>>Hey everyone. Welcome to the cubes presentation of the AWS startup showcase. I'm your host, Lisa Martin. This is season two, episode four of our ongoing series. That's covering exciting startups from the AWS ecosystem. This episode, we're talking about cybersecurity detect and protect against threats. I've got two guests with me here from sun re security, please. Welcome Eric Krosky it's chief information security officer and Denise Haman. It's chief revenue officer, guys. Welcome to the program. >>Ah, thank you. >>And I should say, thank you, Lisa. Welcome back to Denise. You were on at reinforced, which was just about a month or so ago. And from reinforced Denise, we heard a lot about security challenges, expansion of risks. What do you think? And I wanna get Eric's perspective as well. What do you think are the biggest challenges that CSOs are currently facing regardless of industry? >>Mm, well, I'm, I'm gonna narrow that question down to public cloud and cloud security, right? Because that's what the conference was about and that's where we're focused. So I get to do that, but from that perspective, right, the, the CISOs that I speak with on the regular, it, it is it's it's so there's so much chaos out there, right? About what they're trying to deal with. They're they're trying to take a look at all of the operational policies and pieces that they had put together in their on-prem world and trying to figure out how do those same things apply in the cloud. So that gets down to things like, how do I, how do I operationalize it? How do I make this work in a new environment? What tools do I need? What processes do I need? What types of people do I need? Right. It just, it, it threw up everything in the air and said, let's start over. Right? Just chaos. And many of them are doing a really awesome job at getting their arms around it by, you know, really hiring in the right people and looking at the way that development has run, right. To figure out what's important to these people in, in their clouds. Right? Cause it depends on what the, their own missions are. >>And Eric adding on to that from your seat as a CSO, what are some of the biggest challenges that your peers across industries are tackling? Obviously there's a, the environment is chaotic and that's probably gonna persist. >>Yeah. I mean, Denise mentioned a few things, you know, the biggest thing I talk to CISOs about, and it's, it's nice when you can have that CSO to CISO discussion, cuz they tend to open up a little bit more and you can, you can tell the stories and, and show the scars. And, and one of the things I hear a lot of is that, you know, the scale and the speed at which the cloud operates and how to operationalize security within that context is a big challenge that they're struggling with. And you know, not to mention the new paradigms and how they've sort of shifted from the data center into the, into the cloud world and you know, sometimes a lift and shift of your process or of your way that you did something before in the data center just doesn't work in the cloud. So helping them understand that. And then the big thing is it's almost like focus, you know, it's, there's a huge scale. It moves very quickly, but you really need to focus on what's most important. And that's really by putting like data security and identity security at the center of your cloud security strategy. That's one of the biggest things that I talk to a lot of CISOs about. >>So then Eric, how do you advise CISOs to think about cloud risks or to really be able to stack rank and adjust their security priorities as the environment is so dynamic? >>Well, it comes back to this, you know, CSOs are looking to protect or minimize risk to their organizations with their most valuable assets in this day and age that's data. And that starts with understanding not only where all of the data is in your cloud, but more importantly, understanding where the sensitive data is in your cloud, because you could spend a lot of time resource money, which nobody has an infinite supply of doing the wrong thing. So it's really targeting on where is my most sensitive data and then start wrapping security around that. And I talk about it as like the dual side of the coin. The other side of the coin is the identities, you know, in the data center days, we built networks and those became our security boundaries. And we put our tools at those boundaries and we watched what went in and out and we put our controls there that doesn't really exist in the cloud. So identities really have become those security boundaries. And so that's when I say put identity and data security at the heart of your strategy, that's what I'm talking about. You know, find your data, classify your data and then determine what has access to it. And then what are they doing with it? And if you start there, you've got a very focused view, but in a very important way, >>Denise ki, what are you hearing from customers as if, as Eric was saying, you know, he says, put data and identity at the center of your strategy. What are you hearing from customers in terms of their concerns? Where are they in terms of actually being able to make that happen? >>Yeah. I mean, this is every single one of them is struggling with this, right? They are, there's, there's just a staggering amount of things and data and processes that they need to figure out. Many of them in multi-cloud environments, sorry, AWS, but like not everyone is just AWS anymore and they have to protect, you know, workloads and services and people, identities, and non people identities. Right. Which is why we talk about it from the standpoint of like, you can look at it from the outside in, or you look, you can look at it from the inside out. Right. So looking and our belief is that starting with the data and the identity pieces is the most important because, you know, I heard an analogy now this is maybe an old analogy a while ago. Right. But back in the day when there were bank robbers, you know, the, the bank robbers targeted those banks that had money that had lots of money in the Coffs, right. >>They weren't going after regular apartment buildings or, you know, seven elevens at the time. Right. They were going after where there was the most to lose. Right? So if you, if you take that same analogy and say out of all of this chaos, that there is out there and trying to figure out where to start, start by protecting the most sensitive pieces of your information, whether it's personal data, whether it's things that are critical to, you know, your crown jewels of your company, but starting there and then working outwards is the way that we address and advise all of our customers to start. >>Do you have a, a magic list of best practices? This is actually a question for both of you when you're in customer conversations that say, obviously protecting them in sensitive data, start making those important points kind of stacked rank. But do you, do you have any best practices that you share in terms of how they can actually make identity and data core to a cloud strategy in a timely fashion? Eric, we'll start with you. >>Yeah. I mean, this is one that, that really hits home to me and, and it goes like this. I'd like to break it down really simply. Number one, you need to understand where all of the data is in your cloud and it might sound easy, but it is not because data is everywhere. And there's so many fingers in the pie these days. Number two is classify your data, classify and tag your data. Again, it comes back to, there could be lots of data, but you need to find the stuff that's really, really important to you. So classify it, identify it, tag it. So you know, where it is. Number three is understand who or what can potentially access your data and what they can do with your data. So now we start to tie in the identities and then number four is you need to be continuously monitoring to understand what they're doing with that access. >>You know, Lisa might have the ability to access a piece of really sensitive data, but she might not even know that through, you know, a hop and a step and a lateral movement and this and that. But what happens if she does, someone's gotta be watching for that as well. And then again, it's that double sided coin. When you flip that over and look at the identity perspective, you need to understand what the identities are in your cloud and not just your users, which is your typical way of looking at it. You really have to understand your users, but your non people identities as well. And interesting fact is your non people identities. And in all of the customers that I see large and small, you know, fortune five to a startup in the cloud, their non-people identities outnumber their people identities by 10, 20, 30 times the number, but guess what not, everybody's looking at those. So identify them again, calculate their, their permissions, what they can do, understand what data they can access. And then it comes right back to where they kind of merge together. What are they doing with that access? And those are the, you know, the four steps on either side of the coin that we recommend to all of our customers and, and focusing into to protect their data in their cloud. >>And, and the only thing that I would add, the only thing I would add to that is we talk a lot about automation with our customers, right? Especially around remediation, right? Anything that you can automate from a remediation perspective or a discovery perspective or a monitoring perspective. Absolutely do it because the, you know, the clouds and privileges, right. What did we estimate there are, I think 35,000 privileges out there across the three clouds right now. And they're growing somewhere between 20 and 40 a day. So if you're not automated, right, you're trying to keep it up on your whiteboard or in a spreadsheet like you're behind the moment that you put it in there. So we recommend automating and especially around remediation, anything that you can automate is absolutely the way to go. >>Let's talk about now, the, the benefits in it for me, for if I'm an AWS customer, we mentioned at the beginning of the segment, Denise, you were on the cube at reinforced, which was just last month or so it's chief security officer, Steven Schmidt says, and he said this at reinforced, we're stronger together from an ecosystem perspective. Talk to me, Denise will get your perspective first on the Eric, yours SUNY, AWS, better together. What does that mean? What's in it for customers? >>Oh gosh. So first of all, we love our partnership with AWS and, and that's not just because we're on here because we are engaged with all different layers within AWS. And we love their culture, their drive on customers, like everything that they do to make sure that their customers are satisfied. It's just, it's a, it's an amazing place to follow along. Right. And the, the thing that we love about working on customers together is that they, you know, that their mission right, is to make the cloud accessible to everybody, right. And, and do it in an easy way. And our mission is to make sure that it's secure. So it's very compatible in terms of how we work together and they, because of their depth from a technical perspective, they totally understand what we do and how important it is. Right. And they, again, their customer obsessed. So they make sure that their customers get the best things available to them, which is why they bring us to the table. So we, you know, we love that about them. It's a, it's a, just a fantastic partnership. >>Sounds like Denise, that SUNY and AWS share this passion for customer obsession, >>I would say so. Yes, >>Eric, from your seat as the CISO SUNY plus AWS, better together, how does that enable you to do your job and, and take the steps that you said would advise other CISOs to do? >>I think there's a number of ways to do this. If I put on sort of my business hat here for a second, you know, the way that they talk about security as a risk is part of the business. They really are trying to bring it to the forefront. That it's not just some it technical thing off in the corner that, that you have to think about that it is a business risk. So they're really big at, at promoting that and talking about that, they're also really big at helping CISOs and security leaders get there. You know, a lot of security leaders and CISOs came up through the technical ranks and, but getting that seat at the table and we're hearing about how CISO should be on boards and all these other things. And, and they're, they're big at that. And then of course from the technology perspective, I think I've, you know, I've said it already is that speed and scale, you know, what is AWS brought to the world? >>It's the speed and the scale of releasing solutions to the market, to customers, and then delivering them faster and better and better every single day, every single week. And, and what have you. And so it's also about doing security at speed and scale, and they're enabling organizations like SUNY to do that. So Denise talked about using automations and workflows. That's critical to solving the security challenges in the cloud. And Amazon really provides a platform on which, you know, tools like ourselves or individuals can go out and do that. And again, solve their security challenges at speed and scale, to be able to keep up with the, with the pace of the cloud, >>Absolutely critical to solve those security challenges at speed and scale. Of course, it's, it's so much more challenging and it sounds easier, sad than done, but to Denise, I'd love for you to share a customer story that you think really demonstrates the value that SUNY and AWS are delivering to customers. And then maybe comment on maybe from a target market perspective, what are some particular organizations that could benefit from the partnership with AWS, the integrations? What are your thoughts? >>Yeah, sure. So gosh, lots of customers that are in the midst of this transition, right? We, we see a lot of customers who are Eric and I were talking about talking about this actually right before we started, because every single customer seems to have a different use case, right. Everyone is going about it, you know, at a, at, from a different place or a different scenario, but lots of them moving from data center to cloud, as you might imagine, right. That is a, that is a key use case. The other thing that we're seeing in a lot of financial customers is that they, you know, when, when cloud first became available, a lot of them went private cloud, right. And they, they went about it from the standpoint of like, let's just take the same controls, right. And get our arms around it from a private perspective and now via acquisitions or via workloads that they need in the cloud, they are actually moving to the public cloud in many, many cases. >>So where we have the strong partnership around financials, especially right. Because they know that if those customers don't see security on the way in to the cloud, that they will never expand. Right. Because it's just, it's a part of their DNA, right. That they, they have to make sure that there's their sensitive information is, is taken care of. So we have a, I mean, just a breadth of customers across manufacturing and airlines and financials and insurance. Like if you're moving to the cloud, you need to make sure that you're protecting it in the right way >>Across industries. This is a pan industry problem. Every customer, regardless of location has to address us. Have you seen Denise sticking with you, the acceleration of the, the cloud adoption and migration we've seen the last couple of years? Have you seen any industries in particular, you mentioned financial services. I kind think of healthcare manufacturing as some industries that really are prime for coming to sun, help us figure this out. We're losing time. >>You know, I, I can't limit myself to any industry. Cause I mean, seriously that I know that sounds like a silly answer, but from the standpoint of what's going on out there, that I, I mean, every industry that is moving to the public cloud needs to be looking at this, the ones that, you know, again, I mentioned those ones that are going through transitions. We, we also see obviously software companies or companies that were built in the cloud, right. Are just, they're just at this point now where they're understanding, gosh, you know, we need to be well, like, you know, we've kind of got this hardened environment and we've got our policies and procedures down. Now they're worried about things like exfiltration of the cloud, or they're worried about lateral movement, right. Where, you know, somebody could get access to a role or a privilege and then move within the organization. >>So they're, they're looking at it at a deeper, more advanced level, which we love working with them on that. Like I said, the financials kind of moving from private to public now is the perfect time to, to build it in alongside us healthcare. We've seen a recent increase of healthcare, which sort of surprised me. I, I've not seen healthcare spending a lot of money in this particular area. And we've seen actually just in the last month or so a big uptick there, which is just interesting. We'll see, we'll see if it continues. You know, like I said, we see it across industries, not so much at the very, very low end, but we're seeing kind of mid-level enterprises and large enterprises >>And there's definite commonalities there. I'm sure across the folks that you speak to in terms of the challenges that they have, what they're looking to SUNY to help them resolve. Erica, do wanna ask you a question about, we talk about the cyber security skills gap. It's huge. It's not gonna go away overnight. A lot of organizations have different initiatives aimed at helping to reduce it. But talk to me about SUNY from a technology perspective, how will it help organizations to mitigate some of the risks that they face because of that skills gap? >>Yeah, absolutely. I mean, first and foremost, I gotta reiterate your point. It's not going away and it's not gonna be solved anytime soon. And then you talk about, we get right back to speed and the scale, the cloud moves very quickly and the scale increases over time and that's not going to stop as well. So it creates this perfect storm. And I'm gonna say a word again, that, that some people are probably gonna cringe at, but it comes back to automations and workflows. I know in the security industry, especially in rather large enterprises, sometimes they're a little bit hesitant to, to implement these tools because they're worried about what's going to happen. But the question I ask CISOs all the time is are you keeping up with it today? And the answer is no. So then I say, well, what are you what's going to happen if you don't do it. >>And that's what it comes down to. You're never gonna be able to find enough staff enough people in this area. So invest in automations and workflows in the areas that you're you're comfortable with. So that guess what somebody in your organization doesn't have to do that job anymore. And then that person can be trained and grow into the roles where you need them in these, in these more specific roles. And so that's how you need to do it. It's almost like investing in automation and workflows, just isn't making you more secure, which is your goal, but it's also helping to get your employees to where they need to be, to be more knowledgeable in the cloud. Because if they're only ever looking at very basic things and, and basically whacking it out and pulling whackable to solve basic problems, they are never gonna up their scales. And you can't just give your employees six months off to go become a cloud expert. So again, it comes back to, to stay with the speed and the scale of security in the cloud, it's automations and workflows, and you just have to get comfortable doing it. And if you're not, you really need to think about your strategy, cuz my opinion is you're doing it wrong. >>Wow. Those are some important words there Denise's last question for you with respect to what Eric just said about what companies need to be doing. The, you need to embrace automation. What are you hearing from customers, especially after they've deployed SUNY? What are they coming to you saying we had these challenges and thanks to SUNY we've. We are on our way to reducing a lot of the risks that were in our environment. >>Yeah. So not only are they reducing the risks, but they're able to do it with less people or put it this way, not adding additional people, which is the worry, right? Whenever you, whenever you bring on a new solution, the, the question is always, gosh, we're gonna need to hire a team to be able to manage this, or can we utilize the team that we have? So there's a, there's a huge ROI around bringing the summary solution in where they're, they are able to take advantage of resources that they currently have and just making them more productive. Again, we keep saying the same words, but remediation automation, operationalizing it, right? Creating these workflows is the key. And, and it's a key piece of what summary offers to them to make sure that they can take advantage of this. And, and I, I think that's, that's a really, really, really big statement because the, the, the way that I see this is the, the vision and the promise of what summary brings to the table is that security teams need us for an oversight perspective, but they're actually able to leverage their development teams to be able to do the fixes and the workflows and the operational pieces that we've been talking about. >>So you don't have to hire new people. You can take advantage of the resources that you have. Again, that's the, that's the promise of summary, >>A lot of efficiencies, operational, et cetera, that can be gained from what sun is able to deliver to customers. Thank you both so much for joining me today, talking about what it is that you're delivering, the challenges that you're helping, CISOs and security operations folks meet and, and mitigate with the solutions. We appreciate your insights and your time. Thank you, Lisa. Thanks, Lisa. My pleasure for Eric Krosky and Denise Haman, who we wanna thank for partnering with the cube for this season. We wanna thank you for watching season two, episode four of our ongoing series of the AWS startup showcase. Don't go away, keep it right here from more action on the cube, your leader in tech coverage.

(bright music) >> Welcome back everyone to the live Cube coverage here in Boston, Massachusetts for AWS re:Inforce 22, with a great guest here, Denise Hayman, CRO, Chief Revenue of Sonrai Security. Sonrai's a featured partner of Season Two, Episode Four of the upcoming AWS Startup Showcase, coming in late August, early September. Security themed startup focused event, check it out. awsstartups.com is the site. We're on Season Two. A lot of great startups, go check them out. Sonrai's in there, now for the second time. Denise, it's great to see you. Thanks for coming on. >> Ah, thanks for having me. >> So you've been around the industry for a while. You've seen the waves of innovation. We heard encrypt everything today on the keynote. We heard a lot of cloud native. They didn't say shift left but they said don't bolt on security after the fact, be in the CI/CD pipeline or the DevStream. All that's kind of top of line, Amazon's talking cloud native all the time. This is kind of what you guys are in the middle of. I've covered your company, you've been on theCUBE before. Your, not you, but your teammates have. You guys have a unique value proposition. Take a minute to explain for the folks that don't know, we'll dig into it, but what you guys are doing. Why you're winning. What's the value proposition. >> Yeah, absolutely. So, Sonrai is, I mean what we do is it's, we're a total cloud solution, right. Obviously, right, this is what everybody says. But what we're dealing with is really, our superpower has to do with the data and identity pieces within that framework. And we're tying together all the relationships across the cloud, right. And this is a unique thing because customers are really talking to us about being able to protect their sensitive data, protect their identities. And not just people identities but the non-people identity piece is the hardest thing for them to reign in. >> Yeah. >> So, that's really what we specialize in. >> And you guys doing good, and some good reports on good sales, and good meetings happening here. Here at the show, the big theme to me, and again, listening to the keynotes, you hear, you can see what's, wasn't talk about. >> Mm-hmm. >> Ransomware wasn't talked about much. They didn't talk about air-gapped. They mentioned ransomware I think once. You know normal stuff, teamwork, encryption everywhere. But identity was sprinkled in everywhere. >> Mm-hmm. >> And I think one of the, my favorite quotes was, I wrote it down, We've security in the development cycle CSD, they didn't say shift left. Don't bolt on any of that. Now, that's not new information. We know that don't bolt, >> Right. >> has been around for a while. He said, lessons learned, this is Stephen Schmidt, who's the CSO, top dog on security, who has access to what and why over permissive environments creates chaos. >> Absolutely. >> This is what you guys reign in. >> It is. >> Explain, explain that. >> Yeah, I mean, we just did a survey actually with AWS and Forrester around what are all the issues in this area that, that customers are concerned about and, and clouds in particular. One of the things that came out of it is like 95% of clouds are, what's called over privileged. Which means that there's access running amok, right. I mean, it, it is, is a crazy thing. And if you think about the, the whole value proposition of security it's to protect sensitive data, right. So if, if it's permissive out there and then sensitive data isn't being protected, I mean that, that's where we really reign it in. >> You know, it's interesting. I zoom out, I just put my historian hat on going back to the early days of my career in late eighties, early nineties. There's always, when you have these inflection points, there's always these problems that are actually opportunities. And DevOps, infrastructure as code was all about APS, all about the developer. And now open source is booming, open source is the software industry. Open source is it in the world. >> Right. >> That's now the software industry. Cloud scale has hit and now you have the Devs completely in charge. Now, what suffers now is the Ops and the Sec, Second Ops. Now Ops, DevOps. Now, DevSecOps is where all the action is. >> Yep. >> So the, the, the next thing to do is build an abstraction layer. That's what everyone's trying to do, build tools and platforms. And so that's where the action is here. This is kind of where the innovation's happening because the networks aren't the, aren't in charge anymore either. So, you now have this new migration up to higher level services and opportunities to take the complexity away. >> Mm-hmm. >> Because what's happened is customers are getting complexity. >> That's right. >> They're getting it shoved in their face, 'cause they want to do good with DevOps, scale up. But by default their success is also their challenge. >> Right. >> 'Cause of complexity. >> That's exactly right. >> This is, you agree with that. >> I do totally agree with that. >> If you, you believe that, then what's next. What happens next? >> You know, what I hear from customers has to do with two specific areas is they're really trying to understand control frameworks, right. And be able to take these scenarios and build them into something that they, where they can understand where the gaps are, right. And then on top of that building in automation. So, the automation is a, is a theme that we're hearing from everybody. Like how, how do they take and do things like, you know it's what we've been hearing for years, right. How do we automatically remediate? How do we automatically prioritize? How do we, how do we build that in so that they're not having to hire people alongside that, but can use software for that. >> The automation has become key. You got to find it first. >> Yes. >> You guys are also part of the DevCycle too. >> Yep. >> Explain that piece. So, I'm a developer, I'm an organization. You guys are on the front end. You're not bolt-on, right? >> We can do either. We prefer it when customers are willing to use us, right. At the very front end, right. Because anything that's built in the beginning doesn't have the extra cycles that you have to go through after the fact, right. So, if you can build security right in from the beginning and have the ownership where it needs to be, then you're not having to, to deal with it afterwards. >> Okay, so how do you guys, I'm putting my customer hat on for a second. A little hard, hard question, hard problem. I got active directory on Azure. I got, IM over here with AWS. I wanted them to look the same. Now, my on-premises, >> Ah. >> Is been booming, now I got cloud operations, >> Right. >> So, DevOps has moved to my premise and edge. So, what do I do? Do I throw everything out, do a redo. How do you, how do you guys talk about, talk to customers that have that chance, 'cause a lot of them are old school. >> Right. >> ID. >> And, and I think there's a, I mean there's an important distinction here which is there's the active directory identities right, that customers are used to. But then there's this whole other area of non-people identities, which is compute power and privileges and everything that gets going when you get you know, machines working together. And we're finding that it's about five-to-one in terms of how many identities are non-human identities versus human identity. >> Wow. >> So, so you actually have to look at, >> So, programmable access, basically. >> Yeah. Yes, absolutely. Right. >> Wow. >> And privileges and roles that are, you know accessed via different ways, right. Because that's how it's assigned, right. And people aren't really paying that close attention to it. So, from that scenario, like the AD thing of, of course that's important, right. To be able to, to take that and lift it into your cloud but it's actually even bigger to look at the bigger picture with the non-human identities, right. >> What about the CISOs out there that you talk to. You're in the front lines, >> Yep. >> talking to customers and you see what's coming on the roadmap. >> Yep. >> So, you kind of get the best of both worlds. See what they, what's coming out of engineering. What's the biggest problem CISOs are facing now? Is it the sprawl of the problems, the hacker space? Is it not enough talent? What, I mean, I see the fear, what are, what are they facing? How do you, how do you see that, and then what's your conversations like? >> Yeah. I mean the, the answer to that is unfortunately yes, right. They're dealing with all of those things. And, and here we are at the intersection of, you know, this huge complex thing around cloud that's happening. There's already a gap in terms of resources nevermind skills that are different skills than they used to have. So, I hear that a lot. The, the bigger thing I think I hear is they're trying to take the most advantage out of their current team. So, they're again, worried about how to operationalize things. So, if we bring this on, is it going to mean more headcount. Is it going to be, you know things that we have to invest in differently. And I was actually just with a CISO this morning, and the whole team was, was talking about the fact that bringing us on means they have, they can do it with less resource. >> Mm-hmm. >> Like this is a a resource help for them in this particular area. So, that that was their value proposition for us, which I loved. >> Let's talk about Adrian Cockcroft who retired from AWS. He was at Netflix before. He was a big DevOps guy. He talks about how agility's been great because from a sales perspective the old model was, he called it the, the big Indian wedding. You had to get everyone together, do a POC, you know, long sales cycles for big tech investments, proprietary. Now, open sources like speed dating. You can know what's good quickly and and try things quicker. How is that, how is that impacting your sales motions. Your customer engagements. Are they fast? Are they, are they test-tried before they buy? What's the engagement model that you, you see happening that the customers like the best. >> Yeah, hey, you know, because of the fact that we're kind of dealing with this serious part of the problem, right. With the identities and, and dealing with data aspects of it it's not as fast as I would like it to be, right. >> Yeah, it's pretty important, actually. >> They still need to get in and understand it. And then it's different if you're AWS environment versus other environments, right. We have to normalize all of that and bring it together. And it's such a new space, >> Yeah. >> that they all want to see it first. >> Yeah. >> Right, so. >> And, and the consequences are pretty big. >> They're huge. >> Yeah. >> Right, so the, I mean, the scenario here is we're still doing, in some cases we'll do workshops instead of a POV or a POC. 90% of the time though we're still doing a POV. >> Yeah, you got to. >> Right. So, they can see what it is. >> They got to get their hands on it. >> Yep. >> This is one of those things they got to see in action. What is the best-of-breed? If you had to say best-of-breed in identity looks like blank. How would you describe that from a customer's perspective? What do they need the most? Is it robustness? What's some of the things that you guys see as differentiators for having a best-of-breed solution like you guys have. >> A best-of-breed solution. I mean, for, for us, >> Or a relevant solution for that matter, for the solution. >> Yeah. I mean, for us, this, again, this identity issue it, for us, it's depth and it's continuous monitoring, right. Because the issue in the cloud is that there are new privileges that come out every single day, like to the tune of like 35,000 a year. So, even if at this exact moment, it's fine. It's not going to be in another moment, right. So, having that continuous monitoring in there, and, and it solves this issue that we hear from a lot of customers also around lateral movement, right. Because like a piece of compute can be on and off, >> Yeah, yeah, yeah. >> within a few seconds, right. So, you can't use any of the old traditional things anymore. So to me, it's the continuous monitoring I think that's important. >> I think that, and the lateral movement piece, >> Yep. >> that you guys have is what I hear the most of the biggest fears. >> Mm-hmm. >> Someone gets in here and can move around, >> That's right. >> and that's dangerous. >> Mm-hmm. And, and no traditional tools will see it. >> Yeah. Yeah. >> Right. There's nothing in there unless you're instrumented down to that level, >> Yeah. >> which is what we do. You're not going to see it. >> I mean, when someone has a firewall, a perimeter based system, yeah, I'm in the castle, I'm moving around, but that's not the case here. This is built for full observability, >> That's right. >> Yet there's so many vulnerabilities. >> It's all open. Mm-hmm, yeah. And, and our view too, is, I mean you bring up vulnerabilities, right. It, it is, you know, a little bit of the darling, right. People start there. >> Yep. >> And, and our belief in our view is that, okay, that's nice. But, and you do have to do that. You have to be able to see everything right, >> Yep. >> to be able to operationalize it. But if you're not dealing with the sensitive data pieces right, and the identities and stuff that's at the core of what you're trying to do >> Yeah. >> then you're not going to solve the problem. >> Yeah. Denise, I want to ask you. Because you make what was it, five-to-one was the machine to humans. I think that's actually might be low, on the low end. If you could imagine. If you believe that's true. >> Yep. >> I believe that's true by the way If microservices continues to be the, be the wave. >> Oh, it'll just get bigger. >> Which it will. It's going to much bigger. >> Yeah. >> Turning on and off, so, the lateral movement opportunities are going to be greater. >> Yep. >> That's going to be a bigger factor. Okay, so how do I protect myself. Now, 'cause developer productivity is also important. >> Mm-hmm. >> 'Cause, I've heard horror stories like, >> Yep. >> Yeah, my Devs are cranking away. Uh-oh, something's out there. We don't know about it. Everyone has to stop, have a meeting. They get pulled off their task. It's kind of not agile. >> Right. Right. >> I mean, >> Yeah. And, and, in that vein, right. We have built the product around what we call swim lanes. So, the whole idea is we're prioritizing based on actual impact and context. So, if it's a sandbox, it probably doesn't matter as much as if it's like operational code that's out there where customers are accessing it, right. Or it's accessing sensitive data. So, we look at it from a swim lane perspective. When we try to get whoever needs to solve it back to the person that is responsible for it. So we can, we can set it up that way. >> Yeah. I think that, that's key insight into operationalizing this. >> Yep. >> And remediation is key. >> Yes. >> How, how much, how important is the timing of that. When you talk to your customer, I mean, timing is obviously going to be longer, but like seeing it's one thing, knowing what to do is another. >> Yep. >> Do you guys provide that? Is that some of the insights you guys provide? >> We do, it's almost like, you know, us. The, and again, there's context that's involved there, right? >> Yeah. >> So, some remediation from a priority perspective doesn't have to be immediate. And some of it is hair on fire, right. So, we provide actually, >> Yeah. >> a recommendation per each of those situations. And, and in some cases we can auto remediate, right. >> Yeah. >> If, it depends on what the customer's comfortable with, right. But, when I talk to customers about what is their favorite part of what we do it is the auto remediation. >> You know, one of the things on the keynotes, not to, not to go off tangent, one second here but, Kurt who runs platforms at AWS, >> Mm-hmm. >> went on his little baby project that he loves was this automated, automatic reasoning feature. >> Mm-hmm. >> Which essentially is advanced machine learning. >> Right. >> That can connect the dots. >> Yep. >> Not just predict stuff but like actually say this doesn't belong here. >> Right. >> That's advanced computer science. That's heavy duty coolness. >> Mm-hmm. >> So, operationalizing that way, the way you're saying it I'm imagining there's some future stuff coming around the corner. Can you share how you guys are working with AWS specifically? Is it with Amazon? You guys have your own secret sauce for the folks watching. 'Cause this remediation should, it only gets harder. You got to, you have to be smarter on your end, >> Yep. >> with your engineers. What's coming next. >> Oh gosh, I don't know how much of what's coming next I can share with you, except for tighter and tighter integrations with AWS, right. I've been at three meetings already today where we're talking about different AWS services and how we can be more tightly integrated and what's things we want out of their APIs to be able to further enhance what we can offer to our customers. So, there's a lot of those discussions happening right now. >> What, what are some of those conversations like? Without revealing. >> I mean, they have to do with, >> Maybe confidential privilege. >> privileged information. I don't mean like privileged information. >> Yep. I mean like privileges, right, >> Right. >> that are out there. >> Like what you can access, and what you can't. >> What you can, yes. And who and what can access it and what can't. And passing that information on to us, right. To be able to further remediate it for an AWS customer. That's, that's one. You know, things like other AWS services like CloudTrail and you know some of the other scenarios that they're talking about. Like we're, you know, we're getting deeper and deeper and deeper with the AWS services. >> Yeah, it's almost as if Amazon over the past two years in particular has been really tightly integrating as a strategy to enable their partners like you guys >> Mm-hmm. >> to be successful. Not trying to land grab. Is that true? Do you get that vibe? >> I definitely get that vibe, right. Yesterday, we spent all day in a partnership meeting where they were, you know talking about rolling out new services. I mean, they, they are in it to win it with their ecosystem. Not on, not just themselves. >> All right, Denise it's great to have you on theCUBE here as part of re:Inforce. I'll give you the last minute or so to give a plug for the company. You guys hiring? What are you guys looking for? Potential customers that are watching? Why should they buy you? Why are you winning? Give a, give the pitch. >> Yeah, absolutely. So, so yes we are hiring. We're always hiring. I think, right, in this startup world. We're growing and we're looking for talent, probably in every area right now. I know I'm looking for talent on the sales side. And, and again, the, I think the important thing about us is the, the fullness of our solution but the superpower that we have, like I said before around the identity and the data pieces and this is becoming more and more the reality for customers that they're understanding that that is the most important thing to do. And I mean, if they're that, Gartner says it, Forrester says it, like we are one of the, one of the best choices for that. >> Yeah. And you guys have been doing good. We've been following you. Thanks for coming on. >> Thank you. >> And congratulations on your success. And we'll see you at the AWS Startup Showcase in late August. Check out Sonrai Systems at AWS Startup Showcase late August. Here at theCUBE live in Boston getting all the coverage. From the keynotes, to the experts, to the ecosystem, here on theCUBE, I'm John Furrier your host. Thanks for watching. (bright music)