>> We're back at AWS reinvent 2021. You're watching theCUBE. We're here live with one of the first live events, very few live events this year. It's the biggest hybrid event really of the year, of the season. Hopefully it portends a great future. We don't know it's a lot of uncertainty, but AWS said they're going to go for it. Close to 30,000 people here, Chris Wiborg is here. He's the VP of product marketing at Cohesity. Chris, great to see you face to face man. >> It's great to see you live again Dave. You understand that. >> Over the last couple of years we've had a lot of virtual meetup, hang out, and we talk every other quarter. >> Yeah. >> So it's great to see. Wow. You know, we were talking before the show. Well, we didn't really know what it was going to be like. I don't think AWS knew. >> No. >> It's like everything these days. >> You know, we did our own virtual event back in October because that was the time. And this is the first thing we've been back to live. And I was wondering, what's going to be like when I show up, but it's great to see all the folks that are here. >> Yeah. So I could see the booth. You know, you guys have had some good traffic. >> We have, yeah. >> A lot of customers here, obviously huge ecosystem. This, you know, the "flywheel keeps going". >> Yeah. You and I had a conversation recently about data management. It's something that you guys have put a stake in the ground. >> Absolutely. >> Saying, you know, we're not just backup, we're a good data management. It's fuzzy to a lot of people, we've had that conversation, but you're really starting to, through customer feedback, hone that message and the product portfolio. So let's start from the beginning. What is data management to cohesity? >> Well, so for us it's about the data lifecycle, right? And you heard a little bit about this actually during the keynote today, right? >> Right. >> When you think about the various services, you need to apply to data along the way to do basic things like protect it, be able to make sure you can recover from disasters, obviously deal with security today given the prevalence of ransomware out there, all the way down to at the end, how do you get more value out of it? And we do that in some cases with our friends from AWS using some of their AIML services. >> So your view of data may mean, it's kind of stops at the database right underneath. There's an adjacency to security that we've talked about. >> Yeah, very much. >> Data protection is now becoming an increasingly important component of a security strategy. >> It is. >> It's not a direct security play, but it's just the same way that it's not just the SecOps team has to worry about security anymore. It's kind of other parts of the organization. Talk about that a little bit. >> Yeah, well, we actually had a customer advisory board about two months or so ago now. And we talked to many of our customers there, and one of them I won't name, a large financial institution. We asked them, you know, where did we stand in your spend these days? And he's able to tell you, a while back about a year ago, having new backup and recovery is a starting point was kind of on the wishlist. And he said today it's number two. And I said, well why? He said well, because of ransomware, right? You'd be able to come back from that and ask, well, great, what's number one? He said, well, endpoint security. So there you are, number one and number two, right? Top of mind for customers these days in dealing with really the scourge that's affecting so many organizations out there. And I think where you're going, you starting to see these teams work together in a way that perhaps they hadn't before, or you've got the SecOps team, you've got the IT operations team. And while exactly your point, we don't position ourselves as just a data security company, that's part of what we do. We are part of that strategy now where if you have to think about the various stages and dealing with that, defending your backups, 'cause that's often the first point of attack now for the bad guys. Being able to detect what's going on through AI and the anomaly detection and such, and then being able to rapidly recover, right? In the recover phase, that's not something that security guys spend time on necessarily, but it's important for the business to be able to bring themselves back when they're subject to an attack, and that's where we come in in spades. >> Yeah. So the security guys are busy trying to figure out, okay, what happened? How do we stop it from happening again? >> There's another business angle which is okay, how do we get back up and running? How much data did we lose? Ideally none. How fast can we get it back up? That's that's another vector that's now becoming part of that broader security stack. >> That's right. I mean, I think if you look at the traditional NIST cybersecurity framework, right? Stage five has always been the recover piece. And so this is where we're working with some of the players in the security space. You may see an announcement we did with Cisco around secure access recently. Where, you know, we're working together, not only to unite two tribes within large organizations. Right? The SecOps and ITOps guys. But then bringing vendors together because it's through that, that really, we think we're going to solve that problem best. >> Before we get into the portfolio, and I want to talk about how you've evolved that, let's talk a little about ransomware, it's in the news. You know, I just wrote a piece recently and just covered some of the payments that have made. I mean, I think the biggest is 40 million, but many tens of millions here and there. And it was, you know, one case, I think it was the Irish health service did not pay, thus far hasn't paid, but it's costing him $600 million to recover as the estimate. So this is serious threat. And as I've said, many times on theCUBE, exactly anybody can be a ransomware as they go on the dark web. >> Ransomware is a service. >> Right, ransomware is a service. Hey, can you set up a help desk for me to help me negotiate? And I'm going to put a stick into a server and you know, I hope that individual gets arrested but you never know. Okay. So now it's top of mind, what are you guys doing? First of all, what are you seeing from customers? How are they responding? What are you guys doing to help? >> Well, I think you're right. First of all, it's just a huge problem. I think the latest stat I saw was something like every 11 seconds there's a new attack because I can go into your point with a credit card, sign up as a service and then launch an attack. And the average payment is around 4.2 million or such, but there's some that are obviously lots bigger. And I think what's challenging is beyond the costs of recovering and invent itself is there's also the issue around brand and reputation, and customer service. And all these downstream effects that I think, you know, the IT guys don't think about necessarily. We talked to one customer or a regional hospital where the gentleman there told me that what he's starting to see after the fact is now, you've actually got class action suits from patients coming after them saying like, "Hey you, you let my data get stolen. Right? Can you imagine no IT guys thinking about that. So the cost is huge. And so it's not just an issue I think that was once upon a time just for ITOps or SecOps through the CIO, even it's even past the board level now if you can imagine. It's something the general public worries about and we actually did a survey recently where we asked people on the consumer side, are you more or less likely to do business with companies if you know they've been subject to ransomware or attacks? And they said, no, we are concerned about that, we are more reticent to do business with people as consumers if they're not doing the right things to defend their business against ransomware. Fascinating. Right? It's long past the tipping point where this is an IT only issue. >> So, high-level strategy. So we talk about things like air gaps, when I talked about your service to ensure immutability, >> Yeah, yeah. >> And at 50,000 foot level, what's the strategy then I want to get into specifics on it. >> Let's talk a little bit about, so the evolution of the attack, nature of attacks, right? So once upon a time, this is in the distant past now, the bad guys that you used to come after your production data, right? And so that was pretty easy to fix with companies like us. It's just restore from backup. They got a little smarter< let's call that ransomware 2.0, right? Where now, they say, let's go after the backup first and encrypt or destroy that. And so there, to your point, you need immutability down to the file system level. So you can't destroy the backup. You got to defend the backup data itself. And increasingly we're seeing people take in isolation in a different way than they used to. So you probably recall the sort of standard three, two, one rule, right? >> Yeah, sure. >> Where the one traditionally meant, take that data offsite on magnetic tape, send it to Iron mountain for example, and then get the data back when I need it. Well, you know, if your business is at risk, trying to recover from tape, it just takes too long. That's just no reason. >> It can be weeks. >> It can be weeks and you've got to locate the tapes, you got to ship them, then you got to do the restore. And just because of the physical media nature, it takes a while. So what we're starting to see now is people figuring out how to use the cloud as a way to do that and be able to have effectively that one copy stored offsite in a different media, and use the cloud for that. And so one of the things we announced actually back in our show in October, was a new service that allows you to do just that. We're calling it for now Project Fort Knox. We're not sure if that name is going to work globally, right? But the idea is a bunker, an isolated copy of the data in the cloud that's there, that can restore quickly. Now, is it as fast as having a local replica copy? Of course not. But, it's way better than tape. And this is a way to really give you that sort of extra layer of insurance on top of what you're already doing probably to protect your data. >> And I think that's the way to think of it. It's an extra layer. It's not like, hey, do this instead of tape, you're still going to do tape, you know. >> There's some that do that for all sorts of reasons, including compliance and governance and regulatory ones. Right? >> Yeah. >> And, you know, even disaster recovery scenarios of the worst case, I hope I never have to go through it. Yeah, you could go to the cloud. >> That's right. >> So, local copy is the best. If that's not there, you've got your air gap copy in the cloud. >> Yap. >> If that's not there for some crazy reason. >> We have a whole matrix we've been sharing with our customers recently with a different options. Right? And it's actually really interesting the conversation that occurs between the IT operations folks, and the SecOps folks back to that. So, you know, some SecOps folks, if they could, they just unplug everything from the network, it's safe. Right? But they can't really do business that way. So it's always a balance of what's the return that you need to meet. And by return I mean, coming back from an attack or disaster versus the security. And so again, think of this as an extra layer that gives you that ability to sleep better at night knowing that you've got a third, a tertiary copy, stored somewhere offsite in a different media, but you can bring it back at the same time. >> How have you evolve your portfolio to deal with both the data management trends that we've talked about and the cyber threats. >> Yeah. Well, a number of things. So amongst the other announcements we made back in October is DR. So DR is not a security thing per se, you know, who gets paged when something goes wrong? It's not the info SEC guys for DR, it's the ITOps guys. And so we've always had that capability, but one of the things we announced is be able to do that to do that to the cloud now in AWS. So, instead of site to site, being able to do it site to cloud, and for some organizations, that is all about being able to maybe eliminate a secondary site, you know, smaller organizations, others that are larger enterprises, they probably have a hybrid strategy where that's a part of their strategy now. And the value there is, it's an OpEx cost, right? It's not CapEx anymore. And so again, you lower your cost of operations. So that's one thing in the data management side. On the security side, another thing we announced was yet another service that runs in AWS, we call Cohesity Data Govern. And this is a way to take a look at your data before something ever occurs. One of the key things in dealing with ransomware is hygiene is prevention, right? And so you sort of have classically security folks that are trying to protect your data, and then another set of folks, certainly a large enterprise that are more on the compliance regulatory front, wanting to know where your PII is, your private sensitive data. And we believe those things need to come together. So this data governance product actually does that. It takes a look at first classifying your data, and then being able to detect anomalies in terms of who's coming in from where to get to it, to help you proactively understand what's at threat, and first of all, you know, where your crown jewels really are and make sure that you're protecting those appropriately and maybe modifying access policies If you have set up in your existing native applications,. So it's a little bit of awareness, a little bit prevention, and then when things start to go wrong, another layer that helps you know what's wrong. >> I love that the other side of the coin, I mean, you going to get privacy as a service along with my data protection as a service, know that's a better model. Tight on time sir, but the last question. >> Sure. >> The ecosystem. >> Yeah. >> So you mentioned endpoint security, I know identity access is cloud security, and since the remote work has really escalated, we talk about the ecosystem and some of the partnerships that you're enabling, API integration. >> Yeah, totally. So, you know, we have this, what we call our threat defense model, has got four layers to it. One is the core, is all about resiliency. You need to assume failure. We have, you know, the ability to fail over, fail back down our file system. It has to be immutable to keep the bad guys out. You have to have encryption, basic things like that. The next layer, particularly in this world of zero trust. Right? Is you have to have various layers access control, obvious things like multifactor authentication, role-based access control, as well as things like quorum features. It's the two keys in the safety deposit box to unlock it. But that's not enough. The third layer is AI powered anomaly detection, and being able to do data classification and stuff and such. But then the fourth layer, and this was beyond just us, is the ability to easily integrate in that ecosystem. Right? So I'll go back to the Cisco example I gave you before. We know that despite having our own admin console, there's no SecOps person that's going to be looking at that. They're going to look at something like a SecureAX, or maybe a Palo Alto XR, and be able to pull signals from different places including endpoints, including firewall. >> You going to feed that. >> Exactly. So we'll send signals over that, they can get a better view and then because we're all API based, they can actually invoke the remedy on their side and initiate the workflow that then triggers us to do the right thing from a data protection standpoint, and recovery standpoint. >> It's great to have you here. Thanks so much for coming on. >> It's good to see you again live today. >> See you in the evolution of cohesity. Yes, absolutely. Hopefully we do this a lot in 2022, Chris. >> Absolutely, looking forward to. >> All right. Me too. All right, thank you for watching this is theCUBE's coverage, AWS reinvent. We are the leader in high tech coverage, we'll be right back.