(upbeat music) >> Welcome back to Supercloud 2, which is an open industry collaboration between technologists, consultants, analysts, and of course, practitioners, to help shape the future of cloud. And at this event, one of the key areas we're exploring is the intersection of cloud and data, and how building value on top of hyperscale clouds and across clouds is evolving, a concept we call supercloud. And we're pleased to welcome Harvir Singh, who's the chief data architect and global head of data at Western Union. Harvir, it's good to see you again. Thanks for coming on the program. >> Thanks, David, it's always a pleasure to talk to you. >> So many things stand out from when we first met, and one of the most gripping for me was when you said to me, "When data moves, money moves." And that's the world we live in today, and really have for a long time. Money has moved as bits, and when it has to move, we want it to move quickly, securely, and in a governed manner. And the pressure to do so is only growing. So tell us how that trend is evolved over the past decade in the context of your industry generally, and Western Union, specifically. Look, I always say to people that we are probably the first ones to introduce digital currency around the world because, hey, somebody around the world needs money, we move data to make that happen. That trend has actually accelerated quite a bit. If you look at the last 10 years, and you look at all these payment companies, digital companies, credit card companies that have evolved, majority of them are working on the same principle. When data moves, money moves. When data is stale, the money goes away, right? I think that trend is continuing, and it's not just the trend is in this space, it's also continuing in other spaces, specifically around, you know, acquisition of customers, communication with customers. It's all becoming digital, and it's, at the end of the day, it's all data being moved from one place or another. At the end of the day, you're not seeing the customer, but you're looking at, you know, the data that he's consuming, and you're making actionable items on it, and be able to respond to what they need. So I think 10 years, it's really, really evolved. >> Hmm, you operate, Western Union operates in more than 200 countries, and you you have what I would call a pseudo federated organization. You're trying to standardize wherever possible on the infrastructure, and you're curating the tooling and doing the heavy lifting in the data stack, which of course lessens the burden on the developers and the line of business consumers, so my question is, in operating in 200 countries, how do you deal with all the diversity of laws and regulations across those regions? I know you're heavily involved in AWS, but AWS isn't everywhere, you still have some on-prem infrastructure. Can you paint a picture of, you know, what that looks like? >> Yeah, a few years ago , we were primarily mostly on-prem, and one of the biggest pain points has been managing that infrastructure around the world in those countries. Yes, we operate in 200 countries, but we don't have infrastructure in 200 countries, but we do have agent locations in 200 countries. United Nations says we only have like 183 are countries, but there are countries which, you know, declare themselves countries, and we are there as well because somebody wants to send money there, right? Somebody has an agent location down there as well. So that infrastructure is obviously very hard to manage and maintain. We have to comply by numerous laws, you know. And the last few years, specifically with GDPR, CCPA, data localization laws in different countries, it's been a challenge, right? And one of the things that we did a few years ago, we decided that we want to be in the business of helping our customers move money faster, security, and with complete trust in us. We don't want to be able to, we don't want to be in the business of managing infrastructure. And that's one of the reasons we started to, you know, migrate and move our journey to the cloud. AWS, obviously chosen first because of its, you know, first in the game, has more locations, and more data centers around the world where we operate. But we still have, you know, existing infrastructure, which is in some countries, which is still localized because AWS hasn't reached there, or we don't have a comparable provider there. We still manage those. And we have to comply by those laws. Our data privacy and our data localization tech stack is pretty good, I would say. We manage our data very well, we manage our customer data very well, but it comes with a lot of complexity. You know, we get a lot of requests from European Union, we get a lot of requests from Asia Pacific every pretty much on a weekly basis to explain, you know, how we are taking controls and putting measures in place to make sure that the data is secured and is in the right place. So it's a complex environment. We do have exposure to other clouds as well, like Google and Azure. And as much as we would love to be completely, you know, very, very hybrid kind of an organization, it's still at a stage where we are still very heavily focused on AWS yet, but at some point, you know, we would love to see a world which is not reliant on a single provider, but it's more a little bit more democratized, you know, as and when what I want to use, I should be able to use, and pay-per-use. And the concept started like that, but it's obviously it's now, again, there are like three big players in the market, and, you know, they're doing their own thing. Would love to see them come collaborate at some point. >> Yeah, wouldn't we all. I want to double-click on the whole multi-cloud strategy, but if I understand it correctly, and in a perfect world, everything on-premises would be in the cloud is, first of all, is that a correct statement? Is that nirvana for you or not necessarily? >> I would say it is nirvana for us, but I would also put a caveat, is it's very tricky because from a regulatory perspective, we are a regulated entity in many countries. The regulators would want to see some control if something happens with a relationship with AWS in one country, or with Google in another country, and it keeps happening, right? For example, Russia was a good example where we had to switch things off. We should be able to do that. But if let's say somewhere in Asia, this country decides that they don't want to partner with AWS, and majority of our stuff is on AWS, where do I go from there? So we have to have some level of confidence in our own infrastructure, so we do maintain some to be able to fail back into and move things it needs to be. So it's a tricky question. Yes, it's nirvana state that I don't have to manage infrastructure, but I think it's far less practical than it said. We will still own something that we call it our own where we have complete control, being a financial entity. >> And so do you try to, I'm sure you do, standardize between all the different on-premise, and in this case, the AWS cloud or maybe even other clouds. How do you do that? Do you work with, you know, different vendors at the various places of the stack to try to do that? Some of the vendors, you know, like a Snowflake is only in the cloud. You know, others, you know, whether it's whatever, analytics, or storage, or database, might be hybrid. What's your strategy with regard to creating as common an experience as possible between your on-prem and your clouds? >> You asked a question which I asked when I joined as well, right? Which question, this is one of the most important questions is how soon when I fail back, if I need to fail back? And how quickly can I, because not everything that is sitting on the cloud is comparable to on-prem or is backward compatible. And the reason I say backward compatible is, you know, there are, our on-prem cloud is obviously behind. We haven't taken enough time to kind of put it to a state where, because we started to migrate and now we have access to infrastructure on the cloud, most of the new things are being built there. But for critical application, I would say we have chronology that could be used to move back if need to be. So, you know, technologies like Couchbase, technologies like PostgreSQL, technologies like Db2, et cetera. We still have and maintain a fairly large portion of it on-prem where critical applications could potentially be serviced. We'll give you one example. We use Neo4j very heavily for our AML use cases. And that's an important one because if Neo4j on the cloud goes down, and it's happened in the past, again, even with three clusters, having all three clusters going down with a DR, we still need some accessibility of that because that's one of the biggest, you know, fraud and risk application it supports. So we do still maintain some comparable technology. Snowflake is an odd one. It's obviously there is none on-prem. But then, you know, Snowflake, I also feel it's more analytical based technology, not a transactional-based technology, at least in our ecosystem. So for me to replicate that, yes, it'll probably take time, but I can live with that. But my business will not stop because our transactional applications can potentially move over if need to. >> Yeah, and of course, you know, all these big market cap companies, so the Snowflake or Databricks, which is not public yet, but they've got big aspirations. And so, you know, we've seen things like Snowflake do a deal with Dell for on-prem object store. I think they do the same thing with Pure. And so over time, you see, Mongo, you know, extending its estate. And so over time all these things are coming together. I want to step out of this conversation for a second. I just ask you, given the current macroeconomic climate, what are the priorities? You know, obviously, people are, CIOs are tapping the breaks on spending, we've reported on that, but what is it? Is it security? Is it analytics? Is it modernization of the on-prem stack, which you were saying a little bit behind. Where are the priorities today given the economic headwinds? >> So the most important priority right now is growing the business, I would say. It's a different, I know this is more, this is not a very techy or a tech answer that, you know, you would expect, but it's growing the business. We want to acquire more customers and be able to service them as best needed. So the majority of our investment is going in the space where tech can support that initiative. During our earnings call, we released the new pillars of our organization where we will focus on, you know, omnichannel digital experience, and then one experience for customer, whether it's retail, whether it's digital. We want to open up our own experience stores, et cetera. So we are investing in technology where it's going to support those pillars. But the spend is in a way that we are obviously taking away from the things that do not support those. So it's, I would say it's flat for us. We are not like in heavily investing or aggressively increasing our tech budget, but it's more like, hey, switch this off because it doesn't make us money, but now switch this on because this is going to support what we can do with money, right? So that's kind of where we are heading towards. So it's not not driven by technology, but it's driven by business and how it supports our customers and our ability to compete in the market. >> You know, I think Harvir, that's consistent with what we heard in some other work that we've done, our ETR partner who does these types of surveys. We're hearing the same thing, is that, you know, we might not be spending on modernizing our on-prem stack. Yeah, we want to get to the cloud at some point and modernize that. But if it supports revenue, you know, we'll invest in that, and get the, you know, instant ROI. I want to ask you about, you know, this concept of supercloud, this abstracted layer of value on top of hyperscale infrastructure, and maybe on-prem. But we were talking about the integration, for instance, between Snowflake and Salesforce, where you got different data sources and you were explaining that you had great interest in being able to, you know, have a kind of, I'll say seamless, sorry, I know it's an overused word, but integration between the data sources and those two different platforms. Can you explain that and why that's attractive to you? >> Yeah, I'm a big supporter of action where the data is, right? Because the minute you start to move, things are already lost in translation. The time is lost, you can't get to it fast enough. So if, for example, for us, Snowflake, Salesforce, is our actionable platform where we action, we send marketing campaigns, we send customer communication via SMS, in app, as well as via email. Now, we would like to be able to interact with our customers pretty much on a, I would say near real time, but the concept of real time doesn't work well with me because I always feel that if you're observing something, it's not real time, it's already happened. But how soon can I react? That's the question. And given that I have to move that data all the way from our, let's say, engagement platforms like Adobe, and particles of the world into Snowflake first, and then do my modeling in some way, and be able to then put it back into Salesforce, it takes time. Yes, you know, I can do it in a few hours, but that few hours makes a lot of difference. Somebody sitting on my website, you know, couldn't find something, walked away, how soon do you think he will lose interest? Three hours, four hours, he'll probably gone, he will never come back. I think if I can react to that as fast as possible without too much data movement, I think that's a lot of good benefit that this kind of integration will bring. Yes, I can potentially take data directly into Salesforce, but I then now have two copies of data, which is, again, something that I'm not a big (indistinct) of. Let's keep the source of the data simple, clean, and a single source. I think this kind of integration will help a lot if the actions can be brought very close to where the data resides. >> Thank you for that. And so, you know, it's funny, we sometimes try to define real time as before you lose the customer, so that's kind of real time. But I want to come back to this idea of governed data sharing. You mentioned some other clouds, a little bit of Azure, a little bit of Google. In a world where, let's say you go more aggressively, and we know that for instance, if you want to use Google's AI tools, you got to use BigQuery. You know, today, anyway, they're not sort of so friendly with Snowflake, maybe different for the AWS, maybe Microsoft's going to be different as well. But in an ideal world, what I'm hearing is you want to keep the data in place. You don't want to move the data. Moving data is expensive, making copies is badness. It's expensive, and it's also, you know, changes the state, right? So you got governance issues. So this idea of supercloud is that you can leave the data in place and actually have a common experience across clouds. Let's just say, let's assume for a minute Google kind of wakes up, my words, not yours, and says, "Hey, maybe, you know what, partnering with a Snowflake or a Databricks is better for our business. It's better for the customers," how would that affect your business and the value that you can bring to your customers? >> Again, I would say that would be the nirvana state that, you know, we want to get to. Because I would say not everyone's perfect. They have great engineers and great products that they're developing, but that's where they compete as well, right? I would like to use the best of breed as much as possible. And I've been a person who has done this in the past as well. I've used, you know, tools to integrate. And the reason why this integration has worked is primarily because sometimes you do pick the best thing for that job. And Google's AI products are definitely doing really well, but, you know, that accessibility, if it's a problem, then I really can't depend on them, right? I would love to move some of that down there, but they have to make it possible for us. Azure is doing really, really good at investing, so I think they're a little bit more and more closer to getting to that state, and I know seeking our attention than Google at this point of time. But I think there will be a revelation moment because more and more people that I talk to like myself, they're also talking about the same thing. I'd like to be able to use Google's AdSense, I would like to be able to use Google's advertising platform, but you know what? I already have all this data, why do I need to move it? Can't they just go and access it? That question will keep haunting them (indistinct). >> You know, I think, obviously, Microsoft has always known, you know, understood ecosystems. I mean, AWS is nailing it, when you go to re:Invent, it's all about the ecosystem. And they think they realized they can make a lot more money, you know, together, than trying to have, and Google's got to figure that out. I think Google thinks, "All right, hey, we got to have the best tech." And that tech, they do have the great tech, and that's our competitive advantage. They got to wake up to the ecosystem and what's happening in the field and the go-to-market. I want to ask you about how you see data and cloud evolving in the future. You mentioned that things that are driving revenue are the priorities, and maybe you're already doing this today, but my question is, do you see a day when companies like yours are increasingly offering data and software services? You've been around for a long time as a company, you've got, you know, first party data, you've got proprietary knowledge, and maybe tooling that you've developed, and you're becoming more, you're already a technology company. Do you see someday pointing that at customers, or again, maybe you're doing it already, or is that not practical in your view? >> So data monetization has always been on the charts. The reason why it hasn't seen the light is regulatory pressure at this point of time. We are partnering up with certain agencies, again, you know, some pilots are happening to see the value of that and be able to offer that. But I think, you know, eventually, we'll get to a state where our, because we are trying to build accessible financial services, we will be in a state that we will be offering those to partners, which could then extended to their customers as well. So we are definitely exploring that. We are definitely exploring how to enrich our data with other data, and be able to complete a super set of data that can be used. Because frankly speaking, the data that we have is very interesting. We have trends of people migrating, we have trends of people migrating within the US, right? So if a new, let's say there's a new, like, I'll give you an example. Let's say New York City, I can tell you, at any given point of time, with my data, what is, you know, a dominant population in that area from migrant perspective. And if I see a change in that data, I can tell you where that is moving towards. I think it's going to be very interesting. We're a little bit, obviously, sometimes, you know, you're scared of sharing too much detail because there's too much data. So, but at the end of the day, I think at some point, we'll get to a state where we are confident that the data can be used for good. One simple example is, you know, pharmacies. They would love to get, you know, we've been talking to CVS and we are talking to Walgreens, and trying to figure out, if they would get access to this kind of data demographic information, what could they do be better? Because, you know, from a gene pool perspective, there are diseases and stuff that are very prevalent in one community versus the other. We could probably equip them with this information to be able to better, you know, let's say, staff their pharmacies or keep better inventory of products that could be used for the population in that area. Similarly, the likes of Walmarts and Krogers, they would like to have more, let's say, ethnic products in their aisles, right? How do you enable that? That data is primarily, I think we are the biggest source of that data. So we do take pride in it, but you know, with caution, we are obviously exploring that as well. >> My last question for you, Harvir, is I'm going to ask you to do a thought exercise. So in that vein, that whole monetization piece, imagine that now, Harvir, you are running a P&L that is going to monetize that data. And my question to you is a there's a business vector and a technology vector. So from a business standpoint, the more distribution channels you have, the better. So running on AWS cloud, partnering with Microsoft, partnering with Google, going to market with them, going to give you more revenue. Okay, so there's a motivation for multi-cloud or supercloud. That's indisputable. But from a technical standpoint, is there an advantage to running on multiple clouds or is that a disadvantage for you? >> It's, I would say it's a disadvantage because if my data is distributed, I have to combine it at some place. So the very first step that we had taken was obviously we brought in Snowflake. The reason, we wanted our analytical data and we want our historical data in the same place. So we are already there and ready to share. And we are actually participating in the data share, but in a private setting at the moment. So we are technically enabled to share, unless there is a significant, I would say, upside to moving that data to another cloud. I don't see any reason because I can enable anyone to come and get it from Snowflake. It's already enabled for us. >> Yeah, or if somehow, magically, several years down the road, some standard developed so you don't have to move the data. Maybe there's a new, Mogli is talking about a new data architecture, and, you know, that's probably years away, but, Harvir, you're an awesome guest. I love having you on, and really appreciate you participating in the program. >> I appreciate it. Thank you, and good luck (indistinct) >> Ah, thank you very much. This is Dave Vellante for John Furrier and the entire Cube community. Keep it right there for more great coverage from Supercloud 2. (uplifting music)

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back to Vegas. Guys. We're happy that you're here. Lisa Martin here covering with Dave Valante, Palo Alto Networks Ignite 22. We're at MGM Grand. This is our first day, Dave of two days of cube coverage. We've been having great conversations with the ecosystem with Palo Alto executives, with partners. One of the things that they have is unit 42. We're gonna be talking with them next about cyber intelligence. And the threat data that they get is >>Incredible. Yeah. They have all the data, they know what's going on, and of course things are changing. The state of play changes. Hold on a second. I got a text here. Oh, my Netflix account was frozen. Should I click on this link? Yeah. What do you think? Have you had a, it's, have you had a little bit more of that this holiday season? Yeah, definitely. >>Unbelievable, right? A lot of smishing going on. >>Yeah, they're very clever. >>Yeah, we're very pleased to welcome back one of our alumni to the queue. Wendy Whitmore is here, the SVP of Unit 42. Welcome back, Wendy. Great to have >>You. Thanks Lisa. So >>Unit 42 created back in 2014. One of the things that I saw that you said in your keynote this morning or today was everything old is still around and it's co, it's way more prolific than ever. What are some of the things that Unit 42 is seeing these days with, with respect to cyber threats as the landscape has changed so much the last two years alone? >>You know, it, it has. So it's really interesting. I've been responding to these breaches for over two decades now, and I can tell you that there are a lot of new and novel techniques. I love that you already highlighted Smishing, right? In the opening gate. Right. Because that is something that a year ago, no one knew what that word was. I mean, we, it's probably gonna be invented this year, right? But that said, so many of the tactics that we have previously seen, when it comes to just general espionage techniques, right? Data act filtration, intellectual property theft, those are going on now more than ever. And you're not hearing about them as much in the news because there are so many other things, right? We're under the landscape of a major war going on between Russia and Ukraine of ransomware attacks, you know, occurring on a weekly basis. And so we keep hearing about those, but ultimately these nations aid actors are using that top cover, if you will, as a great distraction. It's almost like a perfect storm for them to continue conducting so much cyber espionage work that like we may not be feeling that today, but years down the road, they're, the work that they're doing today is gonna have really significant impact. >>Ransomware has become a household word in the last couple of years. I think even my mom knows what it is, to some degree. Yeah. But the threat actors are far more sophisticated than they've ever written. They're very motivated. They're very well funded. I think I've read a stat recently in the last year that there's a ransomware attack once every 11 seconds. And of course we only hear about the big ones. But that is a concern that goes all the way up to the board. >>Yeah. You know, we have a stat in our ransomware threat report that talks about how often victims are posted on leak sites. And I think it's once every seven minutes at this point that a new victim is posted. Meaning a victim has had their data, a victim organization had their data stolen and posted on some leak site in the attempt to be extorted. So that has become so common. One of the shifts that we've seen this year in particular and in recent months, you know, a year ago when I was at Ignite, which was virtual, we talked about quadruple extortion, meaning four different ways that these ransomware actors would go out and try to make money from these attacks in what they're doing now is often going to just one, which is, I don't even wanna bother with encrypting your data now, because that means that in order to get paid, I probably have to decrypt it. Right? That's a lot of work. It's time consuming. It's kind of painstaking. And so what they've really looked to do now is do the extortion where they simply steal the data and then threaten to post it on these leak sites, you know, release it other parts of the web and, and go from there. And so that's really a blending of these techniques of traditional cyber espionage with intellectual property theft. Wow. >>How trustworthy are those guys in terms of, I mean, these are hackers, right? In terms of it's really the, the hacker honor system, isn't it? I mean, if you get compromised like that, you really beholden to criminals. And so, you >>Know, so that's one of the key reasons why having the threat intelligence is so important, right? Understanding which group that you're dealing with and what their likelihood of paying is, what's their modus operandi. It's become even more important now because these groups switch teams more frequently than NFL trades, you know, free agents during the regular season, right? Or players become free agents. And that's because their infrastructure. So the, you know, infrastructure, the servers, the systems that they're using to conduct these attacks from is actually largely being disrupted more from law enforcement, international intelligence agencies working together with public private partnerships. So what they're doing is saying, okay, great. All that infrastructure that I just had now is, is burned, right? It's no longer effective. So then they'll disband a team and then they'll recruit a new team and it's constant like mixing and matching in players. >>All that said, even though that's highly dynamic, one of the other areas that they pride themselves on is customer service. So, and I think it's interesting because, you know, when I said they're not wanting to like do all the decryption? Yeah. Cuz that's like painful techni technical slow work. But on the customer service side, they will create these customer service portals immediately stand one up, say, you know, hey it's, it's like an Amazon, you know, if you've ever had to return a package on Amazon for example, and you need to click through and like explain, you know, Hey, I didn't receive this package. A portal window pops up, you start talking to either a bot or a live agent on the backend. In this case they're hu what appeared to be very much humans who are explaining to you exactly what happened, what they're asking for, super pleasant, getting back within minutes of a response. And they know that in order for them to get paid, they need to have good customer service because otherwise they're not going to, you know, have a business. How, >>So what's the state of play look like from between nation states, criminals and how, how difficult or not so difficult is it for you to identify? Do you have clear signatures? My understanding in with Solar Winds it was a little harder, but maybe help us understand and help our audience understand what the state of play is right now. >>One of the interesting things that I think is occurring, and I highlighted this this morning, is this idea of convergence. And so I'll break it down for one example relates to the type of malware or tools that these attackers use. So traditionally, if we looked at a nation state actor like China or Russia, they were very, very specific and very strategic about the types of victims that they were going to go after when they had zero day. So, you know, new, new malware out there, new vulnerabilities that could be exploited only by them because the rest of the world didn't know about it. They might have one organization that they would target that at, at most, a handful and all very strategic for their objective. They wanted to keep that a secret as long as possible. Now what we're seeing actually is those same attackers going towards one, a much larger supply chain. >>So, so lorenzen is a great example of that. The Hafnia attacks towards Microsoft Exchange server last year. All great examples of that. But what they're also doing is instead of using zero days as much, or you know, because those are expensive to build, they take a lot of time, a lot of funding, a lot of patience and research. What they're doing is using commercially available tools. And so there's a tool that our team identified earlier this year called Brute Rael, C4 or BRC four for short. And that's a tool that we now know that nation state actors are using. But just two weeks ago we invested a ransomware attack where the ransomware actor was using that same piece of tooling. So to your point, yak can get difficult for defenders when you're looking through and saying, well wait, they're all using some of the same tools right now and some of the same approaches when it comes to nation states, that's great for them because they can blend into the noise and it makes it harder to identify as >>Quickly. And, and is that an example of living off the land or is that B BRC four sort of a homegrown hacker tool? Is it, is it a, is it a commercial >>Off the shelf? So it's a tool that was actually, so you can purchase it, I believe it's about 2,500 US dollars for a license. It was actually created by a former Red teamer from a couple well-known companies in the industry who then decided, well hey, I built this tool for work, I'm gonna sell this. Well great for Red teamers that are, you know, legitimately doing good work, but not great now because they're, they built a, a strong tool that has the ability to hide amongst a, a lot of protocols. It can actually hide within Slack and teams to where you can't even see the data is being exfiltrated. And so there's a lot of concern. And then now the reality that it gets into the wrong hands of nation state actors in ransomware actors, one of the really interesting things about that piece of malware is it has a setting where you can change wallpaper. And I don't know if you know offhand, you know what that means, but you know, if that comes to mind, what you would do with it. Well certainly a nation state actor is never gonna do something like that, right? But who likes to do that are ransomware actors who can go in and change the background wallpaper on a desktop that says you've been hacked by XYZ organization and let you know what's going on. So pretty interesting, obviously the developer doing some work there for different parts of the, you know, nefarious community. >>Tremendous amount of sophistication that's gone on the last couple of years alone. I was just reading that Unit 42 is now a founding member of the Cyber Threat Alliance includes now more than 35 organizations. So you guys are getting a very broad picture of today's threat landscape. How can customers actually achieve cyber resilience? Is it achievable and how do you help? >>So I, I think it is achievable. So let me kind of parse out the question, right. So the Cyber Threat Alliance, the J C D C, the Cyber Safety Review Board, which I'm a member of, right? I think one of the really cool things about Palo Alto Networks is just our partnerships. So those are just a handful. We've got partnerships with over 200 organizations. We work closely with the Ukrainian cert, for example, sharing information, incredible information about like what's going on in the war, sharing technical details. We do that with Interpol on a daily basis where, you know, we're sharing information. Just last week the Africa cyber surge operation was announced where millions of nodes were taken down that were part of these larger, you know, system of C2 channels that attackers are using to conduct exploits and attacks throughout the world. So super exciting in that regard and it's something that we're really passionate about at Palo Alto Networks in terms of resilience, a few things, you know, one is visibility, so really having a, an understanding of in a real, as much of real time as possible, right? What's happening. And then it goes into how you, how can we decrease operational impact. So that's everything from network segmentation to wanna add the terms and phrases I like to use a lot is the win is really increasing the time it takes for the attackers to get their work done and decreasing the amount of time it takes for the defenders to get their work done, right? >>Yeah. I I call it increasing the denominator, right? And the ROI equation benefit over or value, right? Equals equals or benefit equals value over cost if you can increase the cost to go go elsewhere, right? Absolutely. And that's the, that's the game. Yeah. You mentioned Ukraine before, what have we learned from Ukraine? I, I remember I was talking to Robert Gates years ago, 2016 I think, and I was asking him, yeah, but don't we have the best cyber technology? Can't we attack? He said, we got the most to lose too. Yeah. And so what have we learned from, from Ukraine? >>Well, I, I think that's part of the key point there, right? Is you know, a great offense essentially can also be for us, you know, deterrent. So in that aspect we have as an, as a company and or excuse me, as a country, as a company as well, but then as partners throughout all parts of the world have really focused on increasing the intelligence sharing and specifically, you know, I mentioned Ukrainian cert. There are so many different agencies and other sorts throughout the world that are doing everything they can to share information to help protect human life there. And so what we've really been concerned with, with is, you know, what cyber warfare elements are going to be used there, not only how does that impact Ukraine, but how does it potentially spread out to other parts of the world critical infrastructure. So you've seen that, you know, I mentioned CS rrb, but cisa, right? >>CISA has done a tremendous job of continuously getting out information and doing everything they can to make sure that we are collaborating at a commercial level. You know, we are sharing information and intelligence more than ever before. So partners like Mania and CrowdStrike, our Intel teams are working together on a daily basis to make sure that we're able to protect not only our clients, but certainly if we've got any information relevant that we can share that as well. And I think if there's any silver lining to an otherwise very awful situation, I think the fact that is has accelerated intelligence sharing is really positive. >>I was gonna ask you about this cause I think, you know, 10 or so years ago, there was a lot of talk about that, but the industry, you know, kind of kept things to themselves, you know, a a actually tried to monetize some of that private data. So that's changing is what I'm hearing from you >>More so than ever more, you know, I've, I mentioned I've been in the field for 20 years. You know, it, it's tough when you have a commercial business that relies on, you know, information to, in order to pay people's salaries, right? I think that has changed quite a lot. We see the benefit of just that continuous sharing. There are, you know, so many more walls broken down between these commercial competitors, but also the work on the public private partnership side has really increased some of those relationships. Made it easier. And you know, I have to give a whole lot of credit and mention sisa, like the fact that during log four J, like they had GitHub repositories, they were using Slack, they were using Twitter. So the government has really started pushing forward with a lot of the newer leadership that's in place to say, Hey, we're gonna use tools and technology that works to share and disseminate information as quickly as we can. Right? That's fantastic. That's helping everybody. >>We knew that every industry, no, nobody's spared of this. But did you notice in the last couple of years, any industries in particular that are more vulnerable? Like I think of healthcare with personal health information or financial services, any industries kind of jump out as being more susceptible than others? >>So I think those two are always gonna be at the forefront, right? Financial services and healthcare. But what's been really top of mind is critical infrastructure, just making sure right? That our water, our power, our fuel, so many other parts of right, the ecosystem that go into making sure that, you know, we're keeping, you know, houses heated during the winter, for example, that people have fresh water. Those are extremely critical. And so that is really a massive area of focus for the industry right now. >>Can I come back to public-private partnerships? My question is relates to regulations because the public policy tends to be behind tech, the technology industry as an understatement. So when you take something like GDPR is the obvious example, but there are many, many others, data sovereignty, you can't move the data. Are are, are, is there tension between your desire as our desire as an industry to share data and government's desire to keep data private and restrict that data sharing? How is that playing out? How do you resolve that? >>Well I think there have been great strides right in each of those areas. So in terms of regulation when it comes to breaches there, you know, has been a tendency in the past to do victim shaming, right? And for organizations to not want to come forward because they're concerned about the monetary funds, right? I think there's been tremendous acceleration. You're seeing that everywhere from the fbi, from cisa, to really working very closely with organizations to, to have a true impact. So one example would be a ransomware attack that occurred. This was for a client of ours within the United States and we had a very close relationship with the FBI at that local field office and made a phone call. This was 7:00 AM Eastern time. And this was an organization that had this breach gone public, would've made worldwide news. There would've been a very big impact because it would've taken a lot of their systems offline. >>Within the 30 minutes that local FBI office was on site said, we just saw this piece of malware last week, we have a decryptor for it from another organization who shared it with us. Here you go. And within 60 minutes, every system was back up and running. Our teams were able to respond and get that disseminated quickly. So efforts like that, I think the government has made a tremendous amount of headway into improving relationships. Is there always gonna be some tension between, you know, competing, you know, organizations? Sure. But I think that we're doing a whole lot to progress it, >>But governments will make exceptions in that case. Especially for something as critical as the example that you just gave and be able to, you know, do a reach around, if you will, on, on onerous regulations that, that ne aren't helpful in that situation, but certainly do a lot of good in terms of protecting privacy. >>Well, and I think there used to be exceptions made typically only for national security elements, right? And now you're seeing that expanding much more so, which I think is also positive. Right. >>Last question for you as we are wrapping up time here. What can organizations really do to stay ahead of the curve when it comes to, to threat actors? We've got internal external threats. What can they really do to just be ahead of that curve? Is that possible? >>Well, it is now, it's not an easy task so I'm not gonna, you know, trivialize it. But I think that one, having relationships with right organizations in advance always a good thing. That's a, everything from certainly a commercial relationships, but also your peers, right? There's all kinds of fantastic industry spec specific information sharing organizations. I think the biggest thing that impacts is having education across your executive team and testing regularly, right? Having a plan in place, testing it. And it's not just the security pieces of it, right? As security responders, we live these attacks every day, but it's making sure that your general counsel and your head of operations and your CEO knows what to do. Your board of directors, do they know what to do when they receive a phone call from Bloomberg, for example? Are they supposed supposed to answer? Do your employees know that those kind of communications in advance and training can be really critical and make or break a difference in an attack. >>That's a great point about the testing but also the communication that it really needs to be company wide. Everyone at every level needs to know how to react. Wendy, it's been so great having, >>Wait one last question. Sure. Do you have a favorite superhero growing up? >>Ooh, it's gotta be Wonder Woman. Yeah, >>Yeah, okay. Yeah, so cuz I'm always curious, there's not a lot of women in, in security in cyber. How'd you get into it? And many cyber pros like wanna save the world? >>Yeah, no, that's a great question. So I joined the Air Force, you know, I, I was a special agent doing computer crime investigations and that was a great job. And I learned about that from, we had an alumni day and all these alumni came in from the university and they were in flight suits and combat gear. And there was one woman who had long blonde flowing hair and a black suit and high heels and she was carrying a gun. What did she do? Because that's what I wanted do. >>Awesome. Love it. We >>Blonde >>Wonder Woman. >>Exactly. Wonder Woman. Wendy, it's been so great having you on the program. We, we will definitely be following unit 42 and all the great stuff that you guys are doing. Keep up the good >>Work. Thanks so much Lisa. Thank >>You. Day our pleasure. For our guest and Dave Valante, I'm Lisa Martin, live in Las Vegas at MGM Grand for Palo Alto Ignite, 22. You're watching the Cube, the leader in live enterprise and emerging tech coverage.

(upbeat music) >> Hello, brilliant cloud community, and welcome back to AWS re:Invent. We are here in Las Vegas, Nevada. I'm Savannah Peterson, joined by my co-host Dave Vellante. Dave, how you doing? >> I'm doing well, thanks, yeah. >> Yeah, I feel like... >> I'm hanging in there. >> you've got a lot of pep in your step today for the fourth day. >> I think my voice is coming back, actually. >> (laughs) Look at you, resilient. >> I was almost lost yesterday, yeah. >> Yeah. (laughs) >> So, I actually, at a Hitachi event one time almost completely lost my voice. The production guys pulled me off. They said, "You're done." (Savannah laughing) They gave me the hook. >> You got booted? >> Dave: Yeah, yeah. >> Yeah, yeah, you actually (laughs) got the hook, wow. >> So, I have good memories of Hitachi. >> I was going to say (Dave laughing) interesting that you mentioned Hitachi. Our two guests this morning are from Hitachi. Sid and KP, welcome to the show. >> Thank you. >> Savannah: How you guys doing? Looking great for day four. >> Great. Thank you. >> Great. >> Hanging in there. >> Thank you, Dave and Savannah. (Savannah laughing) >> Dave: Yeah, cool. >> Savannah: Yeah. (laughs) >> Yeah, it was actually a Pentaho thing, right? >> Oh, Pentaho? Yeah. >> Which kind of you guys into that software edge. It was right when you announced the name change to Hitachi Vantara, which is very cool. I had Brian Householder on. You remember Brian? >> Yeah, I know. >> He was explaining the vision, and yeah (indistinct). >> Yeah. Well, look at you a little Hitachi (indistinct). >> Yeah, I've been around a long time, yeah. >> Yeah, all right. (Dave laughing) >> Just a casual flex to start us off there, Dave. I love it. I love it. Sid, we've talked a lot on the show about delivering outcomes. It's a hot theme. Everyone wants to actually have tangible business outcomes from all of this. How are customers realizing value from the cloud? What does that mean? >> See, still 2007, 2008, it was either/or kind of architecture. Either I'm going to execute my use cases on cloud or I'm going to keep my use cases and outcomes through edge. But in the last four or five years and specifically we are in re:Invent, I would talk about AWS. Lot of the power of hyperscalers has been brought to edge. If you talk about the snowball family of AWS, if you talk about monitor on edge devices, if you talk about the entire server list being brought into Lambda coupled inside snowball, now the architecture premise, if I talk about logical shift is end. Now the customers are talking about executing the use cases between edge and cloud. So, there is a continuum rather than a binary bullion decision. So, if you are talking about optimizing a factory, earlier I'll do the analytics at cloud, and I'll do machine on edge. Now it is optimization of a factory outcome at scale across my entire manufacturing where edge, private cloud, AWS, hyperscalers, everything is a continuum. And the customer is not worried about where, which part of my data ops, network ops, server ops storage ops is being executed. >> Savannah: It's like (indistinct). >> The customer is enjoying the use cases. And the orchestration is abstracted through an industrial player like Hitachi working very collaboratively with AWS. So, that is how we are working on industrial use cases right now. >> You brought up manufacturing. I don't think there's been a hotter conversation around supply chain and manufacturing than there has been the last few years. I can imagine taking that guessing game out for customers is a huge deal for you guys. >> Big because if you look at the world today, right from a safety pin, to a cell phone jacket, to a cell phone, the entire supply chain is throttled. The supply chain is throttled because there are various choke points. >> Savannah: Yeah. >> And each choke points is surrounded by different kind of supply and geopolitical issues. >> Savannah: 100%. >> Now, if we talk about the wheat crisis happening because of the Ukraine-Russia war, but the wheat crisis actually creates a multiple string of impacts which impact everything. Silicon, now we talk about silicon, but we then forget about nickel. Nickel is also controlled in one part of that geopolitical conflict. So, everything is getting conflagrated into a very big supply issue. So, if your factories are not performing beyond optimum, if they are not performing at real, I'm, we are talking about factory, hyperscale of the factory. The factory needs to perform at hyperscale to provide what the world needs today. So, we are in a very different kind of a scenario. Some of the economists call it earlier the recession was because of a demand constraint. The demand used to go down. Today's recession is because the supply is going down. The demand is there, but the supply is going down. And there is a different kind of recession in the world. The supply is what is getting throttled. >> And the demand is somewhat unpredictable too. People, you know, retailers, they've... >> Especially right now. >> kind of messed up their inventory. And so, the data is still siloed. And that's where, you know, you get to, okay, can I have the same experience across clouds, on-prem, out to the edge? Kind of bust those silos. >> Yep. >> You know, I dunno if it's, it's certainly not entirely a data problem. There's (laughs), like you say, geopolitical and social issues. >> Savannah: There's so much complexity. >> But there's a data problem too. >> Yes. >> Big. >> So, I wonder if you could talk about your sort of view of, point of view on that cross-cloud, hybrid, out to the edge, what I call super cloud? >> Absolutely. So, today, if you look at how enterprises are adopting cloud or how they're leveraging cloud, it's not just a hosting platform, right? It is the platform from where they can draw business capabilities. You heard in the re:Invent that Amazon is coming up with a supply chain service out of the box in the cloud. That's the kind of capabilities that business wants to draw from cloud today. So, the kind of multicloud or like hybrid cloud, public cloud, private cloud, those are the things which are kind of going to be behind the scenes. At the end of the day, the cloud needs to be able to support businesses by providing their services closer to their consumers. So, the challenges are going to be there in terms of like reliability, resilience, cost, security. Those are the ones that, you know, many of the enterprises are grappling with in terms of the challenges. And the way to solve that, the way how we approach our customers and work with them is to be able to bring resilience into the cloud, into the services which are running in cloud, and by driving automation, making autonomous in everything that you do, how you are monitoring your services, how we are making it available, how we are securing it, how we are making it very cost-effective as well. It cannot be manually executed; it has to be automated. So, automation is the key in terms of making the services leveraged from all of this cloud. >> That's your value add. >> Absolutely. >> And how do I consume that value add? Is it sort of embedded into infrastructure? Is it a service layer on top? >> Yeah, so everything that we do today in terms of like how these services have to be provided, how the services have to be consumed, there has to be a modern operating model, right? I think this is where Hitachi has come up with what we are calling as Hitachi Application Reliability Center and Services. That is focusing on modern operating, modern ways of like, you know, how you support these cloud workloads and driving this automation. So, whether we provide a hyper-converged infrastructure that is going to be at the edge location, or we are going to be able to take a customer through the journey of modernization or migrating onto cloud, the operating model that is going to be able to establish the foundation on cloud and then to be able to operate with the right levels of reliability, security, cost is the key. And that's the value added service that we provide. And then the way we do that is essentially by looking at three principles: one, to look at the service in totality. Gone are the days you look at infrastructure separately, applications separately, data and security separately, right? >> Savannah: No more silos. >> No more silos. You look at it as a workload, and you look at it as a service. And number two is to make sure that the DevOps that you bring and what you do at the table is totally integrated and it's end to end. It's not a product team developing a feature and then ops team trying to keep the lights on. It has to be a common backlog with the error budget that looks at you know, product releases, product functionalities, and even what ops needs to do to evolve the product as well. And then the third is to make sure that reliability and resiliency is inbuilt. Cloud offers native durability, native availability. But if your service doesn't take advantage of that, it's kind of going to still be not available. So, how do you kind of ingrain and embed all of these things as a value add that we provide? >> There's a lot of noise. We've got hybrid cloud. We've got multicloud. We've got a lot going on. It adds to the complexity. How do you help customers solve that complexity as they begin their transformation journey? I mean, I'm sure you're working with the biggest companies, making really massive change. How do you guide them through that process? >> So, it is to look at the outcome working backwards, like what AWS does, right? Like, you know, how do you look at the business outcome? What is the value that you're looking to drive? Again, it's not to be pinned through one particular cloud. I know there is lot of technology choices that you can make and lot of deployment models that you can choose from. But at the end of the day, having a common operating model which is kind of like modern, agile, and it is kind of like keeping the outcomes in the mind, that is what we do with our customers to be able to create that operating model, which completes the transformation, by the way. And cloud is just one part of the LEGO blocks which provides that overall scheme and then the view for driving that overall transformation. >> So, let's paint a picture. Let's say you've got this resilient foundation; you've kind of helped the customers build that out. How do they turn that into value for their customers? Do you have any examples that you can share? That'd be great. >> Yeah, I can start with what we're doing for one of the, you know, world's largest facility, infrastructure, power, cooling, security, monitoring company that has their products deployed in 2,000 locations across the globe. For them, and always on business means you are monitoring the temperature. You are monitoring the safety of people who are within the facility, right? A temperature shift of one to two degree can affect even the sustainability goals of NARC, our customer, but also their end consumers. So, how do you monitor these kind of like critical parameters? How do you have a platform? >> Savannah: Great example, yeah. >> How you have cloud resources that are going to be always on, that are going to be reliable, that are going to be cost-effective as well is what we are doing for one of our customers. Sid can talk about another example as well. >> Great. >> Yeah, go for it, Sid. >> So, there are examples: rail. We are working with a group in England; it's called West Coast Partnership. And they had a edge device which was increasing in size. Now, this edge device was becoming big because the parameters which go into the edge device were increasing because of regulation and because the rail is part of national security infrastructure. We have worked with West Coast Partnership and Hitachi Rail, which is a group company, to create a miniaturization of this edge device, because if the size of the edge device is increasing on the train, then the weight of the train increases, and the speed profile, velocity profile, everything goes down. So, we have miniaturized the edge device. Secondly, all the data profiles, signal control, traction control, traction motors, direction control, timetable compliance, everything has been kept uniform. And we have done analytics on cloud. So, what is the behavior of the driver? What is a big breaking parameter of the driver? If the timetable has being missed, is there an erratic behavior being demonstrated by the driver to just meet the timetable? And the timetable is a pretty important criteria in rail because if you miss one, then... So, what we have done is we have created an edge-to-cloud environment where the entire rail analytics is happening. Similarly, in another group company, Hitachi Energy, they had a problem that arguably one of the largest transformer manufacturer in the world. The transformer is a pretty common name now because you're seeing what is happening in Ukraine. Russia went after the transformers and substations before the start of the winter so that their district heating can be meddled with. Now, the transformer, it had a lead time of 17 weeks before COVID. So, if you put me an order of a three-phase transformer, I can deliver it to you in 17 weeks. After and during COVID, the entire lead time increased to 57 to 58 weeks. In cases of a complex transformer, it even went up to something like two years. >> Savannah: Ooh! >> Now, they wanted to increase the productivity of their existing plant because there is only that much sheet metal, that much copper for solenoid, that much microprocessor and silicon. So, they wanted to increase the output of their factory from 95 to 105, 10 more transformers every day, which is 500 and, which is 3,650 every- >> Savannah: Year. >> Year. Now, to do that, we went to a very complex machine; it's called a guard machine. And we increased the productivity of the guard machine by just analyzing all the throttles and all the wastages which are happening there. There are multiple case studies because, see, Hitachi is an industrial giant with 105 years of body of work. KP and I just represent the tip of the digital tip of the arrow. But what we are trying to do through HARC, through industry cloud, through partnership with AWS is basically containerizing and miniaturizing our entire body of work into a democratized environment, an industrial app store, if I may say, where people can come and take their industrial outcomes at ease without worrying about their computational and network orchestration between edge and cloud. That's what we are trying to do. >> I love that analogy of an industrial app cloud. Makes it feel easier in decreasing the complexity of all the different things that everyone's factoring into making their products, whatever they're making. So, we have a new challenge here on theCUBE at AWS re:Invent, where we are looking for your 30-second hot take, your Instagram reel, sound bite. What's the most important story or theme either for you as a team or coming out of the show? You can ponder it for a second. >> It might be different. See, for me, it is industrial security. Industrial OT security should be the theme of the Western world. Western world is on the crosshairs of multiple bad actors. And the industrial security is in the chemical plants, is in the industrial plants, is in the power grids, is in our postal networks and our rail networks. They need to be secured; otherwise, we are geopolitically very weak. Gone are the days when anyone is going to pick up a battle with America or Western world on a field. The battle is going to be pretty clandestine on an cyber world. And that is why industrial security is very important. >> Critical infrastructure and protecting it. >> Absolutely. >> Well said, Sid. KP, what's your hot take? >> My take is going to be a modern operating model, which is going to complete the transformation and to be able to tap into business services from cloud. So, a modern operating model through HARC, that is going to be my take. >> Fantastic. Well, can't wait to see what comes out of Hitachi next. Sid, KP... >> KP: Thank you. >> thank you so much for being here. >> Sid: Thank you. >> Absolutely. >> Dave: Thanks, guys. >> Savannah: This is I could talk to you all about supply chain all day long. And thank all of you for tuning in to our continuous live coverage here from AWS re:Invent in fantastic Sin City. I'm Savannah. Oh, excuse me. With Dave Vellante, I'm Savannah Peterson. You're watching theCUBE, the leader in high tech coverage. (digital xylophone music)

(upbeat music) >> Good morning everybody. Welcome back to Las Vegas. This is day four of theCUBE's wall-to-wall coverage of our Super Bowl, aka AWS re:Invent 2022. I'm here with my co-host, Paul Gillin. My name is Dave Vellante. Sanjay Poonen is in the house, CEO and president of Cohesity. He's sitting in as our guest market watcher, market analyst, you know, deep expertise, new to the job at Cohesity. He was kind enough to sit in, and help us break down what's happening at re:Invent. But Paul, first thing, this morning we heard from Werner Vogels. He was basically given a masterclass on system design. It reminded me of mainframes years ago. When we used to, you know, bury through those IBM blue books and red books. You remember those Sanjay? That's how we- learned back then. >> Oh God, I remember those, Yeah. >> But it made me think, wow, now you know IBM's more of a systems design, nobody talks about IBM anymore. Everybody talks about Amazon. So you wonder, 20 years from now, you know what it's going to be. But >> Well- >> Werner's amazing. >> He pulled out a 24 year old document. >> Yup. >> That he had written early in Amazon's evolution about synchronous design or about essentially distributed architectures that turned out to be prophetic. >> His big thing was nature is asynchronous. So systems are asynchronous. Synchronous is an illusion. It's an abstraction. It's kind of interesting. But, you know- >> Yeah, I mean I've had synonyms for things. Timeless architecture. Werner's an absolute legend. I mean, when you think about folks who've had, you know, impact on technology, you think of people like Jony Ive in design. >> Dave: Yeah. >> You got to think about people like Werner in architecture and just the fact that Andy and the team have been able to keep him engaged that long... I pay attention to his keynote. Peter DeSantis has obviously been very, very influential. And then of course, you know, Adam did a good job, you know, watching from, you know, having watched since I was at the first AWS re:Invent conference, at time was President SAP and there was only a thousand people at this event, okay? Andy had me on stage. I think I was one of the first guest of any tech company in 2011. And to see now this become like, it's a mecca. It's a mother of all IT events, and watch sort of even the transition from Andy to Adam is very special. I got to catch some of Ruba's keynote. So while there's some new people in the mix here, this has become a force of nature. And the last time I was here was 2019, before Covid, watched the last two ones online. But it feels like, I don't know 'about what you guys think, it feels like it's back to 2019 levels. >> I was here in 2019. I feel like this was bigger than 2019 but some people have said that it's about the same. >> I think it was 60,000 versus 50,000. >> Yes. So close. >> It was a little bigger in 2019. But it feels like it's more active. >> And then last year, Sanjay, you weren't here but it was 25,000, which was amazing 'cause it was right in that little space between Omicron, before Omicron hit. But you know, let me ask you a question and this is really more of a question about Amazon's maturity and I know you've been following them since early days. But the way I get the question, number one question I get from people is how is Amazon AWS going to be different under Adam than it was under Andy? What do you think? >> I mean, Adam's not new because he was here before. In some senses he knows the Amazon culture from prior, when he was running sales and marketing prior. But then he took the time off and came back. I mean, this will always be, I think, somewhat Andy's baby, right? Because he was the... I, you know, sent him a text, "You should be really proud of what you accomplished", but you know, I think he also, I asked him when I saw him a few weeks ago "Are you going to come to re:Invent?" And he says, "No, I want to leave this to be Adam's show." And Adam's going to have a slightly different view. His keynotes are probably half the time. It's a little bit more vision. There was a lot more customer stories at the beginning of it. Taking you back to the inspirational pieces of it. I think you're going to see them probably pulling up the stack and not just focused in infrastructure. Many of their platform services are evolved. Many of their, even application services. I'm surprised when I talk to customers. Like Amazon Connect, their sort of call center type technologies, an app layer. It's getting a lot. I mean, I've talked to a couple of Fortune 500 companies that are moving off Ayer to Connect. I mean, it's happening and I did not know that. So it's, you know, I think as they move up the stack, the platform's gotten more... The data centric stack has gotten, and you know, in the area we're working with Cohesity, security, data protection, they're an investor in our company. So this is an important, you know, both... I think tech player and a partner for many companies like us. >> I wonder the, you know, the marketplace... there's been a big push on the marketplace by all the cloud companies last couple of years. Do you see that disrupting the way softwares, enterprise software is sold? >> Oh, for sure. I mean, you have to be a ostrich with your head in the sand to not see this wave happening. I mean, what's it? $150 billion worth of revenue. Even though the growth rates dipped a little bit the last quarter or so, it's still aggregatively between Amazon and Azure and Google, you know, 30% growth. And I think we're still in the second or third inning off a grand 1 trillion or 2 trillion of IT, shifting not all of it to the cloud, but significantly faster. So if you add up all of the big things of the on-premise world, they're, you know, they got to a certain size, their growth is stable, but stalling. These guys are growing significantly faster. And then if you add on top of them, platform companies the data companies, Snowflake, MongoDB, Databricks, you know, Datadog, and then apps companies on top of that. I think the move to the Cloud is inevitable. In SaaS companies, I don't know why you would ever implement a CRM solution on-prem. It's all gone to the Cloud. >> Oh, it is. >> That happened 15 years ago. I mean, begin within three, five years of the advent of Salesforce. And the same thing in HR. Why would you deploy a HR solution now? You've got Workday, you've got, you know, others that are so some of those apps markets are are just never coming back to an on-prem capability. >> Sanjay, I want to ask you, you built a reputation for being able to, you know, forecast accurately, hit your plan, you know, you hit your numbers, you're awesome operator. Even though you have a, you know, technology degree, which you know, that's a two-tool star, multi-tool star. But I call it the slingshot economy. This is like, I mean I've seen probably more downturns than anybody in here, you know, given... Well maybe, maybe- >> Maybe me. >> You and I both. I've never seen anything like this, where where visibility is so unpredictable. The economy is sling-shotting. It's like, oh, hurry up, go Covid, go, go go build, build, build supply, then pull back. And now going forward, now pulling back. Slootman said, you know, on the call, "Hey the guide, is the guide." He said, "we put it out there, We do our best to hit it." But you had CrowdStrike had issues you know, mid-market, ServiceNow. I saw McDermott on the other day on the, on the TV. I just want to pay, you know, buy from the guy. He's so (indistinct) >> But mixed, mixed results, Salesforce, you know, Octa now pre-announcing, hey, they're going to be, or announcing, you know, better visibility, forward guide. Elastic kind of got hit really hard. HPE and Dell actually doing really well in the enterprise. >> Yep. >> 'Course Dell getting killed in the client. But so what are you seeing out there? How, as an executive, do you deal with such poor visibility? >> I think, listen, what the last two or three years have taught us is, you know, with the supply chain crisis, with the surge that people thought you may need of, you know, spending potentially in the pandemic, you have to start off with your tech platform being 10 x better than everybody else. And differentiate, differentiate. 'Cause in a crowded market, but even in a market that's getting tougher, if you're not differentiating constantly through technology innovation, you're going to get left behind. So you named a few places, they're all technology innovators, but even if some of them are having challenges, and then I think you're constantly asking yourselves, how do you move from being a point product to a platform with more and more services where you're getting, you know, many of them moving really fast. In the case of Roe, I like him a lot. He's probably one of the most savvy operators, also that I respect. He calls these speedboats, and you know, his core platform started off with the firewall network security. But he's built now a very credible cloud security, cloud AI security business. And I think that's how you need to be thinking as a tech executive. I mean, if you got core, your core beachhead 10 x better than everybody else. And as you move to adjacencies in these new platforms, have you got now speedboats that are getting to a point where they are competitive advantage? Then as you think of the go-to-market perspective, it really depends on where you are as a company. For a company like our size, we need partners a lot more. Because if we're going to, you know, stand on the shoulders of giants like Isaac Newton said, "I see clearly because I stand on the shoulders giants." I need to really go and cultivate Amazon so they become our lead partner in cloud. And then appropriately Microsoft and Google where I need to. And security. Part of what we announced last week was, last month, yeah, last couple of weeks ago, was the data security alliance with the biggest security players. What was I trying to do with that? First time ever done in my industry was get Palo Alto, CrowdStrike, Wallace, Tenable, CyberArk, Splunk, all to build an alliance with me so I could stand on their shoulders with them helping me. If you're a bigger company, you're constantly asking yourself "how do you make sure you're getting your, like Amazon, their top hundred customers spending more with that?" So I think the the playbook evolves, and I'm watching some of these best companies through this time navigate through this. And I think leadership is going to be tested in enormously interesting ways. >> I'll say. I mean, Snowflake is really interesting because they... 67% growth, which is, I mean, that's best in class for a company that's $2 billion. And, but their guide was still, you know, pretty aggressive. You know, so it's like, do you, you know, when it when it's good times you go, "hey, we can we can guide conservatively and know we can beat it." But when you're not certain, you can't dial down too far 'cause your investors start to bail on you. It's a really tricky- >> But Dave, I think listen, at the end of the day, I mean every CEO should not be worried about the short term up and down in the stock price. You're building a long-term multi-billion dollar company. In the case of Frank, he has, I think I shot to a $10 billion, you know, analytics data warehousing data management company on the back of that platform, because he's eyeing the market that, not just Teradata occupies today, but now Oracle occupies or other databases, right? So his tam as it grows bigger, you're going to have some of these things, but that market's big. I think same with Palo Alto. I mean Datadog's another company, 75% growth. >> Yeah. >> At 20% margins, like almost rule of 95. >> Amazing. >> When they're going after, not just the observability market, they're eating up the sim market, security analytics, the APM market. So I think, you know, that's, you look at these case studies of companies who are going from point product to platforms and are steadily able to grow into new tams. You know, to me that's very inspiring. >> I get it. >> Sanjay: That's what I seek to do at our com. >> I get that it's a marathon, but you know, when you're at VMware, weren't you looking at the stock price every day just out of curiosity? I mean listen, you weren't micromanaging it. >> You do, but at the end of the day, and you certainly look at the days of earnings and so on so forth. >> Yeah. >> Because you want to create shareholder value. >> Yeah. >> I'm not saying that you should not but I think in obsession with that, you know, in a short term, >> Going to kill ya. >> Makes you, you know, sort of myopically focused on what may not be the right thing in the long term. Now in the long arc of time, if you're not creating shareholder value... Look at what happened to Steve Bomber. You needed Satya to come in to change things and he's created a lot of value. >> Dave: Yeah, big time. >> But I think in the short term, my comments were really on the quarter to quarter, but over a four a 12 quarter, if companies are growing and creating profitable growth, they're going to get the valuation they deserve. >> Dave: Yeah. >> Do you the... I want to ask you about something Arvind Krishna said in the previous IBM earnings call, that IT is deflationary and therefore it is resistant to the macroeconomic headwinds. So IT spending should actually thrive in a deflation, in a adverse economic climate. Do you think that's true? >> Not all forms of IT. I pay very close attention to surveys from, whether it's the industry analysts or the Morgan Stanleys, or Goldman Sachs. The financial analysts. And I think there's a gluc in certain sectors that will get pulled back. Traditional view is when the economies are growing people spend on the top line, front office stuff, sales, marketing. If you go and look at just the cloud 100 companies, which are the hottest private companies, and maybe with the public market companies, there's way too many companies focused on sales and marketing. Way too many. I think during a downsizing and recession, that's going to probably shrink some, because they were all built for the 2009 to 2021 era, where it was all about the top line. Okay, maybe there's now a proposition for companies who are focused on cost optimization, supply chain visibility. Security's been intangible, that I think is going to continue to an investment. So I tell, listen, if you are a tech investor or if you're an operator, pay attention to CIO priorities. And right now, in our business at Cohesity, part of the reason we've embraced things like ransomware protection, there is a big focus on security. And you know, by intelligently being a management and a security company around data, I do believe we'll continue to be extremely relevant to CIO budgets. There's a ransomware, 20 ransomware attempts every second. So things of that kind make you relevant in a bank. You have to stay relevant to a buying pattern or else you lose momentum. >> But I think what's happening now is actually IT spending's pretty good. I mean, I track this stuff pretty closely. It's just that expectations were so high and now you're seeing earnings estimates come down and so, okay, and then you, yeah, you've got the, you know the inflationary factors and your discounted cash flows but the market's actually pretty good. >> Yeah. >> You know, relative to other downturns that if this is not a... We're not actually not in a downturn. >> Yeah. >> Not yet anyway. It may be. >> There's a valuation there. >> You have to prepare. >> Not sales. >> Yeah, that's right. >> When I was on CNBC, I said "listen, it's a little bit like that story of Joseph. Seven years of feast, seven years of famine." You have to prepare for potentially your worst. And if it's not the worst, you're in good shape. So will it be a recession 2023? Maybe. You know, high interest rates, inflation, war in Russia, Ukraine, maybe things do get bad. But if you belt tightening, if you're focused in operational excellence, if it's not a recession, you're pleasantly surprised. If it is one, you're prepared for it. >> All right. I'm going to put you in the spot and ask you for predictions. Expert analysis on the World Cup. What do you think? Give us the breakdown. (group laughs) >> As my... I wish India was in the World Cup, but you can't get enough Indians at all to play soccer well enough, but we're not, >> You play cricket, though. >> I'm a US man first. I would love to see one of Brazil, or Argentina. And as a Messi person, I don't know if you'll get that, but it would be really special for Messi to lead, to end his career like Maradonna winning a World Cup. I don't know if that'll happen. I'm probably going to go one of the Latin American countries, if the US doesn't make it far enough. But first loyalty to the US team, and then after one of the Latin American countries. >> And you think one of the Latin American countries is best bet to win or? >> I don't know. It's hard to tell. They're all... What happens now at this stage >> So close, right? >> is anybody could win. >> Yeah. You just have lots of shots of gold. I'm a big soccer fan. It could, I mean, I don't know if the US is favored to win, but if they get far enough, you get to the finals, anybody could win. >> I think they get Netherlands next, right? >> That's tough. >> Really tough. >> But... The European teams are good too, but I would like to see US go far enough, and then I'd like to see Latin America with team one of Argentina, or Brazil. That's my prediction. >> I know you're a big Cricket fan. Are you able to follow Cricket the way you like? >> At god unearthly times the night because they're in Australia, right? >> Oh yeah. >> Yeah. >> I watched the T-20 World Cup, select games of it. Yeah, you know, I'm not rapidly following every single game but the World Cup games, I catch you. >> Yeah, it's good. >> It's good. I mean, I love every sport. American football, soccer. >> That's great. >> You get into basketball now, I mean, I hope the Warriors come back strong. Hey, how about the Warriors Celtics? What do we think? We do it again? >> Well- >> This year. >> I'll tell you what- >> As a Boston Celtics- >> I would love that. I actually still, I have to pay off some folks from Palo Alto office with some bets still. We are seeing unprecedented NBA performance this year. >> Yeah. >> It's amazing. You look at the stats, it's like nothing. I know it's early. Like nothing we've ever seen before. So it's exciting. >> Well, always a pleasure talking to you guys. >> Great to have you on. >> Thanks for having me. >> Thank you. Love the expert analysis. >> Sanjay Poonen. Dave Vellante. Keep it right there. re:Invent 2022, day four. We're winding up in Las Vegas. We'll be right back. You're watching theCUBE, the leader in enterprise and emerging tech coverage. (lighthearted soft music)

>> Male: TheCUBE presents, UIPATH, Forward 5 brought to you by, UIPATH. >> Okay the party has started here at forward 5 UIPATH big customer event if you're watching the cube. We're wrapping up day one with the co-CE0 segment. Daniel Dines is here. He's the founder and Co-CEO of UIPATH and Rob Enslin, is co-CEO. Gents, great to see you. Thanks for spending some time with us. I know you're super busy. >> Thanks Dave. >> So I've been looking forward to this. Daniel you know I've followed the company for a long time. The really interesting path you took, to get to where you are today. How did you guys meet? And why did you decide to hire Rob? >> Male: (laughs) >> Rob: Well let me start. I uh, I was looking for a partner. Actually, in our work to your stand here, we are talking about how, how you feel in this job. You feel so alone. Because you are the center of all pressure points. And having a partner, having someone that has your back, it's kind of awesome. So I was looking for a partner. And our current friend, Carl Escenbach, he introduced us to each other, and we instantly clicked. And this is the type of job where it's uh either work well or it doesn't. It cannot be anything in the middle. >> Right, okay with Carl, we know Carl well. Awesome operator. Knows the business super well. So Rob, what attracted you to UIPATH? You had a great situation at google. You guys were growing like crazy. Why did you decide to come here? What did you see that attracted you? >> Yeah you know when I, when I went to google, I went to google because I really believed that data and AI was necessary for companies. And business is to be competitive in the future. And we did some great stuff at google cloud in the 3 years. But I knew UIPATH from a couple of years ago when they were mainly a RPA space. And I just felt that there was a place in time when automation was going expand. And as I sat down with Carl a couple of times, spoke to carl. And then I sat down with Daniel, I knew that there was something special with UIPATH, that could be a generational opportunity. Not any for myself but for the company in the future. And then I, you know I got to know Daniel. And at this stage of my career I was like, I'm pretty fussy about what I want to do and what I want and where I want to go. First of all, I want to go to a company that had great product, had a great culture, and I wanted to work with somebody that we could shake the future together and you know, Daniel and I just hit it off from the very first time we met. He got to meet my family, my dogs and we did the whole, we did the whole courting thing before we actually decided this was going to be a good thing for both of us. >> Dave: That's good. >> Rob: Yeah. >> Dave: You got to meet the family. That's very good. >> We just had, John Furrier and I just had, Mohit Aron and Sanjay Poonen into out studio. Cause Mohit, you know, formal google. Long time. And they decided to kind of split duties. Mohit's going into product, he didn't keep his CEO title. He walked. How are you guys splitting you time? What are each of you going to, responsible for? >> Daniel: Well its, its kind of similar. On a day by day operation I, I rely heavily on Rob. We do it together. Strategic decisions about the company's destiny. I'm doing mostly the product these days. Which is a big relief for me. And I think we also split a bit of customers visit. Which is great. I still enjoy meeting customers. I need, customers are food for my cause. >> Dave: (laughs) yeah and your awesome product visionary. You've been there since day one. Now Rob, you said in the key note today that you've seen around about a hundred customers. You've transverse the world. What did you learn from them that informed you? That gave you confidence that the the move to the internet platform, even though you had already started that. >> Male: Yeah. >> But you're really doubling down on that >> Rob: You know when I... >> from a stand point. >> Rob: You know Dave, when you think about it, like I was, I was so impressed that Daniel had the vision to create a platform 3 years ago. >> Dave: Yeah. >> All right. And as we went around the world. As I went around the world, and it was one of the very first things I've seen. I've got to understand how customers see UIPATH, from their advantage point. What are they looking for from us? Why is this company, why doe customers like this company so much? And as I went around the world. I went to Asia a couple, I went to Asia, Australia, Singapore, Japan. I was in Europe twice. We did the trip together. We went to visit customers. And it was very much the same thing. Helps us expand automation faster. And we are so surprise, at the break of your platform. We never knew that. And so it kind of just had, for me, it was conviction. It's like, this walls is the right decision you've made. There's so much opportunity there. And that's, you know that's kind of what I've learned through the last four five months. >> Dave: Now as you know Daniel, I've written a lot about your company. One of the things I've said is that, that start ups, if I can call you that back pre-IPO, typically don't have as much international exposure as UIPATH had. I mean you sort of, you sort of started as an international company and became more US centric. You said, in the, in the key note today, you're talking to Ray Wong about people may don't understand that challenges of FX. Point being, when you convert international dollars into US dollars there are less of them cause the dollars stronger. But still, I've always felt like that international footprint is an advantage. Rob you came from SAP, you know, again European based company. I don't, (stutters), do you regret that? Now? I mean I know it's technical, I'm sure you don't, but talk about that sort of international exposure? Why that's a long term benefit. >> Well, you, first of all, you expand faster. I think we expanded faster than our competition because our global footprint was larger. And we had the courage. Go in Japan, for instance. Everybody told me, it's impossible to make for such a small starter. It's impossible to make a business in Japan. But we didn't believe it. We're just crazy and we went there, and be built a very sizable business in Japan. Fifty-five percent of our revenue, even today, it's outside U.S. Now of course that has a down side. When uh, When the local currencies, you know, are losing the value compared to the dollars, we're impacted. As we go to... to investors, until now, so we are seeing like a (indistinct) in terms of ARI. It's huge. Only because (indistinct) and losing the business in Russia. But it still, it's the strength of our company. Things will come back. And then, you know, the growth engine will re-accelerate again. >> Dave: Yeah but when the dollars weakens that'll be in your favor. Rob I want to pick up on something you said today in your keynote. You went back and started, you know the cycles of ERP and you know, internet, et cetera. I kind of have a love hate with ERP. I have to be honest. >> Male: (laughing) >> But it, but but (chuckles) but if I go back to that. Late eighties nineties, you wouldn't have be able to pick SAP as the winner. And then SAP emerged. You know, very clearly. But the more interesting thing, is that the customers who are implementing ERP well. The practitioners did better than their peers, and dominated their industries. And their stocks went up. Their evaluations went up. Different worlds obviously but, do you see the same thing happening with RPA and automation? What gives you confidence that that's the case? >> I absolutely do see the same thing happening with automation and RPA being a part of, in being a part of that. The reason, the reason I believe that is speed is so critical. (stutters) And if you think about how hard it is for a CIO or a c level executive to consume the technology coming at them, plus all the changes in the world being thrown at them. It's compiling and compiling and compiling. We have an incredible solution, that can help companies. And there comes certain times, the love outcomes to the business. Like no one else gets. And when I see that, I view that as just like the beginning of what's going to happen in the future so, in many ways, and I've said this to many of my friends, it feels like 1992, 1993 to me. And it's interesting because no one really understood then why SAP would be great in 1992 and 93. And they got a couple of things right. They got the eco system right. Their new partners were important. And the knew they needed to drive business outcome for companies, in which they did. And so I feel like we are in a very similar place. Very different technology obviously. And the speed of change now is so dramatic, compared to what it was. And there's very few technology that can provide that level of speed and accomodation to their customers. >> All right, let's talk about priorities. You guys got a lot of work to do and you've, you've laid it out to the financial community. You've got to have profitable growth, because of FX, it part, you've lowered your forecast. But I think there's some conservative in their as well. Um, but you got to do that balance. You've given some guidance on gross margins. Cloud maybe brings that down a little bit. RnD I saw wide range. Thirteen to seventeen percent. I hope you keep spending on RnD. Big fan of that. You know stock buybacks and, RnD if in your position are going to be better. And the product priorities, continue to build that out. But question, let's start with the product. So you've got an on-prem stack and you've got a cloud stack that's emerging, how do you balance those out? How do you do the integration? You've done a great job with the integration. Does it, are you concerned about your ability to continue to work at that speed with two code bases? I wonder if you could address that? >> Daniel: We've become a cloud first company. We deliver all of our products first in the cloud. We've deliver on the two week (indistinct) in the cloud. So that helps us integrate quite fast. I think we made a very good business decision to build our cloud team in Seattle. In Bellevue to be specific. And we have access to great talent that knows how to build serious cloud service. Which is hard to find dollar. And uh, so, and also we, we have, we benef- one of our only benefits was, we have the really good architecture. We have an architecture that work easily on-prem and on the cloud. And even today, our work flow foundation, our local designers, were easy to modernize. So right now we are launching studio weapon. But behind the scene, it's the same workflow engine. Our customers don't have to rewrite anything. It just works. And it does the same to take our own brand product and brand it in the multicloud. So, it's, there is no friction at all. Actually cloud is just helping us accelerate. But we benefit then again of a really solid architectural foundation. >> Daniel: Architecture matters. We've seen that in this industry. We got the B52s rocking out in the background, I love it, but I've got so many questions for you guys. I want to talk about the go to market. Because Rob, it's obviously a strength of yours. You've come in. You've communicated to the street, that you're reshaping the sales floors. Are they lowering the ratios of sales? People, the customers at the high end, mid range as well, using digital. I mean the numbers are one to ten now. At the top. One to maybe fifty at the mid range. Where are you in terms of that journey? You've got to find people, you got to train them, how do you get the productivity out of those guys? Take us through your thinking there? >> Rob: Yeah firstly, I think we have enough resources. Having resources is not an issue. Um, we have an incredible vehicle to acquire customers inside the company. Our digital sales motion, it's probably the best I've seen. And so we have the ability to acquire customers really fast. And we get the first workload in really fast. The challenge is we need to, we need to be able to drive a (indistinct) model and we graduate customs when we acquire them into the direct sales floors. And then direct sales floors, we're not going to go one to thirty, we're talking one to ten for the direct sales floor. And even the high up in the pyramid, we want to have an even denser model than that. And the whole purpose is to drive the time to consumption much quicker, much faster. So we know exactly if we acquire a customer, will they spend? Do they have a (indistinct) spend? On what level do they have a (indistinct) spend? And therefore when we capture them, we can immediately surround them, and put the right resources so we can grow faster. We think this will have a significant impact on the organization. We'll start to implement certain pieces in the next quarter. Um, things like packaging solutions. Putting them in, enabling the sales organization. And buy the beginning of next year, we'll be ready to actually go full board, globally. We already put some pieces in place when I joined. Chris Weber, my chief business officer, did a great job doing some of those pieces. So we're on the journey already. >> Dave: Yeah and even before you guys were public and you weren't publishing your NRR numbers. Our ETR survey partner, we, we always thought you had very low churn. And I think you broke out just yesterday. The, the NRR for overseas vs U.S, U.S I think was 140 plus percent. >> Male: Yeah >> Very very strong. A little, a little less overseas but the churn is still very low. >> Male: Yep. >> Okay so that's super positive. Customer affinity, I was wanted to code these events. I listen to the key notes very carefully, and then interview customers on the cube, and I try to identify, is there alignment there? And I see very strong alignment, I have to say, and strong customer affinity. So that's in your favor. I have, Daniel, I got another question for you on product. What is Symantec automation? What the heck is that? Can you explain that? I don't understand >> Dave, have you seen the demo in my (indistinct)? >> Dave: You know, I had to leave and do interviews, so I, uh, I missed it. >> I think, I think that demo answer complete your question. So in the s-, you know there saying that great, you can not distinguish great technology by magic. I think technology should be simple. And we, we show today, one of the simplest demo that you can imagine. But it's so, such a complex technology behind the scene, that you also can not imagine. So what was demo? We show how one business user, without any technical skills, can build any type of document. Can be a passport, can be an invoice, can be a legal (indistinct), and just go, "I want to copy data from here, and I want to paste data there". Can be a spreadsheet, can be another obligation, and like a human user, without understanding, without having prior knowledge about data, document layout, about screens, screens layouts, nothing, we analyze real time. Document. We discover, we discover the meaning of the information. We analyze the screen. We understand the screen but we understand the meaning of the screen. And we understand how the information in one side relate to the other side. And we just connects the dots and we copy the information and we paste it. A job that you'll do as a human user, maybe three minutes, is done in ten seconds. This is powerful. >> Yeah that is powerful. Thank you for that. I mean, and you take the date, whether it's transaction data or unstructured data and and and bring meaning out of it. That's powerful. Last question and I'll let you guys go. Rob, you got traders, and you've got long term investors. All right traders going to be defensive, today. I get that. Make the case for UIPATH, for long term investors. >> Rob: I think we're going to be a multi-gern- multi-billion company and we're going to be a generational company of our time. And we will define enterprise automation. And it's going to be a long term game and we feel like really strong that we'll be the lead in that game. >> Dave: Guys, thanks so much for coming to the cube. Great show. Always fun at UiPath Forward. Really appreciate your time. Thank you. >> Thanks dave. >> Appreciate it as well. >> Okay wrap it up, day one, we're here tomorrow, first thing, Dave Vellante and Dave Nicholson. Thanks for watching, forward 5, Uipath big customer event, we'll see you tomorrow. (music)

>> We're back at the ARIA Las Vegas. We're covering CrowdStrike's Fal.Con 22. First one since 2019. Dave Vellante and Dave Nicholson on theCUBE. Adam Meyers is here, he is the Senior Vice President of Intelligence at CrowdStrike. Adam, thanks for coming to theCUBE. >> Thanks for having me. >> Interesting times, isn't it? You're very welcome. Senior Vice President of Intelligence, tell us what your role is. >> So I run all of our intelligence offerings. All of our analysts, we have a couple hundred analysts that work at CrowdStrike tracking threat actors. There's 185 threat actors that we track today. We're constantly adding more of them and it requires us to really have that visibility and understand how they operate so that we can inform our other products: our XDR, our Cloud Workload Protections and really integrate all of this around the threat actor. >> So it's that threat hunting capability that CrowdStrike has. That's what you're sort of... >> Well, so think of it this way. When we launched the company 11 years ago yesterday, what we wanted to do was to tell customers, to tell people that, well, you don't have a malware problem, you have an adversary problem. There are humans that are out there conducting these attacks, and if you know who they are what they're up to, how they operate then you're better positioned to defend against them. And so that's really at the core, what CrowdStrike started with and all of our products are powered by intelligence. All of our services are our OverWatch and our Falcon complete, all powered by intelligence because we want to know who the threat actors are and what they're doing so we can stop them. >> So for instance like you can stop known malware. A lot of companies can stop known malware, but you also can stop unknown malware. And I infer that the intelligence is part of that equation, is that right? >> Absolutely. That that's the outcome. That's the output of the intelligence but I could also tell you who these threat actors are, where they're operating out of, show you pictures of some of them, that's the threat intel. We are tracking down to the individual persona in many cases, these various threats whether they be Chinese nation state, Russian threat actors, Iran, North Korea, we track as I said, quite a few of these threats. And over time, we develop a really robust deep knowledge about who they are and how they operate. >> Okay. And we're going to get into some of that, the big four and cyber. But before we do, I want to ask you about the eCrime index stats, the ECX you guys call it a little side joke for all your nerds out there. Maybe you could explain that Adam >> Assembly humor. >> Yeah right, right. So, but, what is that index? You guys, how often do you publish it? What are you learning from that? >> Yeah, so it was modeled off of the Dow Jones industrial average. So if you look at the Dow Jones it's a composite index that was started in the late 1800s. And they took a couple of different companies that were the industrial component of the economy back then, right. Textiles and railroads and coal and steel and things like that. And they use that to approximate the overall health of the economy. So if you take these different stocks together, swizzle 'em together, and figure out some sort of number you could say, look, it's up. The economy's doing good. It's down, not doing so good. So after World War II, everybody was exuberant and positive about the end of the war. The DGI goes up, the oil crisis in the seventies goes down, COVID hits goes up, sorry, goes down. And then everybody realizes that they can use Amazon still and they can still get the things they need goes back up with the eCrime index. We took that approach to say what is the health of the underground economy? When you read about any of these ransomware attacks or data extortion attacks there are criminal groups that are working together in order to get things spammed out or to buy credentials and things like that. And so what the eCrime index does is it takes 24 different observables, right? The price of a ransom, the number of ransom attacks, the fluctuation in cryptocurrency, how much stolen material is being sold for on the underground. And we're constantly computing this number to understand is the eCrime ecosystem healthy? Is it thriving or is it under pressure? And that lets us understand what's going on in the world and kind of contextualize it. Give an example, Microsoft on patch Tuesday releases 56 vulnerabilities. 11 of them are critical. Well guess what? After hack Tuesday. So after patch Tuesday is hack Wednesday. And so all of those 11 vulnerabilities are exploitable. And now you have threat actors that have a whole new array of weapons that they can deploy and bring to bear against their victims after that patch Tuesday. So that's hack Wednesday. Conversely we'll get something like the colonial pipeline. Colonial pipeline attack May of 21, I think it was, comes out and all of the various underground forums where these ransomware operators are doing their business. They freak out because they don't want law enforcement. President Biden is talking about them and he's putting pressure on them. They don't want this ransomware component of what they're doing to bring law enforcement, bring heat on them. So they deplatform them. They kick 'em off. And when they do that, the ransomware stops being as much of a factor at that point in time. And the eCrime index goes down. So we can look at holidays, and right around Thanksgiving, which is coming up pretty soon, it's going to go up because there's so much online commerce with cyber Monday and such, right? You're going to see this increase in online activity; eCrime actors want to take advantage of that. When Christmas comes, they take vacation too; they're going to spend time with their families, so it goes back down and it stays down till around the end of the Russian Orthodox Christmas, which you can probably extrapolate why that is. And then it goes back up. So as it's fluctuating, it gives us the ability to really just start tracking what that economy looks like. >> Realtime indicator of that crypto. >> I mean, you talked about, talked about hack Wednesday, and before that you mentioned, you know, the big four, and I think you said 185 threat actors that you're tracking, is 180, is number 185 on that list? Somebody living in their basement in their mom's basement or are the resources necessary to get on that list? Such that it's like, no, no, no, no. this is very, very organized, large groups of people. Hollywood would have you believe that it's guy with a laptop, hack Wednesday, (Dave Nicholson mimics keyboard clacking noises) and everything done. >> Right. >> Are there individuals who are doing things like that or are these typically very well organized? >> That's a great question. And I think it's an important one to ask and it's both it tends to be more, the bigger groups. There are some one-off ones where it's one or two people. Sometimes they get big. Sometimes they get small. One of the big challenges. Have you heard of ransomware as a service? >> Of course. Oh my God. Any knucklehead can be a ransomwarist. >> Exactly. So we don't track those knuckleheads as much unless they get onto our radar somehow, they're conducting a lot of operations against our customers or something like that. But what we do track is that ransomware as a service platform because the affiliates, the people that are using it they come, they go and, you know, it could be they're only there for a period of time. Sometimes they move between different ransomware services, right? They'll use the one that's most useful for them that that week or that month, they're getting the best rate because it's rev sharing. They get a percentage that platform gets percentage of the ransom. So, you know, they negotiate a better deal. They might move to a different ransomware platform. So that's really hard to track. And it's also, you know, I think more important for us to understand the platform and the technology that is being used than the individual that's doing it. >> Yeah. Makes sense. Alright, let's talk about the big four. China, Iran, North Korea, and Russia. Tell us about, you know, how you monitor these folks. Are there different signatures for each? Can you actually tell, you know based on the hack who's behind it? >> So yeah, it starts off, you know motivation is a huge factor. China conducts espionage, they do it for diplomatic purposes. They do it for military and political purposes. And they do it for economic espionage. All of these things map to known policies that they put out, the Five Year Plan, the Made in China 2025, the Belt and Road Initiative, it's all part of their efforts to become a regional and ultimately a global hegemon. >> They're not stealing nickels and dimes. >> No they're stealing intellectual property. They're stealing trade secrets. They're stealing negotiation points. When there's, you know a high speed rail or something like that. And they use a set of tools and they have a set of behaviors and they have a set of infrastructure and a set of targets that as we look at all of these things together we can derive who they are by motivation and the longer we observe them, the more data we get, the more we can get that attribution. I could tell you that there's X number of Chinese threat groups that we track under Panda, right? And they're associated with the Ministry of State Security. There's a whole other set. That's too associated with the People's Liberation Army Strategic Support Force. So, I mean, these are big operations. They're intelligence agencies that are operating out of China. Iran has a different set of targets. They have a different set of motives. They go after North American and Israeli businesses right now that's kind of their main operation. And they're doing something called hack and lock and leak. With a lock and leak, what they're doing is they're deploying ransomware. They don't care about getting a ransom payment. They're just doing it to disrupt the target. And then they're leaking information that they steal during that operation that brings embarrassment. It brings compliance, regulatory, legal impact for that particular entity. So it's disruptive >> The chaos creators that's.. >> Well, you know I think they're trying to create a they're trying to really impact the legitimacy of some of these targets and the trust that their customers and their partners and people have in them. And that is psychological warfare in a certain way. And it, you know is really part of their broader initiative. Look at some of the other things that they've done they've hacked into like the missile defense system in Israel, and they've turned on the sirens, right? Those are all things that they're doing for a specific purpose, and that's not China, right? Like as you start to look at this stuff, you can start to really understand what they're up to. Russia very much been busy targeting NATO and NATO countries and Ukraine. Obviously the conflict that started in February has been a huge focus for these threat actors. And then as we look at North Korea, totally different. They're doing, there was a major crypto attack today. They're going after these crypto platforms, they're going after DeFi platforms. They're going after all of this stuff that most people don't even understand and they're stealing the crypto currency and they're using it for revenue generation. These nuclear weapons don't pay for themselves, their research and development don't pay for themselves. And so they're using that cyber operation to either steal money or steal intelligence. >> They need the cash. Yeah. >> Yeah. And they also do economic targeting because Kim Jong Un had said back in 2016 that they need to improve the lives of North Koreans. They have this national economic development strategy. And that means that they need, you know, I think only 30% of North Korea has access to reliable power. So having access to clean energy sources and renewable energy sources, that's important to keep the people happy and stop them from rising up against the regime. So that's the type of economic espionage that they're conducting. >> Well, those are the big four. If there were big five or six, I would presume US and some Western European countries would be on there. Do you track, I mean, where United States obviously has you know, people that are capable of this we're out doing our thing, and- >> So I think- >> That defense or offense, where do we sit in this matrix? >> Well, I think the big five would probably include eCrime. We also track India, Pakistan. We track actors out of Columbia, out of Turkey, out of Syria. So there's a whole, you know this problem is getting worse over time. It's proliferating. And I think COVID was also, you know a driver there because so many of these countries couldn't move human assets around because everything was getting locked down. As machine learning and artificial intelligence and all of this makes its way into the cameras at border and transfer points, it's hard to get a human asset through there. And so cyber is a very attractive, cheap and deniable form of espionage and gives them operational capabilities, not, you know and to your question about US and other kind of five I friendly type countries we have not seen them targeting our customers. So we focus on the threats that target our customers. >> Right. >> And so, you know, if we were to find them at a customer environment sure. But you know, when you look at some of the public reporting that's out there, the malware that's associated with them is focused on, you know, real bad people, and it's, it's physically like crypted to their hard drive. So unless you have sensor on, you know, an Iranian or some other laptop that might be target or something like that. >> Well, like Stuxnet did. >> Yeah. >> Right so. >> You won't see it. Right. See, so yeah. >> Well Symantec saw it but way back when right? Back in the day. >> Well, I mean, if you want to go down that route I think it actually came from a company in the region that was doing the IR and they were working with Symantec. >> Oh, okay. So, okay. So it was a local >> Yeah. I think Crisis, I think was the company that first identified it. And then they worked with Symantec. >> It Was, they found it, I guess, a logic controller. I forget what it was. >> It was a long time ago, so I might not have that completely right. >> But it was a seminal moment in the industry. >> Oh. And it was a seminal moment for Iran because you know, that I think caused them to get into cyber operations. Right. When they realized that something like that could happen that bolstered, you know there was a lot of underground hacking forums in Iran. And, you know, after Stuxnet, we started seeing that those hackers were dropping their hacker names and they were starting businesses. They were starting to try to go after government contracts. And they were starting to build training offensive programs, things like that because, you know they realized that this is an opportunity there. >> Yeah. We were talking earlier about this with Shawn and, you know, in the nuclear war, you know the Cold War days, you had the mutually assured destruction. It's not as black and white in the cyber world. Right. Cause as, as Robert Gates told me, you know a few years ago, we have a lot more to lose. So we have to be somewhat, as the United States, careful as to how much of an offensive posture we take. >> Well here's a secret. So I have a background on political science. So mutually assured destruction, I think is a deterrent strategy where you have two kind of two, two entities that like they will destroy each other if they so they're disinclined to go down that route. >> Right. >> With cyber I really don't like that mutually assured destruction >> That doesn't fit right. >> I think it's deterrents by denial. Right? So raising the cost, if they were to conduct a cyber operation, raising that cost that they don't want to do it, they don't want to incur the impact of that. Right. And think about this in terms of a lot of people are asking about would China invade Taiwan. And so as you look at the cost that that would have on the Chinese military, the POA, the POA Navy et cetera, you know, that's that deterrents by denial, trying to, trying to make the costs so high that they don't want to do it. And I think that's a better fit for cyber to try to figure out how can we raise the cost to the adversary if they operate against our customers against our enterprises and that they'll go someplace else and do something else. >> Well, that's a retaliatory strike, isn't it? I mean, is that what you're saying? >> No, definitely not. >> It's more of reducing their return on investment essentially. >> Yeah. >> And incenting them- disincening them to do X and sending them off somewhere else. >> Right. And threat actors, whether they be criminals or nation states, you know, Bruce Lee had this great quote that was "be like water", right? Like take the path of least resistance, like water will. Threat actors do that too. So, I mean, unless you're super high value target that they absolutely have to get into by any means necessary, then if you become too hard of a target, they're going to move on to somebody that's a little easier. >> Makes sense. Awesome. Really appreciate your, I could, we'd love to have you back. >> Anytime. >> Go deeper. Adam Myers. We're here at Fal.Con 22, Dave Vellante, Dave Nicholson. We'll be right back right after this short break. (bouncy music plays)

>>Welcome back to the aria in Las Vegas, Dave Valante with Dave Nicholson, Falcon 22, the Cube's continuous coverage. Sean Henry is here. He's the president of the services division and he's the chief security officer at CrowdStrike. And he's joined by Kevin mania, CEO of Mandy. Now part of Google Jens. Welcome to the cube. Thank you. Congrats on closing the Google deal. Thank you. That's great. New chapter, >>New >>Chapter coming fresh off the keynote, you and George. I really en enjoyed that. Let's start there. One of the things you talked about was the changes you've been, you've been in this business for a while. I think you were talking about, you know, doing some of these early stuff in the nineties. Wow. Things have changed a lot the queen, right? Right. You used to put the perimeter around the queen. Yeah. Build the Mo the Queen's left or castle new ballgame. But you were talking about the board level knowledge of security in the organization. Talk about that change. That's occurred in the last >>Decade. You know, boards are all about governance, right? Making sure everybody's doing the right things. And they've kind of had a haul pass on cybersecurity for a long time. Like we expect them to be great at financial diligence, they understand the financials of an organization. You're gonna see a maturity, I think in cybersecurity where I think board members all know, Hey, there's risk out there. And we're on our own to kind of defend ourselves from it, but they don't know how to quantify it. And they don't know how to express it. So bottom line boards are interested in cyber and we just have to mature as an industry to give them the tools they need to measure it appropriately. >>Sean, one of the things I wanted to ask you. So Steven Schmidt, I noticed changed his title from CISOs chief inf information security officer, the chief security officer. Your title is chief security officer. Is that a nuance that has meaning to you or is it just less acronym? >>It depends on the organization that you're in, in our organization, the chief security officer owns all risks. So I have a CISO that comes underneath me. Yep. And I've got a security folks that are handling our facilities, our personnel, those sorts of things, all, all of our offices around the globe. So it's all things security. One of the things that we've found and Kevin and I were actually talking about this earlier is this intersection between the physical world and the virtual world. And if you've got adversaries that want gain access to your organization, they might do it remotely by trying to hack into your network. But they also might try to get one of your employees to take an action on their behalf, or they might try to get somebody hired into your company to take some nefarious acts. So from a security perspective, it's about building an envelope around all things valuable and then working it in a collaborative way. So there's a lot of interface, a lot of interaction and a lot of value in putting those things together. And, >>And you're also president of the services division. Is that a P and L role or >>It is, we have a it's P P O P and L. And we have an entire organization that's doing incident response and it's a lot of the work that we're doing with, with Kevin's folks now. So I've got both of those hats today. >>Okay. So self-funded so in a way, okay. Where are companies most at risk today? >>Huh? You wanna go on that one first? Sean, you talk fast than me. So it's bigger bang for the buck. If >>You >>Talk, you know, when I, when I think about, about companies in terms of, of their risk, it's a lot of it has to do with the expansion of the network. Companies are adding new applications, new devices, they're expanding into new areas. There are new technologies that are being developed every day and that are being embraced every day. And all of those technologies, all of those applications, all of that hardware is susceptible to attack. Adversaries are looking for the vulnerabilities they can exploit. And I think just kind of that sprawl is something that is, is disconcerting to me from a security perspective, we need to know where our assets are, where the vulnerabilities lie, how do we plug the holes? And having that visibility is really critical to ensure that you're you're in, involved in mitigating that, that new architecture, >>Anything you >>Did. Yeah. I would like when I, so I can just tell you what I'm hearing from CISOs out there. They're worried about identity, the lateral movement. That's been kind of part of every impactful breach. So in identity's kind of top three of mind, I would say zero trust, whatever that means. And we all have our own definitions of migration to zero trust and supply chain risk. You know, whether they're the supplier, they wanna make sure they can prove to their customers, they have great security practices. Or if they're a consumer of a supply chain, you need to understand who's in their supply chain. What are their dependencies? How secure are they? Those are just three topics that come up all the time. >>As we extend, you know, talking about XDR the X being extend. Do you see physical security as something that's being extended into? Or is it, or is it already kind of readily accepted that physical security goes hand in hand with information security? >>I, I don't think a lot of people think that way there certainly are some and Dave mentions Amazon and Steve Schmidt as a CSO, right? There's a CSO that works for him as well. CJ's clear integration. There's an intelligence component to that. And I think that there are certain organizations that are starting to recognize and understand that when we say there's no real perimeter, it, it expands the network expands into the physical space. And if you're not protecting that, you know, if you don't protect the, the server room and somebody can actually walk in the doors unlocked, you've got a vulnerability that might be exploited. So I think to, to recognize the value of that integration from a security perspective, to be holistic and for organizations to adopt a security first philosophy that all the employees recognize they're, they're the, the first line of defense. Oftentimes not just from a fish, but by somebody catching up with them and handing 'em a thumb drive, Hey, can you take a look at this document? For me, that's a potential vulnerability as well. So those things need to be integrated. >>I thought the most interesting part of the keynote this morning is when George asked you about election security and you immediately went to the election infrastructure. I was like, yeah. Okay. Yeah. But then I was so happy to hear you. You went to the disinformation, I learned something there about your monitoring, the network effects. Sure. And, and actually there's a career stream around that. Right. The reason I had so years ago I interviewed was like, this was 2016, Robert Gates. Okay. Former defense. And I, I said, yeah, but don't we have the best cyber can't we go on the offense. He said, wait a minute, we have the most to lose. Right. But, but you gave an example where you can identify the bots. Like let's say there's disinformation out there. You could actually use bots in a positive way to disseminate the, the truth in theory. Good. Is, is that something that's actually happening >>Out there? Well, I think we're all still learning. You know, you can have deep fakes, both audible files or visual files, right. And images. And there's no question. The next generation, you do have to professionalize the news that you consume. And we're probably gonna have to professionalize the other side critical thinking because we are a marketplace of ideas in an open society. And it's hard to tell where's the line between someone's opinion and intentional deception, you know, and sometimes it could be the source, a foreign threat, trying to influence the hearts and minds of citizens, but there's gonna be an internal threat or domestic threat as well to people that have certain ideas and concepts that they're zealots about. >>Is it enough to, is it enough to simply expose where the information is coming from? Because, you know, look, I, I could make the case that the red Sox, right. Or a horrible baseball team, and you should never go to Fenway >>And your Yankees Jersey. >>Right. Right. So is that disinformation, is that misinformation? He'd say yes. Someone else would say no, but it would be good to know that a thousand bots from some troll farm, right. Are behind us. >>There's, it's helpful to know if something can be tied to identity or is totally anonymous. Start just there. Yeah. Yeah. You can still protect the identity over time. I think all of us, if you're gonna trust the source, you actually know the source. Right. So I do believe, and, and by the way, much longer conversation about anonymity versus privacy and then trust, right. And all three, you could spend this whole interview on, but we have to have a trustworthy internet as well. And that's not just in the tech and the security of it, but over time it could very well be how we're being manipulated as citizens and people. >>When you guys talk to customers and, and peers, when somebody gets breached, what's the number one thing that you hear that they wished they'd done that they didn't. >>I think we talked about this earlier, and I think identity is something that we're talking about here. How are you, how are you protecting your assets? How do you know who's authorized to have access? How do you contain the, the access that they have? And the, the area we see with, with these malware free attacks, where adversaries are using the existing capabilities, the operating system to move laterally through the network. I mean, Kevin's folks, my folks, when we respond to an incident, it's about looking at that lateral movement to try and get a full understanding of where the adversary's been, where they're going, what they're doing, and to try to, to find a root cause analysis. And it really is a, a critical part. >>So part of the reason I was asking you about, was it a P and L cuz you, you wear two hats, right? You've got revenue generation on one side and then you've got you protect, you know, the company and you've got peer relationships. So the reason I bring this up is I felt like when stucks net occurred, there was a lot of lip service around, Hey, we, as an industry are gonna work together. And then what you saw was a lot of attempts to monetize, you know, private data, sell private reports and things of that nature you were referencing today, Kevin, that you think the industry's doing a much better job of, of collaboration. Is it, can you talk about that and maybe give some examples? >>Absolutely. I mean, you know, I lived through it as a victim of a breach couple years ago. If you see something new and novel, I, I just can't imagine you getting away with keeping it a secret. I mean, I would even go, what are you doing? Harboring that if you have it, that doesn't mean you tell the whole world, you don't come on your show and say, Hey, we got something new novel, everybody panic, you start contacting the people that are most germane to fixing the problem before you tell the world. So if I see something that's new in novel, certainly con Sean and the team at CrowdStrike saying, Hey, there's because they protect so many endpoints and they defend nations and you gotta get to Microsoft. You have to talk to pan. You have to get to the companies that have a large capability to do shields up. And I think you do that immediately. You can't sit on new and novel. You get to the vendor where the vulnerability is, all these things have to happen at a great rate to speak. >>So you guys probably won't comment, but I'm betting dollars to donuts. This Uber lapses hack you guys knew about. >>I turned to you. >>No comment. I'm guessing. I'm guessing that the, that wasn't novel. My point being, let me, let me ask it in a more generic fashion that you can maybe comment you you're. I think you're my, my inference is we're com the industry is compressing the time between a zero day and a fix. Absolutely. Absolutely. Like dramatically. >>Yes. Oh, awareness of it and AIX. Yes. Yeah. >>Okay. Yeah. And a lot of the hacks that we see as lay people in the media you've known about for quite some time, is that fair or no, not necessarily. >>It's, you know, it's harder to handle an intrusion quietly and discreetly these days, especially with what you're up against and, and most CEOs, by the way, their intent isn't, let's handle it quietly and discreetly it's what do we do about it? And what's the right way to handle it. And they wanna inform their customers and they wanna inform people that might be impacted. I wouldn't say we know it all that far ahead of time >>And, and depends. And, and I, I think companies don't know it. Yeah. Companies don't know they've been breached for weeks or months or years in some cases. Right. Which talks about a couple things, first of all, some of the sophistication of the adversaries, but it also talks about the inability of companies to often detect this type of activity when we're brought in. It's typically very quickly after the company finds out because they recognize they've gotta take action. They've got liability, they've got brand protection. There, whole sorts of, of things they need to take care of. And we're brought in it may or may not be, become public, but >>CrowdStrike was founded on the premise that the unstoppable breach is a myth. Now that's a, that's a bold sort of vision. We're not there yet, obviously. And a and a, and a, a CSO can't, you know, accept that. Right. You've gotta always be vigilant, but is that something that is, that we're gonna actually see manifest, you know, in any, any time in the near term? I mean, thinking about the Falcon platform, you guys are users of that. I don't know if that is part of the answer, but part of it's technology, but without the cultural aspects, the people side of things, you're never gonna get there. >>I can tell you, I started Maning in 2004 at the premise security breaches are inevitable, far less marketable. Yeah. You know, stop breaches. >>So >>Yeah. I, I think you have to learn how to manage this, right? It's like healthcare, you're not gonna stop every disease, but there's a lot of things that you can do to mitigate the consequences of those things. The same thing with network security, there's a lot of actions that organizations can take to help protect them in a way that allows them to live and, and operate in a, in a, a strong position. If companies are lackadaisical that irresponsible, they don't care. Those are companies that are gonna suffer. But I think you can manage this if you're using the right technology, the right people, you've got the right philosophy security first >>In, in the culture. >>Well, I can tell you very quickly, three reasons why people think, why is there an intrusion? It should just go away. Well, wherever money goes, crime follows. We still have crime. So you're still gonna have intrusions, whether it has to be someone on the inside or faulty software and people being paid the right faulty software, you're gonna have war. That's gonna create war in the cyber domain. So information warriors are gonna try to have intrusions to get to command and control. So wherever you have command and control, you'll have a war fighter. And then wherever you have information, you have ESP Espino. So you're gonna have people trying to break in at all times. >>And, and to tie that up because everything Kevin said is absolutely right. And what he just said at the very end was people, there are human beings that are on the other side of every single attack. And think about this until you physically get physically get to the people that are doing it and stop them. Yes, this will go on forever because you can block them, but they're gonna move and you can block them again. They're gonna move their objectives. Don't change because the information you have, whether it's financial information, intellectual property, strategic military information, that's still there. They will always come at it, which is where that physical component comes in. If you're able to block well enough and they can't get you remotely, they might send somebody in. Well, >>I, in the keynote, I, I'm not kidding. I'm looking around the room and I'm thinking there's at least one person here that is here primarily to gather intelligence, to help them defeat. What's being talked about here. >>Well, you said it's, >>It's kind >>Of creepy. You said the adversary is, is very well equipped and motivated. Why do you Rob banks? Well, that's where the money is, but it's more than that. Now with state sponsored terrorism and, you know, exfiltration of state secrets, I mean, there's, it's high stake's games. You got, this >>Has become a tool of nation states in terms from a political perspective, from a military perspective, if you look at what happened with Ukraine and Russia, all the work that was done in advanced by the Russians to soften up the Ukrainians, not just collection of intelligence, not just denial of services, but then disruptive attacks to change the entire complexity of the battlefield. This, this is a, an area that's never going away. It's becoming ingrained in our lives. And it's gonna be utilized for nefarious acts for many, many decades to come. >>I mean, you're right, Sean, we're seeing the future of war right before us is, is there's. There is going to be, there is a cyber component now in war, >>I think it signals the cyber component signals the silent intention of nations period, the silent projection of power probably before you see kinetics. >>And this is where gates says we have a lot more to lose as a country. So it's hard for us to go on the offense. We have to be very careful about our offensive capabilities because >>Of one of the things that, that we do need to, to do though, is we need to define what the red lines are to adversaries. Because when you talk about human beings, you've gotta put a deterrent in place so that if the adversaries know that if you cross this line, this is what the response is going to be. It's the way things were done during nuclear proliferation, right? Right. During the cold war, here's what the actions are gonna be. It's gonna be, it's gonna be mutual destruction and you can't do it. And we didn't have a nuclear war. We're at a point now where adversaries are pushing the envelope constantly, where they're turning off the lights in certain countries where they're taking actions that are, are quite detrimental to the host governments and those red lines have to be very clear, very clearly defined and acted upon if they're >>Crossed as security experts. Can you always tie that signature back to say a particular country or a particular group? >>Absolutely. 100% every >>Time I know. Yeah. No, it it's. It's a great question. You, you need to get attribution right. To get to deterrence, right. And without attribution, where do you proportionate respond to whatever act you're responding to? So attribution's critical. Both our companies work hard at doing it and it, and that's why I think you're not gonna see too many false flag operations in cyberspace, but when you do and they're well crafted or one nation masquerades is another, it, it, it's one of the last rules of the playground I haven't seen broken yet. And that that'll be an unfortunate day. >>Yeah. Because that mutually assure destruction, a death spot like Putin can say, well, it wasn't wasn't me. Right. So, and ironically, >>It's human intelligence, right. That ultimately is gonna be the only way to uncover >>That human intelligence is a big component. >>For sure. Right. And, and David, like when you go back to, you were referring to Robert Gates, it's the asymmetry of cyberspace, right? One person in one nation. That's not a control by asset could still do an act. And it, it just adds to the complexity of, we have attribution it's from that nation, but was it in order? Was it done on behalf of that nation? Very complicated. >>So this is an industry of superheroes. Thank you guys for all you do and appreciate you coming on the cube. Wow. >>I love your Cape. >>Thank all right. Keep it right there. Dave Nicholson and Dave ante be right back from Falcon 22 from the area you watching the cue.

(upbeat music) >> Hello and welcome to theCUBE's presentation of the AWS Startup Showcase. This is season two, episode four of the ongoing series covering the exciting hot startups from the AWS ecosystem. Here we're talking about cybersecurity in this episode. I'm your host, John Furrier here we're excited to have CUBE alumni who's back Snehal Antani who's the CEO and co-founder of Horizon3.ai talking about exploitable weaknesses and vulnerabilities with autonomous pen testing. Snehal, it's great to see you. Thanks for coming back. >> Likewise, John. I think it's been about five years since you and I were on the stage together. And I've missed it, but I'm glad to see you again. >> Well, before we get into the showcase about your new startup, that's extremely successful, amazing margins, great product. You have a unique journey. We talked about this prior to you doing the journey, but you have a great story. You left the startup world to go into the startup, like world of self defense, public defense, NSA. What group did you go to in the public sector became a private partner. >> My background, I'm a software engineer by education and trade. I started my career at IBM. I was a CIO at GE Capital, and I think we met once when I was there and I became the CTO of Splunk. And we spent a lot of time together when I was at Splunk. And at the end of 2017, I decided to take a break from industry and really kind of solve problems that I cared deeply about and solve problems that mattered. So I left industry and joined the US Special Operations Community and spent about four years in US Special Operations, where I grew more personally and professionally than in anything I'd ever done in my career. And exited that time, met my co-founder in special ops. And then as he retired from the air force, we started Horizon3. >> So there's really, I want to bring that up one, 'cause it's fascinating that not a lot of people in Silicon Valley and tech would do that. So thanks for the service. And I know everyone who's out there in the public sector knows that this is a really important time for the tactical edge in our military, a lot of things going on around the world. So thanks for the service and a great journey. But there's a storyline with the company you're running now that you started. I know you get the jacket on there. I noticed get a little military vibe to it. Cybersecurity, I mean, every company's on their own now. They have to build their own militia. There is no government supporting companies anymore. There's no militia. No one's on the shores of our country defending the citizens and the companies, they got to offend for themselves. So every company has to have their own military. >> In many ways, you don't see anti-aircraft rocket launchers on top of the JP Morgan building in New York City because they rely on the government for air defense. But in cyber it's very different. Every company is on their own to defend for themselves. And what's interesting is this blend. If you look at the Ukraine, Russia war, as an example, a thousand companies have decided to withdraw from the Russian economy and those thousand companies we should expect to be in the ire of the Russian government and their proxies at some point. And so it's not just those companies, but their suppliers, their distributors. And it's no longer about cyber attack for extortion through ransomware, but rather cyber attack for punishment and retaliation for leaving. Those companies are on their own to defend themselves. There's no government that is dedicated to supporting them. So yeah, the reality is that cybersecurity, it's the burden of the organization. And also your attack surface has expanded to not just be your footprint, but if an adversary wants to punish you for leaving their economy, they can get, if you're in agriculture, they could disrupt your ability to farm or they could get all your fruit to spoil at the border 'cause they disrupted your distributors and so on. So I think the entire world is going to change over the next 18 to 24 months. And I think this idea of cybersecurity is going to become truly a national problem and a problem that breaks down any corporate barriers that we see in previously. >> What are some of the things that inspired you to start this company? And I loved your approach of thinking about the customer, your customer, as defending themselves in context to threats, really leaning into it, being ready and able to defend. Horizon3 has a lot of that kind of military thinking for the good of the company. What's the motivation? Why this company? Why now? What's the value proposition? >> So there's two parts to why the company and why now. The first part was what my observation, when I left industry realm or my military background is watching "Jack Ryan" and "Tropic Thunder" and I didn't come from the military world. And so when I entered the special operations community, step one was to keep my mouth shut, learn, listen, and really observe and understand what made that community so impressive. And obviously the people and it's not about them being fast runners or great shooters or awesome swimmers, but rather there are learn-it-alls that can solve any problem as a team under pressure, which is the exact culture you want to have in any startup, early stage companies are learn-it-alls that can solve any problem under pressure as a team. So I had this immediate advantage when we started Horizon3, where a third of Horizon3 employees came from that special operations community. So one is this awesome talent. But the second part that, I remember this quote from a special operations commander that said we use live rounds in training because if we used fake rounds or rubber bullets, everyone would act like metal of honor winners. And the whole idea there is you train like you fight, you build that muscle memory for crisis and response and so on upfront. So when you're in the thick of it, you already know how to react. And this aligns to a pain I had in industry. I had no idea I was secure until the bad guy showed up. I had no idea if I was fixing the right vulnerabilities, logging the right data in Splunk, or if my CrowdStrike EDR platform was configured correctly, I had to wait for the bad guys to show up. I didn't know if my people knew how to respond to an incident. So what I wanted to do was proactively verify my security posture, proactively harden my systems. I needed to do that by continuously pen testing myself or continuously testing my security posture. And there just wasn't any way to do that where an IT admin or a network engineer could in three clicks have the power of a 20 year pen testing expert. And that was really what we set out to do, not build a autonomous pen testing platform for security people, build it so that anybody can quickly test their security posture and then use the output to fix problems that truly matter. >> So the value preposition, if I get this right is, there's a lot of companies out there doing pen tests. And I know I hate pen tests. They're like, cause you do DevOps, it changes you got to do another pen test. So it makes sense to do autonomous pen testing. So congratulations on seeing that that's obvious to that, but a lot of other have consulting tied to it. Which seems like you need to train someone and you guys taking a different approach. >> Yeah, we actually, as a company have zero consulting, zero professional services. And the whole idea is that build a true software as a service offering where an intern, in fact, we've got a video of a nine year old that in three clicks can run pen tests against themselves. And because of that, you can wire pen tests into your DevOps tool chain. You can run multiple pen tests today. In fact, I've got customers running 40, 50 pen tests a month against their organization. And that what that does is completely lowers the barrier of entry for being able to verify your posture. If you have consulting on average, when I was a CIO, it was at least a three month lead time to schedule consultants to show up and then they'd show up, they'd embarrass the security team, they'd make everyone look bad, 'cause they're going to get in, leave behind a report. And that report was almost identical to what they found last year because the older that report, the one the date itself gets stale, the context changes and so on. And then eventually you just don't even bother fixing it. Or if you fix a problem, you don't have the skills to verify that has been fixed. So I think that consulting led model was acceptable when you viewed security as a compliance checkbox, where once a year was sufficient to meet your like PCI requirements. But if you're really operating with a wartime mindset and you actually need to harden and secure your environment, you've got to be running pen test regularly against your organization from different perspectives, inside, outside, from the cloud, from work, from home environments and everything in between. >> So for the CISOs out there, for the CSOs and the CXOs, what's the pitch to them because I see your jacket that says Horizon3 AI, trust but verify. But this trust is, but is canceled out, just as verify. What's the product that you guys are offering the service. Describe what it is and why they should look at it. >> Yeah, sure. So one, when I back when I was the CIO, don't tell me we're secure in PowerPoint. Show me we're secure right now. Show me we're secure again tomorrow. And then show me we're secure again next week because my environment is constantly changing and the adversary always has a vote and they're always evolving. And this whole idea of show me we're secure. Don't trust that your security tools are working, verify that they can detect and respond and stifle an attack and then verify tomorrow, verify next week. That's the big mind shift. Now what we do is-- >> John: How do they respond to that by the way? Like they don't believe you at first or what's the story. >> I think, there's actually a very bifurcated response. There are still a decent chunk of CIOs and CSOs that have a security is a compliance checkbox mindset. So my attitude with them is I'm not going to convince you. You believe it's a checkbox. I'll just wait for you to get breached and sell to your replacement, 'cause you'll get fired. And in the meantime, I spend all my energy with those that actually care about proactively securing and hardening their environments. >> That's true. People do get fired. Can you give an example of what you're saying about this environment being ready, proving that you're secure today, tomorrow and a few weeks out. Give me an example. >> Of, yeah, I'll give you actually a customer example. There was a healthcare organization and they had about 5,000 hosts in their environment and they did everything right. They had Fortinet as their EDR platform. They had user behavior analytics in place that they had purchased and tuned. And when they ran a pen test self-service, our product node zero immediately started to discover every host on the network. It then fingerprinted all those hosts and found it was able to get code execution on three machines. So it got code execution, dumped credentials, laterally maneuvered, and became a domain administrator, which in IT, if an attacker becomes a domain admin, they've got keys to the kingdom. So at first the question was, how did the node zero pen test become domain admin? How'd they get code execution, Fortinet should have detected and stopped it. Well, it turned out Fortinet was misconfigured on three boxes out of 5,000. And these guys had no idea and it's just automation that went wrong and so on. And now they would've only known they had misconfigured their EDR platform on three hosts if the attacker had showed up. The second question though was, why didn't they catch the lateral movement? Which all their marketing brochures say they're supposed to catch. And it turned out that that customer purchased the wrong Fortinet modules. One again, they had no idea. They thought they were doing the right thing. So don't trust just installing your tools is good enough. You've got to exercise and verify them. We've got tons of stories from patches that didn't actually apply to being able to find the AWS admin credentials on a local file system. And then using that to log in and take over the cloud. In fact, I gave this talk at Black Hat on war stories from running 10,000 pen tests. And that's just the reality is, you don't know that these tools and processes are working for you until the bad guys have shown. >> The velocities there. You can accelerate through logs, you know from the days you've been there. This is now the threat. Being, I won't say lazy, but just not careful or just not thinking. >> Well, I'll do an example. We have a lot of customers that are Horizon3 customers and Splunk customers. And what you'll see their behavior is, is they'll have Horizon3 up on one screen. And every single attacker command executed with its timestamp is up on that screen. And then look at Splunk and say, hey, we were able to dump vCenter credentials from VMware products at this time on this host, what did Splunk see or what didn't they see? Why were no logs generated? And it turns out that they had some logging blind spots. So what they'll actually do is run us to almost like stimulate the defensive tools and then see what did the tools catch? What did they miss? What are those blind spots and how do they fix it. >> So your price called node zero. You mentioned that. Is that specifically a suite, a tool, a platform. How do people consume and engage with you guys? >> So the way that we work, the whole product is designed to be self-service. So once again, while we have a sales team, the whole intent is you don't need to have to talk to a sales rep to start using the product, you can log in right now, go to Horizon3.ai, you can run a trial log in with your Google ID, your LinkedIn ID, start running pen test against your home or against your network against this organization right now, without talking to anybody. The whole idea is self-service, run a pen test in three clicks and give you the power of that 20 year pen testing expert. And then what'll happen is node zero will execute and then it'll provide to you a full report of here are all of the different paths or attack paths or sequences where we are able to become an admin in your environment. And then for every attack path, here is the path or the kill chain, the proof of exploitation for every step along the way. Here's exactly what you've got to do to fix it. And then once you've fixed it, here's how you verify that you've truly fixed the problem. And this whole aha moment is run us to find problems. You fix them, rerun us to verify that the problem has been fixed. >> Talk about the company, how many people do you have and get some stats? >> Yeah, so we started writing code in January of 2020, right before the pandemic hit. And then about 10 months later at the end of 2020, we launched the first version of the product. We've been in the market for now about two and a half years total from start of the company till present. We've got 130 employees. We've got more customers than we do employees, which is really cool. And instead our customers shift from running one pen test a year to 40, 50 pen test. >> John: And it's full SaaS. >> The whole product is full SaaS. So no consulting, no pro serve. You run as often as you-- >> Who's downloading, who's buying the product. >> What's amazing is, we have customers in almost every section or sector now. So we're not overly rotated towards like healthcare or financial services. We've got state and local education or K through 12 education, state and local government, a number of healthcare companies, financial services, manufacturing. We've got organizations that large enterprises. >> John: Security's diverse. >> It's very diverse. >> I mean, ransomware must be a big driver. I mean, is that something that you're seeing a lot. >> It is. And the thing about ransomware is, if you peel back the outcome of ransomware, which is extortion, at the end of the day, what ransomware organizations or criminals or APTs will do is they'll find out who all your employees are online. They will then figure out if you've got 7,000 employees, all it takes is one of them to have a bad password. And then attackers are going to credential spray to find that one person with a bad password or whose Netflix password that's on the dark web is also their same password to log in here, 'cause most people reuse. And then from there they're going to most likely in your organization, the domain user, when you log in, like you probably have local admin on your laptop. If you're a windows machine and I've got local admin on your laptop, I'm going to be able to dump credentials, get the admin credentials and then start to laterally maneuver. Attackers don't have to hack in using zero days like you see in the movies, often they're logging in with valid user IDs and passwords that they've found and collected from somewhere else. And then they make that, they maneuver by making a low plus a low equal a high. And the other thing in financial services, we spend all of our time fixing critical vulnerabilities, attackers know that. So they've adapted to finding ways to chain together, low priority vulnerabilities and misconfigurations and dangerous defaults to become admin. So while we've over rotated towards just fixing the highs and the criticals attackers have adapted. And once again they have a vote, they're always evolving their tactics. >> And how do you prevent that from happening? >> So we actually apply those same tactics. Rarely do we actually need a CVE to compromise your environment. We will harvest credentials, just like an attacker. We will find misconfigurations and dangerous defaults, just like an attacker. We will combine those together. We'll make use of exploitable vulnerabilities as appropriate and use that to compromise your environment. So the tactics that, in many ways we've built a digital weapon and the tactics we apply are the exact same tactics that are applied by the adversary. >> So you guys basically simulate hacking. >> We actually do the hacking. Simulate means there's a fakeness to it. >> So you guys do hack. >> We actually compromise. >> Like sneakers the movie, those sneakers movie for the old folks like me. >> And in fact that was my inspiration. I've had this idea for over a decade now, which is I want to be able to look at anything that laptop, this Wi-Fi network, gear in hospital or a truck driving by and know, I can figure out how to gain initial access, rip that environment apart and be able to opponent. >> Okay, Chuck, he's not allowed in the studio anymore. (laughs) No, seriously. Some people are exposed. I mean, some companies don't have anything. But there's always passwords or so most people have that argument. Well, there's nothing to protect here. Not a lot of sensitive data. How do you respond to that? Do you see that being kind of putting the head in the sand or? >> Yeah, it's actually, it's less, there's not sensitive data, but more we've installed or applied multifactor authentication, attackers can't get in now. Well MFA only applies or does not apply to lower level protocols. So I can find a user ID password, log in through SMB, which isn't protected by multifactor authentication and still upon your environment. So unfortunately I think as a security industry, we've become very good at giving a false sense of security to organizations. >> John: Compliance drives that behavior. >> Compliance drives that. And what we need. Back to don't tell me we're secure, show me, we've got to, I think, change that to a trust but verify, but get rid of the trust piece of it, just to verify. >> Okay, we got a lot of CISOs and CSOs watching this showcase, looking at the hot startups, what's the message to the executives there. Do they want to become more leaning in more hawkish if you will, to use the military term on security? I mean, I heard one CISO say, security first then compliance 'cause compliance can make you complacent and then you're unsecure at that point. >> I actually say that. I agree. One definitely security is different and more important than being compliant. I think there's another emerging concept, which is I'd rather be defensible than secure. What I mean by that is security is a point in time state. I am secure right now. I may not be secure tomorrow 'cause something's changed. But if I'm defensible, then what I have is that muscle memory to detect, respondent and stifle an attack. And that's what's more important. Can I detect you? How long did it take me to detect you? Can I stifle you from achieving your objective? How long did it take me to stifle you? What did you use to get in to gain access? How long did that sit in my environment? How long did it take me to fix it? So on and so forth. But I think it's being defensible and being able to rapidly adapt to changing tactics by the adversary is more important. >> This is the evolution of how the red line never moved. You got the adversaries in our networks and our banks. Now they hang out and they wait. So everyone thinks they're secure. But when they start getting hacked, they're not really in a position to defend, the alarms go off. Where's the playbook. Team springs into action. I mean, you kind of get the visual there, but this is really the issue being defensible means having your own essentially military for your company. >> Being defensible, I think has two pieces. One is you've got to have this culture and process in place of training like you fight because you want to build that incident response muscle memory ahead of time. You don't want to have to learn how to respond to an incident in the middle of the incident. So that is that proactively verifying your posture and continuous pen testing is critical there. The second part is the actual fundamentals in place so you can detect and stifle as appropriate. And also being able to do that. When you are continuously verifying your posture, you need to verify your entire posture, not just your test systems, which is what most people do. But you have to be able to safely pen test your production systems, your cloud environments, your perimeter. You've got to assume that the bad guys are going to get in, once they're in, what can they do? So don't just say that my perimeter's secure and I'm good to go. It's the soft squishy center that attackers are going to get into. And from there, can you detect them and can you stop them? >> Snehal, take me through the use. You got to be sold on this, I love this topic. Alright, pen test. Is it, what am I buying? Just pen test as a service. You mentioned dark web. Are you actually buying credentials online on behalf of the customer? What is the product? What am I buying if I'm the CISO from Horizon3? What's the service? What's the product, be specific. >> So very specifically and one just principles. The first principle is when I was a buyer, I hated being nickled and dimed buyer vendors, which was, I had to buy 15 different modules in order to achieve an objective. Just give me one line item, make it super easy to buy and don't nickel and dime me. Because I've spent time as a buyer that very much has permeated throughout the company. So there is a single skew from Horizon3. It is an annual subscription based on how big your environment is. And it is inclusive of on-prem internal pen tests, external pen tests, cloud attacks, work from home attacks, our ability to harvest credentials from the dark web and from open source sources. Being able to crack those credentials, compromise. All of that is included as a singles skew. All you get as a CISO is a singles skew, annual subscription, and you can run as many pen tests as you want. Some customers still stick to, maybe one pen test a quarter, but most customers shift when they realize there's no limit, we don't nickel and dime. They can run 10, 20, 30, 40 a month. >> Well, it's not nickel and dime in the sense that, it's more like dollars and hundreds because they know what to expect if it's classic cloud consumption. They kind of know what their environment, can people try it. Let's just say I have a huge environment, I have a cloud, I have an on-premise private cloud. Can I dabble and set parameters around pricing? >> Yes you can. So one is you can dabble and set perimeter around scope, which is like manufacturing does this, do not touch the production line that's on at the moment. We've got a hospital that says every time they run a pen test, any machine that's actually connected to a patient must be excluded. So you can actually set the parameters for what's in scope and what's out of scope up front, most again we're designed to be safe to run against production so you can set the parameters for scope. You can set the parameters for cost if you want. But our recommendation is I'd rather figure out what you can afford and let you test everything in your environment than try to squeeze every penny from you by only making you buy what can afford as a smaller-- >> So the variable ratio, if you will is, how much they spend is the size of their environment and usage. >> Just size of the environment. >> So it could be a big ticket item for a CISO then. >> It could, if you're really large, but for the most part-- >> What's large? >> I mean, if you were Walmart, well, let me back up. What I heard is global 10 companies spend anywhere from 50 to a hundred million dollars a year on security testing. So they're already spending a ton of money, but they're spending it on consultants that show up maybe a couple of times a year. They don't have, humans can't scale to test a million hosts in your environment. And so you're already spending that money, spend a fraction of that and use us and run as much as you want. And that's really what it comes down to. >> John: All right. So what's the response from customers? >> What's really interesting is there are three use cases. The first is that SOC manager that is using us to verify that their security tools are actually working. So their Splunk environment is logging the right data. It's integrating properly with CrowdStrike, it's integrating properly with their active directory services and their password policies. So the SOC manager is using us to verify the effectiveness of their security controls. The second use case is the IT director that is using us to proactively harden their systems. Did they install VMware correctly? Did they install their Cisco gear correctly? Are they patching right? And then the third are for the companies that are lucky to have their own internal pen test and red teams where they use us like a force multiplier. So if you've got 10 people on your red team and you still have a million IPs or hosts in your environment, you still don't have enough people for that coverage. So they'll use us to do recon at scale and attack at scale and let the humans focus on the really juicy hard stuff that humans are successful at. >> Love the product. Again, I'm trying to think about how I engage on the test. Is there pilots? Is there a demo version? >> There's a free trials. So we do 30 day free trials. The output can actually be used to meet your SOC 2 requirements. So in many ways you can just use us to get a free SOC 2 pen test report right now, if you want. Go to the website, log in for a free trial, you can log into your Google ID or your LinkedIn ID, run a pen test against your organization and use that to answer your PCI segmentation test requirements, your SOC 2 requirements, but you will be hooked. You will want to run us more often. And you'll get a Horizon3 tattoo. >> The first hits free as they say in the drug business. >> Yeah. >> I mean, so you're seeing that kind of response then, trial converts. >> It's exactly. In fact, we have a very well defined aha moment, which is you run us to find, you fix, you run us to verify, we have 100% technical win rate when our customers hit a find, fix, verify cycle, then it's about budget and urgency. But 100% technical win rate because of that aha moment, 'cause people realize, holy crap, I don't have to wait six months to verify that my problems have actually been fixed. I can just come in, click, verify, rerun the entire pen test or rerun a very specific part of it on what I just patched my environment. >> Congratulations, great stuff. You're here part of the AWS Startup Showcase. So I have to ask, what's the relationship with AWS, you're on their cloud. What kind of actions going on there? Is there secret sauce on there? What's going on? >> So one is we are AWS customers ourselves, our brains command and control infrastructure. All of our analytics are all running on AWS. It's amazing, when we run a pen test, we are able to use AWS and we'll spin up a virtual private cloud just for that pen test. It's completely ephemeral, it's all Lambda functions and graph analytics and other techniques. When the pen test ends, you can delete, there's a single use Docker container that gets deleted from your environment so you have nothing on-prem to deal with and the entire virtual private cloud tears itself down. So at any given moment, if we're running 50 pen tests or a hundred pen tests, self-service, there's a hundred virtual private clouds being managed in AWS that are spinning up, running and tearing down. It's an absolutely amazing underlying platform for us to make use of. Two is that many customers that have hybrid environments. So they've got a cloud infrastructure, an Office 365 infrastructure and an on-prem infrastructure. We are a single attack platform that can test all of that together. No one else can do it. And so the AWS customers that are especially AWS hybrid customers are the ones that we do really well targeting. >> Got it. And that's awesome. And that's the benefit of cloud? >> Absolutely. And the AWS marketplace. What's absolutely amazing is the competitive advantage being part of the marketplace has for us, because the simple thing is my customers, if they already have dedicated cloud spend, they can use their approved cloud spend to pay for Horizon3 through the marketplace. So you don't have to, if you already have that budget dedicated, you can use that through the marketplace. The other is you've already got the vendor processes in place, you can purchase through your existing AWS account. So what I love about the AWS company is one, the infrastructure we use for our own pen test, two, the marketplace, and then three, the customers that span that hybrid cloud environment. That's right in our strike zone. >> Awesome. Well, congratulations. And thanks for being part of the showcase and I'm sure your product is going to do very, very well. It's very built for what people want. Self-service get in, get the value quickly. >> No agents to install, no consultants to hire. safe to run against production. It's what I wanted. >> Great to see you and congratulations and what a great story. And we're going to keep following you. Thanks for coming on. >> Snehal: Phenomenal. Thank you, John. >> This is the AWS Startup Showcase. I'm John John Furrier, your host. This is season two, episode four on cybersecurity. Thanks for watching. (upbeat music)

>>And welcome back to the cubes coverage of a, of us. Reinforc here in Boston, Massachusetts. I'm John furrier. We're here for a great interview on the next generation topic of state of industrial security. We have two great guests, Tim Jefferson, senior vice president data network and application security at Barracuda. And Cenon Aron vice president of zero trust engineering at Barracuda. Gentlemen. Thanks for coming on the queue. Talk about industrial security. >>Yeah, thanks for having us. >>So one of the, one of the big things that's going on, obviously you got zero trust. You've got trusted, trusted software supply chain challenges. You've got hardware mattering more than ever. You've got software driving everything, and all this is talking about industrial, you know, critical infrastructure. We saw the oil pipeline had a hack and ransomware attack, and that's just constant barrage of threats in the industrial area. And all the data is pointing to that. This area is gonna be fast growth machine learning's kicking in automation is coming in. You see a huge topic, huge growth trend. What is the big story going on here? >>Yeah, I think at a high level, you know, we did a survey and saw that, you know, over 95% of the organizations are experiencing, you know, security challenges in this space. So, you know, the blast radius in the, of the, the interface that this creates so many different devices and things and objects that are getting network connected now create a huge challenge for security teams to kind of get their arms around that. >>Yeah. And I can add that, you know, majority of these incidents that, that these organizations suffer lead to significant downtime, right? And we're talking about operational technology here, you know, lives depend on, on these technologies, right? Our, our wellbeing everyday wellbeing depend on those. So, so that is a key driver of initiatives and projects to secure industrial IOT and operational technologies in, in these businesses. >>Well, it's great to have both of you guys on, you know, Tim, you know, you had a background at AWS and sit on your startup, founder, soldier, coming to Barracuda, both very experienced, seeing the ways before in this industry. And I'd like to, if you don't mind talk about three areas, remote access, which we've seen in huge demand with, with the pandemic and the out, coming out with the hybrid and certainly industrial, that's a big part of it. And then secondly, that the trend of clear commitment from enterprises to have in a public cloud component, and then finally the secure access edge, you know, with SAS business models, securing these things, these are the three hot areas let's go into the first one, remote access. Why is this important? It seems that this is the top priority for having immediate attention on what's the big challenge here? Is it the most unsecure? Is it the most important? What, why is this relevant? >>So now I'll let you jump in there. >>Yeah, sure. Happy to. I mean, if you think about it, especially now, we've been through a, a pandemic shelter in place cycle for almost two years. It, it becomes essentially a business continuity matter, right? You do need remote access. We also seen a tremendous shift in hiring the best talent, wherever they are, right. Onboarding them and bringing the talent into, into, into, into businesses that have maybe a lot more distributed environments than traditionally. So you have to account for remote access in every part of everyday life, including industrial technologies, you need remote support, right? You need vendors that might be overseas providing you, you know, guidance and support for these technologies. So remote support is every part of life. Whether you work from home, you work on your, on the go, or you are getting support from a vendor that happens to be in Germany, you know, teleporting into your environment in Hawaii. You know, all these things are essentially critical parts of everyday life. Now >>Talk about ZT and a zero trust network access is a, this is a major component for companies. Obviously, you know, it's a position taking trust and verifies. One other approach, zero trust is saying, Hey, I don't trust you. Take us through why that's important. Why is zero trust network access important in this area? >>Yeah. I mean, I could say that traditionally remote access, if you think about infancy of the internet in the nineties, right? It was all about encryption in, in transit, right? You were all about internet was vastly clear text, right? We didn't have even SSL TLS, widely distributed and, and available. So when VPNs first came out, it was more about preventing sniffing, clear tech clear text information from, from, from the network, right? It was more about securing the, the transport, but now that kind of created a, a big security control gap, which implicitly trusted user users, once they are teleported into a remote network, right? That's the essence of having a remote access session you're brought from wherever you are into an internal network. They implicitly trust you that simply breakdown over time because you are able to compromise end points relatively easily using browser exploits. >>You know, so, so for supply chain issues, water hole attacks, and leverage the existing VPN tunnels to laterally move into the organization from within the network, you literally move in further and further and further down, you know, down the network, right? So the VPN needed a, a significant innovation. It was meant to be securing packets and transit. It was all about an encryption layer, but it had an implicit trust problem with zero trust. We turn it into an explicit trust problem, right? Explicit trust concept, ideally. Right? So you are, who do you say you are? And you are authorized to access only to things that you need to access to get the work done. >>So you're talking about granular levels versus the one time database look up you're in >>That's right. >>Tim, talk about the OT it side of this equation of industrial, because it, you know, is IP based, networking, OT have been purpose built, you know, maybe some proprietary technology yeah. That connects to the internet internet, but it's mainly been secure. Those have come together over the years and now with no perimeter security, how is this world evolving? Because there's gonna be more cloud there, be more machine learning, more hybrid on premise, that's going on almost a reset if you will. I mean, is it a reset? What's the, what's the situation. >>Yeah. I think, you know, in typical human behavior, you know, there's a lot of over rotation going on. You know, historically a lot of security controls are all concentrated in a data center. You know, a lot of enterprises had very large sophisticated well-established security stacks in a data center. And as those applications kind of broke down and, and got rearchitected for the cloud, they got more modular, they got more distributed that centralized security stack became an anti pattern. So now this kind of over rotation, Hey, let's take this stack and, and put it up in the cloud. You know, so there's lots of names for this secure access, service edge, you know, secure service edge. But in the end, you know, you're taking your controls and, and migrating them into the cloud. And, you know, I think ultimately this creates a great opportunity to embrace some of security, best practices that were difficult to do in some of the legacy architectures, which is being able to push your controls as far out to the edge as possible. >>And the interesting thing about OT and OT now is just how far out the edge is, right? So instead of being, you know, historically it was the branch or user edge, remote access edge, you know, Syon mentioned that you, you have technologies that can VPN or bring those identities into those networks, but now you have all these things, you know, partners, devices. So it's the thing, edge device edge, the user edge. So a lot more fidelity and awareness around who users are. Cause in parallel, a lot of the IDP and I IBM's platforms have really matured. So marrying those concepts of this, this lot of maturity around identity management yeah. With device in and behavior management into a common security framework is really exciting. But of course it's very nascent. So people are, it's a difficult time getting your arms around >>That. It's funny. We were joking about the edge. We just watching the web telescope photos come in the deep space, the deep edge. So the edge is continuing to be pushed out. Totally see that. And in fact, you know, one of the things we're gonna, we're gonna talk about this survey that you guys had done by an independent firm has a lot of great data. I want to unpack that, but one of the things that was mentioned in there, and I'll get, I wanna get your both reaction to this is that virtually all organizations are committing to the public cloud. Okay. I think it was like 96% or so was the stat. And if you combine in that, the fact that the edge is expanding, the cloud model is evolving at the edge. So for instance, a building, there's a lot behind it. You know, how far does it go? So we don't and, and what is the topology because the topology seem to change too. So there's this growth and change where we need cloud operations, DevOps at, at the edge and the security, but it's changing. It's not pure cloud, but it's cloud. It has to be compatible. What's your reaction to that, Tim? I mean, this is, this is a big part of the growth of industrial. >>Yeah. I think, you know, if you think about, there's kind of two exciting developments that I would think of, you know, obviously there's this increase to the surface area, the tax surface areas, people realize, you know, it's not just laptops and devices and, and people that you're trying to secure, but now they're, you know, refrigerators and, you know, robots and manufacturing floors that, you know, could be compromised, have their firmware updated or, you know, be ransomware. So this a huge kind of increase in surface area. But a lot of those, you know, industrial devices, weren't built around the concept with network security. So kind of bolting on, on thinking through how can you secure who and what ultimately has access to those, to those devices and things. And where is the control framework? So to your point, the control framework now is typically migrated now into public cloud. >>These are custom applications, highly distributed, highly available, very modular. And then, you know, so how do you, you know, collect the telemetry or control information from these things. And then, you know, it creates secure connections back into these, these control applications, which again, are now migrated to public cloud. So you have this challenge, you know, how do you secure? We were talking about this last time we discussed, right. So how do you secure the infrastructure that I've, I've built in deploying now, this control application and in public cloud, and then connect in with this, this physical presence that I have with these, you know, industrial devices and taking telemetry and control information from those devices and bringing it back into the management. And this kind marries again, back into the remote axis that Sunan was mentioning now with this increase awareness around the efficacy of ransomware, we are, you know, we're definitely seeing attackers going after the management frameworks, which become very vulnerable, you know, and they're, they're typically just unprotected web applications. So once you get control of the management framework, regardless of where it's hosted, you can start moving laterally and, and causing some damage. >>Yeah. That seems to be the common thread. So no talk about, what's your reaction to that because, you know, zero trust, if it's evolving and changing, you, you gotta have zero trust you. I didn't even know it's out there and then it gets connected. How do you solve that problem? Cuz you know, there's a lot of surface area that's evolving all the OT stuff and the new, it, what's the, what's the perspective and posture that the clients your clients are having and customers. Well, >>I, I think they're having this conversation about further mobilizing identity, right? We did start with, you know, user identity that become kind of the first foundational building block for any kind of zero trust implementation. You work with, you know, some sort of SSO identity provider, you get your, you sync with your user directories, you have a single social truth for all your users. >>You authenticate them through an identity provider. However that didn't quite cut it for industrial OT and OT environments. So you see like we have the concept of hardware machines, machine identities now become an important construct, right? The, the legacy notion of being able to put controls and, and, and, and rules based on network constructs doesn't really scale anymore. Right? So you need to have this concept of another abstraction layer of identity that belongs to a service that belongs to an application that belongs to a user that belongs to a piece of hardware. Right. And then you can, yeah. And then you can build a lot more, of course, scalable controls that basically understand the, the trust relation between these identities and enforce that rather than trying to say this internal network can talk to this other internal network through a, through a network circuit. No, those things are really, are not scalable in this new distributed landscape that we live in today. So identity is basically going to operationalize zero trust and a lot more secure access going forward. >>And that's why we're seeing the sassy growth. Right. That's a main piece of it. Is that what you, what you're seeing too? I mean, that seems to be the, the approach >>I think like >>Go >>Ahead to, yeah. I think like, you know, sassy to me is really about, you know, migrating and moving your security infrastructure to the cloud edge, you know, as we talked to the cloud, you know, and then, you know, do you funnel all ingress and egress traffic through this, you know, which is potentially an anti pattern, right? You don't wanna create, you know, some brittle constraint around who and what has access. So again, a security best practices, instead of doing all your enforcement in one place, you can distribute and push your controls out as far to the edge. So a lot of SASI now is really around centralizing policy management, which is the big be one of the big benefits is instead of having all these separate management plans, which always difficult to be very federated policy, right? You can consolidate your policy and then decide mechanism wise how you're gonna instrument those controls at the edge. >>So I think that's the, the real promise of, of the, the sassy movement and the, I think the other big piece, which you kind of touched on earlier is around analytics, right? So it creates an opportunity to collect a whole bunch of telemetry from devices and things, behavior consumption, which is, which is a big, common, best practice around once you have SA based tools that you can instrument in a lot of visibility and how users and devices are behaving in being operated. And to Syon point, you can marry that in with their identity. Yeah. Right. And then you can start building models around what normal behavior is and, you know, with very fine grain control, you can, you know, these types of analytics can discover things that humans just can't discover, you know, anomalous behavior, any kind of indicators are compromised. And those can be, you know, dynamic policy blockers. >>And I think sun's point about what he was talking about, talks about the, the perimeters no longer secure. So you gotta go to the new way to do that. Totally, totally relevant. I love that point. Let me ask you guys a question on the, on the macro, if you don't mind, how concerned are you guys on the current threat landscape in the geopolitical situation in terms of the impact on industrial IOT in this area? >>So I'll let you go first. Yeah. >>I mean, it's, it's definitely significantly concerning, especially if now with the new sanctions, there's at least two more countries being, you know, let's say restricted to participate in the global economic, you know, Mar marketplace, right? So if you look at North Korea as a pattern, since they've been isolated, they've been sanctioned for a long time. They actually double down on rents somewhere to even fund state operations. Right? So now that you have, you know, BES be San Russia being heavily sanctioned due to due to their due, due to their activities, we can envision more increase in ransomware and, you know, sponsoring state activities through illegal gains, through compromising, you know, pipelines and, you know, industrial, you know, op operations and, and seeking large payouts. So, so I think the more they will, they're ized they're pushed out from the, from the global marketplace. There will be a lot more aggression towards critical infrastructure. >>Oh yeah. I think it's gonna ignite more action off the books, so to speak as we've seen. Yeah. We've >>Seen, you know, another point there is, you know, Barracuda also runs a, a backup, you know, product. We do a, a purpose built backup appliance and a cloud to cloud backup. And, you know, we've been running this service for over a decade. And historically the, the amount of ransomware escalations that we got were very slow, you know, is whenever we had a significant one, helping our customers recover from them, you know, you know, once a month, but over the last 18 months, this is routine now for us, this is something we deal with on a daily basis. And it's becoming very common. You know, it's, it's been a well established, you know, easily monetized route to market for the bad guys. And, and it's being very common now for people to compromise management planes, you know, they use account takeover. And the first thing they're doing is, is breaking into management planes, looking at control frameworks. And then first thing they'll do is delete, you know, of course the backups, which this sort of highlights the vulnerability that we try to talk to our customers about, you know, and this affects industrial too, is the first thing you have to do is among other things, is, is protect your management planes. Yeah. And putting really fine grain mechanisms like zero trust is, is a great, >>Yeah. How, how good is backup, Tim, if you gets deleted first is like no backup. There it is. So, yeah. Yeah. Air gaping. >>I mean, obviously that's kinda a best practice when you're bad guys, like go in and delete all the backups. So, >>And all the air gaps get in control of everything. Let me ask you about the, the survey pointed out that there's a lot of security incidents happening. You guys pointed that out and discussed a little bit of it. We also talked about in the survey, you know, the threat vectors and the threat landscape, the common ones, ransomware was one of them. The area that I liked, what that was interesting was the, the area that talked about how organizations are investing in security and particularly around this, can you guys share your thoughts on how you see the, the market, your customers and, and the industry investing? What are they investing in? What stage are they in when it comes to IOT and OT, industrial IOT and OT security, do they do audits? Are they too busy? I mean, what's the state of their investment thesis progress of, of, of how they're investing in industrial IOT? >>Yeah. Our, our view is, you know, we have a next generation product line. We call, you know, our next, our cloud chain firewalls. And we have a form factor that sports industrial use cases we call secure connectors. So it's interesting that if you, what we learned from that business is a tremendous amount of bespoke efforts at this point, which is sort of indicative of a, of a nascent market still, which is related to another piece of information I thought was really interested in the survey that I think it was 93% of the, the participants, the enterprises had a failed OT initiative, you know, that, you know, people tried to do these things and didn't get off the ground. And then once we see build, you know, strong momentum, you know, like we have a, a large luxury car manufacturer that uses our secure connectors on the, on the robots, on the floor. >>So well established manufacturing environments, you know, building very sophisticated control frameworks and, and security controls. And, but again, a very bespoke effort, you know, they have very specific set of controls and specific set of use cases around it. So it kind of reminds me of the late nineties, early two thousands of people trying to figure out, you know, networking and the blast radi and networking and, and customers, and now, and a lot of SI are, are invested in this building, you know, fast growing practices around helping their customers build more robust controls in, in helping them manage those environments. So, yeah, I, I think that the market is still fairly nascent >>From what we seeing, right. But there are some encouraging, you know, data that shows that at least helpful of the organizations are actively pursuing. There's an initiative in place for OT and a, you know, industrial IOT security projects in place, right. They're dedicating time and resources and budget for this. And, and in, in regards to industries, verticals and, and geographies oil and gas, you know, is, is ahead of the curve more than 50% responded to have the project completed, which I guess colonial pipeline was the, you know, the call to arms that, that, that was the big, big, you know, industrial, I guess, incident that triggered a lot of these projects to be accelerating and, and, you know, coming to the finish line as far as geographies go DACA, which is Germany, Austria, Switzerland, and of course, north America, which happens to be the industrial powerhouses of, of the world. Well, APAC, you know, also included, but they're a bit behind the curve, which is, you know, that part is a bit concerning, but encouragingly, you know, Western Europe and north America is ahead of these, you know, projects. A lot of them are near completion or, or they're in the middle of some sort of an, you know, industrial IOT security project right >>Now. I'm glad you brought the colonial pipeline one and, and oil and gas was the catalyst. Again, a lot of, Hey, scared that better than, than me kinda attitude, better invest. So I gotta ask you that, that supports Tim's point about the management plane. And I believe on that hack or ransomware, it wasn't actually control of the pipeline. It was control over the management billing, and then they shut down the pipeline cuz they were afraid it was gonna move over. So it wasn't actually the critical infrastructure itself to your point, Tim. >>Yeah. It's hardly over the critical infrastructure, by the way, you always go through the management plane, right. It's such an easier lying effort to compromise because it runs on an endpoint it's standard endpoint. Right? All this control software will, will be easier to get to rather than the industrial hardware itself. >>Yeah. It's it's, it's interesting. Just don't make a control software at the endpoint, put it zero trust. So down that was a great point. Oh guys. So really appreciate the time and the insight and, and the white paper's called NETEC it's on the Barracuda. Netex industrial security in 2022. It's on the barracuda.com website Barracuda network guys. So let's talk about the read force event hasn't been around for a while cuz of the pandemic we're back in person what's changed in 2019 a ton it's like security years is not dog years anymore. It's probably dog times too. Right. So, so a lot's gone on where are we right now as an industry relative to the security cybersecurity. Could you guys summarize kind of the, the high order bit on where we are today in 2022 versus 2019? >>Yeah, I think, you know, if you look at the awareness around how to secure infrastructure in applications that are built in public cloud in AWS, it's, you know, exponentially better than it was. I think I remember when you and I met in 2018 at one of these conferences, you know, there were still a lot of concerns, whether, you know, IAS was safe, you know, and I think the amount of innovation that's gone on and then the amount of education and awareness around how to consume, you know, public cloud resources is amazing. And you know, I think that's facilitated a lot of the fast growth we've seen, you know, the consistent, fast growth that we've seen across all these platforms >>Say that what's your reaction to the, >>I think the shared responsibility model is well understood, you know, and, and, and, and we can see a lot more implementation around, you know, CSBM, you know, continuously auditing the configurations in these cloud environments become a, a standard table stake, you know, investment from every stage of any business, right? Whether from early state startups, all the way to, you know, public companies. So I think it's very well understood and, and the, and the investment has been steady and robust when it comes to cloud security. We've been busy, you know, you know, helping our customers and AWS Azure environments and, and others. So I, I think it's well understood. And, and, and we are on a very optimistic note actually in a good place when it comes to public cloud. >>Yeah. A lot of great momentum, a lot of scale and data act out there. People sharing data, shared responsibility. Tim is in, thank you for sharing your insights here in this cube segment coverage of reinforce here in Boston. Appreciate it. >>All right. Thanks for having >>Us. Thank you. >>Okay, everyone. Thanks for watching the we're here at the reinforced conference. AWS, Amazon web services reinforced. It's a security focused conference. I'm John furier host of the cube. We'd right back with more coverage after the short break.

(upbeat music) >> Okay, welcome back everyone. CUBE's coverage here in Boston, Massachusetts, AWS re:inforce 22, security conference. It's AWS' big security conference. Of course, theCUBE's here, all the reinvent, reese, remars, reinforced. We cover 'em all now and the summits. I'm John Furrier, my host Dave Vellante. We have IDC weighing in here with their analysts. We've got some great guests here, Jay Bretzmann research VP at IDC and Philip Bues research manager for Cloud security. Gentlemen, thanks for coming on. >> Thank you. >> Appreciate it. Great to be here. >> Appreciate coming. >> Got a full circle, right? (all laughing) Security's more interesting than storage, isn't it? (all laughing) >> Dave and Jay worked together. This is a great segment. I'm psyched that you guys are here. We had Crawford and Matt Eastwood on at HPE Discover a while back and really the data you guys are getting and the insights are fantastic. So congratulations to IDC. You guys doing great work. We appreciate your time. I want to get your reaction to the event and the keynotes. AWS has got some posture and they're very aggressive on some tones. Some things that we didn't hear. What's your reaction to the keynote? Share your assessment. >> So, you know, I manage two different research services at IDC right now. They are both Cloud security and identity and digital security, right? And what was really interesting is the intersection between the two this morning, because every one of those speakers that came on had something to say about identity or least privileged access, or enable MFA, or make sure that you control who gets access to what and deny explicitly. And it's always been a challenge a little bit in the identity world because a lot of people don't use MFA. And in RSA, that was another big theme at the RSA conference, MFA everywhere. Why don't they use it? Because it introduces friction and all of a sudden people can't get their jobs done. And the whole point of a network is letting people on to get that data they want to get to. So that was kind of interesting, but as we have in the industry, this shared responsibility model for Cloud computing, we've got shared responsibility for between Philip and I. (Philip laughing) I have done in the past more security of the Cloud and Philip is more security in the Cloud. >> So yeah. >> And now with Cloud operation Super Cloud, as we call it, you have on premises, private Cloud coming back, or hasn't really gone anywhere, all that on premises, Cloud operations, public Cloud, and now edge exploding with new requirements. It's really an ops challenge right now. Not so much dev. So the sec and op side is hot right now. >> Yeah, well, we've made this move from monolithic to microservices based applications. And so during the keynote this morning, the announcement around the GuardDuty Malware Protection component, and that being built into the pricing of current GuardDuty, I thought was really key. And there was also a lot of talk about partnering in security certifications, which is also so very important. So we're seeing this move towards filling in that talent gap, which I think we're all aware of in the security industry. >> So Jake, square the circle for me. So Kirk Coofell talked about Amazon AWS identity, where does AWS leave off, and companies like Okta or Ping identity or Cybertruck pickup, how are they working together? Does it just create more confusion and more tools for customers? We know the overused word of seamless. >> Yeah, yeah. >> It's never seamless, so how should we think about that? >> So, identity has been around for 35 years or something like that. Started with the mainframes and all that. And if you understand the history of it, you make more sense to the current market. You have to know where people came from and the baggage they're carrying, 'cause they're still carrying a lot of that baggage. Now, when it comes to the Cloud Service providers, they're more an accommodation from the identity standpoint. Let's make it easy inside of AWS to let you single sign on to anything in the Cloud that they have, right? Let's also introduce an additional MFA capability to keep people safer whenever we can and provide people with tools, to get into those applications somewhat easily, while leveraging identities that may live somewhere else. So there's a whole lot of the world that is still active, directory-centric, right? There's another portion of companies that were born in the Cloud that were able to jump on things like Okta and some of the other providers of these universal identities in the Cloud. So, like I said, if you understand where people came from in the beginning, you start to say, "Yeah, this makes sense." >> It's interesting you talk about mainframe. I always think about Rack F, you know. And I say, "Okay, who did what, when, where?" And you hear about a lot of those themes. So what's the best practice for MFA, that's non-SMS-based? Is it you got to wear something around your neck, is it to have sort of a third party authenticator? What are people doing that you guys would recommend? >> Yeah, one quick comment about adoption of MFA. If you ask different suppliers, what percent of your base that does SSO also does MFA, one of the biggest suppliers out there, Microsoft will tell you it's under 25%. That's pretty shocking. All the messaging that's come out about it. So another big player in the market was called Duo, Cisco bought them. >> Yep. >> And because they provide networks, a lot of people buy their MFA. They have probably the most prevalent type of MFA, it's called Push. And Push can be a red X and a green check mark to your phone, it can be a QR code, somewhere, it can be an email push as well. So that is the next easiest thing to adopt after SMS. And as you know, SMS has been denigrated by NIST and others saying, it's susceptible to man and middle attacks. It's built on a telephony protocol called SS7. Predates anything, there's no certification either side. The other real dynamic and identity is the whole adoption of PKI infrastructure. As you know, certificates are used for all kinds of things, network sessions, data encryption, well, identity increasingly. And a lot of the consumers and especially the work from anywhere, people these days have access through smart devices. And what you can do there, is you can have an agent on that smart device, generate your private key and then push out a public key and so the private key never leaves your device. That's one of the most secure ways to- >> So if our SIM card gets hacked, you're not going to be as vulnerable? >> Yeah, well, the SIM card is another challenge associated with the older ways, but yeah. >> So what do you guys think about the open source connection and they mentioned it up top. Don't bolt on security, implying shift left, which is embedding it in like sneak companies, like sneak do that. Very container oriented, a lot of Kubernetes kind of Cloud native services. So I want to get your reaction to that. And then also this reasoning angle they brought up. Kind of a higher level AI reasoning decisions. So open source, and this notion of AI reasoning. or AI reason. >> And you see more open source discussion happening, so you have your building maintaining and vetting of the upstream open source code, which is critical. And so I think AWS talking about that today, they're certainly hitting on a nerve, as you know, open source continues to proliferate. Around the automated reasoning, I think that makes sense. You want to provide guide rails and you want to provide roadmaps and you want to have sort of that guidance as to, okay, what's a correlation analysis of different tools and products? And so I think that's going to go over really well, yeah. >> One of the other key points about open source is, everybody's in a multi-cloud world, right? >> Yeah. >> And so they're worried about vendor lock in. They want an open source code base, so that they don't experience that. >> Yeah, and they can move the code around, and make sure it works well on each system. Dave and I were just talking about some of the dynamics around data control planes. So they mentioned encrypt everything which is great and I message by the way, I love that one. But oh, and he mentioned data at rest. I'm like, "What about data in flight? "Didn't hear that one." So one of the things we're seeing with SuperCloud, and now multi-cloud kind of as destinations of that, is that in digital transformation, customers are leaning into owning their data flows. >> Yeah. >> Independent of say the control plane aspects of what could come in. This is huge implications for security, where sharing data is huge, even Schmidt on stage said, we have billions and billions of things happening that we see things that no one else sees. So that implies, they're sharing- >> Quad trillion. >> Trillion, 15 zeros. (Jay laughs) >> 15 zeros. >> So that implies they're sharing that or using that pushing that into something. So sharing is huge with cyber security. So that implies open data, data flows. How do you guys see this evolving? I know it's kind of emerging, but it's becoming a nuanced point, that's critical to the architecture. >> Well, yeah, I think another way to look at that is the sharing of intelligence and some of the recent directives, from the executive branch, making it easier for private companies to share data and intelligence, which I think strengthens the cyber community overall. >> Depending upon the supplier, it's either an aggregate level of intelligence that has been anonymized or it's specific intelligence for your environment that everybody's got a threat feed, maybe two or three, right? (John laughs) But back to the encryption point, I mean, I was working for an encryption startup for a little while after I left IBM, and the thing is that people are scared of it. They're scared of key management and rotation. And so when you provide- >> Because they might lose the key. >> Exactly. >> Yeah. >> It's like shooting yourself in the foot, right? So that's when you have things like, KMS services from Amazon and stuff that really help out a lot. And help people understand, okay, I'm not alone in this. >> Yeah, crypto owners- >> They call that hybrid, the hybrid key, they don't know how they call the data, they call it the hybrid. What was that? >> Key management service? >> The hybrid- >> Oh, hybrid HSM, correct? >> Yeah, what is that? What is that? I didn't get that. I didn't understand what he meant by the hybrid post quantum key agreement. >> Hybrid post quantum key exchange. >> AWS never made a product name that didn't have four words in it. (John laughs) >> But he did reference the new NIST algos. And I think I inferred that they were quantum proof or they claim to be, and AWS was testing those. >> Correct, yeah. >> So that was kind of interesting, but I want to come back to identity for a second. So, this idea of bringing traditional IAM and Privileged Access Management together, is that a pipe dream, is that something that is actually going to happen? What's the timeframe, what's your take on that? >> So, there are aspects of privilege in every sort of identity. Back when it was only the back office that used computers for calculations, right? Then you were able to control how many people had access. There were two types of users, admins and users. These days, everybody has some aspect of- >> It's a real spectrum, really. >> Yeah. >> Granular. >> You got the C-suite, the finance people, the DevOps people, even partners and whatever. They all need some sort of privileged access, and the term you hear so much is least-privileged access, right? Shut it down, control it. So, in some of my research, I've been saying that vendors who are in the PAM space, Privilege Access Management space, will probably be growing their suites, playing a bigger role, building out a stack, because they have the expertise and the perspective that says, "We should control this better." How do we do that, right? And we've been seeing that recently. >> Is that a combination of old kind of antiquated systems meets for proprietary hyper scale, or kind of like build your own? 'Cause I mean, Amazon, these guys, Facebook, they all build their own stuff. >> Yes, they do. >> Then enterprises buy services from general purpose identity management systems. >> So as we were talking about knowing the past and whatever, Privileged Access Management used to be about compliance reporting. Just making sure that I knew who accessed what? And could prove it, so I didn't fail at all. >> It wasn't a critical infrastructure item. >> No, and now these days, what it's transitioning into, is much more risk management, okay. I know what our risk is, I'm ahead of it. And the other thing in the PAM space, was really session monitor. Everybody wanted to watch every keystroke, every screen's scrape, all that kind of stuff. A lot of the new Privileged Access Management, doesn't really require that. It's a nice to have feature. You kind of need it on the list, but is anybody really going to implement it? That's the question, right. And then if you do all that session monitoring, does anybody ever go back and look at it? There's only so many hours in the day. >> How about passwordless access? (Jay laughs) I've heard people talk about that. I mean, that's as a user, I can't wait but- >> Well, it's somewhere we want to all go. We all want identity security to just disappear and be recognized when we log in. So the thing with passwordless is, there's always a password somewhere. And it's usually part of a registration action. I'm going to register my device with a username password, and then beyond that I can use my biometrics, right? I want to register my device and get a private key, that I can put in my enclave, and I'll use that in the future. Maybe it's got to touch ID, maybe it doesn't, right? So even though there's been a lot of progress made, it's not quote, unquote, truly passwordless. There's a group, industry standards group called Fido. Which is Fast Identity Online. And what they realized was, these whole registration passwords, that's really a single point of failure. 'Cause if I can't recover my device, I'm in trouble. So they just did new extension to sort of what they were doing, which provides you with much more of like an iCloud vault that you can register that device in and other devices associated with that same identity. >> Get you to it if you have to. >> Exactly. >> I'm all over the place here, but I want to ask about ransomware. It may not be your wheelhouse. But back in the day, Jay, remember you used to cover tape. All the backup guys now are talking about ransomware. AWS mentioned it today and they showed a bunch of best practices and things you can do. Air gaps wasn't one of them. I was really surprised 'cause that's all every anybody ever talks about is air gaps and a lot of times that air gap could be a guess to the Cloud, I guess, I'm not sure. What are you guys seeing on ransomware apps? >> We've done a lot of great research around ransomware as a service and ransomware, and we just had some data come out recently, that I think in terms of spending and spend, and as a result of the Ukraine-Russia war, that ransomware assessments rate number one. And so it's something that we encourage, when we talk to vendors and in our services, in our publications that we write about taking advantage of those free strategic ransomware assessments, vulnerability assessments, as well and then security and training ranked very highly as well. So, we want to make sure that all of these areas are being funded well to try and stay ahead of the curve. >> Yeah, I was surprised to not see air gaps on the list, that's all everybody talks about. >> Well, the old model for air gaping in the land days, the novel days, you took your tapes home and put them in the sock drawer. (all laughing) >> Well, it's a form of air gap. (all laughing) >> Security and no one's going to go there and clean out. >> And then the internet came around and ruined it. >> Guys, final question we want to ask you, guys, we kind of zoom out, great commentary by the way. Appreciate it. We've seen this in many markets, a collection of tools emerge and then there's its tool sprawl. So cyber we're seeing the trend now where mon goes up on stage of all the ecosystems, probably other vendors doing the same thing where they're organizing a platform on top of AWS to be this super platform, for super Cloud capability by building a more platform thing. So we're saying there's a platform war going on, 'cause customers don't want the complexity. I got a tool but it's actually making it more complex if I buy the other tool. So the tool sprawl becomes a problem. How do you guys see this? Do you guys see this platform emerging? I mean tools won't go away, but they have to be easier. >> Yeah, we do see a consolidation of functionality and services. And we've been seeing that, I think through a 2020 Cloud security survey that we released that was definitely a trend. And that certainly happened for many companies over the last six to 24 months, I would say. And then platformization absolutely is something we talk and write about all the time so... >> Couple of years ago, I called the Amazon tool set an erector set because it really required assembly. And you see the emphasis on training here too, right? You definitely need to go to AWS University to be competent. >> It wasn't Lego blocks yet. >> No. >> It was erector set. >> Yeah. >> Very good distinction. >> Loose. >> And you lose a few. (chuckles) >> But still too many tools, right? You see, we need more consolidation. It's getting interesting because a lot of these companies have runway and you look at sale point at stock prices held up 'cause of the Thoma Bravo acquisition, but all the rest of the cyber stocks have been crushed especially the high flyers, like a Sentinel-1 one or a CrowdStrike, but just still M and A opportunity. >> So platform wars. Okay, final thoughts. What do you, think is happening next? What's your outlook for the next year or so? >> So, in the identity space, I'll talk about, Philip can cover Cloud for us. It really is more consolidation and more adoption of things that are beyond simple SSO. It was, just getting on the systems and now we really need to control what you're able to get to and who you are. And do it as transparently as we possibly can, because otherwise, people are going to lose productivity. They're not going to be able to get to what they want. And that's what causes the C-suite to say, "Wait a minute," DevOps, they want to update the product every day. Make it better. Can they do that or did security get in the way? People, every once in a while call security, the Department of No, right? >> They ditch it on stage. They want to be the Department of Yes. >> Exactly. >> Yeah. >> And the department that creates additional value. If you look at what's going on with B2C or CIAM, consumer oriented identity, that is all about opening up new direct channels and treating people like their old friends, not like you don't know them, you have to challenge them. >> We always say, you want to be in the boat together, it sinks or not. >> Yeah. Exactly. >> Philip I'm glad- >> Okay, what's your take? What's your outlook for the year? >> Yeah, I think, something that we've been seeing as consolidation and integration, and so companies looking at from built time to run time, investing in shift left infrastructure is code. And then also in the runtime detection, makes perfect sense to have both the agent and agent lists so that you're covering any of the gaps that might exist. >> Awesome, Jay Phillip, thanks for coming on "theCUBE" with IDC and sharing your- >> Oh, our pleasure- >> Perspective, commentary and insights and outlook. Appreciate it. >> You bet. >> Thank you. >> Okay, we've got the great direction here from IDC analyst here on the queue. I'm John Furrier, Dave Vellante. Be back more after this short break. (bright upbeat music)

>>Okay, welcome back everyone. Cube's coverage here in Boston, Massachusetts, AWS reinforced 22, the security conference. It's ADOS big security conference. Of course, the cubes here, all the reinvent res re Mars reinforce. We cover 'em all now and the summits. I'm John. Very my host, Dave ante have IDC weighing in here with their analysis. We've got some great guests here, Jay Brisbane, research VP at IDC and Philip who research managed for cloud security. Gentlemen, thanks for coming on. Thank you. Appreciate it. Great >>To, to be here. I appreciate the got the full >>Circle, right? Just, security's more interesting >>Than storage. Isn't it? >>Dave, Dave and Jay worked together. This is a, a great segment. I'm psyched that you guys are here. We had Crawford and Matt Eastwood on at HPE discover a while back and really the, the, the data you guys are getting and the insights are fantastic. So congratulations to IDC. You guys doing great work. We appreciate your time. I wanna get your reaction to the event and the keynotes. AWS has got some posture and they're very aggressive on some tones. Some things that they didn't, we didn't hear. What's your reaction to the keynote, share your, your assessment. >>So, you know, I managed two different research services at IDC right now. They are both cloud security and identity and, and digital security. Right. And what was really interesting is the intersection between the two this morning, because every one of those speakers that came on had something to say about identity or least privileged access, or, you know, enable MFA, or make sure that you, you know, control who gets access to what and deny explicitly. Right? And it's always been a challenge a little bit in the identity world because a lot of people don't use MFA. And in RSA, that was another big theme at the RSA conference, right? MFA everywhere. Why don't they use it because it introduces friction and all of a sudden people can't get their jobs done. Right. And the whole point of a network is letting people on to get that data they want to get to. So that was kind of interesting, but, you know, as we have in the industry, this shared responsibility model for cloud computing, we've got shared responsibility for between Philip and I, I have done in the ke past more security of the cloud and Philip is more security in the cloud, >>So yeah. And it's, and now with cloud operation, super cloud, as we call it, you have on premises, private cloud coming back, or hasn't really gone anywhere, all that on premises, cloud operations, public cloud, and now edge exploding with new requirements. Yeah. It's really an ops challenge right now. Not so much dev. So the sick and op side is hot right now. >>Yeah. Well, we've made this move from monolithic to microservices based applications. And so during the keynote this morning, the announcement around the guard duty malware protection component, and that being built into the pricing of current guard duty, I thought was, was really key. And there was also a lot of talk about partnering in security certifications. Yeah. Which is also so very important. So we're seeing this move towards filling in that talent gap, which I think we're all aware of in the security industry. >>So Jake square, the circle for me. So Kirk, Coel talked about Amazon AWS identity, where does AWS leave off and, and companies like Okta or ping identity or crock pickup, how are they working together? Does it just create more confusion and more tools for customers? We, we have, we know the over word overused word of seamless. Yeah. Yeah. It's never seamless. So how should we think about that? >>So, you know, identity has been around for 35 years or something like that started with the mainframes and all that. And if you understand the history of it, you make more sense to the current market. You have to know where people came from and the baggage they're carrying, cuz they're still carrying a lot of that baggage. Now, when it comes to the cloud service providers, they're more an accommodation from the identity standpoint, let's make it easy inside of AWS to let you single sign on to anything in the cloud that they have. Right. Let's also introduce an additional MFA capability to keep people safer whenever we can and, you know, provide people the tools to, to get into those applications somewhat easily, right. While leveraging identities that may live somewhere else. So, you know, there's a whole lot of the world that is still active directory centric, right? There's another portion of companies that were born in the cloud that were able to jump on things like Okta and some of the other providers of these universal identities in the cloud. So, you know, like I said, you, if you understand where people came from in the beginning, you start to, to say, yeah, this makes sense. >>It's, it's interesting. You talk about mainframe. I, I always think about rack F you know, and I say, okay, who did what, when, where, yeah. And you hear about a lot of those themes. What, so what's the best practice for MFA? That's, that's non SMS based. Is it, you gotta wear something around your neck, is it to have sort of a third party authenticator? What are people doing that is that, that, that you guys would recommend? >>Yeah. One quick comment about adoption of MFA. You know, if you ask different suppliers, what percent of your base that does SSO also does MFA one of the biggest suppliers out there Microsoft will tell you it's under 25%. That's pretty shocking. Right? All the messaging that's come out about it. So another big player in the market was called duo. Cisco bought them. Yep. Right. And because they provide networks, a lot of people buy their MFA. They have probably the most prevalent type of MFA it's called push. Right. And push can be, you know, a red X and a green check mark to your phone. It can be a QR code, you know, somewhere, it can be an email push as well. So that is the next easiest thing to adopt after SMS. And as you know, SMS has been denigrated by N and others saying, you know, it's susceptible to man and middle attacks. >>It's built on a telephony protocol called SS seven. Yep. You know, predates anything. There's no certification, either side. The other real dynamic and identity is the whole adoption of PKI infrastructure. As you know, certificates are used for all kinds of things, network sessions, data encryption, well identity increasingly, and a lot of the, you know, consumers and especially the work from anywhere, people these days have access through smart devices. Right. And what you can do there is you can have an agent on that smart device, generate your private key and then push out a public key. And so the private key never leaves your device. That's one of the most secure ways to, so if your >>SIM card gets hacked, you're not gonna be as at vulnerable >>Or as vulnerable. Well, the SIM card is another, you know, challenge associated with the, the older waste. But yeah. Yeah. >>So what do you guys think about the open source connection and, and they, they mentioned it up top don't bolt on security implying shift left, which is embedding it in like sneak companies, like sneak do that, right. Container oriented, a lot of Kubernetes kind of cloud native services. So I wanna get your reaction to that. And then also this reasoning angle, they brought up kind of a higher level AI reasoning decisions. So open source and this notion of AI reasoning >>Automation. Yeah. And, and you see more open source discussion happening, right. So you, you know, you have your building maintaining and vetting of the upstream open source code, which is critical. And so I think AWS talking about that today, they're certainly hitting on a nerve as, you know, open source continues to proliferate around the automated reasoning. I think that makes sense. You know, you want to provide guiderails and you want to provide roadmaps and you wanna have sort of that guidance as to okay. What's the, you know, a correlation analysis of different tools and products. And so I think that's gonna go over really well. >>Yeah. One of the other, you know, key points of what open source is, everybody's in a multi-cloud world, right? Yeah. And so they're worried about vendor lockin, they want an open source code base so that they don't experience that. >>Yeah. And they can move the code around and make sure it works well on each system. Dave and I were just talking about some of the dynamics around data control planes. So yeah. They mentioned encrypt everything, which is great. And I message, by the way, I love that one, but oh. And he mentioned data at rest. I'm like, what about data in flight? Didn't hear that one. So one of the things we're seeing with super cloud, and now multi-cloud kind of, as destinations of that, is that in digital transformation, customers are leaning into owning their data flows. >>Yeah. >>Independent of say the control plane aspects of what could come in. This is huge implications for security, where sharing data is huge. Even Schmidt on Steve said we have billions and billions of things happening that we see things that no one else else sees. So that implies, they're >>Sharing quad trillion, >>Trillion, 15 zeros trillion. Yeah. 15 >>Zeros, 15 zeros. Yeah. >>So that implies, they're sharing that or using that, pushing that into something. So sharing's huge with cyber security. So that implies open data, data flows. What do, how do you guys see this evolving? I know it's kind of emerging, but it's becoming a, a nuanced point that's critical to the architecture. >>Well, I, yeah, I think another way to look at that is the sharing of intelligence and some of the recent directives, you know, from the executive branch, making it easier for private companies to share data and intelligence, which I think strengthens the cyber community overall, >>Depending upon the supplier. Right? Yeah. It's either an aggregate level of intelligence that has been, you know, anonymized or it's specific intelligence for your environment that, you know, everybody's got a threat feed, maybe two or three, right. Yeah. But back to the encryption point, I mean, I was working for an encryption startup for a little while. Right after I left IBM. And the thing is that people are scared of it. Right. They're scared of key management and rotation. And so when you provide, >>Because they might lose the key. >>Exactly. Yeah. It's like shooting yourself in the foot. Right. So that's when you have things like, you know, KMS services from Amazon and stuff, they really help out a lot and help people understand, okay, I'm not alone in this. >>Yeah. Crypto >>Owners, they call that hybrid, the hybrid key, they call the, what they call the, today. They call it the hybrid. >>What was that? The management service. Yeah. The hybrid. So hybrid HSM, correct. >>Yeah. What is that? What is that? I didn't, I didn't get that. I didn't understand what he meant by the hybrid post hybrid, post quantum key agreement. Right. That still notes >>Hybrid, post quantum key exchange, >>You know, AWS never made a product name that didn't have four words in it, >>But he did, but he did reference the, the new N algos. And I think I inferred that they were quantum proof or the claim it be. Yeah. And AWS was testing those. Correct. >>Yeah. >>So that was kind of interesting, but I wanna come back to identity for a second. Okay. So, so this idea of bringing traditional IAM and, and privilege access management together, is that a pipe dream, is that something that is actually gonna happen? What's the timeframe, what's your take on that? >>So, you know, there are aspects of privilege in every sort of identity back when, you know, it was only the back office that used computers for calculations, right? Then you were able to control how many people had access. There were two types of users, admins, and users, right? These days, everybody has some aspect of, >>It's a real spectrum, really >>Granular. You got the, you know, the C suite, the finance people, the DevOps, people, you know, even partners and whatever, they all need some sort of privileged access. And the, the term you hear so much is least privileged access. Right? Shut it down, control it. So, you know, in some of my research, I've been saying that vendors who are in the Pam space privilege access management space will probably be growing their suites, playing a bigger role, building out a stack because they have, you know, the, the expertise and the, and the perspective that says we should control this better. How do we do that? Right. And we've been seeing that recently, >>Is that a combination of old kind of antiquated systems meets for proprietary hyperscale or kind of like build your own? Cause I mean, Amazon, these guys, they Facebook, they all build their own stuff. >>Yes. They >>Do enterprises buy services from general purpose identity management systems. >>So as we were talking about, you know, knowing the past and whatever privileged access management used to be about compliance reporting. Yeah. Right. Just making sure that I knew who accessed what and could prove it. So I didn't fail in art. It wasn't >>A critical infrastructure item. >>No. And now these days, what it's transitioning into is much more risk management. Okay. I know what our risk is. I'm ahead of it. And the other thing in the Pam space was really session monitor. Right. Everybody wanted to watch every keystroke, every screen's scrape, all that kind of stuff. A lot of the new privilege access Mon management doesn't really require that it's nice to have feature. You kind of need it on the list, but is anybody really gonna implement it? That's the question. Right. And then, you know, if, if you do all that session monitor, does anybody ever go back and look at it? There's only so many hours in the day. >>How about passwordless access? You know? Right. I've heard people talk about that. Yeah. I mean, that's as a user, I can't wait, but >>It's somewhere we want to all go. Yeah. Right. We all want identity security to just disappear and be recognized when we log in. So the, the thing with password list is there's always a password somewhere and it's usually part of a registration, you know, action. I'm gonna register my device with a username password. And then beyond that, I can use my biometrics. Right. I wanna register my device and get a private key that I can put in my enclave. And I'll use that in the future. Maybe it's gotta touch ID. Maybe it doesn't. Right. So even though there's been a lot of progress made, it's not quote unquote, truly passwordless, there's a group industry standards group called Fido. Right. Which is fast identity online. And what they realized was these whole registration passwords. That's really a single point of failure. Cuz if I can't recover my device, I'm in trouble. Yeah. So they just did a, a new extension to sort of what they were doing, which provides you with much more of a, like an iCloud vault, right. That you can register that device in and other devices associated with that same iPad that you can >>Get you to it. If you >>Have to. Exactly. I had >>Another have all over the place here, but I, I want to ask about ransomware. It may not be your wheelhouse. Yeah. But back in the day, Jay, remember you used to cover tape. All the, all the backup guys now are talking about ransomware. AWS mentioned it today and they showed a bunch of best practices and things you can do air gaps. Wasn't one, one of 'em. Right. I was really surprised cuz that's all, every anybody ever talks about is air gaps. And a lot of times that air gaps that air gap could be a guess to the cloud. I guess I'm not sure. What are you guys seeing on ransomware >>Apps? You know, we've done a lot of great research around ransomware as a service and ransomware and, and you know, we just had some data come out recently that I think in terms of spending and, and spend and in as a result of the Ukraine, Russia war, that ransomware assessments rate number one. And so it's something that we encourage, you know, when we talk to vendors and in our services, in our publications that we write about taking advantage of those free strategic ransomware assessments, vulnerability assessments, right. As well, and then security and training ranked very highly as well. So we wanna make sure that all of these areas are being funded well to try and stay ahead of the curve. >>Yeah. I was surprised that not the air gaps on the list, that's all everybody >>Talks about. Well, you know, the, the old model for air gaping in the, the land days, the Noel days, you took your tapes home and put 'em in the sock drawer. >>Well, it's a form of air gap security and no one's gonna go there >>Clean. And then the internet came around >>Guys. Final question. I want to ask you guys, we kind zoom out. Great, great commentary by the way. Appreciate it. As the, we've seen this in many markets, a collection of tools emerge and then there's it's tool sprawl. Oh yeah. Right? Yeah. So cyber we're seeing trend now where Mon goes up on stage of all the E probably other vendors doing the same thing where they're organizing a platform on top of AWS to be this super platform. If you super cloud ability by building more platform thing. So we're saying there's a platform war going on, cuz customers don't want the complexity. Yeah. I got a tool, but it's actually making it more complex if I buy the other tool. So the tool sprawl becomes a problem. How do you guys see this? Do you guys see this platform emerging? I mean, tools won't go away, but they have to be >>Easier. Yeah. We do see a, a consolidation of functionality and services. And we've been seeing that, I think through a 20, 20 flat security survey that we released, that that was definitely a trend. And you know, that certainly happened for many companies over the last six to 24 months, I would say. And then platformization absolutely is something we talk 'em right. About all the time. So >>More M and a couple of years ago, I called the, the Amazon tool set in rector set. Yeah. Because it really required assembly. Yeah. And you see the emphasis on training here too, right? Yeah. You definitely need to go to AWS university to be competent. It >>Wasn't Lego blocks yet. No, it was a rector set. Very good distinction rules, you know, and, and you lose a few. It's >>True. Still too many tools. Right. You see, we need more consolidation. That's getting interesting because a lot of these companies have runway and you look, you look at sale point, its stock prices held up cuz of the Toma Bravo acquisition, but all the rest of the cyber stocks have been crushed. Yeah. You know, especially the high flyers, like a Senti, a one or a crowd strike, but yeah, just still M and a opportunity >>Itself. So platform wars. Okay. Final thoughts. What do you thinks happening next? What's what's your outlook for the, the next year or so? >>So in the, in the identity space, I'll talk about Phillip can cover cloud force. You know, it really is more consolidation and more adoption of things that are beyond simple SSO, right. It was, you know, just getting on the systems and now we really need to control what you're able to get to and who you are and do it as transparently as we possibly can because otherwise, you know, people are gonna lose productivity, right. They're not gonna be able to get to what they want. And that's what causes the C-suite to say, wait a minute, you know, DevOps, they want to update the product every day. Right. Make it better. Can they do that? Or did security get in the way people every once in a while I'll call security, the department of no, right? Yeah. Well, >>Yeah. They did it on stage. Yeah. They wanna be the department of yes, >>Exactly. And the department that creates additional value. If you look at what's going on with B to C or C IAM, consumer identity, that is all about opening up new direct channels and treating people like, you know, they're old friends, right. Not like you don't know 'em you have to challenge >>'em we always say you wanna be in the boat together. It sinks or not. Yeah. Right. Exactly. >>Phillip, >>Okay. What's your take? What's your outlook for the year? >>Yeah. I think, you know, something that we've been seeing as consolidation and integration, and so, you know, companies looking at from built time to run time investing in shift left infrastructure is code. And then also in the runtime detection makes perfect sense to have both the agent and agentless so that you're covering any of the gaps that might exist. >>Awesome. Jerry, Phillip, thanks for coming on the queue with IDC and sharing >>Your oh our pleasure perspective. >>Commentary, have any insights and outlook. Appreciate it. You bet. Thank you. Okay. We've got the great direction here from IDC analyst here on the queue. I'm John for a Dave, we're back more after this shirt break.

>>the Cube presents H p E discover 2022. Brought to you by H P E. >>Okay, we're back at HPD. Discovered 2022 This is Day Three. We're kind of in the mid point of day three. John Furry and Dave Volonte Wall to wall coverage. I think there are 14th hp slash hp Discover we've sort of documented the history of the company over the last decade. Plus, I'm not a is here is executive vice president at Infosys and Cejudo. Sankaran Kutty is the CEO and vice president of Infosys. Infosys doing some amazing work in the field with clients. Guys, Thanks for coming on the Cube. Thank >>you for the opportunity. >>Yeah, absolutely so. Digital transformation. It's all the buzz word kind of pre pandemic. It was sort of Yeah, you know, we'll get there a lot of lip service to it. Some Some started the journey and then, of course, pandemic. If you weren't digital business, you are out of business. What are the trends that you're seeing now that we're exiting the isolation economy? >>Yeah, um, again, as you rightly called out pre pandemic, it was all about using sort of you know innovation at scale as one of the levers for digital transformation. But if you look at now, post Pandemic, one of the things that we see it's a big trend is at a broad level, right? Digital transformation is not about cost. Take out. Uh, it's all about growth, right? So essentially, uh, like, uh, what we hear from most of the CEO s and most of the customers and most of the executives in the tech company, Digital transformation should be used for business growth. And essentially, it means three things that we see three trends in that space. One is how can you build better products and solutions as part of your transformation strategy? How can you basically use digital transformation to expand into new markets and new new territories and new regions? And the third is, how can you better the experience for your customers? Right. So I think that is broadly what we see as, uh, some other things. And essentially, if you have better customer experience, they will buy more. If you expand into new markets, your revenue will increase. If you actually build better products and solutions, consumers will buy it right, so It's basically like a sort of an economy that goes hand in hand. So I would say the trend is clearly going towards business growth than anything else when it comes to the, >>you know, follow up on that. We had I d. C on yesterday and they were sharing with some of their high level numbers. We've looked at this and and and it seems like I t spending is pretty consistent despite the fact that, for example, you know, the to see the consumer businesses sort of tanking right now. Are you seeing any pullback or any evidence that people are pulling the reins back on the digital transformation Or they just going because if they don't keep keep moving fast, they're gonna fall behind. What are you seeing there? Absolutely. >>In fact, you know what? What we call them as the secular headwinds, right? I mean, if you look at the headwinds here, we see digital transformation is in the minds of everybody, every customer, right. So while there are budget constraints, where are all these macro tailwinds as we call with respect to inflation, with respect to what's happening with Russia and Ukraine with respect to everything that's happening with respect to supply chain right. I think we see some of those tail headwinds. But essentially, digital transformation is not stopping. Everybody is going after that because essentially they want to be relevant in the market. And if they want to be relevant in the market, they have to transform. And if they have to transform, they have to adopt digital transformation. >>Basically, there's no hiding anymore. You know, hiding and you can't hide the projects and give lip service because there's evidence of what the consequences are. And it can be quantified. Yes, you go out of business, you lose money. You mentioned some of the the cost takeouts growth is yes. So I got given the trends and the headwinds and the tail winds. What are you guys seeing as the pattern of companies that came out of the pandemic with growth? And what's going on with that growth driver? What are the elements that are powering companies to grow? Is that machine learning? Is that cloud scales and integration? What are some of the key areas that's given that extra up into the right? >>Yes, I I would say there are six technologies that are defining how growth is being enabled, right? So I think we call it as cloud ai edge five g, Iot and of course, everything to do with a And so these are six technologies that are powering digital transformation. And, uh, one of the things that we are saying is more and more customers are now coming and saying that we want to use these six technologies to drive business outcomes. Uh, for example, uh, we have a very large oil and gas customer of ours who says that, you know, we want to basically use cloud as a lever to Dr Decarbonization. E S G is such a big initiative for everybody in the SGS in the minds of everybody. So their outcome of using technology is to drive decarbonization. And they don't make sure that, you know, they achieve the goals of E. S G. Right There is another customer of ours in the retail space. They are saying we want to use cloud to drive experience for our employees. So I would say that you know, there is pretty much, you know, all these drivers which are helping not just growing their business, but also bettering the experience and meeting some of the organisation goals that they have set up with respect to cloud. So I would say Cloud is playing a big role in every digital transformation initiative of the company. >>How do you spend your time? What's the role of the CEO inside of a large organisation like Infosys? >>So, um, one is in terms of bringing in an outside in view of how technology is making an impact to our customers. And I'm looking at How do we actually start liberating some of these technologies in building solutions, you know, which can actually drive value for our customers? That's one of the focus areas. You know what I do? Um, And if you look at some of the trends, you know what we have seen in the past years as well as what we're seeing now? Uh, there's been a huge spend around cloud which is happening with our customers and predominantly around the cloud Native application development, leveraging some of the services. What's available from the cloud providers like eh? I am l in Hyoty. Um, and and there's also a new trend. You know what we are seeing off late now, which is, um, in terms of improving the experience overall experience liberating some of the technologies, like technologies like block, block, chain as well as we are, we are right, and and this is actually creating new set of solutions. Um, new demands, you know, for our customers in terms of leveraging technologies like matadors leveraging technologies like factory photo. Um, and these are all opportunities for us to build solutions, you know, which can, you know, improve the time to market for our customers in terms of adopting some of these things. Because there has been a huge focus on the improved end user experience or improve experience improved, uh, productivity of, uh, employees, you know, which is which has been a focus. Uh, post pandemic. Right? You know, it has been something which is happening pre pandemic, but it's been accelerated Post pandemic. So this is giving an opportunity for for my role right now in terms of liberating these technologies, building solutions, building value propositions, taking it to our customers, working with partners and then trying to see how we can have this tightly integrated with partners like HP E in this case, and then take it jointly to the market and and find out you know, what's what's the best we can actually give back to our customers? >>You know, you guys have been we've been following you guys for for a long, long time. You've seen many cycles, uh, in the industry. Um, and what's interesting to get your reaction to what we're seeing? A lot of acceleration points, whether it's cloud needed applications. But one is the software business is no longer there. It's open source now, but cloud scale integrations, new hybrid environment kind of brings and changes the game, so there's definitely software plentiful. You guys are doing a lot of stuff with the software. How are customers integrated? Because seeing more and more customers participating in the open source community uh, so what? Red hat's done. They're transforming the open shift. So as cloud native applications come in and get scale and open source software, cloud scale performance and integrations are big. You guys agree with that? >>Absolutely. Absolutely. So if you if you look at it, um, right from the way we can't socialise those solutions, um, open source is something What we have embedded big way right into the solution. Footprint. What we have one is, uh, the ability for us to scale the second is the ability for us to bring in a level of portability, right? And the third is, uh, ensuring that there is absolutely no locking into something. What we're building. We're seeing this this being resonated by our customers to because one is they want to build a child and scalable applications. Uh, it's something where the whole, I would say, the whole dependency on the large software stacks. Uh, you know, the large software providers is likely diminishing now, right? Uh, it's all about how can I simplify my application portfolio Liberating some of the open source technologies. Um, how can I deploy them on a multi cloud world liberating open standards so that I'm not locked into any of these providers? Um, how can I build cloud native applications, which can actually enable portability? And how can I work with providers who doesn't have a lock in, you know, into their solutions, >>And security is gonna be embedded in everything. Absolutely. >>So security is, uh, emperor, right from, uh, design phase. Right? You know, we call it a secure by design And that's something What? We drive for our customers right from our solutions as well as for developing their own solutions >>as opposed to secure by bolt on after the fact. What is the cobalt go to market strategy? How does that affect or how you do business within the HP ecosystem? Absolutely. >>I think you know what we did in, uh, in 2000 and 20. We were the first ones, uh, to come out with an integrated cloud brand called Cobalt. So essentially, our thought process was to make sure that, you know, we talk one consistent language with the customer. There is a consistent narrative. There is a consistent value proposition that we take right. So, essentially, if you look at the Cobalt gold market, it is based on three pillars. The first pillar is all about technology solutions. Getting out of data centres migrating were close to cloud E r. P on Cloud Cloud, Native Development, legacy modernisation. So we'll continue to do that because that's the most important pillar. And that's where our bread and butter businesses right. The second pillar is, uh, more and more customers are asking industry cloud. So what are you specifically doing for my industry. So, for example, if you look at banking, uh, they would say we are focused on Modernising our payment systems. We want to reduce the financial risk that we have because of anti money laundering and those kind of solutions that they're expecting. They want to better the security portion. And of course, they want to improve the experience, right? So they are asking for each of these imperatives that we have in banking. What are some of those specific industry solutions that you are bringing to the table? Right. So that's the second pillar of our global go to market. And the third pillar of our go to market as soon as I was saying is looking at what we call us Horizon three offerings, whether it is metal wars, whether it is 13.0, whether it is looking at something else that will come in the future. And how do we build those solutions which can become mainstream the next 18 to 24 months? So that's essentially the global >>market. That's interesting. Okay, so take the banking example where you've got a core app, it's probably on Prem, and it's not gonna have somebody shoved into the cloud necessarily. But they have to do things like anti money, money laundering and know your ky. See? How are they handling that? Are they building micro services? Are you building for them microservices layers around that that actually might be in the cloud or cloud Native on Prem and Greenway. How is that? How are customers Modernising? >>Absolutely brilliant question. In fact, what we have done is, uh, as part of cobalt, we have something called a reference. Architecture are basically a blueprint. So if you go to a bank and you're engaging a banking executive, uh, the language that we speak with them is not about, uh, private cloud or public cloud or AWS or HP or zero, right? I mean, we talk the language that they understand, which is the banking language. So we take this reference architecture, and we say here is what your core architecture should look like. And, as you rightly called out, there is K. I see there is retail banking. There is anti money laundering. There is security experience. Uh, there are some kpi s and those kind of things banking a PSR open banking as we call, How do we actually bring our solutions, which we have built on open source and something that are specific to cloud and something that our cloud neutral and that's what we take them. So we built this array of solutions around each of those reference architectures that we take to our customers. >>Final question for you guys. How are you guys leveraging the H, P E and new Green Lake and all the new stuff they got here to accelerate the customers journey to edge the cloud? >>So I would say it on three areas right now. This is one is Obviously we are working very closely with HP in terms of taking out solutions jointly to the market and, um, leveraging the whole green late model and providing what I call it as a hyper scale of like experience for our customers in a hybrid, multi cloud world. That's the first thing. The second thing is Onion talked about the cobalt, right? It's an important, I would say, an offering from, uh, you know and offering around cloud from our side. So what we've done is we've closely integrated the assets. You know what I was referring to what we have in our cobalt, uh, under other Kobold umbrella very closely with the HP ecosystem, right? You know, it can be tools like the Emphasis Polly Cloud Platform or the Emphasis pollinate platform very tightly integrated with the HP stack, so that we could actually offer the value proposition right across the value chain. The thought of you know we have actually taken the industry period, like what again mentioned right in terms of rather than talking about a public cloud or a private cloud solution or an edge computing solution. We actually talk about what exactly are the problem statements? What is there in manufacturing today? Or it's there in financial industries today? Or or it's in a bank today or whatever it's relevant to the industry. That's an industry people. So we talk right from an industry problem and and and and and and build that industry, industry people solutions, leveraging the assets, what we have in the and the framework that we have within the couple, plus the integrated solutions. What we bring along with HB. That's that's Those are the three things, what we do along with >>it and that that industry pieces do. There's a whole data layer emerging those industries learning cos they're building their own clouds. Look, working with companies like you because they want to monetise. That's a big part of their digital strategy, guys. Thanks so much for coming on the cue. Thank you. Appreciate your time. Thank >>you. Thank you very much. Really appreciate. >>Thank you. Thank you for watching John and I will be back. John Ferrier, Development at HPD Discovered 2022. You're watching the queue? >>Yeah. >>Mm.

>> From theCUBE studios in Palo Alto in Boston bringing you data driven insights from theCUBE and ETR. This is breaking analysis with Dave Vellante. >> Despite fears of inflation, supply chain issues skyrocketing energy and home prices and global instability caused by the Ukraine crisis CIOs and IT buyers continue to expect overall spending to increase more than 6% in 2022. Now, while this is lower than our 8% prediction that we made earlier this year in January, it remains in line with last year's roughly six to 7% growth and is holding firm with the expectations reported by tech executives on the ETR surveys last quarter. Hello and welcome to this week's wiki bond cube insights powered by ETR in this breaking analysis, we'll update you on our latest look at tech spending with a preliminary take from ETR's latest macro drill down survey. We'll share some insights to which vendors have shown the biggest change in spending trajectory. And we'll tap our technical analysts to get a read on what they think it means for technology stocks going forward. The IT spending sentiment among IT buyers remains pretty solid. >> In the past two months, we've had conversations with dozens of CIOs, chief digital officers data executives, IT managers, and application developers, and across the board, they've indicated that for now at least their spending levels remain largely unchanged. The latest ETR drill down data which will share shortly, confirms these anecdotal checks. However, the interpretation of this data it's somewhat nuanced. Part of the reason for the spending levels being you know reasonably strong and holding up is inflation. Stuff costs more so spending levels are higher forcing IT managers to prioritize. Now security remains the number one priority and is less susceptible to cuts, cloud migration, productivity initiatives and other data projects remain top priorities. >> So where are CIO's robbing from Peter to pay Paul to focus on these priorities? Well, we've seen a slight uptick in certain speculative. IT projects being put on hold or frozen for a period of time. And according to ETR survey data we've seen some hiring freezes reported and this is especially notable in the healthcare sector. ETR also surveyed its buyer base to find out where they were adjusting their budgets and the strategies and tactics they were using to do so. Consolidating IT vendors was by far the most cited tactic. Now this makes sense as companies in an effort to negotiate better deals will often forego investments in newer so-called best of breed products and services, and negotiate bundles from larger suppliers. You know, even though they might not be as functional, the buyers >> can get a better deal if they bundle together from one of their larger suppliers. Think Microsoft or a Dell or other, you know, large companies. ETR survey respondents also cited cutting the cloud bill where discretionary spending was in play was another strategy or tactic that they were using. We certainly saw this with some of the largest snowflake customers this past quarter. Where even though they were still growing consumption rapidly certain snowflake customers dialed down their consumption and pushed spending off to future quarters. Now remember in the case of snowflake, anyway, customers negotiate consumption rates and their pricing based on a total commitment over a period of time. So while they may consume less in one quarter, over the lifetime of the contract, snowflake, as do many other cloud companies, have good visibility on the lifetime value of a deal. Now this next chart shows the latest ETR spending expectations among more than 900 respondents. The bars represent spending growth expectations from the periods of December, 2021 that's the gray bars, March of 2022 survey in the blue, and the most recent June data, That's the yellow bar. So you can see spending expectations for the quarter is down slightly in the mid 5% range. But overall for the year expectations remain in the mid 6% range. Now it's down from 8%, 8.3% in December where it looked like 2022 was going to really be a breakout year and have more momentum than even last year. Now, remember this was before Russia invaded Ukraine which occurred in mid-February of this year. So expectations were a little higher. So look, generally speaking CIOs have told us that their CFOs and CEOs have lowered their earnings outlooks and communicated that to Wall Street. They've told us that unless and until these revised forecasts appear at risk, they continue to expect their budget levels to remain pretty constant. Now there's still plenty of momentum and spending velocity on specific vendor platforms. Let's take a look at that. >> This chart shows the companies with the greatest spending momentum as measured by ETRs proprietary net score methodology. Net score essentially measures the net percent of customers spending more on a particular platform. That measurement is shown on the Y axis. The red line there that's inserted that red dotted line at 40%, we consider to be a highly elevated mark. And the green dots are companies in the ETR survey that are near or above that line. The X axis measures the presence in the data set, how much, you know sort of pervasiveness, if you will, is in the data. It's kind of a proxy for market presence. Now, of course we all know Kubernetes is not a company, but it remains an area where organizations are spending lots of resources and time particularly to modernize and mobilize applications. Snowflake remains the company which leads all firms in spending velocity, but as you'll see momentarily, despite its highest position relative to everybody else in the survey, it's still down from its previous levels in the high seventies and low 80% range. AWS is incredibly impressive because it has an elevated level but also a big presence in the data set in the survey. Same with Microsoft, same with ServiceNow which also stands out. And you can see the other smaller vendors like HashiCorp which is increasingly being seen as a strategic cross cloud enabler. They're showing, spending momentum. The RPA vendors you see in there automation anywhere and UI path are in the mix with numerous security companies, CrowdStrike, CyberArk, Netskope, Cloudflare, Tenable Okta, Zscaler Palo Alto networks, Sale Point Fortunate. A big number of cybersecurity firms hovering at or above that 40% mark you can see pure storage remains elevated as do PagerDuty and Coupa. So plenty of good news here, despite the recent tech crash. So that was the good, here's the not so good. So >> there is no 40% line on this chart because all these companies are well below that line. Now this doesn't mean these companies are bad companies. They just don't have the spending velocity of the ones we showed earlier. A good example here is Oracle. Look how they stand out on the X axis with a huge market presence. And Oracle remains an incredibly successful company selling to high end customers and really owning that mission critical data and application space. And remember ETR measures spending activity, but not actual spending dollars. So Oracle is skewed as a result because Oracle customers spend big bucks. But the fact is that Oracle has a large legacy install base that pulls down their growth rates. And that does show up in the ETR survey data. Broadcom is another example. They're one of the most successful companies in the industry, and they're not going after growth at all costs at all. They're going after EBITDA and of course ETR doesn't measure EBIT. So just keep that in mind, as you look at this data. Now another way to look at the data and the survey, is exploring the net score movement over the last period amongst companies. So how are they moving? What's happening to the net score over time. And this chart shows the year over year >> net score change for vendors that participate in at least three sectors within the ETR taxonomy. Remember ETR taxonomy has 12, 15 different segments. So the names above or below the gray dotted line are those companies where the net score has increased or decreased meaningfully. So to the earlier chart, it's all relative, right? Look at Oracle. While having lower net scores has also shown a more meaningful improvement in net score than some of the others, as have SAP and Teradata. Now what's impressive to me here is how AWS, Microsoft, and Google are actually holding that dotted line that gray line pretty well despite their size and the other ironically interesting two data points here are Broadcom and Nutanix. Now Broadcom, of course, as we've reported and dug into, is buying VMware and, and of, of course most customers are concerned about getting hit with higher prices. Once Broadcom takes over. Well Nutanix despite its change in net scores, in a good position potentially to capture some of that VMware business. Just yesterday, I talked to a customer who told me he migrated his entire portfolio off VMware using Nutanix AHV, the Acropolis hypervisor. And that was in an effort to avoid the VTEX specifically. Now this was a smaller customer granted and it's not representative of what I feel is Broadcom's ICP the ideal customer profile, but look, Nutanix should benefit from the Broadcom acquisition. If it can position itself to pick up the business that Broadcom really doesn't want. That kind of bottom of the pyramid. One person's trash is another's treasure as they say, okay. And here's that same chart for companies >> that participate in less than three segments. So, two or one of the segments in the ETR taxonomy. Only three names are seeing positive movement year over year in net score. SUSE under the leadership of amazing CEO, Melissa Di Donato. She's making moves. The company went public last year and acquired rancher labs in 2020. Look, we know that red hat is the big dog in Kubernetes but since the IBM acquisition people have looked to SUSE as a possible alternative and it's showing up in the numbers. It's a nice business. It's going to do more than 600 million this year in revenue, SUSE that is. It's got solid double digit growth in kind of the low teens. It's profitability is under pressure but they're definitely a player that is found a niche and is worth watching. The SolarWinds, What can I say there? I mean, maybe it's a dead cat bounce coming off the major breach that we saw a couple years ago. Some of its customers maybe just can't move off the platform. Constant contact we really don't follow and don't really, you know, focus on them. So, not much to say there. Now look at all the high priced earning stocks or infinite PE stocks that have no E and divide by zero or a negative number and boom, you have infinite PE and look at how their net scores have dropped. We've reported extensively on snowflake. They're still number one as we showed you earlier, net score, but big moves off their highs. Okta, Datadog, Zscaler, SentinelOne Dynatrace, big downward moves, and you can see the rest. So this chart really speaks to the change in expectations from the COVID bubble. Despite the fact that many of these companies CFOs would tell you that the pandemic wasn't necessarily a tailwind for them, but it certainly seemed to be the case when you look back in some of the ETR data. But a big question in the community is what's going to happen to these tech stocks, these tech companies in the market? We reached out to both Eric Bradley of ETR who used to be a technical analyst on Wall Street, and the long time trader and breaking analysis contributor, Chip Symington to get a read on what they thought. First, you know the market >> first point of the market has been off 11 out of the past 12 weeks. And bare market rallies like what we're seeing today and yesterday, they happen from time to time and it was kind of expected. Chair Powell's testimony was broadly viewed as a positive by the street because higher interest rates appear to be pushing commodity prices down. And a weaker consumer sentiment may point to a less onerous inflation outlook. That's good for the market. Chip Symington pointed out to breaking analysis a while ago that the NASDAQ has been on a trend line for the past six months where its highs are lower and the lows are lower and that's a bad sign. And we're bumping up against that trend line here. Meaning if it breaks through that trend it could be a buying signal. As he feels that tech stocks are oversold. He pointed to a recent bounce in semiconductors and cited the Qualcomm example. Here's a company trading at 12 times forward earnings with a sustained 14% growth rate over the next couple of years. And their cash flow is able to support their 2.4, 2% annual dividend. So overall Symington feels this rally was absolutely expected. He's cautious because we're still in a bear market but he's beginning to, to turn bullish. And Eric Bradley added that He feels the market is building a base here and he doesn't expect a 1970s or early 1980s year long sideways move because of all the money that's still in the system. You know, but it could bounce around for several months And remember with higher interest rates there are going to be more options other than equities which for many years has not been the case. Obviously inflation and recession. They are like two looming towers that we're all watching closely and will ultimately determine if, when, and how this market turns around. Okay, that's it for today. Thanks to my colleagues, Stephanie Chan, who helps research breaking analysis topics sometimes, and Alex Myerson who is on production in the podcast. Kristin Martin and Cheryl Knight they help get the word out and do all of our newsletters. And Rob Hof is our Editor in Chief over at siliconangle.com and does some wonderful editing for breaking analysis. Thank you. Remember, all these episodes are available as podcasts wherever you listen. All you got to do is search breaking analysis podcasts. I publish each week on wikibon.com and Siliconangle.com. And of course you can reach me by email at david.vellante@siliconangle.com or DM me at DVellante comment on my LinkedIn post and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for the CUBE insights powered by ETR. Stay safe, be well. And we'll see you next time. (soft music)