're seeing not just you know in the US but the world as well is that that edge is being extended in places that we just hadn't thought about or our CV that people just hadn't planned for before so many people or telecommunication able to move that edge securely out to people's homes and more remote locations and do so providing the right type of security of privacy if those communications that are coming out of those delicate ears I noticed you have a flag in the background and for the folks that might not know you spent a lot of time at the NSA government agency doing a lot of cutting-edge work I mean going back to you know really you know post 9/11 - now you're in the private sector with Fortinet so you don't really speak with the agency but you did live through a time of major transformation around Homeland Security looking at data again different physical thing you know terrorist attacks but it did bring rise to large-scale data to bring to those things so I wanted to kind of point out I saw the flag there nice nice touch there but now that you're in the private sector it's another transformation it's not a transition we're seeing a transformation and people want to do it fast and they don't want to have disruption this is a big problem what's your reaction to that yeah I think what you're reporting out that sometimes sometimes there's catalysts that cause major changes in the way you do things I think we're in one of those right now that we're already in the midst of an evolutionary trend towards more distributed workforces and as I mentioned earlier doing so with the right type of security privacy but I would think what I think the global camp in debt endemic is showing is that we're all going to be accelerating that that thing is like it's gonna be a lot less evolutionary and a little bit more faster that's what happens when you have major world events like this being 911 fortunate tragedies it causes people to think outside the box or accelerate what they're already doing I think wearing that in that world today yeah it pulls forward a lot of things that are usually on the planning side and it makes them reality I want to get your thoughts because not only are CEOs and their employees all thinking about the new work environment but the chief information security officer is people in your role have to be more aware as more things happening what's on the minds of CISOs around the world these days obviously the pandemics there what are you seeing what are some of the conversations what are some of the thought processes what specifically is going on in the of the chief information security officer yeah I think there's probably a there's probably two different two different things there's the there's the emotional side and there's the analytic side on the emotional side you might say that some Caesars are saying finally I get to show how cyber security can be in an abler of business right I can allow you to to to maintain business continuity by allowing your workers to work from home and trying sustain business and allow you to keep paying their salary is very very important to society there's a very important time to step up as the seaso and do what's helpful to sustain mission in on the practical side you say oh my goodness my job's gotten a whole lot harder because I can rely less and less on someone's physical controls that use some of the physical benefits you get from people coming inside the headquarters facility through locked doors and there's personal congress's and personal identification authentication you need to move those those same security strategies and policies and you need to move it out to this broad eggs it's gotten a lot bigger and a lot more distributed so I want to ask you around some of the things they're on cyber screws that have been elevated to the top of the list obviously with the disruption of working at home it's not like an earthquake or a tornado or hurricane or flood you know this backup and recovery for that you know kind of disaster recovery this has been an unmitigated disaster in the sense of it's been unfor casted I was talking to an IT guy he was saying well we provisioned rvv lands to be your VPNs to be 30% and now they need a hundred percent so that disruption is causing I was an under forecast so in cyber as you guys are always planning in and protecting has there been some things that have emerged that are now top of mind that are 100 percent mindshare base or new solutions or new challenges why keep quite done what we're referring to earlier is that yep any good see so or company executive is going to prepare for unexpected things to a certain degree you need it whether it be spare capacity or the ability to recover from something an act of God as you mentioned maybe a flood or tornado or hurricane stuff like that what's different now is that we have a disruption who which doesn't have an end date meaning there's a new temporal component that's been introduced that most companies just can't plan for right even the best of companies that let's say Ronald very large data centers they have backup plans where they have spare fuel to run backup generators to provide electricity to their data centers but the amount of fuel they have might only be limited to 30 days or so it's stored on-site we might think well that's pretty that's a lot of for thinking by storing that much fuel on site for to allow you to sort of work your way through a hurricane or other natural disaster what we have now is a is a worldwide crisis that doesn't have a 30-day window on it right we don't know if it's gonna be 30 days or 120 days or or you know even worse than that so what's different now is that it's not just a matter of surging in doing something with band-aids and twine or an extra 30 days what we need to do is as a community is to prepare solutions that can be enduring solutions you know I have some things that if the absent I might like to provide a little color what those types of solutions are but that that would be my main message that this isn't just a surge for 30 days this is a surge or being agile with no end in sight take a minute explain some of those solutions what are you seeing whatever specific examples and solutions that you can go deeper on there yeah so I talked earlier about the the edge meaning the place where users interact with machines and company data that edge is no longer at the desktop down the hallway it could be 10 miles 450 miles away to where anyone where I'm telling you I'm commuting crumb that means we need to push the data confidentiality things out between the headquarters and the edge you do that with things like a secure secured tunnel it's called VPNs you also need to make sure that the user identification authentication this much is a very very secure very authentic and with high integrity so you do that with multi-factor authentication there's other things that we like that that are very very practical that you do to support this new architecture and the good news is that they're available today in the good news at least with some companies there already had one foot in that world but as I mentioned earlier not all companies had yet embraced the idea of where you're going to have a large percentage of your workforce - until a community so they're not quite so they're there they're reacting quickly to to make sure this edge is better protected by identification and authentication and begins I want to get to some of those edge issues that now translate to kind of physical digital virtualization of of life but first I want to ask you around operational technology and IT OT IT these are kind of examples where you're seeing at scale problem with the pandemic being highlighted so cloud providers etc are all kind of impacted and bring solutions to the table you guys at Foot are doing large scale security is there anything around the automation side of it then you've seen emerge because all the people that are taking care of being a supplier in this new normal or this crisis certainly not normal has leveraged automation and data so this has been a fundamental value proposition that highlights what we call the DevOps movement in the cloud world but automation has become hugely available and a benefit to this can you share your insights into how automation is changing with cyber I think you up a nice question for me is it allowed me to talk about not only automation but convergence so it's let's hit automation first right we all even even pre-crisis we need to be better at leveraging automation to do things that machines do best allow people to do higher-order things whether it's unique analysis or something else with a with a more distributed workforce and perhaps fewer resources automation is more important ever to automatically detect bad things that are about to happen automatically mitigating them before they get or they get to bad you know in the cybersecurity world you use things like agile segmentation and you use like techniques called soar it's a type of security orchestration and you want to eat leverage those things very very highly in order to leverage automation to have machines circum amount of human services but you also brought up on my favorite topics which is ot graceful technology though OTS you know are the things that are used to control for the past almost a hundred years now things in the physical world like electric generators and pipes and valves and things like that often used in our critical infrastructures in my company fort net we provide solutions that secure both the IT world the traditional cyber domain but also the OT systems of the world today where safety and reliability are about most important so what we're seeing with the co19 crisis is that supply chains transportation research things like that a lot of things that depend on OT solutions for safety and reliability are much more forefront of mine so from a cybersecurity strategy perspective what you want to do of course is make sure your solutions in the IT space are well integrated with you solutions in the OT space to the so an adversary or a mistake in cause a working to the crack in causing destruction that convergence is interesting you know we were talking before you came on camera around the fact that all these events are being canceled but that really highlights the fact that the physical spaces are no longer available the so-called ot operational technologies of events is the plumbing the face-to-face conversations but everyone's trying to move to digital or virtual eyes that it's not as easy as just saying we did it here we do it there there is a convergence and some sort of translation this new there's a new roles there's new responsibilities new kinds of behaviors and decision making that goes on in the physical and digital worlds that have to then come together and get reimagined and so what's your take on all this because this is not so much about events but although that's kind of prime time problem zooming it is not the answer that's a streaming video how do you replicate the value of physical into the business value in digital it's not a one-to-one so it's quite possible that that we might look back on this event to cover 19 experience we might look back at it in five or ten years and say that was simply a foreshadowing of our of the importance of making sure that our physical environment is appropriate in private what I mean is that with the with the rapid introduction of Internet of Things technologies into the physical world we're going to have a whole lot of dependencies on the thing inconveniences tendencies inconveniences on things an instrument our physical space our door locks or automobiles paths our temperatures color height lots of things to instrument the physical space and so there's gonna be a whole lot of data that's generated in that cyber in a physical domain increasingly in the future and we're going to become dependent upon it well what happens if for whatever reason in the in the future that's massively disruptive so all of a sudden we have a massive disruption in the physical space just like we're experiencing now with open 19 so again that's why it makes sense now to start your planning now with making sure that your safety and reliability controls in the physical domain are up to the same level security and privacy as the things in your IT delete and it highlights what's the where the value is to and it's a transformation I was just reading an article around spatial economics around distance not being together it's interesting on those points you wrote a book about this I want to get your thoughts because in this cyber internet or digital or virtualization of physical to digital whether it's events or actual equipment is causing people to rethink architectures you mentioned a few of them what's the state of the art thinking around someone who has the plan for this again is in its complex it's not just creating a gateway or a physical abstraction layer of software between two worlds there's almost a blending or convergence here what's your what's your thoughts on what's the state of the art thinking on this area yeah the book that I number of a very esteemed colleagues contribute to what we said is that it's time to start treating cybersecurity like a science let's not pretend it's a dark art that we have to relearn every couple years and what what we said in the in the digital Big Bang is that humankind started flourishing once we admitted our ignorance in ultimately our ignorance in the physical world and discovered or invented you can right word the disciplines of physics and chemistry and once we recognize that our physical world was driven by those scientific disciplines we started flourishing right the scientific age led to lots of things whether it would be transportation health care or lots of other things to improve our quality of life well if you fast forward 14 billion years after that cosmic Big Bang which was driven by physics 50 years ago or so we had a digital Big Bang where there was a massive explosion of bits with the invention of the internet and what we argue in the book is that let's start treating cybersecurity like a science or the scientific principle is that we ought to write down and follow a Rousseau's with you so we can thrive in the in the in a digital Big Bang in the digital age and one more point if you don't mind what we what we noted is that the internet was invented to do two things one connect more people or machines than ever imagined in to do so in speeds that were never imagined so the in the Internet is is optimized around speed in connectivity so if that's the case it may be a fundamental premise of cybersecurity science is make sure that your cyber security solutions are optimized around those same two things that the cyber domains are optimized around speed in integration continue from there you can you can build on more and more complex scientific principles if you focus on those fundamental things and speed and integration yeah that's awesome great insight they're awesome I wanted to throw in while you had the internet history lesson down there also was interesting was a very decentralization concept how does that factor in your opinion to some of the security paradigms is that helped or hurt or is it create opportunities for more secure or does it give the act as an advantage yeah I love your questions is your it's a very informed question and you're in a give me good segue to answer the way you know it should be answer yeah the by definition the distributed nature of the Internet means it's an inherently survivable system which is a wonderful thing to have for a critical infrastructure like that if one piece goes down the hole doesn't go down it's kind of like the power grid the u.s. the u.s. electrical power grid there's too many people who say the grid will go down well that's that's just not a practical thing it's not a reality thing the grades broken up into three major grades and there's AB ulis strategies and implementations of diversification to allow the grid to fail safely so it's not catastrophic Internet's the same thing so like my nipple like I was saying before we ought to de cyber security around a similar principle that a catastrophic failure in one partner to start cybersecurity architecture should result in cascading across your whole architecture so again we need to borrow some lessons from history and I think he bring up a good one that the internet was built on survivability so our cybersecurity strategies need to be the same one of the ways you do that so that's all great theory but one of the ways you do that of course is by making your cybersecurity solutions so that they're very well integrated they connect with each other so that you know speaking in cartoon language you know if one unit can say I'm about to fail help me out and another part of your architecture can pick up a slack and give you some more robust security in that that's what a connected the integrated cyber security architecture do for you yeah it's really fascinating insight and I think resiliency and scale are two things I think are going to be a big wave is going to be added into the transformations that going on now it's it's very interesting you know Phil great conversation I could do a whole hour with you and do a fish lead a virtual panel virtualize that our own event here keynote speech thanks so much for your insight one of things I want to get your thoughts on is something that I've been really thinking a lot lately and gathering perspectives and that is on biosecurity and I say biosecurity I'm referring to covet 19 as a virus because biology involves starting a lab or some people debate all that whether it's true or not but but that's what people work on in the biology world but it spreads virally like malware and has a similar metaphor to cybersecurity so we're seeing conversation starting to happen in Washington DC in Silicon Valley and some of my circles around if biology weapon or it's a tool like open-source software could be a tool for spreading cybersecurity Trojans or other things and techniques like malware spear phishing phishing all these things are techniques that could be deployed metaphorically to viral distribution a biohazard or bio warfare if you will will it look the same and how do you defend against the next covet 19 this is what you know average Americans are seeing the impact of the economy with the shelter in place is that what happens again and how do we prevent it and so a lot of people are thinking about this what is your thoughts because it kind of feels the same way as cybersecurity you got to see it early you got to know what's going on you got to identify it you got to respond to it time to close your contain similar concepts what's your thoughts on with BIOS we don't look with all due respect to the the the bio community let me make a quick analogy to the cyber security strategy right cyber security strategy starts with we start as an attacker so I parts of my previous career I'm an authorized had the opportunity to help develop tools that are very very precisely targeted against foreign adversaries and that's a harder job than you think I mean I think the same is true of anyone of a natural-born or a custom a buyer buyer is that not just any virus has the capability to do a lot of harm to a lot of people selling it so it's it's if that doesn't mean though you can sit back and say since it's hard it'll never happen you need to take proactive measures to look for evidence of a compromise of something whether it's a cyber cyber virus or otherwise you have to actively look for that you have to harm yourself to make sure you're not susceptible to it and once you detect one you need to make sure you have a the ability to do segmentation or quarantine very rapidly very very effectively right so in the cyber security community of course the fundamental strategy is about segmentation you keep different types of things separate that don't need to interact and then if you do have a compromise not everything is compromised and then lastly if you want to gradually say bring things back up to recover you can do some with small chunks I think it's a great analogy segmentation is a good analogy to I think what the nation is trying to do right now by warranty kneeing and gradually reopening up things in in segments in actually mention earlier that some of the other techniques are very very similar you want to have good visibility of where you're at risk and then you can automatically detect and then implement some some mitigations based on that good visibility so I agree with you that it turns out that the cyber security strategies might have a whole lot in common with biohazard I address it's interesting site reliability engineers which is a term that Google coined when they built out their large-scale cloud has become a practice that kind of mindset combined with some of the things that you're saying the cyber security mindset seemed to fit this at scale problem space and I might be an alarmist but I personally believe that we've been having a digital war for many many years now and I think that you know troops aren't landing but it's certainly digital troops and I think that we as a country and a global state and global society have to start thinking about you know these kinds of things where a virus could impact the United States shut down the economy devastating impact so I think Wars can be digital and so I may be an alarmist and a conspirators but I think that you know thinking about it and talking about it might be a good thing so appreciate your insights there Phil appreciated what one other point that might be interesting a few years back I was doing some research with the National Lab and we're looking for novel of cybersecurity analytics and we hired some folks who worked in the biology the bio the biomedical community who were studying a biome fires at the time and it was in recognition that there's a lot of commonality between those who are doing cybersecurity analytics and those reviewing bio biology or biomedical type analytics in you know there was a lot of good cross fertilization between our teams and it kind of helps you bring up one more there's one more point which is what we need to do in cybersecurity in general is have more diversity of workforces right now I don't mean just the traditional but important diversities of sex or color but diversity of experiences right some of the best people I've worked with in the cyber analytics field weren't computer science trained people and that's because they came in problems differently with a different background so one of the things that's really important to our field at large and of course the company my company fort net is to massively increase the amount of cyber security training that's available to people not just the computer scientists the world and the engineers but people in other areas as well the other degree to non-greek people and with that a you know higher level of cyber security training available to a more diverse community not only can we solve the problem of numbers we don't have enough cybersecurity people but we can actually increase our ability to defend against these things I have more greater diversity of thought experience you know that's such a great point I think I just put an exclamation point on that I get that question all the time and the skills gap is should I study computer science and like actually if you can solve problems that's a good thing but really diversity about diversity is a wonderful thing in the age of unlimited compute power because traditionally diversity whether it was protocol diversity or technical diversity or you know human you know makeup that's tend to slow things down but you get higher quality so that's a generalization but you get the point diversity does bring quality and if you're doing a data science you don't want have a blind spot I'm not have enough data so yeah I think a good diverse data set is a wonderful thing you're going to a whole nother level saying bringing diversely skill sets to the table because the problems are diverse is that what you're getting at it is it's one of our I'll say our platforms that we're talking about during the during the covered nineteen crisis which is perhaps there's perhaps we could all make ourselves a little bit better by taking some time out since we're not competing taking some time out and doing a little bit more online training where you can where you can either improve your current set of cybersecurity skills of knowledge or be introduced to them for the first time and so there's one or some wonderful Fortinet training available that can allow both the brand-new folks the field or or the the intermediate level folks with you become higher level experts it's an opportunity for all of us to get better rather than spending that extra hour on the road every day why don't we take at least you know 30 of those 60 minutes or former commute time and usually do some online soccer security treaty feel final question for you great insight great conversation as the world and your friends my friends people we don't know other members of society as they start to realize that the virtualization of life is happening just in your section it's convergence what general advice would you have for someone just from a mental model or mindset standpoint to alleviate any anxiety or change it certainly will be happening so how they can better themselves in their life was it is it thinking more about the the the experiences is it more learning how would you give advice to folks out there who are gonna come out of this post pandemic certainly it's gonna be a different world we're gonna be heightened to digital and virtual but as things become virtualized how can someone take this and make a positive outcome out of all this I I think that the future the future remains bright earlier we talked about sci-fi the integration of the cyber world in the physical world that's gonna provide great opportunities to make us more efficient gives us more free time detect bad things from happening earlier and hopefully mitigating those bad things from happening earlier so a lot of things that some people might use as scare tactics right convergence and Skynet in in robotics and things like that I believe these are things that will make our lives better not worse our responsibilities though is talking about those things making sure people understand that they're coming why they're important and make sure we're putting the right security and privacy to those things as these worlds this physical world and the soccer worlds converged I think the future is bright but we still have some work to do in terms of um making sure we're doing things at very high speeds there's no delay in the cybersecurity we put on top of these applications and make sure we have very very well integrated solutions that don't cause things to become more complex make make things easier to do certainly the winds of change in the big waves with the transformations happening I guess just summarize by saying just make it a head win I mean tailwind not a headwind make it work for you at the time not against it Phil thank you so much for your insights I really appreciate this cube conversation remote interview I'm John Ford with the cube talking about cybersecurity and the fundamentals of understanding what's going on in this new virtual world that we're living in to being virtualized as we get back to work and as things start to to evolve further back to normal the at scale problems and opportunities are there and of course the key was bringing it to you here remotely from our studio I'm John Ferrier thanks for watching [Music]

>>live from San Francisco. It's the queue covering our essay conference 2020 San Francisco Brought to you by Silicon Angle Media >>Hey, welcome back here. Ready? Jeff Frick here with the Cube. We're in our 2020 the biggest security conference in the country, if not the world. I guess there's got to be 50,000 people. We'll get the official word tomorrow. It's our sixth year here and we're excited to be back. I'm not sure why. It's 2020. We're supposed to know everything at this point in time with the benefit on inside. We got two people that do. You know a lot. We're excited to have him. My left is Chris Bets is the SVP and chief security officer for Centurylink. Chris, Great to see you. And to his left is Chris Smith, VP Global security Services for Centurylink. Welcome. >>Thank you for having me. >>Absolutely. You guys just flew into town >>just for the conference's great To be here is always a really exciting space with just a ton of new technology coming out. >>So let's just jump into it. What I think is the most interesting and challenging part of this particular show we go to a lot of shows you 100 shows a year. I don't know that there's one that's got kind of the breadth and depth of vendors from the really, really big the really, really small that you have here. And, you know, with the expansion of Moscone, either even packing more women underneath Howard Street, what advice do you give to people who are coming here for the first time? Especially on more than the buyer side as to how do you navigate this place >>when I when I come here and see So I'm always looking at what the new technologies are. But honestly, having a new technology is not good enough. Attackers are coming up with new attacks all the time. The big trick for me is understanding how they integrate into my other solutions. So I'm not so I'm not just focused on the technology. I'm focused on how they all fit together. And so the vendors that have solutions that fit together that really makes a difference in my book. So I'm looking for for products that are designed to work with each other, not just separate >>from a practice standpoint. The theme of IRA say this year is the human element, and for us, if you look at this floor, it's overwhelming. And if you're a CSO of an average enterprise, it's hard to figure out what you need to buy and how to build a practice with all of the emerging tools. So for us core to our practice, I think any mature, 30 security practices having a pro services capability and consulting capability that can be solved this all together, that helps you understand what to buy, what things to piece together and how to make it all work >>right. And it's funny, the human element that is the kind of the global theme. And what's funny is for all the technology it sounds like. Still, the easiest way in is through the person, whether it's a phishing attack or there's a myriad of ways that people are getting him to the human. So that's kind of a special challenge or trying to use technology to help people do a better job. At the end of the day, sometimes you're squishy ISS or easier access point is not a piece of technology, but it's actually a person. It's >>often because We asked people to do the wrong things. We're having them. Focus on security steps. Use email. Security is an easy to grasp example way all go through training every year to teach folks how to make sure that they avoid clicking on the wrong emails for us more often than a year. So the downside of that is arresting people to take a step away from their job and try to figure out how to protect themselves. And is this a bad emails that are really focusing on the job? So that's why it's so important to me to make sure that we've got solutions that help make the human better and frankly, even worse in security. We don't have the staff that we need. And so how do we help Make sure that the right tools are there, that they work together. They automate because asking everybody to take those steps, it's just it's a recipe for disaster because people are going to make mistakes >>right? Let's go a little deeper into the email thing. A friend of mines and commercial real estate, and he was describing an email that he got from his banker describing a wire transfer from one of his suppliers that he has a regular, ongoing making relationship with. You know, it's not the bad pronunciation and bad grammar and kind of the things that used to jump out is an obvious. But he said it was super good to the point where thankfully, you know, it was just this time. But, you know, he called the banker like, did you just send me this thing? So you know where this as the sophistication of the bad guys goes up specifically targeting people, how do you try to keep up with how do you give them the tools to know Woe versus being efficient? I'm trying to get my job done. >>Yeah, for me, it starts with technology. That takes a look. We've only got so many security practitioners in the company. Actually. Defend your email example. We've got to defend every user from those kinds of problems. And so how do I find technology solutions that help take the load off security practitioners so they can focus on the niche examples that really, really well crafted emails and help take that load off user? Because users just not gonna be able to handle that right? It's not fair to ask them. And like you said, it was just poorly time that helped attack. So how do we help? Make sure that we're taking that technology load off, identify the threats in advance and protect them. And so I think one of the biggest things that Chris and I talk a lot about is how to our solutions help make it easier for people to secure themselves instead of just providing only technology technology advantage, >>our strategy for the portfolio and it sort of tied to the complexity. CN This floor is simplicity. So from our perspective, our goal is a network service provider is to deliver threat free traffic to our customers even before it gets to the human being. And we've got an announcement that we launched just a week ago in advance of the show called Rapid Threat Defense. And the idea is to take our mature threat Intel practice that Chris has a team of folks focused on that. We branded black Lotus labs and Way built a machine learning practice that takes all the bad things that we see out in the network and protects customers before it gets to their people. >>So that's an interesting take. You have the benefit of seeing a lot of network traffic from a lot of customers and not just the stuff that's coming into my building. So you get a much more aggregated approach, so tell us a little bit more about that. And what is the Black Lotus Labs doing? And I'm also curious from an industry point of view, you know, it's just a collaboration with the industry cause you guys are doing a lot of traffic. There's other big network providers carrying a lot of traffic. How well do you kind of work together when you identify some nasty new things that you're doing the horizon? And where do you draw the line between better together versus still independent environment? >>When we're talking about making the Internet safer, it's not really to me a lot about competitive environment. It's really about better together. That's one of things I love about the security community. I'm sure you see it every year when you're here. You're talking security practitioners how across every industry security folks work together to accomplish something that's meaningful. So as the largest world's largest global I P we get to see a ton of traffic, and it's really, really interesting we'll be able to put together, you know, at any given point in time. We're watching many tens of thousands of probable malware networks. We're protecting our customers from that. But we're also able to ourselves take down nearly 65 now where networks every month just knock them off the Internet. So identify the command and control, and we take it off the Internet. We work with our partners. We go talk to hosting providers, maybe competitors of ours. And we say, Hey, here's a bad, bad actors bad server that's being used to control now where? Going shut it down. And so the result of that is not only protecting our customers, but more importantly, protecting tens of thousands of customers every month. By removing now where networks that were attacking, that really makes a difference. To me, that's the biggest impact we bring. And so it really is a better together. It's a collaboration story and, of course, for said, we get the benefit of that information as we're developing it as we're building it, we can protect our customers right away while we're building the confidence necessary to take something as dramatic and action as shutting down on our network. Right. Unilaterally, >>Citrix. I was gonna ask you kind of the impact of I o t. Right in this in this crazy expansion of the tax services, when you hear about all the time with my favorite example, somebody told the story of attacking a casino through the connected thermometer in the fish tank in the lobby, which may or may not be true, is still a great story. Great story. But I'm curious, you know, looking at the network, feeding versus the devices connecting that's really in an interesting way to attack this proliferation of attack services. You're getting it before it necessarily gets to all these new points of presence doing it based on the source. For >>us, that's the only way to make it scalable. It is true that automation blocking it before it gets to the azure to a device. It is what will create simplicity and value for our customers. >>Right on the other piece of the automation. Of course, that we hear about all the time is there just aren't enough security professionals, period. So if you don't have the automation. You don't have the machine learning, as you said, to filter low hanging fruit and the focus your resource. If they need to be, you're not going to do it. The bad news is the bad guys, similar tools. So as you look at kind of the increase in speed of automation, the increase in automated connectivity between these devices making decisions amongst each other, how do you see that kind of evolving? But you're kind of role and making sure you stay a step ahead of the bad guys. For >>me, it's not about just automation. It's about allowing smart people to put their brains against hard problems, hard impactful problems and so on. So simply automating is not enough. It's making sure that automation is reducing the the load on people so that they're able to focus on those hard, unique problems really solve all those solutions and, yes, Attackers, Attackers build automation as well. And so if we're not building faster and better than we're falling behind, so like every other part of this race, it's about getting better, faster and why it's so important that technology work together because we're constantly throwing out more tools and if they don't work better together, even if we got incremental automation, these place way still miss overall because it's end to end that we need to defend ourselves and our customers >>layered on what he said. For the foreseeable future, you're gonna need smart security people that help protect your practice. Our goal in automation is take the road tasks out of out of the gate. They live so they can focus on the things that provide the most value protecting their enterprise. >>Right when you're looking, you talked about making sure things work together, for you talked about making sure things work together. How do you decide what's kind of on the top of the top of the stack, where everybody wants to own the single pane of glass? Everybody wants to be the control plane. Everybody wants to be that thing that's on your computer all the time, which is how you work your day to day. How do you kind of dictate what are the top level tools while still going out? And, he said, exploring some of these really cutting edge things out around the fringe, which don't necessarily have a full stack solution that you're going to rely on but might have some cool kind of point solutions if you will, or point products to help you plug some new and emerging holes. Yeah, >>yeah. So for us, yeah, we take security capabilities and we build them into the other things that we sell. So it's not a bolt on. So when you buy things from us, whether whether it's bandwidth or whether its SD wan and security comes baked in, so it's not something you have to worry about integrating later. It's an ingredient of the things that we sell in all of the automation that we build is built into our practice, So it's simple for our customers to understand, like, simple and then layered. On top of that, we've got a couple different ways that we bring pro services and consulting to our practice. So we've got a smart group of folks that could lean into staff, augment and sit on site, do just about anything to help customers build a practice from day zero to something more mature. But now we're toying with taking those folks in building them into products and services that we sell for 10 or 20 hours a month as an ingredient. So you get that consulting wrapper on top of the portfolio that we sell as a service provider. >>Get your take on kind of budgets and how people should think about their budgets. And when I think of security, I can't help but think of like insurance because you can't spend all your money on security. But you want to spend the right amount on security. But at the end of the day, you can't be 100% secure, right? So it's kind of kind of working the margins game, and you have to make trade offs in marketing, wants their money and product development, wants their money and sales, wants their money. So what people are trying to assess kind of the risk in their investment trade offs. What are some of the things they should be thinking about to determine what is the proper investment on security? Because it can't just be, you know, locker being 100% it's not realistic, and then all the money they help people frame that. >>Usually when companies come to us in, Centurylink plays in every different segment, all the way down to, you know, five people company all the way to the biggest multinationals on the planet. So that question is, in the budget is a little bit different, depending on the type of customer, the maturity and the lens are looking at it. So, typically, way have a group of folks that we call security account managers those our consultants and we bring them in either in a dedicated or a shared way. Help companies that's us, wear their practices today in what tool sets for use again things that they need to purchase and integrate to get to where they need to be >>really kind of a needs analysis based on gaps as much as anything else. >>That's part of the reason why we try to build prisons earlier, so many of the technologies into our solution so that so that you buy, you know, SD wan from us, and you get a security story is part of it is that that allows you to use the customer to save money and really have one seamless solution that provides that secure experience. We've been building firewalls and doing network based security for going on two decades now, in different places. So at this point, that is a good place that way, understand? Well, we can apply automation against it. We can dump, tail it into existing services and then allow focused on other areas of security. So it helps. From a financial standpoint, it also helps customers understand from where they put their talent. Because, as you talked about, it's all about talents even more so than money. Yes, we need to watch our budgets. But if you buy these tools, how do you know about the talent to deploy them? And easier You could make it to do that simpler. I think the better off right >>typical way had the most success selling security practices when somebody is either under attacker compromised right, then the budget opens right up, and it's not a problem anymore. So we thought about how to solve that commercially, and I'll just use Vitas is an example. We have a big D dos global DDOS practice that's designed to protect customers that have applications out on the Internet that are business critical, and if they go down, whether it's an e commerce or a trading site losing millions of dollars a day, and some companies have the money to buy that up front and just have it as a service. And some companies don't purchase it from us until they're under attack. And the legacy telco way of deploying that service was an order and a quote. You know, some days later, we turned it up. So we've invested with Christine the whole orchestration layer to turn it up in minutes and that months so you can go to our portal. You can enter a few simple commercial terms and turn it on when you need it. >>That's interesting. I was gonna ask you kind of how has cloud kind of changed the whole go to market and the way people think about it. And even then you hear people have stuff that's secure in the cloud, but they mis configured a switch left something open. But you're saying, too it enables you to deploy in a very, very different matter based on you know, kind of business conditions and not have that old, you know, get a requisite get a p o requisition order, install config. Take on another kind of crazy stuff. Okay, so before I let you go, last question. What are your kind of priorities for this show for Centurylink when it's top of mind, Obviously, you have the report and the Black Lotus. What do you guys really prioritizing for this next week? Here for Cisco. >>We're here to help customers. We have a number of customers, a lot of learning about our solutions, and that's always my priority. And I mentioned earlier we just put out a press release for rapid threat defense. So we're here to talk about that, and I think the industry and what we're doing this little bit differently. >>I get to work with Chris Motions Week with customers, which is kind of fun. The other part that I'm really excited about, things we spent a bunch of time with partners and potential partners. We're always looking at how we bring more, better together. So one of the things that we're both focused on is making sure that we're able to provide more solutions. So the trick is finding the right partners who are ready to do a P I level integration. The other things that Chris was talking about that really make this a seamless and experience, and I think we've got a set of them that are really, really interested in that. And so those conversations this week will be exceptionally well, I think that's gonna help build better technology for our customers even six months. >>Alright, great. Well, thanks for kicking off your week with the Cube and have a terrific week. Alright. He's Chris. He's Chris. I'm Jeff. You're watching the Cube. Where? The RSA Conference in downtown San Francisco. Thanks for watching. See you next time. >>Yeah, yeah.