>> From theCUBE studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE in ETR. This is Breaking Analysis with Dave Vellante. >> Every CEO is figuring out the right balance for new hybrid business models. Now, regardless of the chosen approach, which is going to vary, technology executives, they understand they have to accelerate their digital and build resilience as well as optionality into their platforms. Now, this is driving a dramatic shift in IT investments. And at the macro level, we expect total spending to increase at as much as 8% or even more in 2021, compared to last year's contraction. Investments in cybersecurity, cloud collaboration that are enabling hybrid work as well as data, including analytics, AI, and automation are at the top of the spending priorities for CXOs. Hello everyone. And welcome to this week's Wiki Bond Cube insights, powered by ETR. In this Breaking Analysis, we're pleased to welcome back Erik Bradley, who is the chief engagement strategist at our partner, ETR. Now in this segment, we're going to share some of the latest findings from ETR's surveys and provide our commentary on what it means for the markets, for sellers, and for buyers. Erik, great to see you, my friend. Welcome back to Breaking Analysis. >> Thank you for having me, always enjoy it. We've got some fresh data to talk about on this beautiful summer Friday, so I'm ready to go. >> All right. I'm excited too. Okay, last year we saw a contraction in IT spending by at least 5%. And now we're seeing a snapback to, as I said, at least 8% growth relative to last year. You got to go back to 2007 just before the financial crisis to see this type of top line growth. The shift to hybrid work, it's exposed us to new insidious security threats. And we're going to discuss that in a lot more detail. Cloud migration of course picked up dramatically last year, and based on the recent earnings results of the big cloud players, for now we got two quarters of data, that trend continues as organizations are accelerating their digital platform build-outs, and this is bringing a lot of complexity and a greater need for so-called observability solutions, which Erik is going to talk about extensively later on in this segment. Data, we think is entering a new era of de-centralization. We see organizations not only focused on analytics and insights, but actually creating data products. Leading technology organizations like JP Morgan, they're heavily leaning into this trend toward packaging and monetizing data products. And finally, as part of the digital transformation trend, we see no slow down in spending momentum for AI and automation, generally in RPA specifically. Erik, anything you want to add to that top level narrative? >> Yeah, there's a lot to take on the macro takeaways. The first thing I want to state is that that 8, 8.5% number that started off at just 3 to 4% beginning of the year. So as the year has continued, we are just seeing this trend in budgets continue to accelerate, and we don't have any reason to believe that's going to stop. So I think we're going to just keep moving on heading into 2021. And we're going to see a banner year of spend this year and probably next as well. >> All right, now we're going to bring up a chart that shows kind of that progression here of spending momentum. So Erik, I'm going to let you comment on this chart that tracks those projections over time. >> Erik: Yeah. Great. So thank you very much for pulling this up. As you can see in the beginning part of the year, when we asked people, "What do you plan to spend throughout 2021?" They were saying it would be about a 4% increase. Which we were happy with because as you said last year, it was all negative. That continues to accelerate and is only hyper accelerating now as we head into the back half of the year. In addition, after we do this data, I always host a panel of IT end users to kind of get their feedback on what we collected, to a man, every one of them expects continued increase throughout next year. There are some concerns and uncertainty about what we're seeing right now with COVID, but even with that, they're planning their budgets now for 2022 and they're planning for even further increases going forward. >> Dave: Great, thank you. So we circled that 8%. That's really kind of where we thought it was going to land. And so we're happy with that number, but let's take a look at where the action is by technology sector. This chart that we're showing you here, it tracks spending priorities back to last September. When I believe that was the point, Erik, that cyber became the top priority in the survey, ahead of cloud collaboration, analytics, and data, and the other sectors that you see there. Now, Erik, we should explain. These areas, they're the top seven, and they outrank all the other sectors. ETR tracks many, many other sectors, but please weigh in here and share your thoughts on this data. >> Erik: Yeah. Security, security, security. It hasn't changed. It had really hasn't. The hybrid work. The fact that you're behind the firewall one day and then you're outside working from home the next, switching in and out of networks. This is just a field day for bad actors. And we have no choice right now, but to continue to spend, because as you're going to talk about in a minute, hybrid's here to stay. So we have to figure out a way to secure behind the firewall on-prem. We also have to secure our employees and our assets that are not in the office. So it is a main priority. One of the things that point out on this chart, I had a couple of ITN users talk to me about customer experience and automation really need to move from the right part of that chart to the left. So they're seeing more in what you were talking about in RPA and automation, starting to creep up heading into next year. As cloud migration matures, as you know, cybersecurity spending has been ramping up. People are going to see a little bit more on the analytics and a little bit more on the automation side going forward. >> Dave: Great. Now, this next data view- well, first of all, one of the great things about the ETR dataset is that you can ask key questions and get a time series. And I will tell you again, I go back to last March, ETR hit it. They were the first on the work from home trend. And so if you were on that trend, you were able to anticipate it. And a lot of investors I think took advantage of that. Now, but we've shown this before, but there's new data points that we want to introduce. So the data tracks how CIOs and IT buyers have responded to the pandemic since last March. Still 70% of the organizations have employees working remotely, but 39% now have employees fully returning to the office and Erik, the rest of the metrics all point toward positives for IT spending, although accelerating IT deployments there at the right peaked last year, as people realized they had to invest in the future. Your thoughts? >> Erik: Yeah, this is the slide for optimism, without a doubt. Of the entire macro survey we did, this is the most optimistic slide. It's great for overall business. It's great for business travel. This is well beyond just IT. Hiring is up. I've had some people tell me that they possibly can't hire enough people right now. They had to furlough employees, they had to stop projects, and they want to re accelerate those now. But talent is very hard to find. Another point to you about your automation and RPA, another underlying trend for there. The one thing I did want to talk about here is the hybrid workplace, but I believe there's another slide on it. So just to recap on this extremely optimistic, we're seeing a lot of hiring. We're seeing increased spending, and I do believe that that's going to continue. >> Yeah I'm glad you brought that up because a session that you and I did a while ago, we pointed out, it was earlier this year, that the skill shortage is one potential risk to our positive scenario. We'll keep an eye on that, but so I want to show another set of data that we've showed previously, but ETR again, has added some new questions in here. So note here that 60% of employees still work remotely with 33% in a hybrid model currently, and the CIO's expect that to land on about 42% hybrid workforce with around 30% working remotely, which is around, it's been consistent by the way on your surveys, but that's about double the historic norm, Eric. >> Erik: Yeah, and even further to your point Dave, recently I did a panel asking people to give me some feedback on this. And three of those four experts basically said to me, if we had greed run this survey right now, that even more people would be saying remote. That they believe that that number, that's saying they're expecting that number of people to be back in office, is actually too optimistic. They're actually saying that maybe if we had- cause as a survey launched about six, seven weeks ago before this little blip on the radar, before the little COVID hiccup we're seeing now, and they're telling me that they believe if we reran this now that it would be even more remote work, even more hybrid and less returned to the office. So that's just an update I wanted to offer on this slide. >> Dave: Yeah. Thank you for that. I mean, we're still in this kind of day to day, week to week, month to month mode, but I want to do a little double click on this. We're not going to share this data, but there was so much ETR data. We got to be selective. But if you double click on the hybrid models, you'll see that 50% of organizations plan to have time roughly equally split between onsite and remote with again around 30 or 31% mostly remote, with onsite space available if they need it. And Erik, very few don't plan to have some type of hybrid model, at least. >> Yeah, I think it was less than 10% that said it was going to be exclusively onsite. And again, that was a more optimistic scenario six, seven weeks ago than we're seeing right now throughout the country. So I agree with you, hybrid is here to stay. There really is no doubt about it. from everyone I speak to when, you know, I basically make a living talking to IT end users. Hybrid is here to stay. They're planning for it. And that's really the drive behind the spending because you have to support both. You have to give people the option. You have to, from an IT perspective, you also have to support both, right? So if somebody is in office, I need the support staff to be in office. Plus I need them to be able to remote in and fix something from home. So they're spending on both fronts right now. >> Okay. Let's get into some of the vendor performance data. And I want to start with the cloud hyperscalers. It's something that we followed pretty closely. I got some Wiki bond data, that we just had earnings released. So here's data that shows the Q2 revenue shares on the left-hand side in the pie and the growth rates for the big four cloud players on the right hand side. It goes back to Q1 2019. Now the first thing I want to say is these players generated just under $39 billion in the quarter with AWS capturing 50% of that number. I said 39, it was 29 billion, sorry, with AWS capturing 50% of that in the quarter. As you're still tracking around a third in Alibaba and GCP in the, you know, eight or 9% range. But what's most interesting to me, Erik, is that AWS, which generated almost 15 billion in the quarter, was the only player to grow its revenue, both sequentially and year over year. And Erik, I think the street is missing the real story here on Amazon. Amazon announced earnings on Thursday night. The company had a 2% miss on the top line revenues and a meaningful 22% beat on earnings per share. So the retail side of the business missed its revenue targets, so that's why everybody's freaked out. But AWS, the cloud side, saw a 4% revenue beat. So the stock was off more than 70% after hours and into Friday. Now to me, a mix shift toward AWS, that's great news for investors. Now, tepid guidance is a negative, but the shift to a more profitable cloud business is a huge positive. >> Yeah, there's a lot that goes into stock price, right? I remember I was a director of research back in the day. One of my analysts said to me, "Am I crazy for putting a $1,000 target on Amazon?" And I laughed and I said, "No, you're crazy if you don't make it $2,000." (both chuckling) So, you know, at that time it was basically the mix shift towards AWS. You're a thousand percent right. I think the tough year over year comps had something to do with that reaction. That, you know, it's just getting really hard. What's that? The law of large numbers, right? It's really hard to grow at that percentage rate when you're getting this big. But from our data perspective, we're seeing no slowdown in AWS, in cloud, none whatsoever. The only slowdown we're seeing in cloud is GCP. But to, you know, to focus on AWS, extremely strong across the board and not only just in cloud, but in all their data products as well, data and analytics. >> Yeah and I think that the AWS, don't forget folks, that funds Amazon's TAM expansion into so many different places. Okay. As we said at the top, the world of digital and hybrid work, and multi-cloud, it's more complicated than it used to be. And that means if you need to resolve issues, which everybody does, like poor application performance, et cetera, what's happening at the user level, you have to have a better way to sort of see what's going on. And that's what the emergence of the observability space is all about. So Erik, let me set this up and you have a lot of comments here because you've recently had some, and you always have had a lot of round table discussions with CXOs on this topic. So this chart plots net score or spending momentum on the vertical axis, and market share or pervasiveness in the dataset on the horizontal axis. And we inserted a table that shows the data points in detail. Now that red dotted line is just sort of Dave Vellante's subjective mark in the sand for elevated spending levels. And there are three other points here. One is Splunk as well off is two-year peak, as highlighted in the red, but Signal FX, which Splunk acquired, has made a big move northward this last quarter. As has Datadog. So Erik, what can you share with us on this hot, but increasingly crowded space? >> Yeah. I could talk about the space for a long time. As you know, I've gotten some flack over the last year and a half about, you know, kind of pointing out this trend, this negative trend in Splunk. So I do want to be the first one to say that this data set is rebounding. Splunk has been horrific in our data for going back almost two years now, straight downward trend. This is the first time we're seeing any increase, any positivity there. So I do want to be fair and state that because I've been accused of being a little too negative on Splunk in the past. But I would basically say for observability right now, it's a rising tide lifts all boats, if I can use a New England phrase. The data across the board in analytics for these observability players is up, is accelerating. None more so than Datadog. And it's exactly your point, David. The complexity, the increased cloud migration is a perfect setup for Datadog, which is a cloud native. It focuses on microservices. It focuses on cloud observability. Old Splunk was just application monitoring. Don't get me wrong, they're changing, but they were on-prem application monitoring, first and foremost. Datadog came out as cloud native. They, you know, do microservices. This is just a perfect setup for them. And not only is Datadog leading the observability, it's leading the entire analytics sector, all of it. Not just the observability niche. So without a doubt, that is the strongest that we're seeing. It's leading Dynatrace new Relic. The only one that really isn't rebounding is Cisco App Dynamics. That's getting the dreaded legacy word really attached to it. But this space is really on fire, elastic as well, really doing well in this space. New Relic has shown a little bit of improvement as well. And what I heard when I asked my panelists about this, is that because of the maturity of cloud migration, that this observability has to grow. Spending on this has to happen. So they all say the chart looks right. And it's really just about the digital transformation maturity. So that's largely what they think is happening here. And they don't really see it getting, you know, changing anytime soon. >> Yeah, and I would add, and you see that it's getting crowded. You saw a service now acquired LightStep, and they want to get into the game. You mentioned, you know, last deck of the elk stack is, you know, the open source alternative, but then we see a company who's raised a fair amount of money, startup, chaos search, coming in, going after kind of the complexity of the elk stack. You've got honeycomb, which has got a really innovative approach, Jeremy Burton's company observes. So you have venture capital coming in. So we'll see if those guys could be disruptive enough or are they, you know, candidates to get acquired? We'll see how that all- you know that well. The M and A space. You think this space is ripe for M and A? >> I think it's ripe for consolidation, M and A. Something has to shake out. There's no doubt. I do believe that all of these can be standalone. So we shall see what's happened to, you mentioned the Splunk acquisition of Signal FX, just a house cleaning point. That was really nice acceleration by Signal FX, but it was only 20 citations. We'd looked into this a little bit deeper. Our data scientists did. It appears as if the majority of people are just signaling spunk and not FX separately. So moving forward for our data set, we're going to combine those two, so we don't have those anomalies going forward. But that type of acquisition does show what we should expect to see more of in this group going forward. >> Well that's I want to mention. That's one of the challenges that any data company has, and you guys do a great job of it. You're constantly having to reevaluate. There's so much M and A going on in the industry. You've got to pick the right spots in terms of when to consolidate. There's some big, you know, Dell and EMC, for example. You know, you've beautifully worked through that transition. You're seeing, you know, open shift and red hat with IBM. You just got to be flexible. And that's where it's valuable to be able to have a pipeline to guys like Erik, to sort of squint through that. So thank you for that clarification. >> Thank you too, because having a resource like you with industry knowledge really helps us navigate some of those as well for everyone out there. So that's a lot to do with you do Dave, >> Thank you. It's going to be interesting to watch Splunk. Doug Merritt's made some, you know, management changes, not the least of which is bringing in Teresa Carlson to run go to market. So if you know, I'd be interested if they are hitting, bouncing off the bottom and rising up again. They have a great customer base. Okay. Let's look at some of the same dimensions. Go ahead. You got a comment? >> A few of ETR's clients looked at our data and then put a billion dollar investment into it too. So obviously I agree. (Dave laughing) Splunk is looking like it's set for a rebound, and it's definitely something to watch, I agree. >> Not to rat hole in this, but I got to say. When I look back, cause theCUBE gives us kind of early visibility. So companies with momentum and you talk to the customers that all these shows that we go to. I will tell you that three companies stood out last decade. It was Splunk. It was Service Now and Tableau. And you could tell just from just discussions with their customers, the enthusiasm in that customer base. And so that's a real asset, and that helps them build them a moat. So we'll see. All right, let's take a look at the same dimensions now for cyber. This is cybersecurity net score in the vertical, and market share in the horizontal. And I filtered by in greater than a hundred shared in because just gets so crowded. Erik, the only things I would point out here is CrowdStrike and Zscaler continue to shine, CyberArk also showing momentum over that 40% line. Very impressively, Palo Alto networks, which has a big presence in the market. They've bounced back. We predicted that a while back. Your round table suggested people like working with Palo Alto. They're a gold standard. You know, we had reported earlier on that divergence with four to net in terms of valuation and some of the challenges they had in cloud, clearly, you know, back with the momentum. And of course, Microsoft in the upper, right. It's just, they're literally off the charts and obviously a major player here, but your thoughts on cyber? >> Erik: Yeah. Going back to the backdrop. Security, security, security. It has been the number one priority going back to last September. No one sees it changing. It has to happen. The threat vectors are actually expanding and we have no choice but to spend here. So it is not surprising to see. You did name our three favorite names. So as you know, we look at the dataset, we see which ones have the most positive inflections, and we put outlooks on those. And you did mention Zscaler, Okta and CrowdStrike, by far the three standouts that we're seeing. I just recently did a huge panel on Okta talking about their acquisition of Auth Zero. They're pushed into Sale Point space, trying to move just from single sign on and MFA to going to really privileged account management. There is some hurdles there. Really Okta's ability to do this on-prem is something that a little bit of the IT end users are concerned about. But what we're seeing right now, both Okta and Auth Zero are two of the main adopted names in security. They look incredibly well set up. Zscaler as well. With the ZTNA push more towards zero trust, Zscaler came out so hot in their IPO. And everyone was wondering if it was going to trail off just like Snowflake. It's not trailing off. This thing just keeps going up into the right, up into the right. The data supports a lot of tremendous growth for the three names that you just mentioned. >> Yeah. Yeah. I'm glad you brought up Auth Zero. We had reported on that earlier. I just feel like that was a great acquisition. You had Okta doing the belly to belly enterprise, you know, selling. And the one thing that they really lacked was that developer momentum. And that's what Auth Zero brings. Just a smart move by Todd McKinnon and company. And I mean, so this, you know, I want to, I want to pull up another chart show a quick snapshot of some of the players in the survey who show momentum and have you comment on this. We haven't mentioned Snowflake so far, but they remain again with like this gold standard of net score, they've consistently had those high marks with regard to spending velocity. But here's some other data. Erik, how should we interpret this? >> Erik: Yeah, just to harp on Snowflake for a second. Right, I mean the rich get richer. They came out- IPO was so hyped, so it was hard for us as a research company to say, "Oh, you know, well, you know, we agree." But we did. The data is incredible. You can't beat the management team. You can't beat what they're doing. They've got so much cash. I can't wait to see what they do with it. And meanwhile, you would expect something that debuted with that high of a net score, that high of spending velocity to trail off. It would be natural. It's not Dave, it's still accelerating. It's gone even higher. It's at all time highs. And we just don't see it stopping anytime soon. It's a really interesting space right now. Maybe another name to look at on here that I think is pretty interesting, kind of a play on return to business is Kupa. It's a great project expense management tool that got hit really hard. Listen, traveling stopped, business expense stopped, and I did a panel on it. And a lot of our guys basically said, "Yeah, it was the first thing I cut." But we're seeing a huge rebound in spending there in that space. So that's a name that I think might be worth being called out on a positive side. Negative, If you look down to the bottom right of that chart, unfortunately we're seeing some issues in RingCentral and Zoom. Anything that's sort of playing in this next, you know, video conferencing, IP telephony space, they seem to be having really decelerating spending. Also now with Zoom's acquisition of five nine. I'm not really sure how RingCentral's going to compete on that. But yeah, that's one where we debuted for the first time with a negative outlook on that name. And looking and asking to some of the people in our community, a lot of them say externally, you still need IP telepany, but internally you don't. Because the You Cast communication systems are getting so sophisticated, that if I have Teams, if I have Slack, I don't need phones anymore. (chuckling) That you and I can just do a Slack call. We can do a Teams call. And many of them are saying I'm truly ripping out my IP Telepany internally as soon as possible because we just don't need it. So this whole collaboration, productivity space is here to stay. And it's got wide ranging implications to some of these more legacy type of tools. >> You know, one of the other things I'd call out on this chart is Accenture. You and I had a session earlier this year, and we had predicted that that skill shortage was going to lead to an uptick in traditional services. We've certainly seen that. I mean, IBM beat its quarter on the strength of services largely. And seeing Accenture on that is I think confirmation. >> Yeah that was our New Year prediction show, right Dave? When we made top 10 predictions? >> That's right. That was part of our predictions show. Exactly, good memory. >> The data is really showing that continue. People want the projects, they need to do the projects, but hiring is very difficult. So obviously the number one beneficiary there are going to be the Accentures of the world. >> All right. So let's do a quick wrap. I'm going to make a few comments and then have you bring us home, Erik. So we laid out our scenario for the tech spending rebound. We definitely believe last year tracked downward, along with GDP contraction. It was interesting. Gardner doesn't believe, at least factions of Gardner don't believe there's a correlation between GDP and tech spending. But, you know, I personally think there generally is some kind of relatively proportional pattern there. And I think we saw contraction last year. People are concerned about inflation. Of course, that adds some uncertainty. And as well, as you mentioned around the Delta variant. But I feel as though that the boards of directors and CEOs, they've mandated that tech execs have to build out digital platforms for the future. They're data centric. They're highly automated, to your earlier points. They're intelligent with AI infused, and that's going to take investment. I feel like the tech community has said, "Look, we know what to do here. We're dealing with hybrid work. We can't just stop doing what we're doing. Let's move forward." You know, and as you say, we're flying again and so forth. You know, getting hybrid right is a major priority that directly impacts strategies. Technology strategies, particularly around security, cloud, the productivity of remote workers with collaboration. And as we've said many times, we are entering a new era of data that's going to focus on decentralized data, building data products, and Erik let's keep an eye on this observability space. Lot of interest there, and buyers have a number of choices. You know, do they go with a specialist, as we saw recently, we've seen in the past, or did they go with the generalist like Service Now with the acquisition of LightStep? You know, it's going to be interesting. A lot of people are going to get into this space, start bundling into larger platforms. And so as you said, there's probably not enough room for all the players. We're going to see some consolidation there. But anyway, let me give you the final word here. >> Yeah, no, I completely agree with all of it. And I think your earlier points are spot on, that analytics and automation are certainly going to be moving more and more to that left of that chart we had of priorities. I think as we continue that survey heading into 2022, we'll have some fresh data for you again in a few months, that's going to start looking at 2022 priorities and overall spend. And the one other area that I keep hearing about over and over and over again is customer experience. There's a transition from good old CRM to CXM. Right now, everything is digital. It is not going away. So you need an omni-channel support to not only track your customer experience, but improve it. Make sure there's a two way communication. And it's a really interesting space. Salesforce is going to migrate into it. We've got Qualtrics out there. You've got Medallia. You've got FreshWorks, you've got Sprinkler. You got some names out there. And everyone I keep talking to on the IT end user side keeps bringing up customer experience. So let's keep an eye on that as well. >> That's a great point. And again, it brings me back to Service Now. We wrote a piece last week that's sort of, Service Now and Salesforce are on a collision course. We've said that for many, many years. And you've got this platform of platforms. They're just kind of sucking in different functions saying, "Hey, we're friends with everybody." But as you know Erik, software companies, they want to own it all. (both chuckling) All right. Hey Erik, thank you so much. I want to thank you for coming back on. It's always a pleasure to have you on Breaking Analysis. Great to see you. >> Love the partnership. Love the collaboration. Let's go enjoy this summer Friday. >> All right. Let's do. Okay, remember everybody, these episodes, they're all available as podcasts, wherever you listen. All you got to do is search Breaking Analysis Podcast, click subscribe to the series. Check out ETR's website at etr.plus. They've just launched a new website. They've got a whole new pricing model. It's great to see that innovation going on. Now remember we also publish a full report every week on WikiBond.com and SiliconAngle.com. You can always email me, appreciate the back channel comments, the metadata insights. David.Vellante@SiliconAngle.com. DM me on Twitter @DVellante or comment on the LinkedIn posts. This is Dave Vellante for Erik Bradley and theCUBE insights powered by ETR. Have a great week, a good rest of summer, be well. And we'll see you next time. (inspiring music)

>> From the SiliconANGLE Media office in Boston, Massachusetts. It's theCUBE. (upbeat music) Now, here's your host Dave Vellante. >> Hi everybody, welcome to this Cube Conversation on data protection. You know, I've been reporting for the last several months that spending on storage is reverting back to pre-2018 levels, but at the same time, it's not falling off a cliff. Now, one area of storage that is still very, very strong is the data protection segment. In the past 18 months, we've seen about a half a billion dollars in venture funding come into the market. We've just seen a big multi-billion dollar exit. And backup specifically in data protection, data management generally is where all the action is right now. And one of the leaders in data protection is Dell EMC. The company has the largest share of the market and the new entrants, believe me, want a piece of their pie. But anyone who follows this company knows that the firm is not likely to give up it's turf very easily. So much is changing in the market today. And I want to understand how Dell EMC's data protection division is responding to both the competitive threats and the changing market dynamics. With me are two experts from Dell EMC to address these issues. Nelson Hsu is Director of Solutions, Product Marketing for the data protection division at Dell EMC, and Colm Keegan is Senior Consultant, Product Marketing at Dell EMC. Gents, welcome to theCUBE. Great to see you again. >> Thank you for having us. >> Thanks, Dave. >> So you heard my intro. You guys are the leader. You got the biggest market share. You got all the upstarts coming at ya. What's your response? >> Want me to take that? >> Sure. >> Yeah. It's interesting, so we were talking about this before we came on set, you know and often times they want to poke holes at us 'cause you know we're perceived as being the old timers, or the stodgy ones of the group out there. And play a little jiu jitsu, you move in say you know well time in market counts for something. You know we've been solving data protection challenges for customers for literally decades now. You know and so, water under the boat and knowing the experience that we've derived from that allows us to bring solutions that are mature, that are proven. What we're doing is we're taking those proven solutions and pairing them with modern capabilities. So that, you know we look at it and say, hey, look, Mr. Customer. You have significant data protection challenges today because, as you said, the world's changing. It's changing rapidly. We can help you address those while also sowing the seeds for the foundation for the future. So we think that's a compelling message and we think that while some of our competitors, in particular the upstarts, have had some interesting things to say, big picture-wise, they don't know what they don't know. 'Cause they just don't have the time in the market. Their solutions are also largely absent upmarket, you know, when you look at the enterprise. So we're comfortable. We think we're in a very good spot right now. >> So cloud obviously was the huge mega trend of the past decade. You guys said from the beginning, it's going to be a hybrid world. Some of that was we hope it's going to be a hybrid world. Well you were right, it's a hybrid world. So how is cloud, hybrid cloud affecting your customer decisions around data protection, and how are you responding? >> Well, you know, there's no doubt that the growth in cloud and the growth in hybrid cloud is real. And it's there today. As we look, and as Colm mentioned, we've been protecting data across the enterprise, across the edge and in the cloud, and that growth continues. So today, we have over 1,000 customers that we're protecting their data in the cloud. To the tone of over 2.7 exabytes of data protected in the cloud by Dell EMC data protection. So there is absolutely no doubt that that growth is there. We have a lot of innovation that we're driving on, both in various ares of cloud native, cyber security and deep integration. >> Okay, so that's good, 1,000 customers. That's a pretty good observation space. But when you think about hybrid, what I think when I talk to customers is they want that same exact cloud experience. They don't want to have to context switch. They don't want to have to buy different platforms. So how are you specifically addressing that customer requirement? >> So there's a couple ways we look at that, right? For our customers, simplicity is very key in ease of use. So that's one of our core tenants as we go across both the edge, the core and the cloud. And the other aspect of that is consistency. So giving them and allowing them to use the tools that they know today to be able to protect their data, wherever that data resides. So with the cloud, with cloud native, your data becomes very, very distributed. And you have to be able to see all that data, and control and manage that data. So the whole aspect around cloud data management has now risen to the top as a major concern. We do that in a great way in a sense that we both have a hybrid strategy and a lot of that is working with Dell Technologies cloud. And it's based upon VMware. And so we have a very good deep relationship with VMware to utilize their tools that our customers use today. Whether it be vSphere or vcontrol that they can manage their data protection from one console, from one environment itself. >> Yeah, Dave, I think when you look at the split today, the latest cut of research is that roughly 52% of VM's are in the cloud, and 48 percent are on-prems so it's already hybrid, and as Nelson said, it's largely predicated on VMware. So as organizations start consuming cloud they're going to go with the platform that they've been operating under for years now. So it'll be VMware. We've always had very tight integration with VMware. We have a very strong partnership with them. And that's both on the existing portfolio as well as the agile portfolio that we're building out today under PowerProtect. So as that hybrid world evolves for the customers obviously we want to make sure they're protected from a virtual machine standpoint. And make that, as Nelson said, very simple for them because the last thing customers need is complexity particularly as their environments are becoming inherently more complex. Because now you look at most enterprises today, they're going to have a mix of workloads. It's physical, it's virtual, containers are unaccounted for. It's cloud native apps, it's SaaS. You know we were talking earlier about multi-clouds. Oftentimes it just kind of came up organically and now you've got this huge distribution of workloads and oftentimes, customers have been just sort of reactive to that. In other words, let me find a way to protect that and I'll worry about the details later. We're looking at that and saying, we have the portfolio to help you protect all your workloads, and as importantly, we'll help consolidate the management in that environment. It's going to start with VMware, but then longer term we're planning for things like a SaaS control plane so that we can give you a complete view of that environment and allow you to assign the policies you need in terms of SLA's, in terms of compliance. You're basically hitting all the security, hitting all the key things that you need and so directionally we think starting with VMware and building from there is probably the most realistic way we can get customers protected from a hyper cloud. >> So the vision is a single point of control that is SaaS based that lives in the cloud or lives wherever you want it to live? >> Right, it can be either. >> So one of our core tendencies here, right, is that we want and deliver the ability to protect our customer's data wherever it resides. Whether it's edge, core or cloud. >> So sticking on cloud for a second, and then sort of segue into the VMware conversation that I want to have is VMware is the sort of linchpin of your multi-cloud strategy. That makes a lot of sense. VMware is going to be a leader, if not the leader in multi-cloud. We'll see how that all shakes out. It's kind of jump ball right now but VMware is in pretty good position with 500,000 customers. But your perspective on cloud is different than say, take an AWS cloud provider, it's a place. Put your data in my cloud. You guys are talking about the experience. And that's really what you're trying to drive with VMware, whether is Ron-prem, whether it's in Google, Azure, AWS, wherever. The cloud, you name it. Is that the right way to think about your strategy? Specifically as it relates to multi-cloud. >> Yeah, so I think on the area of multi-cloud, it is a multi-cloud world. Years ago I was in a SaaS startup and we had customers that were looking to deploy to the cloud. And then that was the question. Okay, do we hedge on multi-cloud or not? As a SaaS provider, we actually implemented on both AWS and Azure at the time. Which became relevant, because now our customers are asking us, yes, my primary is with this particular hyper scaler. But do you also support this second hyper scaler? So the reality started to evolve. And so for us, yes, VMware is a very strategic aspect and partner with us, especially with Dell Technologies cloud. But we also have a multi-cloud relationship with AWS, with Azure and with Google. >> Yes, so the compatibility matrix, if you will, applies now to the cloud. >> Absolutely, absolutely. So now it's having that feature and functionality across multiple clouds. >> One of the things we obviously paid attention to is Project Tanzu with inside of VMware. All around bringing kind of Kubernetes and VMware together. How does that affect data protection? >> Well, I think it affects data protection in the sense that addressing the entire aspect of still your data is distributed now. And it's going to grow that way. I think that we've seen numbers upwards of 70% of applications will be container based. Some of that will be going forward to 2022 where there'll be multiple production applications that will be container based. I think what Tanzu will bring to the table is a cohesive way to manage and control that environment itself. >> Okay, and so maybe we could sort of drill into that a little bit. Containers, it's becoming more obvious that people want to persist some of that data. It's largely stateless, but you've got to figure out how to recover. So do you have solutions in that space, is that sort of more road mapping? You can talk about that a little bit. >> No, absolutely. So definitely we have concrete solutions with our Dell EMC PowerProtect data manager for Kubernetes. It's actually one of the first that was in the market to support cloud native environments. >> It is the first. >> Yeah, the first offering out there to support Kubernetes. And so the aspect there is that as cloud native has moved from DevOps, and now into production in the mission critical applications, now becomes the aspect of originally the DNA of DevOps was my data doesn't have to be persistent. Now when you move into a mission critical environment, you're entire environment needs to be protected. And to be able to bring those workloads back up should anything happen and to be able to protect that data that is critical to those workloads. >> Okay, and so you're saying you're first, and you see this as a differentiator in the marketplace, or is everybody going to have this, or it's one of these confusing ice cream cone of solutions. So why you guys? What's your big differentiation? Let's stick to containers. I have the same questions sort of overall come back to that. >> So great question, and the matter of fact is that with our experience across the edge, core and cloud, Kubernetes and containers will be prevalent throughout. And it'll be the way that applications will be developed. It's meeting the demands of the business and being agile. And I think that with our ability internally that would move to that agile emotion. We have that ability to address the customer's needs especially in the cloud native Kubernetes space. >> I think going back to what you said too about VMware, certainly our partnership there is differentiated. We even heard some echos of that during Vmworld. Pat Gelsinger usually doesn't give call outs on the main stage very frequently. And he said that they were working with us as a best-in-class partner for data protection with Tanzu. And so there is a very tight partnership there, so if I'm a customer and I'm looking at containers, I'm probably going to want to do it within the framework of VMware to start with. But it's important to point out that we're also not dependent on VMware. So we can still deliver protection for Kubernetes containers outside of say the VMware management domain. But I would say from a differentiation standpoint there are some real tight partnering going on to make these capabilities mature. >> Well it helps that your CEO owns 80% of the company. (laughing) But it's an interesting point you're making because again, dial back 10 years ago, VMware had much more of a Switzerland strategy under Maritz, almost to, at the time, EMC's detriment. I think Michael Dell is very clearly, as is Jeff Clarke, said look, we're going to do more integration. And Pat Gelsinger has been, look, I love all my partners. It's true but we're entering sort of a new era. And that integration is key, you know, again, because of the ownership structure, and your long history there. It's got to confer some advantages in the marketplace. >> Yeah, and he's also got to remove some of the headwinds to adoption of VMware cloud. And data protection, as we discussed often times can be a headwind if customers are concerned that they're not going to be able to protect their data, chances are they're going to stand pat for a while. So I mean you need to find ways to take some of those objections off the table. >> Yeah, and not to take anything away from your competitors. Look, it's an open API world, and again, people are going to compete. But at the end of the day this stuff is still really complex and if you can do some core engineering together it's definitely an advantage. Let's talk a little bit about cyber. I often say it's become a board level topic. It's not a matter of if, it's a matter of when. SecOps teams are overtaxed. I think I put out a stat lately, I got it from Robert Herjavec actually. He said think about this. The worldwide economy is 86 trillion and we spend .014% on cyber, that's it. We're barely scratching the surface. And that's part of the problem. Okay, but with that limited resource we have to be as smart as possible. You've got this ransomware coming in. So what are your customers asking you for and how are you responding? >> So it's interesting, right, because it is top of mind, cyber and cyber attacks, and it takes many forms. The attacks can be malware, they could be encryption, they could be deletion. Which is ultimately the worst case scenario. And I think as you go forward and you look at it cyber is the number one concern for any CIO, CISO or anyone that's worried about their security infrastructure. >> Which is everybody >> Which is everybody, right, exactly. I think that we have delivered for the cloud data protection area a first and best offering with an air gap data protection solution. So inherently, we can insulate and protect our customer's data from cyber threats. So when a ransom event occurs you can recover your data without having to pay that ransom. Or not be concerned that in most severe cases your data gets deleted. I think most recently there was a healthcare provider who was threatened about their data being deleted. And that was the worst case. We were able to protect their data in the sense that with our cyber recovery offering they protected their data in an air gap vaulted solution. And they didn't have to pay for that ransom. >> So what I'm hearing from you guys is okay, cloud, very important. Hybrid cloud, multi-cloud, fundamental to our strategy. VMware, they say bet on sure things. VMware is pretty much a sure thing. Large customer base, leader in the space. And then cyber as a key concern of customers, you want to expand the notion of backup and data protection to really point it at cyber as well. >> Absolutely, in fact with this recent research, it's called the Global Data Protection Index Survey and we just refreshed it. And what customers identified as the most compelling reasons to adopt cloud is for better performance, better data protection, and better security. Not necessarily in that order but those were the top three. So we look at that and say, you know we've got plays there. Certainly we have capabilities protecting workloads in the cloud whether they be virtual machines, cloud native, containers. But the security aspect of it is huge. Because oftentimes customers, and Dave, you and I were talking about this, they make some broader assumptions about once data is in the clouds they can kind of wash their hands and walk away. Not so fast, because certainly there is a shared responsibility model that extends not only to data protection, but also to security. Look, don't get me wrong, the cloud service providers have fantastic security capabilities, have a great perimeter. But as you said, it's not a question of if, it's a question of when. And when something happens, are you ready for it? So these solutions extend not only to on-prem but into the cloud. So it's that ability wherever the workload lives that you can get the right protection and what we're really now referring to as safeguarding data. Because it's a combination of data protection and security that's embedded and doing it wherever the workload resides. >> I'm glad you brought that up Colm. I have a follow up on that, but Nelson, did you want to add something? >> Well, I just want to mention that one of the biggest concerns is making sure that that data you vaulted is actually clean and safe. So we have a cyber sense capability within our cyber recovery product, that when you vault that data it does about 100 analytics on that data to make sure that there's no malware. That it's not infected. And it does it automatically and even on incremental using machine learning. >> That's really important because mistakes happen really fast. (laughing) So if you're vaulting corrupted data, >> What do you do? >> Oops. >> Yeah, exactly. >> I want to come back, I think the shared responsibility model is not well understand and there's a lot of confusion in the industry. At a conference this year, AWS' CISO Stephen Schmidt was saying, look all this talk about security is broken it's not really productive. The state of security in the cloud is actually really good and to your point Colm, yeah, he's right about that. Then you hear Pat Gelsinger saying, he's told me many times in theCUBE security is a do-over. To my point, you know the 86 trillion. And so I kind of lean, when I talk to IT people what Pat is saying. So you say okay, where is the dissidence there? Well, the reality is is the cloud service providers and the shared security model, they'll secure the physical infrastructure. But it's up to the customer to be responsible for everything else. You know, the edicts of the organization are applied. We were talking to the CISO of a large insurance company and she said to us, oh no, shared responsibility means it's our responsibility. So you're not going to go after the cloud service provider, you're going to go after the insurance company, or the financial service institution. Their brand is the one that's going to get hurt. So that's misunderstood. My question, very long winded rant, but what role do you guys play in that shared responsibility model? >> Well, ultimately it comes down to the customer. And the shared responsibility model really is admissible, as you mentioned, right? And so at the end of the day, you as the customer own and are responsible to protect that data. So your data protection strategy, your cyber resilience strategy has to be sound. And it has to be secured by those that can actually do it across multiple distribution models and platforms, whether it's edge, core or cloud. Whether it's VM's, containers. It doesn't change. You're still ultimately responsible for it. >> I think maybe what you might be driving at the question, Dave, is empowering the customers to maintain control of their data. And having the tools in place so that they feel comfortable. And part of it too is moving more towards automation. Because as their applications grow, and as Nelson said, become more distributed, as the data grows exponentially, this just fundamentally isn't a task that humans can manage very much longer. >> I'm glad you brought that up, because you ask a CISO, what's your number one problem? And he or she will tell you the skill sets to keep up with all this complexity. And that's where automation comes in. >> Correct, it does. So that's where we're taking it. Is trying to make things more automated and take tasks away from humans that they just can't keep up with. >> All right guys, I'll give you the last word. We go back a decade or so ago and backup was a whole different situation. And we saw the rise of virtualization and now cloud and all these other things that we have been talking about. Edge, the cyber threats, et cetera. So bring us home, where do you see the future and how does Dell EMC data protection fit in? >> It's an exciting time, it really is. It's kind of like the coming of that second storm as you mentioned. Businesses have that demand of needing more services to load more quickly in an agile fashion. And as they pair that with the growth of their data which is distributed, they really have that challenge overall of how do I manage this environment? So you have to have the observability to understand where your data is and to be able to monitor it. You have to be able to orchestrate your workloads so that they're automated, and the data protection of those workloads are automated as well. And so the imperative that aspects like Tanzu are addressing with cloud native, that Kubernetes brings to the table to deliver containerized applications. That's really quite honestly is the biggest evolution I've seen in my last 20 to 30 years. This is definitely a different paradigm shift. >> Yeah, you know, six months ago I was with a competitor and was taking a look at EMC, sorry, I should say Dell EMC, and I was wondering, should I make a move over here? And really what convinced me was the fact that the company was willing to basically solve internally the innovator's dilemma. You're making so much money on your existing portfolio, now you're going to start investing in what appears to be almost internal competition to your portfolio. It's not, it's complimentary. So that's what drove the decision for me to come here, but I will also say it's great to be a part of an organization that has a long-term vision. You remember, I think the phrase that was being used, being held captive to the 90-day shot clock. You know, the earnings reports and stuff. And that drives behavior. Well, if your organization is looking at decade-long goals, that means that you can actually plan to do things that over time are going to actually bring real value to customers. So I think we're doing the right things. We're obviously innovating, we're on this agile software development cadence gives us the ability to solve the problems incrementally over time so customers can see that value instead of waiting for large batch releases. But is also gives us the ability to say, hey, when we've made mistakes or when we hadn't seen certain things come around the corner, we're agile enough to change with that. So I think the combination of having that vision and putting in the investments, and we've kind of likened ourselves to the biggest startup in the industry with the backing of a Fortune 50. And so from a customer standpoint you got to look at that and think, you know, that's interesting, because I need to solve my current problems today. I need to have a path forward for the future. And who am I betting on to deliver that? And the other thing I'll leave on is customers are trying to work with fewer suppliers, not more suppliers. Because they want to reduce the complexity. Well who has the ability to not only bring data protection to bear, but a whole portfolio of technology is really end to end. That can snap into those environments to again reduce complexity and drive more business value. >> That's a really interesting point you make about consolidations. Ever since I've been in this industry people want to deal with less suppliers and reduce the complexity. But you still see startups and VC's funding things. And what's happened is this consolidation, the big guys, you guys are the biggest consolidator. And I always say the rich get richer. There's always this tension between sort of, do I go out and buy the spoke, best of breed tools, or do I get them from somebody who can help me across the portfolio? That's really where your strength is. Guys, thank you so much. This is really a very important topic. Data protection is one of the most important areas that we've been covering. I've been reporting on it a lot. As I said, a lot of venture money has been flowing in. So I really appreciate you guys coming in, sharing your perspectives. And best of luck in the marketplace. >> Appreciate it, Dave. >> Thanks, this was great. >> You're welcome. All right, and thank you for watching, everybody. This is Dave Vellante for theCUBE. We'll see you next time. (upbeat music)

>> From the SiliconANGLE Media Office in Boston, Massachusetts, it's theCUBE. Now, here's your host, Dave Vellante. >> Hello everyone and welcome to this week's episode of theCUBE Insights, powered by ETR. In this Breaking Analysis I want to lay out my 2020 predictions using insights gleaned from theCUBE blended with ETR spending data. You know, 2019 marked our 10th year of doing theCUBE. Over that time we've had the pleasure of covering nearly 1000 events and milestones, including the exit from the great softness of 2008 and 2009. You know theCUBE has extensively tracked a 10 year bull market. We've covered the era of data. We saw the rise and profitless prosperity of the big data and opensource Hadoop movement, where we predicted the practitioners, not vendors, would benefit the most from big data. We've covered many dozens of acquisitions including the 60 billion dollar chess move made by Michael Dell acquiring EMC, and a launch of hundreds of startups in flash, hyper-converged, big data, AI, blockchain, crypto, security and SaaS. There'll be other days to talk about theCUBE and review that, today's all about predicting the future, using spending data and insights from the thousands of interviews we've done on theCUBE. So let's get right into the ETR data and start with the high-level spending. Remember in October, ETR released its survey results and stated that we're coming out of a multiyear investment cycle in digital transformation. Enterprise IT buyers have learned what works, and on which technologies they're going to double down. They're now narrowing their investments on emerging technologies, picking those winners for the next gen tech, and at the same time, they're cutting redundancies from legacy players that they were keeping on as a hedge. Buyers are picking bundled suites from a handful of mega vendors, and solidifying their investments. We're seeing a multi-generational dynamic repeat itself, where buyers are creating a balance between the convenience of packaged offerings, i.e. bundles, and leveraging best of breed technologies to drive innovation. So on balance, the ETR data shows that a contraction in spending and tepid CIO sentiment is impacting both emerging vendors as well as traditional players, and these trends are most pronounced in the very largest organizations, which have always been the best bellwether in ETR's data sets. Let me share with you what one IT executive said recently that I think really sums up the situation quite well. He said, "ETR's findings mirror what we're doing today, "in that we spend most of 2018 bringing in "a lot of the new, core technology. "I believe what you're seeing now is not a lull in spend, "but an operationalization of what we've already purchased. "We're not spending on what's next yet, "because we're still rolling out what we just bought." This is from a VP of global IT at a large public manufacturing company, I said he, it could be a she as well. I think that she's summing it up correctly, and it reflects many of what customers on theCUBE tell us. Now, let's take a look at the macroeconomy. GDP growth is going to come in at about 2.3% this year, give or take. It's not going to hit the Trump administration's goal of 3% plus, but consumers are clearly powering steady growth. At least for now. IT spending should grow at about a point or two above GDP, so let's put that at, say, 4%. We're right in the middle of a Santa Claus rally, and the S&P is above 3200 today. Tech has been a powerful tailwind for stocks, and I think stocks, tech stock's going to take a breath in early 2020, but I expect continued strong growth in the economy and tech spending after a Q1 pause. I could see the S&P flirting with 3700 or even higher in 2020, and I think the tech sector will be a benefactor of that momentum, providing an impetus for continued growth. Here's my thinking on that. So much of 2020 is going to be about the election, and to me the election is going to be really about the economy. And I predict the economy is going to remain steady. And as the IT leader I quoted earlier said, customers will be operationalizing what's been previously purchased. Here's what's different in 2020. Tech projects have historically been very risky investments, and have required higher internal rates of return, IRRs, to get approved by CFOs. But the cloud has altered two factors. One, is that it's allowed more experimentation for way less money. The second is cloud, by shifting CAPEX to OPEX, allows for much more incremental, lower risk investments. So I think you'll see continued steady growth, powered by the cloud, which allows experimentation, and importantly higher hit rates of success. These successful projects will throw off cash for companies, and CFOs are getting on board because they realize it's driving innovation. They also realize that IT does matter, maybe not in the form that Nick Carr envisioned, but a new generation of IT that creates competitive advantage. This brings me to my first main prediction, which is the growth of cloud computing is going to moderate, but the cloud will continue to steal significant share from on-prem spending. Now the narrative that the pendulum is swinging back in my view, is a false narrative. Rather, the pendulum has swung, and the cloud is the underpinning of innovation. Now having said that, I do think we're seeing a bit of an equilibrium in spending, where buyers have identified those workloads that are going to remain on-prem, which is why you see, for example, AWS, Azure, and Google making moves in hybrid. Hybrid slash on-prem offerings. What this chart here shows from ETR, so from 2010 through October '19 survey on cloud spending, I had to block out the 2020 survey as it's currently in the field, I'm not allowed to show that data. The yellow line is market share, which in ETR parlance, as you remember, is pervasiveness, or mentions in their survey. The blue line is spending momentum, measured as net score, which essentially subtracts the percent of customers spending less from those spending more. The long, steady march of cloud, as you can see, continues, and there's no indication that it's going to abate. That said, the penetration of cloud has become much more meaningful, so share gains will be more hard-fought for the cloud guys. Now, you may see this as a non-prediction, or a hedge. It's not, let me be clear. Cloud will continue to steal share from on-prem, but share gains for the cloud vendors will be more difficult. Which brings me to part B of this prediction. What I'm showing in this chart is market share from ETR's January 2016 survey through October '19. And I'm showing spending for three on-prem vendors within AWS, Azure, and Google Cloud accounts. And I'm picking on Oracle, IBM, and Dell EMC as three prominent on-prem proxies, and you can see the steady decline in market share for these companies. And even though there's a bit of an uptick in October, I don't see this as a reversal. What's going to happen is that traditional on-prem vendors are going to step up their cloud strategies. Specifically with multicloud management. This is going to be the case with Dell, who's going to leverage VMware, and in the case of IBM, they'll try to take advantage of Red Hat in that multicloud game. Now both IBM and Oracle, who each have public clouds are going to dig their heels in, they're going to get customers in a headlock, and provide big financial incentives for them to use their captive clouds. All right, so with the high-level spending comments that I made earlier, and that cloud discussion that we just had as a backdrop, the question is, which companies will do well in the coming year? I'm going to call out five companies, that I want to highlight where the ETR data intersects what we're seeing on theCUBE. The prediction is these five players will do well in 2020, they're going to power through any downturn in spending, and they're going to thrive in the face of the cloud share shift. So the chart here shows data from the ETR October 2019 survey, and it lays out net score or spending momentum for these companies, that I am predicting will be winners in 2020 and beyond. And the five companies are UIPath, Snowflake, Databricks, HashiCorp, and Rubrik. Let me start with UIPath. They are the leader in robotic process automation. I think RPA is going to do well even in a downturn, because more companies will be looking to automate and save money, even in a softer climate. Automation Anywhere is another player in this space, they're doing pretty well, and I predict that UIPath will come out on top of this space, but both UIPath and Automation Anywhere can thrive. Next company is Snowflake, they are changing the analytic database market, and I've covered them before in previous Breaking Analysis segments. They are going to continue to grow nicely in my view. They are 100% cloud-based, and they participate in all popular cloud platforms. Now ironically, they compete with AWS RedShift, who continues to copy some of the innovations that Snowflake has popularized. But AWS and Snowflake are strong partners, so there's room for both companies to thrive. Snowflake especially, as they play in clouds other than just AWS. Which brings me to Databricks. We're seeing a new type of workload emerge in the cloud for modern analytic databases, where organizations are taking all this data that they have, lots of it in the cloud, and they're structuring it within a Snowflake database, or RedShift, and they're bringing Databricks tooling to the equation to be able to query and visualize the data in near real time. Now of course, as I say, AWS plays here with RedShift, and they're selling a lot of EC2, so they love Snowflake. All major cloud players are seeing this type of workload enter the mix, and it's going to be a strong area of growth in 2020 and beyond. Next thing I want to talk about is HashiCorp. HashiCorp is capitalizing on this trend toward cloud-native computing. The company provides opensource tooling for developers, and is all about simplifying application deployment independent of the underlying platform, whether it's virtual, container, or cloud. Five years ago, the players in the space that got all the attention on theCUBE were Chef, Puppet, Ansible and Salt, and today, especially again on theCUBE, you hear the most about Hashi and Ansible, and in fact we were at AnsibleFest with theCUBE, and we heard lots about HashiCorp, so they both complement and compete with the older players. To me, this reminds me of Spark within the Hadoop ecosystem. Hashi has raised about 174 million in VC, and as you can see they have very strong spending momentum in the ETR dataset, with a net score, as shown, of 63%. Now finally, I want to talk about Rubrik, which has been a consistent performer in the ETR dataset. They're trying to transform backup into data management as a discipline. They compete with established players in the data protection space, guys like Veritas, Dell EMC, IBM and CommVault. Now Rubrik is not the only new or newish player here, that's doing very well, Cohesity, who's relatively new, Veeam, which has been around for a decade, both doing very well and showing up strong in ETR surveys, especially Veeam, but Rubrik has been a consistently strong performer and has been outpacing the others, so I want to call them out. Look for these five to do very well in 2020, and into the next decade. So that brings me to my next prediction, I want to talk about Kubernetes. This prediction is twofold. Kubernetes is going to continue its strong showing as this data from ETR shows. This is Kubernetes' market share in the October 2019 survey, so Kubernetes spend had a 76% net score. So very very strong. But the other part of the prediction is that Kubernetes will become embedded into virtually every platform, and people will stop thinking about it as a separate market. Already today, there's little discussion of the idea of a Kubernetes distro, I mean Anthos is an example of a Kubernetes stack, but it can be run in the cloud, it can be run on-prem, anywhere. VMware Tanzu, Microsoft Azure Arc are other examples, they're really not stacks, but they're management platforms that can manage anyone's Kubernetes instances. I like to think of this as kind of like flash. You remember when everyone looked at flash storage as a separate market, well today it's just embedded everywhere. And that's kind of what's happening with Kubernetes. So spending momentum is going to continue to be strong, but by 2023, Kubernetes will be ubiquitous, and not really thought of as a separate entity. All right, for my next prediction, I want to talk about cybersecurity. I did a Breaking Analysis earlier this year on security, and I showed this slide. And as you can see, I've added a little something in the red stars for my prediction. So what this chart shows is two views of net score, the left-hand side shows the ranking by net score, and you can see CrowdStrike, Okta, Shape Security, which was just, by the way, bought by F5, that was an announcement. Twistlock, which is now Palo Alto Networks, and you can see the others down that list. On the right-hand side is net score, but it's ranked by shared N, which is a measure of pervasiveness in the ETR dataset. What I've added is the four star companies, that is those companies that have both spending momentum and are pervasive in the ETR survey. So the prediction is 2020 we'll see the four star companies maintain their position and gain strength in 2020. These include established players with portfolios where they can bundle like Microsoft, Cisco, Palo Alto Networks, Splunk, Proofpoint, Fortinet, and CyberArk Software. And then the newer companies like Okta and CrowdStrike are going to continue to gain share faster than the larger players. Now you also may see companies like SailPoint, Illumio, and SentinelOne emerge as four star companies over the next 24 months. Now the one company that's not on this list that is a major player in security is AWS. AWS is the cloud security leader, and is in a category all by itself in many ways. As I said in my security segment earlier this year, the market is incredibly fragmented, and it's going to stay that way. Each year we look back and say "Did we spend more on security?" and "Are we more safe?" And every year the answer is yes, and no. And 2020 will be no different. Now if you look at the various data sources, we spend approximately 120 billion dollars annually on cybersecurity. The worldwide economy is about 85 trillion in dollar terms, so on balance, we spend about .14% on securing our economy, so we're barely scratching the surface. The market is going to remain highly fragmented, the rich will get richer if they have four stars, new players will continue to enter the space, and M&A will continue to be robust. Now if you exclude my long shot that the S&P will break through 3700 next year, that makes nine predictions. For my 10th and final prediction, I don't have hard data from ETR, but I have a strong opinion on this, and that is that the edge will be won by developers, you've heard me talk about this before. Specifically, platforms like Outposts, which are essentially programmable infrastructure which bring a cloud development platform to the edge, is how that space will evolve. It won't be won by shoving traditional servers and storage boxes out to the edge. Rather, it will grow by coders being able to build new applications and workloads on top of infrastructure as code. Okay, that wraps up my 2020 predictions. I'd very much like to hear your opinion, so you can leave your thoughts or your own predictions in the comments sections of this video, or go to my LinkedIn posts. You can reach me @DVellante on Twitter, love to hear your thoughts. And don't forget, this series is available on iTunes, Spotify, and other podcast platforms for your listening pleasure. I'd like to wish everyone a safe and restful holiday season and a prosperous, healthy 2020. Enjoy your families, enjoy this time, this is Dave Vellante, signing out from the latest episode of theCUBE Insights powered by ETR, thanks for watching, everybody. We'll see you next time. (techno music)

>> Narrator: From Miami Beach, Florida, it's theCUBE. Covering Acronis Global Cyber Summit 2019. Brought to you by Acronis. >> Hey, welcome back, everyone, it's theCUBE's coverage of Acronis Global Cyber Summit 2019 here in Miami Beach, Florida, at the Fontainebleau hotel. I'm John Furrier hosting theCUBE. We're here with Craig Weir, Director of Cloud Portfolio at Ingram Micro. Welcome to theCUBE. Director of Cloud Portfolio at Ingram Micro Cloud, so you guys have a cloud and you guys have sales, technicals out there? >> We got everything, so we have the platform itself, so we have our own platform that is used by one-third of the world telcos. We have large VAR's, DVAR's, SP's using our platform. We're also a cloud aggregator, so we offer pretty much any vendor solution on there, so today, we have over 200 solutions on our platform. We offer services to help partners grow and expand because jumping from where they are today to where they want to go tomorrow is very difficult, so we offer those services, so it's a full package. >> You know, I'm really impressed with Ingram. I got to tell you, Ingram Micro, you guys have essentially reinvented you guys' self in plain sight, so it's like changing the airplane out of 35,000 feet, it's really hard to do. You guys have done it, you've essentially taken a distribution model to the cloud, maintained that stickiness with your clients and partners, and now have automation built in. >> Yeah, we always talk about: we're building a plane while we fly it. And we've been doing that for 10 years. We were the first to get into cloud, we're the world's largest distributor, we know that, but times are changing and you need to adapt with it. So we want to get ahead of the curve, being that we want to own the platform, so we made large acquisitions to be the number-one platform provider. We also want to do the value-added service because partners today want to make that change. They're starting to make that change, but they're not sure exactly how to do it or how to monetize it correctly. So we realized, earlier on, we need to make a massive investment and DNA change in what we do. The old word of pick, pack, and ship is gone, right? Distributing now means a million things that we do. We're more of a service provider than we are anything else. >> Yeah, it's so funny, and also, gross margin used to be higher in the old days. When they started to get hit, started getting out of that direct distribution, there was margin pressure, and again, channel businesses are very efficient. The weak don't survive very long and the ones that are smart actually evolve. This is a great case where you can wrap services around it and, with the cloud, you get operating leverage. So you have an investment, now you have a business model for the next 10, 20 years. >> Yeah, if you think about distributions' basis points, it's a term that doesn't really exist outside distribution where you're razor-thin on those margins, but to your point on cloud, it's much heavier lift, it's much more cooperative selling, so obviously, we want to focus there where we can have growth at a higher profitable rate. And, if you can wrap around platform services around that and make you more money and give more value to the channel, why not? >> Well, that's what the channel wants. They want profitability, want to keep their customers, and increase their gross profit, and that's from services. Now, with software economic margins coming in, the revenue is higher. Software economics are great. >> Yeah, and I think a lot of partners today, NSP's, LAR's, VAR's, DVAR's, they don't really know what is their company actually worth? What's the multiple, right? And they're trying to do that assessment of how much your businesses are actually services and how much is that just reoccurring on an annuity basis, not managed service in some respect. So, for us, we look at that and say, well, how do we actually help you migrate that business? We want to get you to 60, 50, 70% services-led where you're making an average of 10, 20, 30 points. >> And a lot of your partners too have long-standing relationships with customers. And so, by you innovating, that just trickles down to them. That makes it sticky for you guys, great business model. Craig, talk about your relationship with Acronis. We're here at their Global Cyber Summit 2019. Talk about what you guys are doing with them. >> So we've been with Acronis for six years now. We're their largest distributor worldwide. We operate from pretty much every country we operate. They're one of our leading, actually, they are our leading backup disaster recovery and cybersecurity solution. We've an amazing partnership at every single level. When it comes to how we go to market, how we back its position, how we recruit enable partners, it's really next to none. We've very, very aggressive timelines and goals for next year for where we want to go, and where that means it's actually growth, expansion, service offering, no matter what head count we have towards this initiative. Acronis is our number-one provider. >> They have a similar DNA and they're thinking like you guys do with the cloud, thinking about how that transformation business model evolved for Ingram Micro. They're seeing it now with their unique integrated... Well, it won't be unique for long 'cause I think everyone is going to copy it. This integrated holistic view having a platform that's an enable, not just hardware, the infrastructure, where they got a platform layer which is enabling capabilities for sets of services on top. Theirs and their ISV's and developers, I mean that's just a proven platform formula. What's your feedback on that? Do you see that translating well in the field, in the partner networks? >> Yeah, very well, I think today, you think of backup disaster recovery as legacy backup disaster recovery. Where am I backing up to, why am I backing? It's for that disaster. Not remediation of issues, security risks. You're seeing them go into a completely security play which someone argues and says it makes no sense, your backup disaster recovery, your BDR. But, if you think of the ransomware attacks today, the fact that I can have a safe copy hooked up in minutes, the ransomware is no longer an issue. And how they position that is really a security end-to-end solution. It doesn't mean you don't need any other security. Obviously, you still do. But it comes at a very different angle and I think it provides a bit of clarity to customers who are confused. They said that earlier, they mentioned: how many different security providers are becoming open every single day? >> No one wants to buy another tool. >> No, and there's no more large mega offer. There's no one solution. >> You know, solving the ransomware problem certainly is a great way to get breached in any account. Hey, I get the mousetrap for solving ransomware. In that case, that's when a better mousetrap works. You're right to the front of the line. Then, once you're in there, then you got to figure it out. This is what's interesting to me is that it's a data solution. I think you cracked that nut, it's a winning formula. >> If you think of a really basic, what are we trying to do or who are we trying to protect? Either people or information, right? We're not worrying about protecting people today. We're talking about information, so at the end of the day, what's most vital for a company's organization? You're looking at their customer data, their personal data, financial data, and if you think about would you want them to have access to, how do you want to mediate that? So the ability of end-to-end and how that story, which was really, really important to the customer, to have the clarity on why, is critical. >> Well, you guys do a great job on security. I read your reports every year that go out at VMworld and Reinvent, all the different events you guys go to. You guys have great security groups, props to those guys. I want to get back to this data backup thing that you mentioned earlier 'cause we had some insight from our conversation. I was just on with a Forrester analyst where, if you look at backup and recovery, it was basically because it was some operational disruption. That had nothing to do with security. I was like, lights go out, hurricane, Hurricane Sandy, whatever happens, something's happening. And that was all built around the continuity of its down rollback. But now the disruption is security. So no one's actually thought about it that way. So I think these guys have a great angle. I'm thinking of it like, well, if the disruption's security, that eliminates almost all the current solutions because they're just rolling back bad code. >> I don't think it eliminates all of them, but it's a great point. >> Well, the majority of them. >> You sit there and go, well, why is Acronis a security provider? It makes no sense. And you sit back and start thinking about the approach 'cause, again, we're thinking old BD and R. The new world of backup and disaster recovery is not the disaster being a natural occurrence or something with this were to happen. It's the every-single-day cyberattack and ransomware that's happening on a regular basis. That's the new norm. New norm isn't the hurricane, it isn't the cyclone, it's security attacks every day. >> And, happening weekly, two towns are being taken out. Craig, observations from your standpoint being an industry participant. Got experience out there in the field, talked to a lot of customers. You guys have your own cloud. Just in general, the top story of this whole cyber protection, security, data world, what's the top story in your mind? What's the most important story that needs to be continually covered and talked about? >> I think what we're missing today is a lot of partners aren't protecting their own house. At the end of the day, when an MSP is looking after their end user's data, do they really understand what they're responsible for? Do they have the right system in place, right? It's back to the constant security attacks. We're seeing, time and time again, MSP's, medium to small, are having massive breaches and going out of businesses in no time. You see MSP's who want to go to MSSP, but that requires-- >> John: What's that mean? >> Managed security service provider. >> John: Okay, all right. >> So you're an MSP specializing, dedicated on... And security, you have a SOC, which means you have a security operational center, meaning that you have to either buy that or go and invest on it or maybe partner with somebody. It's incredibly expensive. So MSP's today-- >> John: The compliance and the insurance alone. >> The compliance, insurance, the expertise. There's a massive shortage of people. So we see the MSP's today may be fine. Maybe 10% could go make that leap to MSP so that everyone else is figuring out: how do I manage the security space? I have all these different offers I have and solutions I have. A lot of them are homegrown, they're not very good. So, at the end of the day, when we look at what's missing is, hey, if you're an MSP, is your own house protected? Before you try to put everyone else's. Because, if you're managing all that data from that partner, you better make sure your house is protected. >> Protect your own house and I think that's interesting, what just came out of Acronis is that, it's a little bit of a flashy announcement, but the blockchain notary, they say, hey, we'll protect the data in all forms and we'll encrypt it on a blockchain. So that speaks to this blockchain problem. Well, data's a supply chain. >> It is, and you sit there... Again, let's talk old backup disaster recovery. You have data somewhere, it's a copy of your file. Do you know it's a clean copy, an authentic file? Do you know that something hasn't happened to it? And before, we never would've known that. Now we do. >> Yeah, well, I've always said in theCUBE, Dave Vellante and I talk about storages, not about the storage, CPU's and the hardware, but the data that's being stored. Take care of your own house first before you take on other people's data. I love that analogy. >> Yeah and customers are getting smart these days. Customers are looking, they're doing reading. Most customers look each at a time. They're looking at word-of-mouth, a trusted advisor, and they're doing research online. So they're demanding this. >> Craig, I really appreciate your insights. Thanks for taking time to share. Take a minute to give a plug for what you guys do in the cloud, how does someone get involved and work with you, what's a customer for you? Take a minute to give a plug out for what you guys do. >> So Ingram Micro, so we're the largest cloud organization in the world. We'll talk U.S. specifically. >> John: Cloud? >> U.S. cloud. >> John: Amazon's bigger. >> As a distributor. >> John: Okay, distributor cloud, that's what I thought. Just to make sure, you keep an eye on them. >> Yeah, no, it's a good point. So we actually are, we do distribute AWS, we do distribute Azure. They're largest for both of them in the channel perspective. But partners today, what I would say the opportunity to them is there's those who play very heavily in the space, then those that do not. Everyone is somewhere in the middle. Working with Ingram Micro, the ability to really, what we said, the Cloud Awesomeness Roadmap which we presented earlier, we're taking a partner from infancy maybe doing a handful of SaaS offers today to going 10, 20 offers on a regular basis. We really enable and train them to make that jump both financially and from a skillset perspective. >> Can anyone get involved? You guys have a vetting process? They have a cloud SaaS app? >> Yeah, so cloud marketplace, if you're an Ingram Micro account today, you have a free account into our cloud marketplace, which is our e-commerce buying engine which is built on CloudBlue, which is our platform. Free access to it, online purchasing of any SaaS offer you want, depending on what the authorizations are by the SaaS offer. Free access to our team when it comes to how to enable support them, whether it's security, UCA's, backup disaster recovery, public cloud, Microsoft, you name it. And it's really a team dedicated to help the problem solvers, which is everyone here today, solve the current problem of how to get more of an annuity subscription basis. >> Awesome, well, congratulations. Cloud marketplaces are hot, you guys are number-one channel, distributor, cloud, whatever it's called. Is there a category? >> For making new-- >> Channel cloud. >> Yeah, you could say-- >> Distributor cloud. >> We're a distribution service provider. >> Congratulations Ingram Micro trends. Building the plane while they're flying it, I love that one too. It's theCUBE, we're a-flying here in Miami Beach at the Fontainebleau hotel for Acronis' Global Cyber Summit 2019. We're back with more coverage after this short break. (upbeat electronic music)

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back everyone. We're so glad that you're still with us. It's the Cube Live at the MGM Grand. This is our second day of coverage of Palo Alto Networks Ignite. This is takeaways from Ignite 22. Lisa Martin here with two really smart guys, Dave Valante. Dave, we're joined by one of our cube alumni, a friend, a friend of the, we say friend of the Cube. >>Yeah, otc. A friend of the Cube >>Karala joined us. Guys, it's great to have you here. It's been an exciting show. A lot of cybersecurity is one of my favorite topics to talk about. But I'd love to get some of the big takeaways from both of you. Dave, we'll start with you. >>A breathing room from two weeks ago. Yeah, that was, that was really pleasant. You know, I mean, I know was, yes, you sat in the analyst program, interested in what your takeaways were from there. But, you know, coming into this, we wrote a piece, Palo Alto's Gold Standard, what they need to do to, to keep that, that status. And we hear it a lot about consolidation. That's their big theme now, which is timely, right? Cause people wanna save money, they wanna do more with less. But I'm really interested in hearing zeus's thoughts on how that's playing in the market. How customers, how easy is it to just say, oh, hey, I'm gonna consolidate. I wanna get into that a little bit with you, how well the strategy's working. We're gonna get into some of the m and a activity and really bring your perspectives to the table. Well, >>It's, it's not easy. I mean, people have been calling for the consolidation of security for decades, and it's, it's, they're the first company that's actually made it happen. Right? And, and I think this is what we're seeing here is the culmination of this long term strategy, this company trying to build more of a platform. And they, you know, they, they came out as a firewall vendor. And I think it's safe to say they're more than firewall today. That's only about two thirds of their revenue now. So down from 80% a few years ago. And when I think of what Palo Alto has become, they're really a data company. Now, if you look at, you know, unit 42 in Cortex, the, the, the Cortex Data Lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have, right? And bringing that together into one big data lake. >>And then they're able to use that to, to do faster threat notification, forensics, things like that. And so I think the old model of security of create signatures for known threats, it's safe to say it never really worked and it wasn't ever gonna work. You had too many day zero exploits and things. The only way to fight security today is with a AI and ML based analytics. And they have, they're the gold standard. I think the one thing about your post that I would add the gold standard from a data standpoint, and that's given them this competitive advantage to go out and become a platform for a security. Which, like I said, the people have tried to do that for years. And the first one that's actually done it, well, >>We've heard this from some of the startups, like Lacework will say, oh, we treat security as a data problem. Of course there's a startup, Palo Alto's got, you know, whatever, 10, 15 years of, of, of history. But one of the things I wanted to explore with you coming into this was the notion of can you be best of breed and develop a suite? And we, we've been hearing a consistent answer to that question, which is, and, and do you need to, and the answer is, well, best of breed in security requires that full spectrum, that full view. So here's my question to you. So, okay, let's take Esty win relatively new for these guys, right? Yeah. Okay. And >>And one of the few products are not top two, top three in, right? Exactly. >>Yeah. So that's why I want to take that. Yeah. Because in bakeoffs, they're gonna lose on a head-to-head best of breed. And so the customer's gonna say, Hey, you know, I love your, your consolidation play, your esty win's. Just, okay, how about a little discount on that? And you know, these guys are premium priced. Yes. So, you know, are they in essentially through their pricing strategies, sort of creating that stuff, fighting that, is that friction for them where they've got, you know, the customer says, all right, well forget it, we're gonna go stove pipe with the SD WAN will consolidate some of the stuff. Are you seeing that? >>Yeah, I, I, I still think the sales model is that way. And I think that's something they need to work on changing. If they get into a situation where they have to get down into a feature battle of my SD WAN versus your SD wan, my firewall versus your firewall, frankly they've already lost, you know, because their value prop is the suite and, and is the platform. And I was talking to the CISO here that told me, he realizes now that you don't need best of breed everywhere to have best in class threat protection. In fact, best of breed everywhere leads to suboptimal threat protection. Cuz you have all these data data sets that are in silos, right? And so from a data scientist standpoint, right, there's the good data leads to good insights. Well, partial data leads to fragmented insights and that's, that's what the best, best of breed approach gives you. And so I was talking with Palo about this, can they have this vision of being best of breed and platform? I don't really think you can maintain best of breed everywhere across this portfolio this big, but you don't need to. >>That was my second point of my >>Question. That's the point. >>Yeah. And so, cuz cuz because you know, we've talked about this, that that sweets always win in the long run, >>Sweets >>Win. Yeah. But here's the thing, I, I wonder to your your point about, you know, the customer, you know, understanding that that that, that this resonates with them. I, my guess is a lot of customers, you know, at that mid-level and the fat middle are like still sort of wed, you know, hugging that, that tool. So there's, there's work to be done here, but I think they, they, they got it right Because if they devolve, to your point, if they devolve down to that speeds and feeds, eh, what's the point of that? Where's their valuable? >>You do not wanna get into a knife fight. And I, and I, and I think for them the, a big challenge now is convincing customers that the suite, the suite approach does work. And they have to be able to do that in actual customer examples. And so, you know, I I interviewed a bunch of customers here and the ones that have bought into XDR and xor and even are looking at their sim have told me that the, the, so think of soc operations, the old way heavily manually oriented, right? You have multiple panes of glass and you know, and then you've got, so there's a lot of people work before you bring the tools in, right? If done correctly with AI and ml, the machines would do all the heavy lifting and then you'd bring people in at the end to clean up the little bits that were missed, right? >>And so you, you moved to, from something that was very people heavy to something that's machine heavy and machines can work a lot faster than people. And the, and so the ones that I've talked that have, that have done that have said, look, our engineers have moved on to a lot different things. They're doing penetration testing, they're, you know, helping us with, with strategy and they're not fighting that, that daily fight of looking through log files. And the only proof point you need, Dave, is look at every big breach that we've had over the last five years. There's some SIM vendor up there that says, we caught it. Yeah. >>Yeah. We we had the data. >>Yeah. But, but, but the security team missed it. Well they missed it because you're, nobody can look at that much data manually. And so the, I I think their approach of relying heavily on machines to fight the fight is actually the right way. >>Is that a differentiator for them versus, we were talking before we went live that you and I first hit our very first segment back in 2017 at Fort Net. Is that, where do the two stand in your >>Yeah, it's funny cuz if you talk to the two vendors, they don't really see each other in a lot of accounts because Fort Net's more small market mid-market. It's the same strategy to some degree where Fort Net relies heavily on in-house development and Palo Alto relies heavily on acquisition. Yeah. And so I think from a consistently feature set, you know, Fort Net has an advantage there because it, it's all run off their, their their silicon. Where, where Palo's able to innovate very quickly. The, it it requires a lot of work right? To, to bring the front end and back ends together. But they're serving different markets. So >>Do you see that as a differentiator? The integration strategy that Palo Alto has as a differentiator? We talk to so many companies who have an a strong m and a strategy and, and execution arm. But the challenge is always integrating the technology so that the customer to, you know, ultimately it's the customer. >>I actually think they're, they're underrated as a, an acquirer. In fact, Dave wrote a post to a prior on Silicon Angle prior to Accelerate and he, he on, you put it on Twitter and you asked people to rank 'em as an acquirer and they were in the middle of the pack, >>Right? It was, it was. So it was Oracle, VMware, emc, ibm, Cisco, ServiceNow, and Palo Alto. Yeah. Or Oracle got very high marks. It was like 8.5 out of, you know, 10. Yeah. VMware I think was 6.5. Nice. Era was high emc, big range. IBM five to seven. Cisco was three to eight. Yeah. Yeah, right. ServiceNow was a seven. And then, yeah, Palo Alto was like a five. And I, which I think it was unfair. >>Well, and I think it depends on how you look at it. And I, so I think a lot of the acquisitions Palo Altos made, they've done a good job of integrating their backend data and they've almost ignored the front end. And so when you buy some of the products, it's a little clunky today. You know, if you work with Prisma Cloud, it could be a little bit cleaner. And even with, you know, the SD wan that took 'em a long time to bring CloudGenix in and stuff. But I think the approach is right. I don't, I don't necessarily believe you should integrate the front end until you've integrated the back end. >>That's >>The hard part, right? Because UL ultimately what you're gonna get, you're gonna get two panes of glass and one pane of glass and it might look pretty all mush together, but ultimately you're not solving the bigger problem, right. Of, of being able to create that big data like the, the fight security. And so I think, you know, the approach they've taken is the right one. I think from a user standpoint, maybe it doesn't show up as neatly because you don't see the frontend integration, but the way they're doing it is the right way to do it. And I'm glad they're doing it that way versus caving to the pressures of what, you know, the industry might want >>Showed up in the performance of the company. I mean, this company was basically gonna double revenues to 7 billion from 2020 to >>2023. Three. Think about that at that, that >>Make a, that's unbelievable, right? I mean, and then and they wanna double again. Yeah. You know, so, well >>What did, what did Nikesh was quoted as saying they wanna be the first cyber company that's a hundred billion dollars. He didn't give a timeline market cap. >>Right. >>Market cap, right. Do what I wanna get both of your opinions on what you saw and heard and felt this week. What do you think the likelihood is? And and do you have any projections on how, you know, how many years it's gonna take for them to get there? >>Well, >>Well I think so if they're gonna get that big, right? And, and we were talking about this pre-show, any company that's becoming a big company does it through ecosystem >>Bingo. >>Right? And that when you look around the show floor, it's not that impressive. And if that, if there's an area they need to focus on, it's building that ecosystem. And it's not with other security vendors, it's with application vendors and it's with the cloud companies and stuff. And they've got some relationships there, but they need to do more. I actually challenge 'em on that. One of the analyst sessions. They said, look, we've got 800 cortex partners. Well where are they? Right? Why isn't there a cortex stand here with a bunch of the small companies here? So I do think that that is an area they need to focus on. If they are gonna get to that, that market caps number, they will do so do so through ecosystem. Because every company that's achieved that has done it through ecosystem. >>A hundred percent agree. And you know, if you look at CrowdStrike's ecosystem, it's pretty similar. Yeah. You know, it doesn't really, you know, make much, much, not much different from this, but I went back and just looked at some, you know, peak valuations during the pandemic and shortly thereafter CrowdStrike was 70 billion. You know, that's what their roughly their peak Palo Alto was 56, fortune was 59 for the actually diverged. Right. And now Palo Alto has taken the, the top mantle, you know, today it's market cap's 52. So it's held 93% of its peak value. Everybody else is tanking. Even Okta was 45 billion. It's been crushed as you well know. But, so Palo Alto wasn't always, you know, the number one in terms of market cap. But I guess my point is, look, if CrowdStrike could got to 70 billion during Yeah. During the frenzy, I think it's gonna take, to answer your question, I think it's gonna be five years. Okay. Before they get back there. I think this market's gonna be tough for a while from a valuation standpoint. I think generally tech is gonna kind of go up and down and sideways for a good year and a half, maybe even two years could be even longer. And then I think there's gonna be some next wave of productivity innovation that that hits. And then you're gonna, you're almost always gonna exceed the previous highs. It's gonna take a while. Yeah, >>Yeah, yeah. But I think their ability to disrupt the SIM market actually is something I, I believe they're gonna do. I've been calling for the death of the sim for a long time and I know some people at Palo Alto are very cautious about saying that cuz the Splunks and the, you know, they're, they're their partners. But I, I think the, you know, it's what I said before, the, the tools are catching them, but they're, it's not in a way that's useful for the IT pro and, but I, I don't think the SIM vendors have that ecosystem of insight across network cloud endpoint. Right. Which is what you need in order to make a sim useful. >>CISO at an ETR roundtable said, if, if it weren't for my regulators, I would chuck my sim. >>Yes. >>But that's the only reason that, that this person was keeping it. So, >>Yeah. And I think the, the fact that most of those companies have moved to a perpetual MO or a a recurring revenue model actually helps unseat them. Typically when you pour a bunch of money into something, you remember the old computer associate days, nobody ever took it out cuz the sunk dollars you spent to do it. But now that you're paying an annual recurring fee, it's actually makes it easier to take out. So >>Yeah, it's it's an ebb and flow, right? Yeah. Because the maintenance costs were, you know, relatively low. Maybe it was 20% of the total. And then, you know, once every five years you had to do a refresh and you were still locked into the sort of maintenance and, and so yeah, I think you're right. The switching costs with sas, you know, in theory anyway, should be less >>Yeah. As long as you can migrate the data over. And I think they've got a pretty good handle on that. So, >>Yeah. So guys, I wanna get your perspective as a whole bunch of announcements here. We've only been here for a couple days, not a big conference as, as you can see from behind us. What Zs in your opinion was Palo Alto's main message and and what do you think about it main message at this event? And then same question for you. >>Yeah, I, I think their message largely wrapped around disruption, right? And, and they, in The's keynote already talked about that, right? And where they disrupted the firewall market by creating a NextGen firewall. In fact, if you look at all the new services they added to their firewall, you, you could almost say it's a NextGen NextGen firewall. But, but I do think the, the work they've done in the area of cloud and cortex actually I think is, is pretty impressive. And I think that's the, the SOC is ripe for disruption because it's for, for the most part, most socks still, you know, run off legacy playbooks. They run off legacy, you know, forensic models and things and they don't work. It's why we have so many breaches today. The, the dirty little secret that nobody ever wants to talk about is the bad guys are using machine learning, right? And so if you're using a signature based model, all they're do is tweak their model a little bit and it becomes, it bypasses them. So I, I think the only way to fight the the bad guys today is with you gotta fight fire with fire. And I think that's, that's the path they've, they've headed >>Down and the bad guys are hiding in plain sight, you know? >>Yeah, yeah. Well it's, it's not hard to do now with a lot of those legacy tools. So >>I think, I think for me, you know, the stat that we threw out earlier, I think yesterday at our keynote analysis was, you know, the ETR data shows that are, that are that last survey around 35% of the respondents said we are actively consolidating, sorry, 44%, sorry, 35 says we're actively consolidating vendors, redundant vendors today. That number's up to 44%. Yeah. It's by far the number one cost optimization technique. That's what these guys are pitching. And I think it's gonna resonate with people and, and I think to your point, they're integrating at the backend, their beeps are technical, right? I mean, they can deal with that complexity. Yeah. And so they don't need eye candy. Eventually they, they, they want to have that cuz it'll allow 'em to have deeper market penetration and make people more productive. But you know, that consolidation message came through loud and clear. >>Yeah. The big change in this industry too is all the new startups are all cloud native, right? They're all built on Amazon or Google or whatever. Yeah. And when your cloud native and you buy a cloud native integration is fast. It's not like having to integrate this big monolithic software stack anymore. Right. So I I think their pace of integration will only accelerate from here because everything's now cloud native. >>If a customer comes to you or when a customer comes to you and says, Zs help us with this cyber transformation we have, our board isn't necessarily with our executives in terms of execution of a security strategy. How do you advise them where Palo Alto is concerned? >>Yeah. You know, a lot, a lot of this is just fighting legacy mindset. And I've, I was talking with some CISOs here from state and local governments and things and they're, you know, they can't get more budget. They're fighting the tide. But what they did find is through the use of automation technology, they're able to bring their people costs way down. Right. And then be able to use that budget to invest in a lot of new projects. And so with that, you, you have to start with your biggest pain points, apply automation where you can, and then be able to use that budget to reinvest back in your security strategy. And it's good for the IT pros too, the security pros, my advice to, to it pros is if you're doing things today that aren't resume building, stop doing them. Right? Find a way to automate the money your job. And so if you're patching systems and you're looking through log files, there's no reason machines can't do that. And you go do something a lot more interesting. >>So true. It's like storage guys 10 years ago, provisioning loans. Yes. It's like, stop doing that. Yeah. You're gonna be outta a job. And so who, last question I have is, is who do you see as the big competitors, the horses on the track question, right? So obviously Cisco kind of service has led for a while and you know, big portfolio company, CrowdStrike coming at it from end point. You know who, who, who do you see as the real players going for that? You know, right now the market's three to 4%. The leader has three, three 4% of the market. You know who they're all going for? 10, 15, maybe 20% of the market. Who, who are the likely candidates? Yeah, >>I don't know if CrowdStrike really has the breadth of portfolio to compete long term though. I I think they've had a nice run, but I, we might start to see the follow 'em. I think Microsoft is gonna be for middle. They've laid down the gauntlet, right? They are a security vendor, right? We, we were at Reinvent and a AWS is the platform for security vendors. Yes. Middle, somewhere in the middle. But Microsoft make no mistake, they're in security. They've got some good products. I think a lot of 'em are kind of good enough and they, they tie it to the licensing and I'm not sure that works in security, but they've certainly got the ear of a lot of it pros. >>It might work in smb. >>Yeah. Yeah. It, it might. And, and I do like Zscaler. I, I know these guys poo poo the proxy model, but they've, they've done about as much with proxies as you can. And I, I think it's, it's a battle of, I love the, the, the near, you know, proxies are dead and Jay's model, you know, Jay over at c skater throw 'em back at 'em. So I, it's good to see that kind of fight going on between the two. >>Oh, it's great. Well, and, and again, ZScaler's coming at it from their cloud security angle. CrowdStrike's coming at it from endpoint. I, I do think CrowdStrike has an opportunity to build out the portfolio through m and a and maybe ecosystem. And then obviously, you know, Palo Alto's getting it done. How about Cisco? >>Yeah. Cisco's interesting. And I, I think if Cisco can make the network matter in security and it should, right? We're talking about how a lot of you need a lot of forensics to fight security today. Well, they're gonna see things long before anybody else because they have all that network data. If they can tie network security, I, I mean they could really have that business take off. But we've been saying that about Cisco for 20 years. >>But big install based though. Yeah. It's hard for a company, any company to just say, okay, hey Cisco customer sweep the floor and come with us. That's, that's >>A tough thing. They have a lot of good peace parts, right? And like duo's a good product and umbrella's a good product. They've, they've not done a good job. >>They're the opposite of these guys. >>They've not done a good job of the backend integration that, that's where Cisco needs to, to focus. And I do think g G two Patel there fixed the WebEx group and I think he's now, in fact when you talk to him, he's doing very little on WebEx that that group's running itself and he's more focused in security. So I, I think we could see a resurgence there. But you know, they have a, from a revenue perspective, it's a little misleading cuz they have this big legacy base that's in decline while they're moving to cloud and stuff. So, but they, but they, there's a lot of work there're trying to, to tie to network. >>Right. Lots of fuel for conversation. We're gonna have to carry this on, on Silicon angle.com guys. Yes. And Wikibon, lets do see us. Thank you so much for joining Dave and me giving us your insights as to this event. Where are you gonna be next? Are you gonna be on vacation? >>There's nothing more fun than mean on the cube, so, right. What's outside of that though? Yeah, you know, Christmas coming up, I gotta go see family and do the obligatory, although for me that's a lot of travel, so I guess >>More planes. Yeah. >>Hopefully not in Vegas. >>Not in Vegas. >>Awesome. Nothing against Vegas. Yeah, no, >>We love it. We >>Love it. Although I will say my year started off with ces. Yeah. And it's finishing up with Palo Alto here. The bookends. Yeah, exactly. In Vegas bookends. >>Well thanks so much for joining us. Thank you Dave. Always a pleasure to host a show with you and hear your insights. Reading your breaking analysis always kicks off my prep for show and it's always great to see, but predictions come true. So thank you for being my co-host bet. All right. For Dave Valante Enz as Carla, I'm Lisa Martin. You've been watching The Cube, the leader in live, emerging and enterprise tech coverage. Thanks for watching.

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back everyone. We're so glad that you're still with us. It's the Cube Live at the MGM Grand. This is our second day of coverage of Palo Alto Networks Ignite. This is takeaways from Ignite 22. Lisa Martin here with two really smart guys, Dave Valante. Dave, we're joined by one of our cube alumni, a friend, a friend of the, we say friend of the Cube. >>Yeah, F otc. A friend of the Cube >>Karala joins us. Guys, it's great to have you here. It's been an exciting show. A lot of cybersecurity is one of my favorite topics to talk about. But I'd love to get some of the big takeaways from both of you. Dave, we'll start with >>You. A breathing room from two weeks ago. Yeah, that was, that was really pleasant. You know, I mean, I know was, yes, you sat in the analyst program, interested in what your takeaways were from there. But, you know, coming into this, we wrote a piece, Palo Alto's Gold Standard, what they need to do to, to keep that, that status. And we hear it a lot about consolidation. That's their big theme now, which is timely, right? Cause people wanna save money, they wanna do more with less. But I'm really interested in hearing zeus's thoughts on how that's playing in the market. How customers, how easy is it to just say, oh, hey, I'm gonna consolidate. I wanna get into that a little bit with you, how well the strategy's working. We're gonna get into some of the m and a activity and really bring your perspectives to the table. Well, >>It's, it's not easy. I mean, people have been calling for the consolidation of security for decades, and it's, it's, they're the first company that's actually made it happen. Right? And, and I think this is what we're seeing here is the culmination of this long-term strategy, this company trying to build more of a platform. And they, you know, they, they came out as a firewall vendor. And I think it's safe to say they're more than firewall today. That's only about two thirds of their revenue now. So down from 80% a few years ago. And when I think of what Palo Alto has become, they're really a data company. Now, if you look at, you know, unit 42 in Cortex, the, the, the Cortex Data Lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have, right? And bringing that together into one big data lake. >>And then they're able to use that to, to do faster threat notification, forensics, things like that. And so I think the old model of security of create signatures for known threats, it's safe to say it never really worked and it wasn't ever gonna work. You had too many days, zero exploits and things. The only way to fight security today is with a AI and ML based analytics. And they have, they're the gold standard. I think the one thing about your post that I would add, they're the gold standard from a data standpoint. And that's given them this competitive advantage to go out and become a platform for security. Which, like I said, the people have tried to do that for years. And the first one that's actually done it, well, >>We've heard this from some of the startups, like Lacework will say, oh, we treat security as a data problem. Of course there's a startup, Palo Alto's got, you know, whatever, 10, 15 years of, of, of history. But one of the things I wanted to explore with you coming into this was the notion of can you be best of breed and develop a suite? And we, we've been hearing a consistent answer to that question, which is, and, and do you need to, and the answer is, well, best of breed in security requires that full spectrum, that full view. So here's my question to you. So, okay, let's take Estee win relatively new for these guys, right? Yeah. Okay. And >>And one of the few products are not top two, top three in, right? >>Exactly. Yeah. So that's why I want to take that. Yeah. Because in bakeoffs, they're gonna lose on a head-to-head best of breed. And so the customer's gonna say, Hey, you know, I love your, your consolidation play, your esty win's. Just, okay, how about a little discount on that? And you know, these guys are premium priced. Yes. So, you know, are they in essentially through their pricing strategies, sort of creating that stuff, fighting that, is that friction for them where they've got, you know, the customer says, all right, well forget it, we're gonna go stove pipe with the SD WAN will consolidate some of the stuff. Are you seeing that? >>Yeah, I, I, I still think the sales model is that way. And I think that's something they need to work on changing. If they get into a situation where they have to get down into a feature battle of my SD WAN versus your SD wan, my firewall versus your firewall, frankly they've already lost, you know, because their value prop is the suite and, and is the platform. And I was talking with the CISO here that told me, he realizes now that you don't need best of breed everywhere to have best in class threat protection. In fact, best of breed everywhere leads to suboptimal threat protection. Cuz you have all these data data sets that are in silos, right? And so from a data scientist standpoint, right, there's the good data leads to good insights. Well, partial data leads to fragmented insights and that's, that's what the best, best of breed approach gives you. And so I was talking with Palo about this, can they have this vision of being best of breed and platform? I don't really think you can maintain best of breed everywhere across this portfolio this big, but you don't need to. >>That was my second point of my question. That's the point I'm saying. Yeah. And so, cuz cuz because you know, we've talked about this, that that sweets always win in the long run, >>Sweets win. >>Yeah. But here's the thing, I, I wonder to your your point about, you know, the customer, you know, understanding that that that, that this resonates with them. I, my guess is a lot of customers, you know, at that mid-level and the fat middle are like still sort of wed, you know, hugging that, that tool. So there's, there's work to be done here, but I think they, they, they got it right Because if they devolve, to your point, if they devolve down to that speeds and feeds, eh, what's the point of that? Where's their >>Valuable? You do not wanna get into a knife fight. And I, and I, and I think for them the, a big challenge now is convincing customers that the suite, the suite approach does work. And they have to be able to do that in actual customer examples. And so, you know, I I interviewed a bunch of customers here and the ones that have bought into XDR and xor and even are looking at their sim have told me that the, the, so think of soc operations, the old way heavily manually oriented, right? You have multiple panes of glass and you know, and then you've got, so there's a lot of people work before you bring the tools in, right? If done correctly with AI and ml, the machines would do all the heavy lifting and then you'd bring people in at the end to clean up the little bits that were missed, right? >>And so you, you moved to, from something that was very people heavy to something that's machine heavy and machines can work a lot faster than people. And the, and so the ones that I've talked that have, that have done that have said, look, our engineers have moved on to a lot different things. They're doing penetration testing, they're, you know, helping us with, with strategy and they're not fighting that, that daily fight of looking through log files. And the only proof point you need, Dave, is look at every big breach that we've had over the last five years. There's some SIM vendor up there that says, we caught it. Yeah. >>Yeah. We we had the data. >>Yeah. But, but, but the security team missed it. Well they missed it because you're, nobody can look at that much data manually. And so the, I I think their approach of relying heavily on machines to fight the fight is actually the right way. >>Is that a differentiator for them versus, we were talking before we went live that you and I first hit our very first segment back in 2017 at Fort Net. Is that, where do the two stand in your >>Yeah, it's funny cuz if you talk to the two vendors, they don't really see each other in a lot of accounts because Fort Net's more small market mid-market. It's the same strategy to some degree where Fort Net relies heavily on in-house development in Palo Alto relies heavily on acquisition. Yeah. And so I think from a consistently feature set, you know, Fort Net has an advantage there because it, it's all run off their, their their silicon. Where, where Palo's able to innovate very quickly. The, it it requires a lot of work right? To, to bring the front end and back ends together. But they're serving different markets. So >>Do you see that as a differentiator? The integration strategy that Palo Alto has as a differentiator? We talk to so many companies who have an a strong m and a strategy and, and execution arm. But the challenge is always integrating the technology so that the customer to, you know, ultimately it's the customer. >>I actually think they're, they're underrated as a, an acquirer. In fact, Dave wrote a post to a prior on Silicon Angle prior to Accelerate and he, he on, you put it on Twitter and you asked people to rank 'em as an acquirer and they were in the middle of the pack, >>Right? It was, it was. So it was Oracle, VMware, emc, ibm, Cisco, ServiceNow, and Palo Alto. Yeah. Or Oracle got very high marks. It was like 8.5 out of, you know, 10. Yeah. VMware I think was 6.5. Naira was high emc, big range. IBM five to seven. Cisco was three to eight. Yeah. Yeah, right. ServiceNow was a seven. And then, yeah, Palo Alto was like a five. And I, which I think it was unfair. Well, >>And I think it depends on how you look at it. And I, so I think a lot of the acquisitions Palo Alto's made, they've done a good job of integrating the backend data and they've almost ignored the front end. And so when you buy some of the products, it's a little clunky today. You know, if you work with Prisma Cloud, it could be a little bit cleaner. And even with, you know, the SD wan that took 'em a long time to bring CloudGenix in and stuff. But I think the approach is right. I don't, I don't necessarily believe you should integrate the front end until you've integrated the back end. >>That's >>The hard part, right? Because UL ultimately what you're gonna get, you're gonna get two panes of glass and one pane of glass and it might look pretty and all mush together, but ultimately you're not solving the bigger problem, right. Of, of being able to create that big data lake to, to fight security. And so I think, you know, the approach they've taken is the right one. I think from a user standpoint, maybe it doesn't show up as neatly because you don't see the frontend integration, but the way they're doing it is the right way to do it. And I'm glad they're doing it that way versus caving to the pressures of what, you know, the industry might want or >>Showed up in the performance of the company. I mean, this company was basically gonna double revenues to 7 billion from 2020 to >>2023. Think about that at that. That makes, >>I mean that's unbelievable, right? I mean, and then and they wanna double again. Yeah. You know, so, well >>What did, what did Nikesh was quoted as saying they wanna be the first cyber company that's a hundred billion dollars. He didn't give a timeline market >>Cap. Right. >>Market cap, right. Do what I wanna get both of your opinions on what you saw and heard and felt this week. What do you think the likelihood is? And and do you have any projections on how, you know, how many years it's gonna take for them to get there? >>Well, >>Well I think so if they're gonna get that big, right? And, and we were talking about this pre-show, any company that's becoming a big company does it through ecosystem >>Bingo >>Go, right? And that when you look around the show floor, it's not that impressive. No. And if that, if there's an area they need to focus on, it's building that ecosystem. And it's not with other security vendors, it's with application vendors and it's with the cloud companies and stuff. And they've got some relationships there, but they need to do more. I actually challenge 'em on that. One of the analyst sessions. They said, look, we've got 800 cortex partners. Well where are they? Right? Why isn't there a cortex stand here with a bunch of the small companies here? So I do think that that is an area they need to focus on. If they are gonna get to that, that market caps number, they will do so do so through ecosystem. Because every company that's achieved that has done it through ecosystem. >>A hundred percent agree. And you know, if you look at CrowdStrike's ecosystem, it's, I mean, pretty similar. Yeah. You know, it doesn't really, you know, make much, much, not much different from this, but I went back and just looked at some, you know, peak valuations during the pandemic and shortly thereafter CrowdStrike was 70 billion. You know, that's what their roughly their peak Palo Alto was 56, fortune was 59 for the actually diverged. Right. And now Palo Alto has taken the, the top mantle, you know, today it's market cap's 52. So it's held 93% of its peak value. Everybody else is tanking. Even Okta was 45 billion. It's been crushed as you well know. But, so Palo Alto wasn't always, you know, the number one in terms of market cap. But I guess my point is, look, if CrowdStrike could got to 70 billion during Yeah. During the frenzy, I think it's gonna take, to answer your question, I think it's gonna be five years. Okay. Before they get back there. I think this market's gonna be tough for a while from a valuation standpoint. I think generally tech is gonna kind of go up and down and sideways for a good year and a half, maybe even two years could be even longer. And then I think there's gonna be some next wave of productivity innovation that that hits. And then you're gonna, you're almost always gonna exceed the previous highs. It's gonna take a while. Yeah. >>Yeah, yeah. But I think their ability to disrupt the SIM market actually is something that I, I believe they're gonna do. I've been calling for the death of the sim for a long time and I know some people of Palo Alto are very cautious about saying that cuz the Splunks and the, you know, they're, they're their partners. But I, I think the, you know, it's what I said before, the, the tools are catching them, but they're, it's not in a way that's useful for the IT pro and, but I, I don't think the SIM vendors have that ecosystem of insight across network cloud endpoint. Right. Which is what you need in order to make a sim useful. >>CISO at an ETR round table said, if, if it weren't for my regulators, I would chuck my sim. >>Yes. >>But that's the only reason that, that this person was keeping it. No. >>Yeah. And I think the, the fact that most of those companies have moved to a perpetual MO or a a recurring revenue model actually helps unseat them. Typically when you pour a bunch of money into something, you remember the old computer associate says nobody ever took it out cuz the sunk dollars you spent to do it. But now that you're paying an annual recurring fee, it's actually makes it easier to take out. So >>Yeah, it's just an ebb and flow, right? Yeah. Because the maintenance costs were, you know, relatively low. Maybe it was 20% of the total. And then, you know, once every five years you had to do a refresh and you were still locked into the sort of maintenance and, and so yeah, I think you're right. The switching costs with sas, you know, in theory anyway, should be less >>Yeah. As long as you can migrate the data over. And I think they've got a pretty good handle on that. So, >>Yeah. So guys, I wanna get your perspective as a whole bunch of announcements here. We've only been here for a couple days, not a big conference as, as you can see from behind us. What Zs in your opinion was Palo Alto's main message and and what do you think about it main message at this event? And then same question for you. >>Yeah, I, I think their message largely wrapped around disruption, right? And, and they, and The's keynote already talked about that, right? And where they disrupted the firewall market by creating a NextGen firewall. In fact, if you look at all the new services they added to their firewall, you, you could almost say it's a NextGen NextGen firewall. But, but I do think the, the work they've done in the area of cloud and cortex actually I think is, is pretty impressive. And I think that's the, the SOC is ripe for disruption because it's for, for the most part, most socks still, you know, run off legacy playbooks. They run off legacy, you know, forensic models and things and they don't work. It's why we have so many breaches today. The, the dirty little secret that nobody ever wants to talk about is the bad guys are using machine learning, right? And so if you're using a signature based model, all they gotta do is tweak their model a little bit and it becomes, it bypasses them. So I, I think the only way to fight the the bad guys today is with you're gonna fight fire with fire. And I think that's, that's the path they've, they've headed >>Down. Yeah. The bad guys are hiding in plain sight, you know? Yeah, >>Yeah. Well it's, it's not hard to do now with a lot of those legacy tools. So >>I think, I think for me, you know, the stat that we threw out earlier, I think yesterday at our keynote analysis was, you know, the ETR data shows that are, that are that last survey around 35% of the respondents said we are actively consolidating, sorry, 44%, sorry, 35 says who are actively consolidating vendors, redundant vendors today that number's up to 44%. Yeah. It's by far the number one cost optimization technique. That's what these guys are pitching. And I think it's gonna resonate with people and, and I think to your point, they're integrating at the backend, their beeps are technical, right? I mean, they can deal with that complexity. Yeah. And so they don't need eye candy. Eventually they, they, they want to have that cuz it'll allow 'em to have deeper market penetration and make people more productive. But you know, that consolidation message came through loud and clear. >>Yeah. The big change in this industry too is all the new startups are all cloud native, right? They're all built on Amazon or Google or whatever. Yeah. And when your cloud native and you buy a cloud native integration is fast. It's not like having to integrate this big monolithic software stack anymore. Right. So I, I think their pace of integration will only accelerate from here because everything's now cloud native. >>If a customer comes to you or when a customer comes to you and says, Zs help us with this cyber transformation we have, our board isn't necessarily aligned with our executives in terms of execution of a security strategy. How do you advise them where Palo Alto is concerned? >>Yeah. You know, a lot, a lot of this is just fighting legacy mindset. And I've, I was talking with some CISOs here from state and local governments and things and they're, you know, they can't get more budget. They're fighting the tide. But what they did find is through the use of automation technology, they're able to bring their people costs way down. Right. And then be able to use that budget to invest in a lot of new projects. And so with that, you, you have to start with your biggest pain points, apply automation where you can, and then be able to use that budget to reinvest back in your security strategy. And it's good for the IT pros too, the security pros, my advice to the IT pros is, is if you're doing things today that aren't resume building, stop doing them. Right. Find a way to automate the money your job. And so if you're patching systems and you're looking through log files, there's no reason machines can't do that. And you go do something a lot more interesting. >>So true. It's like storage guys 10 years ago, provisioning loans. Yes. It's like, stop doing that. Yeah. You're gonna be outta a job. So who, last question I have is, is who do you see as the big competitors, the horses on the track question, right? So obviously Cisco kind of service has led for a while and you know, big portfolio company, CrowdStrike coming at it from end point. You know who, who, who do you see as the real players going for that? You know, right now the market's three to 4%. The leader has three, three 4% of the market. You know who they're all going for? 10, 15, maybe 20% of the market. Who, who are the likely candidates? Yeah, >>I don't know if CrowdStrike really has the breadth of portfolio to compete long term though. I I think they've had a nice run, but I, we might start to see the follow 'em. I think Microsoft is gonna be for middle. They've laid down the gauntlet, right? They are a security vendor, right? We, we were at Reinvent and a AWS is the platform for security vendors. Yes. Middle, somewhere in the middle. But Microsoft make no mistake, they're in security. They've got some good products. I think a lot of 'em are kind of good enough and they, they tie it to the licensing and I'm not sure that works in security, but they've certainly got the ear of a lot of it pros. >>It might work in smb. >>Yeah, yeah. It, it might. And, and I do like Zscaler. I, I know these guys poo poo the proxy model, but they've, they've done about as much with prox as you can. And I, I think it's, it's a battle of, I love the, the, the near, you know, proxies are dead and Jay's model, you know, Jay over at csca, throw 'em back at 'em. So I, it's good to see that kind of fight going on between the >>Two. Oh, it's great. Well, and, and again, ZScaler's coming at it from their cloud security angle. CrowdStrike's coming at it from endpoint. I, I do think CrowdStrike has an opportunity to build out the portfolio through m and a and maybe ecosystem. And then obviously, you know, Palo Alto's getting it done. How about Cisco? >>Yeah, Cisco's interesting. And I I think if Cisco can make the network matter in security and it should, right? We're talking about how a lot of you need a lot of forensics to fight security today. Well, they're gonna see things long before anybody else because they have all that network data. If they can tie network security, I, I mean they could really have that business take off. But we've been saying that about Cisco for 20 years. >>But big install based though. Yeah. It's hard for a company, any company to say, okay, hey Cisco customer sweep the floor and come with us. That's, that's >>A tough thing. They have a lot of good peace parts, right? And like duo's a good product and umbrella's a good product. They've, they've not done a good job. >>They're the opposite of these guys. >>They've not done a good job of the backend integration and that, that's where Cisco needs to, to focus. And I do think g G two Patel there fixed the WebEx group and I think he's now, in fact when you talk to him, he's doing very little on WebEx that that group's running itself and he's more focused in security. So I, I think we could see a resurgence there. But you know, they have a, from a revenue perspective, it's a little misleading cuz they have this big legacy base that's in decline while they're moving to cloud and stuff. So, but they, but they, there's a lot of Rick there trying to, to tie to network. >>Lots of fuel for conversation. We're gonna have to carry this on, on Silicon angle.com guys. Yes. And Wi KeePon. Lets do see us. Thank you so much for joining Dave and me giving us your insights as to this event. Where are gonna be next? Are you gonna be on >>Vacation? There's nothing more fun than mean on the cube. So what's outside of that though? Yeah, you know, Christmas coming up, I gotta go see family and be the obligatory, although for me that's a lot of travel, so I guess >>More planes. Yeah. >>Hopefully not in Vegas. >>Not in Vegas. >>Awesome. Nothing against Vegas. Yeah, no, >>We love it. We love >>It. Although I will say my year started off with ces. Yeah. And it's finishing up with Palo Alto here. The bookends. Yeah, exactly. In Vegas bookends. >>Well thanks so much for joining us. Thank you Dave. Always a pleasure to host a show with you and hear your insights. Reading your breaking analysis always kicks off my prep for show. And it, it's always great to see, but predictions come true. So thank you for being my co-host bet. All right. For Dave Valante Enz as Carla, I'm Lisa Martin. You've been watching The Cube, the leader in live, emerging and enterprise tech coverage. Thanks for watching.

(upbeat music) >> From theCube Studios in Palo Alto in Boston, bringing you data driven insights from theCube and ETR. This is Breaking Analysis with Dave Vellante. >> While by no means a safe haven, the cybersecurity sector has outpaced the broader tech market by a meaningful margin, that is up until very recently. Cybersecurity remains the number one technology priority for the C-suite, but as we've previously reported the CISO's budget has constraints just like other technology investments. Recent trends show that economic headwinds have elongated sales cycles, pushed deals into future quarters, and just like other tech initiatives, are pacing cybersecurity investments and breaking them into smaller chunks. Hello and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis we explain how cybersecurity trends are reverting to the mean and tracking more closely with other technology investments. We'll make a couple of valuation comparisons to show the magnitude of the challenge and which cyber firms are feeling the heat, which aren't. There are some exceptions. We'll then show the latest survey data from ETR to quantify the contraction in spending momentum and close with a glimpse of the landscape of emerging cybersecurity companies, the private companies that could be ripe for acquisition, consolidation, or disruptive to the broader market. First, let's take a look at the recent patterns for cyber stocks relative to the broader tech market as a benchmark, as an indicator. Here's a year to date comparison of the bug ETF, which comprises a basket of cyber security names, and we compare that with the tech heavy NASDAQ composite. Notice that on April 13th of this year the cyber ETF was actually in positive territory while the NAS was down nearly 14%. Now by August 16th, the green turned red for cyber stocks but they still meaningfully outpaced the broader tech market by more than 950 basis points as of December 2nd that Delta had contracted. As you can see, the cyber ETF is now down nearly 25%, year to date, while the NASDAQ is down 27% and change. Now take a look at just how far a few of the high profile cybersecurity names have fallen. Here are six security firms that we've been tracking closely since before the pandemic. We've been, you know, tracking dozens but let's just take a look at this data and the subset. We show for comparison the S&P 500 and the NASDAQ, again, just for reference, they're both up since right before the pandemic. They're up relative to right before the pandemic, and then during the pandemic the S&P shot up more than 40%, relative to its pre pandemic level, around February is what we're using for the pre pandemic level, and the NASDAQ peaked at around 65% higher than that February level. They're now down 85% and 71% of their previous. So they're at 85% and 71% respectively from their pandemic highs. You compare that to these six companies, Splunk, which was and still is working through a transition is well below its pre pandemic market value and 44, it's 44% of its pre pandemic high as of last Friday. Palo Alto Networks is the most interesting here, in that it had been facing challenges prior to the pandemic related to a pivot to the Cloud which we reported on at the time. But as we said at that time we believe the company would sort out its Cloud transition, and its go to market challenges, and sales compensation issues, which it did as you can see. And its valuation jumped from 24 billion prior to Covid to 56 billion, and it's holding 93% of its peak value. Its revenue run rate is now over 6 billion with a healthy growth rate of 24% expected for the next quarter. Similarly, Fortinet has done relatively well holding 71% of its peak Covid value, with a healthy 34% revenue guide for the coming quarter. Now, Okta has been the biggest disappointment, a darling of the pandemic Okta's communication snafu, with what was actually a pretty benign hack combined with difficulty absorbing its 7 billion off zero acquisition, knocked the company off track. Its valuation has dropped by 35 billion since its peak during the pandemic, and that's after a nice beat and bounce back quarter just announced by Okta. Now, in our view Okta remains a viable long-term leader in identity. However, its recent fiscal 24 revenue guide was exceedingly conservative at around 16% growth. So either the company is sandbagging, or has such poor visibility that it wants to be like super cautious or maybe it's actually seeing a dramatic slowdown in its business momentum. After all, this is a company that not long ago was putting up 50% plus revenue growth rates. So it's one that bears close watching. CrowdStrike is another big name that we've been talking about on Breaking Analysis for quite some time. It like Okta has led the industry in a key ETR performance indicator that measures customer spending momentum. Just last week, CrowdStrike announced revenue increased more than 50% but new ARR was soft and the company guided conservatively. Not surprisingly, the stock got absolutely crushed as CrowdStrike blamed tepid demand from smaller and midsize firms. Many analysts believe that competition from Microsoft was one factor along with cautious spending amongst those midsize and smaller customers. Notably, large customers remain active. So we'll see if this is a longer term trend or an anomaly. Zscaler is another company in the space that we've reported having great customer spending momentum from the ETR data. But even though the company beat expectations for its recent quarter, like other companies its Outlook was conservative. So other than Palo Alto, and to a lesser extent Fortinet, these companies and others that we're not showing here are feeling the economic pinch and it shows in the compression of value. CrowdStrike, for example, had a 70 billion valuation at one point during the pandemic Zscaler top 50 billion, Okta 45 billion. Now, having said that Palo Alto Networks, Fortinet, CrowdStrike, and Zscaler are all still trading well above their pre pandemic levels that we tracked back in February of 2020. All right, let's go now back to ETR'S January survey and take a look at how much things have changed since the beginning of the year. Remember, this is obviously pre Ukraine, and pre all the concerns about the economic headwinds but here's an X Y graph that shows a net score, or spending momentum on the y-axis, and market presence on the x-axis. The red dotted line at 40% on the vertical indicates a highly elevated net score. Anything above that we think is, you know, super elevated. Now, we filtered the data here to show only those companies with more than 50 responses in the ETR survey. Still really crowded. Note that there were around 20 companies above that red 40% mark, which is a very, you know, high number. It's a, it's a crowded market, but lots of companies with, you know, positive momentum. Now let's jump ahead to the most recent October survey and take a look at what, what's happening. Same graphic plotting, spending momentum, and market presence, and look at the number of companies above that red line and how it's been squashed. It's really compressing, it's still a crowded market, it's still, you know, plenty of green, but the number of companies above 40% that, that key mark has gone from around 20 firms down to about five or six. And it speaks to that compression and IT spending, and of course the elongated sales cycles pushing deals out, taking them in smaller chunks. I can't tell you how many conversations with customers I had, at last week at Reinvent underscoring this exact same trend. The buyers are getting pressure from their CFOs to slow things down, do more with less and, and, and prioritize projects to those that absolutely are critical to driving revenue or cutting costs. And that's rippling through all sectors, including cyber. Now, let's do a bit more playing around with the ETR data and take a look at those companies with more than a hundred citations in the survey this quarter. So N, greater than or equal to a hundred. Now remember the followers of Breaking Analysis know that each quarter we take a look at those, what we call four star security firms. That is, those are the, that are in, that hit the top 10 for both spending momentum, net score, and the N, the mentions in the survey, the presence, the pervasiveness in the survey, and that's what we show here. The left most chart is sorted by spending momentum or net score, and the right hand chart by shared N, or the number of mentions in the survey, that pervasiveness metric. that solid red line denotes the cutoff point at the top 10. And you'll note we've actually cut it off at 11 to account for Auth 0, which is now part of Okta, and is going through a go to market transition, you know, with the company, they're kind of restructuring sales so they can take advantage of that. So starting on the left with spending momentum, again, net score, Microsoft leads all vendors, typical Microsoft, very prominent, although it hadn't always done so, it, for a while, CrowdStrike and Okta were, were taking the top spot, now it's Microsoft. CrowdStrike, still always near the top, but note that CyberArk and Cloudflare have cracked the top five in Okta, which as I just said was consistently at the top, has dropped well off its previous highs. You'll notice that Palo Alto Network Palo Alto Networks with a 38% net score, just below that magic 40% number, is healthy, especially as you look over to the right hand chart. Take a look at Palo Alto with an N of 395. It is the largest of the independent pure play security firms, and has a very healthy net score, although one caution is that net score has dropped considerably since the beginning of the year, which is the case for most of the top 10 names. The only exception is Fortinet, they're the only ones that saw an increase since January in spending momentum as ETR measures it. Now this brings us to the four star security firms, that is those that hit the top 10 in both net score on the left hand side and market presence on the right hand side. So it's Microsoft, Palo Alto, CrowdStrike, Okta, still there even not accounting for a Auth 0, just Okta on its own. If you put in Auth 0, it's, it's even stronger. Adding then in Fortinet and Zscaler. So Microsoft, Palo Alto, CrowdStrike, Okta, Fortinet, and Zscaler. And as we've mentioned since January, only Fortinet has shown an increase in net score since, since that time, again, since the January survey. Now again, this talks to the compression in spending. Now one of the big themes we hear constantly in cybersecurity is the market is overcrowded. Everybody talks about that, me included. The implication there, is there's a lot of room for consolidation and that consolidation can come in the form of M&A, or it can come in the form of people consolidating onto a single platform, and retiring some other vendors, and getting rid of duplicate vendors. We're hearing that as a big theme as well. Now, as we saw in the previous, previous chart, this is a very crowded market and we've seen lots of consolidation in 2022, in the form of M&A. Literally hundreds of M&A deals, with some of the largest companies going private. SailPoint, KnowBe4, Barracuda, Mandiant, Fedora, these are multi billion dollar acquisitions, or at least billion dollars and up, and many of them multi-billion, for these companies, and hundreds more acquisitions in the cyberspace, now less you think the pond is overfished, here's a chart from ETR of emerging tech companies in the cyber security industry. This data comes from ETR's Emerging Technologies Survey, ETS, which is this diamond in a rough that I found a couple quarters ago, and it's ripe with companies that are candidates for M&A. Many would've liked, many of these companies would've liked to, gotten to the public markets during the pandemic, but they, you know, couldn't get there. They weren't ready. So the graph, you know, similar to the previous one, but different, it shows net sentiment on the vertical axis and that's a measurement of, of, of intent to adopt against a mind share on the X axis, which measures, measures the awareness of the vendor in the community. So this is specifically a survey that ETR goes out and, and, and fields only to track those emerging tech companies that are private companies. Now, some of the standouts in Mindshare, are OneTrust, BeyondTrust, Tanium and Endpoint, Net Scope, which we've talked about in previous Breaking Analysis. 1Password, which has been acquisitive on its own. In identity, the managed security service provider, Arctic Wolf Network, a company we've also covered, we've had their CEO on. We've talked about MSSPs as a real trend, particularly in small and medium sized business, we'll come back to that, Sneek, you know, kind of high flyer in both app security and containers, and you can just see the number of companies in the space this huge and it just keeps growing. Now, just to make it a bit easier on the eyes we filtered the data on these companies with with those, and isolated on those with more than a hundred responses only within the survey. And that's what we show here. Some of the names that we just mentioned are a bit easier to see, but these are the ones that really stand out in ERT, ETS, survey of private companies, OneTrust, BeyondTrust, Taniam, Netscope, which is in Cloud, 1Password, Arctic Wolf, Sneek, BitSight, SecurityScorecard, HackerOne, Code42, and Exabeam, and Sim. All of these hit the ETS survey with more than a hundred responses by, by the IT practitioners. Okay, so these firms, you know, maybe they do some M&A on their own. We've seen that with Sneek, as I said, with 1Password has been inquisitive, as have others. Now these companies with the larger footprint, these private companies, will likely be candidate for both buying companies and eventually going public when the markets settle down a bit. So again, no shortage of players to affect consolidation, both buyers and sellers. Okay, so let's finish with some key questions that we're watching. CrowdStrike in particular on its earnings calls cited softness from smaller buyers. Is that because these smaller buyers have stopped adopting? If so, are they more at risk, or are they tactically moving toward the easy button, aka, Microsoft's good enough approach. What does that mean for the market if smaller company cohorts continue to soften? How about MSSPs? Will companies continue to outsource, or pause on on that, as well as try to free up, to try to free up some budget? Adam Celiski at Reinvent last week said, "If you want to save money the Cloud's the best place to do it." Is the cloud the best place to save money in cyber? Well, it would seem that way from the standpoint of controlling budgets with lots of, lots of optionality. You could dial up and dial down services, you know, or does the Cloud add another layer of complexity that has to be understood and managed by Devs, for example? Now, consolidation should favor the likes of Palo Alto and CrowdStrike, cause they're platform players, and some of the larger players as well, like Cisco, how about IBM and of course Microsoft. Will that happen? And how will economic uncertainty impact the risk equation, a particular concern is increase of tax on vulnerable sectors of the population, like the elderly. How will companies and governments protect them from scams? And finally, how many cybersecurity companies can actually remain independent in the slingshot economy? In so many ways the market is still strong, it's just that expectations got ahead of themselves, and now as earnings forecast come, come, come down and come down to earth, it's going to basically come down to who can execute, generate cash, and keep enough runway to get through the knothole. And the one certainty is nobody really knows how tight that knothole really is. All right, let's call it a wrap. Next week we dive deeper into Palo Alto Networks, and take a look at how and why that company has held up so well and what to expect at Ignite, Palo Alto's big user conference coming up later this month in Las Vegas. We'll be there with theCube. Okay, many thanks to Alex Myerson on production and manages the podcast, Ken Schiffman as well, as our newest edition to our Boston studio. Great to have you Ken. Kristin Martin and Cheryl Knight help get the word out on social media and in our newsletters. And Rob Hof is our EIC over at Silicon Angle. He does some great editing for us. Thank you to all. Remember these episodes are all available as podcasts. Wherever you listen, just search Breaking Analysis podcast. I publish each week on wikibond.com and siliconangle.com, or you can email me directly David.vellante@siliconangle.com or DM me @DVellante, or comment on our LinkedIn posts. Please do checkout etr.ai, they got the best survey data in the enterprise tech business. This is Dave Vellante for theCube Insights powered by ETR. Thanks for watching, and we'll see you next time on Breaking Analysis. (upbeat music)

(bright music) >> Okay, we're back. With Jeff and Travis Vigil to dig deeper into the news. Guys, again, good to see you. Travis, if you could, maybe before we get into the news, can you set the business context for us? What's going on out there? >> Yeah, thanks for that question, Dave. To set a little bit of the context when you look at the data protection market, Dell has been a leader in providing solutions to customers for going on nearly two decades now. We have tens of thousands of people using our appliances. We have multiple thousands of people using our latest, modern, simple power protect data manager software. And as Jeff mentioned, we have, you know, 1700 customers protecting 14 exabytes of data in the public clouds today. And that foundation gives us a unique vantage point. We talked to a lot of customers. And they're really telling us three things. They want simple solutions, they want us to help them modernize, and they want us as the highest priority, maintain that high degree of resiliency that they expect from our data protection solutions. So that's the backdrop to the news today. And as we go through the news, I think you'll agree that each of these announcements deliver on those pillars. And in particular, today we're announcing the PowerProtect Data Manager Appliance. We are announcing PowerProtect Cyber Recovery enhancements, and we are announcing enhancements to our APEX data storage services. >> Okay, so three pieces, let's dig to that. It's interesting appliance, everybody wants software but then you talk to customers and they're like, "Well, we actually want appliances because we just want to put it in and it works, and performs great." So what do we need to know about the appliance? What's the news there? >> Well, you know, part of the reason I gave you some of those stats to begin with is, that we have this strong foundation of experience, but also intellectual property. Components that we've taken, that have been battle tested in the market. And we've put them together in a new simple, integrated appliance that really combines the best of the target appliance capabilities, we have with that modern, simple software. And we've integrated it from the, you know, sort of taking all of those pieces, putting them together in a simple, easy-to-use and easy-to-scale interface for customers. >> So the premise that I've been putting forth for, you know, months now, probably well over a year, is that data protection is becoming an extension of your cybersecurity strategies. So I'm interested in your perspective on Cyber Recovery, your specific news that you have there? >> Yeah, you know, we are in addition to simplifying things via the appliance. We are providing solutions for customers no matter where they're deploying. And Cyber Recovery, especially, when it comes to cloud deployments, it's an increasing area of interest and deployment that we see with our customers. So what we're announcing today is that we're expanding our Cyber Recovery services to be available in Google Cloud. With this announcement, it means we're available in all three of the major Clouds. And it really provides customers the flexibility to cure their data no matter if they're running, you know, on premises, in a Colo, at the edge in the public cloud. And the other nice thing about this announcement is that you have the ability to use Google Cloud as a Cyber Recovery vault. That really allows customers to isolate critical data and they can recover that critical data from the vault back to on-premises or from that vault back to running their cyber protection, or their data protection solutions in the public cloud. >> I always involve my favorite Matt Baker here, It's not a zero-sum game, but this is a perfect example where there's opportunities for a company like Dell to partner with the public cloud provider. You've got capabilities that don't exist there. You've got the on-prem capabilities. We could talk about Edge all day, but that's a different topic. Okay so my other question, Travis, is how does this all fit into APEX? We hear a lot about APEX as a service it's sort of the new hot thing. What's happening there? What's the news around APEX? >> Yeah, we've seen incredible momentum with our APEX Solutions, since we introduced data protection options into them earlier this year. And we're really building on that momentum with this announcement being, you know, providing solutions that allow customers to consume flexibly. And so what we're announcing specifically is, that we're expanding APEX Data Storage Services to include a data protection option. And it's like with all APEX offers, it's a pay-as-you go solution. Really streamlines the process of customers purchasing, deploying, maintaining and managing their backup software. All a customer really needs to do is, you know, specify their base capacity, they specify their performance tier, they tell us do they want a one-year term, or a three-year term? And we take it from there. We get them up and running, so they can start deploying and consuming flexibly. And as with many of our APEX solutions, it's a simple user experience all exposed through a unified APEX console. >> Okay, so you're keeping a simple, like, I think large, medium, small, you know, we hear a lot about T-shirt sizes. I'm a big fan of that 'cause you guys should be smart enough to figure out, you know, based on my workload, what I need. How different is this? I wonder if you guys could address this, Jeff, maybe you can- >> So, I'll start and then, pitch me, you know, Travis, you jump in when I screw up here so... >> Awesome. >> So first I'd say we offer innovative Multi-cloud data protection solutions. We provide that deliver performance, efficiency and scale that our customers demand and require. We support as Travis at all the major public clouds. We have a broad ecosystem of workload support and I guess the great news is we're up to 80% more cost effective than any of the competition. >> 80%? >> 80%. >> That's a big number. Travis, what's your point of view on this? >> Yeah, I think number one, end-to-end data protection. We, we are that one stop shop that I talked about. Whether it's a simplified appliance, whether it's deployed in the cloud, whether it's at the edge, whether it's integrated appliances, target appliances, software we have solutions that span the gamut as a service. I mentioned the APEX solution as well. So really we can provide solutions that helps support customers and protect them, any workload, any cloud, anywhere that data lives, Edge core to cloud. The other thing that we're here, as a big differentiator for Dell and Jeff touched on this a little bit earlier, is our intelligent cyber resiliency. We have a unique combination in the market where we can offer immutability or protection against deletion as sort of that first line of defense. But we can also offer a second level of defense which is isolation, talking about data vaults or cyber vaults and Cyber Recovery. And more importantly, the intelligence that goes around that vault. It can look at detecting cyber-attacks, it can help customer speed time to recovery and really provides AI and ML to help early diagnosis of a cyber-attack and fast recovery should a cyber-attack occur. And you know, if you look at customer adoption of that solution specifically in the clouds, we have over 1300 customers utilizing PowerProtect Cyber Recovery. >> So I think it's fair to say that your, I mean your portfolio has obviously been a big differentiator whenever I talk to, you know your finance team, Michael Dell, et cetera that an end-to-end capability that that your ability to manage throughout the supply chain. We actually just did an event recently with you guys where you went into what you're doing to make infrastructure trusted. And so my take on that is, in a lot of respects, you're shifting, you know, the client's burden to your R&D, and now, they have a lot of work to do, so it's not like they can go home and just relax, but that's a key part of the partnership that I see. Jeff, I wonder if you could give us the final thoughts. >> Sure, Dell has a long history of being a trusted partner within IT, right? So we have unmatched capabilities, going back to your point, we have the broadest portfolio, we have, you know, we're a leader in every category that we participate and we have a broad deep breadth of portfolio. We have scale, we have innovation that is just unmatched. Within data protection itself, we have the trusted market leader, no if and or buts. We're a number one for both data protection software in appliances per IDC. And we were just named, for the 17th consecutive time the leader in the Gartner Magic Quadrant. So bottom line is customers can count on Dell. >> Yeah. And I think again, we're seeing the evolution of data protection. It's not like the last 10 years, it's really becoming an adjacency and really a key component of your cyber strategy. I think those two parts of the organization are coming together. So guys, really appreciate your time. Thanks for (indistinct). >> Thank you, sir. Thanks, Travis, good to see you. All right, in a moment, I'm going to come right back and summarize what we learned today, what actions you can take for your business. You're watching "The Future of Multicloud Data Protection" made possible by Dell and collaboration with the Cube, your leader in enterprise and emerging tech coverage, right back. (upbeat music) >> In our data driven world. Protecting data has never been more critical, to guard against everything from cyber incidents to unplanned outages. You need a cyber resilient multi-cloud data protection strategy. >> It's not a matter of if you're going to get hacked, it's a matter of when. And I want to know that I can recover and continue to recover each day. >> It is important to have a cyber security and a cyber resiliency plan in place, because the threat of cyber-attack are imminent. >> PowerProtects Data manager from Dell Technologies helps deliver the data protection and security confidence you would expect from a trusted we chose PowerProtect Data Manager because we've been on strategic partner with Dell Technologies, for roughly 20 years now. Our partnership with Dell Technologies has provided us with the ability to scale, and grow as we've transition from 10 billion in assets to 20 billion. >> With PowerProtect Data Manager, you can enjoy exceptional ease of use to increase your efficiency and reduce costs. >> Got installed it by myself, learn it by myself, with very intuitive >> While restoring a machine with PowerProtect Data Manager is fast. We can fully manage PowerProtect through the center. We can recover a whole machine in seconds. >> Data Manager offers innovation such as Transparent Snapshots to simplify virtual machine backups and it goes beyond backup and restore to provide valuable insights and to protected data, workloads and VMs. >> In our previous environment, it would take anywhere from three to six hours a night to do a single backup of each VM. Now we're backing up hourly and it takes two to three seconds with the Transparent Snapshots. >> With PowerProtect's Data Manager, you get the peace of mind knowing that your data is safe and available whenever you need it. >> Data is extreme important. We can't afford to lose any data. We need things just to work. >> Start your journey to modern data protection with Dell PowerProtect Data Manager. Visit dell.com/powerprotectdatamanager. >> We put forth the premise in our introduction that the worlds of data protection and cyber security must be more integrated. We said that data recovery strategies have to be built into security practices and procedures and by default, this should include modern hardware and software. Now in addition, to reviewing some of the challenges that customers face, which have been pretty well documented, we heard about new products that Dell Technologies is bringing to the marketplace. Specifically, address these customer concerns. There were three that we talked about today. First, the PowerProtect Data Manager Appliance, which is an integrated system. Taking advantage of Dell's history in data protection but adding new capabilities. And I want to come back to that in a moment. Second is Dell's PowerProtect Cyber Recovery for Google Cloud platform. This rounds out the big three public cloud providers for Dell, which joins AWS and Azure support. Now finally, Dell has made its target backup appliances available in APEX. You might recall earlier this year, we saw the introduction from Dell of APEX backup services. And then in May at Dell Technologies World, we heard about the introduction of APEX Cyber Recovery Services. And today, Dell is making its most popular backup appliances available in APEX. Now I want to come back to the PowerProtect Data Manager Appliance because it's a new integrated appliance. And I asked Dell off camera, really, what is so special about these new systems and what's really different from the competition because look, everyone offers some kind of integrated appliance. So I heard a number of items Dell talked about simplicity and efficiency and containers and Kubernetes. So I kind of kept pushing and got to what I think is the heart of the matter in two really important areas. One is simplicity. Dell claims that customers can deploy the system in half the time relative to the competition. So we're talking minutes to deploy and of course, that's going to lead to much simpler management. And the second real difference I heard, was backup and restore performance for VMware workloads. In particular, Dell has developed transparent snapshot capabilities to fundamentally change the way VMs are protected which leads to faster backup and restores with less impact on virtual infrastructure. Dell believes this new development is unique in the market, and claims that in its benchmarks, the new appliance was able to back up 500 virtual machines in 47% less time compared to a leading competitor. Now this is based on Dell benchmarks so hopefully these are things that you can explore in more detail with Dell to see if and how they apply to your business. So if you want more information go to the Data Protection page at Dell.com. You can find that at dell.com/dataprotection. And all the content here and all the videos are available on demand at thecube.net. Check out our series, on the blueprint for trusted infrastructure it's related and has some additional information. And go to siliconangle.com for all the news and analysis related to these and other announcements. This is Dave Vellante. Thanks for watching "The Future of Multi-cloud Protection." Made possible by Dell in collaboration with the Cube your leader in enterprise and emerging tech coverage. (upbeat music)

>> Prior to the pandemic, organizations were largely optimized for efficiency as the best path to bottom line profits. Many CIOs tell theCUBE privately that they were caught off guard by the degree to which their businesses required greater resiliency beyond their somewhat cumbersome disaster recovery processes. And the lack of that business resilience has actually cost firms because they were unable to respond to changing market forces. And certainly, we've seen this dynamic with supply chain challenges. And there's a little doubt we're also seeing it in the area of cybersecurity generally, and data recovery specifically. Over the past 30 plus months, the rapid adoption of cloud to support remote workers and build in business resilience had the unintended consequences of expanding attack vectors, which brought an escalation of risk from cybercrime. While security in the public cloud is certainly world class, the result of multicloud has brought with it multiple shared responsibility models, multiple ways of implementing security policies across clouds and on-prem. And at the end of the day, more, not less, . But there's a positive side to this story. The good news is that public policy, industry collaboration and technology innovation is moving fast to accelerate data protection and cybersecurity strategies with a focus on modernizing infrastructure, securing the digital supply chain, and very importantly, simplifying the integration of data protection and cybersecurity. Today, there's heightened awareness that the world of data protection is not only an adjacency to, but is becoming a fundamental component of cybersecurity strategies. In particular, in order to build more resilience into a business, data protection people, technologies and processes must be more tightly coordinated with security operations. Hello, and welcome to "The Future of Multicloud Data Protection" made possible by Dell in collaboration with theCUBE. My name is Dave Vellante and I'll be your host today. In this segment, we welcome into theCUBE two senior executives from Dell who will share details on new technology announcements that directly address these challenges. Jeff Boudreau is the President and General Manager of Dell's Infrastructure Solutions Group, ISG, and he's going to share his perspectives on the market and the challenges he's hearing from customers. And we're going to ask Jeff to double click on the messages that Dell is putting into the marketplace and give us his detailed point of view on what it means for customers. Now, Jeff is going to be joined by Travis Vigil. Travis is the Senior Vice-President of Product Management for ISG at Dell Technologies, and he's going to give us details on the products that are being announced today and go into the hard news. Now, we're also going to challenge our guests to explain why Dell's approach is unique and different in the marketplace. Thanks for being with us. Let's get right into it. (upbeat music) We're here with Jeff Boudreau and Travis Vigil, and we're going to dig into the details about Dell's big data protection announcement. Guys, good to see you. Thanks for coming in. >> Good to see you. Thank you for having us. >> You're very welcome. Alright, let's start off Jeff, with the high level. You know, I'd like to talk about the customer, what challenges they're facing? You're talking to customers all the time. What are they telling you? >> Sure, as you know, we spend a lot of time with our customers, specifically listening, learning, understanding their use cases, their pain points within their specific environments. They tell us a lot. No surprise to any of us that data is a key theme that they talk about. It's one of their most important assets. They need to extract more value from that data to fuel their business models, their innovation engines, their competitive edge. So, they need to make sure that that data is accessible, it's secure and its recoverable, especially in today's world with the increased cyber attacks. >> Okay, so maybe we could get into some of those challenges. I mean, when you talk about things like data sprawl, what do you mean by that? What should people know? >> Sure, so for those big three themes, I'd say, you have data sprawl, which is the big one, which is all about the massive amounts of data. It's the growth of that data, which is growing at unprecedented rates. It's the gravity of that data and the reality of the multicloud sprawl. So stuff is just everywhere, right? Which increases that surface as attack space for cyber criminals. >> And by gravity, you mean the data's there and people don't want to move it. >> It's everywhere, right? And so when it lands someplace, think Edge, Core or Cloud, it's there. And it's something we have to help our customers with. >> Okay, so it's nuanced 'cause complexity has other layers. What are those layers? >> Sure. When we talk to our customers, they tell us complexity is one of their big themes. And specifically it's around data complexity. We talked about that growth and gravity of the data. We talk about multicloud complexity and we talk about multicloud sprawl. So multiple vendors, multiple contracts, multiple tool chains, and none of those work together in this multicloud world. Then that drives their security complexity. So, we talk about that increased attack surface. But this really drives a lot of operational complexity for their teams. Think about we're lacking consistency through everything. So people, process, tools, all that stuff, which is really wasting time and money for our customers. >> So, how does that affect the cyber strategies and the, I mean, I've often said the Cisco, now they have this shared responsibility model. They have to do that across multiple clouds. Every cloud has its own security policies and frameworks and syntax. So, maybe you could double click on your perspective on that. >> Sure. I'd say the big challenge customers have seen, it's really inadequate cyber resiliency and specifically, they're feeling very exposed. And today as the world with cyber attacks being more and more sophisticated, if something goes wrong, it is a real challenge for them to get back up and running quickly. And that's why this is such a big topic for CEOs and businesses around the world. You know, it's funny. I said this in my open. I think that prior to the pandemic businesses were optimized for efficiency, and now they're like, "Wow, we have to actually put some headroom into the system to be more resilient." You know, are you hearing that? >> Yeah, we absolutely are. I mean, the customers really, they're asking us for help, right? It's one of the big things we're learning and hearing from them. And it's really about three things. One's about simplifying IT. Two, it's really helping them to extract more value from their data. And then the third big piece is ensuring their data is protected and recoverable regardless of where it is going back to that data gravity and that very, you know, the multicloud world. Just recently, I don't know if you've seen it, but the Global Data Protected, excuse me, the Global Data Protection Index. >> GDPI. >> Yes. Jesus. >> Not to be confused with GDPR. >> Actually, that was released today and confirms everything we just talked about around customer challenges. But also it highlights at an importance of having a very cyber, a robust cyber resilient data protection strategy. >> Yeah, I haven't seen the latest, but I want to dig into it. I think this, I've done this many, many years in a row. I'd like to look at the time series and see how things have changed. All right. At a high level, Jeff, can you kind of address why Dell, from your point of view is best suited? >> Sure. So, we believe there's a better way or a better approach on how to handle this. We think Dell is uniquely positioned to help our customers as a one stop shop, if you will, for that cyber resilient multicloud data protection solution and needs. We take a modern, a simple and resilient approach. >> What does that mean? What do you mean by modern? >> Sure. So modern, we talk about our software defined architecture. Right? It's really designed to meet the needs not only of today, but really into the future. And we protect data across any cloud and any workload. So, we have a proven track record doing this today. We have more than 1,700 customers that trust us to protect more than 14 exabytes of their data in the cloud today. >> Okay, so you said modern, simple and resilient. What do you mean by simple? >> Sure. We want to provide simplicity everywhere, going back to helping with the complexity challenge. And that's from deployment to consumption, to management and support. So, our offers will deploy in minutes. They are easy to operate and use, and we support flexible consumption models for whatever the customer may desire. So, traditional subscription or as a service. >> And when you talk about resilient, I mean, I put forth that premise, but it's hard because people say, "Well, that's going to cost us more. Well, it may, but you're going to also reduce your risk." So, what's your point of view on resilience? >> Yeah, I think it's something all customers need. So, we're going to be providing a comprehensive and resilient portfolio of cyber solutions that are secure by design. And we have some unique capabilities and a combination of things like built in immutability, physical and logical isolation. We have intelligence built in with AI part recovery. And just one, I guess fun fact for everybody is we have, our cyber vault is the only solution in the industry that is endorsed by Sheltered Harbor that meets all the needs of the financial sector. >> So it's interesting when you think about the NIST framework for cybersecurity. It's all about about layers. You're sort of bringing that now to data protection. >> Jeff: Correct. Yeah. >> All right. In a minute, we're going to come back with Travis and dig into the news. We're going to take a short break. Keep it right there. (upbeat music) (upbeat adventurous music) Okay, we're back with Jeff and Travis Vigil to dig deeper into the news. Guys, again, good to see you. Travis, if you could, maybe you, before we get into the news, can you set the business context for us? What's going on out there? >> Yeah. Thanks for that question, Dave. To set a little bit of the context, when you look at the data protection market, Dell has been a leader in providing solutions to customers for going on nearly two decades now. We have tens of thousands of people using our appliances. We have multiple thousands of people using our latest modern, simple PowerProtect Data Manager Software. And as Jeff mentioned, we have, 1,700 customers protecting 14 exabytes of data in the public clouds today. And that foundation gives us a unique vantage point. We talked to a lot of customers and they're really telling us three things. They want simple solutions. They want us to help them modernize. And they want us to add as the highest priority, maintain that high degree of resiliency that they expect from our data protection solutions. So, that's the backdrop to the news today. And as we go through the news, I think you'll agree that each of these announcements deliver on those pillars. And in particular, today we're announcing the PowerProtect Data Manager Appliance. We are announcing PowerProtect Cyber Recovery Enhancements, and we are announcing enhancements to our APEX Data Storage Services. >> Okay, so three pieces. Let's dig to that. It's interesting, appliance, everybody wants software, but then you talk to customers and they're like, "Well, we actually want appliances because we just want to put it in and it works." >> Travis: (laughs) Right. >> It performs great. So, what do we need to know about the appliance? What's the news there? >> Well, you know, part of the reason I gave you some of those stats to begin with is that we have this strong foundation of experience, but also intellectual property components that we've taken that have been battle tested in the market. And we've put them together in a new simple, integrated appliance that really combines the best of the target appliance capabilities we have with that modern, simple software. And we've integrated it from the, you know, sort of taking all of those pieces, putting them together in a simple, easy to use and easy to scale interface for customers. >> So, the premise that I've been putting forth for months now, probably well over a year, is that data protection is becoming an extension of your cybersecurity strategies. So, I'm interested in your perspective on cyber recovery. Your specific news that you have there. >> Yeah, you know, we are in addition to simplifying things via the appliance, we are providing solutions for customers no matter where they're deploying. And cyber recovery, especially when it comes to cloud deployments, is an increasing area of interest and deployment that we see with our customers. So, what we're announcing today is that we're expanding our cyber recovery services to be available in Google Cloud. With this announcement, it means we're available in all three of the major clouds and it really provides customers the flexibility to secure their data no matter if they're running on-premises, in Acolo, at the Edge, in the public cloud. And the other nice thing about this announcement is that you have the ability to use Google Cloud as a cyber recovery vault that really allows customers to isolate critical data and they can recover that critical data from the vault back to on-premises or from that vault back to running their cyber protection or their data protection solutions in the public cloud. >> I always invoke my favorite Matt Baker here. "It's not a zero sum game", but this is a perfect example where there's opportunities for a company like Dell to partner with the public cloud provider. You've got capabilities that don't exist there. You've got the on-prem capabilities. We could talk about Edge all day, but that's a different topic. Okay, so my other question Travis, is how does this all fit into APEX? We hear a lot about APEX as a service. It's sort of the new hot thing. What's happening there? What's the news around APEX? >> Yeah, we've seen incredible momentum with our APEX solutions since we introduced data protection options into them earlier this year. And we're really building on that momentum with this announcement being providing solutions that allow customers to consume flexibly. And so, what we're announcing specifically is that we're expanding APEX Data Storage Services to include a data protection option. And it's like with all APEX offers, it's a pay-as-you-go solution. Really streamlines the process of customers purchasing, deploying, maintaining and managing their backup software. All a customer really needs to do is specify their base capacity. They specify their performance tier. They tell us do they want a one year term or a three year term and we take it from there. We get them up and running so they can start deploying and consuming flexibly. And as with many of our APEX solutions, it's a simple user experience all exposed through a unified APEX Console. >> Okay, so it's, you're keeping it simple, like I think large, medium, small. You know, we hear a lot about T-shirt sizes. I'm a big fan of that 'cause you guys should be smart enough to figure out, you know, based on my workload, what I need. How different is this? I wonder if you guys could address this. Jeff, maybe you can start. >> Sure, I'll start and then- >> Pitch me. >> You know, Travis, you jump in when I screw up here. >> Awesome. >> So, first I'd say we offer innovative multicloud data protection solutions. We provide that deliver performance, efficiency and scale that our customers demand and require. We support as Travis said, all the major public clouds. We have a broad ecosystem of workload support and I guess the great news is we're up to 80% more cost effective than any of the competition. >> Dave: 80%? >> 80% >> Hey, that's a big number. All right, Travis, what's your point of view on this? >> Yeah, I think number one, end-to-end data protection. We are that one stop shop that I talked about, whether it's a simplified appliance, whether it's deployed in the cloud, whether it's at the Edge, whether it's integrated appliances, target appliances, software. We have solutions that span the gamut as a service. I mentioned the APEX Solution as well. So really, we can provide solutions that help support customers and protect them, any workload, any cloud, anywhere that data lives. Edge, Core to Cloud. The other thing that we hear as a big differentiator for Dell, and Jeff touched on on this a little bit earlier, is our Intelligent Cyber Resiliency. We have a unique combination in the market where we can offer immutability or protection against deletion as sort of that first line of defense. But we can also offer a second level of defense, which is isolation, talking about data vaults or cyber vaults and cyber recovery. And more importantly, the intelligence that goes around that vault. It can look at detecting cyber attacks. It can help customers speed time to recovery. And really provides AI and ML to help early diagnosis of a cyber attack and fast recovery should a cyber attack occur. And if you look at customer adoption of that solution, specifically in the cloud, we have over 1300 customers utilizing PowerProtect Cyber Recovery. >> So, I think it's fair to say that your portfolio has obviously been a big differentiator. Whenever I talk to your finance team, Michael Dell, et cetera, that end-to-end capability, that your ability to manage throughout the supply chain. We actually just did an event recently with you guys where you went into what you're doing to make infrastructure trusted. And so my take on that is you, in a lot of respects, you're shifting the client's burden to your R&D. now they have a lot of work to do, so it's not like they can go home and just relax. But that's a key part of the partnership that I see. Jeff, I wonder if you could give us the final thoughts. >> Sure. Dell has a long history of being a trusted partner within IT, right? So, we have unmatched capabilities. Going back to your point, we have the broadest portfolio. We're a leader in every category that we participate in. We have a broad deep breadth of portfolio. We have scale. We have innovation that is just unmatched. Within data protection itself, we are the trusted market leader. No if, ands or buts. We're number one for both data protection software in appliances per IDC and we were just named for the 17th consecutive time the leader in the Gartner Magic Quadrant. So, bottom line is customers can count on Dell. >> Yeah, and I think again, we're seeing the evolution of data protection. It's not like the last 10 years. It's really becoming an adjacency and really, a key component of your cyber strategy. I think those two parts of the organization are coming together. So guys, really appreciate your time. Thanks for coming. >> Thank you, sir. >> Dave. >> Travis, good to see you. All right, in a moment I'm going to come right back and summarize what we learned today, what actions you can take for your business. You're watching "The Future of Multicloud Data Protection" made possible by Dell in collaboration with theCUBE, your leader in enterprise and emerging tech coverage. Right back. >> Advertiser: In our data-driven world, protecting data has never been more critical. To guard against everything from cyber incidents to unplanned outages, you need a cyber resilient multicloud data protection strategy. >> It's not a matter of if you're going to get hacked, it's a matter of when. And I want to know that I can recover and continue to recover each day. >> It is important to have a cyber security and a cyber resiliency plan in place because the threat of cyber attack are imminent. >> Advertiser: PowerProtect Data Manager from Dell Technologies helps deliver the data protection and security confidence you would expect from a trusted partner and market leader. >> We chose PowerProtect Data Manager because we've been a strategic partner with Dell Technologies for roughly 20 years now. Our partnership with Dell Technologies has provided us with the ability to scale and grow as we've transitioned from 10 billion in assets to 20 billion. >> Advertiser: With PowerProtect Data Manager, you can enjoy exceptional ease of use to increase your efficiency and reduce costs. >> I'd installed it by myself, learn it by myself. It was very intuitive. >> While restoring your machine with PowerProtect Data Manager is fast, we can fully manage PowerProtect through the center. We can recover a whole machine in seconds. >> Instructor: Data Manager offers innovation such as transparent snapshots to simplify virtual machine backups, and it goes beyond backup and restore to provide valuable insights into protected data, workloads and VMs. >> In our previous environment, it would take anywhere from three to six hours a night to do a single backup of each VM. Now, we're backing up hourly and it takes two to three seconds with the transparent snapshots. >> Advertiser: With PowerProtect's Data Manager, you get the peace of mind knowing that your data is safe and available whenever you need it. >> Data is extremely important. We can't afford to lose any data. We need things just to work. >> Advertiser: Start your journey to modern data protection with Dell PowerProtect's Data Manager. Visit dell.com/powerprotectdatamanager >> We put forth the premise in our introduction that the worlds of data protection in cybersecurity must be more integrated. We said that data recovery strategies have to be built into security practices and procedures and by default, this should include modern hardware and software. Now, in addition to reviewing some of the challenges that customers face, which have been pretty well documented, we heard about new products that Dell Technologies is bringing to the marketplace that specifically address these customer concerns. And there were three that we talked about today. First, the PowerProtect Data Manager Appliance, which is an integrated system taking advantage of Dell's history in data protection, but adding new capabilities. And I want to come back to that in a moment. Second is Dell's PowerProtect Cyber Recovery for Google Cloud platform. This rounds out the big three public cloud providers for Dell, which joins AWS and Azure support. Now finally, Dell has made its target backup appliances available in APEX. You might recall, earlier this year we saw the introduction from Dell of APEX Backup Services and then in May at Dell Technologies World, we heard about the introduction of APEX Cyber Recovery Services. And today, Dell is making its most popular backup appliances available in APEX. Now, I want to come back to the PowerProtect Data Manager Appliance because it's a new integrated appliance and I asked Dell off camera, "Really what is so special about these new systems and what's really different from the competition?" Because look, everyone offers some kind of integrated appliance. So, I heard a number of items. Dell talked about simplicity and efficiency and containers and Kubernetes. So, I kind of kept pushing and got to what I think is the heart of the matter in two really important areas. One is simplicity. Dell claims that customers can deploy the system in half the time relative to the competition. So, we're talking minutes to deploy, and of course that's going to lead to much simpler management. And the second real difference I heard was backup and restore performance for VMware workloads. In particular, Dell has developed transparent snapshot capabilities to fundamentally change the way VMs are protected, which leads to faster backup and restores with less impact on virtual infrastructure. Dell believes this new development is unique in the market and claims that in its benchmarks, the new appliance was able to back up 500 virtual machines in 47% less time compared to a leading competitor. Now, this is based on Dell benchmarks, so hopefully these are things that you can explore in more detail with Dell to see if and how they apply to your business. So if you want more information, go to the Data Protection Page at dell.com. You can find that at dell.com/dataprotection. And all the content here and other videos are available on demand at theCUBE.net. Check out our series on the blueprint for trusted infrastructure, it's related and has some additional information. And go to siliconangle.com for all the news and analysis related to these and other announcements. This is Dave Vellante. Thanks for watching "The Future of Multicloud Protection" made possible by Dell, in collaboration with theCUBE, your leader in enterprise and emerging tech coverage. (upbeat music)

foreign welcome back everyone to our special presentation here at thecube with Horizon 3.a I'm John Furrier host thecube here in Palo Alto back it's niho and Tony CEO and co-founder of horizon 3 for deep dive on going under the hood around the big news and also the platform autonomous pen testing changing the game and security great to see you welcome back thank you John I love what you guys have been doing with the cube huge fan been here a bunch of times and yeah looking forward to the conversation let's get into it all right so what what's the market look like and how do you see it evolving we're in a down Market relative to startups some say our data we're reporting on siliconangle in the cube that yeah there might be a bit of downturn in the economy with inflation but the tech Market is booming because the hyperscalers are still pumping out massive scale and still innovating so so you know for the first time in history this is a recession or downturn where there's now Cloud scale players that are an economic engine what's your view on this where's the market heading relative to the downturn and how are you guys navigating that so um I think about it one the there's a lot of belief out there that we're going to hit a downturn and we started to see that we started to see deals get longer and longer to close back in May across the board in the industry we continue to see deals get at least backloaded in the quarter as people understand their procurement how much money they really have to spend what their earnings are going to be so we're seeing this across the board one is quarters becoming lumpier for tech companies and we think that that's going to become kind of the norm over the next over the next year but what's interesting in our space of security testing is a very basic supply and demand problem the demand for security testing has skyrocketed when I was a CIO eight years ago I only had to worry about my on-prem attack surface my perimeter and Insider threat those are my primary threat vectors now if I was a CIO I have to include multiple clouds all of the data in my SAS offerings my Salesforce account and so on as well as work from home threat vectors and other pieces and I've got Regulatory Compliance in Europe in Asia in in the U.S tons of demand for testing and there's just not enough Supply there's only 5 000 certified pen testers in the United States so I think for starters you have a fundamental supply and demand problem that plays to our strength because we're able to bring a tremendous amount of pen testing supply to the table but now let's flip to if you are the CEO of a large security company or whether it's a Consulting shop or so on you've got a whole bunch of deferred revenue in your business model around security testing services and what we've done in our past in previous companies I worked at is if we didn't think we were going to make the money the quarter with product Revenue we would start to unlock some of that deferred Services Revenue to make the number to hit what we expected Wall Street to hit what Wall Street expected of us in testing that's not possible because there's not enough Supply except us so if I'm the CEO of an mssp or a large security company and I need I see a huge backlog of security testing revenue on the table the easy button to convert that to recognized revenue is Horizon 3. and when I think about the next six months and the amount of Revenue misses we're going to see in security shops especially those that can't fulfill their orders I think there's a ripe opportunity for us to win yeah one of the few opportunities where on any Market you win because the forces will drive your flywheel that's exactly right very basic supply and demand forces that are only increasing with pressure and there's no way it takes 10 years just to build a master hacker just it's a very hard complex space we become the easy button to address that supply problem yeah and this and the autonomous aspect makes appsec reviews as new things get pushed with Cloud native developers they're shifting left but still the security policies need to stay Pace as these new vectors threat vectors appear yeah I mean because that's what's happening a new new thing makes a vector possible that's exactly right I think there's two aspects one is the as you in increase change in your environment you need to increase testing they are absolutely correlated the second thing though is you know for 20 years we focused on remote code execution or rces as an industry what was the latest rce that gave an attacker access to my environment but if you look over the past few years that entire mindset has shifted credentials are the new code execution what I mean by that is if I have a large organization with a hundred a thousand ten thousand employees all it takes is one of them to have a password I can crack in credential spray and gain access to as an attacker and once I've gained access to a single user I'm going to systematically snowball that into something of consequence and so I think that the attackers have shifted away from looking for code execution and looked more towards harvesting credentials and cascading credentials from a regular domain user into an admin this brings up the conversation I would like to do it more Deep dive now shift into more of like the real kind of landscape of the market and your positioning and value proposition in that and that is managed services are becoming really popular as we move into this next next wave of super cloud and multi-cloud and hybrid Cloud because I mean multi-cloud and hybrid hybrid than multi-cloud sounds good on paper but the security Ops become big and one of the things we're reporting with here on the cube and siliconangle the past six months is devops has made the developer the IT team because they've essentially run it now in CI CD pipeline as they say that means it's replaced by data Ops or AI Ops or security Ops and data and security kind of go hand in hand so I can see that playing out do you believe that to be true that that's kind of the new operational kind of beach head that's critical and if so secure if data is part of security that makes security the new it yeah I I think that if you think about organizations hell even for Horizon 3 right now I don't need to hire a CIO I'll have a CSO and that CSO will own it and governance risk and compliance and security operations because at the end of the day the most pressing question for me to answer as a CEO is my security posture IIT is a supporting function of that security posture and we see that at say or a growth stage company like Horizon 3 but when I thought about my time at GE Capital we really shifted to this mindset of security by Design architecture as code and it was very much security driven conversation and I think that is the norm going forward and how do you view the idea that you have to enable a managed service provider with security also managing comp and which then manages the company to enable them to have agile security um security is code because what you're getting at is this autonomous layer that's going to be automated away to make the next talented layer whether it's coder or architect scale so the question is what is abstracted away at at automation seems to be the conversation that's coming out of this big cloud native or super cloud next wave of cloud scale I think there's uh there's two Dimensions to that and honestly I think the more interesting Dimension is not the technical side of it but rather think of the Equifax hack a bunch of years ago had Equifax used a managed security services provider would the CEO have been fired after the breach and the answer is probably not I think the CEO would have transferred enough reputational risk in operational risk to the third party mssp to save his job from being you know from him being fired you can look at that across the board I think that if if I were a CIO again I would be hard-pressed to build my own internal security function because I'm accepting that risk as an executive and we saw what just happened at Uber there's a ton of risk coming with that with the with accepting that as a security person so I think in the future the role of the mssp becomes more significant as a mechanism for transferring enough reputational and operational and legal risk to a third party so that you as the Core Company are able to protect yourself and your people now then what you think is a super cloud printables and Concepts being applied at mssp scale and I think that becomes really interesting talk about the talent opportunity because I think the managed service providers point to markets that are growing and changing also having managed service means that the customers can't always hire Talent hence they go to a Channel or a partner this seems to be a key part of the growth in your area talk about the talent aspect of it yeah um think back to what we saw in Cloud so as as Cloud picked up we saw IBM HP other Hardware companies sell more servers but to fewer customers Amazon Google and others right and so I think something similar is going to happen in the security space where I think you're going to see security tools providers selling more volume but to fewer customers that are just really big mssps so that is the the path forward and I think that the underlying Talent issue gives us economies at scale and that's what we saw this with Cloud we're going to see the same thing in the mssp space I've got a density of Talent Plus a density of automation plus a density of of relationships and ecosystem that give mssps a huge economies of scale advantage over everybody else I mean I want to get into the mssp business sounds like I make a lot of money yeah definitely it's profitable no doubt about it like that I got to ask more on the more of the burden side of it because if you're a partner I don't need another training class I don't need another tool I don't need someone saying this is the highest margin product I need to actually downsize my tools so right now there's hundreds of tools that mssps have all the time dealing with and does the customer so tools platforms we've kind of teased this out in previous conversations together but more more relevant to the mssp is what they do to the customers so talk about this uh burden of tools and the socks out there in the in in the landscape how do you how do you view that and what's the conversation like on average an organization has 130 different cyber security tools installed none of those tools were designed to work together none of those tools are from the same vendor and in fact oftentimes they're from vendors that have competing products and so what we don't have and they're still getting breached in the industry we don't have a tools problem we have an Effectiveness problem we have to reduce the number of tools we have get more out of out of the the effectiveness out of the existing infrastructure build muscle memory you know how to detect and respond to a breach and continuously verify that posture I think that's what the the most successful security organizations have mastered the fundamentals and they mastered that by making sure they were effective in detection and response not mastering it by buying the next shiny AI tool on the defensive side okay so you mentioned supply and demand early since you're brought up economics we'll get into the economic equations here when you have great profits that's going to attract more entrance into the marketplace so as more mssps enter the market you're going to start to see a little bit of competition maybe some fud maybe some price competitive price penetration all kinds of different Tactics get out go on there um how does that impact you because now does that impact your price or are you now part of them just competing on their own value what's that mean for the channel as more entrants come in hey you know I can compete against that other one does that create conflict is that an opportunity does are you neutral on that what's the position it's a great question actually I think the way it plays out is one we are neutral two the mssp has to stand on their own with their own unique value proposition otherwise they're going to become commoditized we saw this in the early cloud provider days the cloud providers that were just basically wrapping existing Hardware with with a race to the bottom pricing model didn't survive those that use the the cloud infrastructure as a starting point to build higher value capabilities they're the ones that have succeeded to this day the same Mo I think will occur in mssps which is there's a base level of capability that they've got to be able to deliver and it is the burden of the mssp to innovate effectively to elevate their value problem it's interesting Dynamic and I brought it up mainly because if you believe that this is going to be a growing New Market price erosion is more in mature markets so it's interesting to see that Dynamic come up and we'll see how that handles on the on the economics and just the macro side of it getting more into kind of like the next gen autonomous pen testing is a leading indicator that a new kind of security assessment is here um if I said that to you how do you respond to that what is this new security assessment mean what does that mean for the customer and to the partner and that that relationship down that whole chain yeah um back to I'm wearing a CIO hat right now don't tell me we're secure in PowerPoint show me we're secure Today Show me where we're secure tomorrow and then show me we're secure again next week because that's what matters to me if you can show me we're secure I can understand the risk I'm accepting and articulate it up to my board to my Regulators up until now we've had a PowerPoint tell me where secure culture and security and I just don't think that's going to last all that much longer so I think the future of security testing and assessment is this shift from a PowerPoint report to truly showing me that my I'm secure enough you guys auto-generate those statements now you mentioned that earlier that's exactly right because the other part is you know the classic way to do security reports was garbage in garbage out you had a human kind of theoretically fill out a spreadsheet that magically came up with the risk score or security posture that doesn't work that's a check the box mentality what you want to have is an accurate High Fidelity understanding of your blind spots your threat vectors what data is at risk what credentials are at risk you want to look at those results over time how quickly did I find problems how quickly did I fix them how often did they reoccur and that is how you get to a show me where secure culture whether I'm a company or I'm a channel partner working with Horizon 3.ai I have to put my name on the line and say Here's a service level agreement I'm going to stand behind there's levels of compliance you mentioned that earlier how do you guys help that area because that becomes I call the you know below the line I got to do it anyway usually it's you know they grind out the work but it has to be fundamental because if the threats vectors are increasing and you're handling it like you say you are the way it is real time today tomorrow the next day you got to have that other stuff flow into it can you describe how that works under the hood yeah there's there's two parts to it the first part is that attackers don't have to hack in with zero days they log in with credentials that they found but often what attackers are doing is chaining together different types of problems so if you have 10 different tactics you can chain those together a number of different ways it's not just 10 to the 10th it's it's actually because you don't you don't have to use all the tactics at once this is a very large number of combinations that an attacker can apply upon you is what it comes down to and so at the base level what you want to have is what are the the primary tactics that are being used and those tactics are always being added to and evolving what are the primary outcomes that an attacker is trying to achieve steal your data disrupt your systems become a domain admin and borrow and now what you have is it actually looks more like a chess game algorithm than it does any sort of hard-coded automation or anything else which is based on the pieces on the board the the it infrastructure I've discovered what is the next best action to become a domain admin or steal your data and that's the underlying innovation in IP we've created which is next best action Knowledge Graph analytics and adaptiveness to figure out how to combine different problems together to achieve an objective that an attacker cares about so the 3D chess players out there I'd say that's more like 3D chess are the practitioners implementing it but when I think about compliance managers I don't see 3D chess players I see back office accountants in my mind like okay are they actually even understand what comes out of that so how do you handle the compliance side do you guys just check the boxes there is it not part of it is it yeah I I know I don't Envision the compliance guys on the front lines identifying vectors do you know what it doesn't even know what it means yeah it's a great question when you think about uh the market segmentation I think there are we've seen are three basic types of users you've got the the really mature high frequency security testing purple team type folks and for them we are the the force multiplier for them to secure the environment you then have the middle group where the IT person and the security person are the same individual they are barely Treading Water they don't know what their attack surface is and they don't know what to focus on we end up that's actually where we started with the barely Treading Water Persona and that's why we had a product that helped those Network Engineers become superheroes the third segment are those that view security and compliance as synonymous and they don't really care about continuous they care about running and checking the box for PCI and forever else and those customers while they use us they are better served by our partner ecosystem and that's really so the the first two categories tend to use us directly self-service pen tests as often as they want that compliance-minded folks end up going through our partners because they're better served there steel great to have you on thanks for this deep dive on um under the hood section of the interview appreciate it and I think autonomous is is an indicator Beyond pen testing pen testing has become like okay penetration security but this is not going away where do you see this evolving what's next what's next for Horizon take a minute to give a plug for what's going on with copy how do you see it I know you got good margins you're raising Capital always raising money you're not yet public um looking good right now as they say yeah yeah well I think the first thing is our company strategy is in three chapters chapter one is become the best security testing platform in the industry period that's it and be very good at helping you find and fix your security blind spots that's chapter one we've been crushing it there with great customer attraction great partner traction chapter two which we've started to enter is look at our results over time to help that that GRC officer or auditor accurately assess the security posture of an organization and we're going to enter that chapter about this time next year longer term though the big Vision I have is how do I use offense to inform defense so for me chapter three is how do I get away from just security testing towards autonomous security overall where you can use our security testing platform to identify ways to attack that informs defensive tools exactly where to focus how to adjust and so on and now you've got offset and integrated learning Loop between attack and defense that's the future never been done before Master the art of attack to become a better Defender is the bigger vision of the company love the new paradigm security congratulations been following you guys we will continue to follow you thanks for coming on the Special Report congratulations on the new Market expansion International going indirect that a big way congratulations thank you John appreciate it okay this is a special presentation with the cube and Horizon 3.ai I'm John Furrier your host thanks for watching thank you

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

>>All we're back. We're wrapping up day two at Falcon 22 from the area in Las Vegas, CrowdStrike CrowdStrike. The action is crazy. Second day, a keynotes. Sean Henry is back. He's the chief security officer at CrowdStrike. He did a keynote today. Sean. Good to see you. Thanks for coming >>Back. Good. See you, Dave. Thanks for having me. >>So, unfortunately, I wasn't able to see your keynote cuz I had to come do cube interviews. You interviewed Kimbo Walden from, from, you know, white house, right? >>National cyber security >>Director. We're gonna talk about that. We're gonna talk about Overwatch, your threat hunting report. I want to share the results with our audience, but start with your, well actually start with the event. We're now in day two, you've had a good chance to talk to customers and partners. What are, what are your observations? Yeah, >>It's first of all, it's been an amazing event over 2200 attendees here. It's really taking top three floors at the area hotel and we've got partners and customers, employees, and to see the excitement and the level of collaboration here is absolutely phenomenal. All these different organizations that are each have a piece of cyber security to see them coming together, all in support of how do you stop breaches? How do you work together to do it? It's really been absolutely phenomenal. You're >>Gonna love the collaboration. We kind of talked about this on our earlier segment is the industry has to do a better job and has been doing a better job. You know, I think you and Kevin laid that out pretty well. So tell me about the interview with the fireside chat with Kimba. What was that like? What topics came up? >>Yeah. Kimba is the principal, deputy national cyber security advisor. She's been there for just four months. She spent over 10 years at DHS, but she most recently came from the private sector in cybersecurity. So she's got that the experience as a private sector expert, as well as a public sector expert and to see her come together in that position. It was great. We talked a lot about some of the strategies the white house is looking to put forth in their new cybersecurity strategy. There was recently an executive order, right? That the, the president put forth that talks about a lot of the things that we're doing here. So for example, the executive order talks about a lot of the legacy type of capabilities being put to pasture and about the government embracing cloud, embracing threat, hunting, embracing EDR, embracing zero trust and identity protection. Those are all the things that the private sector has been moving towards over the last year or two. That's what this is all about here. But to see the white house put that out, that all government agencies will now be embracing that I think it puts them on a much shorter footing and it allows the government to be able to identify vulnerabilities before they get exploited. It allows them to much more quickly identify, have visibility and respond to, to threats. So the government in infrastructure will be safer. And it was really nice to hear her talk about that and about how the private sector can work with the government. >>So you know how this works, you know, having been in the bureau. But so it's the, these executive orders. A lot of times people think, oh, it's just symbolic. And there are a couple of aspects of it. One is president Biden really impressed upon the private sector to, you know, amp it up to, to really focus and do a better job. But also as you pointed out that executive order can adjudicate what government agencies must do must prioritize. So it's more than symbolic. It's actually taking action. Isn't >>It? Yeah. I, I, I think it, I think it's both. I think it's important for the government to lead in this area because while a, a large portion of infrastructure, major companies, they understand this, there is still a whole section of private sector organizations that don't understand this and to see the white house, roll it out. I think that's good leadership and that is symbolic. But then to your second point to mandate that government agencies do this, it really pushes those. That might be a bit reluctant. It pushes them forward. And I think this is the, the, the type of action that as it starts to roll out and people become more comfortable and they start to see the successes. They understand that they're becoming safer, that they're reducing risk. It really is kind of a self-fulfilling prophecy and we see things become much safer. Did, >>Did you guys talk about Ukraine? Was that, was that off limits or did that come up at all? >>It wasn't, it wasn't off limits, but we didn't talk about it because there are so many other things we were discussing. We were talking about this, the cyber security workforce, for example, and the huge gap in the number of people who have the expertise, the capability and the, and the opportunities to them to come into cyber security technology broadly, but then cyber security as a sub sub component of that. And some of the programs, they just had a big cyber workforce strategy. They invited a lot of people from the private sector to have this conversation about how do you focus on stem? How do you get younger people? How do you get women involved? So getting maybe perhaps to the untapped individuals that would step forward and be an important stop gap and an important component to this dearth of talent and it's absolutely needed. So that was, was one thing. There were a number of other things. Yeah. >>So I mean, pre pandemic, I thought the number was 350,000 open cybersecurity jobs. I heard a number yesterday just in the us. And you might have even told me this 7, 7 50. So it's doubled in just free to post isolation economy. I don't know what the stats are, but too big. Well, as a, as a CSO, how much can automation do to, to close that gap? You know, we were talking earlier on the cube about, you gotta keep the humans in the loop, you, you, the, the, the, the Nirvana of the machines will just take care of everything is just probably not gonna happen anytime in the near term, even midterm or long term, but, but, but how can automation play and help close that gap? So >>The, the automation piece is, is what allows this to scale. You know, if we had one company with a hundred endpoints and we had a couple of folks there, you could do it with humans. A lot of it when you're talking about hundreds of millions of endpoints spread around the globe, you're talking about literally trillions of events every week that are being identified, evaluated and determined whether they're malicious or not. You have to have automation and to have using the cloud, using AI, using machine learning, to sort through, and really look for the malicious needle in a stack of needle. So you've gotta get that fidelity, that fine tune review. And you can only do that with automation. What you gotta remember, Dave, is that there's a human being at the end of every one of these attacks. So we've got the bad guys, have humans there, they're using the technology to scale. We're using the technology to scale to detect them. But then when you get down to the really malicious activity, having human beings involved is gonna take it to another level and allow you to eradicate the adversaries from the environment. >>Okay. So they'll use machines to knock on the door when that door gets opened and they're in, and they're saying, okay, where do we go from here? And they're directing strategy. Absolutely. I, I spent, I think gave me a sta I, I wonder if I wrote it down correctly, 2 trillion events per day. Yeah. That you guys see is that I write that down. Right? >>You did. It changes just like the number of jobs. It changes when I started talking about this just a, a year and a half ago, it was a billion a day. And when you look at how it's multiplied exponentially, and that will continue because of the number of applications, because of the number of devices as that gets bigger, the number of events gets bigger. And that's one of the problems that we have here is the spread of the network. The vulnerability, the environment is getting bigger and bigger and bigger as it gets bigger, more opportunities for bad guys to exploit vulnerabilities. >>Yeah. And we, we were talking earlier about IOT and extending, you know, that, that threats surface as well, talk about the Overwatch threat hunting report. What is that? How, how often have you run it? And I'd love to get into some of the results. Yeah. >>So Overwatch is a service that we offer where we have 24 by seven threat hunters that are operating in our customer environments. They're hunting, looking for, looking for malicious activity, malicious behavior. And to the point you just made earlier, where we use automation to sort out and filter what is clearly bad. When an adversary does get what we call fingers on the keyboard. So they're in the box and now a human being, they get a hit on their automated attack. They get a hit that, Hey, we're in, it's kind of the equivalent of looking at the Bober while you're fishing. Yeah. When you see the barber move, then the fisherman jumps up from his nap and starts to reel it in similar. They jump on the keyboard fingers on the keyboard. Our Overwatch team is detecting them very, very quickly. So we found 77,000 potential intrusions this past year in 2021, up to the end of June one, one every seven minutes from those detections. >>When we saw these detections, we were able to identify unusual adversary behavior that we'd not necessar necessarily seen before we call it indicators of attack. What does that mean? It means we're seeing an adversary, taking a new action, using a new tactic. Our Overwatch team can take that from watching it to human beings. They take it, they give it to our, our engineering team and they can write detections, which now become automated, right? So you have, you have all the automation that filters out all the bad stuff. One gets through a bad guy, jumps up, he's on the keyboard. And now he's starting to execute commands on the system. Our team sees that pulls those commands out. They're unusual. We've not seen 'em before we give it to our engineering team. They write detections that now all become automated. So because of that, we stopped over with the 77,000 attacks that we identified. We stopped over a million new attacks that would've come in and exploited a network. So it really is kind of a big circle where you've got human beings and intelligence and technology, all working together to make the system smarter, to make the people smarter and make the customers safer. And you're >>Seeing new IAS pop up all the time, and you're able to identify those and, and codify 'em. Now you've announced at reinforced, I, I, in July in Boston, you announced the threat hunting service, which is also, I think, part of your you're the president as well of that services division, right? So how's that going? What >>What's happening there? What we announced. So we've the Overwatch team has been involved working in customer environments and working on the back end in our cloud for many years. What we've announced is this cloud hunting, where, because of the adoption of the cloud and the movement to the cloud of so many organizations, they're pushing data to the cloud, but we're seeing adversaries really ramp up their attacks against the cloud. So we're hunting in Google cloud in Microsoft Azure cloud in AWS, looking for anomalous behavior, very similar to what we do in customer environments, looking for anomalous behavior, looking for credential exploitation, looking for lateral movement. And we are having a great success there because as that target space increases, there's a much greater need for customers to ensure that it's protected. So >>The cloud obviously is very secure. You got some of the best experts in the planet inside of hyperscale companies. So, and whether it's physical security or logical security, they're obviously, you know, doing a good job is the weakness, the seams between where the cloud provider leaves off and the customer has to take over that shared responsibility model, you know, misconfiguring and S3 bucket is the, you know, the common one, but I'm so there like a zillion others, where's that weakness. Yeah. >>That, that's exactly right. We see, we see oftentimes the it piece enabling the cloud piece and there's a connectivity there, and there is a seam there. Sometimes we also see misconfiguration, and these are some of the things that our, our cloud hunters will find. They'll identify again, the equivalent of, of walking down the hallway and seeing a door that's unlocked, making sure it's locked before it gets exploited. So they may see active exploitation, which they're negating, but they also are able to help identify vulnerabilities prior to them getting exploited. And, you know, the ability for organizations to successfully manage their infrastructure is a really critical part of this. It's not always malicious actors. It's identifying where the infrastructure can be shored up, make it more resilient so that you can prevent some of these attacks from happening. I >>Heard, heard this week earlier, something I hadn't heard before, but it makes a lot of sense, you know, patch Tuesday means hack Wednesday. And, and so I, I presume that the, the companies releasing patches is like a signal to the bad guys that Hey, you know, free for all go because people aren't necessarily gonna patch. And then the solar winds customers are now circumspect about patches. The very patches that are supposed to protect us with the solar winds hack were the cause of the malware getting in and, you know, reforming, et cetera. So that's a complicated equation. Yeah. >>It, it certainly is a couple, couple parts there to unwind. First, when you, you think about patch Tuesday, there are adversaries often, not always that are already exploiting some of those vulnerabilities in the wild. So it's a zero day. It's not yet been patched in some cases hasn't yet been identified. So you've got people who are actively exploiting. It we've found zero days in the course of our threat hunting. We report them in a, in a, in a responsible way. We've gone to Microsoft. We've told them a couple times in the last few months that we found a zero day and give them an opportunity to patch that before anybody goes public with it, because absolutely right when it does go public, those that didn't know about it before recognize that there will be millions of devices depending on the, the vulnerability that are out there and exploitable. And they will absolutely, it will tell everybody that you can now go to this particular place. And there's an opportunity to gain access, to exploit privileges, depending on the criticality of the patch. >>I, I don't, I, I don't, I'm sorry to generalize, but I wanna ask you about the hacker mindset. Let's say that what you just described a narrow set of hackers knows that there's an unpatched, you know, vulnerability, and they're making money off of that. Will they keep that to themselves? Will they share that with other folks in the net? Will they sell that information? Or is it, is it one of those? It depends. It, >>I was just gonna say, it depends you, you beat me to it. It absolutely depends. All of, all of the above would be the answer. We certainly see organ now a nation state for example, would absolutely keep that to themselves. Yeah. Right. Their goal is very different from an organized crime group, which might sell access. And we see them all the time in the underground selling access. That's how they make money nation states. They want to keep a zero day to themselves. It's something they're able to exploit in some cases for months or years, that that, that vulnerability goes undetected. But a nation state is aware of it and exploiting it. It's a, it's a dangerous game. And it just, I think, exemplifies the importance of ensuring that you're doing everything you can to patch in a timely matter. Well, >>Sean, we appreciate the work that you've done in your previous role and continuing to advance education, knowledge and protection in our industry. Thank you for coming on >>You. Thank you for having me. This is a fantastic event. Really appreciate you being here and helping to educate folks. Yeah. >>You guys do do a great job. Awesome. Set that you built and look forward to future events with you guys. My >>Friends. Thanks so much, Dave. Yeah. Thank >>You. Bye now. All right. Appreciate it. All right, keep it right there. We're gonna wrap up in a moment. Live from Falcon 22. You're watching the cube.

>>When AWS introduced the modern cloud in 2006, many people didn't realize the impact that it would have on the industry, but some did see the future of an as a service economy coming. I mean, SAS offerings came out several years before. And the idea of applying some of these concepts to infrastructure and simplifying deployment and management, you know, kinda looked enticing to a lot of customers and a subscription model, or, but yet a consumption model was seen as a valuable proposition by many customers. Why not apply it to infrastructure? And why should the hyperscalers have all the fun welcome to at your storage service? My name is Dave ante. And as an analyst at the time, I was excited about the, as a service trend early on. And one of the companies that caught my attention back in the beginning of last decade was pure storage. >>Pure not only was delivering cloud- simplicity, but it's no forklift approach to infrastructure was ahead of its time. And that's why we're here today to dig into what's happening with the, as a service trends that we see popping up all over the world today, we're gonna dig into three sessions with noted experts in the field. First pre Darie is the general manager of the digital experience business unit at pure storage. He's gonna join us. And then we bring in Steve McDowell, Steve's a senior analyst for data and storage at more insights and strategy, a well known consultancy and analyst firm. And finally, we close with Amil sta Emil is the chief commercial officer and chief marketing officer at open line, open lines, a managed service provider. They serve the mid-market and Emil's got a very wide observation space. He's gonna share what he's seeing with customers. So sit back and enjoy the show. >>The cloud has popularized many useful concepts in the past decade, working backwards from the customer two pizza teams, a DevOps mindset, the shared responsibility model in security. And of course the shift from CapEx to OPEX and as a service consumption models. The last item is what we're here to talk about today. Pay for consumption is attractive because you're not over provisioning. At least not the way you used to you'd have to buy for peak capacity events, but there are always two sides to every story and well pay for use more closely ties. It consumption to business value procurement teams. Don't always love the uncertainty of the cloud bill each month, but consumption pricing. And as a service models are here to stay in software and hardware. Hello, I'm Dave ante and welcome to at your storage service made possible by pure storage. And with me is Pash DJI. Who's the general manager of the digital experience business unit at pure Pash. Welcome to the program. >>Thanks Dave. Thanks for having me. >>You bet. Okay. We've seen this shift to, as a service, the, as a service economy, subscription models, and this as a service movement have gained real momentum. It's it's clear over the past several years, what's driving this shift. Is it pressure from investors and technology companies that are chasing the all important ARR, their annual recurring revenue stream? Is it customer driven? Give us your insights. >>Well, look, um, I think we'll do some definitional stuff first. I think we often mix the definition of a subscription and a service, but, you know, subscription is, Hey, I can go for pay up front or pay as I go. Service is more about how do I not buy something just by the outcome. So, you know, the concept of delivering storage as a service means, what do you want in storage performance, capacity availability? Like that's what you want. Well, how do you get that without having to worry about the labor of planning capacity management, those labor elements are what's driving it. So I think in the world where you have to do more with less and in a world where security becomes increasingly important, where standardization will allow you to secure your landscape against ransomware and those types of things, those trends are driving the ation of storage and the only way to deliver that is storage as a service. >>So that's, that's good. You maybe thinking about it differently than some of the other companies that I talked to, but so you, you, you've made inroads here pretty big inroads actually, and changed the thinking in enterprise data storage with a huge emphasis on simplicity. That's really pures rayon Detra. How does storage as a service fit into your innovation agenda overall? >>Well, our innovation agenda started, as you mentioned with the simplicity, you know, a decade ago with the evergreen architecture, that architecture was beyond the box. How do you go ahead and say, I can improve performance or capacity as I need it? Well, that's a foundational element to deliver a service because once you have that technology, you can say, oh, you know what? You've subscribed to this performance level. You want to raise your performance level and yes, that'll be a higher dollar per gig or dollar per terabyte. But how do you do that without a data migration? How do you do that with a non disruptive service change? How do you do that with a delivery via a software update, those elements of non disruptive updates. When you think SAS, Salesforce, you don't know when Salesforce doesn't update, you don't know when they're increasing something, adding a new capability just shows up. It's not a disruptive event. So to drive that standardization and sation and service delivery, you need to keep that simplicity of delivery first and foremost, and you can't allow, like, if the goal was, I want to change from this service tier to that service tier and a person needed to show up and do a day data migration, that's kind of useless. You've broken the experience of flexibility for a customer. >>Okay. So I like the Salesforce analogy, but I wanna jump out, do a little side for a second. So I I've gotta, I've gotta make some commitment to pure, right. Some baseline commitment. And if I do, then I can dial up and pay for what I use and I can dial it down. Correct? Correct. Okay. I can't do that with Salesforce. <laugh> right. I could dial up, but then I'm stuck with those licenses. So you have a better model in Salesforce. I would argue. Okay. Yeah, >>I would, I would agree with that. >>Okay. So, and I gotta pay for everything up front anyway. Um, let's go back. I was kind of pushing at you a little bit at my upfront, you know, about, you know, the ARR model, the, the all important, you know, financial metric, but let's talk from the customers standpoint. What are the benefits of consuming storage as a service from your customer's perspective? >>Well, one is when you start your storage journey, do you really know what you need? And I would argue most of the time people are guessing, right? It's like, well, I think I need this. This is the performance I think I need. Or this is the capacity I think I need. And, you know, with the scientific method, you actually deploy something and you're like, do I need more? Do I need less? You find out as you're deploying. So in a storage as a service world, when you have the ability to move up performance levels or move out capacity levels, and you have that flexibility, then you have the ability to just to meet demand as you deploy. And that's the most important element of meeting business needs today. The applications you deploy are not in your control when you're providing storage to your end consumers. >>Yeah. They're gonna want different levels of storage. They're gonna want different performance thresholds. That's kind of a pay, you know, pay for performance type culture, right? You can use HR analogies for it. You pay for performance. You want top talent, you pay for it. You want top storage performance, you pay for it. Um, you don't, you can pay less and you can actually get lower performance, tiers, not everything is a tier one application. And you need the ability to deploy it. But when you start, how do you know the way your end customers are gonna be consuming? Or do you need a dictated upfront? Cause that's infrastructure dictating business inflexibility, and you never want to be in that position. >>I, I got another analogy for you. It's like, you know, we do a lot of hosting at our home and you know, like Thanksgiving, right? And you go to the liquor store and say, okay, what should I get? Should we get red wine? We gotta go white wine. We gotta get some beer. Should I get bubbles? Yeah, I get some bubbles. Cause you don't know what people are gonna have. And so you over provision everything <laugh> and then there's a run on bubbles and you're like, ah, we run outta bubbles. So you just over buy, but there's a liquor store that actually will take it back. So I gotta do business with those guys every time. Cuz it's way more flexible. I can dial up capacity or can dial up performance and dial it back down if I don't use it >>Or you or you're gonna be drinking a lot more the next few weeks. >>Yeah, exactly. Which is the last thing you want. Okay. So let's talk about how pure kind of meets this as a service demand. You've touched upon your, your differentiators from others in the market. Um, you know, love to hear about the momentum. What, what are you seeing out there? >>Yeah. Look, our business is growing well, largely built on, you know, what customers need. Um, specifically where the market is at today is there's a set of folks that are interested in the financial transformation of CapEx to OPEX, where like that definitely exists in the industry around how do I get a pay use model? The next kind of more advanced customer is interested in how do I go ahead and remove labor to deliver storage? And a service gets you there on top of a subscription. The most sophisticated customer says, how do I separate storage production with consumption and production of storage. Being a storage producer should be about standardization. So I could do policy based management. Why is that important? You know, coming back to some of the things I said earlier in the world where ransomware attacks are common, you need the standardized security policies. >>Linux has new vulnerabilities every, every other day, like find 2, 2, 3 critical vulnerabilities a week. How do you stay on top of it? The complexity of staying on top of it should be, look, let's standardize and make it a vendor problem. And assume the vendor's gonna deliver this to me. So that standardization allows you to have business policies that allow you to stay current and modern. I would argue in, you know, the traditional storage and appliance world, you buy something and the day a, the day after you buy it, it's worthless. It's like driving a car off a lot, right? The very next day, the car's not worth what it was when you bought it. Storage is the same way. So how do you ensure that your storage stays current? How do you ensure that it gets like a fine line that gets better, better with age? Well, if you're not buying storage and you're buying a performance SLA, it's up to the vendor to meet that SLA. So it actually never gets worse over time. This is the way you modernize technology and avoid technology debt as a customer. >>Yeah. I mean, just even though words you're using in the way you're thinking about this precaution, I think are, are, are different. Uh, and I love the concept of essentially taking my labor cost and transferring them to pures R and D I mean, that's essentially what you're talking about here. Um, so let's, let's, let's stick with the, the, the tech for a minute. What do you see as new or emerging technologies that are helping accelerate this shift toward the, as a service economy? >>Well, the first thing is I always tell people, you can't deliver a service without monitoring, because if you can't monitor something, how you're gonna know what your, whether you're meeting your service level obligation, right? So everything starts with data monitoring. The next step layering on the technology. Differentiation is if you need to deliver a service level, OB obligation on top of that data monitoring, you need the ability to flexibly, meet whatever performance obligations you have in a tight time window. So supply chain and being able to deliver anywhere becomes important. So if you use the analogy today of how Tesla works or a IOT system works, you have a SaaS management that actually provides instructions that push pushes those instructions and policies to the edge. In Tesla's case, that happens to be the car it'll push software updates to the car. It'll push new map updates to the car, but the car is running independently. >>It's not like if the car becomes disconnected from the internet, it's gonna crash and drive you off the road in the same way. What if you think about storage as something that needs to be wherever your application is? So people think about cloud as a destination. I think that's a fallacy. You have to think about the world in the world in the view of an application, an application needs data, and that data needs to sit in storage wherever that application sits. So for us, the storage system is just an edge device. It can be sitting in your data center, it can be sitting in a Equinix. It can be sitting in hosted, an MSP can run. It can, can even be sitting in the public cloud, but how do you have central monitoring and central management where you can push policies to update all those devices? >>Very similar to an I IOT system. So the technology advantage of doing that means that you can operate anywhere and ensure you have a consistent set of policies, a consistent set of protection, a consistent set of, you know, prevention against ransomware attack, regardless of your application, regardless of, uh, you know, where it sits, regardless of what content in you're on that approach is very similar to the way the T industry has been updating and monitoring edge devices, nest, thermostats, you know, Tesla cars, those types of things. That's the thinking that needs to come to. And that's the foundation on which we built PI as a service. >>So that implies, or at least I infer that you've obviously got control of the experience on Preem, but you're extending that, uh, into AWS, Google Azure, which suggests to me that you have to hide the underlying complexity of the primitives and APIs in that world. And then eventually, actually today, cuz you're treating everything like the edge out to the edge, you know, maybe, maybe mini pure at some point in time. But so I call that super cloud that abstraction layer that floats above all the clouds on-prem and adds that layer of value. And is this singular experience? What you're talking about pushing, you know, policy throughout, is that the right way to think about it and how does this impact the ability to deliver true storage as a service? >>Oh, uh, that's absolutely the right way of thinking about it. The things that you think about from a, an abstraction kind of fall in three buckets, first, you need management. So how do you ensure a consistent management experience creating volumes, deleting volumes, creating buckets, creating files, creating directories, like management of objects and create a consistent API across the entire landscape. The second one is monitoring, how do you measure utilization and performance obligations or capacity obligations or uh, you know, policy violations, wherever you're at. And then the third one is more of a business one, which is procurement because you can't do it independent of procurement. Meaning what happens when you run out, you need to increase your reserve commits. Do you want to go on demand? How do you integrate it into company's procurement models, such that you can say, I can use what I need and any, it's not like every change order is a request of procurement. That's gonna break an as a service delivery model. So to get embedded in a customer's landscape where they don't have to worry about storage, you have to provide that consistency on management, monitoring and procurement across the tech. And yes, this is deep technology problems, whether it's running our storage on AWS or Azure or running it on prem or, you know, at some point in the future, maybe even, um, you know, pure mini at the edge. Right. <laugh> so, you know, tho all of those things are tied to our pure, a service delivery. >>Yeah, technically non-trivial but uh, Hey, you guys are on it. Well, we gotta leave it there. Pash. Thank you. Great stuff. Really appreciate your time. >>All right. Thanks for having me, man. >>You're very welcome. Okay. In a moment, Steve McDowell from more insights and strategies, it's gonna give us the analyst perspective on, as a service, you're watching the cube, the leader in high tech enterprise coverage. >>Why are customers making the change to pure as a service >>Other vendors, offering flexible consumption models will promise you the world on the surface. It's just what you need. But then you notice the asterisk that dreaded fine print. That turns just what you need into long-term commitments, disruptive upgrades and unpredictable costs, pure storage, launched pure as a service to provide the flexibility to respond to your ever changing needs. With clear per unit costs, no large upfront purchases and no asterisks. A usage based model should be simple, innovative, and adapt with the changing market. Unlike other vendors, pure is offering exactly that with options, for service tiers and short term contracts in a single unified subscription that allows you to improve your discounts over time. Pure makes sure you can grow and upgrade without ever taking your environment offline and without the constant worry of hidden costs with complete billing, transparency, unlike any other, you only pay for what you use and pure one helps track and predict demand from day to day, making sure you never outgrow your storage. So why are customers making the change to pure as a service convenient solutions with unlimited potential without the dreaded fine print? It's as simple as that, >>We're back with Steve McDowell, the principal analyst for data and storage at more insights and strategy. Hey Steve, great to have you on, tell us a little bit about yourself. You got a really interesting background and kind of a blend of engineering and strategy and what's your research focus? >>Yeah, so my research, my focus area is data and storage and all the things around that, right? Whether it's OnPrim or cloud or, or, or, you know, software as a service. Uh, my background, as you said, is a blend, right? I grew up as an engineer. I started off as an OS developer at IBM. Uh, came up through the ranks and, and shifted over into corporate strategy and product marketing and product management. Uh, and I've been doing, uh, working as an industry analyst now for about five years, more insights and strategy. >>Steve, how do you see this playing out in the next three to five years? I mean, cloud got it all started. It's gonna snowballing, you know, however you look at it, percent of spending on storage that you think is gonna land in as a service. How, how do you see the evolution here? >>I think it buyers are looking at as a service, a consumption based is, is, uh, uh, you know, a natural model. It extends the data center, brings all of the flexibility, all of the goodness that I get from public cloud, but without all of the downside and uncertainty around cost and security and things like that, right. That also come with a public cloud and it's delivered by technology providers that I trust and that I know, and that I've worked with, you know, for, in some cases, decades. So I don't know that we have hard data on how much, uh, adoption there is of the model, but we do know that it's trending up, uh, you know, and every infrastructure provider at this point has some flavor of offering in the space. So it's, it's clearly popular with CIOs and, and it practitioners alike. >>So Steve organizations are at a they're different levels of maturity in their, their transformation journeys. And of course, as a result, they're gonna have different storage needs that are aligned with their bottom line business objectives. From an it buyer perspective, you may have data on this, even if it's anecdotal, where does storage as a service actually fit in and can it be a growth lever >>Can absolutely be, uh, a growth leader. Uh, it, it gives me the flexibility as, as an it architect to scale my business over time, without worrying about how much money I have to invest in, in storage hardware. Right? So I, I get kind of, again, that cloudlike flexibility in terms of procurement and deployment. Uh, but it gives me that control by oftentimes being on site within my permit. And I manage it like a storage array that I own. Uh, so you know, it, it's, it's beautiful for, for organizations that are scaling and, and it's equally nice for organizations that just wanna manage and control cost over time. Um, so it's, it's a model that makes a lot of sense and fits and, and certainly growing in adoption and popularity. >>How about from a technology vendor perspective you've worked for in the, in the tech industry mm-hmm <affirmative> for, for companies? What do you think is gonna define the winners and losers in this space? If you were running strategy for, uh, storage company, what would you say? >>I, I think the days of, of a storage administrator managing, you know, rate levels and recovering and things of that sort are over, right, what would, what these organizations like pure delivering, but they're offerings is, is simplicity. It's a push button approach to deploying storage to the applications and workloads that need it, right. It becomes storage as a utility. So it's not just the, you know, the consumption based economic model of, of, uh, as a service. Uh, it, it's also the manageability that comes with that, or the flexibility of management that comes with that. I can push a button, deploy bites to, to, uh, you know, a workload that needs it. Um, and it just becomes very simple, right. For the storage administrator in a way that, you know, kind of old school OnPrim storage can't really deliver. >>You know, I wanna, I wanna ask you, I mean, I've been thinking about this because again, a lot of companies are, are, you know, moving, hopping on the, as a service bandwagon, I feel like, okay, in and of itself, that's not where the innovation lives, the innovation is gonna come from making that singular experience from on-prem to the clouds across clouds, maybe eventually out to the edge. Um, do you, do you, where do you see the innovation in as a service? >>Well, there there's two levels of innovation, right? One, one is business model innovation, right? I, I now have an organizational flexibility to build the infrastructure, to support my digital transformation efforts. Um, but on the product side and the offering side, it really is, as you said, it's about the integration of experience. Every enterprise today touches a cloud in some way, shape or form, right. I have data spread, not just in my data center, but at the edge, uh, oftentimes in a public cloud, maybe a private cloud, I don't know where my data is and it really lands on the storage providers to help me manage that and deliver that, uh, uh, manageability experience, uh, to, to the it administrators. So when I look at innovation in this space, you know, it's not just a storage array and rack that I'm leasing, right? This is not another lease model. It's really fully integrated, you know, end to end management of my data and, and, you know, and all of the things around that. >>Yeah. So you, to your point about a lease model is if you're doing a lease, you know, yeah. You can shift CapEx to OPEX, but you're still committed to, to, you have to over provision, whereas here, and I wanted to ask you about that. It's, it's, it's, it's an interesting model, right? Cuz you gotta read the fine print. Of course the fine print says you gotta commit to some level typically. And then if, you know, if you go over you, you charge for what you use and you can scale that back down and that's, that's gotta be very attractive for folks. I, I wonder if you will ever see like true cloud-like consumption pricing, that is two edges to it. Right. You see consumption based pricing in some of the software models and you know yeah. People like it, the lines of business maybe cuz they pay in by the drink, but then procurement hates it cuz they don't have predictability. How do you see the pricing models? Do you see that maturing or do you think we're sort of locked in on, on where we're at? >>No, I, I do. I do see that maturing. Right? And, and when you work with a company like pure to understand their consumption based and as a service offerings, uh, it, it really is sitting down and understanding where your data needs are going to scale, right? You, you buy in at a certain level, uh, you have capacity planning. You can expand if you need to, you can shrink if you need to. So it really does put more control in the hands of the it buyer than uh, well certainly then traditional CapEx based on-prem but also more control than you would get, you know, working with an Amazon or an Azure. >>Okay. Thanks Steve. We'll leave it there for now. I'd love to have you back. Keep it right there at your storage service continues in a moment. >>Some things are meant to last your storage should be one of them say hello to the evergreen storage program, say goodbye to refreshes and rebates. Forget planned downtime, performance impact and data migrations. Forget forklift upgrades. Evergreen storage starts with your agile storage architecture and covers the entire life cycle of the array from first purchase to ongoing use. And whenever it's time to modernize and grow, your satisfaction is covered with an evergreen subscription. You can get a full refund within 30 days for any reason, >>Our right size guarantee lets you buy just the storage you need never too much. Never not enough. Your array software is all inclusive. Even future releases and features maintenance and support costs remain constant throughout the life of your array. Proactive expert support is a true white glove experience. Evergreen maintenance ensures availability of any replacement components. Meet the demands of your business and protect your investment. Evergreen gold includes controller upgrades every three years. And if something unplanned comes up, evergreen gold provides upgrade flex the leading anytime upgrade feature to upgrade controllers whenever you need it. As you expand evergreen gold provides credits to consolidate storage with denser more modern flash. Evergreen is your subscription to continuous innovation for storage that lasts 10 years or more. Some things are meant to last make your storage. One of them >>We're back at your storage service. Emil Stan is here. He's the chief commercial officer and chief marketing officer of open line. Thank you Emil for coming on the cube. Appreciate your time. >>Thank you, David. Nice. Uh, glad to be here. >>Yes. Yeah. So tell us about open line. You're a managed service provider. What's your focus? >>Yeah, we're actually a cloud managed service provider and I do put cloud in front of the managed services because it's not just only the spheres that we manage. We have to manage the clouds as well nowadays. And then unfortunately, everybody only thinks there's one cloud, but it's always multiple layers in the cloud. So we have a lot of work in integrating it. We're a cloud manages provider in the Netherlands, focusing on, uh, companies who have head office in the Netherlands, mainly in the, uh, healthcare local government, social housing logistics department. And then in the midst size companies between say 250 to 10,000 office employees. Uh, and that's what we do. We provide 'em with excellent cloud managed services, uh, as it should be >>Interesting, you know, a lot early on in the cloud days, highly regulated industries like healthcare government were somewhat afraid of the cloud. So I'm sure that's one of the ways in which you provide value to your customers is helping them become cloud proficient. Maybe you could talk a little bit more about the value prop to customers. Why do they do business with you? >>And I think, uh, there are a number of reasons why they do business with us or choose to choose for our manage services provider that first of course are looking for stability and continuity. Uh, and, and from a cost perspective, predict predictable costs. But nowadays you also have a shortage in personnel and knowledge. So, and it's not always very easy for them to access, uh, those skill sets because most it, people just want to have, uh, a great variety in work, what they are doing, uh, towards, towards the local government, uh, healthcare, social housing. They actually, uh, a sector that, uh, that are really in between embracing the public cloud, but also have a lot of legacy and, and bringing together best of all, worlds is what we do. So we also bring them comfort. We do understand what legacy, uh, needs from a manager's perspective. We also know how to leverage the benefits in the public cloud. Uh, and, uh, I'd say from a marketing perspective, actually we focus on using an ideal cloud, being a mix of traditional and future based cloud. >>Thank you. I, you know, I'd like to get your perspective on this idea of as a service and the, as a service economy that we often talk about on the cube. I mean, you work with a lot of different companies. We talked about some of the industries and, and increasingly it seems like organizations are focused more on outcomes, continuous value delivery via, you know, suites of services and, and they're leaning into platforms versus one off product offerings, you know, do you see that? How do you see your customers reacting to this as a service trend? >>Yeah. Uh, to be honest, sometimes it makes it more complex because services like, look at your Android or iPhone, you can buy apps, uh, and download apps the way you want to. So they have a lot of apps about how do you integrate it into one excellent workflow, something that works for you, David or works for me. Uh, so the difficulty, some sometimes lies in, uh, the easy accessibility that you have to those solutions, but nobody takes into account that they're all part of a chain, a workflow supply chain, uh, and, and, uh, they're being hyped as well. So what we also have a lot of time in, in, in, in managing our customers is that the tremendous feature push feature push that there is from technology providers, SaaS providers. Whereas if you provide 10 features, you only need one or two, uh, but the other eight are very distracting from your prime core business. Uh, so there's a natural way in that people are embracing, uh, SA solutions, embracing cloud solutions. Uh, but what's not taken into account as much is that we love to see it is the way that you integrate all those solutions toward something that's workable for the person that's actually using them. And it's seldomly that somebody is only using one solution. There's always a chain of solutions. Um, so yeah, there are a lot of opportunities, but also a lot of challenges for us, but also for our customers, >>You see that trend toward, as a service continuing, or do you actually see based on what you're just saying that pendulum, you know, swinging back and forth, somebody comes out with a new sort of feature product and that, you know, changes the dynamic or do you see as a service really having legs? >>Ah, I, I think that's very, very good question, David, because that's something that's keeping our busy all the time. We do see a trend in a service looking at, uh, talk about pure later on. We also use pure as a service more or less. Yeah. And that really helps us. Uh, but you see, uh, um, that sometimes people make a step too, too fast, too quick, not well thought of, and then you see what they call sort of cloud repatriation, tend that people go back to what they're doing and then they stop innovating or stop leveraging. The possibilities are actually there. Uh, so from our consultancy, our guidance and architecture point of view, we try to help them as much as possible to think in a SA thought, but just don't use the, cloud's just another data center. Uh, and so it's all about managing the maturity on our side, but on our customer side as well. >>So I'm interested in how your sort of your philosophy and, and as relates, I think in, in, in terms of how you work with pure, but how do you stay tightly in lockstep with your customers so that you don't over rotate so that you don't and send them to over rotate, but then you're not also, you don't wanna be too late to the game. How, how do you manage all that? >>Oh, there's, there's, there's a world of interactions between us and our customers. And so I think a well known, uh, uh, thing that people is customer intimacy. That's very important for us to get to know our customers and get to predict which way they're moving. But the, the thing that we add to it is also the ecosystem intimacy. So no, the application and services landscape, our customers know the primary providers and work with them, uh, to, to, to create something that, that really fits the customers. They just not looked at from our own silo where a cloud managed service provider that we actually work in the ecosystem with, with, with, with the primary providers. And we have, I think with the average customers, I think we have, uh, uh, in a month we have so much interactions on our operational level and technical levels, strategic level. >>We do bring together our customers also, and to jointly think about what we can do together, what we independently can never reach. Uh, but we also involve our customers in, uh, defining our own strategy. So we have something we call a customer involvement board. So we present a strategy and say, does it make sense? Eh, this is actually what you need also. So we take a lot of our efforts into our customers and we do also, uh, understand the significant moments of truth. We are now in this, in this broadcast, David there. So you can imagine that at this moment, not thinking go wrong. Yeah. If, if, if the internet stops that we have a problem. And now, so we, we actually know that this broadcast is going on for our customers and we manage that. It's always on, uh, uh, where in the other moments in the week, we might have a little less attention, but this moment we should be there. And these moments of truth that we really embrace, we got them well described. Everybody working out line knows what the moment of truth is for our customers. Uh, uh, so we have a big logistics provider. For instance, you does not have to ask us to, uh, have, uh, a higher availability on black Friday or cyber Monday. We know that's the most important part in the year for him or her. Does it answer your question, David? >>Yes. We know as well. You know, when these big, the big game moments you have to be on your top, uh, top of your game, uh, you know, the other thing Emil about this as a service approach that I really like is, is it's a lot of it is consumption based and the data doesn't lie, you can see adoption, you know, daily, weekly, monthly. And so I wonder how you're leveraging pure as a service specifically in what kind of patterns you're seeing in, in, in the adoption. >>Uh, yeah, pure as a service for our customers is mainly never visible. Uh, we provide storage services to provide storage solutions, storage over is part of a bigger thing of a server of application. Uh, so the real benefits, to be honest, of course, towards our customer, it's all flash, uh, uh, and they have the fastest, fastest storage is available. But for ourself, we, uh, we use less resources to manage our storage. We have far more that we have a near to maintenance free storage solution now because we have it as a service and we work closely together with pure. Uh, so, uh, actually the way we treat our customers is that way pure treats us as well. And that's why there's a used click. So the real benefits, uh, uh, how we leverage is it normally we had a bunch of guys managing our storage. Now we only have one and knowing that's a shortage of it, personnel, the other persons can well be, uh, involved in other parts of our services or in other parts of an innovation. So, uh, that's simply great. >>You know, um, my takeaway the meal is that you've made infrastructure, at least, least the storage infrastructure, invisible to your customers, which is the way it should be. You didn't have to worry about it. And you've, you've also attacked the, the labor problem. You're not, you know, provisioning lungs anymore, or, you know, tuning the storage, you know, with, with arms and legs. So that's huge. So that gets me into the next topic, which is business transformation. That, that means that I can now start to attack the operational model. So I've got a different it model. Now I'm not managing infrastructure same way. So I have to shift those resources. And I'm presuming that it's a bus now becomes a business transformation discussion. How are you seeing your customers shift those resources and focus more on their business as a result of this sort of as a service trend? >>I think I do not know if they, they transform their business. Thanks to us. I think that they can more leverage their own business. They have less problems, less maintenance, et cetera, cetera, but we also add new, uh, certainties to it, like, uh, uh, the, the latest service we we released was imutable storage being the first in the Netherlands offering this thanks to, uh, thanks to the pure technology, but for customers, it takes them to give them a good night rest because, you know, we have some, uh, geopolitical issues in the world. Uh, there's a lot of hacking. People have a lot of ransomware attacks and, and we just give them a good night rest. So from a business transformation, does it transform their business? I think that gives them a comfort in running your business, knowing that certain things are well arranged. You don't have to worry about that. We will do that. We'll take it out of your hands and you just go ahead and run your business. Um, so to me, it's not really a transformation is just using the right opportunities at the right moment. >>The imutable piece is interesting because, because, but speaking of as a service, you know, anybody can go on the dark web and buy ransomware as a service. I mean, as it's seeing the, as a service economy hit, hit everywhere, the good and the, and the not so good. Um, and so I presume that your customers are, are looking at, I imutability as another service capability of the service offering and really rethinking, maybe because of the recent, you know, ransomware attacks, rethinking how they, they approach, uh, business continuance, business resilience, disaster recovery. Do you see that? >>Yep, definitely. Definitely. I tell not all of them yet. Imutable storage. So it's like an insurance as well, which you have when you have imutable storage and you have been, you have a ransomware attack at least have you part of data, which never, if data is corrupted, you cannot restore it. If your hardware is broken, you can order new hardware. Every data is corrupted. You cannot order new data. Now we got that safe and well. And so we offer them the possibility to, to do the forensics and free up their, uh, the data without tremendous loss of time. Uh, but you also see that you raise the new, uh, how do you say, uh, the new baseline for other providers as well? Eh, so there's security of the corporate information security officer, the CIO, they're all very happy with that. And they, they, they raise the baseline for us as well. So they can look at other security topics and look from say, security operation center. Cuz now we can really focus on our prime business risks because from a technical perspective, we got it covered. How can we manage the business risk, uh, which is a combination of people, processes and technology. >>Right. Makes sense. Okay. I'll give you the last word. Uh, talk about your relationship with pure, where you wanna see that that going in the future. >>Uh, I hope we've be working together for a long time. Uh, I, I ex experienced them very involved. Uh, it's not, we have done the sell and now it's all up to you now. We were closely working together. I know if I talk to my prime architect, Marcel height is very happy and it looks a little more or less if we work with pure, like we're working with colleagues, not with a supplier and a customer, uh, and uh, the whole pure concept is fascinating. Uh, I, uh, I had the opportunity to visit San Francisco head office and they told me to fish in how they launched, uh, pure being, if you want to implement it, it had to be on one credit card. The, the, the menu had to be on one credit card. Just a simple thought of put that as your big area, audacious goal to make the simplest, uh, implementable storage available. But for us, uh, it gives me the expectation that there will be a lot of more surprises with pur in the near future. Uh, and for us as a provider, what we, uh, literally really look forward to is that, that for us, these new developments will not be new migrations. It will be a gradual growth of our services or storage services. Uh, so that's what I expect. And that was what I, and we look forward to. >>Yeah, that's great. Uh, thank you so much, Emil, for coming on the, the cube and, and sharing your thoughts and best of luck to you in the future. >>Thank you. You're welcome. Thanks for having me. >>You're very welcome. Okay. In a moment, I'll be back to give you some closing thoughts on at your storage service. You're watching the cube, the leader in high tech enterprise coverage. >>Welcome to evergreen, a place where organizations grow and thrive rooted in the modern data experience in evergreen people find a seamless, simple way to leverage data through market leading sustainable technology, financial flexibility, and effortless management, allowing everyone to innovate with data confidently. Welcome to pure storage. >>Now, if you're interested in hearing more about Pure's growing portfolio of technology and services and how they're transforming the enterprise data experience, be sure to register for pure accelerate tech Fest. 22 digital event is also taking place as an in-person event. On June 8th, you can register at pure storage.com/accelerate, pure storage.com/accelerate. You're watching the cue, the leader in enterprise and emerging tech coverage.

(bright music) >> The challenges of legacy data warehouses and traditional business intelligence systems, they've been well-documented. They're built on rigid infrastructure, and they're managed by really specialized gatekeepers. Data warehouses of the past were, as one financial customer once said to me, like a snake swallowing a basketball, imagine that. The amount of data ingested into a data warehouse has just overwhelmed the system. Every time Intel came out with a new microprocessor, practitioners, they would chase the chip in an effort to try to compress the overly restrictive elapsed time to insights, and this cycle repeated itself for decades. Cloud data warehouses, generally, and Snowflake, specifically, changed all this. Not only were resources virtually infinite, but the ability to separate, compute from storage, it actually turned off the compute when you weren't using it, permanently altered the cost, the performance, the scale and the value equation. But as data makes its way into the cloud and is increasingly democratized as a shared resource across clouds and at the edge, practitioners have to bring Sec DevOps mindsets to securing their cloud data warehouses. Hello, and welcome to this week's Wikibon, "theCUBE Insights," powered by ETR. In this "Breaking Analysis," we take a closer look at the fundamentals of securing Snowflake and to do so, we welcome two guests into the program. Ben Herzberg is an experienced hacker and developer and an expert in several aspects of data security. He's currently working as the Chief Data Scientist at Satori, and he's joined by his colleague, Yoav Cohen, who is a technology visionary, and currently serving as CTO at Satori Cyber. Gentlemen, welcome to "theCUBE," great to see you. >> Great to be here. >> Thanks for having us, Dave. >> Now, these two individuals have co-authored a book on Snowflake Security. It's a comprehensive guide to what you need to know as a data practitioner using Snowflake. So guys, congratulations on the book. It's really detailed, packed with great information, best practices and practical advice and insights all in one place, so really good work. So, before we get into the discussion, I want to share some ETR survey data just to set the context. We're seeing cybersecurity and data, they're colliding in a really important way. And here's some data points that we've shared before from ETR's latest drill down survey. They asked more than 1200 respondents. We're talking CIOs, CSOs and IT professionals, "Which organizational priorities "will be most important in 2022?" And these were the top seven. There were a lot of others, but these were the most important. So, it's no surprise that security is number one, although, as we shared in our predictions post, the magnitude of its relative importance, it does vary by the degree of expertise within the organization. The Delta is maybe not as significant, for example, in large companies, and you can see where analytics and data fit. And we've tied these two domains together and picked up on a term that our two guests have used, in fact, you guys may have even coined it, called DataSecOps, which, to me, is the idea that you bring Agile DevOps practices to data operations and built-in security as part of the full cycle of managing, creating the data, using the data, accessing the data, not a bolt on, but it's fundamental, so guys, what do you make of this data, and what's your point of view on DataSecOps? >> So, definitely aligns with what we're seeing on the ground in the market. In between what you saw there, you had cybersecurity and data warehousing. In the middle you had cloud migration, and that's basically what's pushing companies to invest in both security and data and warehousing, because the cloud changed the game for cybersecurity. The tools that we use before are not the same tools that we need to use now. And also, it unlocks a lot of performance value and capabilities around data warehousing. So, all of that comes together to a big trend in the industry for investment, for replacement, and definitely we're seeing that on the Snowflake platform, which is doing really, really well recently. >> Yeah, well thank you, Yoav. And to that point, I want to share another data point and then dive in, maybe Ben, you can comment. And I want to address, why are we always talking about Snowflake? Of course, it's a hot company. Everybody knows that. You can see it in the company's financials, but the ETR survey data tells a really compelling story about the company. Here's a chart from the most recent ETR January survey. And so, you can see at the, at the top, that blue line, it represents net score or spending momentum, and the darker line at the bottom represents presence or pervasiveness in the survey sample. Just a background, there are 165 Snowflake customers that responded to this past survey. 10% of companies within the Fortune 500 were in the sample, and around 4% of Global 2000 companies participated. Just under 30% of the respondents were C-Suite executives, and about 20% were analysts or engineers or data specialist with around half were VP, director, manager roles that fat middle, with a very broad mix of industries, and there was a bias toward larger companies. Now, back to the chart, that net score for a moment, is that top line, is derived by asking customers, "Are you adopting Snowflake new in 2022?" That's the 27% lime green number. "Will you be spending 6% or more on Snowflake, "relative to 2021?" That's the 57% forest green. "Is your spending flat?" That's the gray. "Is it down by 6% or worse?" That's the other, the pink area. "Are you leaving the platform?" That's the bright red, and that's a zero defection, so there's none there. So you subtract the reds from the greens, and you get net score, which calculates out to 83% in his pet survey. But what's remarkable is that Snowflake has held this elevated score for more than 12 quarterly surveys. It's in the stratosphere among the many thousands and thousands of companies in the ETR survey. Remember, anything above that 40% line is elevated and Snowflake is like glued to the ceiling. So the bottom line shows that the company's market presence continues to grow, that darker line at the bottom, and that green shade shows us that the pace of last quarter is actually accelerating. Snowflake is becoming ubiquitous, and customers are becoming intimately familiar with its platform, and it's scaling like we've never seen before, and it's building a pretty hard to penetrate fortress, we think, and an ecosystem. Ben, I wonder, in your view, what accounts for Snowflake's performance? >> Okay, so I would say that we can spend a full session just about such thing, so I'll try to say what I think. I think, first of all, it does what it says on the box. You get from zero to being able to have a data warehouse easily, you have a very rich support of capability and features that you need for a cloud data warehouse. Your multi-cloud, you're not dependent on one of the big public clouds, and it's fast and scalable, and you don't need to worry yourself with the infrastructure behind. You don't need to, God-forbid, add any indexes or do things like that. You don't need to do that, at least not often, indexes never, but other maintenance. And the innovation rate, they innovate fast. They add a lot of new capabilities, like the move to unstructured data, like a lot of security and governance capabilities, high innovation rate as well. >> Okay, good, and we'll talk about that move. So let's get deeper into the topic now on securing Snowflake. My first question is look, Snowflake, when you talk to practitioners and customers, they get pretty high marks on security, largely because of the simplicity, so why did you feel the need to write a book on the subject? >> So, definitely Snowflake is investing a lot of effort and putting a lot of emphasis on security. However, it's connected to the cloud service, and like any other cloud service, there is a shared responsibility model between Snowflake and its customers when it comes to fully securing their data cloud. So Snowflake can build amazing features, but then customers have to really adopt them, implement them in the best way. One of the things that we've seen by working with Snowflake customers is that we typically interact with data engineers, but then they have to implement security features and security capability. We thought writing a book about the topic would help these customers to understand the features better, benefit from them better and really structure their implementation and decide what's most important to implement at every step of their journey. >> Yeah, and I think that when I was researching this topic, I could find a lot of good information on the web, but I kind of had to hunt and peck for it. It was really sort of dispersed, and you put the information all in one place. You have a nice table of contents, so I can just zip right to where I want to go, so that was quite useful, I thought. What are the very basic fundamentals of securing Snowflake? In other words, I'm interested in, you get this world of flexible, it's globally distributed. You get democratizing data. How do you really make sure that only those folks that should have access, do have access? I mean really, let's talk about that a little bit. >> Oh, I think that, of course there are a lot of different aspects, but I think that I would start with the big blocks. For example, when you get a Snowflake account out of the box, it's open to the world in terms of network. I would start by limiting that. That should be easy for an organization. It's a couple of commands, and you've lowered your risk significantly, both security and compliance. Then, one of the common things that you can get a good improvement in a decrease of your risk is around those indications. For example, do you have applications that are accessing Snowflake using user password? Okay, change that to using a key. Do you have users with username, password? Change that to Okta integration or your IDP integration. So I would start with the big blocks that can remove most of my risk, and then of course, there is a lot to do from getting to the data warehouse and to auditing and monitoring. >> Okay, thank you for that. But, Yoav, how are these fundamentals that we just heard from Ben, how are they different? Isn't this kind of common sense? What's unique about Snowflake? >> So, a couple things, first of all, security, we love to say that it's 80% good security hygiene. You have to make sure that your basics are locked and tightly configured and that brings a lot of value. But two points to consider, first of all, all of these types of controls are pretty static in the sense that once you get in, you get in, and then you have pretty broad access, and we'll talk about authorization concepts and everything, perhaps today, but these are really static gatekeepers around your data. Once you have access, then it's really free for all. When you compare it to other types of environments and what we're seeing in other domains, maybe a move to more dynamic type of controls, elevated access or elevated additional authentication steps before you get elevated access. And what we're thinking is that beyond those static controls, the market is going to move towards implementing more dynamic, more fine-grain control, especially because in Snowflake, but any other data warehouse or large-scale data store, which becomes an aggregation point of data in the company, and we work with really big companies, and they bring in data from multiple jurisdiction from across the world, so they can get an overview of the business and run the business in a much more efficient way, but that really creates a pressure point when it comes to securing that data. >> Okay, Ben, you touched on this a little bit. I want to kind of dig deeper. So, Snowflake takes a layered approach, of course, it's sensible, and the layers, network, which talked about identity, access and encryption. and so, with any cloud, as you guys mentioned, it's a shared responsibility model. So I want to break that down a bit, and let's start with the network. So my responsibility, as a customer, I'm going to be responsible to set up the DNS. How much public internet access am I going to have for other users and apps. So how should practitioners think about their end of the bargain on the network? What do they need to know? >> At the network level, as I mentioned before, a new account is open network-wise, it's open to the world. And one of the first thing I would do would be to set a network policy on the account to limit network access to that account. And of course, in many organizations, you would want to configure that with private link to your cloud environment, but that would be step two. (laughs) First step is simply set the network policy to make sure that it's not open to the public. >> Yeah, and that seems pretty straightforward, but let's talk about identity, 'cause it feels like that's where it starts to get tricky. You got to worry about setting up roles and managing users. You could even configure row and column base access, as I understand it, and I imagine access is where it really gets confusing for a lot of people, especially when you're crossing domain identities. Like for example, isn't a role-based security, let's land on that for a minute, I think you called it hierarchy hell in the book, so what should we think about in regards to identity? >> Well, first of all, it's hierarchy hell, in the book, it says that you can use hierarchy, but you should avoid getting to a hierarchy hell. Basically, we've seen that with several Snowflake customers where the ability to set roles in a hierarchy model, to set a role that inherits privileges from another role, that inherits privileges from other roles and maybe, of course, used in a good way, but it also in some of the cases, it leads to complexities and to access not being deterministic, at least not obvious to the person who gives access, who is usually the data engineer. So, whenever you start having a complex authorization model, whenever I want to give Yoav access to a certain data set, and because things are complex, I also, by mistake, give him access to the salary information of the company, that's when things become tricky. If your roles are messy and complex, then it may lead to data exposure within the organization or outside the organization. >> How do you find Snowflake's integrations? Like if I want to use Okta or I want to use a CyberArk, I mean, how would you grade them on their ability to integrate with popular third party platforms? >> So, I would say pretty high, actually. We haven't encountered many customers who haven't configured any of these... nowadays, really basic security integration, and it really, really helps, setting that good identity management foundation for the platform. So they're investing a lot in that area, and we've been following them for a couple of years now, and it's really, really coming along nicely. >> All right, let's talk about encryption. I mean, that seemed pretty straightforward. Correct me if I'm wrong. I think Snowflake auto rotates the keys every 30 days. It really seems like your responsibility there is monitoring, making sure you're in compliance. You got good log data or access to good log data. Is that right? >> So, this really depends. So, for the average company, I would say, yes. For some of the companies with higher security requirements or compliance requirements or both, sometimes there are issues like companies that do not want to have the data stored in clear text, in Snowflake, even encrypted as in the data warehouse encryption or the account encryption, even if someone accidentally gets access to the table, they want them not to be able to pull the data in clear text, and then it gets slightly more complicated. You have different ways of tackling this, but for the average company or companies who do not have such requirements, then everything in Snowflake is encrypted in transit and addressed, and of course, there are more advanced features for higher requirements. >> Okay, I'm interested in what you guys think of some of the more vulnerable aspects that Snowflake customers should really be aware of. Imagine I'm saying, "Guys, let's run a pen test. "Okay, make sure I have no open chest wounds, "but really try to fool me." What would you attack? Where should I be extra cautious? >> So, I would start with where data resides. And, if you look at the Snowflake architecture, there's a separation between storage and compute, but that also means storage is accessible without going through the compute. That can create opportunities for hackers to go and try and find access where access shouldn't be had. That's where I would focus on. >> I want to ask you about Virtual Private Snowflake. It seems to me, if I have sensitive data, if I don't use Virtual Private Snowflake, I feel like I'm increasing my risk that a security incident at the shared cloud services layer could impact multiple customers, and is this a valid concern? How should we think about reducing that risk, and when should I use that higher level of security? >> So, I think first of all, to the best of my knowledge, I'm not a Snowflake employee, but to the best of my knowledge, Virtual Private Snowflake is used by a minority of the customers, a small minority of the customers. There are other more popular ways within Snowflake, like private link, for example, I would say, to enhance your security and your account segregation. But I wouldn't say that simply because the platform is multi-tenant, it is vulnerable. Of course, in many cases, your security or compliance requirements requires you to eliminate even this risk, but I wouldn't say that there are a lot of other platforms in different areas that are multi-tenant and-- >> And probably better than your on-prem, your average on-prem installation. >> Probably, probably. >> Okay, so I buy that. >> I would say on that, that maybe a shared environment is a higher value target for hackers. So if you're on a shared environment with thousands of other customers, if I'm a hacker, I would go there, 'cause then I get data for thousands of customers instead of try to focus on just one target and getting data for just one company. I think that's the most significant advantage. And obviously, Snowflake are investing a lot in making all of their environments very, very secure, and from our interactions with large Snowflake customers, we know that Snowflake are going above and beyond in making sure these environments are secure. >> Yeah, that's good, that's good news, because if I don't have to spend up, I can put the budget elsewhere. How do you guys think Snowflake's recent moves... They're making a couple of big moves. They've recently added unstructured data. They used to have semi-structured data. They're going after the data science and data lake functionality. Do those kinds of moves, I guess they're two different things, but does that change the way that security pros should think about protecting their Snowflake environment? >> I would say that Snowflake is moving fast with adding new functionality, well fast, but not too fast. They're releasing it in a controlled way. I would say that for new capabilities, of course, in some cases there are new attack vectors or new risks and obviously, securing different types of data may bring new challenges, but the basics, I think, remains the same. The basics of the network, identity authentication, authorization and auditing monitoring. I would say they will be the same and perhaps new features or capability will need to be used. And the largest issue, as data democratization is growing within organizations, and more and more people are using your data cloud, that also needs to be addressed. >> All right, finally, I want to end, I want to talk a little bit about futures. Have you guys talked in your book about multi-cloud as a way to reduce your reliance on a single vendor? And of course, it happens through M and A, and that's cool. We've talked a lot about multi-cloud, and we've been using this term that we coined, called supercloud, and it references an abstraction layer that exists on top of, and floats across, if you will, multiple clouds, and it hides some of that underlying complexity, and we feel like Snowflake is a good example of a company that's moving in that direction, building value on top of all that hyperscale infrastructure. So I wonder how you see Snowflake's moves in that direction would impact the way you think about DataSecOps. >> So definitely, we also see the trend of companies adopting more and more types of cloud and cloud technologies. They're in one cloud today. They want to move to a second one, almost every company that I talk to have, nowadays, a multi-cloud strategy. With respect to Snowflake, they basically have it figured out, because they are an overlay, like a supercloud, super data cloud, that is spread across any cloud, and you can basically pick and choose where you want to put your data for what use cases, and that's really, really helpful, because then you don't have to manage the complexity of multiple solutions for multiple areas of the business. We see this also in other areas where companies are saying, "Hey, I prefer to not use a specific cloud technology "for that purpose, but use a vendor that can cover my needs "across the clouds," definitely on the security side, where they want one throat to choke, so to speak, but they want to control things on a central place. As Ben mentioned before, complexity is the enemy of security and having those multi-cloud operations, from a security perspective, definitely adds complexity, which adds risks, so simplifying that is really, really helpful. >> Hey, thank you for that, and thank you guys for coming on today. Why don't you give us a little bumper sticker on Satori. What do you guys do? Give us the quick commercial. >> So, we help companies secure access to their data on platforms like Snowflake and others. We build really innovative technology that decouples security controls from the actual data layer. So if you think about it, where you can put controls to govern how people access data. You can put it inside the database. You can put it somewhere on the client. We've actually invented a technology that can do that in the middle, so you don't have to coalesce and mix your security concerns with your data. You don't have to go to your clients' users' end-points, laptops and put technology there. We set technology that fits in the middle, that decouples that aspect of your DataSecOps operations, and really helps companies implement those security controls much faster, because it's detached from the rest of their operation. >> Nice thought, leaning into that simplicity trend that you talked about. Okay guys, that's all the time we have today. Really, I want to thank Ben and Yoav for coming on "theCUBE." It was really great to have you. I'd love to welcome you back at some point. >> Thank you, Dave. >> Thank you, it was a pleasure >> All right, remember these episodes, these episodes are all available as podcasts, wherever you listen. All you got to do is search breaking analysis podcasts. Check out ETR's website at ETI.ai. We also publish full report every week on Wikibon.com and SiliconAngle.com. You can get in touch with me. Email me, David.Vellante@SiliconANGLE.com @DVellante or comment on our LinkedIn posts. This is Dave Vellante for "theCUBE Insights," powered by ETR. Have a great week, stay safe, be well, and we'll see you next time. (bright music)