>>Hey everyone, and welcome back to Las Vegas. Viva Las Vegas, baby. This is the Cube live at AWS Reinvent 2022 with tens of thousands of people. Lisa Martin here with Dave Valante. Dave, we've had some great conversations. This is day one of four days of wall to wall coverage on the cube. We've been talking data. Every company is a data company. Data protection, data resiliency, absolutely table stakes for organizations to, >>And I think ecosystem is the other big theme. And that really came to life last year. You know, we came out of the pandemic and it was like, wow, we are entering a new era. People no longer was the ecosystem worried about it, AWS competing with them. They were more worried about innovating and building on top of AWS and building their own value. And that's really, I think, the theme of the 2020s within the ecosystem. >>And we're gonna be talking about building on top of aws. Two guests join us, two alumni join us. Stephen Manley is here, the CTO of Druva. Welcome back. Jason crat as well is here. CIO and CTO of Summit Carbon Solutions. Guys, great to have you back on the program. >>Thank you. >>Let's start with you giving the audience an understanding of the company. What do you guys do? What do you deliver value for customers? All that good >>Stuff. Yeah, no, for sure. So Summit Carbon is the world's largest carbon capture and sequestration company capturing close to 15 million tons of carbon every year. So it doesn't go into the atmosphere. >>Wow, fantastic. Steven, the, the risk landscape today is crazy, right? There's, there's been massive changes. We've talked about this many times. What are some of the things, you know, ransomware is a, is, I know as you say, this is a, it's not a, if it's gonna happen, it's when it's how frequent, it's what's gonna be the damage. What are some of the challenges and concerns that you're hearing from customers out there today? >>Yeah, you know, it really comes down to three things. And, and everybody is, is terrified of ransomware and justifiably so. So, so the first thing that comes up is, how do I keep up? Because I have so much data in so many places, and the threats are evolving so quickly. I don't have enough money, I don't have enough people, I don't have enough skilled resources to be able to keep up. The second thing, and this ties in with what Dave said, is, is ecosystem. You know, it used to be that your, your backup was siloed, right? They'd sit in the basement and, and you wouldn't see, see them. But now they're saying, I've gotta work with my security team. So rather than hoping the security team stays away from me, how do I integrate with them? How do I tie together? And then the third one, which is on everybody's mind, is when that attack happens, and like you said, it's win and, and the bell rings and they come to me and they say, all right, it's time for you to recover. It's time for, for all this investment we've put in. Am I gonna be ready? Am I going to be able to execute? Because a ransom or recovery is so different than any other recovery they've ever done. So it's those three things that really are top of mind for >>How, so what is the, what are the key differences, if you could summarize? I mean, I >>Know it's so, so the first one is you can't trust the environment you're restoring into. Even with a disaster, it would finish and you'd say, okay, I'm gonna get my data center set up again and I'm gonna get things working. You know, when I try to recover, I don't know if everything's clean yet. I'm trying to recover while I'm still going through incident response. So that's one big difference. A second big difference is I'm not sure if the thing I'm recovering is good, I've gotta scan it. I've gotta make sure what's inside it is, is, is alright. And then the third thing is what we're seeing is the targets are usually not necessarily the crown jewels because those tend to be more protected. And so they're running into this, I need to recover a massive amount of what we might call tier two, tier three apps that I wasn't ready for because I've always been prepared for that tier one disaster. And so, so those three things they go, it's stuff I'm not prepared or covering. It's a flow. I'm not used to having to check things and I'm not sure where I'm gonna recover too when the, when the time comes. >>Yeah, just go ahead. Yeah, that's right. I mean, I think for me, the biggest concern is the blind spots of where did I actually back it up or not. You know, what did I get it? Cuz you, we always protect our e r p, we always protect these sort of classes of tiers of systems, but then it's like, oh, that user's email box didn't get it. Oh, that, you know, that one drive didn't get it. You know, or, or, or whatever it is. You know, the infrastructure behind it all. I forgot to back that up. That to me the blind spots are the scariest part of a ransomware attack. >>And, and if you think about it, some of the most high profile attacks, you know, on the, on the colonial pipeline, they didn't go after the core assets. They went after billing. That's right. But billing brought everything down so they're smart enough to say, right, I'm not gonna take the, the castle head on. Is there is they're that. Exactly. >>And so how do you, I get, I mean you can air gap and do things like that in terms of protecting the, the, the data, the corrupt data. How do you protect the corrupt environment? Like that's, that's a really challenging issue. Is >>It? I don't know. I mean, I'll, I'll you can go second here. I think that what's interesting to me about is that's what cloud's for. You can build as many environments as you want. You only pay for what you use, right? And so you have an opportunity to just reconstruct it. That's why things, everything is code matters. That's why having a cloud partner like Druva matters. So you can just go restore wherever you need to in a totally clean environment. >>So the answer is you gotta do it in the cloud. Yeah. What if it's on prem? >>So if it's on prem, what we see people do is, and, and, and this is where testing and, and where cloud can still be an asset, is you can look and say a lot of those assets I'm running in the data center, I could still recover in the cloud. And so you can go through DR testing and you can start to define what's in your on-prem so that you could make it, you know, so you can make it cloud recoverable. Now, a lot of the people that do that then say, well actually why am I even running this on prem anymore in the first place? I should just move this to the cloud now. But, but, but there are people in that interim step. But, but, but it's really important because you, you're gonna need a clean environment to play in. And it's so hard to have a clean environment set up in a data center cuz it basically means I'm not touching this, I'm just paying for something to sit idle. Whereas cloud, I can spin that up, right? Get a, a cloud foundation suite and, and just again, infrastructures code, spin things up, test it, spin it down. It doesn't cost me money on a daily basis. >>Jason, talk a little bit about how you are using Druva. Why Druva and give us a kind of a landscape of your IT environment with Druva. >>Yeah. You know, so when we first started, you know, we did have a competitor solution and, and, and it was only backing up, you know, we were a startup. It was only backing up our email. And so as you pointed out, the ecosystem really matters because we grew out of email pretty quick as a startup. And we had to have real use cases to protect and the legacy product just wouldn't support us. And so our whole direction, or my direction to my team is back it up wherever it is, you know, go get it. And so we needed somebody in the field, literally in the middle of Nebraska or Iowa to have their laptop backed up. We needed our infrastructure, our data center backed up and we needed our, our SaaS solutions backed up. We needed it all. And so we needed a partner like Druva to help us go get it wherever it's at. >>Talk about the value in, with Druva being cloud native. >>Yeah. To us it's a big deal, right? There's all sorts of products you could go by to go just do endpoint laptop protection or just do SAS backups. For us, the value is in learning one tool and mastering it and then taking it to wherever the data is. To me, we see a lot of value for that because we can have one team focus on one product, get good at it, and drive the value. >>That consolidation theme is big right now, you know, the economic headwinds and so forth. What was the catalyst for you? Was it, is that something you started, you know, years ago? Just it's good practice to do that? What's, >>Well, no, I mean luckily I'm in a very good position as a startup to do define it, you know, but I've been in those legacy organizations where we've got a lot of tech debt and then how do you consolidate your portfolio so that you can gain more value, right? Cause you only get one budget a year, right? And so I'm lucky in, in the learnings I've had in other enterprises to deal with this head on right now as we grow, don't add tech debt, put it in right. Today. >>Talk to us a little bit about the SaaS applications that you're backing up. You know, we, we talk a lot with customers, the shared, the shared responsibility model that a lot of customers aren't aware of. Where are you using that competing solution to protect SaaS applications before driven and talk about Yeah. The, the value in that going, the data protection is our responsibility and not the SA vendor. >>No, absolutely. I mean, and it is funny to go to, you know, it's like Office 365 applications and go to our, our CFO and a leadership and be like, no, we really gotta back it up to a third party. And they're like, but why? >>It's >>In the cloud, right? And so there's a lot of instruction I have to provide to my peers and, and, and my users to help them understand why these things matter. And, and, and it works out really well because we can show value really quick when anything happens. And now we get, I mean, even in SharePoint, people will come to us to restore things when they're fully empowered to do it. But my team's faster. And so we can just get it done for them. And so it's an extra from me, it's an extra SLA or never service level I can provide to my internal customers that, that gives them more faith and trust in my organization. >>How, how are the SEC op teams and the data protection teams, the backup teams, how are they coming together? Is is, is data protection backup just morphing into security? Is it more of an adjacency? What's that dynamic like? >>So I'd say right now, and, and I'll be curious to hear Jason's organization, but certainly what we see broadly is, you know, the, the teams are starting to work together, but I wouldn't say they're merging, right? Because, you know, you think of it in a couple of ways. The first is you've got a production environment and that needs to be secured. And then you've got a protection environment. And that protection environment also has to be secured. So the first conversation for a lot of backup teams is, alright, I need to actually work with the security team to make sure that, that my, my my backup environment, it's air gapped, it's encrypted, it's secured. Then I think the, the then I think you start to see people come together, especially as they go through, say, tabletop exercises for ransomware recovery, where it's, alright, where, where can the backup team add value here? >>Because certainly recovery, that's the basics. But as there log information you can provide, are there detection pieces that you can offer? So, so I think, you know, you start to see a partnership, but, but the reality is, you know, the, the two are still separate, right? Because, you know, my job as a a protection resiliency company is I wanna make sure that when you need your data, it's gonna be there for you. And I certainly want to, to to follow best secure practices and I wanna offer value to the security team, but there's a whole lot of the security ecosystem that I want to plug into. I'm not trying to replace them again. I want to be part of that broader ecosystem. >>So how, how do you guys approach it? Yeah, >>That's interesting. Yeah. So in my organization, we, we are one team and, and not to be too cheesy or you know, whatever, but as Amazon would say, security is job one. And so we treat it as if this is it. And so we never push something into production until we are ready. And ready to us means it's got a security package on it, it's backed up, the users have tested it, we are ready to go. It's not that we're ready just be to provide the service or the thing. It's that we are actually ready to productionize this. And so it's ready for production data and that slows us down in some cases. But that's where DevOps and this idea of just merging everything together into a central, how do we get this done together, has worked out really well for us. So, >>So it's really the DevOps team's responsibility. It's not a separate data protection function. >>Nope. Nope. We have specialists of course, right? Yeah, yeah. Because you need the extra level, the CISSPs and those people Yeah, yeah. To really know what they're doing, but they're just part of the team. Yeah. >>Talk about some of the business outcomes that you're achieving with Druva so far. >>Yeah. The business outcomes for me are, you know, I meet my SLAs that's promising. I can communicate that I feel more secure in the cloud and, and all of my workloads because I can restore it. And, and that to me helps everybody in my organization sleep well, sleep better. We are, we transport a lot of the carbon in a pipeline like Colonial. And so to us, we are, we are potential victims of, of a pipe, a non pipeline group, right? Attacking us, but it's carbon, you know, we're trying to get it outta atmosphere. And so by protecting it, no matter where it is, as long as we've got internet access, we can back it up. That provides tons of value to my team because we have hundreds of people in the field working for us every day who collect data and generate it. >>What would you say to a customer who's maybe on the fence looking at different technologies, why dva? >>You know, I think, you know, do the research in my mind, it'll win if you just do the research, right? I mean, there might be vendors that'll buy you nice dinners or whatever, and those are, those are nice things, but the, the reality is you have to protect your data no matter where it is. If it's in a SaaS application, if it's in a cloud provider, if it's infrastructure, wherever it is, you need it. And if you just go look at the facts, there it is, right? And so I, I'd say be objective. Look at the facts, it'll prove itself. >>Look at the data. There you go. Steven Druva recently announced a data resiliency guarantee with a big whopping financial sum. Talk to us a little bit about that, the value in it for your customers and for prospects, >>Right? So, so basically there's, there's really two parts to this guarantee. The first is, you know, across five different SLAs, and I'll talk about those, you know, if we violate those, the customers can get a payout of up to 10 million, right? So again, putting, putting our money where our mouth is in a pretty large amount. But, but for me, the exciting part, and this is, this is where Jason went, is it's about the SLAs, right? You know, one of Drew's goals is to say, look, we do the job for you, we do the service for you so you can offer that service to your company. And so the SLAs aren't just about ransomware, some of them certainly are, you know, that, that you're going to be able to recover your data in the event of a ransomware attack, that your data won't get exfiltrated as part of a ransomware attack. >>But also things like backup success rates, because as much as recovery matters a lot more than backup, you do need a backup if you're gonna be able to get that recovery done. There's also an SLA to say that, you know, if 10 years down the road you need to recover your data, it's still recoverable, right? So, so that kind of durability piece. And then of course the availability of the service because what's the point of a service if it's not there for you when you need it? And so, so having that breadth of coverage, I think really reflects who Druva is, which is we're doing this job for you, right? We want to make this this service available so you can focus on offering other value inside your business. And >>The insurance underwriters, if they threw holy water on >>That, they, they, they were okay with it. The legal people blessed it, you know, it, you know, the CEO signed off on it, the board of directors. So, you know, it, and it, it's all there in print, it's all there on the web. If you wanna look, you know, make sure, one of the things we wanted to be very clear on is that this isn't just a marketing gimmick that we're, we're putting, that we're putting substance behind it because a lot of these were already in our contracts anyway, because as a SAS vendor, you're signing up for service level agreements anyway. >>Yeah. But most of the service level agreements and SaaS vendors are crap. They're like, you know, hey, you know, if something bad happens, you know, we'll, we'll give you a credit, >>Right? >>For, you know, for when you were down. I mean, it's not, you never get into business impact. I mean, even aws, sorry, I mean, it's true. We're a customer. I read define print, I know what I'm signing up for. But, so that's, >>We read it a lot and we will not, we don't really care about the credits at all. We care about is it their force? Is it a partner? We trust, we fight that every day in our SLAs with our vendors >>In the end, right? I mean this, we are the last line of defense. We are the thing that keeps the business up and running. So if your business, you know, can't get to his data and can't operate, me coming to you and saying, Dave, I've got some credits for you after you, you know, after you declare bankruptcy, it'll be great. Yeah, that's not a win. >>It's no value, >>Not helpful. The goal's gotta be, your business is up and running cuz that's when we're both successful. So, so, so, you know, we view this as we're in it together, right? We wanna make sure your business succeeds. Again, it's not about slight of hand, it's not about, you know, just, just putting fine print in the contract. It's about standing up and delivering. Because if you can't do that, why are we here? Right? The number one thing we hear from our customers is Dr. Just works. And that's the thing I think I'm most proud of is Druva just works. >>So, speaking of Juva, just working, if there's a billboard in Santa Clara near the new offices about Druva, what's, what's the bumper sticker? What's the tagline? >>I, I, I think, I think that's it. I think Druva just works. Keeps your data safe. Simple as that. Safe and secure. Druva works to keep your data safe and secure. >>Saved me. >>Yeah. >>Truva just works. Guys, thanks so much for joining. David, me on the program. Great to have you back on the cube. Thank you. Talking about how you're working together, what Druva is doing to really putting, its its best foot forward. We appreciate your insights and your time. Thank >>You. Thanks guys. It's great to see you guys. Likewise >>The show for our guests and Dave Ante. I'm Lisa Martin, you're watching the Cube, the leader in enterprise and emerging tech coverage.

(upbeat music) >> Hi, everyone, welcome to this program sponsored by HPE. I'm your host, Lisa Martin. We're here talking about being confident and trusting your server security with HPE. I have two guests here with me to talk about this important topic. Cole Humphreys joins us, global server security product manager at HPE, and Ann Potten, trusted supply chain program lead at HPE. Guys, it's great to have you on the program, welcome. >> Hi, thanks. >> Thank you. It's nice to be here. >> Ann let's talk about really what's going on there. Some of the trends, some of the threats, there's so much change going on. What is HPE seeing? >> Yes, good question, thank you. Yeah, you know, cybersecurity threats are increasing everywhere and it's causing disruption to businesses and governments alike worldwide. You know, the global pandemic has caused limited employee availability originally, this has led to material shortages, and these things opens the door perhaps even wider for more counterfeit parts and products to enter the market, and these are challenges for consumers everywhere. In addition to this, we're seeing the geopolitical environment has changed. We're seeing rogue nation states using cybersecurity warfare tactics to immobilize an entity's ability to operate, and perhaps even use their tactics for revenue generation. The Russian invasion of Ukraine is one example. But businesses are also under attack, you know, for example, we saw SolarWinds' software supply chain was attacked two years ago, which unfortunately went unnoticed for several months. And then, this was followed by the Colonial Pipeline attack and numerous others. You know, it just seems like it's almost a daily occurrence that we hear of a cyberattack on the evening news. And, in fact, it's estimated that the cyber crime cost will reach over $10.5 trillion by 2025, and will be even more profitable than the global transfer of all major illegal drugs combined. This is crazy. You know, the macro environment in which companies operate in has changed over the years. And, you know, all of these things together and coming from multiple directions presents a cybersecurity challenge for an organization and, in particular, its supply chain. And this is why HPE is taking proactive steps to mitigate supply chain risk, so that we can provide our customers with the most secure products and services. >> So, Cole, let's bring you into the conversation. Ann did a great job of summarizing the major threats that are going on, the tumultuous landscape. Talk to us, Cole, about the security gap. What is it, what is HPE seeing, and why are organizations in this situation? >> Hi, thanks, Lisa. You know, what we're seeing is as this threat landscape increases to, you know, disrupt or attempt to disrupt our customers, and our partners, and ourselves, it's a kind of a double edge, if you will, because you're seeing the increase in attacks, but what you're not seeing is an equal to growth of the skills and the experiences required to address the scale. So it really puts the pressure on companies, because you have a skill gap, a talent gap, if you will, you know, for example, there are projected to be 3 1/2 million cyber roles open in the next few years, right? So all this scale is growing, and people are just trying to keep up, but the gap is growing, just literally the people to stop the bad actors from attacking the data. And to complicate matters, you're also seeing a dynamic change of the who and the how the attacks are happening, right? The classic attacks that you've seen, you know, in the espionage in all the, you know, the history books, those are not the standard plays anymore. You'll have, you know, nation states going after commercial entities and, you know, criminal syndicates, as Ann alluded to, that there's more money in it than the international drug trade, so you can imagine the amount of criminal interest in getting this money. So you put all that together and the increasing of attacks it just is really pressing down as literally, I mean, the reports we're reading over half of everyone. Obviously, the most critical infrastructure cares, but even just mainstream computing requirements need to have their data protected, "Help me protect my workloads," and they don't have the people in-house, right? So that's where partnership is needed, right? And that's where we believe, you know, our approach with our partner ecosystem this is not HPE delivering everything ourself, but all of us in this together is really what we believe the only way we're going to be able to get this done. >> So, Cole, let's double-click on that, HPE and its partner ecosystem can provide expertise that companies in every industry are lacking. You're delivering HPE as a 360-degree approach to security. Talk about what that 360-degree approach encompasses. >> Thank you, it is an approach, right? Because I feel that security it is a thread that will go through the entire construct of a technical solution, right? There isn't a, "Oh, if you just buy this one server with this one feature, you don't have to worry about anything else." It's really it's everywhere, at least the way we believe it, it's everywhere. And in a 360-degree approach, the way we like to frame it, is it's this beginning with our supply chain, right? We take a lot of pride in the designs, you know, the really smart engineering teams, the designer, technology, our awesome, world-class global operations team working in concert to deliver some of these technologies into the market, that is, you know, a great capability, but also a huge risk to customers. 'Cause that is the most vulnerable place that if you inject some sort of malware or tampering at that point, you know, the rest of the story really becomes mute, because you've already defeated, right? And then, you move in to you physically deployed that through our global operations, now you're in an operating environment. That's where automation becomes key, right? We have software innovations in, you know, our iLO product of management inside those single servers, and we have really cool new GreenLake for compute operations management services out there that give customers more control back and more information to deal with this scaling problem. And then, lastly, as you begin to wrap up, you know, the natural life cycle, and you need to move to new platforms and new technologies, we think about the exit of that life cycle, and how do we make sure we dispose of the data and move those products into a secondary life cycle, so that we can move back into this kind of circular 360-degree approach. We don't want to leave our customers hanging anywhere in this entire journey. >> That 360-degree approach is so critical, especially given, as we've talked about already in this segment, the changes, the dynamics in the environment. Ann, as Cole said, this 360-degree approach that HPE is delivering is beginning in the manufacturing supply chain, seems like the first line of defense against cyberattackers. Talk to us about why that's important and where did the impetus come from? Was that COVID, was that customer demand? >> Yep, yep. Yeah, the supply chain is critical, thank you. So in 2018, we could see all of these cybersecurity issues starting to emerge and predicted that this would be a significant challenge for our industry. So we formed a strategic initiative called the Trusted Supply Chain Program designed to mitigate cybersecurity risk in the supply chain, and really starting with the product life cycle, starting at the product design phase and moving through sourcing and manufacturing, how we deliver products to our customers and, ultimately, a product's end of life that Cole mentioned. So in doing this, we're able to provide our customers with the most secure products and services, whether they're buying their servers for their data center or using our own GreenLake services. So just to give you some examples, something that is foundational to our Trusted Supply Chain Program we've built a very robust cybersecurity supply chain risk management program that includes assessing our risk at all factories and our suppliers, okay? We're also looking at strengthening our software supply chain by developing mechanisms to identify software vulnerabilities and hardening our own software build environments. To protect against counterfeit parts, that I mentioned in the beginning, from entering our supply chain, we've recently started a blockchain program so that we can identify component provenance and trace parts back to their original manufacturers. So our security efforts, you know, continue even after product manufacturing. We offer three different levels of secured delivery services for our customers, including, you know, a dedicated truck and driver, or perhaps even an exclusive use vehicle. We can tailor our delivery services to whatever the customer needs. And then, when a product is at its end of life, products are either recycled or disposed using our approved vendors. So our servers are also equipped with the One-Button Secure Erase that erases every byte of data, including firmware data. And talking about products, we've taken additional steps to provide additional security features for our products. Number one, we can provide platform certificates that allow the user to cryptographically verify that their server hasn't been tampered with from the time it left the manufacturing facility to the time that it arrives at the customer's facility. In addition to that, we've launched a dedicated line of trusted supply chain servers with additional security features, including Secure Configuration Lock, Chassis Intrusion Detection, and these are assembled at our U.S. factory by U.S. vetted employees. So lots of exciting things happening within the supply chain not just to shore up our own supply chain risk, but also to provide our customers with the most secure product. And so with that, Cole, do you want to make our big announcement? >> All right, thank you. You know, what a great setup though, because I think you got to really appreciate the whole effort that we're putting into, you know, bringing these online. But one of the, just transparently, the gaps we had as we proved this out was, as you heard, this initial proof was delivered with assembly in the U.S. factory employees. You know, fantastic program, really successful in all our target industries and even expanding to places we didn't really expect it to. But it's kind of going to the point of security isn't just for one industry or one set of customers, right? We're seeing it in our partners, we're seeing it in different industries than we have in the past. But the challenge was we couldn't get this global right out the gate, right? This has been a really heavy, transparently, a U.S. federal activated focus, right? If you've been tracking what's going on since May of last year, there's been a call to action to improve the nation's cybersecurity. So we've been all in on that, and we have an opinion and we're working hard on that, but we're a global company, right? How can we get this out to the rest of the world? Well, guess what? This month we figured it out and, well, it's take a lot more than this month, we did a lot of work, but we figured it out. And we have launched a comparable service globally called Server Security Optimization Service, right? HPE Server Security Optimization Service for ProLiant. I like to call it, you know, SSOS Sauce, right? Do you want to be clever? HPE Sauce that we can now deploy globally. We get that product hardened in the supply chain, right? Because if you take the best of your supply chain and you take your technical innovations that you've innovated into the server, you can deliver a better experience for your customers, right? So the supply chain equals server technology and our awesome, you know, services teams deliver supply chain security at that last mile, and we can deliver it in the European markets and now in the Asia Pacific markets, right? We could ship it from the U.S. to other markets, so we could always fulfill this promise, but I think it's just having that local access into your partner ecosystem and stuff just makes more sense. But it is a big deal for us because now we have activated a meaningful supply chain security benefit for our entire global network of partners and customers and we're excited about it, and we hope our customers are too. >> That's huge, Cole and Ann, in terms of the significance of the impact that HPE is delivering through its partner ecosystem globally as the supply chain continues to be one of the terms on everyone's lips here. I'm curious, Cole, we just couple months ago, we're at Discover, can you talk about what HPE is doing here from a security perspective, this global approach that it's taking as it relates to what HPE was talking about at Discover in terms of we want to secure the enterprise to deliver these experiences from edge to cloud. >> You know, I feel like for me, and I think you look at the shared-responsibility models and, you know, other frameworks out there, the way I believe it to be is it's a solution, right? There's not one thing, you know, if you use HPE supply chain, the end, or if you buy an HPE ProLiant, the end, right? It is an integrated connectedness with our as-a-service platform, our service and support commitments, you know, our extensive partner ecosystem, our alliances, all of that comes together to ultimately offer that assurance to a customer, and I think these are specific meaningful proof points in that chain of custody, right? That chain of trust, if you will. Because as the world becomes more zero trust, we are going to have to prove ourselves more, right? And these are those kind of technical credentials, and identities and, you know, capabilities that a modern approach to security need. >> Excellent, great work there. Ann, let's go ahead and take us home. Take the audience through what you think, ultimately, what HPE is doing really infusing security at that 360-degree approach level that we talked about. What are some of the key takeaways that you want the audience that's watching here today to walk away with? >> Right, right, thank you. Yeah, you know, with the increase in cybersecurity threats everywhere affecting all businesses globally, it's going to require everyone in our industry to continue to evolve in our supply chain security and our product security in order to protect our customers and our business continuity. Protecting our supply chain is something that HPE is very committed to and takes very seriously. So, you know, I think regardless of whether our customers are looking for an on-prem solution or a GreenLake service, you know, HPE is proactively looking for and mitigating any security risk in the supply chain so that we can provide our customers with the most secure products and services. >> Awesome, Anne and Cole, thank you so much for joining me today talking about what HPE is doing here and why it's important, as our program is called, to be confident and trust your server security with HPE, and how HPE is doing that. Appreciate your insights and your time. >> Thank you so much for having us. >> Thank you, Lisa. >> For Cole Humphreys and Anne Potten, I'm Lisa Martin, we want to thank you for watching this segment in our series, Be Confident and Trust Your Server Security with HPE. We'll see you soon. (gentle upbeat music)

>> The rapid rise of ransomware attacks has added yet another challenge that business technology executives have to worry about these days, cloud storage, immutability, and air gaps have become a must have arrows in the quiver of organization's data protection strategies. But the important reality that practitioners have embraced is data protection, it can't be an afterthought or a bolt on it, has to be designed into the operational workflow of technology systems. The problem is, oftentimes, data protection is complicated with a variety of different products, services, software components, and storage formats, this is why object storage is moving to the forefront of data protection use cases because it's simpler and less expensive. The put data get data syntax has always been alluring, but object storage, historically, was seen as this low-cost niche solution that couldn't offer the performance required for demanding workloads, forcing customers to make hard tradeoffs between cost and performance. That has changed, the ascendancy of cloud storage generally in the S3 format specifically has catapulted object storage to become a first class citizen in a mainstream technology. Moreover, innovative companies have invested to bring object storage performance to parity with other storage formats, but cloud costs are often a barrier for many companies as the monthly cloud bill and egress fees in particular steadily climb. Welcome to Secure Storage Hot Takes, my name is Dave Vellante, and I'll be your host of the program today, where we introduce our community to Wasabi, a company that is purpose-built to solve this specific problem with what it claims to be the most cost effective and secure solution on the market. We have three segments today to dig into these issues, first up is David Friend, the well known entrepreneur who co-founded Carbonite and now Wasabi will then dig into the product with Drew Schlussel of Wasabi, and then we'll bring in the customer perspective with Kevin Warenda of the Hotchkiss School, let's get right into it. We're here with David Friend, the President and CEO and Co-founder of Wasabi, the hot storage company, David, welcome to theCUBE. >> Thanks Dave, nice to be here. >> Great to have you, so look, you hit a home run with Carbonite back when building a unicorn was a lot more rare than it has been in the last few years, why did you start Wasabi? >> Well, when I was still CEO of Wasabi, my genius co-founder Jeff Flowers and our chief architect came to me and said, you know, when we started this company, a state of the art disk drive was probably 500 gigabytes and now we're looking at eight terabyte, 16 terabyte, 20 terabyte, even 100 terabyte drives coming down the road and, you know, sooner or later the old architectures that were designed around these much smaller disk drives is going to run out of steam because, even though the capacities are getting bigger and bigger, the speed with which you can get data on and off of a hard drive isn't really changing all that much. And Jeff foresaw a day when the architectures sort of legacy storage like Amazon S3 and so forth was going to become very inefficient and slow. And so he came up with a new, highly parallelized architecture, and he said, I want to go off and see if I can make this work. So I said, you know, good luck go to it and they went off and spent about a year and a half in the lab, designing and testing this new storage architecture and when they got it working, I looked at the economics of this and I said, holy cow, we can sell cloud storage for a fraction of the price of Amazon, still make very good gross margins and it will be faster. So this is a whole new generation of object storage that you guys have invented. So I recruited a new CEO for Carbonite and left to found Wasabi because the market for cloud storage is almost infinite. You know, when you look at all the world's data, you know, IDC has these crazy numbers, 120 zetabytes or something like that and if you look at that as you know, the potential market size during that data, we're talking trillions of dollars, not billions and so I said, look, this is a great opportunity, if you look back 10 years, all the world's data was on-prem, if you look forward 10 years, most people agree that most of the world's data is going to live in the cloud, we're at the beginning of this migration, we've got an opportunity here to build an enormous company. >> That's very exciting. I mean, you've always been a trend spotter, and I want to get your perspectives on data protection and how it's changed. It's obviously on people's minds with all the ransomware attacks and security breaches, but thinking about your experiences and past observations, what's changed in data protection and what's driving the current very high interest in the topic? >> Well, I think, you know, from a data protection standpoint, immutability, the equivalent of the old worm tapes, but applied to cloud storage is, you know, become core to the backup strategies and disaster recovery strategies for most companies. And if you look at our partners who make backup software like Veeam, Convo, Veritas, Arcserve, and so forth, most of them are really taking advantage of mutable cloud storage as a way to protect customer data, customers backups from ransomware. So the ransomware guys are pretty clever and they, you know, they discovered early on that if someone could do a full restore from their backups, they're never going to pay a ransom. So, once they penetrate your system, they get pretty good at sort of watching how you do your backups and before they encrypt your primary data, they figure out some way to destroy or encrypt your backups as well, so that you can't do a full restore from your backups. And that's where immutability comes in. You know, in the old days you, you wrote what was called a worm tape, you know, write once read many, and those could not be overwritten or modified once they were written. And so we said, let's come up with an equivalent of that for the cloud, and it's very tricky software, you know, it involves all kinds of encryption algorithms and blockchain and this kind of stuff but, you know, the net result is if you store your backups in immutable buckets, in a product like Wasabi, you can't alter it or delete it for some period of time, so you could put a timer on it, say a year or six months or something like that, once that data is written, you know, there's no way you can go in and change it, modify it, or anything like that, including even Wasabi's engineers. >> So, David, I want to ask you about data sovereignty. It's obviously a big deal, I mean, especially for companies with the presence overseas, but what's really is any digital business these days, how should companies think about approaching data sovereignty? Is it just large firms that should be worried about this? Or should everybody be concerned? What's your point of view? >> Well, all around the world countries are imposing data sovereignty laws and if you're in the storage business, like we are, if you don't have physical data storage in-country, you're probably not going to get most of the business. You know, since Christmas we've built data centers in Toronto, London, Frankfurt, Paris, Sydney, Singapore, and I've probably forgotten one or two, but the reason we do that is twofold; one is, you know, if you're closer to the customer, you're going to get better response time, lower latency, and that's just a speed of light issue. But the bigger issue is, if you've got financial data, if you have healthcare data, if you have data relating to security, like surveillance videos, and things of that sort, most countries are saying that data has to be stored in-country, so, you can't send it across borders to some other place. And if your business operates in multiple countries, you know, dealing with data sovereignty is going to become an increasingly important problem. >> So in May of 2018, that's when the fines associated with violating GDPR went into effect and GDPR was like this main spring of privacy and data protection laws and we've seen it spawn other public policy things like the CCPA and think it continues to evolve, we see judgments in Europe against big tech and this tech lash that's in the news in the U.S. and the elimination of third party cookies, what does this all mean for data protection in the 2020s? >> Well, you know, every region and every country, you know, has their own idea about privacy, about security, about the use of even the use of metadata surrounding, you know, customer data and things of this sort. So, you know, it's getting to be increasingly complicated because GDPR, for example, imposes different standards from the kind of privacy standards that we have here in the U.S., Canada has a somewhat different set of data sovereignty issues and privacy issues so it's getting to be an increasingly complex, you know, mosaic of rules and regulations around the world and this makes it even more difficult for enterprises to run their own, you know, infrastructure because companies like Wasabi, where we have physical data centers in all kinds of different markets around the world and we've already dealt with the business of how to meet the requirements of GDPR and how to meet the requirements of some of the countries in Asia and so forth, you know, rather than an enterprise doing that just for themselves, if you running your applications or keeping your data in the cloud, you know, now a company like Wasabi with, you know, 34,000 customers, we can go to all the trouble of meeting these local requirements on behalf of our entire customer base and that's a lot more efficient and a lot more cost effective than if each individual country has to go deal with the local regulatory authorities. >> Yeah, it's compliance by design, not by chance. Okay, let's zoom out for the final question, David, thinking about the discussion that we've had around ransomware and data protection and regulations, what does it mean for a business's operational strategy and how do you think organizations will need to adapt in the coming years? >> Well, you know, I think there are a lot of forces driving companies to the cloud and, you know, and I do believe that if you come back five or 10 years from now, you're going to see majority of the world's data is going to be living in the cloud and I think storage, data storage is going to be a commodity much like electricity or bandwidth, and it's going to be done right, it will comply with the local regulations, it'll be fast, it'll be local, and there will be no strategic advantage that I can think of for somebody to stand up and run their own storage, especially considering the cost differential, you know, the most analysts think that the full, all in costs of running your own storage is in the 20 to 40 terabytes per month range, whereas, you know, if you migrate your data to the cloud, like Wasabi, you're talking probably $6 a month and so I think people are learning how to deal with the idea of an architecture that involves storing your data in the cloud, as opposed to, you know, storing your data locally. >> Wow, that's like a six X more expensive in the clouds, more than six X, all right, thank you, David,-- >> In addition to which, you know, just finding the people to babysit this kind of equipment has become nearly impossible today. >> Well, and with a focus on digital business, you don't want to be wasting your time with that kind of heavy lifting. David, thanks so much for coming in theCUBE, a great Boston entrepreneur, we've followed your career for a long time and looking forward to the future. >> Thank you. >> Okay, in a moment, Drew Schlussel will join me and we're going to dig more into product, you're watching theCUBE, the leader in enterprise and emerging tech coverage, keep it right there. ♪ Whoa ♪ ♪ Brenda in sales got an email ♪ ♪ Click here for a trip to Bombay ♪ ♪ It's not even called Bombay anymore ♪ ♪ But you clicked it anyway ♪ ♪ And now our data's been held hostage ♪ ♪ And now we're on sinking ship ♪ ♪ And a hacker's in our system ♪ ♪ Just 'cause Brenda wanted a trip ♪ ♪ She clicked on something stupid ♪ ♪ And our data's out of our control ♪ ♪ Into the hands of a hacker's ♪ ♪ And he's a giant asshole. ♪ ♪ He encrypted it in his basement ♪ ♪ He wants a million bucks for the key ♪ ♪ And I'm pretty sure he's 15 ♪ ♪ And still going through puberty ♪ ♪ I know you didn't mean to do us wrong ♪ ♪ But now I'm dealing with this all week long ♪ ♪ To make you all aware ♪ ♪ Of all this ransomware ♪ ♪ That is why I'm singing you this song ♪ ♪ C'mon ♪ ♪ Take it from me ♪ ♪ The director of IT ♪ ♪ Don't click on that email from a prince Nairobi ♪ ♪ 'Cuz he's not really a prince ♪ ♪ Now our data's locked up on our screen ♪ ♪ Controlled by a kid who's just fifteen ♪ ♪ And he's using our money to buy a Ferrari ♪ (gentle music) >> Joining me now is Drew Schlussel, who is the Senior Director of Product Marketing at Wasabi, hey Drew, good to see you again, thanks for coming back in theCUBE. >> Dave, great to be here, great to see you. >> All right, let's get into it. You know, Drew, prior to the pandemic, Zero Trust, just like kind of like digital transformation was sort of a buzzword and now it's become a real thing, almost a mandate, what's Wasabi's take on Zero Trust. >> So, absolutely right, it's been around a while and now people are paying attention, Wasabi's take is Zero Trust is a good thing. You know, there are too many places, right, where the bad guys are getting in. And, you know, I think of Zero Trust as kind of smashing laziness, right? It takes a little work, it takes some planning, but you know, done properly and using the right technologies, using the right vendors, the rewards are, of course tremendous, right? You can put to rest the fears of ransomware and having your systems compromised. >> Well, and we're going to talk about this, but there's a lot of process and thinking involved and, you know, design and your Zero Trust and you don't want to be wasting time messing with infrastructure, so we're going to talk about that, there's a lot of discussion in the industry, Drew, about immutability and air gaps, I'd like you to share Wasabi's point of view on these topics, how do you approach it and what makes Wasabi different? >> So, in terms of air gap and immutability, right, the beautiful thing about object storage, which is what we do all the time is that it makes it that much easier, right, to have a secure immutable copy of your data someplace that's easy to access and doesn't cost you an arm and a leg to get your data back. You know, we're working with some of the best, you know, partners in the industry, you know, we're working with folks like, you know, Veeam, Commvault, Arc, Marquee, MSP360, all folks who understand that you need to have multiple copies of your data, you need to have a copy stored offsite, and that copy needs to be immutable and we can talk a little bit about what immutability is and what it really means. >> You know, I wonder if you could talk a little bit more about Wasabi's solution because, sometimes people don't understand, you actually are a cloud, you're not building on other people's public clouds and this storage is the one use case where it actually makes sense to do that, tell us a little bit more about Wasabi's approach and your solution. >> Yeah, I appreciate that, so there's definitely some misconception, we are our own cloud storage service, we don't run on top of anybody else, right, it's our systems, it's our software deployed globally and we interoperate because we adhere to the S3 standard, we interoperate with practically hundreds of applications, primarily in this case, right, we're talking about backup and recovery applications and it's such a simple process, right? I mean, just about everybody who's anybody in this business protecting data has the ability now to access cloud storage and so we've made it really simple, in many cases, you'll see Wasabi as you know, listed in the primary set of available vendors and, you know, put in your private keys, make sure that your account is locked down properly using, let's say multifactor authentication, and you've got a great place to store copies of your data securely. >> I mean, we just heard from David Friend, if I did my math right, he was talking about, you know, 1/6 the cost per terabyte per month, maybe even a little better than that, how are you able to achieve such attractive economics? >> Yeah, so, you know, I can't remember how to translate my fractions into percentages, but I think we talk a lot about being 80%, right, less expensive than the hyperscalers. And you know, we talked about this at Vermont, right? There's some secret sauce there and you know, we take a different approach to how we utilize the raw capacity to the effective capacity and the fact is we're also not having to run, you know, a few hundred other services, right? We do storage, plain and simple, all day, all the time, so we don't have to worry about overhead to support, you know, up and coming other services that are perhaps, you know, going to be a loss leader, right? Customers love it, right, they see the fact that their data is growing 40, 80% year over year, they know they need to have some place to keep it secure, and, you know, folks are flocking to us in droves, in fact, we're seeing a tremendous amount of migration actually right now, multiple petabytes being brought to Wasabi because folks have figured out that they can't afford to keep going with their current hyperscaler vendor. >> And immutability is a feature of your product, right? What the feature called? Can you double-click on that a little bit? >> Yeah, absolutely. So, the term in S3 is Object Lock and what that means is your application will write an object to cloud storage, and it will define a retention period, let's say a week. And for that period, that object is immutable, untouchable, cannot be altered in any way, shape, or form, the application can't change it, the system administration can't change it, Wasabi can't change it, okay, it is truly carved in stone. And this is something that it's been around for a while, but you're seeing a huge uptick, right, in adoption and support for that feature by all the major vendors and I named off a few earlier and the best part is that with immutability comes some sense of, well, it comes with not just a sense of security, it is security. Right, when you have data that cannot be altered by anybody, even if the bad guys compromise your account, they steal your credentials, right, they can't take away the data and that's a beautiful thing, a beautiful, beautiful thing. >> And you look like an S3 bucket, is that right? >> Yeah, I mean, we're fully compatible with the S3 API, so if you're using S3 API based applications today, it's a very simple matter of just kind of redirecting where you want to store your data, beautiful thing about backup and recovery, right, that's probably the simplest application, simple being a relative term, as far as lift and shift, right? Because that just means for your next full, right, point that at Wasabi, retain your other fulls, you know, for whatever 30, 60, 90 days, and then once you've kind of made that transition from vine to vine, you know, you're often running with Wasabi. >> I talked to my open about the allure of object storage historically, you know, the simplicity of the get put syntax, but what about performance? Are you able to deliver performance that's comparable to other storage formats? >> Oh yeah, absolutely, and we've got the performance numbers on the site to back that up, but I forgot to answer something earlier, right, you said that immutability is a feature and I want to make it very clear that it is a feature but it's an API request. Okay, so when you're talking about gets and puts and so forth, you know, the comment you made earlier about being 80% more cost effective or 80% less expensive, you know, that API call, right, is typically something that the other folks charge for, right, and I think we used the metaphor earlier about the refrigerator, but I'll use a different metaphor today, right? You can think of cloud storage as a magical coffee cup, right? It gets as big as you want to store as much coffee as you want and the coffee's always warm, right? And when you want to take a sip, there's no charge, you want to, you know, pop the lid and see how much coffee is in there, no charge, and that's an important thing, because when you're talking about millions or billions of objects, and you want to get a list of those objects, or you want to get the status of the immutable settings for those objects, anywhere else it's going to cost you money to look at your data, with Wasabi, no additional charge and that's part of the thing that sets us apart. >> Excellent, so thank you for that. So, you mentioned some partners before, how do partners fit into the Wasabi story? Where do you stop? Where do they pick up? You know, what do they bring? Can you give us maybe, a paint a picture for us example, or two? >> Sure, so, again, we just do storage, right, that is our sole purpose in life is to, you know, to safely and securely store our customer's data. And so they're working with their application vendors, whether it's, you know, active archive, backup and recovery, IOT, surveillance, media and entertainment workflows, right, those systems already know how to manage the data, manage the metadata, they just need some place to keep the data that is being worked on, being stored and so forth. Right, so just like, you know, plugging in a flash drive on your laptop, right, you literally can plug in Wasabi as long as your applications support the API, getting started is incredibly easy, right, we offer a 30-day trial, one terabyte, and most folks find that within, you know, probably a few hours of their POC, right, it's giving them everything they need in terms of performance, in terms of accessibility, in terms of sovereignty, I'm guessing you talked to, you know, Dave Friend earlier about data sovereignty, right? We're global company, right, so there's got to be probably, you know, wherever you are in the world some place that will satisfy your sovereignty requirements, as well as your compliance requirements. >> Yeah, we did talk about sovereignty, Drew, this is really, what's interesting to me, I'm a bit of a industry historian, when I look back to the early days of cloud, I remember the large storage companies, you know, their CEOs would say, we're going to have an answer for the cloud and they would go out, and for instance, I know one bought competitor of Carbonite, and then couldn't figure out what to do with it, they couldn't figure out how to compete with the cloud in part, because they were afraid it was going to cannibalize their existing business, I think another part is because they just didn't have that imagination to develop an architecture that in a business model that could scale to see that you guys have done that is I love it because it brings competition, it brings innovation and it helps lower clients cost and solve really nagging problems. Like, you know, ransomware, of mutability and recovery, I'll give you the last word, Drew. >> Yeah, you're absolutely right. You know, the on-prem vendors, they're not going to go away anytime soon, right, there's always going to be a need for, you know, incredibly low latency, high bandwidth, you know, but, you know, not all data's hot all the time and by hot, I mean, you know, extremely hot, you know, let's take, you know, real time analytics for, maybe facial recognition, right, that requires sub-millisecond type of processing. But once you've done that work, right, you want to store that data for a long, long time, and you're going to want to also tap back into it later, so, you know, other folks are telling you that, you know, you can go to these like, you know, cold glacial type of tiered storage, yeah, don't believe the hype, you're still going to pay way more for that than you would with just a Wasabi-like hot cloud storage system. And, you know, we don't compete with our partners, right? We compliment, you know, what they're bringing to market in terms of the software vendors, in terms of the hardware vendors, right, we're a beautiful component for that hybrid cloud architecture. And I think folks are gravitating towards that, I think the cloud is kind of hitting a new gear if you will, in terms of adoption and recognition for the security that they can achieve with it. >> All right, Drew, thank you for that, definitely we see the momentum, in a moment, Drew and I will be back to get the customer perspective with Kevin Warenda, who's the Director of Information technology services at The Hotchkiss School, keep it right there. >> Hey, I'm Nate, and we wrote this song about ransomware to educate people, people like Brenda. >> Oh, God, I'm so sorry. We know you are, but Brenda, you're not alone, this hasn't just happened to you. >> No! ♪ Colonial Oil Pipeline had a guy ♪ ♪ who didn't change his password ♪ ♪ That sucks ♪ ♪ His password leaked, the data was breached ♪ ♪ And it cost his company 4 million bucks ♪ ♪ A fake update was sent to people ♪ ♪ Working for the meat company JBS ♪ ♪ That's pretty clever ♪ ♪ Instead of getting new features, they got hacked ♪ ♪ And had to pay the largest crypto ransom ever ♪ ♪ And 20 billion dollars, billion with a b ♪ ♪ Have been paid by companies in healthcare ♪ ♪ If you wonder buy your premium keeps going ♪ ♪ Up, up, up, up, up ♪ ♪ Now you're aware ♪ ♪ And now the hackers they are gettin' cocky ♪ ♪ When they lock your data ♪ ♪ You know, it has gotten so bad ♪ ♪ That they demand all of your money and it gets worse ♪ ♪ They go and the trouble with the Facebook ad ♪ ♪ Next time, something seems too good to be true ♪ ♪ Like a free trip to Asia! ♪ ♪ Just check first and I'll help before you ♪ ♪ Think before you click ♪ ♪ Don't get fooled by this ♪ ♪ Who isn't old enough to drive to school ♪ ♪ Take it from me, the director of IT ♪ ♪ Don't click on that email from a prince in Nairobi ♪ ♪ Because he's not really a prince ♪ ♪ Now our data's locked up on our screen ♪ ♪ Controlled by a kid who's just fifteen ♪ ♪ And he's using our money to buy a Ferrari ♪ >> It's a pretty sweet car. ♪ A kid without facial hair, who lives with his mom ♪ ♪ To learn more about this go to wasabi.com ♪ >> Hey, don't do that. ♪ Cause if we had Wasabi's immutability ♪ >> You going to ruin this for me! ♪ This fifteen-year-old wouldn't have on me ♪ (gentle music) >> Drew and I are pleased to welcome Kevin Warenda, who's the Director of Information Technology Services at The Hotchkiss School, a very prestigious and well respected boarding school in the beautiful Northwest corner of Connecticut, hello, Kevin. >> Hello, it's nice to be here, thanks for having me. >> Yeah, you bet. Hey, tell us a little bit more about The Hotchkiss School and your role. >> Sure, The Hotchkiss School is an independent boarding school, grades nine through 12, as you said, very prestigious and in an absolutely beautiful location on the deepest freshwater lake in Connecticut, we have 500 acre main campus and a 200 acre farm down the street. My role as the Director of Information Technology Services, essentially to oversee all of the technology that supports the school operations, academics, sports, everything we do on campus. >> Yeah, and you've had a very strong history in the educational field, you know, from that lens, what's the unique, you know, or if not unique, but the pressing security challenge that's top of mind for you? >> I think that it's clear that educational institutions are a target these days, especially for ransomware. We have a lot of data that can be used by threat actors and schools are often underfunded in the area of IT security, IT in general sometimes, so, I think threat actors often see us as easy targets or at least worthwhile to try to get into. >> Because specifically you are potentially spread thin, underfunded, you got students, you got teachers, so there really are some, are there any specific data privacy concerns as well around student privacy or regulations that you can speak to? >> Certainly, because of the fact that we're an independent boarding school, we operate things like even a health center, so, data privacy regulations across the board in terms of just student data rights and FERPA, some of our students are under 18, so, data privacy laws such as COPPA apply, HIPAA can apply, we have PCI regulations with many of our financial transactions, whether it be fundraising through alumni development, or even just accepting the revenue for tuition so, it's a unique place to be, again, we operate very much like a college would, right, we have all the trappings of a private college in terms of all the operations we do and that's what I love most about working in education is that it's all the industries combined in many ways. >> Very cool. So let's talk about some of the defense strategies from a practitioner point of view, then I want to bring in Drew to the conversation so what are the best practice and the right strategies from your standpoint of defending your data? >> Well, we take a defense in-depth approach, so we layer multiple technologies on top of each other to make sure that no single failure is a key to getting beyond those defenses, we also keep it simple, you know, I think there's some core things that all organizations need to do these days in including, you know, vulnerability scanning, patching , using multifactor authentication, and having really excellent backups in case something does happen. >> Drew, are you seeing any similar patterns across other industries or customers? I mean, I know we're talking about some uniqueness in the education market, but what can we learn from other adjacent industries? >> Yeah, you know, Kevin is spot on and I love hearing what he's doing, going back to our prior conversation about Zero Trust, right, that defense in-depth approach is beautifully aligned, right, with the Zero Trust approach, especially things like multifactor authentication, always shocked at how few folks are applying that very, very simple technology and across the board, right? I mean, Kevin is referring to, you know, financial industry, healthcare industry, even, you know, the security and police, right, they need to make sure that the data that they're keeping, evidence, right, is secure and immutable, right, because that's evidence. >> Well, Kevin, paint a picture for us, if you would. So, you were primarily on-prem looking at potentially, you know, using more cloud, you were a VMware shop, but tell us, paint a picture of your environment, kind of the applications that you support and the kind of, I want to get to the before and the after Wasabi, but start with kind of where you came from. >> Sure, well, I came to The Hotchkiss School about seven years ago and I had come most recently from public K12 and municipal, so again, not a lot of funding for IT in general, security, or infrastructure in general, so Nutanix was actually a hyperconverged solution that I implemented at my previous position. So when I came to Hotchkiss and found mostly on-prem workloads, everything from the student information system to the card access system that students would use, financial systems, they were almost all on premise, but there were some new SaaS solutions coming in play, we had also taken some time to do some business continuity, planning, you know, in the event of some kind of issue, I don't think we were thinking about the pandemic at the time, but certainly it helped prepare us for that, so, as different workloads were moved off to hosted or cloud-based, we didn't really need as much of the on-premise compute and storage as we had, and it was time to retire that cluster. And so I brought the experience I had with Nutanix with me, and we consolidated all that into a hyper-converged platform, running Nutanix AHV, which allowed us to get rid of all the cost of the VMware licensing as well and it is an easier platform to manage, especially for small IT shops like ours. >> Yeah, AHV is the Acropolis hypervisor and so you migrated off of VMware avoiding the VTax avoidance, that's a common theme among Nutanix customers and now, did you consider moving into AWS? You know, what was the catalyst to consider Wasabi as part of your defense strategy? >> We were looking at cloud storage options and they were just all so expensive, especially in egress fees to get data back out, Wasabi became across our desks and it was such a low barrier to entry to sign up for a trial and get, you know, terabyte for a month and then it was, you know, $6 a month for terabyte. After that, I said, we can try this out in a very low stakes way to see how this works for us. And there was a couple things we were trying to solve at the time, it wasn't just a place to put backup, but we also needed a place to have some files that might serve to some degree as a content delivery network, you know, some of our software applications that are deployed through our mobile device management needed a place that was accessible on the internet that they could be stored as well. So we were testing it for a couple different scenarios and it worked great, you know, performance wise, fast, security wise, it has all the features of S3 compliance that works with Nutanix and anyone who's familiar with S3 permissions can apply them very easily and then there was no egress fees, we can pull data down, put data up at will, and it's not costing as any extra, which is excellent because especially in education, we need fixed costs, we need to know what we're going to spend over a year before we spend it and not be hit with, you know, bills for egress or because our workload or our data storage footprint grew tremendously, we need that, we can't have the variability that the cloud providers would give us. >> So Kevin, you explained you're hypersensitive about security and privacy for obvious reasons that we discussed, were you concerned about doing business with a company with a funny name? Was it the trial that got you through that knothole? How did you address those concerns as an IT practitioner? >> Yeah, anytime we adopt anything, we go through a risk review. So we did our homework and we checked the funny name really means nothing, there's lots of companies with funny names, I think we don't go based on the name necessarily, but we did go based on the history, understanding, you know, who started the company, where it came from, and really looking into the technology and understanding that the value proposition, the ability to provide that lower cost is based specifically on the technology in which it lays down data. So, having a legitimate, reasonable, you know, excuse as to why it's cheap, we weren't thinking, well, you know, you get what you pay for, it may be less expensive than alternatives, but it's not cheap, you know, it's reliable, and that was really our concern. So we did our homework for sure before even starting the trial, but then the trial certainly confirmed everything that we had learned. >> Yeah, thank you for that. Drew, explain the whole egress charge, we hear a lot about that, what do people need to know? >> First of all, it's not a funny name, it's a memorable name, Dave, just like theCUBE, let's be very clear about that, second of all, egress charges, so, you know, other storage providers charge you for every API call, right? Every get, every put, every list, everything, okay, it's part of their process, it's part of how they make money, it's part of how they cover the cost of all their other services, we don't do that. And I think, you know, as Kevin has pointed out, right, that's a huge differentiator because you're talking about a significant amount of money above and beyond what is the list price. In fact, I would tell you that most of the other storage providers, hyperscalers, you know, their list price, first of all, is, you know, far exceeding anything else in the industry, especially what we offer and then, right, their additional cost, the egress costs, the API requests can be two, three, 400% more on top of what you're paying per terabyte. >> So, you used a little coffee analogy earlier in our conversation, so here's what I'm imagining, like I have a lot of stuff, right? And I had to clear up my bar and I put some stuff in storage, you know, right down the street and I pay them monthly, I can't imagine having to pay them to go get my stuff, that's kind of the same thing here. >> Oh, that's a great metaphor, right? That storage locker, right? You know, can you imagine every time you want to open the door to that storage locker and look inside having to pay a fee? >> No, that would be annoying. >> Or, every time you pull into the yard and you want to put something in that storage locker, you have to pay an access fee to get to the yard, you have to pay a door opening fee, right, and then if you want to look and get an inventory of everything in there, you have to pay, and it's ridiculous, it's your data, it's your storage, it's your locker, you've already paid the annual fee, probably, 'cause they gave you a discount on that, so why shouldn't you have unfettered access to your data? That's what Wasabi does and I think as Kevin pointed out, right, that's what sets us completely apart from everybody else. >> Okay, good, that's helpful, it helps us understand how Wasabi's different. Kevin, I'm always interested when I talk to practitioners like yourself in learning what you do, you know, outside of the technology, what are you doing in terms of educating your community and making them more cyber aware? Do you have training for students and faculty to learn about security and ransomware protection, for example? >> Yes, cyber security awareness training is definitely one of the required things everyone should be doing in their organizations. And we do have a program that we use and we try to make it fun and engaging too, right, this is often the checking the box kind of activity, insurance companies require it, but we want to make it something that people want to do and want to engage with so, even last year, I think we did one around the holidays and kind of pointed out the kinds of scams they may expect in their personal life about, you know, shipping of orders and time for the holidays and things like that, so it wasn't just about protecting our school data, it's about the fact that, you know, protecting their information is something do in all aspects of your life, especially now that the folks are working hybrid often working from home with equipment from the school, the stakes are much higher and people have a lot of our data at home and so knowing how to protect that is important, so we definitely run those programs in a way that we want to be engaging and fun and memorable so that when they do encounter those things, especially email threats, they know how to handle them. >> So when you say fun, it's like you come up with an example that we can laugh at until, of course, we click on that bad link, but I'm sure you can come up with a lot of interesting and engaging examples, is that what you're talking about, about having fun? >> Yeah, I mean, sometimes they are kind of choose your own adventure type stories, you know, they stop as they run, so they're telling a story and they stop and you have to answer questions along the way to keep going, so, you're not just watching a video, you're engaged with the story of the topic, yeah, and that's what I think is memorable about it, but it's also, that's what makes it fun, you're not just watching some talking head saying, you know, to avoid shortened URLs or to check, to make sure you know the sender of the email, no, you're engaged in a real life scenario story that you're kind of following and making choices along the way and finding out was that the right choice to make or maybe not? So, that's where I think the learning comes in. >> Excellent. Okay, gentlemen, thanks so much, appreciate your time, Kevin, Drew, awesome having you in theCUBE. >> My pleasure, thank you. >> Yeah, great to be here, thanks. >> Okay, in a moment, I'll give you some closing thoughts on the changing world of data protection and the evolution of cloud object storage, you're watching theCUBE, the leader in high tech enterprise coverage. >> Announcer: Some things just don't make sense, like showing up a little too early for the big game. >> How early are we? >> Couple months. Popcorn? >> Announcer: On and off season, the Red Sox cover their bases with affordable, best in class cloud storage. >> These are pretty good seats. >> Hey, have you guys seen the line from the bathroom? >> Announcer: Wasabi Hot Cloud Storage, it just makes sense. >> You don't think they make these in left hand, do you? >> We learned today how a serial entrepreneur, along with his co-founder saw the opportunity to tap into the virtually limitless scale of the cloud and dramatically reduce the cost of storing data while at the same time, protecting against ransomware attacks and other data exposures with simple, fast storage, immutability, air gaps, and solid operational processes, let's not forget about that, okay? People and processes are critical and if you can point your people at more strategic initiatives and tasks rather than wrestling with infrastructure, you can accelerate your process redesign and support of digital transformations. Now, if you want to learn more about immutability and Object Block, click on the Wasabi resource button on this page, or go to wasabi.com/objectblock. Thanks for watching Secure Storage Hot Takes made possible by Wasabi. This is Dave Vellante for theCUBE, the leader in enterprise and emerging tech coverage, well, see you next time. (gentle upbeat music)

(upbeat music) >> Good evening, guys. Welcome back to Las Vegas, theCUBE is here live at AWS re:Invent 2021. I'm Lisa Martin. We have two live sets, two remote sets, over 100 guests on theCUBE talking with AWS, and its massive ecosystem of partners bringing you this hybrid tech event, probably the biggest of the year, and I'm pleased to welcome Stephen Kovac next, the Chief Compliance Officer at Zscaler. Stephen, how's it going? >> Well, it's going well, Lisa. Thank you for asking, enjoying Vegas, loving the conference, unbelievable. >> Isn't it great to be back in person? >> Oh, it's so great, I've seen people. >> Conversations you can't replicate on video conferencing, you just can't. >> Can't, and you see people you haven't seen in two years, and it's like all of a sudden you're best buddies again. It's just wonderful, it's so great to back. >> It is, and AWS in typical fashion has done a great job of getting everybody in here safely. I'm not at all surprised, that's what I expected, but it's been great. And I hope that this can demonstrate to other companies, you can do this safely. >> You can, I think so. I mean, there's a lot of effort going into this, but as usual AWS does it right. So, you expect that. >> They do. Talk to me about the Zscaler-AWS partnership. What's going on? >> Well, it's a great partnership. So AWS and Zscaler have been partners since the beginning of Zscaler. We are the largest security cloud in the world. We're born and bred in the cloud security company. So literally we wrote one application that does global security, everything from firewall to proxy, secure web gateway, to DLP, to all this in one piece of software. So, in the past where people would buy appliances for all these devices and put them in their own data center, we wrote a software that allows us to put that in the cloud, run it on the cloud globally around the world. And our partnership with AWS is, we originally built that on AWS, and today still AWS is our prime partner, especially in the zero trust side of our business. So, great relationship, long-term and great I think for both of us, it's been a very, very... >> Fruitful partnership, synergistic? >> Synergistic, love that, so yes. >> You mentioned zero trust, and we have seen such massive changes to the security and the threat landscape the last 20, 22 months. Talk to me about the recent executive order calling for zero trust, how does Zscaler's partnership with AWS help you enable organizations, fed, SLED, DoD, to be able to actually bring in and apply zero trust? >> Yeah, great question. Five years ago I was tasked to bring Zscaler into the government side of the business. So I was employee one to do that. It was a great honor to do it. And the first thing we did is we partnered with AWS because we needed to get FedRAMP compliant. We knew we were going to go into DoD. So we needed to go to the Impact Level five. And eventually we'll be able to go up level six with AWS. And so it was our partnership started there. And as you've seen in five years with all the change that's happened, that obviously the breaches like SolarWinds, and the people up here talking about them all week with you I'm sure. The executive order came down from the Biden Administration, who I completely salute for being just tremendous leaders in the cybersecurity space. And the executive order, one of the big pieces of the executive order was every agency must produce a plan for zero trust. So our cloud platform that is on AWS is a zero trust platform. It is the first and only zero trust platform to get authorized by the federal government at the FedRAMP level, and now the IL five level. So, together we are literally capturing and taking over the, being the leader in the zero trust space for the federal government. And I'm going to get a sip of water, so forgive me, I've been here all week talking to a lot of people, so forgive me for that. >> That's one thing that we don't have to deal with when we're on Zoom, right, is you don't really have the risk of losing your voice. >> Stephen: There you go. >> But in terms of the executive order, something that you mentioned, SolarWinds, Colonial Pipeline, we only hear about some of the big ones. The fact that ransomware happens one attack every 10, 11 seconds, it's a matter of when we get hit, not if. >> As you know, the story coming up from me, coming up on stage with you today, I just got myself breached just this morning, just individually. So yes, it's going to get all of us. And especially, I think when you look at zero trust and ransomware and how they worked out how zero trust can prevent it, you look at the SLED market, you know, state, local governments, they don't have the dollars to go spend like DHS does, or say, some of the DoD does. So, our partnership with AWS allows us to produce a product that is very cost-effective on a per user basis, consumption model, which is what AWS has been famous for since day one, right, the consumption model, use it when you need it, don't use it when you don't. We built our software the same way. So, at some point in a year, in a school year, we'll ramp up with some schools up to a hundred thousand users in the district, and over the summer we'll ramp down to a thousand, and we just bill them for that. So it's a beautiful relationship that we partner in not just the executive order, but being a partner in SLED, fed in the sense that matches making our business together, match the government's business. And that makes us a true leader and makes us a cost-effective solution. And if you think about it just for a moment, yesterday, I told you I was testifying in front of the Senate. And one of the questions I got asked was, oh, how many security updates do you guys see a year? I said, a year, well, we do over 200,000 a day. 200,000 security updates from potential hackers every single day. And we're doing that over 200 billion transactions a day run on AWS. So it's tremendous partnership, and to be able to work like that, and at that kind of volume, and be able to go up and down with the, and you got AWS able to scope up and down, and us to be able to ride that wave with them. It's been great. >> One of the things that we always talk about when we talk AWS is they're customer focused or customer obsession that, hey, we start backwards, we work backwards from the customer. Same thing, synergistic from a cultural perspective? >> Absolutely, I mean, one of the things I always love about AWS and I've been a customer of AWS for many years, even prior to my Zscaler days, I love the way they approach things, right? If they're not trying to go out and sell it, they're trying to meet with the customer and find out what the customer needs, and then build a solution. We're the same way. I always tell, you know, when you think of our solutions, Zscaler, I always tell my sales teams, I say it takes four sales calls for people to really understand what we do. And AWS, in the beginning of AWS, it was kind of the same thing. In the old days, you know, we all just built data centers and we had all these racks, and all this expense and mesh is what you did. It was unusual back in the day, 10 years ago, and I've been to every single re:Invent. I mean, the first one there was like, you're actually going to put all your stuff in this unknown cloud thing, and it will be available when you need it? So yes, you know, the way that they did it is the same way we do it together today. And we do it together today. We partner on many deals today where we're both, our teams are in there together, selling together, whether it's the DoD, federal agencies, SLED agencies, and commercial, you know, selling it hand-in-hand because it's that same philosophy is we're going to build what a customer needs. We're not going to tell the customer what they need. We're going to hear what they need, and that's the same relationship. So I'm going to get another sip real quick. >> Go for it. One of the things that has been a theme that we've heard the last couple of days is every company needs to be a data company or private sector, public sector, and if they're not, they're probably not going to be around much longer. How do you help customers get their handle around that? Because the security threats are only increasing. I mean, it's ransomware as a service. The fact that these criminals are getting much more brazen, you just had this happen to yourself, but enabling them to become data-driven organizations and use the data, extract the value from it securely, that's hard. >> It is, I mean, if you think back in the day, I mean, companies didn't have chief compliance officers that worked in the space that we do. Their chief compliance officer back in the day was the guy that was writing your HR issues and what OSHA issues, and of course, I still deal with some of that stuff, but my true job is really around the data, right? You know, how do we build our platforms, what decisions we make on our platforms, how we're going to certify them to support that, and I mean, chief data officers, chief security officers, I mean, you go into companies today, even car dealerships today. I mean, I'm picking one, you never thought of them having a security officer, but they do, they have to, they have to. And I mean, basic school districts, I mean, I don't about you, when I was a kid and went to school, they didn't have computers, but when my kid went to school, they did, but they didn't have a security officer. Now today, every single school district has security officers. I mean, I love how you said it, that data-driven, that data thought is there. It has to be, it's a real threat. And the sad thing is of these ransomware attacks, how many don't get reported. >> Oh, right, we're only hearing about a select few. >> The numbers are something like 88% don't get reported. It's that big. So that just tells you, we hear the big ones, right, Colonial Pipeline, things like that. We don't hear about West Texas or Middle Illinois school district that paid five grand because somebody had something on the school. That's how, as you said, this ransomware as a service security, we call it a security as a service, there's SaaS, which is software as a service, we're security software as a service, and AWS is the infrastructure as a service that we run on. And that's how it works well together. >> Do you guys go into accounts together from a go-to-market perspective? >> We, do, we can always do a better job. And my good friend here at AWS, who's probably listening, we can always do better. But yeah, so it is become something that, especially in the government space we do, in federal, DoD, because the certifications are really important, certifications are important everywhere, and we have many, we talked about all the certifications we have in federal, FedRAMP and IL five, and we have a plethora of those certifications in the commercial space. But they mean in a federal space, they're really the ticket. They call them the ENERGY STAR of approval, good housekeeping piece. So, you know, having that, teaming up with AWS who we partner together and because AWS has the same certs, we can sell at the same levels. And we do a really great job of co-selling in that space together. And I think when they look at us and they say, well, you're AWS, they've got their FedRAMP high, IL five, and you're Zscaler, you got your FedRAMP high, IL five. Yes, we can do business with these guys, and that's important. >> So you guys both open doors for each other. >> We do, we do in many cases, yeah. As a matter of fact, re:Invent five years ago, a buddy of mine here opened a big, big account for us, which is today our largest account in federal came from re:Invent, where came up to me and said, hey, my customer wants to, he's looking to do something, they're an agency that has global footprint, and they're like, we want to do something as a security as a service. They don't want to ship boxes all over the place. And we just met the customer for a coffee, and next thing you know, became our, still today, our probably largest customer in federal. >> Wow, well, this is the 10th re:Invent, you said you've been to all of them. >> Stephen: I have been to all of them. I can't lie, but I can't say I did all the virtual ones. I mean, I was logged in. (laughs) >> That's okay, we'll wink on that one. But, one of the things then, we've just got about a minute left here, is in new leadership, Andy Jassy being promoted to the CEO of Amazon, we've got Adam Selipsky, heard lot of announcements and news from Adam yesterday, but some of the things that we've been talking about on theCUBE is the first 15 years of innovation at AWS, that's going to accelerate. Do you see that also, like if you look forward to the next decade, do you see things moving much faster than they did the past decade? >> I don't think they can't. I mean, I shouldn't say they have to. And the change of the guard as you might call it here, is it's always good to have a change of the guard I think. You know, the question is when's Andy going to go to space? I mean, that's the next. (Lisa laughs) I think you have the guys who got AWS to the dance, and now the dance, who's going to become the belle of the ball. And this next generation of leadership coming in is fabulous. I think they've made great decisions, and I think they're going to do really well. And we're behind them, we support it. I got a chance to meet with most of them, love a chance to meet with Andy, I haven't met with him yet. So Andy, I'd love to meet you sometime soon. But I'm very impressed with what they've done. And yes, I think it's going to be, the last 10 years of growth is going to be a year next year. I think literally, you take 10 years be compressed to a year, and then next year it will be compressed to a day. So it's moving that fast. >> Yep, get your neck brace on, prepare for that whiplash. >> Yeah, right? That's what I said to Jeff when Jeff went to space, that's how fast we're about to travel, right? But it's really relative. >> It is, there is no limit. Well, Stephen, thank you for joining me, talking about Zscaler, AWS, what you guys are doing, how you're helping to revolutionize the public sector, fed, SLED, a lot of great stuff there. Security is an ever-evolving topic, and we appreciate all of your insights. >> Well, it was wonderful to be here. Great to see you again. And great to be back with all our friends at re:Invent. >> All of our friends, exactly. >> Stephen: Thank you so much for the time today. >> My pleasure. For Stephen Kovac, I'm Lisa Martin. You're watching theCUBE, the global leader in live tech coverage. (pleasant music)

(upbeat music) >> Welcome to theCube's continuous coverage of AWS re:Invent 2021. I'm Dave Nicholson, and we are running one of the industry's most important and largest hybrid tech events this year with AWS and its partners with two live sets on the scene. In addition to two remote studios. And we'll have somewhere in the neighborhood of a hundred guests on the program this year at re:Invent. I'm extremely delighted to welcome a very, very special guest. Right now. He served as the director of the NSA under two presidents, and was the first commander of the U.S Cyber Command. He's a Cube alumni, he's founder and co-CEO of IronNet Cybersecurity. General Keith Alexander. Thanks for joining us today General. >> Thanks, David. It's an honor to be here at re:Invent, you know, with AWS. All that they're doing and all they're making possible for us to defend sector states, companies and nations in cyber. So an honor to be here. >> Well, welcome back to theCube. Let's dive right in. I'd like to know how you would describe the current cyber threat landscape that we face. >> Well, I think it's growing. Well, let's start right out. You know, the good news or the bad news, the bad news is getting worse. We're seeing that. If you think about SolarWinds, you think about the Hafnium attacks on Microsoft. You think about this rapid growth in ransomware. We're seeing criminals and nation states engaging in ways that we've never seen in the past. It's more blatant. They're going after more quickly, they're using cyber as an element of national power. Let's break that down just a little bit. Do you go back to two, July. Xi Jinping, talked about breaking heads in bloodshed when he was referring to the United States and Taiwan. And this has gone hot and cold, that's a red line for him. They will do anything to keep Taiwan from breaking away. And this is a huge existential threat to us into the region. And when this comes up, they're going to use cyber to go after it. Perhaps even more important and closer right now is what's going on with Russia in the Donbas region of eastern Ukraine. We saw this in 2014, when Russia took over the Crimea. The way they did it, staging troops. They did that in 2008 against Georgia. And now there are, by some reports over a hundred thousand troops on the border of Eastern Ukraine. Some call it an exercise, but that's exactly what they did in Georgia. That's what they did in the Crimea. And in both those cases, they preceded those attacks, those physical attacks with cyber attacks. If you go to 2017, when Russia hit the Ukrainian government with the NotPetya attack that had global repercussions. Russia was responsible for SolarWinds, they have attacked our infrastructure to find out what our government is doing and they continue going. This is getting worse. You know, it's interesting when you think about, so what do you do about something like that? How do we stop that? And the answer is we've got to work together. You know, Its slam commissioner addressed it. The meeting with the president on August 25th. This is a great statement by the CEO and chairman of Southern Company, Tom Fanning. He said this, "the war is being waged on our nation's critical infrastructure in particular, our energy sector, our telecommunications sector and financial sector." The private sector owns and operates 87% of the critical infrastructure in the United States, making collaboration between industry and the federal government imperative too, for these attacks. SO >> General, I want to dig just a little bit on that point that you make for generations, people have understood that the term is 'kinetic war', right? Not everyone has heard that phrase, but for generations we've understood the concept of someone dropping a bomb on a building as being an attack. You've just mentioned that, that a lot of these attacks are directed towards the private sector. The private sector doesn't have an army to respond to those attacks. Number one, that's our government's responsibility. So the question I have is, how seriously are people taking these kinds of threats when compared to the threat of kinetic war? Because my gosh, you can take down the entire electrical grid now. That's not something you can do with a single bomb. What are your, what are your thoughts on that? >> So you're hitting on a key point, a theoretical and an operational point. If you look back, what's the intent of warfare? It's to get the mass of people to give up. The army protects the mass of people in that fight. In cyber, there's no protection. Our critical infrastructure is exposed to our adversaries. That's the problem that we face. And because it's exposed, we have a tremendous vulnerability. So those who wish us harm, imagine the Colonial Pipeline attack an order of magnitude or two orders of magnitude bigger. The impact on our country would paralyze much of what we do today. We are not ready for that. That's the issue that Tom Fanning and others have brought up. We don't practice between the public sector and the private sector working together to defend this country. We need to do that. That's the issue that we have to really get our hands around. And when we talk about practice, what do we mean? It means we have to let that federal government, the ones that are going to protect us, see what's going on. There is no radar picture. Now, since we're at re:Invent, the cloud, where AWS and others have done, is create an infrastructure that allows us to build that bridge between the public and private sector and scale it. It's amazing what we can now do. We couldn't do that when I was running Cyber Command. And running Cyber Command, we couldn't see threats on the government. And we couldn't see threats on critical infrastructure. We couldn't see threats on the private sector. And so it all went and all the government did was say, after the fact you've been attacked. That's not helpful. >> So >> It's like they dropped a bomb. We didn't know. >> Yeah, so what does IronNet doing to kind of create this radar capability? >> So, well, thanks. That's a great question because there's four things that you really got to do. First. You've got to be able to detect the SolarWinds type attacks, which we did. You've got to have a hunt platform that can see what it is. You've got to be able to use machine learning and AI to really cut down the number of events. And the most important you need to be able to anonymize and share that into the cloud and see where those attacks are going to create that radar picture. So behavioral analytics, then you use signature based as well, but you need those sets of analytics to really see what's going on. Machine learning, AI, a hunt platform, and cloud. And then analytics in the cloud to see what's going on, creates that air traffic control, picture radar, picture for cyber. That's what we're doing. You see, I think that's the important part. And that's why we really value the partnership with AWS. They've been a partner with us for six years, helping us build through that. You can see what we can do in the cloud. We could never do in hardware alone. Just imagine trying to push out equipment and then do that for hundreds of companies. It's not viable. So SaaS, what we are as a SaaS company, you can now do that at scale, and you can push this out and we can create, we can defend this nation in cyber if we work together. And that's the thing, you know, I really, had a great time in the military. One of the things I learned in the military, you need to train how you're going to fight. They're really good at that. We did that in the eighties, and you can see what happened in 1990 in the Gulf war. We need to now do that between the public and private sector. We have to have those training. We need to continuously uplift our capabilities. And that's where the cloud and all these other things make that possible. That's the future of cybersecurity. You know, it's interesting David, our country developed the internet. We're the ones that pioneered that. We ought to be the first to secure. >> Seems to make sense. And when you talk about collective defense in this private public partnership, that needs to happen, you get examples of some folks in private industry and what they're doing, but, but talk a little bit more about, maybe what isn't happening yet. What do we need to do? I don't want you to necessarily get political and start making budgetary suggestions, but unless you want to, but what, but where do you see, where do we really need to push forward from a public perspective in order to make these connections? And then how is that connection actually happen? This isn't someone from the IronNet security service desk, getting on a red phone and calling the White House, how are the actual connections made? >> So it has to be, the connections have to be just like we do radar. You know, when you think about radars across our nation or radar operator doesn't call up one of the towers and say, you've got an aircraft coming at you at such and such a speed. I hope you can distinguish between those two aircraft and make sure they don't bump into each other. They get a picture and they get a way of tracking it. And multiple people can see that radar picture at a speed. And that's how we do air traffic control safety. We need the same thing in cyber, where the government has a picture. The private sector has a picture and they can see what's going on. The private sector's role is I'm going to do everything I can, you know, and this is where the energy sector, I use that quote from Tom Fanning, because what they're saying is, "it's our job to keep the grid up." And they're putting the resources to do it. So they're actually jumping on that in a great way. And what they're saying is "we'll share that with the government", both the DHS and DOD. Now we have to have that same picture created for DHS and DOD. I think one of the things that we're doing is we're pioneering the building of that picture. So that's what we do. We build the picture to bring people together. So think of that is that's the capability. Everybody's going to own a piece of that, and everybody's going to be operating in it. But if you can share that picture, what you can begin to do is say, I've got an attack coming against company A. Company A now sees what it has to do. It can get fellow companies to help them defend, collective defense, knowledge sharing, crowdsourcing. At the same time, the government can see that attack going on and say, "my job is to stop that." If it's DHS, I could see what I have to do. Within the country, DOD can say, "my job is to shoot the archers." How do we go do what we're authorized to do under rules of engagement? So now you have a way of the government and the private sector working together to create that picture. Then we train them and we train them. We should never have had an event like SolarWinds happen in the future. We got to get out in front. And if we do that, think of the downstream consequences, not only can we detect who's doing it, we can hold them accountable and make them pay a price. Right now. It's pretty free. They get in, pap, that didn't work. They get away free. That didn't work, we get away free. Or we broke in, we got, what? 18,000 companies in 30,000 companies. No consequences. In the future there should be consequences. >> And in addition to the idea of consequences, you know, in the tech sector, we have this concept of a co-op petition, where we're often cooperating and competing. The adversaries from, U.S perspective are also great partners, trading partners. So in a sense, it sounds like what you're doing is also kind of adhering to the old adage that, that good fences make for great neighbors. If we all know that our respective infrastructures are secure, we can sort of get on with the honest business of being partners, because you want to make the cost of cyber war too expensive. Is that, is that a fair statement? >> Yes. And I would take that analogy and bend it slightly to the following. Today every company defends itself. So you take 90 companies with 10 people, each doing everything they can to defend themselves. Imagine in the world we trying to build, those 90 companies work together. You have now 900 people working together for the collective defense. If you're in the C-suite or the board of those companies, which would rather have? 900 help new security or 10? This isn't hard. And so what we say is, yes. That neighborhood watch program for cyber has tremendous value. And beyond neighborhood watch, I can also share collaboration because, I might not have the best people in every area of cyber, but in those 900, there will be, and we can share knowledge crowdsource. So it's actually let's work together. I would call it Americans working together to defend America. That's what we need to do. And the states we going to have a similar thing what they're doing, and that's how we'll work this together. >> Yeah. That makes a lot of sense. General Alexander it's been a pleasure. Thanks so much for coming on to theCube as part of our 2021 AWS re:Invent coverage. Are you going to get a chance to spend time during the conference in Las Vegas? So you just flying in, flying out. Any chance? >> Actually yeah. >> It's there, we're still negotiating working that. I've registered, but I just don't know I'm in New York city for two meetings and seeing if I can get to Las Vegas. A lot of friends, you know, Adam Solski >> Yes >> and the entire AWS team. They're amazing. And we really liked this partnership. I'd love to see you there. You're going to be there, David? Absolutely. Yes, absolutely. And I look forward to that, so I hope hopefully we get that chance again. Thank you so much, General Alexander, and also thank you to our title sponsor AMD for sponsoring this year's re:Invent. Keep it right here for more action on theCube, you're leader in hybrid tech event coverage, I'm Dave Nicholson for the Cube. Thanks. (upbeat music)

>> From theCUBE studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE in ETR. This is Breaking Analysis with Dave Vellante. >> Despite the more than $100 billion spent each year fighting Cyber-crime. When we do an end-of-the year look back and ask "How did we do?" The answer is invariably the same, "Worse than last year." Pre pandemic, the picture was disheartening, but since March of 2020 the situation has only worsened as cyber-criminals have become increasingly sophisticated, better funded and more brazen. SecOps pros continue to fight, but unlike conventional wars, this one has no end. Now the flip side of course, is that markets continue to value cybersecurity firms at significant premiums. Because this huge market will continue to grow by double digits for the foreseeable future. Hello and welcome to this week's Wikibon theCUBE Insights powered by ETR. In this Breaking Analysis, we look at the state of cybersecurity in 2021 and beyond. We'll update you with the latest survey data from enterprise technology research and share the fundamentals that have investors piling into the security space like never before. Let's start with the customer view. Cybersecurity remains the number one priority for CIOs and CSOs. This latest ETR survey, once again asked IT buyers to rank their top priorities for the next 12 months. Now the last three polling period dating back to last March. Cybersecurity has outranked every top spending category, including cloud, data analytics, productivity software, networking, AI, and automation or RPA. Now this shouldn't surprise anybody, but it underscores the challenges that organizations face. Not only are they in the midst of a non-optional digital transformation, but they have to also fund a cyber war that has no ceasefires, no truces, and no exit path. Now there's much more going on in cybersecurity than ransomware, but certainly that has the attention of executives. And it's becoming more and more lucrative for attackers. Here's a snapshot of some of the more well-documented attacks this decade many which have occurred in very recent months. CNA Financial, they got hit earlier this year and paid a $40 million ransom. The Ireland Health Service also got hit this year and refused to pay the ransom, but it's estimated that the cost to recover and the damage to the organization exceeded half a billion dollars. The request was for a $20 million ransom. The JBS meat company hack, they paid $11 million. CWT travel paid $5 million. The disruption from the Colonial Pipeline company, was widely reported they paid more than $4 million, as the Brenntag, the chemical company. The NBA got hit. Computer makers, Quanta and Acer also. More than 2,000 random attacks were reported to the FBI in the first seven months of 2021. Up more than 60% from 2020. Now, as I've said many times, you don't have to be a genius to be a ransomware as today. Anyone can go on the dark web, tap into ransomware as a service. Attackers, they have insidious names like darkside, evil, the cobalt, crime gang, wizard spider, the Lazarus gang, and numerous others. Criminals they have negotiation services is most typically the attackers, they'll demand a specific amount of money but they're willing to compromise in an exchange of cryptocurrency for decryption keys. And as mentioned, it's not just ransomware supply chain attacks like the solar winds hack hit organizations within the U.S government and companies like Mimecast this year. Now, while these attacks often do end up in a ransom situation. The attackers sometimes find it more lucrative to live off the land and stealth fashion and ex filtrates sensitive data that can be sold or in the case of many financial institution attacks they'll steal information from say a chief investment officer that signals an upcoming trading strategy and then the attackers will front run that trade in the stock market. Now, of course phishing, remains one of the most prominent threats. Only escalated by the work from home trend as users bring their own devices and of course home networks are less secure. So it's bad, worse than ever before. But you know, if there's a problem, entrepreneurs and investors, they're going to be there to solve it. So here's a LinkedIn post from one of the top investors in the business, Mike Speiser. He was a founding investor in Snowflake. He helped get pure storage to escape velocity and many, many other successes. This hit my LinkedIn feed the other day, his company Sutter Hill Ventures is co-leading a 1.3 Series D on an $8.3 billion valuation. They're putting in over $200 million. Now Lacework is a threat detection software company that looks at security as a data problem and they monitor exposures across clouds. So very timely. So watch that company. They're going to soar. Now the right hand chart shows venture investments in cybersecurity over the past several years. You can see it exploded in 2019 to $7.6 billion. And people thought the market was peaking at that time, if you recall. But then investments rose a little bit to $7.8 billion in 2020 right in the middle of lockdown. And then the hybrid work, the cloud, the new normal thesis kicked in big time. It's in full gear this year. You can see nearly $12 billion invested in cybersecurity in the first half of 2021 alone. So the money keeps coming in as the problem gets worse and the market gets more crowded. Now we'd like to show this slide from Optiv, it's their security taxonomy. It'll make your eyes cross. It's so packed with companies in different sectors. We'll put a link in our posts, so you can stare at this. We've used this truck before. It's pretty good. It's comprehensive and it's worth spending some time to see what that landscape looks like. But now let's reduce this down a bit and bring in some of the ETR data. This is survey data from October that shows net score or spending momentum on the vertical axis and market share or pervasiveness in the dataset on the horizontal axis. That's a measure of mentioned share if you will. Now this is just isolated on the information security sector within the ETR taxonomies. No filters in terms of the number of responses. So it's every company that ETR picks up in cybersecurity from its buyer surveys. Now companies above that red line, we consider them to have a highly elevated spending momentum for their products and services. And you can see, there are a lot of companies that are in this map first of all, and several above that magic mark. So you can see the momentum of Microsoft and Palo Alto. That's most impressive because of their size, their pervasiveness in the study, Cisco and Splunk are also quite prominent. They don't have as much spending momentum, but they're pretty respectable. And you can see the companies that have been real movers in this market that we've been reporting on for a while. Okta, CrowdStrike, Zscaler, CyberArk, SailPoint, Authzero, all companies that we've extensively covered in previous breaking analysis episodes as the up and comers. And isn't it interesting that Datadog is now showing up in the vertical axis. You see that in the left-hand side up high, they're becoming more and more competitive to Splunk in this space as an alternative and lines are blurring between observability, log analytics, security, and as we previously reported even backup and recovery. But now let's simplify this picture a bit more and filter down a little bit further. This chart shows the same X, Y view. Same data construct and framework, but we required more than a hundred responses to hit the chart. So the companies, they have to have a notable market presence in the ETR survey. It's perhaps a bit less crowded, but still very packed. Isn't it? You can see firms that are less prominent in the space like Datadog fell off. The big companies we mentioned, obviously still prominent Microsoft, Palo Alto, Cisco and Splunk and then those with real momentum, they stand out a little bit. There's somewhat smaller, but they're gaining traction in the market. As we felt they would Okta and Auth zero, which Okta acquired as we reported on earlier this year, both showing strength as our CrowdStrike, Zscaler, CyberArk, which does identity and competition with Okta and SentinelOne, which went public mid this year. The company SentinelOne uses AI to do threat detection and has been doing quite well. SalePoint and Proofpoint are right on that red elevated line and then there's a big pack in the middle. Look, this is not an easy market to track. It's virtually every company plays in security. Look, AWS says some of the most advanced security in the business but they're not in the chart specifically, but you see Microsoft is. Because much of AWS security is built into services. Amazon customers heavily rely on the Amazon ecosystem which is in the Amazon marketplace for security products. And often they associate their security spend with those partners and not necessarily Amazon. And you'll see networking companies you see right there, like Juniper and the bottom there and in the ETR data set and the players like VMware in the middle of the pack. They've been really acquisitive for example, with carbon black. And the, of course, you've got a lot of legacy players like McAfee and RSA and IBM. Look, virtually every company has a security story and that will only become more common in the coming years. Now here's another look at the ETR data it's in the raw form, but it'll give you a sense of two things; One is how the data from the previous chart is plotted. And two, it gives you a time series of the data. So the data lists the top companies in the ETR data sets sorted by the October net score in the right most column. Again, that measures spending momentum. So to make the cut here, you had to have more than a hundred mentions which is shown on the left-hand side of the chart that shared N, IE that's shared accounts in the dataset. And you can track the data from last October, July of this year and the most recent October, 2021 survey. So we, drew that red line just about at the 40% net score market coincidentally, there are 10 companies that are over that figure over that bar. We sometimes call out the four star companies. We give four stars to those companies that both are in the top 10 and spending momentum and the top in prominence are shared N in the dataset. So some of these 10 would fit into that profile by that methodology, specifically, Microsoft, Okta, CrowdStrike, and Palo Alto networks. They would be the four star companies. Now a couple of other things to point out here, DDoS attacks, they're still relevant, and they're real threat. So a company like CloudFlare which is just above that red line they play in that space. Now we've also shaded the companies in the fat middle. A lot of these companies like Cisco and Splunk for example, they're major players in the security space with very strong offerings and customer affinity. We sometimes give them two stars. So this is what makes this market so interesting. It's not like the high end discourage market where literally every vendor in the Gartner magic quadrant is up in the right, okay. And there's only five or four or five, six vendors there. This market is diverse with many, many segments and sub segments, and it's such a vital space. And there's so many holes to fill with an ever changing threat landscape as we've seen in the last two years. So this is in part which makes it such a good market for investors. There's a lot of room for growth and not just from stealing market share. That's certainly an opportunity there, but things like cloud, multi-cloud, shifting end points, the edge ,and so forth make this space really ripe for investments. And to underscore this, we put together this little chart of some of the pure play security firms to see how their stock performance has done recently. So you can see that here, you know, it's a little hard to read, but it's not hard to see that Okta, CrowdStrike, Zscaler on the left have been big movers. These charts where possible all show a cross here, starting at the lockdown last year. The only exception is SentinelOne which IPO mid this year. So that's the point March, 2020 when the whole world changed and security priorities really started to shift to accommodate the work from home. But it's quite obvious that since the pandemic, these six companies have been on a tear for the fundamental reason that hybrid work has created a shift in spending priorities for CSOs. No longer are organizations just spending on hardening a perimeter, that perimeter has been blown away. The network is flattening. Work is what you do, it's no longer a place. As such threats are on the rise and cloud, endpoint security, identity access tools there become increasingly vital and the vendors who provide them are on the rise. So it's no surprise that the players that we've listed here which play quite prominently in those markets are all on fire. So now in summary, I want to stress that while the picture is sometimes discouraging. The entire world is becoming more and more tuned in to the cyber threat. And that's a good thing. Money is pouring in. Look, technology got us into this problem and technology is a defensive weapon that will help us continue this fight. But it's going to take more than technology. And I want to share something. We get dozens and dozens of in bounds this time of the year because we do an annual predictions posts. So folks and they want to help us out. So now most of the in bounds and the predictions that we get, they're just kind of observations or frankly, non predictions that can't really be measured as like where you right, or where you're wrong. So for the most part I like predictions that are binary. For example, last December we predicted their IT spending in 2021 would rebound and grow at 4% relative to 2020. Well, it did rebound but that prediction really wasn't as accurate as I'd like. It was frankly wrong. We think it's actually the market's going to actually grow. Spending's going to grow more like 7% this year. Not to worry plenty of our predictions came true, but we'll leave that for another day. Anyway, I got an email from Dean Fisk of Fisk partners. It's a PR firm representing an individual named Lyndon Brown chief of strategy officer of Pondurance. Pondurance is a security consultancy. And the email had the standard, Hey, in case you're working on a predictions post this year end, blah, blah, blah. But instead of sharing with me, a bunch of non predictions, the notes said here's some trends in cybersecurity that might be worth thinking about. And there were a few predictions sprinkled in there, but I wanted to call it a couple of the comments from Linden Brown, whom I don't know, I never met the guy, but I really thought his trends were spot on. The first was a stat I'll share that the United Nations report cyber crime is up 600% due to the pandemic. If as if I couldn't feel worse already. His first point though was that the hybrid workplace will be the new frontier for cyber. Yes, we totally agree. There are permanent shifts taking place. And we actually predicted that last year, but he further cited that many companies went from zero to full digital transformation overnight and many are still on that journey. And his point is that hybrid work is going to require a complete overhaul of how we think about security. We think this is very true. Now the other point that stood out is that governments are going to crack down on this behavior. And we've seen this where criminals have had their critical infrastructure dismantled by governments. No doubt the U.S government has the capabilities to do so. And it is very much focused on this issue. But it's tricky as Robert Gates, who was the former defense secretary, told me a few years back in theCUBE. He said, well, we have the best offense. We also have the most to lose. So we have to be very careful, but Linden's key point was you are going to see a much more forward and aggressive public policy and new laws that give crime fighters more latitude . Again, it's tricky kind of like the Patriot act was tricky but it's coming. Now, another call-out from Linden shares his assertion that natural disasters will bring increased cyber risk. And I thought this was a really astute point because natural disasters they're on the rise. And when there's chaos, there's cash opportunities for criminals. And I'll add to this that the supply chain risk is far from over. This is going to be continuing theme this coming year and beyond. And one of the things that Linden Brown said in his note to me is essentially you can't take humans out of the equation. Automation alone can't solve the problem, but some companies operate as though they can. Just as bad human behavior, can tramp good security, Good human education and behavior is going to be a key weapon in this endless war. Now the last point is we're going to see continued escalation government crackdowns are going to bring retaliation and to Gates' point. The U.S has a lot at stake. So expect insurance premiums are going to go through the roof. That's assuming you can even get cyber insurance. And so we got to hope for the best, but for sure, we have to plan for the worst because it's coming. Deploy technology aggressively but people in process will ultimately be the other ingredients that allow us to live to battle for another day. Okay. That's a wrap for today. Remember these episodes they're all available as podcasts, wherever you listen just search "breaking analysis" podcast. Check out ETR his website at ETR.plus. We also publish a full report every week on Wikibond.com and siliconangle.com. You can get in touch. Email me @david.volante@tsiliconangle.com or you can DM me @dvellante. Comment on our LinkedIn posts. This is Dave Vellante for theCUBE insights powered by ETR. Have a great week. everybody stay safe, be well. And we'll see you next time. (techno music)

hello and welcome to this special cube conversation i'm dave nicholson and this is part of our continuing coverage of google cloud next 2021 i have two very special guests with me and we are going to talk about the topic of security uh i have sunil potti who is vice president and general manager of google cloud security uh who in a previous life had senior leadership roles at nutanix and citrix along with lior div who is the ceo and co-founder of cyber reason lior was formerly a commander in the much famed unit 8200 uh part of the israeli defense forces uh where he was actually a medal of honor recipient uh very uh honored to have him here this morning sunil and lior welcome to the cube sunil welcome back to the cube yeah great to be here david and and to be in the presence of a medal of honor recipient by the way a good friend of mine leor so be here well good to have both of you here so uh i'm the kind of person who likes my dessert before my uh before my entree so why don't we just get right to it you're the two of you are here to announce something very very significant uh in the field of security uh sunil do you want to start us out what are we here to talk about yeah i mean i think maybe uh you know just to set this context um as as many of you know about a decade ago a nation's sponsored attack you know actually got into google plus a whole bunch of tech companies you know the project aurora was quite uh you know infamous for a certain period of time and actually google realized almost a decade ago that look you know security can't just be a side thing it has to be the primary thing including one of the co-founders becoming for lack of a better word the chief security officer for a while but one of the key takeaways from that whole incident was that look you have to be able to detect everything and trust nothing and and the underpinning for at least one of them led to this whole zero trust architectures that everybody now knows about but the other part which is not as popular at least in industry vernacular but in many ways equally important and some ways more important is the fact that you need to be able to detect everything so that you can actually respond and that led to the formation of you know a project internal to google to actually say that look let's democratize uh storage and make sure that nobody has to pay for capturing security events and that led to the formation of this uh new industry concept called a security data lake in chronicle was born and then as we started evolving that over into the enterprise segment partnering with you know cyber reason on one hand created a one plus one equals three synergy between say the presence around what do you detect from the end point but also generally just so happens that as lior will tell you the cyber reason technology happens to start with endpoint but it's actually the core tech is around detecting events but doing it in a smart way to actually respond to them in much more of a contextual manner but beyond just that you know synergy between uh you know a world-class planet scale you know security data like forming the foundation and integrating you know in a much more cohesive way with uh cyber reasons detection response offering the spirit was actually that this is the first step of a long journey to really hit the reset button in terms of going from reactive mode of security to a proactive mode of security especially in a nation-state-sponsored attack vector so maybe leo you can speak a few minutes on that as well absolutely so um as you said i'm coming from a background of uh nation state hacking so for us at cyberism it's uh not is foreign uh what the chinese are doing uh on a daily basis and the growing uh ransomware cartel that's happening right now in russia um when we looked at it we said then uh cyberism is very famous by our endpoint detection and response capability but when we establish cyber reason we establish the cyberism on a core or almost fundamental idea of finding malicious operation we call it the male idea so basically instead of looking for alerts or instead of looking for just pieces of data we want to find the hackers we want to find the attack we want to be able to tell basically the full story of what's going on uh in order to do that we build the inside cyberism basically from day one the ability to analyze any data in real time in order to stitch it into the story of the male the malicious operation but what we realize very quickly that while our solution can process more than 27 trillion events a week we cannot feed it fast enough just from end point and we are kind of blind when it comes to the rest of the attack surface so we were looking uh to be honest quite a while for the best technology that can feed this engine and to as sunil said the one plus one equal three or four or five to be able to fight against those hackers so in this journey uh we we found basically chronicle and the combination of the scale that chronicle bringing the ability to feed the engine and together basically to be able to find those hackers in real time and real time is very very important and then to response to those type of attack so basically what is uh exciting here we created a solution that is five times faster than any solution that exists right now in the market and most importantly it enables us to reverse the atmospheric advantage and basically to find them and to push them out so we're moving from hey just to tell you a story to actually prevent hackers to being in your environment so leor can you i want to double click on that just just a little bit um can you give give us a kind of a concrete example of this difference between simply receiving alerts and uh and actually um you know taking taking uh uh correlating creating correlations and uh and actually creating actionable proactive intelligence can you give us an example of that working in in the real world yeah absolutely we can start from a simple example of ransomware by the time that i will tell you that there is a ransomware your environment and i will send an alert uh it will be five computers that are encrypted and by the time that you gonna look at the alert it's gonna be five thousand uh basically machines that are encrypted and by the time that you will do something it's going to be already too little too late and this is just a simple example so preventing that thing from happening this is critical and very timely manner in order to prevent the damage of ransomware but if you go aside from ransomware and you look for example of the attack like solarwind basically the purpose of this attack was not to create damage it was espionage the russian wanted to collect data on our government and this is kind of uh the main purpose that they did this attack so the ability to be able to say hey right now there is a penetration this is the step that they are doing and there is five ways to push them out of the environment and actually doing it this is something that today it's done manually and with the power of chronicle and cyberism we can do it automatically and that's the massive difference sunil are there specific industries that should be really interested in this or is this a is this a broad set of folks that should be impacted no you know in some ways uh you know the the the saying these days to learn's point on ransomware is that you know if if a customer or an enterprise has a reasonable top-line revenue you're a target you know you're a target to some extent so in that sense especially given that this has moved from pure espionage or you know whether it be you know government oriented or industrial espionage to a financial fraud then at that point in time it applies to pretty much a wide gamut of industries not just financial services or you know critical infrastructure companies like oil and gas pipeline or whatever it could be like any company that has any sort of ip that they feel drives their top line business is now a target for such attacks so when you talk about the idea of partnership and creating something out of a collaboration what's the meat behind this what what what do you what are you guys doing beyond saying you know hey sunil lior these guys really like each other and they respect what the other is doing what's going on behind the scenes what are you actually implementing here moving forward so every partnership is starting with love so it's good [Laughter] but then it need to translate to to really kind of pure value to our customers and pure value coming from a deep integration when it's come to the product so basically uh what will happen is every piece of data that we can collect at cyber is in uh from endpoint any piece of data that the chronicle can collect from any log that exists in the world so basically this is kind of covering the whole attack surface so first we have access to every piece of information across the full attack surface then the main question is okay once you collect all this data what you're gonna do with it and most of companies or all the companies today they don't have an answer they're saying oh we're gonna issue an alert and we hope that there is a smart person behind the keyboard that can understand what just happened and make a decision and with this partnership and with this integration basically we're not asking and outsourcing the question what to do to the user we're giving them the answer we're telling them hey this is the story of the attack this is all the pieces that's going on right now and in most cases we're gonna say hey and by the way we just stopped it so you can prevent it from the future when will people be able to leverage this capability in an integrated way and and and by the way restate how this is going to market as an integrated solution what is what is the what is what are we going to call this moving forward so basically this is the cyber reason xdr uh powered by chronicle and we are very very um uh happy about it yeah and i think just to add to that i would say look the the meta strategy here and the way it'll manifest is in this offering that comes out in early 2022 um is that if you think about it today you know a classical quote-unquote security pipeline is to detect you know analyze and then respond obviously you know just just doing those three in a good way is hard doing it in real time at scale is even harder so just that itself was where cyber reason and chronicle would add real value where we are able to collect a lot of events react in real time but a couple of things that i think that you know to your original point of why this is probably going to be a little for game changer in the years to come is we're trying to change that from detect analyze respond to detect understand and anticipate so because ultimately that's really how we can change you know the profile from being reactive in a world of ransomware or anything else to being proactive against a nation sponsored or nation's influenced attacks because they're not going to stop right so the only way to do this is to rather than just go back up the hatches is just really you know change change the profile of how you'll actually anticipate what they were probably going to do in 6 months or 12 months and so the the graph technology that powers the heart of you know cyber reason is going to be intricately woven in with the contextual information that chronicle can get so that the intermediate step is not just about analysis but it's about truly understanding the overall strategy that has been employed in the past to predict what could happen in the future so therefore then actions could be taken downstream that you can now say hey most likely this these five buckets have this kind of personal information data there's a reasonable chance that you know if they're exposed to the internet then as you create more such buckets in that project you're going to be susceptible to more ransomware attacks or some other attacks right and that's the the the kind of thinking or the transformation that we're trying to bring out with this joint office so lior uh this this concept of uh of mallops and uh cyber reason itself you weren't just born yesterday you've been you've been uh you have thousands of customers around the globe he does look like he was born i i know i know i know well you you know it used to be that the ideal candidate for ceo of a startup company was someone who dropped out of stanford i think it's getting to the point where it's people who refused admission to stanford so uh the the dawn of the 14 year old ceo it's just it's just around the corner but uh but lior do you get frustrated when you see um you know when you become aware of circumstances that would not have happened had they implemented your technology as it exists today yeah we have a for this year it was a really frustrating year that starting with solarwind if you analyze the code of solarwind and we did it but other did it as well basically the russians were checking if cyberism is installed on the machine and if we were installed on the machine they decided to stop the attack this is something that first it was a great compliment for us from you know our not friend from the other side that decided to stop the attack but on a serious note it's like we were pissed because if people were using this technology we know that they are not going to be attacked when we analyze it we realize that we have three different ways to find the solar wind hackers in a three different way so this is just one example and then the next example in the colonial pipeline hack we were the one that found darkseid as a group that we were hacking we were the first one that released a research on them and we showed how we can prevent the basically what they are doing with our technology so when you see kind of those type of just two examples and we have many of them on a daily basis we just know that we have the technology in order to do that now when we're combining uh the chronicle technology into the the technology that we already have we basically can reverse the adversary advantage this is something that you're not doing in a single day but this is something that really give power to the defenders to the communities of siso that exist kind of across the us um and i believe that if we're going to join forces and lean into this community and and basically push the solution out the ability for us to fight against those cartels specifically the ransomware cartels is going to be massive sunil this time next year when we are in uh google cloud next 2022 um are you guys going to come back on and offer up the we told you so awards because once this is actually out there and readily available the combination of chronicle and cyber reasons technology um it's going to be hard for some csos to have an excuse uh it may be it may be a uncomfortable to know that uh they could have kept the door secure uh but didn't yeah where's that bad business is that bad business to uh hand out awards for doing dumb things i don't know about uh you know a version of darwin awards probably don't make sense but but but generally speaking so i do think uh you know we're all like as citizens in this right because you know we talk about customers i mean you know alphabet and google is a customer in some ways cyber reason is a customer the cube is a customer right so i think i think the robot hitting the road a year from now will be we should we should do this where i don't know if the cube does more than two folks at the same time david but we should i mean i'm sure we'll have enough to have at least a half a dozen in in the room to kind of talk about the solution because i think the the you know as you can imagine this thing didn't materialize i mean it's been being cooked for a while between your team and our team and in fact it was inspired by feedback from some joint customers out in the market and all that good stuff so so a year from now i think the best thing would be not just having customers to talk about the solution but to really talk about that transformation from respond to anticipate and do they feel better on their security posture in a world that they know like and leo should probably spend a few minutes on this is i think we're on the tip of the sphere of this nation-state era and what we've just seen in the last few years is what maybe the nation-states have seen over two decades ago and they're going to run those playbooks on the enterprise for the next decade or so yeah leor talk about that for a minute yeah it's it's really you know just to continue the sunil thought it's it's really about finding the unknown because what's happening on the other side it's like specifically china and russia and lately we saw iran starting to gain uh power um basically their job is to become better and better and to basically innovate and create a new type of attack on a daily basis as technology has evolved so basically there is a very simple equation as we're using more technology and relying more on technology the other side is going to exploit it in order to gain more power espionage and create financial damage but it's important to say that this evolution it's not going to stop this is just the beginning and a lot of the data that was belong just to government against government fight basically linked in the past few years now criminals starting to use it as well so in a sense if you think about it what's happening right now there is basically a cold war that nobody is talking about it between kind of the giant that everybody is hacking everybody and in the crossfire we see all of those enterprises across the world it was not a surprise that um you know after the biden and putin uh meeting suddenly it was a quiet it was no ransomware for six weeks and after something changing the politics suddenly we can see a a groin kind of attack when it's come to ransomware that we know that was directed from russia in order to create pressure on the u.s economy sunil wrap us up what are your f what are what are your final thoughts and uh what's what's the what's the big takeaway here no i think you know i i think the key thing for everyone to know is look i think we are going into an era of state-sponsored uh not espionage as much as threat vectors that affect every business and so in many ways the chiefs the chief information security officer the chief risk officer in many ways the ceo and the board now have to pay attention to this topic much like they paid attention to mobile 15 years ago as a transformation thing or maybe cloud 10 years ago i think cyber has been one of those it's sort of like the wireless error david like it existed in the 90s but didn't really break around until iphone hit or the world of consumerization really took off right and i think we're at the tip of the spear of that cyber really becoming like the era of mobile for 15 years ago and so i think that's the if there's like a big takeaway i think yes there's lots of solutions the good news is great innovations are coming through companies like cyber reason working with you know proven providers like google and so forth and so there's a lot of like support in the ecosystem but i think if there was one takeaway that was that everybody should just be ready internalized we don't have to be paranoid about it but we anticipate that this is going to be a long game that we'll have to play together well with that uh taking off my journalist hat for a moment and putting on my citizen hat uh it's reassuring to know that we have really smart people working on this uh because when we talk about critical infrastructure control systems and things like that being under threat um that's more significant than simply having your social security number stolen in a in a data breach so um with that uh i'd like to thank you sunil leor thank you so much for joining us on this special cube conversation this is dave nicholson signing off from our continuing coverage of google cloud next 2021 [Music] you

>> Narrator: From around the globe, it's theCUBE, covering Fortinet Security Summit, brought to you by Fortinet. >> Welcome back to theCUBE, Lisa Martin here live in Napa Valley at the Fortinet Championship. This is the site of kickoff to the 2021-22 FedEx Cup regular series. We're here with Fortinet and we're here with one of our distinguished alumni, John Madison, the CMO and EVP of products. John, it's great to see you in person. >> Yes, Lisa it's been a while. >> It has been a while. >> Good to be back here, live. >> I know, you're not on Zoom, you're actually right six feet across from me. >> Yep, look, yes, it's definitely physical. >> It does, talk to me about the PGA and Fortinet. What are some of the synergies? >> There's a lot. I think one of the biggest ones is the culture of the two companies. So I mean, PGA tour, I think they've donated almost $3 billion to charities over the last 15 years, 20 years and we're the same. We would definitely want to give back to the community. We want to make sure we're providing training and education. We're trying to re-skill some of the veterans, for example, over 2000, also women in technology, you may have heard one of the key notes today about that, attempts from a education and training perspective. So there's a lot of synergies between the PGA Tour, and Fortinet from a cultural perspective. >> I love that. Cultural synergy is so important but also some of the initiatives, women in tech, STEM, STEAM, those are fantastic. Give our audience a little overview of what's going on here. We've got over 300 partners and customers here. What are some of the key themes being discussed today? >> Yeah, we're going to try and keep it smaller, this event. We don't want 10,000, 20,000 people. We'll keep it smaller. So about 300 customers and partners, and what we want to do is bring together, you know, the top people in cybersecurity and networking, we want to bring in customers so they can net with each other, we want to bring the partners here. And so, what you're going to see is you can see the tech expo behind you there, where people are talking technology. Some of the keynotes focus on areas like ransomware, for example, and cyber security in different industries. So definitely it's a smaller gathering, but I think it's very focused on cybersecurity and networking. >> Well, that's such an important topic these days. You know, you and I have spoken a number of times this summer by Zoom, and talking about the threat landscape and the changes-- >> Yep. >> And the work from anywhere. When you and I spoke, I think it was in June, you said 25% we expect are going to go back to the office, 25% permanently remote and the other 50 sort of transient. Do you still think given where we are now in September that that's still-- >> Yeah, I'm going to modify my prediction a bit, I think it's going to be hybrid for some time. And I don't think it's just at home or not at home or at work or not at work, I think it's going to be maybe one or two days, or maybe three days versus five days. And so, we definitely see the hybrid mode of about 50% for the next couple of years at least. I think that, you know, ransomware has been in the news a lot. You saw the Colonial, the ransomware has increased. We did a threat report recently. Showed about a 10X increase in ransomware. So, I think customers are very aware of the cybersecurity threats. The damage now is not just sucking information out and IP, it's causing damage to the infrastructure. So definitely the, you know, the attack surface is increased with people working from home, versus in the office, and then you've got the threat landscape, really, really focused on that ransomware piece. >> Yeah, ransomware becoming a household word, I'm pretty sure even my mom knows what that is. And talking about the nearly 11X increase in, what was that, the first half of 2021? >> Yeah, over the last 12 months. And I think what's also happened is ransomware used to be a broad attack. So let me send out, and see if I can find a thousand companies. Again, you saw with the Colonial attack, it's very targeted now as well. So you've got both targeted and broad ransomware campaigns going on. And a lot of companies are just rethinking their cybersecurity strategy to defend against that. And that work from home component is another attack surface. So a lot of companies that were operational technology companies that had air gaps and people would come to work, now that you can remotely get into the network, it's again, you can attack people at home, back into the network. >> Is that a direct correlation that you've saw in the last year, in terms of that increase in ransomware and this sudden shift to working from home? >> Well, I also think there's other components. And so, I think the ransomware organizations, the gangs, could use crypto more reasonably than checks and dollars and stuff like that. So they could get their money out. It became very profitable versus trying to sell credit card data on the dark web. So you saw that component. You also saw, as I said, the attack surface be larger for companies, and so those two things unfortunately have come together, and you know, really seen an exponential rise in attacks. >> Perfect storm. Let's talk about some of your customer conversations and how they've changed and evolved in the last 18 months. Give me a snapshot of when you're talking with customers, what are some of the things that they're coming to you for help, looking for the most guidance? >> Yeah, well I think, you know, the digital innovation transformation is almost accelerated because of, you know, COVID. They've accelerated those programs, especially in industries like retail, where it becomes almost essential now to have that digital connectivity. So they can't stop those programs. They need to accelerate those programs, but as they move those programs faster, again they expand their attack surface. And so, what I'm definitely seeing is a convergence of traditional kind of networking, connectivity, and cybersecurity teams like the CIO and the CSO working on projects jointly. So whether it be the WAN connectivity, or whether it be endpoint, or whether it be cloud, both teams are working much more closely going forward. >> Synergies there that are absolutely essential. Talk to me about what you guys announced with Linksys yesterday, speaking of work from home and how that has transformed every industry. Talk to us about the home work solution powered by Fortinet. >> Yeah, well, we definitely see work from home being there for some time. And so the question is, what do you do there? So I think initially 18 months ago, what happened was companies turned on their, what they call a VPN, which gives them an encrypted access when they went from 5% to a 100% people on the VPN. I speak to customers now and they're saying, that was kind of a temporary solution. It puts an end point security there. It was kind of temporary and now I need a longer-term solution because I can see this at least 50% for the next two years, being this hybrid work from home, and some of them are saying, "Well, let's look at something. Let's try and take the best of enterprise networking and security, and then try and match that with an easy to set up Wi-Fi or routing system." So the two companies, you know, have come together with this joint venture. We're taking Linksys technology from an ease of use at home, it's very simple to set up, you can do it on an app or whatever. And then we integrate the Fortinet technology inside there from a security and enterprise networking. The enterprises can manage themselves, the enterprise component and the consumer can manage their piece. What's very important is that separation as well. So the privacy of your home network, and then to make sure the enterprise piece is secure, and then also introducing some simple, what we call quality of service. So for a business person, things like Teams or Zoom as preference over some of the gaming and downloads of the family. So I think it brings the best of both worlds: ease of use and enterprise security together. >> I'm sure the kids won't like that it's not optimized for gaming, but it is optimized for things like video conferencing which, in the last year we've been dependent on for collaboration and communication. Tell me a little bit about the tuning for video conferencing and collaboration. >> Yeah, so we announced both Zoom and Microsoft Teams, probably the two biggest apps, which I use from a work from home business perspective. And definitely if you've got a normal system at home and your kids they've been downloading something, a new game or something like that, they can just take the whole bandwidth. And so the ability to kind of scale that back and make sure the Zoom meeting or the Teams meeting is first priority, I think is very important, to get that connectivity and that quality of service, but also have that security component as well. >> Yeah, the security component is increasingly important. Talk to me about why Linksys, was COVID the catalyst for this partnership? >> Well, I think we looked at it and we have our own work from home solutions as well. I mean, our own gear. We definitely wanted to find something where we could integrate into more of a ease of use solution set. And it just so happened we were speaking to Linksys on some other things and as soon as we started talking, it was very, very clear that this would be a great relationship and joint venture and so we made the investment. Not just "here's some of our code", we made a substantial investment in Linksys and yeah, we see some other things coming in the future as well. >> Can you talk to me a little bit about what the go to market will be, how can enterprises and consumers get this? >> Yeah. So it's more of an enterprise sale. I know some people think Linksys, they think consumer straight away. For us, this is a sale to the enterprises. So the enterprises buy it, it's a subscription service. So they just pay a monthly fee and they can have different levels of service inside there as well. They will get, you know, for each employee they'll get one, two or three nodes. And then so the, so the enterprise is paying for it, which I think will help a bit and they will manage it through their system, but the consumer will get this kind of a game that's very easy to use, very high speed connectivity, mesh technology. So yes, Linksys will sell some of it as well. But I think, you know, actually Fortinet will be the major kind of go to market because of our 500,000 business customers we have out there. >> Right. And your huge partner network. >> Yes. >> So let's talk about, give me a little bit of a view in terms of the benefit that IT will get leveraging the Linksys home work solution. I imagine that centralized visibility of all the devices connected to the corporate network, even though, wherever the devices are? >> Yeah, it actually extends the corporate network. So not in this initial release, in the second release. In the first release, they can go to a cloud portal and they can manage what they can manage from an enterprise perspective. The employee can go to the same portal, but gets a different view, can manage their piece. In the second release, we'll actually have support in our management systems. So if you're an existing Fortinet customer and you've got our management systems and say you've got, I don't know, 250 sites, and you're managing some of our firewalls or SD WAN systems, You'll be able to see all the employees links as systems as well, in that same management system. But again, there's a separation of duty and privacy where they can just manage the enterprise components, not they can't see the traffic from the employees' side, from the non-business transactions. >> Good. That privacy is key there. Do you think that in a perfect world, would help quiet down some of the perfect storm that we're seeing with ransomware and this explosion, this work from anywhere, work from home, going to be persisting technologies, like what you're doing with Linksys, is going to help make a dent in that spike? >> I think it's a component. So for us, the long term strategy for users, end point, this kind of Linksys component is an element. We also feel like there needs to be a transition of VPN technology into zero trust. So you're limiting again, the access to applications versus the network. And then definitely the third component would be a technology like EDR, which is more behavioral-based versus signature-based. And so you bring all those three together. Absolutely we'll make a dent in ransomware because you're just reducing the attack surface greatly, but also scanning the technology to make sure if you see something, you can act straight away. >> And then pair that with what you guys are doing and the investment that Fortinet's been making for a while in training and helping to fill that cybersecurity skills gap, which is growing year on year. >> Yeah. I speak to a lot of CSOs and CIOs and they go "What's the latest technology? What can you do next?" I say, well, the most important thing you can do is train your people. Train them not to click on that phishing link, right? Because still our numbers are around 6% of employees click on things and it doesn't matter what company you are. And so the education and the training is the one of the core, the most basic steps. We're introducing what we call an IT awareness program as part of NSC, which allows companies to download some tools. And they'll try some phishing emails that go out there, they'll see the response, see how they can (mumbles). So I always say that the people, the social engineering is the first step to try and fix and reduce. That's the biggest attack surface you will have. >> It's getting so sophisticated and so personalized. I mean I've seen examples with training that I've done for various companies where you really have to look 2, 3, 4 times at it and have the awareness alone to know that this might not be legitimate. >> Yeah, especially when people are just clicking on more things because they're going to more places. And so you have to be very careful. You can stop a bunch of that with some rule sets. So the systems, but if they're faking the domain, spear phishing, where they know exactly the context of where the email's coming out, it's hard, but you've just got to be very, very careful. If in doubt don't click on it. >> I agree if in doubt, don't click it. Well, John, it's always great talking to you. Exciting to hear the growth of Fortinet, what you're doing with PGA tour, the synergies there, the cultural synergies and the growth in customers and partners, lots of stuff to come. Can't wait till our next conversation, which I hope is also in person. >> Yes, yes, yes, for sure. You know, I think this is a great venue in that it's- as you can see it's open, which helps a lot. >> Yeah. >> It's not far from our headquarters, just down the road there, we've committed to this event for six or seven years. And so this is our first time, but definitely we're hoping to get out a bit more as we go forward. >> Excellent. I'm glad to see to see a company like Fortinet taking the lead and you look like you're dressed for golf. You said you have meetings, but I'm going to let you go because you probably have to get to that. >> I have a few more meetings. I wish they would leave a little gap for some golf. I'll try and work one as we go forward. >> Yeah. Anyway, John, thank you for joining me, great to see you. For John Madison, I'm Lisa Martin. You're watching theCUBE from the Fortinet Championship Security Summit in Napa. (Upbeat music)

>> Welcome to this Cube Conversation, I'm Lisa Martin. I'm joined by Derek Manky next, the Chief Security Insights and Global Threat Alliances at Fortiguard Labs. Derek, welcome back to the program. >> Hey, it's great to be here again. A lot of stuff's happened since we last talked. >> So Derek, one of the things that was really surprising from this year's Global Threat Landscape Report is a 10, more than 10x increase in ransomware. What's going on? What have you guys seen? >> Yeah so this is massive. We're talking over a thousand percent over a 10x increase. This has been building Lisa, So this has been building since December of 2020. Up until then we saw relatively low high watermark with ransomware. It had taken a hiatus really because cyber criminals were going after COVID-19 lawyers and doing some other things at the time. But we did see a seven fold increase in December, 2020. That has absolutely continued this year into a momentum up until today, it continues to build, never subsided. Now it's built to this monster, you know, almost 11 times increase from, from what we saw back last December. And the reason, what's fueling this is a new verticals that cyber criminals are targeting. We've seen the usual suspects like telecommunication, government in position one and two. But new verticals that have risen up into this third and fourth position following are MSSP, and this is on the heels of the Kaseya attack of course, that happened in 2021, as well as operational technology. There's actually four segments, there's transportation, automotive, manufacturing, and then of course, energy and utility, all subsequent to each other. So there's a huge focus now on, OT and MSSP for cyber criminals. >> One of the things that we saw last year this time, was that attackers had shifted their focus away from enterprise infrastructure devices, to home networks and consumer grade products. And now it looks like they're focusing on both. Are you seeing that? >> Yes, absolutely. In two ways, so first of all, again, this is a kill chain that we talk about. They have to get a foothold into the infrastructure, and then they can load things like ransomware on there. They can little things like information stealers as an example. The way they do that is through botnets. And what we reported in this in the first half of 2021 is that Mirai, which is about a two to three-year old botnet now is number one by far, it was the most prevalent botnet we've seen. Of course, the thing about Mirai is that it's an IOT based botnet. So it sits on devices, sitting inside consumer networks as an example, or home networks, right. And that can be a big problem. So that's the targets that cyber criminals are using. The other thing that we saw that was interesting was that one in four organizations detected malvertising. And so what that means Lisa, is that cyber criminals are shifting their tactics from going just from cloud-based or centralized email phishing campaigns to web born threats, right. So they're infecting sites, waterhole attacks, where, you know, people will go to read their daily updates as an example of things that they do as part of their habits. They're getting sent links to these sites that when they go to it, it's actually installing those botnets onto those systems, so they can get a foothold. We've also seen scare tactics, right. So they're doing new social engineering lures, pretending to be human resource departments. IT staff and personnel, as an example, with popups through the web browser that look like these people to fill out different forms and ultimately get infected on home devices. >> Well, the home device use is proliferate. It continues because we are still in this work from home, work from anywhere environment. Is that, you think a big factor in this increase from 7x to nearly 11x? >> It is a factor, absolutely. Yeah, like I said, it's also, it's a hybrid of sorts. So a lot of that activity is going to the MSSP angle, like I said to the OT. And to those new verticals, which by the way, are actually even larger than traditional targets in the past, like finance and banking, is actually lower than that as an example. So yeah, we are seeing a shift to that. And like I said, that's, further backed up from what we're seeing on with the, the botnet activity specifically with Mirai too. >> Are you seeing anything in terms of the ferocity, we know that the volume is increasing, are they becoming more ferocious, these attacks? >> Yeah, there is a lot of aggression out there, certainly from, from cyber criminals. And I would say that the velocity is increasing, but the amount, if you look at the cyber criminal ecosystem, the stakeholders, right, that is increasing, it's not just one or two campaigns that we're seeing. Again, we're seeing, this has been a record cases year, almost every week we've seen one or two significant, cyber security events that are happening. That is a dramatic shift compared to last year or even, two years ago too. And this is because, because the cyber criminals are getting deeper pockets now. They're becoming more well-funded and they have business partners, affiliates that they're hiring, each one of those has their own methodology, and they're getting paid big. We're talking up to 70 to 80% commission, just if they actually successfully, infect someone that pays for the ransom as an example. And so that's really, what's driving this too. It's a combination of this kind of perfect storm as we call it, right. You have this growing attack surface, work from home environments and footholds into those networks, but you have a whole bunch of other people now on the bad side that are orchestrating this and executing the attacks too. >> So what can organizations do to start- to slow down or limit the impacts of this growing ransomware as a service? >> Yeah, great question. Everybody has their role in this, I say, right? So if we look at, from a strategic point of view, we have to disrupt cyber crime, how do we do that? It starts with the kill chain. It starts with trying to build resilient networks. So things like ZTA and a zero trust network access, SD-WAN as an example for protecting that WAN infrastructure. 'Cause that's where the threats are floating to, right. That's how they get the initial footholds. So anything we can do on the preventative side, making networks more resilient, also education and training is really key. Things like multi-factor authentication are all key to this because if you build that preventatively and it's a relatively small investment upfront Lisa, compared to the collateral damage that can happen with these ransomware paths, the risk is very high. That goes a long way, it also forces the attackers to- it slows down their velocity, it forces them to go back to the drawing board and come up with a new strategy. So that is a very important piece, but there's also things that we're doing in the industry. There's some good news here, too, that we can talk about because there's things that we can actually do apart from that to really fight cyber crime, to try to take the cyber criminals offline too. >> All right, hit me with the good news Derek. >> Yeah, so a couple of things, right. If we look at the botnet activity, there's a couple of interesting things in there. Yes, we are seeing Mirai rise to the top right now, but we've seen big problems of the past that have gone away or come back, not as prolific as before. So two specific examples, EMOTET, that was one of the most prolific botnets that was out there for the past two to three years, there is a take-down that happened in January of this year. It's still on our radar but immediately after that takedown, it literally dropped to half of the activity it had before. And it's been consistently staying at that low watermark now at that half percentage since then, six months later. So that's very good news showing that the actual coordinated efforts that were getting involved with law enforcement, with our partners and so forth, to take down these are actually hitting their supply chain where it hurts, right. So that's good news part one. Trickbot was another example, this is also a notorious botnet, takedown attempt in Q4 of 2020. It went offline for about six months in our landscape report, we actually show that it came back online in about June this year. But again, it came back weaker and now the form is not nearly as prolific as before. So we are hitting them where it hurts, that's that's the really good news. And we're able to do that through new, what I call high resolution intelligence that we're looking at too. >> Talk to me about that high resolution intelligence, what do you mean by that? >> Yeah, so this is cutting edge stuff really, gets me excited, keeps me up at night in a good way. 'Cause we we're looking at this under the microscope, right. It's not just talking about the what, we know there's problems out there, we know there's ransomware, we know there's a botnets, all these things, and that's good to know, and we have to know that, but we're able to actually zoom in on this now and look at- So we, for the first time in the threat landscape report, we've published TTPs, the techniques, tactics, procedures. So it's not just talking about the what, it's talking about the how, how are they doing this? What's their preferred method of getting into systems? How are they trying to move from system to system? And exactly how are they doing that? What's the technique? And so we've highlighted that, it's using the MITRE attack framework TTP, but this is real time data. And it's very interesting, so we're clearly seeing a very heavy focus from cyber criminals and attackers to get around security controls, to do defense innovation, to do privilege escalation on systems. So in other words, trying to be common administrator so they can take full control of the system. As an example, lateral movement, there's still a preferred over 75%, 77 I believe percent of activity we observed from malware was still trying to move from system to system, by infecting removable media like thumb drives. And so it's interesting, right. It's a brand new look on these, a fresh look, but it's this high resolution, is allowing us to get a clear image, so that when we come to providing strategic guides and solutions in defense, and also even working on these takedown efforts, allows us to be much more effective. >> So one of the things that you said in the beginning was we talked about the increase in ransomware from last year to this year. You said, I don't think that we've hit that ceiling yet, but are we at an inflection point? Data showing that we're at an inflection point here with being able to get ahead of this? >> Yeah, I would like to believe so, there is still a lot of work to be done unfortunately. If we look at, there's a recent report put out by the Department of Justice in the US saying that, the chance of a criminal to be committing a crime, to be caught in the US is somewhere between 55 to 60%, the same chance for a cyber criminal lies less than 1%, well 0.5%. And that's the bad news, the good news is we are making progress in sending messages back and seeing results. But I think there's a long road ahead. So, there's a lot of work to be done, We're heading in the right direction. But like I said, they say, it's not just about that. It's, everyone has their role in this, all the way down to organizations and end users. If they're doing their part of making their networks more resilient through this, through all of the, increasing their security stack and strategy. That is also really going to stop the- really ultimately the profiteering that wave, 'cause that continues to build too. So it's a multi-stakeholder effort and I believe we are getting there, but I continue to still, I continue to expect the ransomware wave to build in the meantime. >> On the end-user front, that's always one of the vectors that we talk about, it's people, right? There's so much sophistication in these attacks that even security folks and experts are nearly fooled by them. What are some of the things that you're saying that governments are taking action on some recent announcements from the White House, but other organizations like Interpol, the World Economic Forum, Cyber Crime Unit, what are some of the things that governments are doing that you're seeing that as really advantageous here for the good guys? >> Yeah, so absolutely. This is all about collaboration. Governments are really focused on public, private sector collaboration. So we've seen this across the board with Fortiguard Labs, we're on the forefront with this, and it's really exciting to see that, it's great. There's always been a lot of will to work together, but we're starting to see action now, right? Interpol is a great example, they recently this year, held a high level forum on ransomware. I actually spoke and was part of that forum as well too. And the takeaways from that event were that we, this was a message to the world, that public, private sector we need. They actually called ransomware a pandemic, which is what I've referred to it as before in itself as well too. Because it is becoming that much of a problem and that we need to work together to be able to create action, action against this, measure success, become more strategic. The World Economic Forum were leading a project called the Partnership Against Cyber Crime Threat Map Project. And this is to identify, not just all this stuff we talked about in the threat landscape report, but also looking at, things like, how many different ransomware gangs are there out there. What do the money laundering networks look like? It's that side of the supply chain to map out, so that we can work together to actually take down those efforts. But it really is about this collaborative action that's happening and it's innovation and there's R&D behind this as well, that's coming to the table to be able to make it impactful. >> So it sounds to me like ransomware is no longer a- for any organization in any industry you were talking about the expansion of verticals. It's no longer a, "If this happens to us," but a matter of when and how do we actually prepare to remediate, prevent any damage? >> Yeah, absolutely, how do we prepare? The other thing is that there's a lot of, with just the nature of cyber, there's a lot of connectivity, there's a lot of different, it's not just always siloed attacks, right. We saw that with Colonial obviously, this year where you have attacks on IT, that can affect consumers, right down to consumers, right. And so for that very reason, everybody's infected in this. it truly is a pandemic I believe on its own. But the good news is, there's a lot of smart people on the good side and that's what gets me excited. Like I said, we're working with a lot of these initiatives. And like I said, some of those examples I called up before, we're actually starting to see measurable progress against this as well. >> That's good, well never a dull day I'm sure in your world. Any thing that you think when we talk about this again, in a few more months of the second half of 2021, anything you predict crystal ball wise that we're going to see? >> Yeah, I think that we're going to continue to see more of the, I mean, ransomware, absolutely, more of the targeted attacks. That's been a shift this year that we've seen, right. So instead of just trying to infect everybody for ransom, as an example, going after some of these new, high profile targets, I think we're going to continue to see that happening from the ransomware side and because of that, the average costs of these data breaches, I think they're going to continue to increase, it already did in 2021 as an example, if we look at the cost of a data breach report, it's gone up to about $5 million US on average, I think that's going to continue to increase as well too. And then the other thing too is, I think that we're going to start to see more, more action on the good side like we talked about. There was already a record amount of takedowns that have happened, five takedowns that happened in January. There were arrests made to these business partners, that was also new. So I'm expecting to see a lot more of that coming out towards the end of the year too. >> So as the challenges persist, so do the good things that are coming out of this. Where can folks go to get this first half 2021 Global Threat Landscape? What's the URL that they can go to? >> Yeah, you can check it out, all of our updates and blogs including the threat landscape reports on blog.fortinet.com under our threat research category. >> Excellent, I read that blog, it's fantastic. Derek, always a pleasure to talk to you. Thanks for breaking this down for us, showing what's going on. Both the challenging things, as well as the good news. I look forward to our next conversation. >> Absolutely, it was great chatting with you again, Lisa. Thanks. >> Likewise for Derek Manky, I'm Lisa Martin. You're watching this Cube Conversation. (exciting music)

(upbeat music) >> Hey, welcome to this Cube conversation with NetScout. I'm Lisa Martin. Excited to talk to you. Richard Hummel, the manager of threat research for Arbor Networks, the security division of NetScout. Richard, welcome to theCube. >> Thanks for having me, Lisa, it's a pleasure to be here. >> We're going to unpack the sixth NetScout Threat Intelligence Report, which is going to be very interesting. But something I wanted to start with is we know that and yes, you're going to tell us, COVID and the pandemic has had a massive impact on DDoS attacks, ransomware. But before we dig into the report, I'd like to just kind of get some stories from you as we saw last year about this time rapid pivot to work from home, rapid pivot to distance learning. Talk to us about some of the attacks that you saw in particular that literally hit close to home. >> Sure and there's one really good prime example that comes to mind because it impacted a lot of people. There was a lot of media sensation around this but if you go and look, just Google it, Miami Dade County and DDoS, you'll see the first articles that pop up is the entire district school network going down because the students did not want to go to school and launched a DDoS attack. There was something upwards of 190,000 individuals that could no longer connect to the school's platform, whether that's a teacher, a student or parents. And so it had a very significant impact. And when you think about this in terms of the digital world, that impacted very severely, a large number of people and you can't really translate that to what would happen in a physical environment because it just doesn't compute. There's two totally different scenarios to talk about here. >> Amazing that a child can decide, "I don't want to go to school today." And as a result of a pandemic take that out for nearly 200,000 folks. So let's dig into, I said this is the sixth NetScout Threat Intelligence Report. One of the global trends and themes that is seen as evidence in what happened last year is up and to the right. Oftentimes when we're talking about technology, you know, with analyst reports up and to the right is a good thing. Not so in this case. We saw huge increases in threat vectors, more vectors weaponized per attack sophistication, expansion of threats and IOT devices. Walk us through the overall key findings from 2020 that this report discovered. >> Absolutely. And if yo glance at your screen there you'll see the key findings here where we talk about record breaking numbers. And just in 2020, we saw over 10 million attacks, which, I mean, this is a 20% increase over 2019. And what's significant about that number is COVID had a huge impact. In fact, if we go all the way back to the beginning, right around mid March, that's when the pandemic was announced, attacks skyrocketed and they didn't stop. They just kept going up and to the right. And that is true through 2021. So far in the first quarter, typically January, February is the down month that we observe in DDoS attacks. Whether this is, you know, kids going back to school from Christmas break, you have their Christmas routines and e-commerce is slowing down. January, February is typically a slow month. That was not true in 2021. In fact, we hit record numbers on a month by month in both January and February. And so not only do we see 2.9 million attacks in the first quarter of 2021, which, I mean, let's do the math here, right? We've got four quarters, you know, we're on track to hit 12 million attacks potentially, if not more. And then you have this normal where we said 800,000 approximately month over month since the pandemic started, we started 2021 at 950,000 plus. That's up and to the right and it's not slowing down. >> It's not slowing down. It's a trend that it shows, you know, significant impact across every industry. And we're going to talk about that but what are some of the new threat vectors that you saw weaponized in the last year? I mean, you talked about the example of the Miami-Dade school district but what were some of those new vectors that were really weaponized and used to help this up and to the right trend? >> So there's four in particular that we were tracking in 2020 and these nets aren't necessarily new vectors. Typically what happens when an adversary starts using this is there's a proof of concept code out there. In fact, a good example of this would be the RDP over UDP. So, I mean, we're all remotely connected, right? We're doing this over a Zoom call. If I want to connect to my organization I'm going to use some sort of remote capability whether that's a VPN or tunneling in, whatever it might be, right? And so remote desktop is something that everybody's using. And we saw actors start to kind of play around with this in mid 2020. And in right around September, November timeframe we saw a sudden spike. And typically when we see spikes in this kind of activity it's because adversaries are taking proof of concept code, that maybe has been around for a period of time, and they're incorporating those into DDoS for hire services. And so any person that wants to launch a DDoS attack can go into underground forums in marketplaces and they can purchase, maybe it's $10 in Bitcoin, and they can purchase an attack. That leverage is a bunch of different DDoS vectors. And so adversaries have no reason to remove a vector as new ones get discovered. They only have the motivation to add more, right? Because somebody comes into their platform and says, "I want to launch an attack that's going to take out my opponent." It's probably going to look a lot better if there's a lot of attack options in there where I can just go through and start clicking buttons left and right. And so all of a sudden now I've got this complex multi-vector attack that I don't have to pay anything extra for. Adversary already did all the work for me and now I can launch an attack. And so we saw four different vectors that were weaponized in 2020. One of those are notably the Jenkins that you see listed on the screen in the key findings. That one isn't necessarily a DDoS vector. It started out as one, it does amplify, but what happens is Jenkins servers are very vulnerable and when you actually initiate this attack, it tips over the Jenkins server. So it kind of operates as like a DoS event versus DDoS but it still has the same effect of availability, it takes a server offline. And then now just in the first part of 2021 we're tracking multiple other vectors that are starting to be weaponized. And when we see this, we go from a few, you know, incidents or alerts to thousands month over month. And so we're seeing even more vectors added and that's only going to continue to go up into the right. You know that theme that we talked about at the beginning here. >> As more vectors get added, and what did you see last year in terms of industries that may have been more vulnerable? As we talked about the work from home, everyone was dependent, really here we are on Zoom, dependent on Zoom, dependent on Netflix. Streaming media was kind of a lifeline for a lot of us but it also was healthcare and education. Did you see any verticals in particular that really started to see an increase in the exploitation and in the risk? >> Yeah, so let's start, let's separate this into two parts. The last part of the key findings that we had was talking about a group we, or a campaign we call Lazarus Borough Model. So this is a global DDoS extortion campaign. We're going to cover that a little bit more when we talk about kind of extorted events and how that operates but these guys, they started where the money is. And so when they first started targeting industries and this kind of coincides with COVID, so it started several months after the pandemic was announced, they started targeting a financial organizations, commercial banking. They went after stock exchange. Many of you would hear about the New Zealand Stock Exchange that went offline. That's this LBA campaign and these guys taking it off. So they started where the money is. They moved to a financial agation targeting insurance companies. They targeted currency exchange places. And then slowly from there, they started to expand. And in so much as our Arbor Cloud folks actually saw them targeting organizations that are part of vaccine development. And so these guys, they don't care who they hurt. They don't care who they're going after. They're going out there for a payday. And so that's one aspect of the industry targeting that we've seen. The other aspect is you'll see, on the next slide here, we actually saw a bunch of different verticals that we really haven't seen in the top 10 before. In fact, if you actually look at this you'll see the number one, two and three are pretty common for us. We almost always are going to see these kinds of telecommunications, wireless, satellite, broadband, these are always going to be in the top. And the reason for that is because gamers and DDoS attacks associated with gaming is kind of the predominant thing that we see in this landscape. And let's face it, gamers are on broadband operating systems. If you're in Asian communities, often they'll use mobile hotspots. So now you start to have wireless come in there. And so that makes sense seeing them. But what doesn't make sense is this internet publishing and broadcasting and you might say, "Well, what is that?" Well, that's things like Zoom and WebEx and Netflix and these other streaming services. And so we're seeing adversaries going after that because those have become critical to people's way of life. Their entertainment, what they're using to communicate for work and school. So they realized if we can go after this it's going to disrupt something and hopefully we can get some recognition. Maybe we can show this as a demonstration to get more customers on our platform or maybe we can get a payday. In a lot of the DDoS attacks that we see, in fact most of them, are all monetary focused. And so they're looking for a payday. They're going to go after something that's going to likely, you know, send out that payment. And then just walk down the line. You can see COVID through this whole thing. Electronic shopping is number five, right? Everybody turned to e-commerce because we're not going to in-person stores anymore. Electronic computer manufacturing, how many more people have to get computers at home now because they're no longer in a corporate environment? And so you can see how the pandemic has really influenced this industry target. >> Significant influencer and I also wonder too, you know, Zoom became a household name for every generation. You know, we're talking to five generations and maybe the generations that aren't as familiar with computer technology might be even more exploitable because it's easy to click on a phishing email when they don't understand how to look for the link. Let's now unpack the different types of DDoS attacks and what is on the rise. You talked about in the report the triple threat and we often think of that in entertainment. That's a good thing, but again, not here. Explain that triple threat. >> Yeah, so what we're seeing here is we have adversaries out there that are looking to take advantage of every possible angle to be able to get that payment. And everybody knows ransomware is a household name at this point, right? And so ransomware and DDoS have a lot in common because they both attack the availability of network resources, where computers or devices or whatever they might be. And so there's a lot of parallels to draw between the two of these. Now ransomware is a denial of service event, right? You're not going to have tens of thousands of computers hitting a single computer to take it down. You're going to have one exploitation of events. Somebody clicked on a link, there was a brute force attempt that managed to compromise a little boxes, credentials, whatever it might be, ransomware gets put on a system, it encrypts all your files. Well, all of a sudden, you've got this ransom note that says "If you want your files decrypted you're going to send us this amount of human Bitcoin." Well, what adversaries are doing now is they're capitalizing on the access that they already gained. So they already have access to the computer. Well, why not steal all the data first then let's encrypt whatever's there. And so now I can ask for a ransom payment to decrypt the files and I can ask for an extortion to prevent me from posting your data publicly. Maybe there's sensitive corporate information there. Maybe you're a local school system and you have all of your students' data on there. You're a hospital that has sensitive PI on it, whatever it might be, right? So now they're going to extort you to prevent them from posting that publicly. Well, why not add DDoS to this entire picture? Now you're already encrypted, we've already got your files, and I'm going to DDoS your system so you can't even access them if you wanted to. And I'm going to tell you, you have to pay me in order to stop this DDoS attack. And so this is that triple threat and we're seeing multiple different ransomware families. In fact, if you look at one of the slides here, you'll see that there's SunCrypt, there's Ragnar Cryptor, and then Maze did this initially back in September and then more recently, even the DarkSide stuff. I mean, who hasn't heard about DarkSide now with the Colonial Pipeline event, right? So they came out and said, "Hey we didn't intend for this collateral damage but it happened." Well, April 24th, they actually started offering DDoS as part of their tool kits. And so you can see how this has evolved over time. And adversaries are learning from each other and are incorporating this kind of methodology. And here we have triple extortion event. >> It almost seems like triple extortion event as a service with the opportunities, the number of vectors there. And you're right, everyone has heard of the Colonial Pipeline and that's where things like ransomware become a household term, just as much as Zoom and video conferencing and streaming media. Let's talk now about the effects that the threat report saw and uncovered region by region. Were there any regions in particular that were, that really stood out as most impacted? >> So not particularly. So one of the phenomena that we actually saw in the threat report, which, you know, we probably could have talked about it before now but it makes sense to talk about it regionally because we didn't see any one particular region, one particular vertical, a specific organization, specific country, none was more heavily targeted than another. In fact what we saw is organizations that we've never seen targeted before. We've seen industries that have never been targeted before all of a sudden are now getting DDoS attacks because we went from a local on-prem, I don't need to be connected to the internet, I don't need to have my employees remote access. And now all of a sudden you're dependent on the internet which is really, let's face it, that's critical infrastructure these days. And so now you have all of these additional people with a footprint connected to the internet then adversary can figure out and they can poke at it. And so what we saw here is just overall, all industries, all regions saw these upticks. The exception would be in China. We actually, in the Asia Pacific region specifically, but predominantly in China. But that often has to do with visibility rather than a decrease in attacks because they have their own kind of infrastructure in China. Brazil's the same way. They have their own kind of ecosystems. And so often you don't see what happens a lot outside the borders. And so from our perspective, we might see a decrease in attacks but, for all we know, they actually saw an increase in the attacks that is internal to their country against their country. And so across the board, just increases everywhere you look. >> Wow. So let's talk about what organizations can do in light of this. As we are here, we are still doing this program by video conferencing and things are opening up a little bit more, at least in the states anyway, and we're talking about more businesses going back to some degree but there's going to still be some mix, some hybrid of working from home and maybe even distance learning. So what can enterprises do to prepare for this when it happens? Because it sounds to me like with the sophistication, the up and to the right, it's not, if we get attacked, it's when. >> It's when, exactly. And that's just it. I mean, it's no longer something that you can put off. You can't just assume that I've never been DDoS attacked, I'm never going to be DDoS attacked anymore. You really need to consider this as part of your core security platform. I like to talk about defense in depth or a layer defense approach where you want to have a layered approach. So, you know, maybe they target your first layer and they don't get through. Or they do get through and now your second layer has to stop it. Well, if you have no layers or if you have one layer, it's not that hard for an adversary to figure out a way around that. And so preparation is key. Making sure that you have something in place and I'm going to give you an operational example here. One of the things we saw with the LBA campaigns is they actually started doing network of conasense for their targets. And what they would do is they would take the IP addresses belonging to your organization. They would look up the domains associated with that and they would figure out like, "Hey, this is bpn.organization.com or VPN two." And all of a sudden they've found your VPN concentrator and so that's where they're going to focus their attack. So something as simple as changing the way that you name your VPN concentrators might be sufficient to prevent them from hitting that weak link or right sizing the DDoS protection services for your company. Did you need something as big as like OnPrem Solutions? We need hardware. Do you instead want to do a managed service? Or do you want to go and talk to a cloud provider because there's right solutions and right sizes for all types of organizations. And the key here is preparation. In fact, all of the customers that we've worked with for the LBA extortion campaigns, if they were properly prepared they experienced almost no downtime or impact to their business. It's the people like the New Zealand Stock Exchange or their service provider that wasn't prepared to handle the attacks that were sent out them that were crippled. And so preparation is key. The other part is awareness. And that's part of what we do with this threat report because we want to make sure you're aware what adversaries are doing, when new attack vectors are coming out, how they're leveraging these, what industries they're targeting because that's really going to help you to figure out what your posture is, what your risk acceptance is for your organization. And in fact, there's a couple of resources that that we have here on the next slide. And you can go to both both of these. One of them is the threat report. You can view all of the details. And we only scratched the surface here in this Cube interview. So definitely recommend going there but the other one is called Horizon And netscout.com/horizon is a free resource you can register but you can actually see near real-time attacks based on industry and based on region. So if your organization out there and you're figuring, "Well I'm never attacked." Well go look up your industry. Go look up the country where you belong and see is there actually attacks against us? And I think you'll be quite surprised that there's quite a few attacks against you. And so definitely recommend checking these out >> Great resources netscout.com/horizon, netscout.com/threatreport. I do want to ask you one final question. That's in terms of timing. We saw the massive acceleration in digital transformation last year. We've already talked about this a number of times on this program. The dependence that businesses and consumers, like globally in every industry, in every country, have on streaming on communications right now. In terms of timing, though, for an organization to go from being aware to understanding what adversaries are doing, to being prepared, how quickly can an organization get up to speed and help themselves start reducing their risks? >> So I think that with DDoS, as opposed to things like ransomware, the ramp up time for that is much, much faster. There is a finite period of time with DDoS attacks that is actually going to impact you. And so maybe you're a smaller organization and you get DDoS attacked. There's a, probably a pretty high chance that that DDoS attack isn't going to last for multiple days. So maybe it's like an hour, maybe it's two hours, and then you recover. Your network resources are available again. That's not the same for something like ransomware. You get hit with ransomware, unless you pay or you have backups, you have to do the rigorous process of getting all your stuff back online. DDoS is more about as soon as the attack stops, the saturation goes away and you can start to get back online again. So it might not be as like immediate critical that you have to have something but there's also solutions, like a cloud solution, where it's as simple as signing up for the service and having your traffic redirected to their scrubbing center, their detection center. And then you may not have to do anything on-prem yourself, right? It's a matter of going out to an organization, finding a good contract, and then signing up, signing on the dotted line. And so I think that the ramp up time for mitigation services and DDoS protection can be a lot faster than many other security platforms and solutions. >> That's good to know cause with the up and to the right trend that you already said, the first quarter is usually slow. It's obviously not that way as what you've seen in 2021. And we can only expect what way, when we talk to you next year, that the up and to the right trend may continue. So hopefully organizations take advantage of these resources, Richard, that you talked about to be prepared to mediate and protect their you know, their customers, their employees, et cetera. Richard, we thank you for stopping by theCube. Talking to us about the sixth NetScout Threat Intelligence Report. Really interesting information. >> Absolutely; definitely a pleasure to have me here. Lisa, anytime you guys want to do it again, you know where I live? >> Yes. It's one of my favorite topics that you got and I got to point out the last thing, your Guardians of the Galaxy background, one of my favorite movies and it should be noted that on the NetScout website they are considered the Guardians of the Connected World. I just thought that connection was, as Richard told me before we went live, not planned, but I thought that was a great coincidence. Again, Richard, it's been a pleasure talking to you. Thank you for your time. >> Thank you so much. >> Richard Hummel, I'm Lisa Martin. You're watching this Cube conversation. (relaxing music)

(calm electronic music) >> Welcome to this CUBE Conversation with Fortinet. I'm Lisa Martin. John Madison joins me, the CMO and EVP of products. John, welcome back to the program. >> Thanks Lisa. Good to be here. >> Good to see you. So, so much has changed since I last saw you. The move to remote work caused by the pandemic led so many organizations to invest in modern networking and security technologies. And we see, you know, the rise in the threat landscape that protecting digital assets is becoming even more and more urgent because the threats are continuing to escalate. Talk to me about some of the things that you're seeing with this current threat landscape. >> Yeah. Well, it keeps changing that's for sure. You saw some recent surveys where, you know, now companies are seeing, in terms of where employees are located, you know, 25% expecting to be in the office, 25% expected to be permanently in the home. And then there's this big 50% of hybrid, which we think will move a bit more towards the office as people get back in the office. But that's going to take some time. We're actually starting to move back in the office here in Santa Clara, Sunnyvale. but it's very different in every region in the U.S and regulations and laws around the world. And so we think it's going to be very much work from anywhere. There's a bit of travel starting as well. And so this work from anywhere concept is going to be very important to customers going forward. And the ability to change the dynamics of that ratio as they go forward. >> (indistinct) This work from anywhere that over- last year overnight sort of became an absolute essential. But now, as you said, we're going to have this hybrid model of some going back, some staying home and the security and the perimeter is dissolving. When you look at supporting customers and their remote work from anywhere, their new work from anywhere model, what are some of the things that are top of mind that you're hearing from customers? >> Well, I, you know, I sometimes hear this premise is disappearing. I think in some ways it's moving to the user and the devices. And there's this concept called zero trust network access which I've said in many occasions should be zero trust application access, but they named it that way which is going to be an important technology because as I said, it kind of moves that premise then to that user and previous technology that we had VPN technology was good technology. And in fact, a lot of companies, if you go back to when the pandemic started last year, put a lot of people on the VPN technology as quick as possible and it was reasonably robust. But as we go forward, what we're going to have to do is make sure that perimeter- at that perimeter, that users only get access to the applications they're using rather than the whole network. Eventually when they're on the network you need to make sure that it's segmented so they can't go everywhere as well. And so this zero trust network access or zero trust or zero trust access, there's lots of kind of different versions of it, is going to be very important concept for users. The other piece of it, I think, is also that it needs to be more intuitive to use, as anything you kind of have users do like the VPN where you had to kind of dial in and- or bring up- you're bringing up your connection and your IPsec connection, et cetera, et cetera means that people tend not to use it. And so to make it intuitive and automatic is going to be really important. >> Intuitive and automatic. One of the things that we also saw was this massive rise in digital transformation last year, right? SAS adoption, these SAS applications keeping many of us in collaboration. So I'm thinking, you know, in that sense with the perimeter changing and the work from anywhere, this consistent, secure internet connection among users at the branch or the branch of one has to be there to keep organizations productive and safe. How is the Fortinet enabling the ZTNA- this evolution of VPN? >> Yeah. That's another piece of it. So not only are users on and off the network or traveling so that- or both, so the applications are moving. So a lot of them are moved from data centers to public cloud in the form of infrastructure or SAS. We're now seeing customers actually move some applications towards the building or building compute or edge compute. So the applications keep moving which also causes this problem. And so another function of zero trust access or ZTNA is to not care where the application is. You rely on some technology and it's called proxy technology, which allows the proxy to track where the applications are. And for us, that sits inside of our firewalls. And that makes it very flexible. And so we've been able to kind of just ramp up that proxy against the policy engine, whether it be in the data center or in the cloud, or even on your premise. Even integrated inside a branch or something like that. That's going to be very important because, as you just said, those applications will just keep moving into different areas and different zones as you go forward. >> (Lisa) And that's probably going to be permanent for a lot of organizations. So it- so they haven't renamed it zero trust application access, like you think it should be. But when organizations are looking into zero trust network access, what should- what are some of the key things that they need to be looking for and mindful of? >> Yeah, (indistinct) And so it's probably the, you know, the number one conversation they've had over the last six months. I think people initially just had to get something working. Now they're looking seriously at a longer term architecture for their access, their user access and device access. I think what I find is that something like zero trust network access is more of a use case across multiple components. And so if you look inside it, you need a client component endpoint; you need a proxy that in front of the cloud capabilities; you need a policy engine; you need to use identity-based systems. If you haven't got- if you can't get an agent on the device, you may need a NAC system. And so usually what customers find is I've got four or five current- different vendors in those areas. And cybersecurity vendors are not the best at working together, which they were, because then we do better for customers. And so trying to get two vendors to work is hard enough, trying to get five or six is really hard. And so what they're looking at over time is to say, maybe I get the minimum basic ZTNA working. And then as I go forward, for example, what they really want is this continuing posture assessment. Well, you can do that with some EDR technology, but is that EDR technology integrated into your policy engine? No. So I think what customers are saying is, let me start with the base ZTNA with maybe two vendors. And then as I go forward implement a, you know, a fabric or a platform approach to get everything working together. 'Cause it's just too hard with five or six vendors. >> Right. Is there, I'm curious if there's a shared responsibility model with customers working with different vendors; what actions and security responsibilities fall on the customer that they need to be aware of? >> Well, and it also comes back to this, you know, there's convergence of networking and security. And I've said a few times I'm definitely seeing CIOs and CSOs, security teams, and networking teams working much more closely. And especially when you've got a use case now that goes across security items and networking items and networking, the proxy has always been in the control of the networking team. Endpoint security is always been in the- you know, the security team. It's just forcing this convergence not just of the technologies itself but of the organizations inside enterprises. >> (Lisa) Well, and that's a challenging one for every organization is getting, you know, if you're talking about it in general, the business folks, the IT folks. Now this is not just a security problem. This is a problem for the entire corporation, as we just saw with the Colonial Pipeline. Ransomware is now becoming a household name. These are business-critical board-level discussions I imagine on the security side. How is Fortinet helping customers kind of bridge that gap between the biz folks and the IT folks where security is concerned? >> Yeah. You know, ransomware has been around quite a while. I think two years ago, we saw a lot of it in the schools. K-12 schools in the U.S. I think they're picking some richer targets now. The colonial one, I think there was a 4 million ransom. I think that they managed to get some of that money back. But, you know, instead of, you know, demanding $5,000 or $10,000 from a small business or a school they're obviously demanding millions from these larger companies. And you know, one of the problems with ransomware is, you know, it still relies heavily on social engineering. I don't think you can eliminate that people clicking on stuff, you know, a very small percentage still. I think what it means is you have to put some more proactive things in place, like the zero trust, like micro-segmentation, like web application file warning. All these capabilities to try and make your systems as strong as possible. So then put in detection and response systems to assume that someone's clicking on something somewhere just to help. But it's definitely the environment. You know, the threat environment. It's not really gotten more sophisticated; yes, there are still advanced threats. I fear more about those weaponized APTs and state sponsored, but there's definitely a huge volume of ransomware now going after, you know, not only, you know, meat processing factories, but pipelines and critical infrastructure as we go forward. That's the more worrying. >> (Lisa) Right. You bring up a good point about, sort of, people being one of the biggest challenges from a security perspective. Clicking on links, not checking to see if a link is bogus or legitimate. So, help me understand a little bit more how is zero trust can help maybe take some of that human error out of the equation? >> Well, because I think before, you know, when you got access, when you're off the network and you've got access to the network, you've got access to everything, okay. So once you're on the network, and I think the Colonial Pipeline was a good example where traditionally, operational technology networks, physical networks sort of separate from the IT network and they had something called an air gap. And that air gap meant you really couldn't get to it. Now when people had to be remote because of the pandemic, they started taking these air gaps. And so now we had remote access. And so again, when you- when they got that remote access and they got into the network, they could- the network was very flat and you could see everything you can go anywhere. And so that's what zero trust does. It kind of says, I kind of did the zero trust approach to you that I'm only going to allow you access to this application. And I'm going to keep checking on you to make sure you are you are who you say you are on a continuous basis. And that really provides a bit more safety. Now, I still- we still think you need to put things like segmentation in place and some other capabilities and monitoring everything else, but it just narrows the attack surface down from this giant network approach to a specific application >> Narrowing that is the right direction. How do organizations, when you're working with customers, how do they go- How do they evolve from a traditional VPN to zero trust? What are some of the steps involved in that? >> Well, I think it's, you know, what's interesting is customers still have data centers. In fact, you know, some of the customers who have legacy applications will have a data center for a long time. And in fact, what I find is even if you've implemented zero trust to a certain population, employee population, they still have VPNs in place. And sometimes they use them for the IT folks. Sometimes they use them for a specialized developers and stuff like that. And so I think it's going to be like everything, everything goes a hundred percent this way and it stays this way. And so it's going to be hybrid for a while where we see VPN technology and zero trust together. You know- our approach is that you can have both together and it's both on the same platform and it'll just gradually evolve as you go forward. >> What are some of the things you're looking forward to in the next year as this hybrid environment continues, but hopefully things start to open up more? What are some of the things that we can expect to hear and see from Fortinet? >> Well, I'm looking forward to getting out of my home office, that's for sure. >> (Lisa laughing) >> It's like I've been imprisoned here for eighteen months. >> I agree with you on that! So we'll try that. And, you know, I always thought I traveled too much before and now I'm contemplating on the travel piece. But from, you know, Fortinet's perspective, you know, our goal is to make sure that, you know, our customers can increase. We'll make sure they can protect themselves. And so we want to help them and keep working with them such that they put best practices in place and they start architecting longer-term to implement things like zero trust or sassy or some of these other capabilities. And so, you know, I think the- we've had a lot of interest with customers on these virtual sessions. I'm really looking forward to getting them back in our new building, our new executive briefing center, which we're opening up in the next few weeks. You may have more of those face-to-face and white boarding conversations with customers. >> Oh, that sounds so exciting. I agree with you on the travel front, but going from traveling a ton to none was a big challenge. But also, I imagined it'll be great to actually get to collaborate with customers again, and partners. You know, you can only do so much by Zoom. Talk to me a little bit about some of the things on the partnership front that we might be seeing. >> Yeah, our partners, you know, we're a hundred percent partner-driven company and partners are very important to us. And, you know, and that's why we always, when we introduce new technology, we work with the partners to make sure that they understand it. So for example, we provide free what they call an NSE training to all our partners. And then we also work with them very closely to put systems in their labs and the demos and make sure they can architect. And so partners are really important to us and, you know, making sure that they can provide value as part of a solution set to our customers, because customers trust them. And so we want to make sure that we work with our partners closely so they can help the customer implementing architect solutions as they go forward. >> That trust is critical. Right? I mean, we can talk about that at every event, every CUBE Conversation, the trust that an a customer has in you, the trust that you have in a partner and vice versa. That whole trust circle kind of goes along the lines with what we're talking about in terms of being able to establish that trust. So that threat landscape that's probably only going to continue to get bigger is in the trusted hands of folks like Fortinet and your partners to be able to enable those customers to narrow that threat landscape. >> Yeah, yeah. And so it could be the smallest partner to the largest service provider. We don't mind. We want to make sure that we're working with them to provide that implementation from the customers. And again, the word trust is sometimes overused, but that's what customers are looking for. >> (Lisa) So, John, point me to when our audience is some of the information that they can find on Dotcom about zero trust. What are some of the things that you think are great calls to action for the audience? >> Yeah. I mean, it depends. I think it depends on what level you want to get into where we have a bunch of assets, videos, and training but start at the very highest level, you know, why is zero trust something you need to implement? And then it goes down into more details and then even the architecture, long-term architecture and connectivity and implementation. So there's a lot of assets on Fortinet.com If you go on our training sessions, there's- all our training's free to our customers. And so you can go in all those NSE levels and look at the capabilities. So yeah, definitely it's a- it's an area of high interest from our customers. But as I say to them, it's more of a journey. Yes, you can implement something today really quickly, but will that work for you over the long-term in making sure you can take all the information from the, like I said, you know, how is the voice, the posture of that device? What is the device with an agent doing, you know, as my contextual engine integrated as well? So it's a journey for customers and, but you can start with something simple but you need to have that plan for that journey in place. >> I imagine though, John, it's a journey that is either accelerating, or with the threat landscape and some of the things that we've already talked about, is becoming an absolutely board-critical conversation. So, and on that journey, does Fortinet work with customers to accelerate certain parts of it? Because you know, these businesses have been pivoting so much in the last year and they've got to not just survive, but now thrive in this new landscape, this new hybrid work from home, work from anywhere environment and also with more threats. >> Yeah, no, it's a good point. And so, you know, even those internally are implementing it starting the most critical assets first. So let's say, you know, I've got somebody working on source code, they should be the first ones to get the zero trust implementation. I've got somebody asking from the internet to search for stuff. Maybe they're okay for now, but yeah. So you kind of prioritize your assets and users against, you know, the threat and then implement. That's why I'm saying you can roll it out across everyone as, you know, a certain version of it. But I think it's better to prioritize first the most important assets in IP and then roll it out that way. >> (Lisa) Great advice. >> Because some of- a lot of those assets are still sitting in the data center. >> Right. >> So they're not sitting in the cloud. >> Right. John, great advice. Thank you so much for joining me. Good to see you, glad all is well and that you will be able to get out of your home office. You're just days away from that. I'm sure that's going to feel great. >> Certainly is. And thank you, Lisa. >> Nice to see you. For John Madison, I'm Lisa Martin. You're watching this CUBE Conversation. (calm electronic music with piano)

(upbeat music) >> Welcome to this Cube Conversation. I am Lisa Martin. Jim Richberg joins me next, public sector CISO at Fortinet. Welcome to the program. Great to see you. >> Okay, good to be with you, Lisa. >> Lots of stuff has happened in the last year. I mean that's an epic understatement, right? But one of the things that... We saw this massive shift to work from home, and now we're... I hope I can say coming out of the pandemic, and we're starting to see this hybrid model of kind of work from anywhere. We also saw the massive spike in ransomware last year. Ransomware now being suddenly a household term. There's so much money in it. From a hybrid approach, what are some of the things that you're seeing? >> So, when we talk about hybrid, what we go back to is not going to be the office that we left. Some of us aren't going back at all. Some of us are going back in. We're not going to have assigned desks. Some of the offices are going to be in different places, and the nature of the work that we've been doing has changed. So it definitely means the new normal isn't going to look like the old normal did before March of 2021. So I tell organizations that they really need to think about what that means in terms of how they structure work, how they structured their networks. Because as you said, Lisa, it's going to be work from anywhere. Some of us are going to go back out on the road. We'll be the road warriors again. So you're not going back to a classic network, in an office with CAT5 Cat 5 cables, connecting everybody's desktop. And some of us are even going to get hired who never ever go to the office. So this is a situation where we really have to think through what this means in terms of how we work, the culture we have as a workplace, and unfortunately, it's not just the enterprise and the workforce that have been innovating. The threat actors have gone hybrid. There was a little pause while they started working from home, figuring out what to do, but the reality is they took us to lunch when they figured out exactly what these vulnerabilities in the small office, home office environment were, and how to exploit them. Lisa, you talked about ransomware rising 700% in the latter half of last year. And this is actually indicative of what I think is the biggest problem we have in cyber security. It's not technology. If you're willing to do a rip and replace and put in state of the art technology, there's some really good solutions. Some of that technology, when it starts incorporating artificial intelligence and automation, actually goes a long way to compensate for the workforce and skills gap we all hear about, 3 million people short. That's a true number. But Lisa, the biggest problem in cyber security from my perspective, and I've been doing this for 35 years, is metrics. We can't measure what's going on and say, "If I do this, this is how it affects the network security and this is how it affects the adversary's behavior." And that's exactly what we saw in this pivot to remote telework. It took networking and security working hand in hand to make that pivot. Because I've seen those two as the centerpiece of their organization. In March of last year, when we all went into lockdown, we would've gone and do shutdown if we haven't had the ability to forward deploy that IT to the home environment. And we can measure our success on the IT side. Did we have enough bandwidth? Did we give them the right platforms? Did the latency mean things froze up or not? We couldn't measure cybersecurity as well. We said, "Okay, due diligence says we'll give you a two-factor authentication, and we're going to do a secure connection back to the office. But then they said we were basically treating it as if you were logged on from your cube or your office, and the reality is you weren't. You were logged in from an environment that your organization had very little, if any, visibility or control into what was going on there, and that's how we got exploited. And because we couldn't measure that, it was only in hindsight that we could see exactly how insecure that was for many organizations. We cut corners. We had to do this to get up and running. That's not a good jumping off point for your status quo going into this hybrid environment in the future. >> So it sounds like you said the ransomware... When I spoke with with Derek Manky, I think about last month or so, ransomware were up 700%. I can only imagine what's happening this year, but one of the things I want to get your perspective on, Jim, is, what's top of mind for both public sector and private sector folks? As you're saying from a measurement perspective, There's a challenge there. There's this hybrid model that's amorphous we'll say. What are some of the things that are top of mind for them, and then how are you helping advise them? Because, as you say, the threat actors got to work pretty quick, so there's a race here. >> Well, top of mind for both of course is ransomware. And the ironic thing is ransomware is not a new phenomenon. It's been with us for a long time. It used to affect retail, one computer at a time, and it was 50 or 100 bucks to decrypt your personal computer. What has changed is the rise of cryptocurrency. It's so easy to monetize the ability to cash out with the victim now. There was a time five to 10 years ago where there were basically three places that were essentially the clearinghouses for this kind of stuff. So government could target those through law enforcement, and that meant that you really had the equivalent of the pawnbroker you needed to watch out for who was the fence that people were going to. Now, come on, cryptocurrency is essentially a fiat currency in some countries. So it's going everywhere. The fact that we have commoditized the ability to do it, you're familiar with ransomware as a service. You don't have to be a coder now. You rent the stuff. Sometimes you pay as much as 80% of the profit to the person you're renting it from. You're basically the mule doing the grunt work, but we've made it so that you don't need to know anything about computer science to carry this kind of crime off. And frankly, we've got some safe haven, some geopolitical safe heavens. It's much like spam was 10 years ago where there were a few countries where probably more traffic coming out as email was spammed in legitimate traffic. And we've got some big nation stages that are basically complicit in allowing this to occur, so safe haven. So this is why ransomware has become such a problem for everybody, and then of course you've got supply chain. You look at solar winds, you look at Microsoft Exchange, Office 365 vulnerability. This again is a problem that's been with us for a long time. It's one that tends to be focused primarily on government customers, because this is something where, yeah, you can do it as a criminal activity, but this really tends to be a game that nation states play against nation state terms. But something like SolarWinds was such an epiphany, was so serious that a lot of organizations said, "Oh my goodness, this attacked the root of trust. This fundamentally got into the system from the inside out." It scared people. And the reality is something like that infected far more people than were actively exploited. I've talked to some people in both the public sector at the state level, and in private sector who say, "Yes, my organization was compromised by this, but we weren't affected." So from my perspective, we were collateral damage. We were caught in the crossfire of a war between nation states. Do we want to spend our scarce cyber security resources trying to mitigate that kind of sophisticated threat? No, not when we know we've got ransomware, when we've got these vulnerabilities in the work from anywhere environment. That's where I want to put my next dollars. So it's been a health conversation with some of them as to what's most concerning to them and what they want to prioritize in mitigation. >> So if we look at some of the executive orders, Jim, that have come down, ransomware I said became a household word. I'm pretty sure my mom even knows the term ransomware, the Colonial Pipeline, the meat packing, where we're starting to see, wow, this is not just, as you said earlier in the beginning, isolated incidents or attacks. This is now affecting infrastructure, potentially public health and safety. Talk to me about some of the executive orders. What do you think they're going to do and where should agencies start? This race is going on. Like you said, they've got to be able to prioritize how they defend themselves. >> So two things to keep in mind when you look at an executive order. An executive order is the chief executive telling the executive branch what to do. If you look at the last executive order that President Biden signed on the 12th of May, people became seized with the fact that, "Oh my goodness, it tells the private sector it has to give threat information, it has to give breach information to the federal government, it has to change what it does in supply chain." You go no. It says when the federal government is your customer, when you're selling them a service, you have to do this. But otherwise, you don't do, by an executive order, something... It doesn't have the force of law. It just is the way you tell the executive branch to behave. So use that executive order as a case on point. Very large, very complex executive order that touched a lot of these things, ransomware, supply chain issues. The problem is you put a whole lot of good ideas in one executive order. You put a whole lot of aggressive time frame. Some things had to be done in 30, 45 days, 60 days, which is two weeks from now. It's crazy because one thing an executive order doesn't do is give you more money. The only way a government agency can spend money on this is if it aligned with the program it already had, or it has contingency funds, reserved funds to do it. So the problem is you take an executive order, you cram it full of good ideas, and you have too many good ideas. So the reality is this executive order tells the government to do a lot of things at once, and it has to by law, well, by the president's direction, focus on all this at once. But if I could pick and choose these, I would say start with the section that said focus on modernizing the cybersecurity of the federal government. There's goodness to come out of that. It has zero trust architecture. Federal government did a great idea of articulating what that was, even years before we called it zero trust. Federal government was segmenting its networks. It had need-to-know access. It was doing things. I come from the national security community. That was just the way we worked. We didn't call it anything fancy like zero trust. We didn't trust anybody. That's the way it worked in the spy business. But zero trust architecture, accelerating migration to the cloud, putting in multi-factor authentication and encryption of data at rest and in transit, deploying endpoint detection and response. Those are things in the executive order that if agencies could focus on those and make progress on implementing those, thumbs up, you have appreciably increased security without even touching the harder things that unfortunately are going to distract people like supply chain, and definitions of what critical software is and the cyber safety board. All good things, but the problem is if you try to do everything at once, the reality is you end up making progress on, appreciable progress on nothing. >> Right, which obviously we don't have the time for that. I'm curious getting your point, because one of the challenges with respect, well, threat vectors with respect to cybersecurity is people. With this shift to home, we had people using corporate devices on home networks and random devices, and now we've got this, as we talked about earlier, this hybrid approach coming back. But how much can zero trust help agencies really educate or really help defend form the human error that is often the cause of getting ransomware through email or an attachment. >> So, Lisa, that is exactly... We're handicapped by the name because zero trust sounds like I don't trust you, you're not trustworthy, rather than trust should be based on the transaction. Like if you need to read data to a file, why am I giving the ability to write to the file or, even worse, delete the file? Just give you what you need to get the job done. And this is tech that is your safety net. It's not Big Brother. When you do real-time monitoring as part of dynamic zero trust, it looks at it and says, "Well, Lisa is doing something she doesn't normally do with this application. Did she make a mistake? Did she say reply all on this, which was sending inside data to outside people on the email list? Do I at least want to ask her? Hey, Lisa, did you mean to do that?" So if you can educate people to say this is the organization looking out for you, it's looking over your shoulder as a friend. It's not here to be checking up on you. Language matters, and it's like we call things insider threat, recognizing that far more damage in an organization happens from people making mistakes. It's insider risk that we need to manage. An organization of any appreciable size has bad apples. That's just a law of nature. But when we call it.... I'm dealing with the insider threat. I've been in government. I've been shot at in some of my dicey situations. I want to avoid being attacked. I want to avoid threats. If I'm an organization, I don't want to avoid my insiders. That's my workforce. That's my biggest asset. They bring risk by their behavior. I need to manage that, but that's constructive. Don't make an adversarial by typecasting them all as threats. They're humans. They make mistakes. You can help them avoid some of those mistakes through technology, and zero trust gets into that. >> Got it. And then last question for you. Here we are, July 1st, crazy. Half a year has gone already. What are some of the things that you're expecting that are going to happen the rest of the year? What can organizations... You talked about some of the things they can implement now. Some of the things seems to be sort of like back to basics. But anything that you see on the horizon in the next six to nine months that organizations really need to be focused on? >> So as they put together their posture for operating in the new normal, I said security and IT were successful in getting us where we got in the pivot to remote telework because they worked hand in hand. So find things like that that you can use to demonstrate to your organization that you really are in the middle of the mix. So as we make this pivot to software defined networking. Because again, if we're going back to offices that are different, places with different kinds of infrastructure, we don't want to pull cable. We don't want to do that. Software-defined networking is a good way to do it, and there are different ways to do software-defined networking, some of which are inherently secure. So pick that one. In software-defined networking, the users love the fact that it gives them better latency, better performance on the apps they care about. The front office likes the fact that they get flexibility for continuity of operations, and they save money. This is the example of something that you can pick that allows you to say, "I'm giving you great performance and great security." Cloud is the same way. People understand I think at this point how to operate in a cloud, the challenge comes in saying, "I'm operating in multiple clouds." I need to say I don't really care. I don't really care where the data go or the compute resource is. I just need to connect the user, the device, data, and resources, regardless of location. And that's where this big approach to say, you know, it's about convergence. It's about convergence of IT and security, and really it's about convergence of computing to say, "I don't care if it's edge computing, or cloud computing, or work from home." It's all just computing, and we've got to connect, and we've got to enable that to be secure. That's the priority that if you take that mindset, thinking about the problem going forward, I think will allow CIOs and CISOs to say, "Look, we're making a difference for the organization, performance, cost, and security." >> Performance, cost, and security. It also sounds like a bit of a cultural change there, which is always challenging, but certainly that convergence as you mentioned, we've seen it be successful, and it's something that sounds now more important than ever. Jim, thank you so much for joining me on the program today, sharing all of your insights, some of the things that you're seeing in what organizations can do to protect themselves from this big threat of ransomware that probably isn't going anywhere anytime soon. >> I wouldn't expect it to, but it's been a pleasure talking to you, Lisa, and we'll have to look back and see how accurate we were with this crystal ball. >> Good, yeah. Jim, great to have you on the program. For Jim Richberg, I'm Lisa Martin. You're watching this Cube Conversation. (gentle music)

(bright music) >> Hello and welcome to today's session of the 2021 AWS Global Public Sector Partner Awards for the award for Best Partner Transformation, Best Cybersecurity Solution. I'm now honored to welcome our next guests, General Keith Alexander, Founder, and Co-CEO of IronNet Cybersecurity, as well as Gil Quiniones, President and CEO of the New York Power Authority. Welcome to the program gentlemen, delighted to have you here. >> Good to be here. >> Terrific. Well, General Alexander, I'd like to start with you. Tell us about the collective defense program or platform and why is it winning awards? >> Well, great question and it's great to have Gil here because it actually started with the energy sector. And the issue that we had is how do we protect the grid? The energy sector CEOs came together with me and several others and said, how do we protect this grid together? Because we can't defend it each by ourselves. We've got to defend it together. And so the strategy that IronNet is using is to go beyond what the conventional way of sharing information known as signature-based solutions to behavioral-based so that we can see the events that are happening, the unknown unknowns, share those among companies and among both small and large in a way that helps us defend because we can anonymize that data. We can also share it with the government. The government can see a tax on our country. That's the future, we believe, of cybersecurity and that collective defense is critical for our energy sector and for all the companies within it. >> Terrific. Well, Gil, I'd like to shift to you. As the CEO of the largest state public power utility in the United States, why do you think it's so important now to have a collective defense approach for utility companies? >> Well, the utility sector lied with the financial sector as number one targets by our adversaries and you can't really solve cybersecurity in silos. We, NYPA, my company, New York Power Authority alone cannot be the only one and other companies doing this in silos. So what's really going to be able to be effective if all of the utilities and even other sectors, financial sectors, telecom sectors cooperate in this collective defense situation. And as we transform the grid, the grid is getting transformed and decentralized. We'll have more electric cars, smart appliances. The grid is going to be more distributed with solar and batteries charging stations. So the threat surface and the threat points will be expanding significantly and it is critical that we address that issue collectively. >> Terrific. Well, General Alexander, with collective defense, what industries and business models are you now disrupting? >> Well, we're doing the energy sector, obviously. Now the defense industrial base, the healthcare sector, as well as international partners along the way. And we have a group of what we call technical and other companies that we also deal with and a series of partner companies, because no company alone can solve this problem, no cybersecurity company alone. So partners like Amazon and others partner with us to help bring this vision to life. >> Terrific. Well, staying with you, what role does data and cloud scale now play in solving these security threats that face the businesses, but also nations? >> That's a great question. Because without the cloud, bringing collective security together is very difficult. But with the cloud, we can move all this information into the cloud. We can correlate and show attacks that are going on against different companies. They can see that company A, B, C or D, it's anonymized, is being hit with the same thing. And the government, we can share that with the government. They can see a tax on critical infrastructure, energy, finance, healthcare, the defense industrial base or the government. In doing that, what we quickly see is a radar picture for cyber. That's what we're trying to build. That's where everybody's coming together. Imagine a future where attacks are coming against our country can be seen at network speed and the same for our allies and sharing that between our nation and our allies begins to broaden that picture, broaden our defensive base and provide insights for companies like NYPA and others. >> Terrific. Well, now Gil, I'd like to move it back to you. If you could describe the utility landscape and the unique threats that both large ones and small ones are facing in terms of cybersecurity and the risks, the populous that live there. >> Well, the power grid is an amazing machine, but it is controlled electronically and more and more digitally. So as I mentioned before, as we transform this grid to be a cleaner grid, to be more of an integrated energy network with solar panels and electric vehicle charging stations and wind farms, the threat is going to be multiple from a cyber perspective. Now we have many smaller utilities. There are towns and cities and villages that own their poles and wires. They're called municipal utilities, rural cooperative systems, and they are not as sophisticated and well-resourced as a company like the New York Power Authority or our investor on utilities across the nation. But as the saying goes, we're only as strong as our weakest link. And so we need- >> Terrific. >> we need to address the issues of our smaller utilities as well. >> Yeah, terrific. Do you see a potential for more collaboration between the larger utilities and the smaller ones? What do you see as the next phase of defense? >> Well, in fact, General Alexander's company, IronNet and NYPA are working together to help bring in the 51 smaller utilities here in New York in their collective defense tool, the IronDefense or the IronDome as we call it here in New York. We had a meeting the other day, where even thinking about bringing in critical state agencies and authorities. The Metropolitan Transportation Authority, Port Authority of New York and New Jersey, and other relevant critical infrastructure state agencies to be in this cloud and to be in this radar of cybersecurity. And the beauty of what IronNet is bringing to this arrangement is they're trying to develop a product that can be scalable and affordable by those smaller utilities. I think that's important because if we can achieve that, then we can replicate this across the country where you have a lot of smaller utilities and rural cooperative systems. >> Yeah. Terrific. Well, Gil, staying with you. I'd love to learn more about what was the solution that worked so well for you? >> In cybersecurity, you need public-private partnerships. So we have private companies like IronNet that we're partnering with and others, but also partnering with state and federal government because they have a lot of resources. So the key to all of this is bringing all of that information together and being able to react, the General mentioned, network speed, we call it machine speed, has to be quick and we need to protect and or isolate and be able to recover it and be resilient. So that's the beauty of this solution that we're currently developing here in New York. >> Terrific. Well, thank you for those points. Shifting back to General Alexander. With your depth of experience in the defense sector, in your view, how can we stay in front of the attacks, mitigate them, and then respond to them before any damage is done? >> So having run our nations, the offense. I know that the offense has the upper hand almost entirely because every company and every agency defends itself as an isolated entity. Think about 50 mid-sized companies, each with 10 people, they're all defending themselves and they depend on that defense individually and they're being attacked individually. Now take those 50 companies and their 10 people each and put them together and collect the defense where they share information, they share knowledge. This is the way to get out in front of the offense, the attackers that you just asked about. And when people start working together, that knowledge sharing and crowdsourcing is a solution for the future because it allows us to work together where now you have a unified approach between the public and private sectors that can share information and defend each of the sectors together. That is the future of cybersecurity. What makes it possible is the cloud, by being able to share this information into the cloud and move it around the cloud. So what Amazon has done with AWS has exactly that. It gives us the platform that allows us to now share that information and to go at network speed and share it with the government in an anonymized way. I believe that will change radically how we think about cybersecurity. >> Yeah. Terrific. Well, you mention data sharing, but how is it now a common tactic to get the best out of the data? And now, how is it sharing data among companies accelerated or changed over the past year? And what does it look like going forward when we think about moving out of the pandemic? >> So first, this issue of sharing data, there's two types of data. One about the known threats. So sharing that everybody knows because they use a signature-based system and a set of rules. That shared and that's the common approach to it. We need to go beyond that and share the unknown. And the way to share the unknown is with behavioral analytics. Detect behaviors out there that are anonymous or anomalous, are suspicious and are malicious and share those and get an understanding for what's going on in company A and see if there's correlations in B, C and D that give you insights to suspicious activity. Like solar winds, recognizes solar winds at 18,000 companies, each defending themselves. None of them were able to recognize that. Using our tools, we did recognize it in three of our companies. So what you can begin to see is a platform that can now expand and work at network speed to defend against these types of attacks. But you have to be able to see that information, the unknown unknowns, and quickly bring people together to understand what that means. Is this bad? Is this suspicious? What do I need to know about this? And if I can share that information anonymized with the government, they can reach in and say, this is bad. You need to do something about it. And we'll take the responsibility from here to block that from hitting our nation or hitting our allies. I think that's the key part about cybersecurity for the future. >> Terrific. General Alexander, ransomware of course, is the hottest topic at the moment. What do you see as the solution to that growing threat? >> So I think, a couple things on ransomware. First, doing what we're talking about here to detect the phishing and the other ways they get in is an advanced way. So protect yourself like that. But I think we have to go beyond, we have to attribute who's doing it, where they're doing it from and hold them accountable. So helping provide that information to our government as it's going on and going after these guys, making them pay a price is part of the future. It's too easy today. Look at what happened with the DarkSide and others. They hit Colonial Pipeline and they said, oh, we're not going to do that anymore. Then they hit a company in Japan and prior to that, they hit a company in Norway. So they're attacking and they pretty much operate at will. Now, let's indict some of them, hold them accountable, get other governments to come in on this. That's the way we stop it. And that requires us to work together, both the public and private sector. It means having these advanced tools, but also that public and private partnership. And I think we have to change the rhetoric. The first approach everybody takes is, Colonial, why did you let this happen? They're a victim. If they were hit with missiles, we wouldn't be asking that, but these were nation state like actors going after them. So now our government and the private sector have to work together and we need to change that to say, they're victim, and we're going to go after the guys that did this as a nation and with our allies. I think that's the way to solve it. >> Yeah. Well, terrific. Thank you so much for those insights. Gil, I'd also like to ask you some key questions and of course, certainly people today have a lot of concerns about security, but also about data sharing. How are you addressing those concerns? >> Well, data governance is critical for a utility like the New York Power Authority. A few years ago, we declared that we aspire to be the first end-to-end digital utility. And so by definition, protecting the data of our system, our industrial controls, and the data of our customers are paramount to us. So data governance, considering data or treating data as an asset, like a physical asset is very, very important. So we in our cybersecurity, plans that is a top priority for us. >> Yeah. And Gil thinking about industry 4.0, how has the surface area changed with Cloud and IoT? >> Well, it's grown significantly. At the power authority, we're installing sensors and smart meters at our power plants, at our substations and transmission lines, so that we can monitor them real time, all the time, know their health, know their status. Our customers we're monitoring about 15 to 20,000 state and local government buildings across our states. So just imagine the amount of data that we're streaming real time, all the time into our integrated smart operations center. So it's increasing and it will only increase with 5G, with quantum computing. This is just going to increase and we need to be prepared and integrate cyber into every part of what we do from beginning to end of our processes. >> Yeah. And to both of you actually, as we see industry 4.0 develop even further, are you more concerned about malign actors developing more sophistication? What steps can we take to really be ahead of them? Let's start with General Alexander. >> So, I think the key differentiator and what the energy sector is doing, the approach to cybersecurity is led by CEOs. So you bring CEOs like Gil Quiniones in, you've got other CEOs that are actually bringing together forums to talk about cybersecurity. It is CEO led. That the first part. And then the second part is how do we train and work together, that collective defense. How do we actually do this? I think that's another one that NYPA is leading with West Point in the Army Cyber Institute. How can we start to bring this training session together and train to defend ourselves? This is an area where we can uplift our people that are working in this process, our cyber analysts if you will at the security operations center level. By training them, giving them hard tests and continuing to go. That approach will uplift our cybersecurity and our cyber defense to the point where we can now stop these types of attacks. So I think CEO led, bring in companies that give us the good and bad about our products. We'd like to hear the good, we need to hear the bad, and we needed to improve that, and then how do we train and work together. I think that's part of that solution to the future. >> And Gil, what are your thoughts as we embrace industry 4.0? Are you worried that this malign actors are going to build up their own sophistication and strategy in terms of data breaches and cyber attacks against our utility systems? What can we do to really step up our game? >> Well, as the General said, the good thing with the energy sector is that on the foundational level, we're the only sector with mandatory regulatory requirements that we need to meet. So we are regulated by the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation to meet certain standards in cyber and critical infrastructure. But as the General said, the good thing with the utility is by design, just like storms, we're used to working with each other. So this is just an extension of that storm restoration and other areas where we work all the time together. So we are naturally working together when it comes to to cyber. We work very closely with our federal government partners, Department of Homeland Security, Department of Energy and the National Labs. The National Labs have a lot of expertise. And with the private sector, like great companies like IronNet, NYPA, we stood up an excellence, center of excellence with private partners like IronNet and Siemens and others to start really advancing the art of the possible and the technology innovation in this area. And as the governor mentioned, we partnered with West Point because just like any sporting or just any sport, actual exercises of the red team, green team, and doing that constantly, tabletop exercises, and having others try and breach your walls. Those are good exercises to really be ready against the adversaries. >> Yeah. Terrific. Thank you so much for those insights. General Alexander, now I'd like to ask you this question. Can you share the innovation strategy as the world moves out of the pandemic? Are we seeing new threats, new realities? >> Well, I think, it's not just coming out of the pandemic, but the pandemic actually brought a lot of people into video teleconferences like we are right here. So more people are working from home. You add in the 5G that Gil talked about that gives you a huge attack surface. You're thinking now about instead of a hundred devices per square kilometer up to a million devices. And so you're increasing the attack surface. Everything is changing. So as we come out of the pandemic, people are going to work more from home. You're going to have this attack surface that's going on, it's growing, it's changing, it's challenging. We have to be really good about now, how we trained together, how we think about this new area and we have to continue to innovate, not only what are the cyber tools that we need for the IT side, the internet and the OT side, operational technology. So those kinds of issues are facing all of us and it's a constantly changing environment. So that's where that education, that training, that communication, working between companies, the customers, the NYPA's and the IronNet's and others and then working with the government to make sure that we're all in sync. It's going to grow and is growing at an increased rate exponentially. >> Terrific. Thank you for that. Now, Gil, same question for you. As a result of this pandemic, do you see any kind of new realities emerging? What is your position? >> Well, as the General said, most likely, many companies will be having this hybrid setup. And for company's life like mine, I'm thinking about, okay, how many employees do I have that can access our industrial controls in our power plants, in our substations, and transmission system remotely? And what will that mean from a risk perspective, but even on the IT side, our business information technology. You mentioned about the Colonial Pipeline type situation. How do we now really make sure that our cyber hygiene of our employees is always up-to-date and that we're always vigilant from potential entry whether it's through phishing or other techniques that our adversaries are using. Those are the kinds of things that keep myself like a CEO of a utility up at night. >> Yeah. Well, shifting gears a bit, this question for General Alexander. How come supply chain is such an issue? >> Well, the supply chain, of course, for a company like NYPA, you have hundreds or thousands of companies that you work with. Each of them have different ways of communicating with your company. And in those communications, you now get threats. If they get infected and they reach out to you, they're normally considered okay to talk to, but at the same time that threat could come in. So you have both suppliers that help you do your job. And smaller companies that Gil has, he's got the 47 munis and four co-ops out there, 51, that he's got to deal with and then all the state agencies. So his ecosystem has all these different companies that are part of his larger network. And when you think about that larger network, the issue becomes, how am I going to defend that? And I think, as Gil mentioned earlier, if we put them all together and we operate and train together and we defend together, then we know that we're doing the best we can, especially for those smaller companies, the munis and co-ops that don't have the people and a security ops centers and other things to defend them. But working together, we can help defend them collectively. >> Terrific. And I'd also like to ask you a bit more on IronDefense. You spoke about its behavioral capabilities, it's behavioral detection techniques, excuse me. How is it really different from the rest of the competitive landscape? What sets it apart from traditional cybersecurity tools? >> So traditional cybersecurity tools use what we call a signature-based system. Think of that as a barcode for the threat. It's a specific barcode. We use that barcode to identify the threat at the firewall or at the endpoint. Those are known threats. We can stop those and we do a really good job. We share those indicators of compromise in those barcodes, in the rules that we have, Suricata rules and others, those go out. The issue becomes, what about the things we don't know about? And to detect those, you need behavioral analytics. Behavioral analytics are a little bit noisier. So you want to collect all the data and anomalies with behavioral analytics using an expert system to sort them out and then use collected defense to share knowledge and actually look across those. And the great thing about behavioral analytics is you can detect all of the anomalies. You can share very quickly and you can operate at network speed. So that's going to be the future where you start to share that, and that becomes the engine if you will for the future radar picture for cybersecurity. You add in, as we have already machine learning and AI, artificial intelligence, people talk about that, but in this case, it's a clustering algorithms about all those events and the ways of looking at it that allow you to up that speed, up your confidence in and whether it's malicious, suspicious or benign and share that. I think that is part of that future that we're talking about. You've got to have that and the government can come in and say, you missed something. Here's something you should be concerned about. And up the call from suspicious to malicious that gives everybody in the nation and our allies insights, okay, that's bad. Let's defend against it. >> Yeah. Terrific. Well, how does the type of technology address the President's May 2021 executive order on cybersecurity as you mentioned the government? >> So there's two parts of that. And I think one of the things that I liked about the executive order is it talked about, in the first page, the public-private partnership. That's the key. We got to partner together. And the other thing it went into that was really key is how do we now bring in the IT infrastructure, what our company does with the OT companies like Dragos, how do we work together for the collective defense for the energy sector and other key parts. So I think it is hit two key parts. It also goes on about what you do about the supply chain for software were all needed, but that's a little bit outside what we're talking about here today. The real key is how we work together between the public and private sector. And I think it did a good job in that area. >> Terrific. Well, thank you so much for your insights and to you as well, Gil, really lovely to have you both on this program. That was General Keith Alexander, Founder and Co-CEO of IronNet Cybersecurity, as well as Gil Quiniones, the President and CEO of the New York Power Authority. That's all for this session of the 2021 AWS Global Public Sector Partner Awards. I'm your host for theCUBE, Natalie Erlich. Stay with us for more coverage. (bright music)

(gentle music) >> Welcome to this Cube Conversation, I'm Lisa Martin. Laura Dubois joins me next, VP of product management at Dell Technologies, Laura, welcome back to the program. >> Yeah, thank you so much Lisa, it's just fantastic to be here and talking about data protection now that we're coming out of COVID, it's just wonderful to be here, thank you so much. >> Isn't it so refreshing. So, you're going to provide some updates on Dell's data protection software, some of the innovation, how you're working with customers and prospects. So let's go ahead and dig right in, let's talk about some of the innovation and the enhancements that Dell is making to its data protection suite of software and also how customers are influencing that. >> Yeah, so it's a great question Lisa and you're right. We have driven a lot of innovation and enhancements in our data protection suite. And let me just level a second. So data protection suite, is a solution that is deployed by really tens of thousands of customers. And we continue to innovate and enhance that data protection suite. Data protection suite is comprised primarily of three main data protection software capabilities. So, longstanding capabilities and customer adoption of Avamar, which continues to be a central capability on our portfolio. The second one is Networker. So Networker is also an enterprise grade, highly scalable and performance data protection solution. And then a couple of years ago, we launched a new data protection capability called power protect data manager. So, all three of these capabilities, really the foundation of our data protection suite. And as I said, enterprises around the world rely on these three sets of capabilities to protect their data, regardless of wherever it resides. And it's really central now more than ever in the face of increasing security, risks and compliance and the need to be able to have an always kind of available environment that customers rely on the capabilities and data protection suite to really make sure their enterprises resilient. >> Absolutely, and make sure that that data is recoverable if anything happens, you mentioned cybersecurity. We'll get into that in a second. But so thousands of Avamar and Networker customers, what are some of the key workloads and data that these customers are protecting with these technologies? >> Yeah, I mean, so, actually tens of thousands. >> Tens of thousands. >> Tens of thousands of customers that rely on data protection suite. And it really, I think the strength and advantage of our portfolio is its breadth, breadth in terms of client operating environments, in terms of applications and databases, in terms of workloads and specifically use cases. So I mean, the breadth that we offer is unparalleled, pretty much whether Windows, Linux, OpenVMS, NetWare, kind of going back in time a long tail of kind of operating environments and then databases, right. So everything from SQL and Oracle and Sybase and DB2 to new types of databases, like the NoSQL or content store and key value store types of NoSQL schemas, if you will. And so, and then lastly is the word they use cases, right? So being able to protect data, whether that be data that's in a data center, out in remote or branch locations or data that's out in the cloud, right. And of course, increasingly customers are placing their data in a variety of locations; on Edge, on core data centers and in cloud environments. And we actually have over six exabytes of capacity under management, across public cloud environments. So pretty extensive deployment of our data protection suite in public clouds, you know, the leading hyperscalers, cloud environments and premises as well. >> So let's talk a little bit about the customer influence 'cause obviously there's a very cooperative relationship that Dell has with its customers that help you achieve things. Like, for example, I saw that according to IDC, Dell Technologies is number one in data protection, appliances, and software, leader in the Gartner Magic Quadrant for data center backup and recovery for over 20 years now. Talk to us a little bit more about that symbiotic customer, Dell relationship. >> Yeah, so it's a great question. We see our customers as strategic partners, and we really want to understand their business, their requirements. We engage on a quarterly basis with customers and partners in advisory councils. And then of course, we are always engaging with customers outside of those cycles on a kind of a one-on-one basis. And so we are really driving the innovation and the backlogs and the roadmap for data protection suite based upon customer feedback. And approximately 79% of the fortune 100 customers, our Dell data, Dell Technologies data protection customers. Now that's not to say that that's our only customer base. We have customers in commercial accounts, in mid-market in federal agencies, but, you know, we take our customer relationships really, really seriously, and we engage with them on a regular basis, both in a group forum to provide feedback as well as in a one-on-one basis. And we're building our roadmaps and our product release is based on feedback from customers, and again, know large customer base that we take very seriously. >> Right to the customer listening obviously it is critical for Dell. So you talked a little bit about what that cycle looks like in terms of quarterly meetings and then those individual meetings. What are some of the enhancements and advancements that customers have actually influenced? >> Yeah, so we, I mean, we, I think continuing to provide simplicity and ease of use is a key element of our portfolio and our strategy, right? So continuing to modernize and update the software in terms of workflows, in terms of, you know, common experiences also increasingly customers want to automate their data protection process. So really taking an API-first strategy for how we deliver capabilities to customers, continuing to expand our client database, hypervisor environments, continue to extend out our cloud support, you know, things like protection of cloud native applications with increasingly customers containerizing and building scale-out applications. We want to be able to protect Kubernetes environment. So that's kind of an area of focus for us. Another area of focus for us is going deeper with our key strategic partners, whether that'd be a cloud partner or a hypervisor partner. And then of course, customers, in fact, one of the top three things that we consistently hear from these councils that we do is the criticality of security, security and our data protection environment but the criticality of being able to be resilient from, and in the event of a cyber attack to be able to resilient recover from that cyber attack. So that is an area where we continue to make innovations and investments in the data protection suite as well. >> And that's so critical. One of the things that we saw in the last year, 15 months plus Laura, is this massive rise in ransomware. It's now a household word, the Colonial Pipeline for example, the meat packing plant, it's now many businesses knowing it's not, if we get attacked, but it's when. So having the ability to be resilient and recover that data is table stakes for, I imagine a business in any organization. I want to understand a little bit more. So you talked about tens of thousands of customers using Avamar and Networker. So now they have the capability of also expanding and using more of the suite. Talk to me a little bit about that. >> Yeah, so, I mean, I think it starts with the customer environment and what workloads and use cases they have. And because of the breadth of capabilities indeed the data protection suite, we really optimize the solution based upon their needs, right. So if they have a large portfolio of applications that they need to maintain but they're also building applications or systems for the future, we have a solution there. If they have a single hypervisor strategy or a multiple hypervisor strategy, we have a strategy there, if they have data that's on-premise and across a range of public clouds, one large customer we have as a, kind of three-plus one strategy around cloud. So they're leveraging three different public cloud, IS environments, and then they're also have their on-premise cloud environment. So, you know, we, it really starts with the customer workload and the data, and where it lives; whether that's be out in an Edge location in a remote or branch office, on an end point somewhere, they need to protect whether it be in a core data center or multiple data centers, or rather be in the cloud. That's how we think about optimizing the solution for the customers. >> Curious if you can give me any examples of customers maybe by industry that were, have been with Dell for a long time with Avamar and Networker for a long time and how they've expanded, being able to pick, as you say, as their, or as their environment grows and we've got, now this blur of right. It's now worked from anywhere, data centers, Edge. Talk to me about some customers examples that you think really articulate the value of what Dell is delivering. >> Yeah, so, I mean, I think one customer in the financial services sector comes to mind. They have a large amount of unstructured data that they need to protect, you know, petabytes, petabytes and petabytes of data they need to protect. And so I think that's one customer that comes to mind is someone we've been with for a long time, been partnering with for a long time. Another customer I mentioned in the, it was a kind of a three-letter software company that is a really strategic partner for us with on-premise, in the cloud. You know, healthcare is a big and important sector for Dell. We have integrations into kind of leading healthcare applications. So that's another big, whether they be a healthcare provider or a healthcare insurance company, and had a fourth example, but it's escaping my mind right now, but, I would say going back to the cyber discussion, I mean, one thing that we, where we see really customers looking for guidance from us around cyber recovery and cyber resilience is in what the, you know, of course president Biden just released this executive board on his mandate for ensuring that the federal agencies but also companies in the millisecond sector, sectors be able to ensure resilience from cyber attacks. So that's companies in financial services, that's companies in healthcare, energy, oil, and gas transportation, right. Obviously in companies and industries that are critical to our economy and our infrastructure. And so that has been an area where we've seen, recently in the last, I would say 12 months increased in engagement, you mentioned Colonial Pipeline, for example. So those are some high salient highlights I think of in terms of, you know, kind of key customers. But pretty much every sector. I mean, the U.S. government, all of the the agencies, whether they be civilian, or DOD or key kind of engagement partners of ours. >> Yeah, and as you said in the last year, what a year it's been. But really a business in every industry has got to be able to be resilient and recover when something happens. Can you talk a little bit about some of the specific enhancements that you guys have made to the suite? >> Yeah, sure. So, you know, we continue to enhance our hypervisor capabilities. So we continue to enhance not only the core VMware or hyperbaric capabilities but we continue to enhance some of the extensions or plugins that we have for those. So whether that be things like our VRealized plugin or a vCloud director plugin for say, VMware. So that's kind of a big focus for us. Continuing to enhance capabilities around leveraging the cloud for long-term retention. So that's another kind of enhancement area for us. But cloud in general is an ara where we continue to drive more and more enhancement. Improving performance in cloud environments for a variety of use cases, whether that be DR to the cloud, backup or replications of the cloud or backing up workloads that are already in the cloud. There's a key use cases for us, as well as the archive to cloud use cases. So there's just some examples or areas where we've driven enhancements and you can expect to see more, you know we have a six month release cadence for Avamar and Networker, and we continue with that momentum. And at the end of this month, we have the next major release of our data protection suite. And then six months later, we'll have the next update and so on and so forth. And we've been doing that actually for the last three to four years. This is a six month release cadence for data protection suite. We continue with that momentum. And like I said, simplicity and modernity, APIs and automation, extending our workloads and hypervisors and use cases. And then cloud is a big focusing area as well, as well as security and cyber resilience. >> Right, and so a lot of flexibility in choice for Avamar and Networker customers. As things change the world continues to pivot and we know it's absolutely essential to be able to recover that data. You mentioned 70, I think 79% of the Fortune 100 are using Dell technologies for data protection software. That's probably something that's only going to continue to grow. Lots of stuff coming up. As you mention, what are some of the things that you're personally excited about as the world starts to open up and you get to actually go out and engage with customers? >> I'm in just looking forward to like in-person meetings. I mean, I just loved going and trying to understand what problems the customers are trying to solve and how we can help address those. I think, you know, what I see customers sort of struggling with is how do they kind of manage their current environment while they're building for the future? So there's a lot of interest in questions around, how do they protect some of these new types of workloads, whether they're deployed on premise or in the public cloud. So that continues to be an area where we continue to engage with customers. I'm also really personally excited about the extensions that we're doing in our cyber recovery capabilities so as you can expect to hear more about some of those in the next 12 months, because we're really seeing that as a key driver to kind of increased policies around and implementations around data protection is because of these, you know, the needs to be able to be resilient from cyber attacks. I would say we're also doing some very interesting integrations with VMware. We're going to have some first and only announcements around VMware and managing protection for VMware, you know, VM environments. So you can look forward to hearing more about that. And we have customers that have deployed our data protection solutions at scale. One customer has 150,000 clients who they're protecting with our data protection offerings, 150,000. And so we're continuing to improve the, and enhance the products to meet those kinds of scale requirements. And I'm excited by the fact that we've had this long standing relationship with this one particular customer and continue to help in flowing up where their needs go. >> And that's something that even a great job of talking about is just not just a longstanding relationships but really that dedication that Dell has to innovating with its customers. Laura, thank you for sharing some of the updates of what's new, what you're continuing to do with customers, and what you're looking forward to in the future. It sounds like we might hear some news around the VMworld timeframe. >> Yes, I think so. >> All right, Laura, thank you so much for joining me today. Appreciate your time. >> Yeah, it's been great to be here. Thanks so much. >> Excellent from Laura Dubois and Lisa Martin, you're watching this Cube Conversation. (soft music)